Page 1 P-2612HW-F1 802.11g Wireless ADSL VoIP IAD Default Login Details IP Address http://192.168.1.1 User Login User Name: user Password: user Administrator User Name: admin Login Password: 1234 Firmware Version 3.70 Edition 2, 12/2009 www.zyxel.com www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw P-2612HW-F1 User’s Guide...
Page 4 Please have the following information ready when you contact an office. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it. P-2612HW-F1 User’s Guide...
Page 5: Document Conventions
Syntax Conventions • The P-2612HW-F1 may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 6 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router P-2612HW-F1 User’s Guide...
Page 7: Safety Warnings
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. P-2612HW-F1 User’s Guide...
Page 8 Safety Warnings P-2612HW-F1 User’s Guide...
Page 9: Table Of Contents
UPnP ............................371 Maintenance, Troubleshooting and Specifications ............385 System ............................. 387 Logs ............................393 Call History ..........................409 Tools ............................415 Diagnostic ..........................435 Troubleshooting ........................439 Product Specifications ......................447 Appendices and Index ......................459 P-2612HW-F1 User’s Guide...
Page 10 Contents Overview P-2612HW-F1 User’s Guide...
Page 11: Table Of Contents
2.2.1 Title Bar ........................33 2.2.2 Navigation Panel ......................34 2.2.3 Main Window ......................38 2.2.4 Status Bar ........................38 Chapter 3 Wizards ............................ 39 3.1 Overview ..........................39 3.2 VoIP Setup Wizard ......................39 3.2.1 SIP Settings ....................... 40 P-2612HW-F1 User’s Guide...
Page 12 6.1.1 What You Can Do in the WAN Screens ..............97 6.1.2 What You Need to Know About WAN ................ 98 6.1.3 Before You Begin ....................... 98 6.2 The Internet Access Setup Screen ..................98 6.2.1 DSL Mode ........................99 P-2612HW-F1 User’s Guide...
Page 13 8.1 Overview ..........................139 8.1.1 What You Can Do in the Wireless LAN Screens ............139 8.1.2 What You Need to Know About Wireless ..............140 8.1.3 Before You Start ....................... 142 8.2 AP Screen ........................142 P-2612HW-F1 User’s Guide...
Page 14 9.5.4 NAT Application ......................184 9.5.5 NAT Mapping Types ....................184 Chapter 10 Voice............................187 10.1 Overview .......................... 187 10.1.1 What You Can Do in the VoIP Screens ..............187 10.1.2 What You Need to Know About VoIP ..............188 P-2612HW-F1 User’s Guide...
Page 15 12.1.2 What You Need to Know About Firewall ..............232 12.1.3 Firewall Rule Setup Example ................. 232 12.2 The Firewall General Screen ................... 236 12.3 The Firewall Rule Screen ....................238 12.3.1 Configuring Firewall Rules ..................239 12.3.2 Customized Services .................... 242 P-2612HW-F1 User’s Guide...
Page 16 14.9.1 IPSec Architecture ....................280 14.9.2 IPSec and NAT ....................... 280 14.9.3 VPN, NAT, and NAT Traversal ................281 14.9.4 Encapsulation ......................283 14.9.5 IKE Phases ......................284 14.9.6 Negotiation Mode ....................285 14.9.7 Keep Alive ......................285 P-2612HW-F1 User’s Guide...
Page 17 17.1.2 What You Need to Know About 802.1Q/1P ............327 17.1.3 802.1Q/1P Example ....................329 17.2 The 802.1Q/1P Group Setting Screen ................334 17.2.1 Editing 802.1Q/1P Group Setting ................336 17.3 The 802.1Q/1P Port Setting Screen ................337 Chapter 18 Quality of Service (QoS)....................... 339 P-2612HW-F1 User’s Guide...
Page 18 21.1.1 What You Can Do in the UPnP Screen ..............371 21.1.2 What You Need to Know About UPnP ..............371 21.2 The UPnP Screen ......................373 21.3 Installing UPnP in Windows Example ................374 21.4 Using UPnP in Windows XP Example ................377 P-2612HW-F1 User’s Guide...
Page 19 25.3.1 Reset to Factory Defaults ..................427 25.4 Restart ..........................428 25.5 Using FTP or TFTP to Back Up Configuration ..............428 25.5.1 Using the FTP Commands to Back Up Configuration ..........428 25.5.2 FTP Command Configuration Backup Example ........... 429 P-2612HW-F1 User’s Guide...
Page 20 Appendix A Setting Up Your Computer’s IP Address ............461 Appendix B Pop-up Windows, JavaScripts and Java Permissions ........487 Appendix C IP Addresses and Subnetting ................497 Appendix D Wireless LANs ....................509 Appendix E Common Services..................... 533 P-2612HW-F1 User’s Guide...
Page 21 Table of Contents Appendix F Legal Information ....................537 Index............................541 P-2612HW-F1 User’s Guide...
Page 22 Table of Contents P-2612HW-F1 User’s Guide...
Page 23: Introduction
Introduction Introduction (25) The Web Configurator (31) Wizards (39) Tutorial (45)
Page 25: Introduction
Introduction 1.1 Overview The P-2612HW-F1 is an Integrated Access Device (IAD) that combines an ADSL2+ router with Voice over IP (VoIP) communication capabilities to allow you to use a traditional analog telephone to make Internet calls. By integrating DSL and NAT, you are provided with ease of installation and high-speed, shared Internet access.
Page 26 Use QoS to efficiently manage traffic on your network by giving priority to certain types of traffic and/or to particular computers. For example, you could make sure that the ZyXEL Device gives voice over Internet calls high priority, and/or limit bandwidth devoted to the boss’s excessive file downloading. P-2612HW-F1 User’s Guide...
Page 27: Voip Features
User’s Guide. • SPTGEN. SPTGEN is a text configuration file that allows you to configure the device by uploading an SPTGEN file. This is especially convenient if you need to configure many devices of the same type. P-2612HW-F1 User’s Guide...
Page 28: Good Habits For Managing The Zyxel Device
The ZyXEL Device has an Ethernet connection with a device on the Local Area Network (LAN). Blinking The ZyXEL Device is sending/receiving data to /from the LAN. The ZyXEL Device does not have an Ethernet connection with the LAN. P-2612HW-F1 User’s Guide...
Page 29 A telephone connected to the phone port has its receiver off of the hook and there is a voice message in the corresponding SIP account. The phone port does not have a SIP account registered. Refer to the Quick Start Guide for information on hardware connections. P-2612HW-F1 User’s Guide...
Page 30: The Reset Button
• Press the WLAN button for one second and release it. The WLAN LED should change from on to off or vice versa. • Press the WLAN button for five seconds to turn on WPS. See Section 8.9.5.1 on page 163 for more on using WPS to configure your wireless clients. P-2612HW-F1 User’s Guide...
Page 31: The Web Configurator
Internet Explorer. 2.1.1 Accessing the Web Configurator Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). Launch your web browser. Type "192.168.1.1" as the URL. P-2612HW-F1 User’s Guide...
Page 32 If you have changed the password, enter your password and click Login. Figure 4 Password Screen Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. P-2612HW-F1 User’s Guide...
Page 33: Main Screen
• A - title bar • B - navigation panel • C - main window • D - status bar 2.2.1 Title Bar The title bar allows you to change the language and provides some icons in the upper right corner. P-2612HW-F1 User’s Guide...
Page 34: Navigation Panel
Client List Use this screen to view current DHCP client information and to always assign specific IP addresses to individual MAC addresses (and host names). IP Alias Use this screen to partition your LAN interface into subnets. P-2612HW-F1 User’s Guide...
Page 35 Incoming Call Use this screen to configure call-forwarding. Policy SIP Prefix Use this screen to set up numbers you dial on your phone to specify which SIP account you want to use for a call. Security P-2612HW-F1 User’s Guide...
Page 36 WAN. Class Setup Use this screen to define a classifier. Monitor Use this screen to view each queue’s statistics. Dynamic DNS This screen allows you to use a static hostname alias for a dynamic IP address. P-2612HW-F1 User’s Guide...
Page 37 Use this screen to backup and restore your device’s configuration (settings) or reset the factory default settings. Restart This screen allows you to reboot the ZyXEL Device without turning the power off. Diagnostic General Use this screen to test the connections to other devices. P-2612HW-F1 User’s Guide...
Page 38: Main Window
Right after you log in, the Status screen is displayed. See Chapter 5 on page 87 for more information about the Status screen. 2.2.4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated. P-2612HW-F1 User’s Guide...
Page 39: Wizards
VoIP service provider (the company that lets you make phone calls over the Internet) did not provide any information. See Chapter 10 on page 187 Chapter 11 on page 223 for more information. Note: You must have a SIP account before you can use this wizard. P-2612HW-F1 User’s Guide...
Page 40: Sip Settings
127 printable ASCII Extended set characters. Authentication User Name Enter the user name for registering this SIP account, exactly as it was given to you. You can use up to 95 printable ASCII characters. P-2612HW-F1 User’s Guide...
Page 41: Registration Complete
Click this to close this screen and return to the main screen. 3.2.2 Registration Complete This screen depends on whether or not the ZyXEL Device successfully registered your SIP account(s). Figure 7 VoIP Setup Wizard > Registration Complete (Success) P-2612HW-F1 User’s Guide...
Page 42 Figure 8 VoIP Setup Wizard > Registration Complete (Fail) The following table describes the labels in this screen. Table 6 VoIP Setup Wizard > Registration Complete (Fail) LABEL DESCRIPTION < Back Click this to go to the previous screen. P-2612HW-F1 User’s Guide...
Page 43 Click this if you want the ZyXEL Device to try to register your SIP account(s) again. Exit Click this to close this screen and return to the main screen. The ZyXEL Device saves the information you provided. P-2612HW-F1 User’s Guide...
Page 44 Chapter 3 Wizards P-2612HW-F1 User’s Guide...
Page 45: Tutorial
An access point (AP) or wireless router is referred to as the “AP” and a computer with a wireless network card or USB adapter is referred to as the “wireless client” here. The M-302 utility screens are used here as an example. The screens may vary slightly for different models. P-2612HW-F1 User’s Guide...
Page 46: Configuring The Ap
Make sure Active Wireless LAN is selected. Enter “SSID_Example3” as the SSID and select a channel which is not used by another AP. Set security mode to WPA-PSK and enter “ThisismyWPA-PSKpre-sharedkey” in the Pre-Shared Key field. Click Apply. P-2612HW-F1 User’s Guide...
Page 47 Figure 10 AP: Wireless LAN > AP > Advanced Setup Open the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status. Figure 11 AP: Status P-2612HW-F1 User’s Guide...
Page 48: Configuring The Wireless Client
IDentity (SSID) and WPA-PSK pre-shared key. In this example, the SSID is “SSID_Example3” and the pre-shared key is “ThisismyWPA-PSKpre-sharedkey”. After you install the ZyXEL utility and then insert the wireless client, follow the steps below to connect to a network using the Site Survey screen. P-2612HW-F1 User’s Guide...
Page 49 Use the Next button to move on to the next screen. You can use the Back button at any time to return to the previous screen, or the Exit button to return to the Site Survey screen. Figure 14 ZyXEL Utility: Security Settings P-2612HW-F1 User’s Guide...
Page 50 If you are able to access the web site, your wireless connection is successfully configured. If you cannot access the web site, try changing the encryption type in the Security Settings screen, check the Troubleshooting section of this User's Guide or contact your network administrator. P-2612HW-F1 User’s Guide...
Page 51 Figure 18 ZyXEL Utility: Add New Profile Give the profile a descriptive name (of up to 32 printable ASCII characters). Select Infrastructure and either manually enter or select the AP's SSID in the Scan Info table and click Select. P-2612HW-F1 User’s Guide...
Page 52 This screen varies depending on the encryption method you selected in the previous screen. Enter the pre-shared key and leave the encryption type at the default setting. Figure 20 ZyXEL Utility: Profile Encryption In the next screen, leave both boxes selected. Figure 21 Profile: Wireless Protocol Settings. P-2612HW-F1 User’s Guide...
Page 53 11 If you cannot access the Internet go back to the Profile screen, select the profile you are using and click Edit. Check the details you entered previously. Also, refer to the Troubleshooting section of this User's Guide or contact your network administrator if necessary. P-2612HW-F1 User’s Guide...
Page 54: Using Nat With Multiple Public Ip Addresses
192.168.1.12 <---> 1.2.3.5 (1-1) 192.168.1.39 192.168.1.13 <---> 1.2.3.6 (1-1) Other outgoing LAN traffic ---> 1.2.3.4 (M-1) Incoming traffic <--- 1.2.3.4 (Server) Internet 1.2.3.4 192.168.1.39 1.2.3.5 192.168.1.1 1.2.3.6 1.2.3.7 Mail 192.168.1.12 192.168.1.13 To set up this network, we are going to: P-2612HW-F1 User’s Guide...
Page 55: Configuring The Wan Connection With A Static Ip Address
DNS Server 1.2.1.1 1.2.1.2 Follow the steps below to configure your ZyXEL Device for Internet access using PPPoE in this example. Figure 25 Tutorial Example: WAN Connection with a Static Public IP Address Internet 192.168.1.1 1.2.3.4 P-2612HW-F1 User’s Guide...
Page 56 IP address (“1.2.3.4” in this example). Configure the IP address of the DNS server the ZyXEL Device can query to resolve domain names. Select UserDefined and enter the first and second DNS server’s IP addresses given by your ISP. P-2612HW-F1 User’s Guide...
Page 57 Chapter 4 Tutorials Click Apply to save your changes. Figure 26 Tutorial Example: WAN Screen P-2612HW-F1 User’s Guide...
Page 58: Public Ip Address Mapping
In this example, you create two one-to-one rules to map the internal web server (192.168.1.12) and mail server (192.168.1.13) to different static public IP addresses. The many-to-one rule maps a public IP address (1.2.3.4, that is, the ZyXEL Device’s WAN IP address) to outgoing LAN traffic. It allows other local P-2612HW-F1 User’s Guide...
Page 59 IP addresses. Click Apply. Note: The Port Forwarding tab changes dynamically to Address Mapping as soon as you select the Full Feature option. Figure 29 Tutorial Example: NAT > NAT Overview Click the Address Mapping tab. P-2612HW-F1 User’s Guide...
Page 60 Select the One-to-One type and enter 192.168.1.12 as the local start IP address and 1.2.3.5 as the global start IP address. Click Apply. Figure 31 Tutorial Example: NAT Address Mapping Edit: One-to-One (1) Click the second rule’s Edit icon. P-2612HW-F1 User’s Guide...
Page 61 Select the Many-to-One type and enter 192.168.1.1 as the local start IP address, 192.168.1.254 as the local end IP address and 1.2.3.4 as the global start IP address. Click Apply. Figure 33 Tutorial Example: NAT Address Mapping Edit: Many-to-One P-2612HW-F1 User’s Guide...
Page 62: Forwarding Traffic From The Wan To A Local Computer
In this example, you want to forward FTP traffic using port 21 to the computer with the IP address of 192.168.1.39. Figure 35 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer Mapping rules: Incoming traffic <--- 1.2.3.4 (Server) 192.168.1.39 Internet 1.2.3.4 192.168.1.39 1.2.3.5 1.2.3.6 1.2.3.7 Mail 192.168.1.12 192.168.1.13 P-2612HW-F1 User’s Guide...
