About This User's Guide Intended Audience This manual is intended for people who want to configure the VFG6005 Series using the Web Configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation •...
Page 3
Date that you received or purchased your device Brief description of the problem including any steps that you have taken before contacting the ZyXEL Customer Support representative Support Email support@zyxel.com Toll-Free 1-800-978-7222 Website www.us.zyxel.com ZyXEL Communications Inc. 1130 N. Miller Street, Postal mail Anaheim, CA 92806-2001 U.S.A.
Syntax Conventions • The VFG6005 series may be referred to as the ―VFG‖, the ―device‖, the ―product‖ or the ―system‖ in this User‘s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5
Icons Used in Figures Figures in this User‘s Guide may use the following generic icons. The VFG icon is not an exact representation of your device.
Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. •...
Internet threats and exploits. VPN support allows for a secure method to access the Local Area Network remotely on your laptop while on the road or to another office using a site-to-site tunnel to another VFG6005 series VPN Firewall Gateway.
Page 11
PPTP VPN support provides a secured data connection for use with Window‘s built in VPN Client, Android or iPhone smartphones or other legacy VPN Clients. IPSec VPN support provides enterprise level data security to full featured IPSec VPN Clients or other VPN gateways. In either case, ZyXEL‘s VFG6005 Series VPN Firewall Gateway has your VPN support covered.
PACKAGE CONTENT One ZyXEL VFG6005/VFG6005N Series VPN Firewall Gateway One User Manual CD One Quick Installation Guide One Power Adaptor One Ethernet Network Cable One USB extension cable Two Detachable Dipole Antennas (VFG6005N only)
Wireless connection is enabled Green WLAN Wireless connection is disabled Wireless ZyXEL VFG6005 Series VPN Firewall Gateway is Activity faulty; please contact our customer service team. (contact info at the end of this document) The Ethernet WAN port is connected...
When the status LED turns green without blinking, please press the Reset button for 3 seconds. The Reset ZyXEL VFG6005 Series VPN Firewall Gateway will restart automatically and reset the settings to factory default. The port for connecting your 3G USB adapter. Please use USB port 1 as indicated on the top cover.
Power On Take the provided power adapter. Plug one end into The ZyXEL VFG6005 Series DC power port and the other end into a power outlet. The ZyXEL VFG6005 Series VPN Firewall Gateway POWER LED will blink during the boot up phase and be ready when its POWER LED is solid.
B: Connecting via 3G: please plug the 3G USB modem into USB port 1. CHAPTER3 NETWORK SETTINGS FOR YOUR PC Before using the ZyXEL VFG6005 Series VPN Firewall Gateway, you have to configure your network settings in your computer. You can either use DHCP or Static IP for your TCP/IP Settings.
Page 17
To use DHCP Select Obtain an IP Address automatically and Obtain DNS server address automatically. Then click OK. The ZyXEL VFG6005 Series VPN Firewall Gateway will now assign an IP address to your computer. To use Static IP Select Use the following IP address and enter the followings.
FOR WINDOWS 2000 USERS Select Start > Settings > Network and Dial-up Connection Right click on the Local Area Connection and select Properties. You will see the following screen. Select the Internet Protocol (TCP/IP) for your network card. 10. Click on Properties. You will see the following screen.
Page 19
To use DHCP Select Obtain an IP Address automatically and Obtain DNS server address automatically. Then click OK. The ZyXEL VFG6005 Series VPN Firewall Gateway will now assign an IP address to your computer. To use Static IP Select Use the following IP address and enter the followings.
15. Click on Properties. You will now the following screen. 16. Enable DHCP or Static IP: To use DHCP Select Obtain an IP Address automatically. Then click OK. The ZyXEL VFG6005 Series VPN Firewall Gateway will now assign an IP address to your computer.
Page 21
To use Static IP Select Specify an IP address and enter the followings. IP address: 192.168.10.x (x could be from 2 ~ 254) Subnet mask: 255.255.255.0 Now click on Gateway tab. You will see the following screen. Enter 192.168.10.1 in New Gateway, and click Add. Now click on the DNS Configuration tab.
FOR WINDOWS 7 USERS 18. Select Start > Control Panel > Network and Internet> Network and Sharing Center >Change Adapter Settings 19. Click on Local Area Connection and choose Properties. You will now see the following screen. 20. Select Internet Protocol (TCP/IP) for your network card. 21.
