Page 1 VSG1435-B101 Series 802.11n Wireless VDSL2 4-port Gateway with HPNA Default Login Details IP Address http://192.168.1.1 User Name admin Password 1234 Firmware Version 1.10 Edition 1, 11/2010 www.zyxel.com www.zyxel.com Copyright © 2010 ZyXEL Communications Corporation...
Page 3: About This User's Guide
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Page 4 In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/ web/contact_us.php for contact information.
Page 5: Document Conventions
Syntax Conventions • The VSG1435-B101 may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch VSG1435-B101 Series User’s Guide...
Page 7: Safety Warnings
Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. •...
Page 8 Safety Warnings VSG1435-B101 Series User’s Guide...
Page 9: Table Of Contents
Contents Overview Contents Overview User’s Guide ........................... 21 Introducing the VSG1435-B101 ....................23 The Web Configurator ....................... 35 Quick Start ..........................43 Tutorials ............................. 45 Technical Reference ......................71 Network Map and Status Screens ..................... 73 Broadband ..........................79 Wireless ............................. 95 Home Networking ........................
Page 10 Contents Overview VSG1435-B101 Series User’s Guide...
Page 11: Table Of Contents
Introducing the VSG1435-B101 ..................... 23 1.1 Overview ..........................23 1.2 Ways to Manage the ZyXEL Device ..................23 1.3 Good Habits for Managing the ZyXEL Device ..............23 1.4 Applications for the ZyXEL Device ..................24 1.4.1 Internet Access ......................24 1.4.2 HomePNA ........................
Page 12 4.7 Configuring Static Route for Routing to Another Network ........... 62 4.8 Configuring QoS Queue and Class Setup ................64 4.9 Access the ZyXEL Device Using DDNS ................67 4.9.1 Registering a DDNS Account on www.dyndns.org ............ 68 4.9.2 Configuring DDNS on Your ZyXEL Device ..............68 4.9.3 Testing the DDNS Setting ..................
Page 13 Table of Contents 6.3.3 VPI and VCI ....................... 91 6.3.4 IP Address Assignment ....................91 6.3.5 NAT ..........................92 6.3.6 Traffic Shaping ......................92 6.3.7 ATM Traffic Classes ....................93 6.3.8 Introduction to VLANs ....................93 Chapter 7 Wireless ........................... 95 7.1 Overview ..........................
Page 14 8.5 Installing UPnP in Windows Example ................138 8.6 Using UPnP in Windows XP Example ................141 8.7 Technical Reference ......................146 8.7.1 LANs, WANs and the ZyXEL Device ................ 147 8.7.2 DHCP Setup ......................147 8.7.3 DNS Server Addresses .................... 147 8.7.4 LAN TCP/IP ......................
Page 15 Table of Contents 12.2.1 Add/Edit Port Forwarding ..................182 12.3 The Applications Screen ....................183 12.3.1 Add New Application ....................184 12.4 The Port Triggering Screen ..................... 185 12.4.1 Add/Edit Port Triggering Rule ................187 12.5 The DMZ Screen ......................189 12.6 The ALG Screen ......................
Page 16 Table of Contents Chapter 16 Firewall........................... 219 16.1 Overview .......................... 219 16.1.1 What You Can Do in this Chapter ................219 16.1.2 What You Need to Know ..................220 16.2 The Firewall Screen ......................221 16.3 The Protocol Screen ....................... 221 16.3.1 Add a Protocol ......................
Page 17 Table of Contents Chapter 21 IPSec ............................249 21.1 Overview .......................... 249 21.1.1 What You Can Do in this Chapter ................249 21.1.2 What You Need to Know ..................250 21.2 The IPSec Status Screen ....................251 21.3 The IPSec Settings Screen .................... 252 21.3.1 Add/Edit IPSec Setting ..................
Page 18 Table of Contents 25.2 The WAN Status Screen ....................278 25.3 The LAN Status Screen ....................280 Chapter 26 IGMP Status .......................... 283 26.1 Overview .......................... 283 26.1.1 What You Can Do in this Chapter ................283 26.2 The IGMP Group Screen ....................283 26.3 IGMP Statistics Screen ....................
Page 19 33.2 The Diagnostic Screen ....................309 Chapter 34 Troubleshooting........................311 34.1 Power, Hardware Connections, and LEDs ...............311 34.2 ZyXEL Device Access and Login ..................312 34.3 Internet Access ........................ 314 34.4 Wireless Internet Access ....................316 Chapter 35 Product Specifications ......................319 35.1 Hardware Specifications ....................
Page 20 Table of Contents VSG1435-B101 Series User’s Guide...
Page 21: User's Guide
User’s Guide...
Page 23: Introducing The Vsg1435-B101
Only use firmware for your ZyXEL Device’s specific model. Refer to the label on the bottom of your ZyXEL Device. The ZyXEL Device has a a USB port used to share files via a USB memory stick or a USB hard drive.
Page 24: Applications For The Zyxel Device
DSL or MODEM jack on a splitter or your telephone jack. You can have up to five WAN services over one ADSL, VDSL or Ethernet WAN line. The ZyXEL Device cannot work in ADSL, VDSL and Ethernet WAN mode at the same time.
Page 25 PPPoE Ethernet You can also configure IP filtering on the ZyXEL Device for secure Internet access. When the IP filter is on, all incoming traffic from the Internet to your network is blocked by default unless it is initiated from your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files.
Page 26: Homepna
HPNA) 3.1, a home networking technology for carrying data over existing coaxial cables and telephone wiring. The figure below shows your ZyXEL Device (A) connecting to a phone line outlet for DSL Internet access and a coaxial outlet to relay Internet connectivity to other coaxial outlets in the building.
Page 27: Hardware Setup
Use the built-in USB 2.0 port to share files on a USB memory stick or a USB hard drive (B). You can connect one USB hard drive to the ZyXEL Device at a time. Use FTP to access the files on the USB device.
Page 28 Chapter 1 Introducing the VSG1435-B101 To connect the stand, line up the arrow on the stand with the arrow on the bottom of the device as shown. Figure 4 Connecting the Stand VSG1435-B101 Series User’s Guide...
Page 29: Hardware Connections
Attach the antenna and point it up. Do one of the following for your Internet connection: DSL WAN: Use a telephone cable to connect your ZyXEL Device’s DSL WAN port to a telephone jack (or the DSL or modem jack on a splitter if you have one).
Page 30: Leds (Lights)
Chapter 1 Introducing the VSG1435-B101 HPNA: (VSG1435-B101 only) Use a coaxial cable to connect to a coaxial outlet and relay Internet traffic throughout your house through coaxial cabling. LAN: Use an Ethernet cable to connect a computer to a LAN port for initial configuration and/or Internet access.
Page 31 Chapter 1 Introducing the VSG1435-B101 None of the LEDs are on if the ZyXEL Device is not receiving power. Table 1 LED Descriptions COLOR STATUS DESCRIPTION POWER Green The ZyXEL Device is receiving power and ready for use. Blinking The ZyXEL Device is self-testing.
Page 32: The Reset Button
1.9 Wireless Access The ZyXEL Device is a wireless Access Point (AP) for wireless clients, such as notebook computers or PDAs and iPads. It allows them to connect to the Internet without having to rely on inconvenient Ethernet cables.
Page 33: Using The Wlan/Wps Button
1.9.1 Using the WLAN/WPS Button If the wireless network is turned off, press the WLAN/WPS button on the front of the ZyXEL Device for two seconds. Once the WLAN/WPS LED turns green, the wireless network is active. You can also use the WLAN/WPS button to quickly set up a secure wireless connection between the ZyXEL Device and a WPS-compatible client by adding one device at a time.
Page 34 Once the connection is successfully made, the WLAN/WPS LED shines green. To turn off the wireless network, press the WLAN/WPS button on the front of the ZyXEL Device for one to five seconds. The WLAN/WPS LED turns off when the wireless network is off.
Page 35: The Web Configurator
Internet Explorer. 2.1.1 Accessing the Web Configurator Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). Launch your web browser. If the ZyXEL Device does not automatically re-direct you to the login screen, go to http://192.168.1.1.
Page 36 Login. For security reasons, you will be temporarily denied access to the ZyXEL Device for a period of time (15 minutes by default) if you have entered the incorrect username and password for a certain number of times (three times by default).
Page 37 The Network Map page appears. Figure 11 Network Map Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for ten minutes (default). If this happens, log in again. Click Status to display the Status screen, where you can view the ZyXEL Device’s interface and system information.
Page 38: Web Configurator Layout
Chapter 2 The Web Configurator 2.2 Web Configurator Layout Figure 12 Screen Layout As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar provides some icons in the upper right corner.
Page 39: Main Window
Chapter 5 on page 75 for more information about the Status screen. 2.2.3 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL Device features. The following tables describe each menu item. Table 3 Navigation Panel Summary...
Page 40 Use this screen to turn UPnP and UPnP NAT-T on or off. Routing Static Route Use this screen to view and set up static routes on the ZyXEL Device. Policy Use this screen to configure policy routing on the ZyXEL Device.
Page 41 Use this screen to view the status of events that occurred to the ZyXEL Device. You can export or e-mail the logs. Security Log Use this screen to view the login record of the ZyXEL Device. You can export or e-mail the logs. Traffic Status Use this screen to view the status of all network traffic going through the WAN port of the ZyXEL Device.
Page 42 Chapter 2 The Web Configurator VSG1435-B101 Series User’s Guide...
Page 43: Quick Start
H A P T E R Quick Start 3.1 Overview Use the Quick Start screens to configure the ZyXEL Device’s time zone and basic Internet access and wireless settings. Note: See the technical reference chapters (starting on page 71) for background information on the features in this chapter.
Page 44 Yes and enter them in the fields that display. Click Next. Figure 14 Internet Connection Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the ZyXEL Device. Click Save. Figure 15 Internet Connection Your ZyXEL Device saves your settings and attempts to connect to the Internet.
Page 45: Tutorials
Configurator. If you connect to the Internet through an ADSL connection, use the information from your Internet Service Provider (ISP) to configure the ZyXEL Device. Be sure to contact your service provider for any information you need to configure the Broadband screens.
Page 46 Chapter 4 Tutorials Click Network Settings > Broadband to open the following screen. Click Add New WAN Interface. In this example, the DSL connection has the following information. General Connection Name MyDSLConnection Type ADSL Connection Mode Routing Encapsulation PPPoE ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode...
Page 47 Chapter 4 Tutorials Configure this rule as your default Internet connection by selecting the Apply as . Then select DNS as Static and enter the DNS server Default Gateway check box addresses provided to you, such as 192.168.5.2 (DNS server1)/192.168.5.1 (DNS server2).
Page 48: Homepna Example Setup
You should see a summary of your new DSL connection setup in the Broadband screen as follows. Try to connect to a website, such as zyxel.com to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens.
Page 49 Chapter 4 Tutorials The figure below shows the hardware setup for this tutorial: Connect your ZyXEL Device to the Internet source. This could be either DSL or Ethernet. Connect the ZyXEL Device’s coaxial port a coaxial outlet in your house. This relays Internet connectivity to other coaxial outlets in other parts of the house.
Page 50: Setting Up A Secure Wireless Network
Thomas wants to set up a wireless network so that he can use his notebook to access the Internet. In this wireless network, the ZyXEL Device serves as an access point (AP), and the notebook is the wireless client. The wireless client can access the Internet through the AP.
Page 51 Go to the Wireless > Others screen and select 802.11b/g/n Mixed in the 802.11 Mode field. Click Apply. Thomas can now use the WPS feature to establish a wireless connection between his notebook and the ZyXEL Device (see Section 4.4.2 on page 52). He can also...
Page 52: Using Wps
ZyXEL Device. Push Button Configuration (PBC) Make sure that your ZyXEL Device is turned on and your notebook is within the cover range of the wireless signal. Make sure that you have installed the wireless client driver and utility in your notebook.
Page 53 Network Settings > Wireless > WPS screen. Enable the WPS function and click Apply. Then click the Connect button. Note: Your ZyXEL Device has a WPS button located on its front panel as well as a WPS button in its configuration utility. Both buttons have exactly the same function: you can use one or the other.
Page 54: Wireless Client
Chapter 4 Tutorials The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both ZyXEL Device and wireless client. Example WPS Process: PBC Method ZyXEL Device Wireless Client...