Page 63: Allow Wan-To-Lan Traffic Through The Firewall
LAN, you need to configure a firewall rule to allow it. In this example, you create the firewall rules to allow traffic from the WAN to the following servers on the LAN: • Web server P-2612HW-F1 User’s Guide...
Page 64 Internet 192.168.1.39 Mail 192.168.1.12 192.168.1.13 Click Security > Firewall. Make sure the firewall is enabled and traffic from the WAN to the LAN is dropped. Figure 39 Tutorial Example: Firewall > General Go to the Rules screen. P-2612HW-F1 User’s Guide...
Page 65 Select Any in the Destination Address List box and click Delete. Select Single Address as the destination address type. Enter “192.168.1.12” and click Add >>. Figure 41 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server P-2612HW-F1 User’s Guide...
Page 66 Select Any(All) in the Available Services box on the left, and click Add >> to add it to the Selected Services box on the right. Click Apply. Figure 42 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server P-2612HW-F1 User’s Guide...
Page 67 Select Any in the Destination Address List box and click Delete. Select Single Address as the destination address type. Enter “192.168.1.13” and click Add. Figure 43 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server P-2612HW-F1 User’s Guide...
Page 68 Select Any(All) in the Available Services box on the left, and click Add >> to add it to the Selected Services box on the right. Click Apply. Figure 44 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Mail Server P-2612HW-F1 User’s Guide...
Page 69 Select Any in the Destination Address List box and click Delete. Select Single Address as the destination address type. Enter “192.168.1.39” and click Add. Figure 45 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for FTP Server P-2612HW-F1 User’s Guide...
Page 70 >> to add it to the Selected Services box on the right. Click Apply. Figure 46 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server 11 When you are done, the Rules screen looks as shown. Figure 47 Tutorial Example: Firewall Rules Done P-2612HW-F1 User’s Guide...
Page 71: Testing The Connections
(192.168.1.12) and web server (192.168.1.13) respectively. The first and second public IP addresses are mapped to other outgoing LAN traffic. See Section 4.3.3 on page 58 for more information about IP address mapping. P-2612HW-F1 User’s Guide...
Page 72: How To Make A Voip Call
To use a registered SIP account, you should have applied for a SIP account with the VoIP service provider. 4.5.1.1 SIP Account Registration Follow the steps below to register and activate your SIP account. Make sure your ZyXEL Device is connected to the Internet. Open the web configurator. P-2612HW-F1 User’s Guide...
Page 73 (connected to the first phone port) use the registered SIP1 account to make outgoing calls. Select the SIP1 check box in the Incoming Call apply to section to have the phone (connected to the first phone port) receive phone calls for the SIP1 account. P-2612HW-F1 User’s Guide...
Page 74: How To Configure Vlan
VLAN membership of a frame; they are not confined to the switch on which they were created. The VLAN ID associates a frame with a specific VLAN and provides the information that switches need to process the frame across the network. P-2612HW-F1 User’s Guide...
Page 75 VLANs, traffic from any one of the three server types gets distributed evenly to all attached devices; this not causes significant problems with the devices that receive the unwanted traffic, it also eats up all your bandwidth. Note: This tutorial requires that the ZyXEL Device is set to WAN Mode. P-2612HW-F1 User’s Guide...
Page 76: Setting Up Your Connections
Note: This connection is not explictly labeled Connection 1 as the ZyXEL Device gives it a default name of ‘Internet Connection’ in the Web Configurator. You will be able to label subsequent connections, however. Click Apply to save your changes. P-2612HW-F1 User’s Guide...
Page 77 • Set the Mode to ‘Routing’ • Set the Encapsulation to ‘ENET ENCAP’. • Assign a VLAN ID of ‘20’. • Enable VLAN Tagging. • The other settings on this screen should be provided by your ISP. P-2612HW-F1 User’s Guide...
Page 78 • Select Active. • Enter a Name for the connection, in this case ‘connection3’. • Set the Mode to ‘Routing’ • Set the Encapsulation to ‘ENET ENCAP’. • Assign a VLAN ID of 30. Enable VLAN Tagging. P-2612HW-F1 User’s Guide...
Page 79: Configuring 802.1Q/P
LAN ID also known as VLAN ID or VID. This portion of the tutorial shows you how to assign VIDs to the different connections you created in the previous section and then turn them into virtual LANs. Open the Advanced > 802.1Q/1P screen. P-2612HW-F1 User’s Guide...
Page 80 • Enter that connection’s VLAN ID, which you previously configured as ‘10’ in Section 4.6.1 on page • Set the Default Gateway to PVC1. • Set LAN1 and SSID1 to Fixed. • And finally, enable TX Tagging for SSID1. After you are finished, click Apply to save your settings. P-2612HW-F1 User’s Guide...
Page 81 • Set the Default Gateway to PVC2. • Set LAN2 to Fixed. • Set both SIP1 and SIP2 to Fixed. • Set PVC2 to Fixed and enable TX Tagging for it. After you are finished, click Apply to save your settings. P-2612HW-F1 User’s Guide...
Page 82 Section 4.6.1 on page • Set the Default Gateway to PVC3. • Set LAN3 and LAN4 to Fixed. • Set PVC3 to Fixed and enable TX Tagging for it. After you are finished, click Apply to save your settings. P-2612HW-F1 User’s Guide...
Page 83 Chapter 4 Tutorials The final Advanced > 802.1Q/P screen should look something like this: P-2612HW-F1 User’s Guide...
Page 84 Chapter 4 Tutorials P-2612HW-F1 User’s Guide...
Page 85: Advanced
Advanced Status Screens (87) WAN Setup (97) LAN Setup (123) Wireless LAN (139) NAT (171) Voice (187) Phone Usage (223) Firewall (231) Content Filtering (253) VPN (259) Certificates (293) Static Route (323) 802.1Q/1P (327) Quality of Service (QoS) (339) Dynamic DNS Setup (355) Remote Management (359) UPnP (371)
Page 87: Status Screens
Any IP and DHCP and statistics from VoIP, and traffic. 5.1 Status Screen Click Status to open this screen. The screen varies slightly depending on the WAN mode you set using the DSL/WAN switch. Figure 52 Status Screen (ADSL WAN mode) P-2612HW-F1 User’s Guide...
Page 88 You can change this in the Maintenance > System > General screen’s System Name field. Model This is the model name of your device. Number This is the MAC (Media Access Control) or Ethernet address unique to Address your ZyXEL Device. P-2612HW-F1 User’s Guide...
Page 89 This displays the type of security mode the ZyXEL Device is using in the wireless LAN. This displays the status of WPS (Wi-Fi Protected Setup). Click this to go to the screen where you can change it. P-2612HW-F1 User’s Guide...
Page 90 For the LAN interface, this field displays Up when the ZyXEL Device is using the interface and Down when the ZyXEL Device is not using the interface. For the WLAN interface, it displays Active when WLAN is enabled or InActive when WLAN is disabled. P-2612HW-F1 User’s Guide...
Page 91 SIP account when you turn on the ZyXEL Device or when you activate it. This field displays the account number and service domain of the SIP account. You can change these in VoIP > SIP > SIP Settings. P-2612HW-F1 User’s Guide...
Page 92: Any Ip Table
Click this to update this screen. 5.3 WLAN Status Click Status > WLAN Status to access this screen. Use this screen to view the wireless stations that are currently associated to the ZyXEL Device. Figure 55 WLAN Status P-2612HW-F1 User’s Guide...
Page 93: Packet Statistics
Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. The screen varies slightly depending on the WAN mode you set using the DSL/WAN switch. Figure 56 Packet Statistics P-2612HW-F1 User’s Guide...
Page 94 Type the time interval for the browser to refresh system statistics. Set Interval Click this to apply the new poll interval you entered in the Poll Interval field above. Stop Click this button to halt the refreshing of the system statistics. P-2612HW-F1 User’s Guide...
Page 95: Voip Statistics
This field indicates whether or not there are any messages waiting for Waiting the SIP account. Last Incoming This field displays the last number that called the SIP account. It Number displays N/A if no number has ever dialed the SIP account. P-2612HW-F1 User’s Guide...
Page 96 Set Interval. Set Interval Click this to make the ZyXEL Device update the screen based on the amount of time you specified in Poll Interval. Stop Click this to make the ZyXEL Device stop updating the screen. P-2612HW-F1 User’s Guide...
Page 97: Wan Setup
107) to set up additional Internet access connections. • Use the WAN Backup Setup screen (Section 6.4 on page 114) to set up a backup gateway that helps forward traffic to its destination when the default WAN connection is down. P-2612HW-F1 User’s Guide...
Page 98: What You Need To Know About Wan
Get this information from your ISP. 6.2 The Internet Access Setup Screen Use this screen to change your ZyXEL Device’s WAN settings. Click Network > WAN > Internet Access Setup. The screen differs by the WAN mode and encapsulation you select. P-2612HW-F1 User’s Guide...
Page 99: Dsl Mode
6.2.1 DSL Mode This screen is only visible when the ZyXEL Device is switched to DSL mode. See the Quick Start Guide for more information on the DSL/WAN hardware switch. Figure 59 Network > WAN > Internet Access Setup P-2612HW-F1 User’s Guide...
Page 100 ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address; otherwise select Static IP Address and type your ISP assigned IP address in the IP Address field below. P-2612HW-F1 User’s Guide...
Page 101 Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click this button to display the Advanced Internet Access Setup screen and edit more details of your WAN setup. P-2612HW-F1 User’s Guide...
Page 102 Select the RIP direction from None, Both, In Only and Out Only. RIP Version This field is not configurable if you select None in the RIP Direction field. Select the RIP version from RIP-1, RIP-2B and RIP-2M. P-2612HW-F1 User’s Guide...
Page 103 For PPPoE, the MTU value is 1492. For PPPoA and RFC 1483, the MTU is 65535. Back Click Back to return to the previous screen. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW-F1 User’s Guide...
Page 104: Wan Mode
Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly. Note: If you select Bridge, you cannot use Firewall, DHCP server and NAT on the ZyXEL Device. P-2612HW-F1 User’s Guide...
Page 105 ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on (PPPoE encapsulation only.) Demand Select this option when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field. P-2612HW-F1 User’s Guide...
Page 106: Advanced Internet Access Setup (Wan Mode)
RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet. Select the RIP direction from None, Both, In Only and Out Only. P-2612HW-F1 User’s Guide...
Page 107: The More Connections Screen
The ZyXEL Device allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network > WAN > More Connections. The screen differs by the encapsulation you select. When you use the WAN > Internet Access Setup screen to set up Internet P-2612HW-F1 User’s Guide...
Page 108 Internet access setup. Click the Remove icon to delete the Internet access setup from your connection list. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW-F1 User’s Guide...
Page 109: More Connections Edit
Table 17 Network > WAN > More Connections: Edit LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII characters for this connection. P-2612HW-F1 User’s Guide...
Page 110 If you use RFC 1483, enter the IP address given by your ISP in the IP Address field. Subnet Mask Enter a subnet mask in dotted decimal notation. Gateway IP address Specify a gateway IP address (supplied by your ISP). P-2612HW-F1 User’s Guide...
Page 111 Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click this button to display the More Connections Advanced Setup screen and edit more details of your WAN setup. P-2612HW-F1 User’s Guide...
Page 112: Configuring More Connections Advanced Setup
Select VBR-RT (real-time Variable Bit Rate) type for applications with bursty connections that require closely controlled delay and delay variation. Select VBR-nRT (non real-time Variable Bit Rate) type for connections that do not require closely controlled delay and delay variation. P-2612HW-F1 User’s Guide...
Page 113 For PPPoE, the MTU value is 1492. For PPPoA and RFC 1483, the MTU is 65535. Back Click Back to return to the previous screen. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW-F1 User’s Guide...
Page 114: The Wan Backup Setup Screen
Type the number of times (2 recommended) that your ZyXEL Device may ping the IP addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection). P-2612HW-F1 User’s Guide...
Page 115: Wan Technical Reference
6.5 WAN Technical Reference This section provides some technical background information about the topics covered in this chapter. 6.5.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods. P-2612HW-F1 User’s Guide...
Page 116 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual P-2612HW-F1 User’s Guide...
Page 117: Multiplexing
If you have a dynamic IP, then the IP Address and Gateway IP Address fields are not applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and not the Gateway IP Address field. P-2612HW-F1 User’s Guide...
Page 118: Nailed-Up Connection (Ppp)
"1" and the traffic-redirect route has a metric of "2", then the normal route acts as the primary default route. If the normal route fails to connect to the Internet, the ZyXEL Device tries the traffic- redirect route next. P-2612HW-F1 User’s Guide...
Page 119: Traffic Shaping
The following figure illustrates the relationship between PCR, SCR and MBS. Figure 67 Example of Traffic Shaping 6.5.8.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. P-2612HW-F1 User’s Guide...
Page 120 Unspecified Bit Rate (UBR) The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An example application is background file transfer. P-2612HW-F1 User’s Guide...
Page 121: Traffic Redirect
(Subnet 2). Configure filters that allow packets from the protected LAN (Subnet 1) to the backup gateway (Subnet 2). Figure 69 Traffic Redirect LAN Setup Subnet 1 192.168.1.0 - 192.168.1.24 Internet Backup Gateway Subnet 2 192.168.2.0 - 192.168.2.24 P-2612HW-F1 User’s Guide...
Page 122 Chapter 6 WAN Setup P-2612HW-F1 User’s Guide...
Page 123: Lan Setup
(Section 7.3 on page 128) to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. • Use the IP Alias screen (Section 7.4 on page 130) to change your ZyXEL Device’s IP alias settings. P-2612HW-F1 User’s Guide...
Page 124: What You Need To Know About Lan
Multicast group - it is not used to carry user data. There are two versions 1 and 2. IGMP version 2 is an improvement over version 1 but IGMP version 1 is still in wide use. P-2612HW-F1 User’s Guide...
Page 125: Before You Begin
Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default). Your ZyXEL Device automatically computes the subnet mask based on the IP address you enter, so do not change this field unless you are instructed to do so. P-2612HW-F1 User’s Guide...
Page 126 DNS server addresses manually configured. If you do not configure a DNS server, you must know the IP address of a computer in order to access it. Apply Click Apply to save your changes back to the ZyXEL Device. P-2612HW-F1 User’s Guide...
Page 127: The Advanced Lan Setup Screen
