Page 2
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................5 Part I: User’s Guide ..................17 Chapter 1 Introducing the VMG ..........................19 1.1 Overview ............................19 1.2 Ways to Manage the VMG ........................19 1.3 Good Habits for Managing the VMG ....................19 1.4 Applications for the VMG .........................20 1.4.1 Internet Access ........................20 1.4.2 VMG’s USB Support ........................21...
Page 6
Table of Contents 4.3 Setting Up a Secure Wireless Network .....................40 4.3.1 Configuring the Wireless Network Settings ................40 4.3.2 Using WPS ..........................41 4.3.3 Without WPS ...........................45 4.4 Setting Up Multiple Wireless Groups ....................46 4.5 Configuring Static Route for Routing to Another Network ..............49 4.6 Configuring QoS Queue and Class Setup ..................51 4.7 Access the VMG Using DDNS ......................55 4.7.1 Registering a DDNS Account on www.dyndns.org ..............55...
Page 7
Table of Contents 7.1.2 What You Need to Know ......................101 7.2 The General Screen ........................102 7.2.1 No Security ..........................104 7.2.2 Basic (WEP Encryption) ......................104 7.2.3 More Secure (WPA(2)-PSK) ....................106 7.3 The Guest / More AP Screen ......................107 7.3.1 Edit Guest / More AP ......................108 7.4 MAC Authentication ........................
Page 8
Table of Contents 8.10.2 DHCP Setup ........................148 8.10.3 DNS Server Addresses .......................148 8.10.4 LAN TCP/IP .........................149 Chapter 9 Routing ..............................151 9.1 Overview ............................151 9.2 The Routing Screen ........................151 9.2.1 Add/Edit Static Route ......................152 9.3 The DNS Route Screen ........................153 9.3.1 The DNS Route Add Screen ....................154 9.4 The Policy Forwarding Screen ......................154 9.4.1 Add/Edit Policy Forwarding ....................156 9.5 RIP...
Page 9
Table of Contents 11.7 The Address Mapping Screen .......................187 11.7.1 Add/Edit Address Mapping Rule ..................188 11.8 The Sessions Screen ........................189 11.9 Technical Reference ........................189 11.9.1 NAT Definitions ........................190 11.9.2 What NAT Does ........................190 11.9.3 How NAT Works ........................191 11.9.4 NAT Application ........................191 Chapter 12 Dynamic DNS Setup .........................195 12.1 Overview ............................195...
Page 10
Table of Contents 16.1.2 What You Need To Know ..................... 211 16.1.3 Before You Begin .........................213 16.2 The File Sharing Screen .......................213 16.2.1 The Add New User Screen ....................214 16.3 The Media Server Screen ......................215 16.4 Print Server ..........................216 16.4.1 Before You Begin .........................216 16.4.2 The Print Server Screen ......................217 Chapter 17 Power Management ..........................219...
Page 11
Table of Contents 21.1 Overview ............................241 21.2 The Scheduler Rule Screen ......................241 21.2.1 Add/Edit a Schedule ......................242 Chapter 22 Certificates ............................243 22.1 Overview ............................243 22.1.1 What You Can Do in this Chapter ..................243 22.2 What You Need to Know .......................243 22.3 The Local Certificates Screen .......................243 22.3.1 Create Certificate Request ....................244 22.3.2 Load Signed Certificate ......................246...
Page 12
Table of Contents 25.2 Before You Begin ..........................268 25.3 The SIP Account Screen ......................268 25.3.1 The SIP Account Add/Edit Screen ..................269 25.4 The SIP Service Provider Screen ....................273 25.4.1 The SIP Service Provider Add/Edit Screen ................274 25.5 The Phone Screen ........................281 25.6 The Call Rule Screen ........................281 25.7 The Call History Summary Screen ....................282 25.8 The Call History Outgoing Calls Screen ..................283...
Page 13
Table of Contents 30.2 The Routing Table Screen ......................311 Chapter 31 IGMP/MLD Status ..........................313 31.1 Overview ............................313 31.2 The IGMP/MLD Group Status Screen ...................313 Chapter 32 xDSL Statistics..........................315 32.1 The xDSL Statistics Screen ......................315 Chapter 33 3G Statistics .............................319 33.1 Overview ............................319 33.2 The 3G Statistics Screen .......................319 Chapter 34...