Page 55 Chapter 4 Tutorials PIN Configuration When you use the PIN configuration method, you need to use both the ZyXEL Device’s web configurator and the wireless client’s utility. Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number.
Page 56: Without Wps
Chapter 4 Tutorials The following figure shows you how to set up a wireless network and its security on a ZyXEL Device and a wireless client by using PIN method. Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES...
Page 57: Setting Up Multiple Wireless Groups
Chapter 4 Tutorials Note: The ZyXEL Device supports IEEE 802.11b and IEEE 802.11g wireless clients. Make sure that your notebook or computer’s wireless adapter supports one of these standards. 4.5 Setting Up Multiple Wireless Groups Company A wants to create different wireless network groups for different types of users as shown in the following figure.
Page 58 Chapter 4 Tutorials Click Network Settings > Wireless to open the General screen. Use this screen to set up the company’s general wireless network group. Configure the screen using the provided parameters and click Apply. Click Network Settings > Wireless > More AP to open the following screen. Click the Edit icon to configure the second wireless network group.
Page 59 Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. In the More AP screen, click the Edit icon to configure the third wireless network group. VSG1435-B101 Series User’s Guide...
Page 60: Setting Up Nat Port Forwarding
SSIDs are active and ready for wireless access. 4.6 Setting Up NAT Port Forwarding Thomas manages the Doom server on a computer behind the ZyXEL Device. In order for players on the Internet (like A in the figure below) to communicate with the Doom server, Thomas needs to configure the port settings and IP address on VSG1435-B101 Series User’s Guide...
Page 61 Chapter 4 Tutorials the ZyXEL Device. Traffic should be forwarded to the port 666 of the Doom server computer which has an IP address of 192.168.1.34. Tutorial: NAT Port Forwarding Setup D=192.168.1.34 port 666 Thomas may set up the port settings by configuring the port settings for the Doom server computer (see Section 12.2 on page 180...
Page 62: Configuring Static Route For Routing To Another Network
In order to extend your Intranet and control traffic flowing directions, you may connect a router to the ZyXEL Device’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings.
Page 63 Chapter 4 Tutorials You need to specify a static routing rule on the ZyXEL Device to specify R as the router in charge of forwarding traffic to N2. In this case, the ZyXEL Device routes traffic from A to R and then R routes the traffic to B.
Page 64: Configuring Qos Queue And Class Setup
Chapter 4 Tutorials Select the Active check box. Enter the Route Name as R. Type 192.168.10.0 and subnet mask 255.255.255.0 for the destination, Type 192.168.1.253 (R’s N1 address) in the Gateway IP Address field. Click Apply. Now B should be able to receive traffic from A. You may need to additionally configure B’s firewall settings to allow specific traffic to pass through.
Page 65 Chapter 4 Tutorials Note: QoS is applied to traffic flowing out of the ZyXEL Device. Traffic that does not match this class is assigned a priority queue based on the internal QoS mapping table on the ZyXEL Device. QoS Example...
Page 66 Chapter 4 Tutorials • Rate Limit: 5,000 (kbps) Tutorial: Advanced > QoS > Queue Setup Click Class Setup > Add new Classifier to create a new class. Check Active and follow the settings as shown in the screen below. Tutorial: Advanced > QoS > Class Setup VSG1435-B101 Series User’s Guide...
Page 67: Access The Zyxel Device Using Ddns
4.9 Access the ZyXEL Device Using DDNS If you connect your ZyXEL Device to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The ZyXEL Device’s WAN IP address changes dynamically. Dynamic DNS (DDNS) allows you to access the ZyXEL Device using a domain name.
Page 68: Registering A Ddns Account On Www.dyndns.org
• Hostname: zyxelrouter.dyndns.org • Service Type: Host with IP address • IP Address: Enter the WAN IP address that your ZyXEL Device is currently using. You can find the IP address on the ZyXEL Device’s Web Configurator Status page.
Page 69: Testing The Ddns Setting
• Enter the user name (UserName1) and password (12345). Click Apply. 4.9.3 Testing the DDNS Setting Now you should be able to access the ZyXEL Device from the Internet. To test this: Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet.
Page 70 Chapter 4 Tutorials In FileZilla enter the IP address of the ZyXEL Device (the default is 192.168.1.1), your account’s user name and password and port 21 and click Quickconnect. A screen asking for password authentication appears. File Sharing via Windows Explorer Once you log in the USB device displays in the folder.
Page 71: Technical Reference
Technical Reference...
Page 73: Network Map And Status Screens
After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the ZyXEL Device and clients connected to You can use the Status screen to look at the current status of the ZyXEL Device, system resources, and interfaces (LAN, WAN, and WLAN).
Page 74 Chapter 5 Network Map and Status Screens If you prefer to view the status in a list, click List View in the Viewing Mode selection box. You can configure how often you want the ZyXEL Device to update this screen in Refresh Interval.
Page 75: The Status Screen
Chapter 5 Network Map and Status Screens 5.3 The Status Screen Use this screen to view the status of the ZyXEL Device. Click Status to open this screen. Figure 18 Status Screen Each field is described in the following table.
Page 76 This field displays what DHCP services the ZyXEL Device is providing to the LAN. Choices are: Server - The ZyXEL Device is a DHCP server in the LAN. It assigns IP addresses to other computers in the LAN. Relay - The ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients.
Page 77 This field displays how long the ZyXEL Device has been running since it Time last started up. The ZyXEL Device starts up when you plug it in, when you restart it (Maintenance > Reboot), or when you reset it. Current This field displays the current date and time in the ZyXEL Device.
Page 78 Chapter 5 Network Map and Status Screens VSG1435-B101 Series User’s Guide...
Page 79: Broadband
6.1 Overview This chapter describes how to configure WAN settings from the Broadband screen. Use this screen to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Page 80: Before You Begin
Chapter 6 Broadband WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the ZyXEL Device tries to access the Internet.
Page 81: The Broadband Screen
ATM QoS This is the type of ATM QoS of the connection. IGMP Proxy This shows whether the ZyXEL Device act as an IGMP proxy on this connection. This shows whether NAT is activated or not for this connection. Default Gateway This shows whether the ZyXEL Device use the WAN interface of this connection as the system default gateway.
Page 82: Add/Edit Broadband
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 83 Chapter 6 Broadband This screen displays when you select the Routing mode and PPPoE encapsulation. Figure 21 Broadband: Add/Edit: ADSL, PPPoE Encapsulation VSG1435-B101 Series User’s Guide...
Page 84 Chapter 6 Broadband The following table describes the labels in this screen. Table 7 Broadband: Add/Edit: Routing Mode LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. Name Specify a descriptive name of up to 15 alphanumeric characters for this connection.
Page 85 • VC/MUX: In VC multiplexing, each protocol is carried on a single ATM virtual circuit (VC). To transport multiple protocols, the ZyXEL Device needs separate VCs. There is a binding between a VC and the type of the network protocol carried on the VC. This reduces payload overhead since there is no need to carry protocol information in each Protocol Data Unit (PDU) payload.
Page 86 Multicast group - it is not used to carry user data. Select this option to have the ZyXEL Device act as an IGMP proxy on this connection. This allows the ZyXEL Device to get subscribing information and maintain a joined member list for each multicast group.
Page 87 Table 7 Broadband: Add/Edit: Routing Mode LABEL DESCRIPTION Select Dynamic if you want the ZyXEL Device use the DNS server addresses assigned by your ISP. Select Static if you want the ZyXEL Device use the DNS server addresses you configure manually.
Page 88 • VC/MUX: In VC multiplexing, each protocol is carried on a single ATM virtual circuit (VC). To transport multiple protocols, the ZyXEL Device needs separate VCs. There is a binding between a VC and the type of the network protocol carried on the VC. This reduces payload overhead since there is no need to carry protocol information in each Protocol Data Unit (PDU) payload.
Page 89 802.1Q Type the VLAN ID number (from 1 to 4094) for traffic through this connection. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to exit this screen without saving. VSG1435-B101 Series User’s Guide...
Page 90: Technical Reference
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 91: Multiplexing
Chapter 6 Broadband 6.3.2 Multiplexing There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the multiplexing method required by your ISP. VC-based Multiplexing In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit;...
Page 92: Nat
Chapter 6 Broadband 6.3.5 NAT NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 93: Atm Traffic Classes
Chapter 6 Broadband 6.3.7 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Page 94 Chapter 6 Broadband In Multi-Tenant Unit (MTU) applications, VLAN is vital in providing isolation and security among the subscribers. When properly configured, VLAN prevents one subscriber from accessing the network resources of another on the same LAN, thus a user will not see the printers and hard disks of another user in the same building.
Page 95: Wireless
• Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 7.2 on page 96). • Use the More AP screen to set up multiple wireless networks on your ZyXEL Device (Section 7.3 on page 105).
Page 96: What You Need To Know
Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the ZyXEL Device from a computer connected to the wireless LAN and you change the ZyXEL Device’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Page 97 Channel Set the channel depending on your particular region. Select a channel or use Auto to have the ZyXEL Device automatically determine a channel to use. If you are having problems with wireless interference, changing the channel may help. Try to use a channel that is as many channels away from any channels used by neighboring APs as possible.
Page 98 Table 9 Network Settings > Wireless > General LABEL DESCRIPTION Passphrase If you set security for the wireless LAN and have the ZyXEL Device Type generate a password, the setting in this field determines how the ZyXEL Device generates the password.
Page 99: No Security
Select No Security to allow wireless stations to communicate with the access points without any data encryption or authentication. Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range.
Page 100: Basic (Wep Encryption)
WEP, use the highest encryption level available. Your ZyXEL Device allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time. In order to configure and enable WEP encryption, click Network Settings >...
Page 101 Password The password (WEP keys) are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same password (WEP key) for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
Page 102: More Secure (Wpa(2)-Psk)
7.2.3 More Secure (WPA(2)-PSK) The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the ZyXEL Device and the connecting client share a common password in order to validate the connection.
Page 103: Wpa(2) Authentication
This field appears when you choose WPA-PSK2 as the Security Mode. Compatible Check this field to allow wireless devices using WPA-PSK security mode to connect to your ZyXEL Device. The ZyXEL Device supports WPA-PSK and WPA2-PSK simultaneously. Encryption Select the encryption type (AES or TKIP+AES) for data encryption.
Page 104 Click more... to show more fields in this section. Click less to hide them. WPA Compatible This field is only available for WPA2. Select this if you want the ZyXEL Device to support WPA and WPA2 simultaneously. VSG1435-B101 Series User’s Guide...
Page 105: The More Ap Screen
7.3 The More AP Screen This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the ZyXEL Device. Click Network Settings > Wireless > More AP. The following screen displays. Figure 29 Network Settings > Wireless > More AP The following table describes the labels in this screen.
Page 106: Edit More Ap
LABEL DESCRIPTION SSID An SSID profile is the set of parameters relating to one of the ZyXEL Device’s BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated. This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
Page 107: Mac Authentication
Click Cancel to exit this screen without saving. 7.4 MAC Authentication This screen allows you to configure the ZyXEL Device to give exclusive access to specific devices (Allow) or exclude specific devices from accessing the ZyXEL Device (Deny). Every Ethernet device has a unique MAC (Media Access Control) address.
Page 108 Chapter 7 Wireless Use this screen to view your ZyXEL Device’s MAC filter settings and add new MAC filter rules. Click Wireless > MAC Authentication. The screen appears as shown. Figure 31 Wireless > MAC Authentication The following table describes the labels in this screen.
Page 109: The Wps Screen
Chapter 7 Wireless 7.5 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your ZyXEL Device. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices.