Select the RIP version from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it. P-2612HW-F1 User’s Guide...
Page 128: The Lan Client List Screen
Use this table to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. P-2612HW-F1 User’s Guide...
Page 129 Click the modify icon to have the IP address field editable and change Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Refresh Click Refresh to reload the DHCP table. P-2612HW-F1 User’s Guide...
Page 130: The Lan Ip Alias Screen
Note: Make sure that the subnets of the logical networks do not overlap. Click Network > LAN > IP Alias to open the following screen. Use this screen to change your ZyXEL Device’s IP alias settings. Figure 74 Network > LAN > IP Alias P-2612HW-F1 User’s Guide...
Page 131: Lan Technical Reference
Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 7.5 LAN Technical Reference This section provides some technical background information about the topics covered in this chapter. P-2612HW-F1 User’s Guide...
Page 132: Lans, Wans And The Zyxel Device
IP address of a computer before you can access it. The DNS server addresses you enter when you set up DHCP are passed to the client machines along with the assigned IP address and subnet mask. There are two ways that an ISP disseminates the DNS server addresses. P-2612HW-F1 User’s Guide...
Page 133: Tcp/Ip
Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network. P-2612HW-F1 User’s Guide...
Page 134: Rip Setup
• In Only - the ZyXEL Device will not send any RIP packets but will accept all RIP packets received. • Out Only - the ZyXEL Device will send out RIP packets but will not accept any RIP packets received. P-2612HW-F1 User’s Guide...
Page 135: Multicast
ZyXEL Device to be in the same subnet to allow the computer to access the Internet (through the ZyXEL Device). In cases where your computer is required to use a static IP address in another network, you may need to manually P-2612HW-F1 User’s Guide...
Page 136 (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the ZyXEL Device) to decide which hop to use, to help forward data along to its specified destination. P-2612HW-F1 User’s Guide...
Page 137 IP routing table so it can properly forward packets intended for the computer. After all the routing information is updated, the computer can access the ZyXEL Device and the Internet as if it is in the same subnet as the ZyXEL Device. P-2612HW-F1 User’s Guide...
Page 138 Chapter 7 LAN Setup P-2612HW-F1 User’s Guide...
Page 139: Wireless Lan
Figure 77 Example of a Wireless Network Ethernet 8.1.1 What You Can Do in the Wireless LAN Screens This chapter describes the ZyXEL Device’s Network > Wireless LAN screens. Use these screens to set up your ZyXEL Device’s wireless connection. P-2612HW-F1 User’s Guide...
Page 140: What You Need To Know About Wireless
Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information. Wireless Network Construction Wireless networks consist of wireless clients, access points and bridges. • A wireless client is a radio connected to a user’s computer. P-2612HW-F1 User’s Guide...
Page 141 MAC Address Filter Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address consists of twelve hexadecimal characters (0-9, and A to F), and it is usually written in the following format: “0A:A0:00:BB:CC:DD”. P-2612HW-F1 User’s Guide...
Page 142: Before You Start
LAN and you change the ZyXEL Device’s SSID or security settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the ZyXEL Device’s new settings. P-2612HW-F1 User’s Guide...
Page 143 Security See the following sections for more details about this field. Mode Static WEP, WPA and WPA2 are available only when WPS is disabled. Apply Click Apply to save your changes back to the ZyXEL Device. P-2612HW-F1 User’s Guide...
Page 144: No Security
Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 79 Network > Wireless LAN > AP: No Security P-2612HW-F1 User’s Guide...
Page 145: Wep Encryption
WEP key for data transmission. If you want to manually set the WEP key, enter any 5 or 13 characters (ASCII string) or 10 or 26 hexadecimal characters ("0-9", "A-F") for a 64- bit or 128-bit WEP key respectively. P-2612HW-F1 User’s Guide...
Page 146: Wpa(2)-Psk
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific credentials. Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols). P-2612HW-F1 User’s Guide...
Page 147 WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA(2)-PSK mode. The ZyXEL Device default is 1800 seconds (30 minutes). P-2612HW-F1 User’s Guide...
Page 148: Wpa(2) Authentication Screen
Table 28 Network > Wireless LAN > AP: WPA(2) LABEL DESCRIPTION Security Mode Choose WPA or WPA2 from the drop-down list box. WPA Compatible This field is only available for WPA2. Select this if you want the ZyXEL Device to support WPA and WPA2 simultaneously. P-2612HW-F1 User’s Guide...
Page 149 Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external accounting server and the ZyXEL Device. The key must be the same on the external accounting server and your ZyXEL Device. The key is not sent over the network. P-2612HW-F1 User’s Guide...
Page 150: Wireless Lan Advanced Setup
ZyXEL Device might be reduced. Back Click this to return to the previous screen without saving changes. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2612HW-F1 User’s Guide...
Page 151: More Ap Screen
Click the Edit icon to configure the SSID profile. Click the Remove icon to delete the SSID profile. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2612HW-F1 User’s Guide...
Page 152: More Ap Edit
Back Click this to return to the previous screen without saving changes. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2612HW-F1 User’s Guide...
Page 153: Mac Filter
ZyXEL Device Select Allow to permit access to the ZyXEL Device, MAC addresses not listed will be denied access to the ZyXEL Device. This is the index number of the MAC address. P-2612HW-F1 User’s Guide...
Page 154: Wps
This shows the PIN (Personal Identification Number) of the ZyXEL Device. Enter this PIN in the configuration utility of the device you want to connect to using WPS. The PIN is not necessary when you use WPS push-button method. P-2612HW-F1 User’s Guide...
Page 155: Wps Station
Use this screen to set up a WPS wireless network using either Push Button Configuration (PBC) or PIN Configuration. Click Network > Wireless LAN >WPS Station. The following screen displays. Figure 88 Network > Wireless LAN > WPS Station P-2612HW-F1 User’s Guide...
Page 156: Wds Screen
Note: WDS security is independent of the security settings between the ZyXEL Device and any wireless clients. At the time of writing, WDS is compatible with some ZyXEL Devices only. Not all models support WDS links. Check your other ZyXEL Device’s documentation. P-2612HW-F1 User’s Guide...
Page 157 Enter a Pre-Shared Key (PSK) from 8 to 63 case-sensitive ASCII characters (including spaces and symbols). Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2612HW-F1 User’s Guide...
Page 158: Scheduling Screen
For example, if you decide to turn off the wireless LAN everyday, but you set an exception from 12:00 to 1:30. Then the wireless LAN is only available from 12:00 to 1:30 everyday. Apply Click this to save your changes. Reset Click this to restore your previously saved settings. P-2612HW-F1 User’s Guide...
Page 159: Wireless Lan Technical Reference
Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the ZyXEL Device does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess. P-2612HW-F1 User’s Guide...
Page 160: Mac Address Filter
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. P-2612HW-F1 User’s Guide...
Page 161 ZyXEL Device. Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. P-2612HW-F1 User’s Guide...
Page 162: Mbssid
Internet connection, but can establish a WDS link with access point AP 2, which does. When AP 1 has a WDS link with AP 2, the notebook computer can access the Internet through AP 2. Figure 91 WDS Link Example Internet AP 1 AP 2 P-2612HW-F1 User’s Guide...
Page 163: Wifi Protected Setup
(SSID) and security key through an secure connection to the enrollee. If you need to make sure that WPS worked, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. P-2612HW-F1 User’s Guide...
Page 164: Pin Configuration
On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. P-2612HW-F1 User’s Guide...
Page 165 PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2- PSK is used depends on the standards supported by the devices. If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly. P-2612HW-F1 User’s Guide...
Page 166 It will be the registrar in all subsequent WPS connections in which it is involved. If you want a configured AP to act as an enrollee, you must reset it to its factory defaults. P-2612HW-F1 User’s Guide...
Page 167 CLIENT 1 ENROLLEE CLIENT 2 In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access P-2612HW-F1 User’s Guide...
Page 168 (if the device supports this feature). Then, you can enter the key into the non-WPS device and join the network as normal (the non-WPS device must also support WPA-PSK or WPA2-PSK). P-2612HW-F1 User’s Guide...
Page 169 Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. P-2612HW-F1 User’s Guide...
Page 170 Chapter 8 Wireless LAN P-2612HW-F1 User’s Guide...
Page 171: Nat
WAN side. In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) P-2612HW-F1 User’s Guide...
Page 172: Nat General Setup
Section 9.5 on page 181 for advanced technical information on NAT. 9.2 NAT General Setup Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. P-2612HW-F1 User’s Guide...
Page 173 NAT sessions. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2612HW-F1 User’s Guide...
Page 174: Port Forwarding
Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP P-2612HW-F1 User’s Guide...
Page 175: Configuring The Port Forwarding Screen
9.3.1 Configuring the Port Forwarding Screen Click Network > NAT > Port Forwarding to open the following screen. Appendix E on page 533 for port numbers commonly used for particular services. Figure 99 Network > NAT > Port Forwarding P-2612HW-F1 User’s Guide...
Page 176 Click the delete icon to delete an existing port forwarding rule. Note that subsequent address mapping rules move up by one when you take this action. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous configuration. P-2612HW-F1 User’s Guide...
Page 177: Port Forwarding Rule Edit
Enter the inside IP address of the server here. Address Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW-F1 User’s Guide...
Page 178: Address Mapping
One-to-one and Server mapping types. Global Start This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. You can only do this for Many-to-One and Server mapping types. P-2612HW-F1 User’s Guide...
Page 179: Address Mapping Rule Edit
9.4.1 Address Mapping Rule Edit To edit an address mapping rule, click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 102 Network > NAT > Address Mapping > Edit P-2612HW-F1 User’s Guide...
Page 180: Sip Alg
ZyXEL Device registers with the SIP register server, the SIP ALG translates the ZyXEL Device’s private IP address inside the SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG. P-2612HW-F1 User’s Guide...
Page 181: Nat Technical Reference
IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside P-2612HW-F1 User’s Guide...
Page 182: What Nat Does
IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses P-2612HW-F1 User’s Guide...
Page 183 NAT Table Inside Local Inside Global IP Address IP Address 192.168.1.10 IGA 1 192.168.1.13 192.168.1.11 IGA 2 192.168.1.12 IGA 3 192.168.1.13 IGA 4 192.168.1.12 192.168.1.10 IGA1 Internet Inside Local Inside Global Address (ILA) Address (IGA) 192.168.1.11 192.168.1.10 P-2612HW-F1 User’s Guide...
Page 184: Nat Application
• Many to One: In Many-to-One mode, the ZyXEL Device maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for instance, PAT, port address translation), ZyXEL’s Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today’s routers). P-2612HW-F1 User’s Guide...
Page 185 ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 P-2612HW-F1 User’s Guide...
Page 186 Chapter 9 NAT P-2612HW-F1 User’s Guide...
Page 187: Voice
(Section 10.9 on page 201) to change settings that depend on the country you are in. • Use the Speed Dial screen (Section 10.10 on page 202) to set up shortcuts for dialing frequently-used (VoIP) phone numbers. P-2612HW-F1 User’s Guide...
Page 188: What You Need To Know About Voip
How to Find Out More Chapter 4 on page 45 for a tutorial showing how to set up these screens in an example scenario. P-2612HW-F1 User’s Guide...
Page 189: Before You Begin
ZyXEL Device knows to which phone port it should forward an incoming VoIP call. You must use speed dial to make peer-to-peer VoIP calls. Section 10.5 on page 196 for how to map a SIP account to a phone port. P-2612HW-F1 User’s Guide...
Page 190 It does not matter whether the SIP server is a proxy, redirect or register server. SIP Server Port Enter the SIP server’s listening port number, if your VoIP service provider gave you one. Otherwise, keep the default value. P-2612HW-F1 User’s Guide...
Page 191 Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. Advanced Setup Click this to edit the advanced settings for this SIP account. The Advanced SIP Setup screen appears. P-2612HW-F1 User’s Guide...
Page 192: The Advanced Sip Setup Screen
Click VoIP > SIP > SIP Settings to open the SIP Settings screen. Select a SIP account and click Advanced Setup to open the Advanced SIP Setup screen. Use this screen to maintain advanced settings for each SIP account. Figure 107 VoIP > SIP Settings > Advanced P-2612HW-F1 User’s Guide...
Page 193 G.726 operates at 16, 24, 32 or 40 kbps. By contrast, G.729 only requires 8 kbps. The ZyXEL Device must use the same codec as the peer. When two SIP devices start a SIP session, they must agree on a codec. P-2612HW-F1 User’s Guide...
Page 194 Select which call forwarding table you want the ZyXEL Device to use for Table incoming calls. You set up these tables in VoIP > Phone Book > Incoming Call Policy. Back Click this to return to the SIP Settings screen without saving your changes. P-2612HW-F1 User’s Guide...
Page 195: The Sip Qos Screen
VLAN tags. Otherwise, clear this field. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. P-2612HW-F1 User’s Guide...
Page 196: The Analog Phone Screen
Use this screen to configure the volume, echo cancellation and VAD (Voice Activity Detection) settings for each individual phone port on the ZyXEL Device. You can also select which SIP account to use for making outgoing calls. P-2612HW-F1 User’s Guide...
Page 197: Configuring The Advanced Analog Phone Screen
10.6.1 Configuring the Advanced Analog Phone Screen To access this screen, click Advanced Setup in VoIP > Phone > Analog Phone. Figure 110 VoIP > Phone > Analog Phone > Advanced P-2612HW-F1 User’s Guide...
Page 198 ZyXEL Device to automatically dial in this field. Back Click this to return to the Analog Phone screen without saving your changes. Apply Click this to save your changes. Cancel Click this to set every field in this screen to its last-saved value. P-2612HW-F1 User’s Guide...
Page 199: The Phone Settings Ext. Table Screen
Number phones connected to the ZyXEL Device. Phone Use these fields to assign extension numbers to the phones connected to the ZyXEL Device. This is an index number of the phone to be assigned an extension number. P-2612HW-F1 User’s Guide...
Page 200: The Common Phone Settings Screen
Click this to set every field in this screen to its last-saved value. 10.8 The Common Phone Settings Screen Use this screen to activate and deactivate immediate dialing. To access this screen, click VoIP > Phone > Common. Figure 112 VoIP > Phone > Common P-2612HW-F1 User’s Guide...