Page 14
Table of Contents Chapter 39 Time Settings ............................333 39.1 Overview ............................333 39.2 The Time Screen ..........................333 Chapter 40 E-mail Notification ..........................335 40.1 Overview ............................335 40.2 The Email Notification Screen .......................335 40.2.1 Email Notification Edit ......................336 Chapter 41 Log Setting ............................337 41.1 Overview ............................337 41.2 The Log Settings Screen .......................337 41.2.1 Example E-mail Log ......................338...
Page 15
Table of Contents 45.5 USB Device Connection ........................358 45.6 UPnP .............................358 Part III: Appendices ..................361 Appendix A Customer Support ......................363 Appendix B Wireless LANs......................369 Appendix C IPv6 ..........................383 Appendix D Services ........................391 Appendix E Legal Information......................396 Index ..............................403 VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 16
Table of Contents VMG8924-B10A and VMG8924-B30A Series User’s Guide...
H A PT ER Introducing the VMG 1.1 Overview The VMG is a wireless VDSL router and Gigabit Ethernet gateway. It has a DSL port and a Gigabit Ethernet port for super-fast Internet access. The VMG supports both Packet Transfer Mode (PTM) and Asynchronous Transfer Mode (ATM).
Chapter 1 Introducing the VMG • Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the VMG to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the VMG.
Chapter 1 Introducing the VMG your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files. 1.4.2 VMG’s USB Support The USB port of the VMG is used for file-sharing, media server and printer-sharing. File Sharing Use the built-in USB 2.0 port to share files on a USB memory stick or a USB hard drive (B).
Chapter 1 Introducing the VMG Printer Server The VMG allows you to share a USB printer on your LAN. You can do this by connecting a USB printer to one of the USB ports on the VMG and then configuring a TCP/IP port on the computers connected to your network.
Page 23
Chapter 1 Introducing the VMG Table 1 LED Descriptions (continued) COLOR STATUS DESCRIPTION Green The VMG has an IP connection but no traffic. INTERNET Your device has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up.
Chapter 1 Introducing the VMG 1.6 The RESET Button If you forget your password or cannot access the Web Configurator, you will need to use the RESET button at the back of the device to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.
Chapter 1 Introducing the VMG Once the connection is successfully made, the WiFi 2.4G LED shines green. To turn off the wireless network, press the Wi-Fi button for one to five seconds. The WiFi 2.4G LED turns off when the wireless network is off. 1.8 Wall-mounting Instructions Do the following to hang your VMG on a wall.
Page 26
Chapter 1 Introducing the VMG Mount the VMG on the screws which are already installed on the wall. Make sure that the VMG is firmly attached to the screws so it does not fall off. VMG8924-B10A and VMG8924-B30A Series User’s Guide...
H A PT ER The Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy setup and management via Internet browser. Use Internet Explorer 8.0 and later versions or Mozilla Firefox 3 and later versions or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
Page 28
Chapter 2 The Web Configurator Figure 8 Change Password Screen The Quick Start Wizard screen appears. You can configure basic Internet access, and wireless settings. See Chapter 3 on page 35 for more information. After you finished or closed the Quick Start Wizard screen, the Network Map page appears. Figure 9 Network Map Click Status to display the Status screen, where you can view the VMG’s interface and system information.
Chapter 2 The Web Configurator 2.2 Web Configurator Layout Figure 10 Screen Layout As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar provides some icons in the upper right corner.
Chapter 2 The Web Configurator 2.2.2 Main Window The main window displays information and configuration fields. It is discussed in the rest of this document. After you click Status on the Connection Status page, the Status screen is displayed. See Chapter 5 on page 68 for more information about the Status screen.
Page 31
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION Broadband Broadband Use this screen to view and configure ISP parameters, WAN IP address assignment, and other advanced properties. You can also add new WAN connections. 3G Backup Use this screen to configure 3G WAN connection.
Page 32
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION Port Forwarding Use this screen to make your local servers visible to the outside world. Applications Use this screen to configure servers behind the VMG. Port Triggering Use this screen to change your VMG’s port triggering settings.
Page 33
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION PPTP VPN Use this screen to add or edit PPTP VPN policies for a dial-up connection. VoIP SIP Account Use this screen to set up information about your SIP account and configure audio settings such as volume levels for the phones connected to the VMG.