Open your WEB browser. In the address box, enter [ HTTP://192.168.10.1] When you successfully connect to the configuration interface for the ZyXEL VFG6005 Series VPN Firewall Gateway, the login screen will pop up. Enter your username as [admin] and your password as [1234]. You will now see the Router>Status page of The ZyXEL VFG6005 Series VPN Firewall Gateway.
CHAPTER5 BASIC SETTINGS WAN SETUP 23. Click on [Setup] - [WAN] tab. You will see the following screen.
Page 26
DHCP, Static and PPPoE. Please ensure which connection type should be used, and select your internet connection type from the pull-down menu. Whatever WAN connection type you have chosen, The ZyXEL VFG6005 Series VPN Firewall Gateway will get a WAN IP and this IP will be shown in the Router/Status page as below.
5.1.1 DHCP (automatic IP address assignment) The IP address is automatically assigned to you by your ISP. You will see the following screen when you choose DHCP. Select Enable/Disable to enable/disable WAN Connection Type DHCP Some ISP and DHCP servers ask for the Host Name of the DHCP client before assigning an Host Name IP address.
Static DNS 2 The static DNS 2 offered by the ISP. Maximum Transmission Unit 5.1.3 PPPoE (connected by username/password) If your ISP provides the username and password, please enter the information accordingly. Provided by your ISP Select Enable/Disable to enable/disable WAN Connection Type PPPoE Authentication...
Some ISPs only allow a registered MAC address to access to the internet. To bypass the rule, you need to set up a cloned MAC address for The ZyXEL VFG6005 Series VPN Firewall Gateway using the pre-registered MAC address. Click on [Setup] – [MAC Address Clone] tab. You will see the following screen.
Page 31
Select Enable/Disable to enable/disable WAN Connection Type Mobile WAN Modem Brand Select the modem brand you use. You can keep it as Auto for automatic detection. Modem Model Select the modem model you use. You can keep it as Auto for automatic detection. Select By Service Provider for specifying the ISP you use, or otherwise choose APN Type Custom to assign desired APN.
5.1.6 HSPA+ Super Speed If you using HSPA+ super speed modem, please choose this WAN connection type. Please enable and enter the APN, PIN code, user name, and password provided by your ISP. You may also choose from the list of profiles for well known ISP settings.
Page 33
Select Enable/Disable to enable/disable WAN Connection Type HSPA+ Super Speed Select the modem brand you use. You can keep it as Auto for automatic Modem Brand detection. Select the modem model you use. You can keep it as Auto for automatic Modem Model detection.
Click on [Setup] – [WAN Failover] tab. You will see the following screen. Configure the basic settings of WAN Failover following the instructions below. Detection Interval This is the interval which specifies how often the VFG6005 series will check the Ethernet WAN connection. Connection Detection...
LAN SETUP Click on [Setup] – [LAN] tab. You will see the following screen. Configure your LAN following the instructions listed below. Internal IP Address Please key in Internal IP Address Netmask Select Netmask from the selection list. Click Enable only if you will deploy your network in a ring topology. Spanning Tree Other switches in the LAN must also support STP.
DHCP SERVER SETUP The ZyXEL VFG6005 Series VPN Firewall Gateway provides DHCP server service in order to offer IP addresses to the computers within a LAN. Click on [Setup] – [DHCP Server] tab. You will see the following screen. Configure your LAN following the instructions listed below.
IP addresses behind the server. Register with one of the DDNS providers (DynDNS.org, TZO.com or ZoneEdit.com) before you configure DDNS on the ZyXEL VFG6005 Series VPN Firewall Gateway. Click on [Setup] – [DDNS] tab. You will see the following screen.
Page 38
Configure your DDNS following the instructions listed below. Select Enable to enable DDNS service. DDNS Service Select Disable to disable DDNS service. DDNS Type Select the desired DDNS service provider from the list. User Name Enter your username Password Enter your password Host Name Apply for a domain name, and make sure it is allocated to you Action...