Page 201: The Phone Region Screen
10.9 The Phone Region Screen Use this screen to maintain settings that depend on which region of the world the ZyXEL Device is in. To access this screen, click VoIP > Phone > Region. Figure 113 VoIP > Phone > Region P-2612HW-F1 User’s Guide...
Page 202: The Speed Dial Screen
In peer-to-peer calls, you call another VoIP device directly without going through a VoIP service provider’s SIP server. Select Non-Proxy (Use IP or URL) in the Type column and enter the callee’s IP address or domain name. The ZyXEL P-2612HW-F1 User’s Guide...
Page 203 Click this to use the information in the Speed Dial section to update the Speed Dial Phone Book section. Speed Dial Use this section to look at all the speed-dial entries and to erase them. Phone Book P-2612HW-F1 User’s Guide...
Page 204 Speed Dial section, where you can change it. Click the Remove icon to erase this speed-dial entry. Clear Click this to erase all the speed-dial entries. Cancel Click this to set every field in this screen to its last-saved value. P-2612HW-F1 User’s Guide...
Page 205: Incoming Call Policy Screen
Select this if you want the ZyXEL Device to forward all incoming calls to Forward to the specified phone number, regardless of other rules in the Forward Number to Number Setup section. Specify the phone number in the field on the right. P-2612HW-F1 User’s Guide...
Page 206 Forward to Number section. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. P-2612HW-F1 User’s Guide...
Page 207: Sip Prefix Screen
SIP Domain This field displays the SIP service domain name you entered when configuring this SIP account. Click this to use the information in the SIP Selection by Prefix section to update the SIP Prefix Phone Book section. P-2612HW-F1 User’s Guide...
Page 208: Sip Technical Reference
Internet. SIP signaling is separate from the media for which it handles sessions. The media that is exchanged during the session can use a different path from that of the P-2612HW-F1 User’s Guide...
Page 209 A SIP registration has a limited lifespan. The User Agent Client must renew its registration within this lifespan. If it does not do so, the registration data will be deleted from the SIP registrar's database and the connection broken. P-2612HW-F1 User’s Guide...
Page 210 In the following example, you want to use client device A to call someone who is using client device C. The client device (A in the figure) sends a call invitation to the SIP proxy server (B). P-2612HW-F1 User’s Guide...
Page 211 In the following example, you want to use client device A to call someone who is using client device C. Client device A sends a call invitation for C to the SIP redirect server (B). The SIP redirect server sends the invitation back to A with C’s IP address (or domain name). P-2612HW-F1 User’s Guide...
Page 212 SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call. A calls B. Table 59 SIP Call Progression 1. INVITE 2. Ringing P-2612HW-F1 User’s Guide...
Page 213 The response to the request goes to all the proxy servers through which the request passed, in reverse sequence. Once the session is set up, session traffic is sent between the UAs directly, bypassing all the proxy servers in between. P-2612HW-F1 User’s Guide...
Page 214 User Agent 1 sends a SIP INVITE request to Proxy 1. This message is an invitation to User Agent 2 to participate in a SIP telephone call. Proxy 1 sends a response indicating that it is trying to complete the request. P-2612HW-F1 User’s Guide...
Page 215 Dual-Tone MultiFrequency (DTMF) signaling uses pairs of frequencies (one lower frequency and one higher frequency) to set up calls. It is also known as Touch Tone®. Each of the keys on a DTMF telephone corresponds to a different pair of frequencies. P-2612HW-F1 User’s Guide...
Page 216 You can continue to add, listen to, or delete tones, or you can hang up the receiver when you are done. Listening to Custom Tones Do the following to listen to a custom tone: The ZyXEL Device does not support pulse dialing at the time of writing. P-2612HW-F1 User’s Guide...
Page 217: Quality Of Service (Qos)
In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going. The ZyXEL Device does not support DiffServ at the time of writing. P-2612HW-F1 User’s Guide...
Page 218: Phone Services Overview
VoIP service provider. The ZyXEL Device supports the following services: • Call Hold • Call Waiting • Making a Second Call • Call Transfer • Call Forwarding (see Section 10.11 on page 205) P-2612HW-F1 User’s Guide...
Page 219 1. Switch back and forth between two calls. 2. Put a current call on hold to answer an incoming call. 3. Separate the current three-way conference call into two individual calls (one is on-line, the other is on hold). P-2612HW-F1 User’s Guide...
Page 220 Do the following to transfer an incoming call (that you have answered) to another phone. Press the flash key to put the caller on hold. When you hear the dial tone, dial “*98#” followed by the number to which you want to transfer the call. to operate the Intercom. P-2612HW-F1 User’s Guide...
Page 221 If you have another call, press the flash key to switch back and forth between caller A and B by putting either one on hold. If you hang up the phone but a caller is still on hold, there will be a remind ring. P-2612HW-F1 User’s Guide...
Page 222 If you want to go back to the three-way conversation, press the flash key again. If you want to separate the activated three-way conference into two individual connections again, press the flash key. This time the party B is on-line and party A is on hold. P-2612HW-F1 User’s Guide...
Page 223: Phone Usage
11.4 Using Call Park and Pickup Do the following to put a call on hold on one phone and continue it on another (connected to the ZyXEL Device). This feature may not be supported by all service providers. P-2612HW-F1 User’s Guide...
Page 224: Checking The Zyxel Device's Ip Address
(if your service provider activates this feature). If newer firmware is available, the ZyXEL Device plays a recording when you pick up your phone’s handset. • Press “*99#” to upgrade the ZyXEL Device’s firmware. • Press “#99#” to not upgrade the ZyXEL Device’s firmware. P-2612HW-F1 User’s Guide...
Page 225: Phone Services Overview
You can invoke all the supplementary services by using the flash key. 11.7.2 Europe Type Supplementary Phone Services This section describes how to use supplementary phone services with the Europe Type Call Service Mode. Commands for supplementary services are listed in the table below. P-2612HW-F1 User’s Guide...
Page 226 (directory) number. If there is a second call to a telephone number, you will hear a call waiting tone. Take one of the following actions. • Reject the second call. Press the flash key and then press “0”. P-2612HW-F1 User’s Guide...
Page 227: Usa Type Supplementary Services
(one is on-line, the other is on hold), press the flash key and press “2”. 11.7.3 USA Type Supplementary Services This section describes how to use supplementary phone services with the USA Type Call Service Mode. Commands for supplementary services are listed in the table below. P-2612HW-F1 User’s Guide...
Page 228 Intercom. After you hear the ring signal or the second party answers it, hang up the phone. 11.7.3.4 USA Three-Way Conference Use the following steps to make three-way conference calls. P-2612HW-F1 User’s Guide...
Page 229: Phone Functions Summary
Use these to allow you to put a call on hold while answering another, or to turn this function off. See #41# Disable call waiting Section 11.7.2 on page 225 (Europe type) and Section 11.7.3 on page 227 (USA type). P-2612HW-F1 User’s Guide...
Page 230 Section 10.11 on page 205. One shot Call Waiting Activate or deactivate call waiting on the next call Disable only. See Section 11.7.2 on page 225 (Europe type) Section 11.7.3 on page 227 (USA type) One shot Call Waiting Enable P-2612HW-F1 User’s Guide...
Page 231: Firewall
ZyXEL Device, and set the default action that the firewall takes on packets that do not match any of the firewall rules. • Use the Rules screen (Section 12.3 on page 238) to view the configured firewall rules and add, edit or remove a firewall rule. P-2612HW-F1 User’s Guide...
Page 232: What You Need To Know About Firewall
• See Section 12.5 on page 247 for advanced technical information on firewall. 12.1.3 Firewall Rule Setup Example The following Internet firewall rule example allows a hypothetical “MyService” connection from the Internet. P-2612HW-F1 User’s Guide...
Page 233 Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply. Figure 124 Edit Custom Port Example Select Any in the Destination Address List box and then click Delete. P-2612HW-F1 User’s Guide...
Page 234 Configure the destination address screen as follows and click Add. Figure 125 Firewall Example: Edit Rule: Destination Address Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. P-2612HW-F1 User’s Guide...
Page 235 Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box. Figure 126 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. P-2612HW-F1 User’s Guide...
Page 236: The Firewall General Screen
10.0.0.15 on the LAN. Figure 127 Firewall Example: Rules: MyService 12.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 128 Security > Firewall > General P-2612HW-F1 User’s Guide...
Page 237 Expand... Click this to display more information. Basic... Click this to display less information. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-2612HW-F1 User’s Guide...
Page 238: The Firewall Rule Screen
This is your firewall rule number. The ordering of your rules is important as rules are applied in turn. Active This field displays whether a firewall is turned on or not. Select the check box to enable the rule. Clear the check box to disable the rule. P-2612HW-F1 User’s Guide...
Page 239: Configuring Firewall Rules
Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 12.3.1 Configuring Firewall Rules Refer to Section 12.1.2 on page 232 for more information. P-2612HW-F1 User’s Guide...
Page 240 Use this screen to configure firewall rules. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. Figure 130 Security > Firewall > Rules > Edit P-2612HW-F1 User’s Guide...
Page 241 This field determines if a log for packets that match the rule is created Information or not. Go to the Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert P-2612HW-F1 User’s Guide...
Page 242: Customized Services
This shows the IP protocol (TCP, UDP or TCP/UDP) that defines your customized service. Port This is the port number or range that defines your customized service. Back Click this to return to the Firewall Edit Rule screen. P-2612HW-F1 User’s Guide...
Page 243: Configuring A Customized Service
Click this to delete the current rule. 12.4 The Firewall Threshold Screen For DoS attacks, the ZyXEL Device uses thresholds to determine when to start dropping sessions that do not become fully established (half-open sessions). These thresholds apply globally to all sessions. P-2612HW-F1 User’s Guide...
Page 244: Threshold Values
Type of traffic for certain servers. Reduce the threshold values if your network is slower than average for any of these factors (especially if you have servers that are slow or handle many tasks and are often busy). P-2612HW-F1 User’s Guide...
Page 245: Configuring Firewall Thresholds
This is the rate of new half-open sessions per minute that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open sessions as necessary, until the rate of new connection attempts drops below this number. P-2612HW-F1 User’s Guide...
Page 246 Delete the oldest half open session when a new connection request reached comes. threshold Deny new connection requests for the number of minutes that you specify (between 1 and 255). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-2612HW-F1 User’s Guide...
Page 247: Firewall Technical Reference
These rules specify which computers on the WAN can access which computers or services on the LAN. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow computers on the WAN to access devices on the LAN. P-2612HW-F1 User’s Guide...
Page 248: Guidelines For Enhancing Security With Your Firewall
Protect against IP spoofing by making sure the firewall is active. Keep the firewall in a secured (locked) room. P-2612HW-F1 User’s Guide...
Page 249: Security Considerations
Ethernet devices. You may have more than one connection to the Internet (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL Device’s LAN IP address), the P-2612HW-F1 User’s Guide...
Page 250 ZyXEL Device to your LAN. The following steps describe such a scenario. A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. P-2612HW-F1 User’s Guide...
Page 251 The reply from the WAN goes to the ZyXEL Device. The ZyXEL Device then sends it to the computer on the LAN in Subnet 1. Figure 137 IP Alias Subnet 1 ISP 1 Internet ISP 2 Subnet 2 P-2612HW-F1 User’s Guide...
Page 252 Chapter 12 Firewall P-2612HW-F1 User’s Guide...
Page 253: Content Filtering
13.1.3 Before You Begin To use the Trusted screen, you need the IP addresses of devices on your network. See the LAN section (Section 13.4 on page 258) for more information. P-2612HW-F1 User’s Guide...
Page 254: Content Filtering Example
Click Security > Content Filter > Schedule to display the following screen. Click Edit Daily to Block and select all weekdays. Under Start Time and End Time, type the times for blocking to begin and end (4pm ~ 7pm in this example). P-2612HW-F1 User’s Guide...
Page 255 Click Security > Content Filter > Trusted to display the following screen. In the Start IP Address and End IP Address fields, type 192.168.1.3. Click Apply. Figure 140 Security > Content Filter > Trusted: Example That finishes setting up keyword blocking on the home computer. P-2612HW-F1 User’s Guide...
Page 256: The Keyword Screen
Repeat this procedure to add other keywords. Up to 64 keywords are allowed. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request. P-2612HW-F1 User’s Guide...
Page 257: The Schedule Screen
Select the check box to have the content filtering to be active on the selected day. Start TIme Enter the time when you want the content filtering to take effect in hour- minute format. End Time Enter the time when you want the content filtering to stop in hour-minute format. P-2612HW-F1 User’s Guide...
Page 258: The Trusted Screen
LAN that you want to exclude from content filtering. Leave this field blank if you want to exclude an individual computer. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-2612HW-F1 User’s Guide...
Page 259: Vpn
• Use the Monitor screen (Section 14.7 on page 277) to display and manage the current active VPN connections. • Use the VPN Global Setting screen (Section 14.8 on page 279) to allow NetBIOS packets passing through the VPN connection. P-2612HW-F1 User’s Guide...
Page 260: What You Need To Know About Ipsec Vpn
• The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or dynamic) to set up the VPN tunnel. Secure Gateway Address Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure gateway). P-2612HW-F1 User’s Guide...
Page 261: Before You Begin
Section 14.9 on page 279 for advanced technical information on IPSec VPN. 14.1.3 Before You Begin If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote MGMT) to allow access for that service. P-2612HW-F1 User’s Guide...
Page 262: Vpn Setup Screen
Click Security > VPN to open the VPN Setup screen. This is a menu of your IPSec rules (tunnels). The IPSec summary menu is read-only. Edit a VPN by selecting an index number and then configuring its associated submenus. Figure 147 Security > VPN > Setup P-2612HW-F1 User’s Guide...