Page 110: The Wmm Screen
Connect Click this button to add another WPS-enabled wireless device (within wireless range of the ZyXEL Device) to your wireless network. This button may either be a physical button on the outside of device, or a menu button similar to the Connect button on this screen.
Page 111: The Wds Screen
Note: WDS security is independent of the security settings between the ZyXEL Device and any wireless clients. Note: At the time of writing, WDS is compatible with other ZyXEL APs only. Not all models support WDS links. Check your other AP’s documentation.
Page 112 Wireless Bridge Setup AP Mode Select the operating mode for your ZyXEL Device. • Access Point - The ZyXEL Device functions as a bridge and access point simultaneously. • Wireless Bridge - The ZyXEL Device acts as a wireless network bridge and establishes wireless links with other APs.
Page 113: Wds Scan
Click Cancel to restore your previously saved settings. 7.7.1 WDS Scan You can click the Scan icon in Wireless > WDS to have the ZyXEL Device automatically search and display the available APs within range. Select an AP and click Apply to have the ZyXEL Device establish a wireless link with the selected wireless device.
Page 114: The Others Screen
Device scans for the best channel. Enter 0 to disable the periodical scan. Output Power Set the output power of the ZyXEL Device. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs.
Page 115: Technical Reference
Select 802.11b/g/n Mixed to allow IEEE 802.11b, IEEE 802.11g or IEEE802.11n compliant WLAN devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL Device might be reduced. 802.11 Enabling this feature can help prevent collisions in mixed-mode networks Protection (networks with both IEEE 802.11b and IEEE 802.11g traffic).
Page 116 The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your ZyXEL Device is the AP. Every wireless network must follow these basic guidelines.
Page 117: Additional Wireless Terms
By setting this value lower than the default value, the wireless devices must sometimes get permission to send information to the ZyXEL Device. The lower the value, the more often the devices must get permission. If this value is greater than the fragmentation threshold value (see below), then wireless devices never have to get permission to send information to the ZyXEL Device.
Page 118: Wireless Security Overview
The following sections introduce different types of wireless security you can set up in the wireless network. 7.9.3.1 SSID Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the ZyXEL Device does VSG1435-B101 Series User’s Guide...
Page 119: Mac Address Filter
User’s Guide or other documentation. You can use the MAC address filter to tell the ZyXEL Device which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security).
Page 120 Usually, you should set up the strongest encryption that every device in the wireless network supports. For example, suppose you have a wireless network with the ZyXEL Device and you do not have a RADIUS server. Therefore, there is no authentication. Suppose the wireless network has two devices. Device A only supports WEP, and device B supports WEP and WPA.
Page 121: Signal Problems
Chapter 7 Wireless 7.9.4 Signal Problems Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption. Problems with distance occur when the two radios are too far apart. Problems with interference occur when other radio waves interrupt the data signal. Interference may come from other radio transmissions, such as military or air traffic control communications, or from machines that are coincidental emitters such as electric motors or microwaves.
Page 122: Mbssid
Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The ZyXEL Device’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously.
Page 123: Preamble Type
APs you want to link to. Once the security settings of peer sides match one another, the connection between devices is made. At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details.
Page 124: Push Button Configuration
Section 7.6 on page 110). Press the button on one of the devices (it doesn’t matter which). For the ZyXEL Device you must press the WPS button for more than three seconds. Within two minutes, press the button on the other device. The registrar sends the network name (SSID) and security key through an secure connection to the enrollee.
Page 125: Pin Configuration
Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the ZyXEL Device, see Section 7.5 on page 109).
Page 126: How Wps Works
Chapter 7 Wireless The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. Figure 40 Example WPS Process: PIN Method ENROLLEE REGISTRAR This device’s WPS PIN: 123456 Enter WPS PIN from other device: START START...
Page 127 Chapter 7 Wireless The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. Figure 41 How WPS works ACTIVATE ACTIVATE WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes).
Page 128 Chapter 7 Wireless 7.9.9.4 Example WPS Network Setup This section shows how security settings are distributed in an example WPS setup. The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee.
Page 129: Limitations Of Wps
Chapter 7 Wireless point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. Figure 44 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 REGISTRAR CLIENT 2 ENROLLEE 7.9.9.5 Limitations of WPS WPS has some limitations of which you should be aware.
Page 130 Chapter 7 Wireless • When you use the PBC method, there is a short period (from the moment you press the button on one device to the moment you press the button on the other device) when any WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct”...
Page 131: Home Networking
• Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses (Section 8.3 on page 136). • Use the UPnP screen to enable UPnP and UPnP NAT traversal on the ZyXEL Device (Section 8.4 on page 137).
Page 132: What You Need To Know
You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your ZyXEL Device an IP address, subnet mask, DNS and other routing information when it's turned on.
Page 133: Before You Begin
All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0.
Page 134: The Lan Setup Screen
8.2 The LAN Setup Screen Use this screen to set the Local Area Network IP address and subnet mask of your ZyXEL Device. Click Network Settings > Home Networking to open the LAN Setup screen. Follow these steps to configure your LAN settings.
Page 135 LAN IP Setup IP Address Enter the LAN IP address you want to assign to your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Page 136: The Static Dhcp Screen
00:A0:C5:00:00:02. Use this screen to change your ZyXEL Device’s static DHCP settings. Click Network Settings > Home Networking > Static DHCP to open the following screen.
Page 137: The Upnp Screen
Table 26 Static DHCP: Add/Edit LABEL DESCRIPTION Active This field displays whether the client is connected to the ZyXEL Device. MAC Address Enter the MAC address of a computer on your LAN. IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify.
Page 138: Installing Upnp In Windows Example
Chapter 8 Home Networking Use the following screen to configure the UPnP settings on your ZyXEL Device. Click Network Settings > Home Networking > UPnP to display the screen shown next. Figure 48 Network Settings > Home Networking > UPnP The following table describes the labels in this screen.
Page 139 Chapter 8 Home Networking Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication In the Communications window, select the Universal Plug and Play check box in the Components selection box. Add/Remove Programs: Windows Setup: Communication: Components VSG1435-B101 Series User’s Guide...
Page 140 Chapter 8 Home Networking Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections.
Page 141: Using Upnp In Windows Xp Example
UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network Device Click Start and Control Panel.
Page 142 Chapter 8 Home Networking Right-click the icon and select Properties. Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties VSG1435-B101 Series User’s Guide...
Page 143 Chapter 8 Home Networking You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Page 144 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.
Page 145 Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Network Connections: My Network Places VSG1435-B101 Series User’s Guide...
Page 146: Technical Reference
Chapter 8 Home Networking Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Network Connections: My Network Places: Properties: Example 8.7 Technical Reference This section provides some technical background information about the topics covered in this chapter.
Page 147: Lans, Wans And The Zyxel Device
TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Page 148: Lan Tcp/Ip
IP addresses in the DHCP Setup screen. 8.7.4 LAN TCP/IP The ZyXEL Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.
Page 149 Chapter 8 Home Networking The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise.
Page 150 Chapter 8 Home Networking VSG1435-B101 Series User’s Guide...
Page 151: Static Routing
9.1 Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes.
Page 152: The Routing Screen
Chapter 9 Static Routing 9.2 The Routing Screen Use this screen to view and configure the static route rules on the ZyXEL Device. Click Network Settings > Routing > Static Route to open the following screen. Figure 51 Network Settings > Routing > Static Route The following table describes the labels in this screen.
Page 153: Add/Edit Static Route
Chapter 9 Static Routing 9.2.1 Add/Edit Static Route Use this screen to add or edit a static route. Click Add new Static Route Entry in the Routing screen or the Edit icon next to the static route you want to edit. The screen shown next appears.
Page 154 Chapter 9 Static Routing VSG1435-B101 Series User’s Guide...
Page 155: Quality Of Service (Qos)
Configure QoS on the ZyXEL Device to group and prioritize application traffic and fine-tune network performance. Setting up QoS involves these steps: Configure classifiers to sort traffic into different flows.
Page 156: What You Need To Know
Bursty traffic may cause network congestion. Traffic shaping regulates packets to be transmitted with a pre-configured data transmission rate using buffers (or queues). Your ZyXEL Device uses the Token Bucket algorithm to allow a certain amount of large bursts while keeping a limit at the average rate.
Page 157: The Quality Of Service General Screen
(Before Traffic Policing) (After Traffic Policing) The ZyXEL Device supports three incoming traffic metering algorithms: Token Bucket Filter (TBF), Single Rate Two Color Maker (srTCM), and Two Rate Two Color Marker (trTCM). You can specify actions which are performed on the colored packets.
Page 158: The Queue Setup Screen
100 Mbps. You can set this number higher than the interfaces’ actual transmission speed. The ZyXEL Device uses up to 95% of the DSL port’s actual upstream transmission speed even if you set this number higher than the DSL port’s actual transmission speed.
Page 159 A gray bulb signifies that this queue is not active. Name This shows the descriptive name of this queue. Interface This shows the name of the ZyXEL Device’s interface through which traffic in this queue passes. Priority This shows the priority of this queue. Weight This shows the weight of this queue.
Page 160: Adding A Qos Queue
Weight Select the weight (from 1 to 8) of this queue. If two queues have the same priority level, the ZyXEL Device divides the bandwidth across the queues according to their weights. Queues with larger weights get more bandwidth than queues with smaller weights.
Page 161: The Class Setup Screen
(such as Telnet) to form a flow. You can give different priorities to traffic that the ZyXEL Device forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly.
Page 162 Chapter 10 Quality of Service (QoS) Table 33 Network Settings > QoS > Class Setup LABEL DESCRIPTION To Queue This is the name of the queue in which traffic of this classifier is put. Modify Click the Edit icon to edit the classifier. Click the Delete icon to delete an existing classifier.
Page 163: Add/Edit Qos Class
Chapter 10 Quality of Service (QoS) 10.5.1 Add/Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen. Figure 57 Class Setup: Add/Edit VSG1435-B101 Series User’s Guide...
Page 164 Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 34 Class Setup: Add/Edit LABEL DESCRIPTION Active Select this to enable this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces.
Page 165 Chapter 10 Quality of Service (QoS) Table 34 Class Setup: Add/Edit LABEL DESCRIPTION MAC Mask Type the mask for the specified MAC address to determine which bits a packet’s MAC address should match. Enter “f” for each bit of the specified source MAC address that the traffic’s MAC address should match.
Page 166 DSCP Mark This field is available only when you select IP in the Ether Type field. If you select Mark, enter a DSCP value with which the ZyXEL Device replaces the DSCP field in the packets. If you select Unchange, the ZyXEL Device keep the DSCP field in the packets.
Page 167: The Qos Policer Setup Screen
Chapter 10 Quality of Service (QoS) 10.6 The QoS Policer Setup Screen Use this screen to configure QoS policers that allow you to limit the transmission rate of incoming traffic. Click Network Settings > QoS > Policer Setup. The screen appears as shown. Figure 58 Network Settings >...
Page 168: Add/Edit A Qos Policer