CHAPTER6 WIRELESS SETTINGS BASIC SETUP Multiple SSIDs allow the ability for separate security mode and key settings to be set by users for both convenience and increased protection. Users are able to configure their network devices to access the first SSID with the WPA2 PSK (Pre-Shared Key) and secret key, whilst share the second SSID with WEP and the periodically changed key for visitors.
Wireless SSID Enter the wireless station name you would like to have. Name The ZyXEL VFG6005 Series VPN Firewall Gateway broadcasts SSID periodically. Select Enable to turn it on or Disable to turn it off. Wireless SSID Enabling SSID Broadcasting brings convenience for users to find and connect The ZyXEL Broadcasting VFG6005 Series VPN Firewall Gateway.
Select Enable if you would like to block traffic between other network devices connecting to this SSID. (recommended) Wireless Isolation Select Disable if you would like to allow traffic between other network devices connecting to this SSID. Select WEP/WPA-PSK/WPA/WPA2-PSK/WPA2 for security mode. (WPA2-PSK Security Mode recommended) 6.1.3...
6.1.4 WPA Pre-shared Key / WPA2 Pre-shared Key If WPA Pre-shared Key or WPA2 Pre-shared Key is selected, a Pre-shared Key is supposed to be set. Enter the Pre-Shared Key here. This key will be required for wireless users to connect to the SSID. Encryption Method Select TKIP, AES or Mixed (TKIP+AES).
6.1.5 WPA / WPA2 If WPA or WPA2 is selected, the radius server information should be set accordingly. Enter the RADIUS server‘s IP address. Radius Server IP Address Enter the RADIUS server‘s port number. The default port is 1812. Radius Server Port Enter the RADIUS server‘s IP Address.
ADVANCED SETUP Click on [Wireless] – [Advanced] tab. You will see the following screen.
Page 45
Configure wireless advanced settings following the instructions below. Fragmentation Enter the fragmentation bytes. The default value is 2346 bytes. Enter the RTS seconds. The default value is 2347 seconds. DTim Enter the DTim seconds. The default value is 1. Beacon Interval Enter the interval to send a beacon.
WPS – WIFI PROTECTED SETUP Click on [Wireless] – [WPS] tab. You will see the following screen. WPS Enable Select Enable or Disable to activate or deactivate WPS. Click ―Generate PIN Code‖ to automatically generate a random WPS PIN code. WPS Router PIN Code WPS Push Button Click this button to start the WPS process.
Check to enable ICMP Broadcasting Protection. Protection Uncheck to disable ICMP Broadcasting Protection. ICMP broadcasting attack is a type of DoS attacks. A flood of ICMP broadcasting packets is generated and sent to a server (like the ZyXEL VFG6005 Series VPN...
Page 48
Firewall Gateway). Consequently, this server will suffer from a huge amount of interruptions and consumption of computing resources. The ZyXEL VFG6005 Series VPN Firewall Gateway is able to stop responding to ICMP broadcasting echo packets in order to avoid a potential ICMP broadcasting DoS attack.
* Enabling MAC filtering blocks all MAC addresses which are not listed in the MAC Filter Rule. Be aware that adding the MAC address of your managing computer is required in order to access to the ZyXEL VFG6005 Series VPN Firewall Gateway.
Page 50
Click on [Add] tab. You will see the following screen. Configure [Add Access Control List (ACL)] Settings following the instructions below Sequence Number This defines the sequence of the ACL rules. If a packet fits the conditions set by the ACL rules, the packet will then be sorted according to the first ACL rule from the top of the list.
Page 51
Example: Filter and block MSN usage. For example, a company does not wish to allow employees to use MSN. The system administrator can set up an ACL action: rejecting the traffic going out to External IP Range at 207.46.110.*/24. Rule Name MSN Blocking Rule Enable Enable...
MAC ACCESS CONTROL SETUP Click on [Security] – [MAC Access Control] tab. You will see the following screen. Configure ACL Settings following the instructions below. MAC Access Control Choose Enable/Disable to enable/disable MAC access Control Default MAC Access Control The default ACL action of the ACL rules. When you add the individual rules, Action it can be viewed as exceptions and take effects relating to the default action.
Page 53
If users need to bind an IP to a specified MAC (network device), one can follow the settings as below. Sequence Number User1 Rule Name Enable 00:33:44:55:66:77 Action Allow Access ACL Enable Enable Static ARP Enable Enable Static DHCP Enable Enable 192.168.10.100...