Page 263 Click the Edit icon to go to the screen where you can edit the VPN configuration. Click the Remove icon to remove an existing VPN configuration. Apply Click this to save your changes and apply them to the ZyXEL Device. Cancel Click this return your settings to their last saved values. P-2612HW-F1 User’s Guide...
Page 264: The Vpn Edit Screen
Chapter 14 VPN 14.3 The VPN Edit Screen Click an Edit icon in the VPN Setup screen to edit VPN policies. Figure 148 Security > VPN > Setup > Edit P-2612HW-F1 User’s Guide...
Page 265 Use the drop-down menu to choose Single, Range, or Subnet. Select Type Single for a single IP address. Select Range for a specific range of IP addresses. Select Subnet to specify IP addresses on a network by their subnet mask. P-2612HW-F1 User’s Guide...
Page 266 Information Local ID Type Select IP to identify this ZyXEL Device by its IP address. Select DNS to identify this ZyXEL Device by a domain name. Select E-mail to identify this ZyXEL Device by an e-mail address. P-2612HW-F1 User’s Guide...
Page 267 DNS or E-mail ID type in the following situations: When there is a NAT router between the two IPSec routers. When you want the ZyXEL Device to distinguish between VPN connection requests that come in from remote IPSec routers with dynamic WAN IP addresses. P-2612HW-F1 User’s Guide...
Page 268 Security > Certificates screens, or click the My Certificates link. My Certificates Click this to go to the Security > Certificates > My Certificates screen. If you do not click Apply first, your VPN settings will not be saved. P-2612HW-F1 User’s Guide...
Page 269 Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click Advanced Setup to configure more detailed settings of your IKE key management. P-2612HW-F1 User’s Guide...
Page 270: Configuring Advanced Ike Settings
Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. If Local Start Port is left at 0, End will also remain at 0. P-2612HW-F1 User’s Guide...
Page 271 Key Group You must choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number. P-2612HW-F1 User’s Guide...
Page 272 Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device and return to the VPN-IKE screen. Cancel Click Cancel to return to the VPN-IKE screen without saving your changes. P-2612HW-F1 User’s Guide...
Page 273: Manual Key Setup
VPN gateway to the local VPN gateway. The local VPN gateway then uses the network, encryption and key values that the administrator associated with the SPI to establish the tunnel. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. P-2612HW-F1 User’s Guide...
Page 274: Configuring Manual Key
IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. P-2612HW-F1 User’s Guide...
Page 275 Use the drop-down menu to choose Single, Range, or Subnet. Select Type Single with a single IP address. Select Range for a specific range of IP addresses. Select Subnet to specify IP addresses on a network by their subnet mask. P-2612HW-F1 User’s Guide...
Page 276 Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security. P-2612HW-F1 User’s Guide...
Page 277: Viewing Sa Monitor
When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. See Section P-2612HW-F1 User’s Guide...
Page 278 This field displays the security protocol, encryption algorithm, and Algorithm authentication algorithm used in each VPN tunnel. Disconnect Select one of the security associations, and then click Disconnect to stop that security association. Refresh Click Refresh to display the current active VPN connection(s). P-2612HW-F1 User’s Guide...
Page 279: Configuring Vpn Global Setting
Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 14.9 IPSec VPN Technical Reference This section provides some technical background information about the topics covered in this chapter. P-2612HW-F1 User’s Guide...
Page 280: Ipsec Architecture
Read this section if you are running IPSec on a host computer behind the ZyXEL Device. NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data P-2612HW-F1 User’s Guide...
Page 281: Vpn, Nat, And Nat Traversal
NAT is not normally compatible with ESP in transport mode either, but the ZyXEL Device’s NAT Traversal feature provides a way to handle this. NAT traversal P-2612HW-F1 User’s Guide...
Page 282 NAT device. The compatibility of AH and ESP with NAT in tunnel and transport modes is summarized in the following table. Table 83 VPN and NAT SECURITY MODE PROTOCOL Transport Tunnel Transport Tunnel Y* - This is supported in the ZyXEL Device if you enable NAT traversal. P-2612HW-F1 User’s Guide...
Page 283: Encapsulation
VPN gateway. • Inside header: The inside IP header contains the destination IP address of the final system behind the VPN gateway. The security protocol appears after the outer IP header and before the inside IP header. P-2612HW-F1 User’s Guide...
Page 284: Ike Phases
• Choose an authentication algorithm • Choose whether to enable Perfect Forward Secrecy (PFS) using Diffie-Hellman public-key cryptography – see Appendix D on page 509. Select None (the default) to disable PFS. • Choose Tunnel mode or Transport mode. P-2612HW-F1 User’s Guide...
Page 285: Negotiation Mode
14.9.8 Remote DNS Server In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server, you must identify that DNS server. You P-2612HW-F1 User’s Guide...
Page 286: Id Type And Content
(seeSection 14.9.12 on page 288 for a telecommuter configuration example). Regardless of the ID type and content configuration, the ZyXEL Device does not allow you to save multiple active rules with overlapping local and remote IP addresses. P-2612HW-F1 User’s Guide...
Page 287 IP address or what you configure in the Secure Gateway Address field below. 14.9.9.1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. P-2612HW-F1 User’s Guide...
Page 288: Pre-Shared Key
The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL Device at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The ZyXEL Device at headquarters has a static public IP address. P-2612HW-F1 User’s Guide...
Page 289 Telecommuters can each use a separate VPN rule to simultaneously access a ZyXEL Device at headquarters. They can use different IPSec parameters. The local IP addresses (or ranges of addresses) of the rules configured on the ZyXEL Device P-2612HW-F1 User’s Guide...
Page 290 Peer ID Content: bob@bigcompanyhq.com Telecommuter A Headquarters ZyXEL Device Rule 1: (telecommutera.dydns.org) Local ID Type: IP Peer ID Type: IP Local ID Content: 192.168.2.12 Peer ID Content: 192.168.2.12 Local IP Address: 192.168.2.12 Secure Gateway Address: telecommuter1.com Remote Address 192.168.2.12 P-2612HW-F1 User’s Guide...
Page 291 Remote Address 192.168.3.2 Telecommuter C Headquarters ZyXEL Device Rule 3: (telecommuterc.dydns.org) Local ID Type: E-mail Peer ID Type: E-mail Local ID Content: myVPN@myplace.com Peer ID Content: myVPN@myplace.com Local IP Address: 192.168.4.15 Secure Gateway Address: telecommuterc.com Remote Address 192.168.4.15 P-2612HW-F1 User’s Guide...
Page 292 Chapter 14 VPN P-2612HW-F1 User’s Guide...
Page 293: Certificates
There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. You can use the ZyXEL Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority. P-2612HW-F1 User’s Guide...
Page 294 Device can check a peer’s certificate against a directory server’s list of revoked certificates. The framework of servers, software, procedures and policies that handles keys is called PKI (public-key infrastructure). Advantages of Certificates Certificates offer the following benefits. P-2612HW-F1 User’s Guide...
Page 295: Verifying A Certificate
Browse to where you have the certificate saved on your computer. Make sure that the certificate has a “.cer” or “.crt” file name extension. Figure 160 Certificates on Your Computer P-2612HW-F1 User’s Guide...
Page 296 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may very based on your situation. Possible examples would be over the telephone or through an HTTPS connection. P-2612HW-F1 User’s Guide...
Page 297: My Certificates
SELF represents a self-signed certificate. *SELF represents the default self-signed certificate, which the ZyXEL Device uses to sign imported trusted remote host certificates. CERT represents a certificate issued by a certification authority. P-2612HW-F1 User’s Guide...
Page 298 Click Import to open a screen where you can save the certificate that you have enrolled from a certification authority from your computer to the ZyXEL Device. Refresh Click Refresh to display the current validity status of the certificates. P-2612HW-F1 User’s Guide...
Page 299: My Certificate Details
If it is a self-signed certificate, you can also set the ZyXEL Device to use the certificate to sign the imported trusted remote host certificates. Figure 163 Security > Certificates > My Certificates > Details P-2612HW-F1 User’s Guide...
Page 300 This field displays the type of algorithm that was used to sign the Algorithm certificate. The ZyXEL Device uses rsa-pkcs1-sha1 (RSA public- private key encryption algorithm and the SHA1 hash algorithm). Some certification authorities may use rsa-pkcs1-md5 (RSA public- private key encryption algorithm and the MD5 hash algorithm). P-2612HW-F1 User’s Guide...
Page 301 You can only import a certificate that matches a corresponding certification request that was generated by the ZyXEL Device (the certification request contains the private key). The certificate you import replaces the corresponding request in the My Certificates screen. P-2612HW-F1 User’s Guide...
Page 302 ZyXEL Device. Note: Be careful not to convert a binary file to text during the transfer process. It is easy for this to occur since many programs use text files by default. P-2612HW-F1 User’s Guide...
Page 303: Using The My Certificate Import Screen
Cancel Click Cancel to clear your settings. 15.4 My Certificate Create Click Security > Certificates > My Certificates > Create to open the My Certificate Create screen. Use this screen to have the ZyXEL Device create a P-2612HW-F1 User’s Guide...
Page 304 Organizational Unit Type up to 127 characters to identify the organizational unit or department to which the certificate owner belongs. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. P-2612HW-F1 User’s Guide...
Page 305 Public Key Infrastructure X.509 working group of the Internet Engineering Task Force (IETF) and is specified in RFC 2510. CA Server Address Enter the IP address (or URL) of the certification authority server. P-2612HW-F1 User’s Guide...
Page 306: Trusted Cas
This screen displays a summary list of certificates of the certification authorities that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being P-2612HW-F1 User’s Guide...
Page 307 Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired. P-2612HW-F1 User’s Guide...
Page 308: Trusted Ca Import
ZyXEL Device. Note: You must remove any spaces from the certificate’s filename before you can import the certificate. Figure 167 Security > Certificates > Trusted CA > Import P-2612HW-F1 User’s Guide...
Page 309: Trusted Ca Details
Click the details icon to open the Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyXEL Device to check a P-2612HW-F1 User’s Guide...
Page 310 Chapter 15 Certificates certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. Figure 168 Security > Certificates > Trusted CA > Details P-2612HW-F1 User’s Guide...
Page 311 (RSA public-private key encryption algorithm and the MD5 hash algorithm). Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable. P-2612HW-F1 User’s Guide...
Page 312 ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority. Cancel Click Cancel to quit and return to the Trusted CAs screen. P-2612HW-F1 User’s Guide...
Page 313: Trusted Remote Hosts
ZyXEL Device that the ZyXEL Device uses to sign the signed trusted remote host certificates. Certificate) This field displays the certificate index number. The certificates are listed in alphabetical order. Name This field displays the name used to identify this certificate. P-2612HW-F1 User’s Guide...
Page 314: Trusted Remote Host Certificate Details
Click this button to display the current validity status of the certificates. 15.9 Trusted Remote Host Certificate Details Click Security > Certificates > Trusted Remote Hosts to open the Trusted Remote Hosts screen. Click the details icon to open the Trusted Remote Host P-2612HW-F1 User’s Guide...
Page 315 For a trusted host, the list consists of the end entity’s own certificate and the default self- signed certificate that the ZyXEL Device uses to sign remote host certificates. Refresh Click Refresh to display the certification path. P-2612HW-F1 User’s Guide...
Page 316 ZyXEL Device has signed the certificate; thus causing this value to be different from that of the remote hosts actual certificate. See Section 15.1.3 on page 295 for how to verify a remote host’s certificate. P-2612HW-F1 User’s Guide...
Page 317: Trusted Remote Hosts Import
Click Security > Certificates > Trusted Remote Hosts to open the Trusted Remote Hosts screen and then click Import to open the Trusted Remote Host Import screen. Follow the instructions in this screen to save a trusted host’s certificate to the ZyXEL Device. P-2612HW-F1 User’s Guide...
Page 318: Directory Servers
Device. If you decide to have the ZyXEL Device check incoming certificates against the issuing certification authority’s list of revoked certificates, the ZyXEL Device first checks the server(s) listed in the CRL Distribution Points field of the P-2612HW-F1 User’s Guide...
Page 319 Note that subsequent certificates move up by one when you take this action. Click Add to open a screen where you can configure information about a directory server so that the ZyXEL Device can access it. P-2612HW-F1 User’s Guide...
Page 320: Directory Server Add And Edit
Login Setting Login The ZyXEL Device may need to authenticate itself in order to assess the directory server. Type the login name (up to 31 ASCII characters) from the entity maintaining the directory server (usually a certification authority). P-2612HW-F1 User’s Guide...
Page 321 Click Back to return to the Directory Servers screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to quit configuring this screen. At the time of writing, LDAP is the only choice of directory server access protocol. P-2612HW-F1 User’s Guide...
Page 322 Chapter 15 Certificates P-2612HW-F1 User’s Guide...
Page 323: Static Route
Figure 174 Example of Static Routing Topology Internet 16.1.1 What You Can Do in the Static Route Screens Use the Static Route screens (Section 16.2 on page 324) to view and configure IP static routes on the ZyXEL Device. P-2612HW-F1 User’s Guide...
Page 324: Configuring Static Route
Click the Remove icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route. Apply Click this to apply your changes to the ZyXEL Device. Cancel Click this to return to the previously saved configuration. P-2612HW-F1 User’s Guide...
Page 325: Static Route Edit
Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW-F1 User’s Guide...
Page 326 Chapter 16 Static Route P-2612HW-F1 User’s Guide...
Page 327: Q/1P
17.1.2 What You Need to Know About 802.1Q/1P IEEE 802.1P Priority IEEE 802.1P specifies the user priority field and defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. P-2612HW-F1 User’s Guide...
Page 328 (recall that a port can belong to multiple VLANs). If the tagging on the egress port is enabled for the VID of a frame, then the frame is transmitted as a tagged frame; otherwise, it is transmitted as an untagged frame. P-2612HW-F1 User’s Guide...
Page 329: Q/1P Example
In the VLAN ID field type in 2 to identify the VLAN group. Select PVC1 from the Default Gateway drop-down list box. In the Control field, select Fixed for LAN1, LAN2 and PVC1 to be permanent members of the VLAN group. P-2612HW-F1 User’s Guide...