Page 34
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION ARP table Use this screen to view the ARP table. It displays the IP and MAC address of each DHCP connection. Routing Table Use this screen to view the routing table on the VMG. IGMP/MLD Use this screen to view the status of all IGMP/MLD settings on the Group Status...
H A PT ER Quick Start 3.1 Overview Use the Quick Start screens to configure the VMG’s time zone, basic Internet access, and wireless settings. Note: See the technical reference chapters (starting on Chapter 4 on page 37) for background information on the features in this chapter. 3.2 Quick Start Setup The Quick Start Wizard appears automatically after login.
Page 36
Chapter 3 Quick Start Figure 13 Quick Start - Internet Connection Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the VMG. Click Save. Figure 14 Quick Start - Wireless Your VMG saves your settings and attempts to connect to the Internet.
H A PT ER Tutorials 4.1 Overview This chapter shows you how to use the VMG’s various features. • Setting Up an ADSL PPPoE Connection, see page 37 • Setting Up a Secure Wireless Network, see page 40 • Setting Up Multiple Wireless Groups, see page 46 •...
Page 38
Chapter 4 Tutorials Type ADSL Connection Mode Routing Encapsulation PPPoE IPv6/IPv4 Mode IPv4 ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode LLC/SNAP-Bridging Service Category UBR without PCR Account Information PPP User Name 1234@DSL-Ex.com PPP Password ABCDEF! PPPoE Service Name MyDSL Static IP Address 192.168.1.32 Others Authentication Method: AUTO...
Page 39
Chapter 4 Tutorials VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Chapter 4 Tutorials You should see a summary of your new DSL connection setup in the Broadband screen as follows. Try to connect to a website to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens.
Chapter 4 Tutorials Go to the Wireless > Others screen and select 802.11b/g/n Mixed in the 802.11 Mode field. Click Apply. Thomas can now use the WPS feature to establish a wireless connection between his notebook and the VMG (see Section 4.3.2 on page 41).
Page 42
Chapter 4 Tutorials There are two WPS methods to set up the wireless client settings: • Push Button Configuration (PBC) - simply press a button. This is the easier of the two methods. • PIN Configuration - configure a Personal Identification Number (PIN) on the VMG. A wireless client must also use the same PIN in order to download the wireless network settings from the VMG.
Page 43
Chapter 4 Tutorials The VMG sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the VMG securely. The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both VMG and wireless client.
Page 44
Chapter 4 Tutorials Enter the PIN number of the wireless client and click the Register button. Activate WPS function on the wireless client utility screen within two minutes. The VMG authenticates the wireless client and sends the proper configuration settings to the wireless client.
Chapter 4 Tutorials Example WPS Process: PIN Method Wireless Client WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION 4.3.3 Without WPS Use the wireless adapter’s utility installed on the notebook to search for the “Example” SSID. Then enter the “DoNotStealMyWirelessNetwork” pre-shared key to establish an wireless Internet connection.
Chapter 4 Tutorials 4.4 Setting Up Multiple Wireless Groups Company A wants to create different wireless network groups for different types of users as shown in the following figure. Each group has its own SSID and security mode. Company Guest •...
Page 47
Chapter 4 Tutorials Click Network Setting > Wireless > Guest/More AP to open the following screen. Click the Edit icon to configure the second wireless network group. Configure the screen using the provided parameters and click Apply. VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 48
Chapter 4 Tutorials In the Guest/More AP screen, click the Edit icon to configure the third wireless network group.Configure the screen using the provided parameters and click Apply. VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Chapter 4 Tutorials Check the status of VIP and Guest in the Guest/More AP screen. The yellow bulbs signify that the SSIDs are active and ready for wireless access. 4.5 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the VMG’s LAN.
Page 50
Chapter 4 Tutorials In the following figure, router R is connected to the VMG’s LAN. R connects to two networks, N1 (192.168.1.x/24) and N2 (192.168.10.x/24). If you want to send traffic from computer A (in N1 network) to computer B (in N2 network), the traffic is sent to the VMG’s WAN default gateway by default.
Chapter 4 Tutorials Table 4 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS R’s N1 192.168.1.253 R’s N2 192.168.10.2 192.168.10.33 To configure a static route to route traffic from N1 to N2: Log into the VMG’s Web Configurator in advanced mode. Click Network Setting >...