OpenDNS SETUP 7.4.1 OpenDNS Settings Click on [Security] – [OpenDNS] tab. You will see the following screen. Configure OpenDNS Settings following the instructions below. OpenDNS Service Choose Enable/Disable to enable/disable OpenDNS OpenDNS Username Enter OpenDNS user name. OpenDNS Password Enter OpenDNS password. Choose Enable/Disable to enable/disable the data flow redirect to the DNS Query Redirection to OpenDNS Server.
WEB FILTERING SETUP Click on [Security] – [Web Filtering] tab. You will see the following screen. Configure Web Filtering Settings following the instructions below. Web Filtering Choose Enable/Disable to enable/disable Web Filtering Activex Filtering Choose Enable/Disable to enable/disable Activex Filtering Java/JavaScript Filtering Choose Enable/Disable to enable/disable Java/JavaScript Filtering Proxy Filtering...
7.5.1 Added Web Filtering Rules Click on [Add] tab. You will see the following screen. Configure Web Filtering Settings following the instructions below Sequence Number This defines the sequence (priority) of all the Web Filtering rules. Rule Enable Choose Enable/Disable to enable/disable Web Filtering rule Filter Keyword Enter the Keyword Filter Type...
VPN / PPTP SETUP 7.6.1 VPN / PPTP Settings PPTP VPN allows you to create a secure VPN connection remotely to your LAN. PPTP can allow you to connect using built in software clients such as Windows VPN client or smart devices such as Android phones/tablets, iPhones or iPads.
Page 58
Configure PPTP Settings following the instructions below. PPTP Choose Enable/Disable to enable/disable L2TP. Enter MTU value. The default value is 1482 bytes. VPN Start IP Address Enter the VPN start IP address. The default value is 192.168.39.1. Max VPN Clients Enter the max VPN clients.
7.6.2 Add VPN / PPTP Rule Click on [Add] tab. You will see the following screen. Configure [Add PPTP] Settings following the instructions below. Sequence Number This defines the sequence of the PPTP rules. Rule Enable Enable/Disable this PPTP rule User Name Enter PPTP user name.
VPN / L2TP SETUP 7.7.1 VPN / L2TP Settings L2TP allows you to create an insecure VPN connection to your LAN. Because L2TP is insecure, we suggest that you use PPTP or L2TP over IPSec. Also both L2TP and L2TP over IPSec have the restriction that the VPN client cannot be behind a NAT router and must have a routable public IP address.
Configure PPTP Settings following the instructions below. L2TP Choose Enable/Disable to enable/disable L2TP. Enter MTU value. The default value is 1482 bytes. VPN Start IP Address Enter the VPN start IP address. The default value is 192.168.39.1. Max VPN Clients Enter the max VPN clients.
VPN / IPsec SETUP 7.8.1 VPN / IPsec Settings Click on [Security] – [VPN / IPsec] tab. You will see the following screen. Configure IPsec Settings following the instructions below. IPsec Select Enable/Disable to enable/disable IPsec.
7.8.2 Add VPN / IPsec Rule Click on [Add] tab. You will see the following screen.
Page 64
Configure [Add - IPsec] Settings following the instructions below. Sequence Number This defines the sequence of the IPsec rules. Connection Name Name of the IPsec rule. Rule Enable Enable/Disable this IPsec rule VPN Mode Net-to-Net or Road Warrior Local External Interface Select the external WAN for the local VPN gateway.
Certain applications in a LAN are available only after activating the port range forwarding, including servers and online gaming. When an Internet request wants to access a port, the ZyXEL VFG6005 Series VPN Firewall Gateway will dispatch it to the IP specified. Due to security reasons, users are suggested to limit the use of port range forwarding, and cancel it when the application is not used.
8.1.1 Port Range Forward Settings Click on [Applications] – [Port Range Forward] tab. You will see the following screen. Configure [DMZ] Settings following the instructions below Select Enable to enable DMZ function. Select Disable to disable DMZ function. Enter the IP address of a particular host in your LAN which will receive all the packets DMZ IP Address originally going to the WAN port / Public IP address above.