Chapter 10 Quality of Service (QoS) 10.6.1 Add/Edit a QoS Policer Click Add new Officer in the Policer Setup screen or the Edit icon next to a policer to show the following screen. Figure 59 Policer Setup: Add/Edit The following table describes the labels in this screen. Table 36 Policer Setup: Add/Edit LABEL DESCRIPTION...
Page 169: The Qos Monitor Screen
Click Cancel to exit this screen without saving. 10.7 The QoS Monitor Screen To view the ZyXEL Device’s QoS packet statistics, click Network Settings > QoS > Monitor. The screen appears as shown. Figure 60 Network Settings > QoS > Monitor The following table describes the labels in this screen.
Page 170: Technical Reference
Drop Rate This shows how many packets assigned to this queue are dropped. 10.8 Technical Reference The following section contains additional technical information about the ZyXEL Device features described in this chapter. IEEE 802.1Q Tag The IEEE 802.1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges.
Page 171 Chapter 10 Quality of Service (QoS) DiffServ QoS is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types. DiffServ (Differentiated Services) is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow.
Page 172 Chapter 10 Quality of Service (QoS) Automatic Priority Queue Assignment If you enable QoS on the ZyXEL Device, the ZyXEL Device can automatically base on the IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class.
Page 173 • After a packet is transmitted, a number of tokens corresponding to the packet size is removed from the bucket. • If there are no tokens in the bucket, the ZyXEL Device stops transmitting until enough tokens are generated. • If not enough tokens are available, the ZyXEL Device treats the packet in either...
Page 174 • After a packet is transmitted, a number of tokens corresponding to the packet size is removed from the CBS bucket. • If there are not enough tokens in the CBS bucket, the ZyXEL Device checks the EBS bucket. The packet is marked yellow if there are sufficient tokens in the EBS bucket.
Page 175: Policy Forwarding
Policy Forwarding 11.1 Overview Traditionally, routing is based on the destination address only and the ZyXEL Device takes the shortest path to forward a packet. Policy forwarding allows the ZyXEL Device to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 176: Add/Edit Policy Forwarding
Chapter 11 Policy Forwarding Table 40 Network Settings > Routing > Policy Forwarding LABEL DESCRIPTION Source IP This is the source IP address. Source This is the source subnet mask address. Subnet Mask Protocol This is the transport layer protocol. SourcePort This is the source port number.
Page 177 Chapter 11 Policy Forwarding Table 41 Policy Forwarding: Add/Edit LABEL DESCRIPTION Select a WAN interface through which the traffic is sent. You must have the WAN interface(s) already configured in the Broadband screens. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
Page 178 Chapter 11 Policy Forwarding VSG1435-B101 Series User’s Guide...
Page 179: Network Address Translation (Nat)
185). • Use the DMZ screen to configure a default server (Section 12.5 on page 189). • Use the ALG screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device (Section 12.6 on page 190). • Use the Sessions screen to limit the number of concurrent NAT sessions all clients can use (Section 12.7 on page...
Page 180: The Port Forwarding Screen
Chapter 12 Network Address Translation (NAT) Global/Local Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.
Page 181 Chapter 12 Network Address Translation (NAT) Note: Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Page 182: Add/Edit Port Forwarding
Chapter 12 Network Address Translation (NAT) The following table describes the fields in this screen. Table 42 Network Settings > NAT > Port Forwarding LABEL DESCRIPTION Add new rule Click this to add a new rule. This is the index number of the entry. Status This field displays whether the NAT rule is active or not.
Page 183: The Applications Screen
External Start Port field above. Internal Start This shows the port number to which you want the ZyXEL Device to Port translate the incoming port. For a range of ports, enter the first number of the range to which you want the incoming ports translated.
Page 184: Add New Application
Chapter 12 Network Address Translation (NAT) To access this screen, click Network Settings > NAT > Applications. The following screen appears. Figure 66 Network Settings > NAT > Applications The following table describes the labels in this screen. Table 44 Network Settings > NAT > Applications LABEL DESCRIPTION Add new...
Page 185: The Port Triggering Screen
WAN port receives a response with a specific port number and protocol ("open" port), the ZyXEL Device forwards the traffic to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner.
Page 186 Figure 68 Trigger Port Forwarding Process: Example Jane requests a file from the Real Audio server (port 7070). Port 7070 is a “trigger” port and causes the ZyXEL Device to record Jane’s computer IP address. The ZyXEL Device associates Jane's computer IP address with the "open"...
Page 187: Add/Edit Port Triggering Rule
Trigger Port The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN. Start This is the first port number that identifies a service.
Page 188 The trigger port is a port (or a range of ports) that causes (or triggers) Port the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN. Type a port number or the starting port number in a range of port numbers.
Page 189: The Dmz Screen
Address ports that are not specified in the NAT Port Forwarding screen. Note: If you do not assign a Default Server Address, the ZyXEL Device discards all packets received for ports that are not specified in the NAT Port Forwarding screen.
Page 190: The Alg Screen
SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG. Use this screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device. To access this screen, click Network Settings > NAT > ALG.
Page 191: Technical Reference
This part contains more information regarding NAT. 12.8.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Page 192: What Nat Does
If you do not define any servers (for Many-to-One and Many-to- Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
Page 193: How Nat Works
IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored.
Page 194: Nat Application
Chapter 12 Network Address Translation (NAT) 12.8.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Figure 75 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table.
Page 195 Chapter 12 Network Address Translation (NAT) Table 52 Services and Port Numbers SERVICES PORT NUMBER SNMP trap PPTP (Point-to-Point Tunneling Protocol) 1723 Port Forwarding Example Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 196 Chapter 12 Network Address Translation (NAT) VSG1435-B101 Series User’s Guide...
Page 197: Dynamic Dns Setup
DNS queries for certain domain names through a specific WAN interface to its DNS server(s). The ZyXEL Device uses a system DNS server (in the order you specify in the Broadband screen) to resolve domain names that do not match any DNS routing entry.
Page 198: What You Can Do In This Chapter
• Use the DNS Entry screen to view, configure, or remove DNS routes (Section 13.2 on page 199). • Use the Dynamic DNS screen to enable DDNS and configure the DDNS settings on the ZyXEL Device (Section 13.3 on page 200). 13.1.2 What You Need To Know DYNDNS Wildcard Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be...
Page 199: The Dns Entry Screen
If you have a private WAN IP address, then you cannot use Dynamic DNS. 13.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the ZyXEL Device. Click Advanced > DNS Setting to open the DNS Entry screen.
Page 200: Add/Edit Dns Entry
Chapter 13 Dynamic DNS Setup 13.2.1 Add/Edit DNS Entry You can manually add or edit the ZyXEL Device’s DNS name and IP address entry. Click Add new DNS entry in the DNS Entry screen or the Edit icon next to the entry you want to edit.
Page 201 Select your Dynamic DNS service provider from the drop-down list box. Provider Hostname Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (",").
Page 202 Chapter 13 Dynamic DNS Setup VSG1435-B101 Series User’s Guide...
Page 203: Igmp
H A P T E R IGMP 14.1 Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group - it is not used to carry user data.
Page 204 There should only be one upstream interface (also known as the query port) for one query VLAN on the ZyXEL Device. A downstream interface is a port that connects to a host (such as a computer).
Page 205 Proxy Hosts The ZyXEL Device will not respond to IGMP join and leave messages on the upstream interface. The ZyXEL Device only responds to IGMP query messages on the upstream interface. The ZyXEL Device sends IGMP query messages to the hosts that are members of the query VLAN.
Page 206: The Igmp General Screen
Specify how many seconds the host allots for gathering membership Interval information from directly connected networks before it sends a report. Robustness This is the number of times the host sends a report to the ZyXEL Value Device when the ZyXEL Device queries for the host’s status. IGMP Packet Select one or more of these fields to increase the IGMP network’s...
Page 207 224.0.0.1, the all-hosts multicast address. destination IP is not 224.0.0.1 Apply Click this button to save your settings back to the ZyXEL Device. Cancel Click Cancel to restore your previously saved settings. VSG1435-B101 Series User’s Guide...
Page 208: Igmp Filter Configuration
Chapter 14 IGMP 14.3 IGMP Filter Configuration Use this screen to control IGMP access. Click Network Settings > IGMP Setting > IGMP Filter to open the following screen. Figure 83 Network Settings > IGMP Setting > IGMP Filter The following table describes the fields in this screen. Table 57 Network Settings >...
Page 209 This table lists the LAN computers the ZyXEL Device has detected. LAN Host IP This is the IP address of a computer on the ZyXEL Device’s LAN. Type This shows whether or not the LAN device is a Set Top Box (STB).
Page 210: Igmp Host Limitation Edit
Chapter 14 IGMP 14.3.1 IGMP Host Limitation Edit Use this screen to control a LAN host’s access to IGMP services through the ZyXEL Device. Click Network Settings > IGMP Setting > IGMP Filter and then a LAN host’s Edit icon to open the following screen.
Page 211: Igmp Service Add
This column lists the multicast groups and subnet masks for this IGMP service domain. Modify Click the Delete icon to delete the entry. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to exit this screen without saving. VSG1435-B101 Series User’s Guide...
Page 212: Igmp Host Limitation Add
Specify the name of the IGMP multicast service domain to which you want to block or allow access. LAN Host Select the IP address of one of the ZyXEL Device’s LAN hosts. IGMP Enabled Select whether or not the LAN device using the specified IP address is allowed to use the IGMP multicast service domain.
Page 213: Igmp Acl Configuration
Select White List to allow access to only specific multicast channels and block access to other multicast channels. Select Disabled to have the ZyXEL Device not restrict which multicast channels the multimedia devices on the LAN can access. Add a new rule Click this to create a new IGMP ACL rule.
Page 214: Igmp Acl Add
Select White List to have this entry allow access to the specified multicast IP address. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to exit this screen without saving. VSG1435-B101 Series User’s Guide...
Page 215: Interface Group
Interface Group 15.1 Overview By default, all LAN and WAN interfaces on the ZyXEL Device are in the same group and can communicate with each other. Create interface groups to have the ZyXEL Device assign the IP addresses in different domains to different groups. Each group acts as an independent network on the ZyXEL Device.
Page 216 LAN Interfaces This shows the LAN interfaces in the group. DHCP Vendor IDs The ZyXEL Device automatically adds LAN hosts sending traffic with any of the Vendor Class Identifiers listed here to the interface group. This field is blank if you do not have the ZyXEL Device automatically add clients to the interface group based on their Vendor Class Identifiers.
Page 217: Interface Group Configuration
Chapter 15 Interface Group 15.2.1 Interface Group Configuration Click the Add New Interface Group button in the Interface Group screen to open the following screen. Use this screen to create a new interface group. Note: An interface can belong to only one group at a time. Figure 91 Interface Group Configuration The following table describes the fields in this screen.
Page 218 DHCP Vendor IDs Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to exit this screen without saving. VSG1435-B101 Series User’s Guide...
Page 219: Firewall
Firewall 16.1 Overview This chapter shows you how to enable and configure the ZyXEL Device firewall. Use the firewall to protect your ZyXEL Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Page 220: What You Need To Know
Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks.
Page 221: The Firewall Screen
Chapter 16 Firewall 16.2 The Firewall Screen Use this screen to set the security level of the firewall on the ZyXEL Device. Firewall rules are grouped based on the direction of travel of packets to which they apply. Click Security Settings > Firewall to display the following screen.
Page 222 Chapter 16 Firewall Click Security Settings > Firewall > Protocol to display the following screen. Figure 94 Security Settings > Firewall > Protocol The following table describes the labels in this screen. Table 66 Security Settings > Firewall > Protocol LABEL DESCRIPTION Add New...
Page 223: Add A Protocol