Page 52
Chapter 4 Tutorials Let’s say you are a team leader of a small sales branch office. You want to prioritize e-mail traffic because your task includes sending urgent updates to clients at least twice every hour. You also upload data files (such as logs and e-mail archives) to the FTP server throughout the day. Your colleagues use the Internet for research, as well as chat applications for communicating with other branch offices.
Page 53
Chapter 4 Tutorials • Interface: WAN • Priority: 1 (High) • Weight: 8 • Rate Limit: 5,000 (kbps) Tutorial: Advanced > QoS > Queue Setup Click Class Setup > Add new Classifier to create a new class. Check Active and follow the settings as shown in the screen below.
Page 54
Chapter 4 Tutorials Tutorial: Advanced > QoS > Class Setup Class Name Give a class name to this traffic, such as E-mail in this example. From This is the interface from which the traffic will be coming from. Select LAN1 for this Interface example.
Chapter 4 Tutorials This maps e-mail traffic coming from port 25 to the highest priority, which you have created in the previous screen (see the IP Protocol field). This also maps your computer’s IP address and MAC address to the E-mail queue (see the Source fields). Verify that the queue setup works by checking Network Setting >...
Chapter 4 Tutorials 4.7.2 Configuring DDNS on Your VMG Configure the following settings in the Network Setting > DNS > Dynamic DNS screen. • Select Enable Dynamic DNS. • Select www.DynDNS.com as the service provider. • Type zyxelrouter.dyndns.org in the Host Name field. •...
Chapter 4 Tutorials Thomas Josephine Click Security > MAC Filter to open the MAC Filter screen. Select the Enable check box to activate MAC filter function. Select Allow. Then enter the host name and MAC address of Thomas’ computer in this screen. Click Apply.
Chapter 4 Tutorials In FileZilla enter the IP address of the VMG (the default is 192.168.1.1), your account’s user name and password and port 21 and click Quickconnect. A screen asking for password authentication appears. File Sharing via Windows Explorer Once you log in the USB device displays in the folder.
Page 59
Chapter 4 Tutorials • Add a New Printer Using Windows • Add a New Printer Using Macintosh OS X Add a New Printer Using Windows This example shows how to connect a printer to your VMG using the Windows 7 operating system. Some menu items may look different on your operating system.
Page 60
Chapter 4 Tutorials Tutorial: Add Printer Wizard: Welcome Click The printer that I want isn’t listed. Tutorial: Add Printer Wizard: Welcome Select the Select a shared printer by name option. Enter the URL for your printer, http:// 192.168.1.1:631/printers/USB_PRINTER, in this example. This URL can be found in the VMG’s Web Configurator on the Network Setting >...
Page 61
Chapter 4 Tutorials Tutorial: Add Printer Wizard: Welcome Install the printer driver. Please check the Windows CD if it includes the printer driver. If not, please install the driver from the CD included with your printer or by downloading it from the printer vendor’s website.
Page 62
Chapter 4 Tutorials Double-click the Applications folder. Tutorial: Macintosh HD folder Double-click the Utilities folder. Tutorial: Applications Folder Double-click the Print Center icon. Tutorial: Utilities Folder Click the Add icon at the top of the screen. Tutorial: Printer List Folder Set up your printer in the Printer List configuration screen.
Page 63
Chapter 4 Tutorials 11 Select your Printer Model from the drop-down list box. If the printer's model is not listed, select Generic. Tutorial: Printer Configuration 12 Click Add to select a printer model, save and close the Printer List configuration screen. Tutorial: Printer Model 13 The Name LP1 on 192.168.1.1 displays in the Printer List field.
Page 64
Chapter 4 Tutorials VMG8924-B10A and VMG8924-B30A Series User’s Guide...
H A PT ER Network Map and Status Screens 5.1 Overview After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the VMG and clients connected to it. You can use the Status screen to look at the current status of the VMG, system resources, and interfaces (LAN, WAN, and WLAN).
Chapter 5 Network Map and Status Screens If you want to view information about a client, click the client’s name and Info. Click the IP address if you want to change it. If you want to change the name or icon of the client, click Change name/ icon.
Page 69
Chapter 5 Network Map and Status Screens Each field is described in the following table. Table 5 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Device Information Host Name This field displays the VMG system name. It is used for identification. Model Number This shows the model number of your VMG.
Page 70
Chapter 5 Network Map and Status Screens Table 5 Status Screen (continued) LABEL DESCRIPTION Firewall This displays the firewall’s current security level. System Status System Up This field displays how long the VMG has been running since it last started up. The VMG Time starts up when you plug it in, when you restart it (Maintenance >...