Configure [Port Range Forwarding] Settings following the instructions below Port Forwarding Select Enable / Disable to enable/disable Port Forwarding 8.1.2 Add Port Range Forwarding Rule Click on [Add] tab. You will see the following screen. Configure [Add Port Range Forwarding Rule] Settings following the instructions below This defines the sequences (priorities) of the port forwarding rules.
1-1 NAT 1-1 NAT allows you to map an external Public IP address to an internal LAN IP address. If you have a range of Public IP addresses assigned by your ISP, you can use each of those IP addresses to assign to a specific LAN server.
Page 69
External Interface Choose Ethernet WAN or Mobile WAN as the External virtual host interface. External IP Address Enter the External IP Address. Enter the Mapped LAN IP Address this External IP Address will be mapped Mapped LAN IP Address...
STREAMING/VPN PASS-THROUGH You can enhance your media streaming quality by enabling RTSP, MSS, and H.323 protocols. Moreover, VPN Pass-through functionality can also be enabled. Click on [Applications] – [Streaming / VPN] tab. You will see the following screen. Configure [Streaming] Settings following the instructions below. RTSP Select Enable/Disable to enable/disable RTSP Select Enable/Disable to enable/disable MMS...
UPnP/NAT-PMP SETUP Click on [Applications] – [UPnP / NAT-PMP] tab. You will see the following screen. Configure [UPnP] Settings following the instructions below UPnP Select Enable/Disable to enable/disable UPnP NAT-PMP Select Enable/Disable to enable/disable NAT-PMP UPnP Port Enter the number for UPnP port.
CHAPTER9 DYNAMIC BANDWIDTH MANAGEMENT DBM SETUP Bandwidth Management provides two powerful and unique mechanisms to manage bandwidth: Static Bandwidth Management (SBM) and Dynamic Bandwidth Management (DBM). SBM provides users with the option to allocate a fixed amount of bandwidth for a specific computer or a particular application, while DBM intellectually manages the rest of the bandwidth while all the time satisfying the complicated bandwidth requirements/settings of SBM.
Page 73
Click on [Bandwidth] – [Bandwidth Management] tab. You will see the following screen. Bandwidth Settings: Please adjust your bandwidth type according to your bandwidth (download/upload) subscribed from your ISP. Due to the unstable nature of network bandwidth supported by ISP, users are recommended to reserve a portion of bandwidth for buffering usage, and Bandwidth Management would then arrange the reserved bandwidth under heavy traffic.
Upload Speed: 200KB/s x 8 = 1600Kbp/s The settings can be done as below, Bandwidth Type Select custom。 (Download/Upload) Download Bandwidth Enter the value to 9080。 Upload Bandwidth Enter the value to 1600。 Reserved Buffering User can firstly set the value about 10% and adjust this value later. If your Bandwidth network is very stable, you could lower this value.
Page 75
External Interface Please select which External Interface (WAN1 or WAN2) you want a packet to go through, IF the packet fits the condition of this SBM rule. Service Port Range Set up the Service Port Range (e.g., HTTP is TCP/80) for the SBM to be enabled.
Page 76
Download Enter the reserved download rate to 25 Kbps Upload Enter the reserved upload rate to 25 Kbps Uncheck this box to reserve a fixed rate for this application; You may also Utilize Bandwidth More Than check this box allowing this application use any free available bandwidth Guaranteed when it consumes more bandwidth.
DBM Setting Example The maximum DBM IPs is 8 in the VFG6005 Series. The user may set the DHCP releasing range from 192.168.1.20 to 192.168.1.27 and set those IP as DBM IP accordingly. In this manner, all user access through this router will be controlled...
THROUGHPUT OPTIMIZER ZyXEL's VFG6005 Series VPN Firewall Gateway built in Bandwidth Management transmits the important packets in high priority to optimize the network utilization. You can specify the types of packets for high priority. Click on [Bandwidth] – [Throughput Optimizer] tab. You will see the following screen.
SESSION MANAGER Session manager will automatically recycle old/dead sessions to get better connection efficiency. Users can choose the recycle rate to optimize the connection efficiency especially during P2P downloads. Setting to FAST is recommended. Click on [Bandwidth] – [Session Manager] tab. You will see the following screen. Configure [Session Manager] Settings following the instructions below Recycle Mode Select Fast/Regular/Slow recycle rate...