Page 330 Click Advanced > 802.1Q/1P > Port Setting to display the following screen. Type 2 in the 802.1Q PVID column for LAN1, LAN2 and PVC1. Select 7 from the 802.1P Priority drop-down list box for LAN1, LAN2 and PVC1. P-2612HW-F1 User’s Guide...
Page 331 SSID1 and SSID2 are two wireless networks. You want to create medium priority for this type of traffic, so you want to group these ports and PVC3 into one VLAN (VLAN4). PVC3 priority is set to medium level of service. P-2612HW-F1 User’s Guide...
Page 332 Chapter 17 802.1Q/1P Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4. The summary screen should display as follows. Figure 181 Advanced > 802.1Q/1P > Group Setting: Example P-2612HW-F1 User’s Guide...
Page 333 Chapter 17 802.1Q/1P The port screen should look like this. Figure 182 Advanced > 802.1Q/1P > Port Setting: Example This completes the 802.1Q/1P setup. P-2612HW-F1 User’s Guide...
Page 334: The 802.1Q/1P Group Setting Screen
Enter the ID number of a VLAN group. All interfaces (ports, SSIDs and PVCs) are in the management VLAN by default. If you disable the management VLAN, you will not be able to access the ZyXEL Device. P-2612HW-F1 User’s Guide...
Page 335 Click the Edit button to configure the ports in the VLAN group. Click the Remove button to delete the VLAN group. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-2612HW-F1 User’s Guide...
Page 336: Editing 802.1Q/1P Group Setting
Enter a descriptive name for the VLAN group for identification purposes. The text may consist of up to 8 letters, numerals, “-”, “_” and “@”. VLAN ID Assign a VLAN ID for the VLAN group. The valid VID range is between 1 and 4094. P-2612HW-F1 User’s Guide...
Page 337: The 802.1Q/1P Port Setting Screen
17.3 The 802.1Q/1P Port Setting Screen Use this screen to configure the PVID and assign traffic priority for each port. Click Advanced > 802.1Q/1P > Port Setting to display the following screen. Figure 185 Advanced > 802.1Q/1P > Port Setting P-2612HW-F1 User’s Guide...
Page 338 PVC. Select Same if you do not want to modify the priority. You may choose a priority level from 0-7, with 0 being the lowest level and 7 being the highest level. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-2612HW-F1 User’s Guide...
Page 339: Quality Of Service (Qos)
• Use the Class Setup screen (Section 18.3 on page 345) to set up classifiers to sort traffic into different flows and assign priority and define actions to be performed for a classified traffic flow. P-2612HW-F1 User’s Guide...
Page 340: What You Need To Know About Qos
(6) to VoIP traffic from the LAN interface, so that voice traffic would not get delayed when there is network congestion. Traffic from the boss’s IP address (192.168.1.23 for example) is mapped to queue 5. Traffic that does not match P-2612HW-F1 User’s Guide...
Page 341 QoS mapping table on the ZyXEL Device. Figure 186 QoS Example VoIP: Queue 6 50 Mbps Internet Boss: Queue 5 IP=192.168.1.23 Figure 187 QoS Class Example: VoIP -1 P-2612HW-F1 User’s Guide...
Page 342 Chapter 18 Quality of Service (QoS) Figure 188 QoS Class Example: VoIP -2 Figure 189 QoS Class Example: Boss -1 P-2612HW-F1 User’s Guide...
Page 343 Chapter 18 Quality of Service (QoS) Figure 190 QoS Class Example: Boss -2 P-2612HW-F1 User’s Guide...
Page 344: The Qos General Screen
If you set this number lower than the interface’s actual transmission speed, the ZyXEL Device will not use some of the interface’s available bandwidth. P-2612HW-F1 User’s Guide...
Page 345: The Class Setup Screen
(such as Telnet) to form a flow. Click Advanced > QoS > Class Setup to open the following screen. Figure 192 Advanced > QoS > Class Setup P-2612HW-F1 User’s Guide...
Page 346 Click the Edit icon to go to the screen where you can edit the classifier. Click the Remove icon to delete an existing classifier. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW-F1 User’s Guide...
Page 347: The Class Configuration Screen
Chapter 18 Quality of Service (QoS) 18.3.1 The Class Configuration Screen Click the Add button or the Edit icon in the Modify field to configure a classifier. Figure 193 Advanced > QoS > Class Setup > Add P-2612HW-F1 User’s Guide...
Page 348 Select Same to keep the DSCP fields in the packets. Select Auto to map the DSCP value to 802.1 priority level automatically. Select Mark to set the DSCP field with the value you configure in the field provided. P-2612HW-F1 User’s Guide...
Page 349 Select the check box and enter the port number of the destination.0 means any source port number. See Appendix E on page 533 some common services and port numbers. Select the check box and enter the destination MAC address of the packet. P-2612HW-F1 User’s Guide...
Page 350 Select this option to set this classifier for TCP ACK (acknowledgement) packets. Back Click Back to go to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW-F1 User’s Guide...
Page 351: The Qos Monitor Screen
Poll Interval(s) Enter the time interval for refreshing statistics in this field. Set Interval Click this button to apply the new poll interval you entered in the Poll Interval(s) field. Stop Click Stop to stop refreshing statistics. P-2612HW-F1 User’s Guide...
Page 352: Qos Technical Reference
IP precedence uses three bits of the eight- bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest. P-2612HW-F1 User’s Guide...
Page 353: Diffserv
IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class. The following table shows you the internal layer-2 and layer-3 QoS mapping on the ZyXEL Device. On the ZyXEL Device, traffic assigned to higher priority queues P-2612HW-F1 User’s Guide...
Page 354 USER PRIORITY TOS (IP IP PACKET QUEUE DSCP (ETHERNET PRECEDENCE) LENGTH (BYTE) PRIORITY) 000000 000000 >1100 001110 250~1100 001100 001010 001000 010110 010100 010010 010000 011110 <250 011100 011010 011000 100110 100100 100010 100000 101110 101000 110000 111000 P-2612HW-F1 User’s Guide...
Page 355: Dynamic Dns Setup
IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. If you have a private WAN IP address, then you cannot use Dynamic DNS. P-2612HW-F1 User’s Guide...
Page 356: Configuring Dynamic Dns
Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (","). User Name Type your user name. Password Type the password assigned to you. P-2612HW-F1 User’s Guide...
Page 357 Type the IP address of the host name(s). Use this if you have a static IP IP Address address. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW-F1 User’s Guide...
Page 358 Chapter 19 Dynamic DNS Setup P-2612HW-F1 User’s Guide...
Page 359: Remote Management
To disable remote management of a service, select Disable in the corresponding Access Status field. You may only have one remote management session running at a time. The ZyXEL Device automatically disconnects a remote management session of lower P-2612HW-F1 User’s Guide...
Page 360: What You Can Do In The Remote Management Screens
• There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. • There is a firewall rule that blocks it. P-2612HW-F1 User’s Guide...
Page 361: The Www Screen
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service. P-2612HW-F1 User’s Guide...
Page 362: The Telnet Screen
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service. P-2612HW-F1 User’s Guide...
Page 363: The Ftp Screen
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service. P-2612HW-F1 User’s Guide...
Page 364: The Snmp Screen
(SNMPv2). The next figure illustrates an SNMP management operation. Note: SNMP is only available if TCP/IP is configured. Figure 200 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. P-2612HW-F1 User’s Guide...
Page 365 RFC-1215) any SNMP get or set requirements with the wrong community (password). whyReboot (defined in A trap is sent with the reason of restart before ZYXEL-MIB) rebooting when the system is going to restart (warm start). P-2612HW-F1 User’s Guide...
Page 366: Configuring Snmp
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service. P-2612HW-F1 User’s Guide...
Page 367: The Dns Screen
Click Advanced > Remote MGMT > DNS to change your ZyXEL Device’s DNS settings. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s P-2612HW-F1 User’s Guide...
Page 368: The Icmp Screen
ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. P-2612HW-F1 User’s Guide...
Page 369 TCP reset packet for a blocked TCP packet (or an ICMP port-unreachable packet for a blocked UDP packets) or just drop the packets without sending a response packet. P-2612HW-F1 User’s Guide...
Page 370 Chapter 20 Remote Management Table 120 Advanced > Remote Management > ICMP LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW-F1 User’s Guide...
Page 371: Upnp
UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following: • Dynamic port mapping • Learning public IP addresses • Assigning lease times to mappings P-2612HW-F1 User’s Guide...
Page 372 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0. See the following sections for examples of installing and using UPnP. P-2612HW-F1 User’s Guide...
Page 373: The Upnp Screen
UPnP enabled application. Apply Click Apply to save the setting to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. P-2612HW-F1 User’s Guide...
Page 374: Installing Upnp In Windows Example
Follow the steps below to install the UPnP in Windows Me. Click Start and Control Panel. Double-click Add/Remove Programs. Click the Windows Setup tab and select Communication in the Components selection box. Click Details. Figure 205 Add/Remove Programs: Windows Setup: Communication P-2612HW-F1 User’s Guide...
Page 375 Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections. In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 207 Network Connections P-2612HW-F1 User’s Guide...
Page 376 Chapter 21 UPnP The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Figure 208 Windows Optional Networking Components Wizard P-2612HW-F1 User’s Guide...
Page 377: Using Upnp In Windows Xp Example
Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network Device Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. P-2612HW-F1 User’s Guide...
Page 378 Chapter 21 UPnP Right-click the icon and select Properties. Figure 210 Network Connections P-2612HW-F1 User’s Guide...
Page 379 Chapter 21 UPnP In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 211 Internet Connection Properties P-2612HW-F1 User’s Guide...
Page 380 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 212 Internet Connection Properties: Advanced Settings Figure 213 Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. P-2612HW-F1 User’s Guide...
Page 381 IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. Click Start and then Control Panel. Double-click Network Connections. P-2612HW-F1 User’s Guide...
Page 382 Chapter 21 UPnP Select My Network Places under Other Places. Figure 216 Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. P-2612HW-F1 User’s Guide...
Page 383 Figure 217 Network Connections: My Network Places Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 218 Network Connections: My Network Places: Properties: Example P-2612HW-F1 User’s Guide...
Page 384 Chapter 21 UPnP P-2612HW-F1 User’s Guide...
Page 385: Maintenance, Troubleshooting And Specifications
Maintenance, Troubleshooting and Specifications System (387) Logs (393) Tools (415) Diagnostic (435) Troubleshooting (439) Product Specifications (447)
Page 387: System
DHCP Server. Often your ISP or a router on your network performs this function. A LAN (local area network) is typically a network which covers a small area, made up of computers and other devices which share resources such as Internet access and printers. P-2612HW-F1 User’s Guide...
Page 388: The General Screen
Enter the domain name (if you know it) here. If you leave this field blank, the ISP may assign a domain name via DHCP. The domain name entered by you is given priority over the ISP assigned domain name. P-2612HW-F1 User’s Guide...
Page 389 After you change the password, use the new password to access the ZyXEL Device. Retype to Type the new password again for confirmation. Confirm Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW-F1 User’s Guide...
Page 390: The Time Setting Screen
Select this radio button to enter the time and date manually. If you configure a new time and date, Time Zone and Daylight Saving at the same time, the new time and date you entered has priority and the Time Zone and Daylight Saving settings do not affect it. P-2612HW-F1 User’s Guide...
Page 391 Daylight saving is a period from late spring to early fall when many Savings countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening. Select this option if you use Daylight Saving Time. P-2612HW-F1 User’s Guide...
Page 392 Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW-F1 User’s Guide...
Page 393: Logs
23.2 The View Log Screen Click Maintenance > Logs to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see Section 23.3 on page 395). P-2612HW-F1 User’s Guide...
Page 394 This field lists the source IP address and the port number of the incoming packet. Destination This field lists the destination IP address and the port number of the incoming packet. Notes This field displays additional information about the log entry. P-2612HW-F1 User’s Guide...
Page 395: The Log Settings Screen
Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many e-mails being sent. Figure 222 Maintenance > Logs > Log Settings P-2612HW-F1 User’s Guide...
Page 396 Select this to delete all the logs after the ZyXEL Device sends an E-mail sending mail of the logs. Syslog The ZyXEL Device sends a log to an external syslog server. Logging Active Click Active to enable syslog logging. P-2612HW-F1 User’s Guide...
Page 397: Smtp Error Messages
The following is an example of a log sent by e-mail. • You may edit the subject title. • The date format here is Day-Month-Year. • The date format here is Month-Day-Year. The time format is Hour-Minute- Second. P-2612HW-F1 User’s Guide...
Page 398: Log Descriptions
Someone has logged on to the router via telnet. Successful TELNET login Someone has failed to log on to the router via telnet. TELNET login failed Someone has logged on to the router via ftp. Successful FTP login P-2612HW-F1 User’s Guide...
Page 399 The router failed to allocate memory for the NetBIOS setNetBIOSFilter: calloc filter settings. error The router failed to allocate memory for the NetBIOS readNetBIOSFilter: calloc filter settings. error A WAN connection is down. You cannot access the WAN connection is down. network through this interface. P-2612HW-F1 User’s Guide...
Page 400 Firewall session time firewall session timed out.Default timeout values:ICMP out, sent TCP RST idle timeout (s): 60UDP idle timeout (s): 60TCP connection (three way handshaking) timeout (s): 30TCP FIN-wait timeout (s): 60TCP idle (established) timeout (s): 3600 P-2612HW-F1 User’s Guide...
Page 401 ICMP The firewall does not support this kind of ICMP Unsupported/out-of-order ICMP: packets or the ICMP packets are out of order. ICMP The router sent an ICMP reply packet to the Router reply ICMP packet: ICMP sender. P-2612HW-F1 User’s Guide...
Page 402 UPnP packets can pass through the firewall. UPnP pass through Firewall Table 136 Content Filtering Logs LOG MESSAGE DESCRIPTION The content of a requested web page matched a user defined %s: block keyword keyword. The system forwarded web content. P-2612HW-F1 User’s Guide...
Page 403 A user was not authenticated by the RADIUS RADIUS rejects user. Pls check Server. Please check the RADIUS Server. RADIUS Server. The router logged out a user whose session User logout because of session expired. timeout expired. P-2612HW-F1 User’s Guide...