Page 71
Chapter 5 Network Map and Status Screens Table 5 Status Screen (continued) LABEL DESCRIPTION Action If the SIP account is already registered with the SIP server, the Account Status field displays Registered. Click Unregister to delete the SIP account’s registration in the SIP server. This does not cancel your SIP account, but it deletes the mapping between your SIP identity and your IP address or domain name.
Page 72
Chapter 5 Network Map and Status Screens VMG8924-B10A and VMG8924-B30A Series User’s Guide...
H A PT ER Broadband 6.1 Overview This chapter discusses the VMG’s Broadband screens. Use these screens to configure your VMG for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Chapter 6 Broadband Table 6 WAN Setup Overview LAYER-2 INTERFACE INTERNET CONNECTION DSL LINK CONNECTION MODE ENCAPSULATION CONNECTION SETTINGS TYPE ADSL over ATM Routing PPPoE/PPPoA ATM PVC configuration, PPP information, IPv4/IPv6 IP address, routing feature, DNS server, VLAN, QoS, and MTU IPoE/IPoA ATM PVC configuration, IPv4/IPv6 IP address, routing feature, DNS...
Page 75
Chapter 6 Broadband IPv6 Introduction IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 addresses. The VMG can use IPv4/IPv6 dual stack to connect to IPv4 and IPv6 networks, and supports IPv6 rapid deployment (6RD).
Chapter 6 Broadband Figure 19 IPv6 Rapid Deployment - IPv6 - IPv4 - IPv4 - IPv6 in IPv4 ISP (IPv4) IPv6 Internet IPv6 in IPv4 IPv6 IPv4 IPv4 IPv4 Internet Dual Stack Lite Use Dual Stack Lite when local network computers use IPv4 and the ISP has an IPv6 network. When the VMG has an IPv6 WAN address and you set IPv6/IPv4 Mode to IPv6 Only, you can enable Dual Stack Lite to use IPv4 computers and services.
Chapter 6 Broadband 6.2 The Broadband Screen Use this screen to change your VMG’s Internet access settings. Click Network Setting > Broadband from the menu. The summary table shows you the configured WAN services (connections) on the VMG. Figure 21 Network Setting > Broadband The following table describes the labels in this screen.
Chapter 6 Broadband 6.2.1 Add/Edit Internet Connection Click Add New WAN Interface in the Broadband screen or the Edit icon next to an existing WAN interface to configure a WAN connection. The screen varies depending on the interface type, mode, encapsulation, and IPv6/IPv4 mode you select.
Page 79
Chapter 6 Broadband The following table describes the labels in this screen. Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) LABEL DESCRIPTION General Active Select this to enable the interface. Name Specify a descriptive name for this connection. Type Select whether it is an ADSL/VDSL over PTM, ADSL over ATM connection or Ethernet.
Page 80
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION Service Select UBR Without PCR or UBR With PCR for applications that are non-time sensitive, Category such as e-mail. Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic.
Page 81
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION Obtain an IP A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; Address the ISP assigns you a different one each time you connect to the Internet.
Page 82
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION Tunnel (This is available only when you select IPv4 Only or IPv6 Only in the IPv6/IPv4 Mode field.) The DS-Lite (Dual Stack Lite) fields display when you set the IPv6/IPv4 Mode field to IPv6 Only. Enable Dual Stack Lite to let local computers use IPv4 through an ISP’s IPv6 network.
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION IPv6 DNS Select Dynamic to have the VMG get the IPv6 DNS server addresses from the ISP automatically. Select Static to have the VMG use the IPv6 DNS server addresses you configure manually. IPv6 DNS Enter the first IPv6 DNS server address assigned by the ISP.
Page 84
Chapter 6 Broadband Figure 23 Network Setting > Broadband > Add New WAN Interface/Edit (Bridge Mode) The following table describes the fields in this screen. Table 9 Network Setting > Broadband > Add New WAN Interface/Edit (Bridge Mode) LABEL DESCRIPTION General Active Select this to enable the interface.
Chapter 6 Broadband 6.3 The 3G Backup Screen The USB ports (at the left side panel of the VMG) allow you to attach a 3G dongle to wirelessly connect to a 3G network for Internet access. You can have the VMG use the 3G WAN connection as a backup.