CHAPTER10 ADMIN 10.1 MANAGEMENT Click on [Admin] – [Management] tab. You will see the following screen.
Page 81
Select Disable to disable Remote Management Remote Management If the remote management is enabled, users who are not in the LAN can connect to the ZyXEL VFG6005 Series VPN Firewall Gateway and configure it from the Internet. Management Port HTTP port which users can connect to. (default port is 80)
10.2 SYSTEM UTILITIES Click on [Admin] – [System Utilities] tab. You will see the following screen.
Page 83
Using the [ping] tool based on the instructions listed below Interface Select the interface that you want to use to ping from, i.e. LAN, WAN. Target Host Enter the IP address to ping to Number of Packets Specify the number of the ICMP packets to send out Press the tab to start the ―ping‖...
10.3 TIME SETUP Click on [Admin] – [Time] tab. You will see the following screen. Configure [Time] Settings based on the instructions listed below Time Synchronization Select Enable/Disable to enable/disable Time Synchronization Time Server Type Select Time Server Pool or Manual. Select Time Server according to your location.
CHAPTER11 STATUS You can access and view all the system information regarding The ZyXEL VFG6005 Series VPN Firewall Gateway from here. 11.1 ROUTER INFORMATION Click on [Status] – [Router] tab. You will see the following screen.
Page 87
Firmware Version The firmware version this device is running. Current Time Current system time Running Time The period of time The ZyXEL VFG6005 Series VPN Firewall Gateway has been running. WAN Ethernet Connection Status Connected / Not Connected MAC Address...
Page 88
WAN Mobile Connection Status Connected / Not Connected Connection Type The current connection type IP Address WAN IP Address Subnet Mask Number of subnet mask Gateway IP address of the gateway Download Download speed Upload Upload speed Modem Brand Modem brand Modem Model Modem model name LAN Ethernet...
11.2 TRAFFIC Click on [Status] – [Traffic] tab, and then choose the graph scale from two hours, one day, one week, and one month. You will see the following graph. Now you can monitor your download and upload throughput.
11.3 SESSION Click on [Status] – [Session] tab and choose the graph scale from two hours, one day, one week, and one month. You will now see the following graph. TCP, UDP, ICMP, and total session information is displayed.
11.4 USER/DHCP Click on [Status] – [User/DHCP] tab. You will see the following screen. Name DHCP client name IP Address IP address which is assigned to this client MAC Address MAC address of this client Expiration Time The remaining time of the IP assignment 11.5 USER/ Current Click on [Status] –...
Page 92
Product Specifications The following tables summarize the VFG6005 Series hardware and firmware features. Hardware Features Dimensions (W x D x H) 159 mm x 107 mm x 25 mm Weight 225 g Input: 100~240 V AC, 50~60 Hz Power Specification Output: 12 V DC 1.5 A...
Page 93
Humidity: 20% ~ 90% Temperature: -30º C ~ 70º C / -22ºF ~ 158ºF Storage Environment Humidity: 20% ~ 95% Firmware Features FEATURE DESCRIPTION 192.168.10.1 (router) Default IP Address Default Subnet Mask 255.255.255.0 (24 bits) Default Login/Password admin/1234 DHCP Pool 192.168.10.20 to 192.168.10.35 Wireless Interface Wireless LAN...
Page 94
Download new firmware (when available) from the ZyXEL web site and use the Web Configurator to put it on the VFG. Firmware Upgrade Note: Only upload firmware for your specific model! Make a copy of the VFG‘s configuration and put it back on the VFG later Configuration Backup &...
Page 95
Configuration Protocol) gateway and DNS servers to computers on your network. With Dynamic DNS (Domain Name System) support, you can use a Dynamic DNS Support fixed URL, www.zyxel.com for example, with a dynamic IP address. You must register for this service with a Dynamic DNS service provider. Use logs for troubleshooting.
Page 96
Appendices and Index Pop-up Windows, JavaScripts and Java Permissions (258) IP Addresses and Subnetting (267) Setting up Your Computer‘s IP Address (281) Wireless LANs (301) Common Services (315) Legal Information (315)
Page 97
Appendix A Pop-up Windows, JavaScripts and Java Permissions In order to use the Web Configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Page 98
In Internet Explorer, select Tools, Internet Options, Privacy. Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 131 Internet Options: Privacy Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Page 99
Figure 132 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix ―http://‖. For example, http://192.168.167.1. Click Add to move the IP address to the list of Allowed sites.