Page 404 Table 140 ICMP Notes TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed P-2612HW-F1 User’s Guide...
Page 405 The “devID” is the last three characters of the MAC address of the router’s LAN port. The “cat” is the same as the category in the router’s logs. P-2612HW-F1 User’s Guide...
Page 406 VoIP call to the listed destination. Ph[Phone Port] -> Outgoing Call Number A VoIP phone call made from a phone connected to the VoIP Call End Phone[Phone listed phone port has terminated. Port] P-2612HW-F1 User’s Guide...
Page 407 Please refer to RFC 2408 for detailed information on each type. Table 146 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID P-2612HW-F1 User’s Guide...
Page 408 Chapter 23 Logs P-2612HW-F1 User’s Guide...
Page 409: Call History
Click Maintenance > Call History to open the Summary screen. Use the Summary screen to view a summary of the calls performed via the ZyXEL Device within a certain period. Figure 224 Maintenance > Call History > Summary P-2612HW-F1 User’s Guide...
Page 410: Viewing The Call History
The call history buffer can hold up to 150 entries. When the call history buffer fills, old records are deleted as new ones are added. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order. Figure 225 Maintenance > Call History > Call History P-2612HW-F1 User’s Guide...
Page 411 This field displays the number of packets the ZyXEL Device has transmitted for the call. RxPacket This field displays the number of packets the ZyXEL Device has received for the call. Interface This field displays the type of the call. P-2612HW-F1 User’s Guide...
Page 412: Configuring Call History Settings
E-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyXEL Device sends. Not all ZyXEL Device have this field. P-2612HW-F1 User’s Guide...
Page 413 Hourly If you select Weekly or Daily, specify a time of day when the ZyXEL Device saves the records. If you select Weekly, then also specify which day of the week the ZyXEL Device saves the records. P-2612HW-F1 User’s Guide...
Page 414 Select which day of a month (from 1 to 28) on which the “Last Month” Every Month summary of call history (displays in the Summary screen) starts. Apply Click Apply to save your customized settings and exit this screen. Ó Cancel Click Cancel to return to the previously saved settings. P-2612HW-F1 User’s Guide...
Page 415: Tools
428) to restart your ZyXEL device. 25.1.2 What You Need To Know About Tools Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, and TCP/IP Setup. P-2612HW-F1 User’s Guide...
Page 416 ZyXEL Device configurations, system-related data (including the default password), the error log and the trace log. Firmware This is the generic name for the ZyNOS *.bin firmware on the ZyXEL Device. FTP Restrictions FTP will not work when: P-2612HW-F1 User’s Guide...
Page 417: Before You Begin
150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec. ftp>quit Refer to Section 25.1.2 on page 415 to read about configurations that disallow TFTP and FTP over WAN. P-2612HW-F1 User’s Guide...
Page 418 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit P-2612HW-F1 User’s Guide...
Page 419 (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the device). Commands that you may see in GUI-based TFTP clients are listed earlier in this chapter. P-2612HW-F1 User’s Guide...
Page 420 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit P-2612HW-F1 User’s Guide...
Page 421 Use the TFTP client (see the example below) to transfer files between the ZyXEL Device and the computer. The file name for the configuration file is “rom-0” (rom- zero, not capital o). P-2612HW-F1 User’s Guide...
Page 422: Firmware Upgrade Screen
ZyXEL Device. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See Section on page 418 upgrading firmware using FTP/TFTP commands. P-2612HW-F1 User’s Guide...
Page 423 Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes. P-2612HW-F1 User’s Guide...
Page 424 After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen. Figure 233 Error Message P-2612HW-F1 User’s Guide...
Page 425: The Configuration Screen
The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the ZyXEL Device’s current configuration to your computer. P-2612HW-F1 User’s Guide...
Page 426 If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address (192.168.1.1). See Appendix A on page 461 for details on how to set up your computer’s IP address. P-2612HW-F1 User’s Guide...
Page 427: Reset To Factory Defaults
Figure 239 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to Section 1.5 on page 30 for more information on the RESET button. P-2612HW-F1 User’s Guide...
Page 428: Restart
Use “get” to transfer files from the ZyXEL Device to the computer, for example, “get rom-0 config.rom” transfers the configuration file on the ZyXEL Device to your computer and renames it “config.rom”. See earlier in this chapter for more information on filename conventions. Enter “quit” to exit the ftp prompt. P-2612HW-F1 User’s Guide...
Page 429: Ftp Command Configuration Backup Example
25.5.4 Backup Configuration Using TFTP The ZyXEL Device supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. P-2612HW-F1 User’s Guide...
Page 430: Tftp Command Configuration Backup Example
“host” is the ZyXEL Device IP address, “get” transfers the file source on the ZyXEL Device (rom-0, name of the configuration file on the ZyXEL Device) to the file destination on the computer and renames it config.rom. P-2612HW-F1 User’s Guide...
Page 431: Configuration Backup Using Gui-Based Tftp Clients
FTP is faster. Please note that you must wait for the system to automatically restart after the file transfer is complete. Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE your device. When the Restore Configuration process is complete, the device automatically restarts. P-2612HW-F1 User’s Guide...
Page 432: Restore Using Ftp Session Example
Enter “open”, followed by a space and the IP address of your device. Enter your username as requested (the default is “admin”). Press [ENTER] when prompted for a password. Enter “bin” to set transfer mode to binary. P-2612HW-F1 User’s Guide...
Page 433: Ftp Session Example Of Firmware File Upload
Use telnet from your computer to connect to the device and log in. Because TFTP does not have any security checks, the device records the IP address of the telnet client and accepts TFTP requests only from this address. P-2612HW-F1 User’s Guide...
Page 434: Tftp Upload Command Example
(firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the device). Commands that you may see in GUI-based TFTP clients are listed earlier in this chapter. P-2612HW-F1 User’s Guide...
Page 435: Diagnostic
(Section 26.3 on page 436) to view the DSL line statistics and reset the ADSL line. 26.2 The General Diagnostic Screen Click Maintenance > Diagnostic to open the screen shown next. Figure 244 Maintenance > Diagnostic > General P-2612HW-F1 User’s Guide...
Page 436: The Dsl Line Diagnostic Screen
Click Maintenance > Diagnostic > DSL Line to open the screen shown next. This screen is not available when you set the WAN mode to Ethernet WAN in the WAN > Internet Access Setup screen using the DSL/WAN switch. Figure 245 Maintenance > Diagnostic > DSL Line P-2612HW-F1 User’s Guide...
Page 437 The ZyXEL Device sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network. P-2612HW-F1 User’s Guide...
Page 438 Reset ADSL Line Successfully!" Capture All Click this button to display information and statistics about your ZyXEL Logs Device’s ATM statistics, DSL connection statistics, DHCP settings, firmware version, WAN and gateway IP address, VPI/VCI and LAN IP address. P-2612HW-F1 User’s Guide...
Page 439: Troubleshooting
Make sure the power source is turned Turn the ZyXEL Device off and on. If the problem continues, contact the vendor. One of the LEDs does not behave as expected. P-2612HW-F1 User’s Guide...
Page 440: Zyxel Device Access And Login
• If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the ZyXEL Device. Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. P-2612HW-F1 User’s Guide...
Page 441 ZyXEL Device. Log out of the ZyXEL Device in the other session, or ask the person who is logged in to log out. Turn the ZyXEL Device off and on. If this does not work, you have to reset the device to its factory defaults. See Section 27.2 on page 439. P-2612HW-F1 User’s Guide...
Page 442: Internet Access
I cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device), but my Internet connection is not available anymore. Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.4 on page P-2612HW-F1 User’s Guide...
Page 443: Phone Calls And Voip
27.5 Phone Calls and VoIP The telephone port won’t work or the telephone lacks a dial tone. Check the telephone connections and telephone wire. I can access the Internet, but cannot make VoIP calls. P-2612HW-F1 User’s Guide...
Page 444: Multiple Sip Accounts
SIP accounts are configured and you are using two phones. When you place a call from phone port 1 or phone port 2, the ZyXEL Device will use SIP account 1. Figure 246 Outgoing Calls: Default PHONE 1 SIP 1 Internet PHONE 2 SIP 2 P-2612HW-F1 User’s Guide...
Page 445: Incoming Calls
SIP accounts are configured and you are using two phones. When a call comes in from your SIP account 1, the phones connected to both phone port 1 and phone port 2 ring. Similarly, when a call comes in from P-2612HW-F1 User’s Guide...
Page 446 2 rings. To apply these configuration changes you need to configure the Analog Phone screen. See Section 10.5 on page 196. Figure 249 Incoming Calls: Individual Configuration PHONE 1 SIP 1 Internet PHONE 2 SIP 2 P-2612HW-F1 User’s Guide...
Page 447: Product Specifications
-20º ~ 60º C Operation Humidity 20% ~ 85% RH Storage Humidity 20% ~ 90% RH Distance between the 137.20mm centers of the holes (for wall-mounting) on the device’s back Screw size for wall- M4 tap mounting P-2612HW-F1 User’s Guide...
Page 448: Firmware Specifications
DHCP server to the clients. Dynamic DNS With Dynamic DNS (Domain Name System) support, you can use Support a fixed URL, www.zyxel.com for example, with a dynamic IP address. You must register for this service with a Dynamic DNS service provider. P-2612HW-F1 User’s Guide...
Page 449 The ZyXEL Device VPN is based on the IPSec standard and is interoperable with other IPSec-based VPN products. The ZyXEL Device supports up to two simultaneous IPSec connections. Other PPPoE PPPoE idle time out Features PPPoE dial on demand P-2612HW-F1 User’s Guide...
Page 450 Auto-negotiating rate adaptation ADSL physical connection AAL5 (ATM Adaptation Layer type 5) Multi-protocol over AAL5 (RFC 2684/1483) PPP over ATM AAL5 (RFC 2364) PPP over Ethernet (RFC 2516) Multiple PPPoE VC-based and LLC-based multiplexing I.610 F4/F5 OAM P-2612HW-F1 User’s Guide...
Page 451 Note: To take full advantage of the supplementary phone services available through the ZyXEL Device's phone port, you may need to subscribe to the services from your VoIP service provider. Note: Not all features are supported by all service providers. Consult your service provider for more information. P-2612HW-F1 User’s Guide...
Page 452 You can then either reject the new incoming call, put your current call on hold and receive the new incoming call, or end the current call and receive the new incoming call. P-2612HW-F1 User’s Guide...
Page 453 Quality of Service (QoS) mechanisms help to provide better service Service) on a per-flow basis. Your device supports Type of Service (ToS) tagging and Differentiated Services (DiffServ) tagging. This allows the device to tag voice frames so they can be prioritized over the network. P-2612HW-F1 User’s Guide...
Page 454: Wireless Features
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security standard. Key differences between WPA and WEP are user authentication and improved data encryption. WPA2 WPA 2 is a wireless security standard that defines stronger encryption, authentication and key management than WPA. P-2612HW-F1 User’s Guide...
Page 455 The Point-to-Point Protocol (PPP) RFC 1723 RIP-2 (Routing Information Protocol) RFC 1901 SNMPv2c Simple Network Management Protocol version 2c RFC 2236 Internet Group Management Protocol, Version 2. RFC 2364 PPP over AAL5 (PPP over ATM over ADSL) P-2612HW-F1 User’s Guide...
Page 456: Power Adaptor Specifications
TR-069 TR-069 DSL Forum Standard for CPE Wan Management. 1.363.5 Compliant AAL5 SAR (Segmentation And Re-assembly) Power Adaptor Specifications Table 164 Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model MT18-Y180100-A1 Input Power 120V~60Hz 0.5A P-2612HW-F1 User’s Guide...
Page 457 Make sure the screws are snugly fastened to the wall. They need to hold the weight of the ZyXEL Device with the connection cables. Align the holes on the back of the ZyXEL Device with the screws on the wall. Hang the ZyXEL Device on the screws. Figure 250 Wall-mounting Example P-2612HW-F1 User’s Guide...
Page 458 Chapter 28 Product Specifications The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 251 Masonry Plug and M4 Tap Screw P-2612HW-F1 User’s Guide...
Page 459: Appendices And Index
Appendices and Index Setting Up Your Computer’s IP Address (461) Pop-up Windows, JavaScripts and Java Permissions (487) IP Addresses and Subnetting (497) Wireless LANs (509) Common Services (533) Legal Information (537) Index (541)
Page 461: Appendix A Setting Up Your Computer's Ip Address
473 • Linux: Ubuntu 8 (GNOME) page 476 • Linux: openSUSE 10.3 (KDE) page 481 Windows XP/NT/2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT. P-2612HW-F1 User’s Guide...
Page 462 Appendix A Setting Up Your Computer’s IP Address Click Start > Control Panel. Figure 252 Windows XP: Start Menu In the Control Panel, click the Network Connections icon. Figure 253 Windows XP: Control Panel P-2612HW-F1 User’s Guide...
Page 463 Right-click Local Area Connection and then select Properties. Figure 254 Windows XP: Control Panel > Network Connections > Properties On the General tab, select Internet Protocol (TCP/IP) and then click Properties. Figure 255 Windows XP: Local Area Connection Properties P-2612HW-F1 User’s Guide...
Page 464 Preferred DNS server and an Alternate DNS server, if that information was provided. Click OK to close the Internet Protocol (TCP/IP) Properties window. Click OK to close the Local Area Connection Properties window. Verifying Settings Click Start > All Programs > Accessories > Command Prompt. P-2612HW-F1 User’s Guide...
Page 465: Windows Vista
Windows Vista This section shows screens from Windows Vista Professional. Click Start > Control Panel. Figure 257 Windows Vista: Start Menu In the Control Panel, click the Network and Internet icon. Figure 258 Windows Vista: Control Panel P-2612HW-F1 User’s Guide...
Page 466 Figure 260 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then select Properties. Figure 261 Windows Vista: Network and Sharing Center Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. P-2612HW-F1 User’s Guide...
Page 467 Appendix A Setting Up Your Computer’s IP Address Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties. Figure 262 Windows Vista: Local Area Connection Properties P-2612HW-F1 User’s Guide...
Page 468 Preferred DNS server and an Alternate DNS server, if that information was provided.Click Advanced. Click OK to close the Internet Protocol (TCP/IP) Properties window. 10 Click OK to close the Local Area Connection Properties window. Verifying Settings Click Start > All Programs > Accessories > Command Prompt. P-2612HW-F1 User’s Guide...
Page 469 Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. Click Apple > System Preferences. Figure 264 Mac OS X 10.4: Apple Menu P-2612HW-F1 User’s Guide...