Page 86
Chapter 6 Broadband Note: The actual data rate you obtain varies depending the 3G card you use, the signal strength to the service provider’s base station, and so on. Figure 25 Network Setting > Broadband > 3G Backup The following table describes the labels in this screen. Table 10 Network Setting >...
Page 87
Chapter 6 Broadband Table 10 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Username Type the user name (of up to 64 ASCII printable characters) given to you by your service provider. Password Type the password (of up to 64 ASCII printable characters) associated with the user name above.
Page 88
Chapter 6 Broadband Table 10 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Send Notifications are sent to the e-mail address specified in this field. If this field is left blank, Notification to notifications cannot be sent via e-mail. Email Advanced Click this to show the advanced 3G backup settings.
Chapter 6 Broadband Table 10 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Mail Server Select a mail server for the e-mail address specified below. If you do not select a mail server, e-mail notifications cannot be sent via e-mail. You must have configured a mail server already in the Maintenance >...
Page 90
Chapter 6 Broadband Figure 26 Network Setting > Broadband > Advanced The following table describes the labels in this screen. Table 12 Network Setting > Broadband > Advanced LABEL DESCRIPTION PhyR US Enable or disable PhyR US (upstream) for upstream transmission to the WAN. PhyR US should be enabled if data being transmitted upstream is sensitive to noise.
Page 91
Chapter 6 Broadband Table 12 Network Setting > Broadband > Advanced (continued) LABEL DESCRIPTION G.lite : ITU G.992.2 (better known as G.lite) is an ITU standard for ADSL using discrete multitone modulation. G.lite does not strictly require the use of DSL filters, but like all variants of ADSL generally functions better with splitters.
Chapter 6 Broadband 6.5 The 802.1x Screen You can view and configure the 802.1X authentication settings in the 802.1x screen. Click Network Setting > Broadband > 802.1x to display the following screen. Figure 27 Network Setting > Broadband > 802.1x The following table describes the labels in this screen.
Chapter 6 Broadband 6.5.1 Modify 802.1X Settings Use this screen to edit 802.1X authentication settings. Click the Edit icon next to the rule you want to edit. The screen shown next appears. Figure 28 Network Setting > Broadband > 802.1x > Modify The following table describes the labels in this screen.
Page 94
Chapter 6 Broadband Encapsulation Be sure to use the encapsulation method required by your ISP. The VMG can work in bridge mode or routing mode. When the VMG is in routing mode, it supports the following methods. IP over Ethernet IP over Ethernet (IPoE) is an alternative to PPPoE.
Page 95
Chapter 6 Broadband Multiplexing There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the multiplexing method required by your ISP. VC-based Multiplexing In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc.
Page 96
Chapter 6 Broadband Figure 29 Example of Traffic Shaping ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Page 97
Chapter 6 Broadband IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP.
Page 98
Chapter 6 Broadband Multicast IP packets are transmitted in either one of two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.
Page 99
Chapter 6 Broadband compose the network address. The prefix length is written as “/x” where x is a number. For example, 2001:db8:1a2b:15::1a2f:0/32 means that the first 32 bits (2001:db8) is the subnet prefix. VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 100
Chapter 6 Broadband VMG8924-B10A and VMG8924-B30A Series User’s Guide...
H A PT ER Wireless 7.1 Overview This chapter describes the VMG’s Network Setting > Wireless screens. Use these screens to set up your VMG’s wireless connection. 7.1.1 What You Can Do in this Chapter This section describes the VMG’s Wireless screens. Use these screens to set up your VMG’s wireless connection.
Chapter 7 Wireless Finding Out More Section 7.10 on page 118 for advanced technical information on wireless networks. 7.2 The General Screen Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the VMG from a computer connected to the wireless LAN and you change the VMG’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Page 103
Chapter 7 Wireless The following table describes the general wireless LAN labels in this screen. Table 15 Network Setting > Wireless > General LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field. Band This shows the wireless band which this radio profile is using.
Chapter 7 Wireless Table 15 Network Setting > Wireless > General (continued) LABEL DESCRIPTION BSSID This shows the MAC address of the wireless interface on the VMG when wireless LAN is enabled. Security Level Security Mode Select Basic (WEP, 802.1X) or More Secure (WPA(2)-PSK) to add security on this wireless network.