Page 100
Figure 133 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the Web Configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 134 Internet Options: Security...
Page 101
Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). Click OK to close the window. Figure 135 Security Settings - Java Scripting...
Page 102
Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window. Figure 136 Security Settings –...
Page 103
JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. Click OK to close the window. Figure 137 Java (Sun)
Page 105
Appendix B IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.
Page 106
Figure 138 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 107
(192) (168) IP Address (Binary) 11000000 10101000 00000001 00000010 Subnet Mask (Binary) 11111111 11111111 11111111 00000000 Network Number 11000000 10101000 00000001 Host ID 00000010 By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.
Page 108
29-bit mask 11111111 11111111 11111111 11111000 255.255.255.248 Network Size The size of the network number determines the maximum number of possible hosts you can have on your network. The larger the number of network number bits, the smaller the number of remaining host ID bits. An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit subnet mask, for example).
Page 109
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Alternative Subnet Mask Notation SUBNET ALTERNATIV LAST OCTET LAST OCTET MASK E NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000...
Page 110
Figure 139 Subnetting Example: Before Subnetting You can ―borrow‖ one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25). The ―borrowed‖ host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting.
Page 111
192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126. Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.
Page 112
Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Subnet 3 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE...
Page 113
192.168.1.191 Subnet 4 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255 Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111).
Page 114
Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. 24-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK HOST BITS SUBNETS SUBNET 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27)
Page 115
255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) The following table is a summary for subnet planning on a network with a 16-bit network number. 16-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK HOST BITS SUBNETS SUBNET 255.255.128.0 (/17) 32766...
Page 116
255.255.255.192 (/26) 1024 255.255.255.224 (/27) 2048 255.255.255.240 (/28) 4096 255.255.255.248 (/29) 8192 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
Page 117
Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • — 10.255.255.255 10.0.0.0 • — 172.31.255.255 172.16.0.0 • 192.168.0.0 — 192.168.255.255 You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
Page 118
Appendix C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
Page 119
Figure 141 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add. Select Adapter and then click Add.
Page 120
Click Add. Select Client and then click Add. Select Microsoft from the list of manufacturers. Select Client for Microsoft Networks from the list of network clients and then click OK. Restart your computer so the changes you made take effect. Configuring In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties Click the IP Address tab.
Page 121
Figure 143 Windows 95/98/Me: TCP/IP Properties: DNS Configuration Click the Gateway tab. • If you do not know your gateway‘s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window.
Page 122
Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 144 Windows XP: Start Menu In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 145 Windows XP: Control Panel Right-click Local Area Connection and then click Properties.
Page 123
Figure 146 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 147 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). •...
Page 124
Figure 148 Windows XP: Internet Protocol (TCP/IP) Properties If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 125
Figure 149 Windows XP: Advanced TCP/IP Properties In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 126
Figure 150 Windows XP: Internet Protocol (TCP/IP) Properties Click OK to close the Internet Protocol (TCP/IP) Properties window. Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your router and restart your computer (if prompted).
Page 127
Figure 151 Windows 7/Vista Click on Network and Internet. Figure 152 Windows 7/Vista Click on Network and Sharing Center...
Page 128
Figure 153 Windows 7/Vista On the left side of the screen click on Change Adapter Settings (Windows 7), or Manage Network Connections (Vista). Right click on Local Area Connection and select Properties. Figure 154 Windows 7/Vista Highlight Internet Protocol Version 4 and click Properties.
Page 129
Figure 155 Windows 7/Vista Select Use the Following IP Address and enter your IP address, Subnet Mask, and Default Gateway. Enter your DNS server address (if trying to connect to the internet) and click OK. Figure 156 Windows 7/Vista Click OK or Close on the Local Area Connection Properties window to apply the settings.
Page 130
Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 157 Macintosh OS 8/9: Apple Menu Select Ethernet built-in from the Connect via list. Figure 158 Macintosh OS 8/9: TCP/IP...
Page 131
For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 132
For dynamically assigned settings, select Using DHCP from the Configure list. Figure 160 Macintosh OS X: Network For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. •...