Chapter 16 Firewall 16.3.1 Add a Protocol Use this screen to add a customized service rule that you can use in the firewall’s ACL rule configuration. Click Add New Protocol Entry in the Protocol screen to display the following screen. Figure 95 Security Settings >...
Page 224: The Access Control Screen
Chapter 16 Firewall Table 67 Security Settings > Firewall > Protocol > Add LABEL DESCRIPTION Ports/ For TCP, UDP, ICMP, or TCP/UDP protocol rules this shows the port Protocol number or range that defines the custom service. For other IP protocol Number rules this shows the protocol number.
Page 225 Chapter 16 Firewall Table 68 Security Settings > Firewall > Access Control LABEL DESCRIPTION Src IP This displays the source IP addresses to which this rule applies. Please note that a blank source address is equivalent to Any. Dst IP This displays the destination IP addresses to which this rule applies.
Page 226: Add/Edit An Acl Rule
Chapter 16 Firewall 16.4.1 Add/Edit an ACL Rule Click Add New ACL Rule or the Edit icon next to an existing ACL rule in the Access Control screen. The following screen displays. Figure 97 Security Settings > Firewall > Access Control > Add/Edit The following table describes the labels in this screen.
Page 227 Chapter 16 Firewall Table 69 Security Settings > Firewall > Access Control > Add/Edit (continued) LABEL DESCRIPTION Select Protocol Select the transport layer protocol that defines your customized port from the drop-down list box. The specific protocol rule sets you add in the Security Settings >...
Page 228 Chapter 16 Firewall VSG1435-B101 Series User’s Guide...
Page 229: Mac Filter
MAC Filter 17.1 Overview This screen allows you to configure the ZyXEL Device to give exclusive access to specific devices or exclude specific devices from accessing the ZyXEL Device. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 230 Select Enable to activate the MAC filter function. Otherwise, select Disable. Add new devices to the Select this check box if you want the ZyXEL Device to Allow List automatically automatically add the newly connected devices to the Allow List.
Page 231: Parental Control
Parental control allows you to permit or block access to certain web sites from home network computers. You can define time periods and days during which the ZyXEL Device performs parental control on a specific user in the Security Settings > Scheduler Rules...
Page 232: Add/Edit Parental Control Rule
Add new rule Click this to create a new parental control rule. This is the index number of the rule. PC Name/IP/MAC The ZyXEL Device allows or prohibits the users from viewing the Web sites with the URLs listed below. Access Type This shows the access type that is applied on the user to the web site of this rule.
Page 233 If you select Block All, the ZyXEL Device blocks access to all URLs. Web Site Enter the URL of web site to which the ZyXEL Device blocks or allows access. Click Add to add this URL to the list below.
Page 234 Chapter 18 Parental Control VSG1435-B101 Series User’s Guide...
Page 235: Scheduler Rules
H A P T E R Scheduler Rules 19.1 Overview You can define time periods and days during which the ZyXEL Device performs scheduled rules of certain features (such as Firewall Access Control, Parental Control) on a specific user in the Scheduler Rules screen.
Page 236: Add/Edit A Schedule
Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this schedule. Select check boxes for the days that you want the ZyXEL Device to perform this scheduler rule. Time if Day Enter the time period of each day, in 24-hour format, during which Range parental control will be enforced.
Page 237: Certificates
CyberTrust or VeriSign and government certification authorities. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority's public key to verify the certificates. You can use the ZyXEL Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority.
Page 238: The Local Certificates Screen
The following table describes the labels in this screen. Table 75 Security Settings > Certificates > Local Certificates LABEL DESCRIPTION Create Click this button to go to the screen where you can have the ZyXEL Certificate Device generate a certification request. Request Import...
Page 239: Create Certificate Request
After you click Apply, the following screen displays to notify you that you need to get the certificate request signed by a Certificate Authority. If you already have, click Load_Signed to import the signed certificate into the ZyXEL Device. Otherwise click Back to return to the Local Certificates screen.
Page 240: Load Signed Certificate
20.3.2 Load Signed Certificate After you create a certificate request and have it signed by a Certificate Authority, in the Local Certificates screen click the certificate request’s Load Signed icon to import the signed certificate into the ZyXEL Device. VSG1435-B101 Series User’s Guide...
Page 241: Import Certificate
Click Back to return to the previous screen. 20.3.3 Import Certificate Click Security Settings > Local Certificates and then Import Certificate to open the Import Local Certificate screen. Follow the instructions in this screen to save an existing certificate to the ZyXEL Device. VSG1435-B101 Series User’s Guide...
Page 242 Import Click this check box to open a screen where you can save the certificate of a from file certification authority that you trust, from your computer to the ZyXEL Device. Certificate Type up to 63 ASCII characters (not including spaces) to identify this Name certificate.
Page 243: Certificate Details
Copy and paste the certificate into the text box to store it on the ZyXEL Device. Private Copy and paste the private key into the text box to store it on the ZyXEL Device. Apply Click Apply to save your changes.
Page 244 Chapter 20 Certificates Figure 109 Certificate Details The following table describes the labels in this screen. Table 80 Certificate Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 63 characters to identify this certificate.
Page 245: The Trusted Ca Screen
Click Security Settings > Certificates > Trusted CA to open the following screen. This screen displays a summary list of certificates of the certification authorities that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy;...
Page 246: View Trusted Ca Certificate
Chapter 20 Certificates Table 81 Security Settings > Certificates > Trusted CA (continued) LABEL DESCRIPTION Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), OU (Organizational Unit or department), Organization (O), State (ST) and Country (C). It is recommended that each certificate have unique subject information.
Page 247: Import Trusted Ca Certificate
20.4.2 Import Trusted CA Certificate Click the Import Certificate button in the Trusted CA screen to open the following screen. The ZyXEL Device trusts any valid certificate signed by any of the imported trusted CA certificates. Figure 112 Trusted CA: Import Certificate...
Page 248 Click this check box to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the ZyXEL Device. Certificate Name Enter the name that identifies this certificate. The certificate name should not exceed 63 ASCII characters (not including spaces).
Page 249: Ipsec
H A P T E R IPSec 21.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Page 250: What You Need To Know
Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The ZyXEL Device has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP...
Page 251: The Ipsec Status Screen
This is the static WAN IP address or URL of the remote IPSec router. Gateway Local This is the IP address of computer(s) on your local network behind your Addresses ZyXEL Device. Remote This is the IP address of computer(s) on the remote network behind the Addresses remote IPSec router.
Page 252: The Ipsec Settings Screen
Chapter 21 IPSec 21.3 The IPSec Settings Screen The following figure helps explain the main fields in the web configurator. Figure 117 IPSec Summary Fields Remote Network Local Network Remote IPSec Router VPN Tunnel Remote IP Address Local IP Address My IP Address Secure Gateway IP Address Local and remote IP addresses must be static.
Page 253: Add/Edit Ipsec Setting
Click Add New Connection or a policy’s Edit icon in the IPSec > Settings screen to edit VPN policies. Note: The ZyXEL Device uses the system default gateway interface’s WAN IP address as its WAN IP address to set up a VPN tunnel.
Page 254 IPSec Type up to 39 alphanumeric characters to identify this VPN policy. You Connection may use spaces, underscores and dashes, but the ZyXEL Device drops Name trailing spaces. Remote IPSec Type the WAN IP address or the URL (up to 31 characters) of the IPSec Gateway router with which you're making the VPN connection.
Page 255 Table 87 Settings > Add/Edit: Auto(IKE) LABEL DESCRIPTION Tunnel access Specify the IP addresses of the devices behind the ZyXEL Device that from local IP can use the VPN tunnel. The local IP addresses must correspond to the addresses remote IPSec router's configured remote IP addresses.
Page 256 Local/Remote ID Content field. When you select DNS or E-mail in the Local/Remote ID Type field, type a domain name or e-mail address by which to identify this ZyXEL Device in the Local/Remote ID Content field. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated.
Page 257: Manual Key Setup
Chapter 21 IPSec Table 87 Settings > Add/Edit: Auto(IKE) LABEL DESCRIPTION Encryption Select DES, 3DES, AES-128, ES-192 or AES-256 from the drop- Algorithm down list box. When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
Page 258: Configuring Manual Key
IPSec Type up to 39 alphanumeric characters to identify this VPN policy. You Connection may use spaces, underscores and dashes, but the ZyXEL Device drops Name trailing spaces. Remote IPSec Type the WAN IP address or the URL (up to 31 characters) of the IPSec Gateway router with which you're making the VPN connection.
Page 259 Table 88 IPSec Settings > Add/Edit: Manual LABEL DESCRIPTION Tunnel access Specify the IP addresses of the devices behind the ZyXEL Device that from local IP can use the VPN tunnel. The local IP addresses must correspond to the addresses remote IPSec router's configured remote IP addresses.
Page 260: Technical Reference
Chapter 21 IPSec Table 88 IPSec Settings > Add/Edit: Manual LABEL DESCRIPTION Encryption Select DES, 3DES, AES(aes-cbc) or ESP_NULL from the drop-down Algorithm list box. When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
Page 261: Ipsec Architecture
Chapter 21 IPSec 21.4.1 IPSec Architecture The overall IPSec architecture is shown as follows. Figure 121 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).
Page 262: Encapsulation
Chapter 21 IPSec 21.4.2 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. At the time of writing, the ZyXEL Device supports Tunnel mode only. Figure 122 Transport and Tunnel Mode IPSec Encapsulation Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet.
Page 263: Ike Phases
• Set the IPSec SA lifetime. This field allows you to determine how long the IPSec SA should stay up before it times out. The ZyXEL Device automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires.
Page 264: Negotiation Mode
21.4.5 IPSec and NAT Read this section if you are running IPSec on a host computer behind the ZyXEL Device. NAT is incompatible with the AH protocol in both Transport and Tunnel mode.
Page 265: Vpn, Nat, And Nat Traversal
VPN device at the receiving end finds a mismatch between the hash value and the data and assumes that the data has been maliciously altered. NAT is not normally compatible with ESP in transport mode either, but the ZyXEL Device’s NAT Traversal feature provides a way to handle this. NAT traversal allows you to set up an IKE SA when there are NAT routers between the two IPSec routers.
Page 266: Id Type And Content
PROTOCOL Transport Tunnel Transport Tunnel Y* - This is supported in the ZyXEL Device if you enable NAT traversal. 21.4.7 ID Type and Content With aggressive negotiation mode (see Section 21.4.4 on page 264), the ZyXEL Device identifies incoming SAs by ID type and content since this identifying information is not encrypted.
Page 267: Id Type And Content Examples
The two ZyXEL Devices in this example cannot complete their negotiation because ZyXEL Device B’s Local ID type is IP, but ZyXEL Device A’s Remote ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG.
Page 268: Diffie-Hellman (Dh) Key Groups
Chapter 21 IPSec 21.4.9 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie- Hellman is used within IKE SA setup to establish session keys. 768-bit, 1024-bit 1536-bit, 2048-bit, and 3072-bit Diffie-Hellman groups are supported.
Page 269: Service Control
H A P T E R Service Control 22.1 Overview This chapter provides information on the Service Control screens. Service Control allows you to manage your ZyXEL Device from a remote location through the following interfaces: • LAN • WAN Note: The ZyXEL Device is managed using the Web Configurator.
Page 270 Certificate HTTPS Certificate Select a certificate the HTTPS server (the ZyXEL Device) uses to authenticate itself to the HTTPS client. You must have certificates already configured in the Certificates screen.
Page 271: Arp Table
H A P T E R ARP Table 23.1 Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long.
Page 272: Arp Table Screen
Chapter 23 ARP Table 23.2 ARP Table Screen Use the ARP table to view IP-to-MAC address mapping(s). To open this screen, click System Monitor > ARP Table. Figure 126 System Monitor > ARP Table The following table describes the labels in this screen. Table 95 System Monitor >...
Page 273: Logs
The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Page 274: The System Log Screen