Page 105
Chapter 7 Wireless Note: WEP is extremely insecure. Its encryption can be broken by an attacker, using widely-available software. It is strongly recommended that you use a more effective security mechanism. Use the strongest security mechanism that all the wireless devices in your network support. For example, use WPA-PSK or WPA2-PSK if all your wireless devices support it, or use WPA or WPA2 if your wireless devices support it and you have a RADIUS server.
Chapter 7 Wireless 7.2.3 More Secure (WPA(2)-PSK) The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the VMG and the connecting client share a common password in order to validate the connection. This type of encryption, while robust, is not as strong as WPA, WPA2 or even WPA2-PSK.
Chapter 7 Wireless Table 18 Wireless > General: More Secure: WPA(2)-PSK (continued) LABEL DESCRIPTION Encryption Select the encryption type (TKIP, AES or TKIP+AES) for data encryption. Select TKIP if your wireless clients can all use TKIP. Select AES if your wireless clients can all use AES. Select TKIP+AES to allow the wireless clients to use either TKIP or AES.
Chapter 7 Wireless 7.3.1 Edit Guest / More AP Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the Guest / More AP screen. The following screen displays. Figure 35 Network Setting > Wireless > Guest / More AP > Edit The following table describes the fields in this screen.
Page 109
Chapter 7 Wireless Table 20 Network Setting > Wireless > Guest / More AP > Edit (continued) LABEL DESCRIPTION Wireless The SSID (Service Set IDentity) identifies the service set with which a wireless device is Network Name associated. Wireless devices associating to the access point (AP) must have the same SSID. (SSID) Enter a descriptive name (up to 32 English keyboard characters) for the wireless LAN.
Chapter 7 Wireless 7.4 MAC Authentication This screen allows you to configure the VMG to give exclusive access to specific devices (Allow) or exclude specific devices from accessing the VMG (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Chapter 7 Wireless 7.5 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your VMG. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices. Both devices must support WPS.
Chapter 7 Wireless Table 22 Network Setting > Wireless > WPS (continued) LABEL DESCRIPTION Method 2 Use this section to set up a WPS wireless network by entering the PIN of the client into the VMG. Select Enable and click Apply to activate WPS method 2 on the VMG. Register Enter the PIN of the device that you are setting up a WPS connection with and click Register to authenticate and add the wireless device to your wireless network.
Chapter 7 Wireless The following table describes the labels in this screen. Table 23 Network Setting > Wireless > WMM LABEL DESCRIPTION 2.4GHz WMM Setup / 5GHz WMM Setup Select On to have the VMG automatically give a service a priority level according to the ToS value in the IP header of packets it sends.
Page 114
Chapter 7 Wireless Figure 39 Network Setting > Wireless > WDS The following table describes the labels in this screen. Table 24 Network Setting > Wireless > WDS LABEL DESCRIPTION 2.4GHz Wireless Bridge Setup / 5GHz Wireless Bridge Setup AP Mode Select the operating mode for your VMG.
Chapter 7 Wireless 7.7.1 WDS Scan You can click the Scan icon in Wireless > WDS to have the VMG automatically search and display the available APs within range. Select an AP and click Apply to have the VMG establish a wireless link with the selected wireless device.
Page 116
Chapter 7 Wireless Figure 41 Network Setting > Wireless > Others The following table describes the labels in this screen. Table 26 Network Setting > Wireless > Others LABEL DESCRIPTION RTS/CTS Data with its frame size larger than this value will perform the RTS (Request To Send)/CTS Threshold (Clear To Send) handshake.
Chapter 7 Wireless Table 26 Network Setting > Wireless > Others (continued) LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the VMG. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the VMG.
Chapter 7 Wireless Figure 42 Network Setting > Wireless > Channel Status 7.10 Technical Reference This section discusses wireless LANs in depth. For more information, see Appendix B on page 369. 7.10.1 Wireless Network Overview Wireless networks consist of wireless clients, access points and bridges. •...
Page 119
Chapter 7 Wireless The following figure provides an example of a wireless network. Figure 43 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet.
Chapter 7 Wireless 7.10.2 Additional Wireless Terms The following table describes some wireless network terms and acronyms used in the VMG’s Web Configurator. Table 27 Additional Wireless Terms TERM DESCRIPTION RTS/CTS Threshold In a wireless network which covers a large area, wireless devices are sometimes not aware of each other’s presence.