Page 470 In the System Preferences window, click the Network icon. Figure 265 Mac OS X 10.4: System Preferences When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. Figure 266 Mac OS X 10.4: Network Preferences P-2612HW-F1 User’s Guide...
Page 471 Figure 267 Mac OS X 10.4: Network Preferences > TCP/IP Tab. For statically assigned settings, do the following: • From the Configure IPv4 list, select Manually. • In the IP Address field, type your IP address. • In the Subnet Mask field, type your subnet mask. P-2612HW-F1 User’s Guide...
Page 472 Click Apply Now and close the window. Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab. Figure 269 Mac OS X 10.4: Network Utility P-2612HW-F1 User’s Guide...
Page 473 The screens in this section are from Mac OS X 10.5. Click Apple > System Preferences. Figure 270 Mac OS X 10.5: Apple Menu In System Preferences, click the Network icon. Figure 271 Mac OS X 10.5: Systems Preferences P-2612HW-F1 User’s Guide...
Page 474 From the Configure list, select Using DHCP for dynamically assigned settings. For statically assigned settings, do the following: • From the Configure list, select Manually. • In the IP Address field, enter your IP address. • In the Subnet Mask field, enter your subnet mask. P-2612HW-F1 User’s Guide...
Page 475 Appendix A Setting Up Your Computer’s IP Address • In the Router field, enter the IP address of your ZyXEL Device. Figure 273 Mac OS X 10.5: Network Preferences > Ethernet Click Apply and close the window. P-2612HW-F1 User’s Guide...
Page 476 The following screens use the default Ubuntu 8 installation. Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in GNOME: P-2612HW-F1 User’s Guide...
Page 477 When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password. Figure 276 Ubuntu 8: Network Settings > Connections P-2612HW-F1 User’s Guide...
Page 478 In the Authenticate window, enter your admin account name and password then click the Authenticate button. Figure 277 Ubuntu 8: Administrator Account Authentication In the Network Settings window, select the connection that you want to configure, then click Properties. Figure 278 Ubuntu 8: Network Settings > Connections P-2612HW-F1 User’s Guide...
Page 479 • In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields. Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen. P-2612HW-F1 User’s Guide...
Page 480 Figure 280 Ubuntu 8: Network Settings > DNS Click the Close button to apply the changes. Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices P-2612HW-F1 User’s Guide...
Page 481 The following screens use the default openSUSE 10.3 installation. Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in the KDE: P-2612HW-F1 User’s Guide...
Page 482 Click K Menu > Computer > Administrator Settings (YaST). Figure 282 openSUSE 10.3: K Menu > Computer Menu When the Run as Root - KDE su dialog opens, enter the admin password and click OK. Figure 283 openSUSE 10.3: K Menu > Computer Menu P-2612HW-F1 User’s Guide...
Page 483 Figure 284 openSUSE 10.3: YaST Control Center When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 285 openSUSE 10.3: Network Settings P-2612HW-F1 User’s Guide...
Page 484 Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. Click Next to save the changes and close the Network Card Setup window. P-2612HW-F1 User’s Guide...
Page 485 If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided. Figure 287 openSUSE 10.3: Network Settings Click Finish to save your settings and close the window. P-2612HW-F1 User’s Guide...
Page 486 From the Options sub-menu, select Show Connection Information. Figure 288 openSUSE 10.3: KNetwork Manager When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly. Figure 289 openSUSE: Connection Status - KNetwork Manager P-2612HW-F1 User’s Guide...
Page 487: Appendix B Pop-Up Windows, Javascripts And Java Permissions
Disable Pop-up Blockers In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 290 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. P-2612HW-F1 User’s Guide...
Page 488 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. P-2612HW-F1 User’s Guide...
Page 489 Select Settings…to open the Pop-up Blocker Settings screen. Figure 292 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. P-2612HW-F1 User’s Guide...
Page 490 Figure 293 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. P-2612HW-F1 User’s Guide...
Page 491 Figure 294 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). P-2612HW-F1 User’s Guide...
Page 492 Figure 295 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. P-2612HW-F1 User’s Guide...
Page 493 Click OK to close the window. Figure 296 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. P-2612HW-F1 User’s Guide...
Page 494 Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 298 Mozilla Firefox: Tools > Options P-2612HW-F1 User’s Guide...
Page 495 Appendix B Pop-up Windows, JavaScripts and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 299 Mozilla Firefox Content Security P-2612HW-F1 User’s Guide...
Page 496 Appendix B Pop-up Windows, JavaScripts and Java Permissions P-2612HW-F1 User’s Guide...
Page 497: Appendix C Ip Addresses And Subnetting
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. P-2612HW-F1 User’s Guide...
Page 498: Subnet Masks
Table 165 IP Address Network Number and Host ID Example OCTET: OCTET: OCTET: OCTET (192) (168) IP Address (Binary) 11000000 10101000 00000001 00000010 Subnet Mask (Binary) 11111111 11111111 11111111 00000000 Network Number 11000000 10101000 00000001 Host ID 00000010 P-2612HW-F1 User’s Guide...
Page 499 MAXIMUM NUMBER OF SUBNET MASK HOST ID SIZE HOSTS 8 bits 255.0.0.0 24 bits – 2 16777214 16 bits 255.255.0.0 16 bits – 2 65534 24 bits 255.255.255.0 8 bits – 2 29 bits 255.255.255.2 3 bits – 2 P-2612HW-F1 User’s Guide...
Page 500 In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 2 – 2 or 254 possible hosts. P-2612HW-F1 User’s Guide...
Page 501 You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25). The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. P-2612HW-F1 User’s Guide...
Page 502 Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. P-2612HW-F1 User’s Guide...
Page 503 Lowest Host ID: 192.168.1.129 192.168.1.128 Broadcast Address: Highest Host ID: 192.168.1.190 192.168.1.191 Table 172 Subnet 4 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001 11000000 Subnet Mask (Binary) 11111111.11111111.11111111 11000000 P-2612HW-F1 User’s Guide...
Page 504 The following table is a summary for subnet planning on a network with a 24-bit network number. Table 174 24-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) P-2612HW-F1 User’s Guide...
Page 505: Configuring Ip Addresses
Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address. The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will compute the subnet mask automatically based on the IP P-2612HW-F1 User’s Guide...
Page 506 A has a static (or fixed) IP address that is the same as the IP address that a DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP P-2612HW-F1 User’s Guide...
Page 507 Figure 304 Conflicting Computer IP Addresses Example Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address. In the following example, the computer and the router’s LAN port both use 192.168.1.1 as the IP address. P-2612HW-F1 User’s Guide...
Page 508 Appendix C IP Addresses and Subnetting The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router’s LAN port. Figure 305 Conflicting Computer and Router IP Addresses Example P-2612HW-F1 User’s Guide...
Page 509: Appendix D Wireless Lans
(AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate P-2612HW-F1 User’s Guide...
Page 510 This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. P-2612HW-F1 User’s Guide...
Page 511 A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or P-2612HW-F1 User’s Guide...
Page 512 RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. P-2612HW-F1 User’s Guide...
Page 513: Preamble Type
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has P-2612HW-F1 User’s Guide...
Page 514 IEEE802.1x EAP with RADIUS Server Authentication Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. P-2612HW-F1 User’s Guide...
Page 515 The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. P-2612HW-F1 User’s Guide...
Page 516 The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. P-2612HW-F1 User’s Guide...
Page 517 However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. P-2612HW-F1 User’s Guide...
Page 518 RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. P-2612HW-F1 User’s Guide...
Page 519 The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption P-2612HW-F1 User’s Guide...
Page 520 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client. P-2612HW-F1 User’s Guide...
Page 521 The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. P-2612HW-F1 User’s Guide...
Page 522 Enable without Dynamic WEP Open Enable with Dynamic WEP Key Enable without Dynamic WEP Disable Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Disable TKIP/AES Enable WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable P-2612HW-F1 User’s Guide...
Page 523: Antenna Overview
Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. P-2612HW-F1 User’s Guide...
Page 524 Number that allows one device to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two minutes to find another device that also has WPS activated. Then, the two devices connect and set up a secure network by themselves. P-2612HW-F1 User’s Guide...
Page 525 WPS in the area. However, you need to log into the configuration interfaces of both devices. Take the following steps to set up WPS using the PIN method. P-2612HW-F1 User’s Guide...
Page 526 On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. P-2612HW-F1 User’s Guide...
Page 527 Authentication Protocol) tunnel and sends the network name (SSID) and the WPA- PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2- PSK is used depends on the standards supported by the devices. If the registrar is P-2612HW-F1 User’s Guide...
Page 528 WPS, it becomes “configured”. A configured wireless client can still act as enrollee or registrar in subsequent WPS connections, but a configured access point can no longer act as enrollee. It will be the registrar in all P-2612HW-F1 User’s Guide...
Page 529 In this case, AP1 must be the registrar, since it is configured (it already has security information for the network). AP1 supplies the existing security information to Client 2. Figure 315 WPS: Example Network Step 2 REGISTRAR EXISTING CONNECTION CLIENT 1 ENROLLEE CLIENT 2 P-2612HW-F1 User’s Guide...
Page 530 (if the device supports this feature). Then, you can enter the key into the non-WPS device and join the network as normal (the non-WPS device must also support WPA-PSK or WPA2-PSK). P-2612HW-F1 User’s Guide...
Page 531 Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. P-2612HW-F1 User’s Guide...
Page 532 Appendix D Wireless LANs P-2612HW-F1 User’s Guide...
Page 533: Appendix E Common Services
Border Gateway Protocol. BOOTP_CLIENT DHCP Client. BOOTP_SERVER DHCP Server. CU-SEEME 7648 A popular videoconferencing solution from White Pines Software. 24032 TCP/UDP Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. P-2612HW-F1 User’s Guide...
Page 534 ICMP echo requests to test whether or not a remote host is reachable. POP3 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other). P-2612HW-F1 User’s Guide...
Page 535 Control System). TELNET Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems. P-2612HW-F1 User’s Guide...
Page 536 Table 180 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. P-2612HW-F1 User’s Guide...
Page 537: Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 538: Zyxel Limited Warranty
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-2612HW-F1 User’s Guide...
Page 539 Appendix F Legal Information P-2612HW-F1 User’s Guide...
Page 540 Appendix F Legal Information P-2612HW-F1 User’s Guide...
Page 541 Address Resolution Protocol (ARP) backup type ADSL2 bandwidth management Advanced Encryption Standard, see AES Basic Service Set, see BSS 157, 519 blinking LEDs bridge mode 100, 104 alerts firewalls BYE request 180, 454 algorithms alternative subnet mask notation antenna directional P-2612HW-F1 User’s Guide...
Page 542 218, 353 channel scan directory servers Class of Service adding/editing Class of Service, see CoS and certificates client-server protocol disclaimer codecs comfort noise generation 197, 453 124, 132, 367 command interface DNS Server configuration file for VPN host P-2612HW-F1 User’s Guide...
Page 543 RFC 1483 thresholds encryption triangle route 237, 249 solutions firmware auto upgrade Europe type call service mode 219, 225 upload Extended Service Set, see ESS upload error external accounting server version external antenna flash key 219, 225 P-2612HW-F1 User’s Guide...
Page 544 RFC 1483 IP alias 130, 450 IP multicasting IANA 134, 506 IP pool IBSS 126, 132 IPSec ICMP algorithms ID type and content architecture idle timeout 147, 149 IEEE 802.11b see also VPN IEEE 802.11g 150, 513 standard P-2612HW-F1 User’s Guide...
Page 545 VLAN negotiation mode managing the device NetBIOS command interface Network Address Translation, see NAT good habits Telnet Network Basic Input/Output System, see NetBIOS using FTP. See FTP. non-proxy calls Maximum Burst Size, see MBS P-2612HW-F1 User’s Guide...
Page 546 PPP (Point-to-Point Protocol) Link Layer remote hosts, and certificates Protocol remote management PPP over ATM AAL5 limitations PPP over Ethernet PPP over Ethernet, see PPPoE Telnet PPPoE 98, 116, 449 benefits Request To Send, see RTS preamble RESET button P-2612HW-F1 User’s Guide...
Page 547 103, 113, 119 static DHCP static IP address seamless rate adaptation static route secure gateway address status security associations, see VPN status indicators Security Parameter Index storage humidity security, network storage temperature server 185, 391 P-2612HW-F1 User’s Guide...
Page 548 74, 218, 327 transport mode 802.1P priority 327, 338 triangle route 237, 249 activation solutions example trusted CAs, and certificates group TTLS group settings tunnel mode 74, 218 ID tags tutorial 74, 218 management group 54, 71 P-2612HW-F1 User’s Guide...
Page 549 148, 454, 518 wireless key caching client configuration pre-authentication profile user authentication security vs WPA-PSK tutorial wireless client supplicant wireless client with RADIUS application example wireless client WPA supplicants WPA2 user authentication Wireless Distribution System, see WDS P-2612HW-F1 User’s Guide...
Page 550 Index vs WPA2-PSK wireless client supplicant with RADIUS application example WPA2-Pre-Shared Key, see WPA2-PSK WPA2-PSK 518, 519 application example WPA-PSK 146, 519 application example ZyNOS F/W version firmware version ZyXEL Network Operating System, see ZyNOS P-2612HW-F1 User’s Guide...
Page 551 Index P-2612HW-F1 User’s Guide...

ZyXEL Communications P-2612HW-F1 User Manual

About this User's Guide

Document Conventions

Safety Warnings

Contents Overview

Table of Contents

Introduction

PART I Introduction

Chapter 1 Introduction

Chapter 2 The Web Configurator

Chapter 3 Wizards

Chapter 4 Tutorial

Advanced

Part II: Advanced

Chapter 5 Status Screens

Chapter 6 WAN Setup

Chapter 7 LAN Setup

Chapter 8 Wireless LAN

Chapter 9 NAT

Chapter 10 Voice

Chapter 11 Phone Usage

Chapter 12 Firewall

Chapter 13 Content Filtering

Chapter 14 VPN

Chapter 15 Certificates

Chapter 16 Static Route

Chapter 17 Q/1P

Chapter 18 Quality of Service (Qos)

Chapter 19 Dynamic DNS Setup

Chapter 20 Remote Management

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications P-2612HW-F1

Summary of Contents for ZyXEL Communications P-2612HW-F1