Chapter 24 Logs Refer to the documentation of your syslog program for details. The following table describes the syslog severity levels. Table 96 Syslog Severity Levels CODE SEVERITY Emergency: The system is unusable. Alert: Action must be taken immediately. Critical: The system condition is critical. Error: There is an error condition on the system.
Page 275: The Security Log Screen
Level Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the ZyXEL Device searches through all logs of that severity or higher. Category Select the type of logs to display.
Page 276 Level Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the ZyXEL Device searches through all logs of that severity or higher. Category Select the type of logs to display.
Page 277: Traffic Status
H A P T E R Traffic Status 25.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN and LAN interfaces. 25.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 25.2 on page 278).
Page 278: The Wan Status Screen
25.2 The WAN Status Screen Click System Monitor > Traffic Status to open the WAN screen. The figure in this screen shows the number of bytes received and sent on the ZyXEL Device. Figure 129 System Monitor > Traffic Status > WAN The following table describes the fields in this screen.
Page 279 Chapter 25 Traffic Status Table 99 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface.
Page 280: The Lan Status Screen
25.3 The LAN Status Screen Click System Monitor > Traffic Status > LAN to open the following screen. The figure in this screen shows the interface that is currently connected on the ZyXEL Device. Figure 130 System Monitor > Traffic Status > LAN The following table describes the fields in this screen.
Page 281 Chapter 25 Traffic Status Table 100 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface.
Page 282 Chapter 25 Traffic Status VSG1435-B101 Series User’s Guide...
Page 283: Igmp Status
284). 26.2 The IGMP Group Screen Use this screen to look at the current list of multicast groups the ZyXEL Device has joined and which ports have joined it. To open this screen, click System Monitor > IGMP Group Status > IGMP Group.
Page 284: Igmp Statistics Screen
(sec) from when the IGMP multicast group was joined to when it was left. Total Joins This field displays the total number of Join packets the ZyXEL Device has received for this IGMP multicast group. Total Leaves This field displays the total number of Leave packets the ZyXEL Device has received for this IGMP multicast group.
Page 285 LAN IP address joined the IGMP multicast group to when it left. Total Joins This field displays the total number of Join packets the ZyXEL Device has received from this LAN IP address. Total Leaves This field displays the total number of Leave packets the ZyXEL Device has received from this LAN IP address.
Page 286 Chapter 26 IGMP Status VSG1435-B101 Series User’s Guide...
Page 287: Users Configuration
Users Configuration 27.1 Overview In the Users Configuration screen, you can view, add, and configure user accounts of the ZyXEL Device. 27.2 The Users Configuration Screen Click Maintenance > Users Configuration to open the following screen. Figure 133 Maintenance > Users Configuration...
Page 288 Lock Period This field indicates the number of minutes for the lockout period. A user cannot log into the ZyXEL Device during the lockout period, even if he/ she enters correct account information. Group This field displays the login account type of the user.
Page 289: Add/Edit A Users Account
Chapter 27 Users Configuration 27.2.1 Add/Edit a Users Account Use this screen to add or edit a users account. Click Add new user in the Users Configuration screen or the Edit icon next to the user account you want to edit. The screen shown next appears.
Page 290 Enter a number of days to specify how many days this user’s password is available. Retry Times The ZyXEL Device can lock a user out if you use a wrong user name or password to log in the ZyXEL Device. Enter up to how many times a user can re-enter his/her account information before the ZyXEL Device locks the user out.
Page 291: Remote Management
RPCs are sent in Extensible Markup Language (XML) format over HTTP or HTTPS. An administrator can use an ACS to remotely set up the ZyXEL Device, modify settings, perform firmware upgrades as well as monitor and diagnose the ZyXEL Device.
Page 292 Chapter 28 Remote Management Click Maintenance > Remote Management > TR-069 Client to open the following screen. Use this screen to configure your ZyXEL Device to be managed by an ACS. Figure 135 Maintenance > Remote Management > TR-069 Client The following table describes the fields in this screen.
Page 293: The Tr-064 Screen
Password password is used to authenticate the ACS. Connection This shows the connection request URL. Request URL The ACS can use this URL to make a connection request to the ZyXEL Device. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
Page 294 Chapter 28 Remote Management VSG1435-B101 Series User’s Guide...
Page 295: Time Settings
29.2 The Time Setting Screen To change your ZyXEL Device’s time and date, click Maintenance > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 137 Maintenance > Time Setting...
Page 296 LABEL DESCRIPTION Current Date/Time System Time This field displays the time and fate of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time and date with the time server. NTP Time Server First ~ Fifth NTP Select an NTP time server from the drop-down list box.
Page 297 Chapter 29 Time Settings Table 107 Maintenance > Time Setting LABEL DESCRIPTION End rule Configure the day and time when Daylight Saving Time ends if you enabled Daylight Saving. You can select a specific date in a particular month or a specific day of a specific week in a particular month. The Time field uses the 24 hour format.
Page 298 Chapter 29 Time Settings VSG1435-B101 Series User’s Guide...
Page 299: Logs Setting
H A P T E R Logs Setting 30.1 Overview You can configure where the ZyXEL Device sends logs and which logs and/or immediate alerts the ZyXEL Device records in the Logs Setting screen. 30.2 The Log Settings Screen To change your ZyXEL Device’s log settings, click Maintenance > Logs Setting.
Page 300 Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via E-mail. Send Alarm to Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs.
Page 301: Example E-Mail Log
Select the categories of system logs that you want to record. Security Log Select the categories of security logs that you want to record. Send Select log categories for which you want the ZyXEL Device to send E-mail immediate alerts immediately. alert Apply Click Apply to save your changes.
Page 302 Chapter 30 Logs Setting VSG1435-B101 Series User’s Guide...
Page 303: Firmware Upgrade
H A P T E R Firmware Upgrade 31.1 Overview This chapter explains how to upload new firmware to your ZyXEL Device. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance.
Page 304 After you see the firmware updating screen, wait two minutes before logging into the ZyXEL Device again. Figure 141 Firmware Uploading The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
Page 305: Configuration
Backup Configuration Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Page 306 Chapter 32 Configuration Click Backup to save the ZyXEL Device’s current configuration to your computer. Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 110 Restore Configuration...
Page 307 Figure 146 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears. Figure 147 Reset Warning Message Figure 148 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device.
Page 308: The Reboot Screen
System restart allows you to reboot the ZyXEL Device remotely without turning the power off. You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Reboot. Click Reboot to have the ZyXEL Device reboot.
Page 309: Diagnostic
You can use different diagnostic methods to test a connection and see detailed results. These read-only screens display information to help you identify problems with the ZyXEL Device. 33.2 The Diagnostic Screen Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance >...
Page 310 Chapter 33 Diagnostic The following table describes the fields in this screen. Table 111 Maintenance > Diagnostic > Ping & TraceRoute & NsLookup LABEL DESCRIPTION URL or IP Type the IP address of a computer that you want to perform ping, Address traceroute, or nslookup in order to test a connection.
Page 311: Troubleshooting
The ZyXEL Device does not turn on. None of the LEDs turn on. Make sure the ZyXEL Device is turned on. Make sure you are using the power adaptor or cord included with the ZyXEL Device. Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source.
Page 312: Zyxel Device Access And Login
If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Page 313 • Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings and firewall rules to find out why the ZyXEL Device does not respond to HTTP.
Page 314: Internet Access
LAN in the ZyXEL Device and your wireless client and that the wireless settings in the wireless client are the same as the settings in the ZyXEL Device. Disconnect all the cables from your device, and follow the directions in Section 1.6...
Page 315 Chapter 34 Troubleshooting I cannot access the Internet through a DSL connection. Make sure you have the DSL WAN port connected to a telephone jack (or the DSL or modem jack on a splitter if you have one). Make sure you configured a proper DSL WAN interface (Network Settings > Broadband screen) with the Internet account information provided by your ISP and that it is enabled.
Page 316: Wireless Internet Access
Chapter 34 Troubleshooting I cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device), but my Internet connection is not available anymore. Your session with the ZyXEL Device may have expired. Try logging into the ZyXEL Device again.
Page 317 Wireless security is vital to your network. It protects communications between wireless stations, access points and the wired network. The available security modes in your ZyXEL device are as follows: • WPA2-PSK: (recommended) This uses a pre-shared key with the WPA2 standard.
Page 318 Chapter 34 Troubleshooting VSG1435-B101 Series User’s Guide...
Page 319: Product Specifications
WLAN/WPS Button If the wireless network is turned off, press the WLAN/WPS button on the front of the ZyXEL Device for two seconds. Once the WLAN/WPS LED turns green, the wireless network is active. While the WLAN/WPS LED is green press the WLAN/WPS button for five seconds and release it to enable WPS (Wi-Fi Protected Setup).
Page 320: Firmware Specifications
Configuration Backup Make a copy of the ZyXEL Device’s configuration. You can put it & Restoration back on the ZyXEL Device later if you decide to revert back to an earlier configuration. HomePNA (Home Extend your Internet connection to the coaxial outlets in your Phoneline house.
Page 321 (see RFC 2236). Time and Date Get the current time and date from an external server when you turn on your ZyXEL Device. You can also set the time manually. These dates and times are then used in logs. Logs Use logs for troubleshooting.
Page 322 Chapter 35 Product Specifications Table 113 Firmware Specifications (continued) VDSL Standards ITU-T G.993.1 VDSL Annex A (North American) Standard ITU G.993.2 (2/06) VDSL2 Annex A (North American) Standard • Corrigendum 1 (12/06) + Amendment 1 (4/07) + Amendment 1 Corrigendum 1 (7/07) •...
Page 323 Chapter 35 Product Specifications Table 113 Firmware Specifications (continued) ADSL Standards ADSL ITU-T G.992.1 (G.dmt), Annex A and ETSI TS 101 388 V1.3.1 (05/2002) 1TR112 (U-R2 Deutsche Telekom AG) Version 7.0 including support of Dying Gasp and report of Self-Test-Result (ATU-T Register#3) EOC as specified in ITU-T G.992.1 (G.dmt) Handshake ITU G.994.1 (G.hs)
Page 324 Chapter 35 Product Specifications The following list, which is not exhaustive, illustrates the standards supported in the ZyXEL Device. Table 114 Standards Supported STANDARD DESCRIPTION RFC 1058 RIP-1 (Routing Information Protocol) RFC 1112 IGMP v1 RFC 1305 Network Time Protocol (NTP version 3)
Page 325: Appendix A Setting Up Your Computer's Ip Address
"communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. VSG1435-B101 Series User’s Guide...
Page 326 Appendix A Setting up Your Computer’s IP Address Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. Figure 151 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks.
Page 327 Appendix A Setting up Your Computer’s IP Address Select Microsoft from the list of manufacturers. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: Click Add. Select Client and then click Add. Select Microsoft from the list of manufacturers.
Page 328 Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings Click Start and then Run.
Page 329 Appendix A Setting up Your Computer’s IP Address Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 154 Windows XP: Start Menu In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT).
Page 330 Appendix A Setting up Your Computer’s IP Address Right-click Local Area Connection and then click Properties. Figure 156 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 157 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 331 Appendix A Setting up Your Computer’s IP Address • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. •...
Page 332 Appendix A Setting up Your Computer’s IP Address • Click OK when finished. Figure 159 Windows XP: Advanced TCP/IP Properties In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 333: Windows Vista
Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.
Page 334 Appendix A Setting up Your Computer’s IP Address Click the Start icon, Control Panel. Figure 161 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 162 Windows Vista: Control Panel Click Network and Sharing Center. Figure 163 Windows Vista: Network And Internet VSG1435-B101 Series User’s Guide...