Page 133
Linux This section shows you how to configure your computer‘s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version. Note: Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE.
Page 134
Figure 162 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Page 135
Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 164 Red Hat 9.0: KDE: Network Configuration: Activate After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.
Page 136
USERCTL=no PEERDNS=yes TYPE=Ethernet If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf file in the /etc directory. The following figure shows an example where two DNS server IP addresses are specified. Figure 167 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2 After you edit and save the configuration files, you must restart the network card.
Page 137
Interrupt:10 Base address:0x1000 [root@localhost]#...
Page 138
Appendix D Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 139
Figure 171 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
Page 140
Figure 172 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Page 141
Figure 173 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 142
A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
Page 143
DQPSK (Differential Quadrature Phase Shift Keying) 5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features.
Page 144
Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. •...
Page 145
EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station. The wireless station ‗proves‘ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses.
Page 146
If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled. Note: EAP-MD5 cannot be used with dynamic WEP key exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
Page 147
Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption. Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server.
Page 148
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. 34.1.2 WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).
Page 149
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type.
Page 150
TKIP Enable WPA-PSK TKIP Enable WPA2 Enable WPA2-PSK Enable Appendix E Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site.
Page 151
AOL‘s Internet Messenger service. It is AIM/New-ICQ 5190 also used as a listening port by ICQ. AUTH Authentication protocol used by some servers. Border Gateway Protocol. BOOTP_CLIENT DHCP Client. BOOTP_SERVER DHCP Server. CU-SEEME 7648 A popular videoconferencing solution from White Pines Software. 24032 TCP/UDP Domain Name Server, a service that...
Page 152
client/server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICMP User-Defined Internet Control Message Protocol is often used for diagnostic or routing purposes. 4000 This is a popular Internet chat program. IGMP User-Defined Internet Group Management Protocol is...
Page 153
newsgroup service. PING User-Defined Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable. POP3 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other).
Page 154
SFTP Simple File Transfer Protocol. SMTP Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP TCP/UDP Simple Network Management Program. SNMP-TRAPS TCP/UDP Traps for use with the SNMP (RFC:1215). SQL-NET 1521 Structured Query Language is an interface...
Page 155
TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution.
Page 156
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 157
If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and the receiver.
Page 158
Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France.
Page 159
North American products. End-User License Agreement for "VFG6005/VFG6005N" WARNING: ZyXEL Communications Corp. IS WILLING TO LICENSE THE SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT. PLEASE READ THE TERMS CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM.
Page 160
OPEN-SOURCED COMPONENTS UNDER THE APPLICABLE LICENSE TERMS OF SUCH THIRD PARTY. Grant of License for Personal Use ZyXEL Communications Corp. ("ZyXEL") grants you a non-exclusive, non-sublicense, non-transferable license to use the program with which this license is distributed (the "Software"), including any documentation files accompanying the Software ("Documentation"), for internal business use only, for up to the number of users...
Page 161
express or implied obligation to provide any technical or other support for such software other than compliance with the applicable license terms of such third party, and makes no warranty (express, implied or statutory) whatsoever with respect thereto. Please contact the appropriate software vendor or manufacturer directly for technical support and customer service related to its software and products.
Page 162
ORDERS, OR OTHER RESTRICTIONS ON THE EXPORT OF THE SOFTWARE OR INFORMATION ABOUT SUCH SOFTWARE WHICH MAY BE IMPOSED FROM TIME TO TIME. YOU SHALL NOT EXPORT THE SOFTWARE, DOCUMENTATION OR INFORMATION ABOUT THE SOFTWARE AND DOCUMENTATION WITHOUT COMPLYING WITH SUCH LAWS, REGULATIONS, ORDERS, OR OTHER RESTRICTIONS. YOU AGREE TO INDEMNIFY ZyXEL AGAINST ALL CLAIMS, LOSSES, DAMAGES, LIABILITIES, COSTS AND EXPENSES, INCLUDING REASONABLE ATTORNEYS' FEES, TO THE EXTENT SUCH CLAIMS ARISE OUT OF ANY BREACH OF THIS SECTION 8.
Need help?
Do you have a question about the VFG6005 and is the answer not in the manual?
Questions and answers