Page 335 Appendix A Setting up Your Computer’s IP Address Click Manage network connections. Figure 164 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 165 Windows Vista: Network and Sharing Center VSG1435-B101 Series User’s Guide...
Page 336 Appendix A Setting up Your Computer’s IP Address Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 166 Windows Vista: Local Area Connection Properties The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically.
Page 337 Appendix A Setting up Your Computer’s IP Address • Click Advanced. Figure 167 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 338 Appendix A Setting up Your Computer’s IP Address • Click OK when finished. Figure 168 Windows Vista: Advanced TCP/IP Properties In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 339 11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window. 13 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt.
Page 340 Appendix A Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 170 Macintosh OS 8/9: Apple Menu VSG1435-B101 Series User’s Guide...
Page 341 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration.
Page 342: Macintosh Os X
Appendix A Setting up Your Computer’s IP Address Macintosh OS X Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 172 Macintosh OS X: Apple Menu Click Network in the icon bar. • Select Automatic from the Location list. •...
Page 343 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. Click Apply Now and close the window.
Page 344 Appendix A Setting up Your Computer’s IP Address Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 175 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list.
Page 345 Appendix A Setting up Your Computer’s IP Address Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 177 Red Hat 9.0: KDE: Network Configuration: Activate After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.
Page 346 Appendix A Setting up Your Computer’s IP Address • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Page 347: Verifying Settings
Appendix A Setting up Your Computer’s IP Address Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 182 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1...
Page 348 Appendix A Setting up Your Computer’s IP Address VSG1435-B101 Series User’s Guide...
Page 349: Appendix B Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 350: Subnet Masks
Appendix B IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 183 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Page 351 Appendix B IP Addresses and Subnetting By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number part (the bits with a “1”...
Page 352 Appendix B IP Addresses and Subnetting Notation Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
Page 353 Appendix B IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 184 Subnetting Example: Before Subnetting You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).
Page 354 Appendix B IP Addresses and Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 355 Appendix B IP Addresses and Subnetting Table 121 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.129 192.168.1.128 Broadcast Address: Highest Host ID: 192.168.1.190 192.168.1.191 Table 122 Subnet 4...
Page 356 Appendix B IP Addresses and Subnetting Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 124 24-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.128 (/25)
Page 357 You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
Page 358 Appendix B IP Addresses and Subnetting VSG1435-B101 Series User’s Guide...
Page 359: Appendix C Pop-Up Windows, Javascripts And Java Permissions
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 360 Appendix C Pop-up Windows, JavaScripts and Java Permissions In Internet Explorer, select Tools, Internet Options, Privacy. Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 187 Internet Options: Privacy Click Apply to save this setting.
Page 361 Appendix C Pop-up Windows, JavaScripts and Java Permissions Select Settings…to open the Pop-up Blocker Settings screen. Figure 188 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. VSG1435-B101 Series User’s Guide...
Page 362 Appendix C Pop-up Windows, JavaScripts and Java Permissions Click Add to move the IP address to the list of Allowed sites. Figure 189 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 363 Appendix C Pop-up Windows, JavaScripts and Java Permissions In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 190 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default).
Page 364: Java Permissions
Appendix C Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 191 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM.
Page 365 Appendix C Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 192 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. VSG1435-B101 Series User’s Guide...
Page 366 Appendix C Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 193 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Page 367 Appendix C Pop-up Windows, JavaScripts and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 195 Mozilla Firefox Content Security VSG1435-B101 Series User’s Guide...
Page 368 Appendix C Pop-up Windows, JavaScripts and Java Permissions VSG1435-B101 Series User’s Guide...
Page 369: Appendix D Wireless Lans
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Page 370 Appendix D Wireless LANs with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. Figure 197 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network.
Page 371 Appendix D Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. Figure 198 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data.
Page 372 Appendix D Wireless LANs hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other.
Page 373: Fragmentation Threshold
Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity.
Page 374 Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional...
Page 375 Appendix D Wireless LANs • Authorization Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Page 376 Appendix D Wireless LANs EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication.
Page 377: Dynamic Wep Key Exchange
Appendix D Wireless LANs TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity.
Page 378: Wpa And Wpa2
Appendix D Wireless LANs WPA and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication.
Page 379 Appendix D Wireless LANs The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
Page 380 Appendix D Wireless LANs The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret.
Page 381: Security Parameters Summary
Appendix D Wireless LANs The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys.
Page 382: Antenna Characteristics
Appendix D Wireless LANs Table 129 Wireless Security Relational Matrix (continued) AUTHENTICATION METHOD/ KEY ENCRYPTIO ENTER IEEE 802.1X MANAGEMENT N METHOD MANUAL KEY PROTOCOL WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air.
Page 383: Types Of Antennas For Wlan
Appendix D Wireless LANs Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment.
Page 384 Appendix D Wireless LANs VSG1435-B101 Series User’s Guide...
Page 385: Appendix E Services
P P E N D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. •...
Page 386 A popular videoconferencing solution from White Pines Software. TCP/UDP 24032 TCP/UDP Domain Name Server, a service that matches web names (for instance www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation (IPSEC_TUNNEL) Security Protocol) tunneling protocol uses this service. FINGER...
Page 387 Appendix E Services Table 130 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION MSN Messenger 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDP The Network Basic Input/Output System is used for communication TCP/UDP between computers in a LAN. TCP/UDP TCP/UDP NEW-ICQ...
Page 388 Appendix E Services Table 130 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SFTP The Simple File Transfer Protocol is an old way of transferring files between computers. SMTP Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.
Page 389: Appendix F Open Software Announcements
CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM. IF YOU DO NOT AGREE TO THESE TERMS, THEN ZyXEL IS UNWILLING TO LICENSE THE SOFTWARE TO YOU, IN WHICH EVENT YOU SHOULD RETURN THE UNINSTALLED SOFTWARE AND PACKAGING TO THE PLACE FROM WHICH IT WAS ACQUIRED OR ZyXEL, AND YOUR MONEY WILL BE REFUNDED.
Page 390 Software as long as this License Agreement remains in full force and effect. Ownership of the Software, Documentation and all intellectual property rights therein shall remain at all times with ZyXEL. Any other use of the Software by any other entity is strictly forbidden and is a violation of this License Agreement.
Page 391 SOFTWARE, AND NO WARRANTIES SHALL APPLY AFTER THAT PERIOD. 7.Limitation of Liability IN NO EVENT WILL ZyXEL BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, INDIRECT, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES FOR LOSS OF...
Page 392 Software and Documentation in your possession or under your control. ZyXEL may terminate this License Agreement for any reason, including, but not limited to, if ZyXEL finds that you have violated any of the terms of this License Agreement. Upon notification of termination, you agree to destroy or return to ZyXEL all copies of the Software and Documentation and to certify in writing that all known copies, including backup copies, have been destroyed.
Page 393 For at least three (3) years from the date of distribution of the applicable product or software, we will give to anyone who contacts us at the ZyXEL Technical Support (support@zyxel.com.tw), for a charge of no more than our cost of physically performing source code distribution, a...
Page 394 Appendix F Open Software Announcements Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.
Page 395 Appendix F Open Software Announcements TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
Page 396 Appendix F Open Software Announcements These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works.
Page 397 Appendix F Open Software Announcements 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License.
Page 398 Appendix F Open Software Announcements places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9.
Page 399 Appendix F Open Software Announcements END OF TERMS AND CONDITIONS All other trademarks or trade names mentioned herein, if any, are the property of their respective owners. This Product includes ppp software under below license This directory contains source code and precompiled binaries for ppp-2.4, a package which implements the Point-to-Point Protocol (PPP) to provide Internet connections over serial lines.
Page 400 Appendix F Open Software Announcements FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Page 401: Appendix G Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice.
Page 402 Appendix G Legal Information • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 403: Zyxel Limited Warranty
Canada. Viewing Certifications Go to http://www.zyxel.com. Select your product on the ZyXEL home page to go to that product's page. Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Page 404 (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
Page 405: Index
Index Index Basic Service Set, See BSS Basic Service Set, see BSS blinking LEDs ACL rule broadcast activation 121, 369 example firewalls SIP ALG SSID Address Resolution Protocol administrator password ADSL 237, 376 compliance Canonical Format Indicator See CFI dual latency certificate multi-mode details...
Page 406 Index firewalls reset restoring EAP Authentication static route 153, 200, 289 ECHO copyright e-mail log example CoS technologies encapsulation 79, 262 creating certificates PPPoA CTS (Clear to Send) PPPoE CTS threshold encryption 114, 117 120, 378 Extended Service Set IDentification 98, 106 Extended Service Set, See ESS data fragment threshold...
Page 407 Index Internet Protocol Security, see IPSec IP address 80, 91, 132, 148 ping hidden node private HTTP IP alias humidity NAT applications IP multicasting IP Sec IPSec algorithms IANA architecture Internet Assigned Numbers Authority see IANA see also VPN IBSS ID type and content IEEE 802.11g IEEE 802.1Q...
Page 408 Index MTU (Multi-Tenant Unit) multicast IGMP Pairwise Master Key (PMK) 378, 381 Multiple BSS, see MBSSID passwords 35, 36 multiplexing LLC-based VC-based Per-Hop Behavior, see PHB PIN, WPS example Ping of Death 179, 180, 181, 191, 192, 357 Point-to-Point Protocol over Ethernet applications Point-to-Point Tunneling Protocol IP alias...
Page 409 Index Quality of Service, see QoS firewalls static route 153, 200, 289 shaping traffic Single Rate Three Color Marker, see srTCM SIP ALG activation RADIUS SMTP message types SNMP messages 194, 323 shared secret key SNMP trap RADIUS server 220, 257 registration srTCM product...
Page 410 Index VDSL band plans Tag Control Information See TCI HDLC Tag Protocol Identifier See TPID temperature profiles thresholds data fragment SNRM 114, 117 RTS/CTS 114, 117 time tone spacing TPS-TC TPID US0 types TR-064 TR-069 Virtual Local Area Network See VLAN ACS setup authentication Virtual Private Network, see VPN...
Page 411 Index note WLAN interference 111, 123 security parameters compatibility example 120, 378 key caching web configurator pre-authentication login user authentication passwords 35, 36 vs WPA-PSK wireless client supplicant WEP Encryption 101, 102 with RADIUS application example WEP encryption WPA2 WEP key user authentication Wide Area Network, see WAN vs WPA2-PSK...
Page 412 Index VSG1435-B101 Series User’s Guide...

This manual is also suitable for:

Vsg1435-b101 series

ZyXEL Communications VSG1435-B101 - V1.10 Manual

About this User's Guide

Document Conventions

Safety Warnings

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Introducing the VSG1435-B101

Chapter 2 The Web Configurator

Chapter 3 Quick Start

Chapter 4 Tutorials

Technical Reference

Part II: Technical Reference

Chapter 5 Network Map and Status Screens

Chapter 6 Broadband

Chapter 7 Wireless

Chapter 8 Home Networking

Chapter 9 Static Routing

Chapter 10 Quality of Service (Qos)

Chapter 11 Policy Forwarding

Chapter 12 Network Address Translation (NAT)

Chapter 13 Dynamic DNS Setup

Chapter 14 IGMP

Chapter 15 Interface Group

Chapter 16 Firewall

Chapter 17 MAC Filter

Chapter 18 Parental Control

Chapter 19 Scheduler Rules

Chapter 20 Certificates

Chapter 21 Ipsec

Chapter 22 Service Control

Chapter 23 ARP Table

Chapter 24 Logs

Chapter 25 Traffic Status

Chapter 26 IGMP Status

Chapter 27 Users Configuration

Chapter 28 Remote Management

Chapter 29 Time Settings

Chapter 30 Logs Setting

Chapter 31 Firmware Upgrade

Chapter 32 Configuration

Chapter 33 Diagnostic

Chapter 34 Troubleshooting

Quick Links

Related Manuals for ZyXEL Communications VSG1435-B101 - V1.10

Summary of Contents for ZyXEL Communications VSG1435-B101 - V1.10