Chapter 7 Wireless and does not include real words. For example, if your mother owns a 1970 Dodge Challenger and her favorite movie is Vanishing Point (which you know was made in 1971) you could use “70dodchal71vanpoi” as your security key. The following sections introduce different types of wireless security you can set up in the wireless network.
Chapter 7 Wireless 7.10.3.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of authentication.
Chapter 7 Wireless 7.10.5 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is disabled, wireless station A and B can access the wired network and communicate with each other.
Chapter 7 Wireless • MBSSID should not replace but rather be used in conjunction with 802.1x security. 7.10.7 Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet.
Page 125
Chapter 7 Wireless Depending on the devices you have, you can either press a button (on the device itself, or in its configuration utility) or enter a PIN (a unique Personal Identification Number that allows one device to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two minutes to find another device that also has WPS activated.
Page 126
Chapter 7 Wireless Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the VMG, see Section 7.5 on page 111).
Chapter 7 Wireless Figure 46 Example WPS Process: PIN Method ENROLLEE REGISTRAR This device’s WPS PIN: 123456 Enter WPS PIN from other device: START START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 7.10.9.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role. One device acts as the registrar (the device that supplies network and security settings) and the other device acts as the enrollee (the device that receives network and security settings.
Page 128
Chapter 7 Wireless Figure 47 How WPS works ACTIVATE ACTIVATE WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes).
Page 129
Chapter 7 Wireless Figure 48 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO CLIENT 1 In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network.
Chapter 7 Wireless Figure 50 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 REGISTRAR CLIENT 2 ENROLLEE 7.10.9.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It does not work in Ad-Hoc networks (where there is no AP).
Page 131
Chapter 7 Wireless access point is the WPS registrar, the enrollee, or was not involved in the WPS handshake; a rogue device must still associate with the access point to gain access to the network. Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP.
Page 132
Chapter 7 Wireless VMG8924-B10A and VMG8924-B30A Series User’s Guide...
H A PT ER Home Networking 8.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses.
Chapter 8 Home Networking 8.1.2 What You Need To Know 8.1.2.1 About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Chapter 8 Home Networking • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the Chapter 11 on page 177 for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues.
Page 136
Chapter 8 Home Networking Click Apply to save your settings. Figure 51 Network Setting > Home Networking > LAN Setup The following table describes the fields in this screen. Table 29 Network Setting > Home Networking > LAN Setup LABEL DESCRIPTION Interface Group Group Name...
Page 137
Chapter 8 Home Networking Table 29 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION IPv4 Address Enter the IPv4 IP address of the actual remote DHCP server in this field. IP Addressing This field is only available when you select Enable in the DHCP field. Values Beginning IP This field specifies the first of the contiguous addresses in the IP address pool.
Page 138
Chapter 8 Home Networking Table 29 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION MLD Snooping Multicast Listener Discovery (MLD) allows an IPv6 switch or router to discover the presence of MLD hosts who wish to receive multicast packets and the IP addresses of multicast groups the hosts want to join on its network.
Chapter 8 Home Networking 8.3 The Static DHCP Screen This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Chapter 8 Home Networking Figure 53 Static DHCP: Add/Edit The following table describes the labels in this screen. Table 31 Static DHCP: Add/Edit LABEL DESCRIPTION Active Select this to activate the connection between the client and the VMG. Group Name Select the interface group name for which you want to configure static DHCP settings.
Chapter 8 Home Networking Use the following screen to configure the UPnP settings on your VMG. Click Network Setting > Home Networking > UPnP to display the screen shown next. Figure 54 Network Setting > Home Networking > UPnP The following table describes the labels in this screen. Table 32 Network Setting >...
Page 142
Chapter 8 Home Networking Click Change Advanced Sharing Settings. Select Turn on network discovery and click Save Changes. Network discovery allows your computer to find other computers and devices on the network and other computers on the network to find your computer. This makes it easier to share files and printers. VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Chapter 8 Home Networking 8.5 The Additional Subnet Screen Use the Additional Subnet screen to configure IP alias and public static IP. IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The VMG supports multiple logical LAN interfaces via its physical Ethernet interface with the VMG itself as the gateway for the LAN network.
Chapter 8 Home Networking Table 33 Network Setting > Home Networking > Additional Subnet (continued) LABEL DESCRIPTION IP Subnet Mask Enter the public IP subnet mask provided by your ISP. Offer Public IP Select the checkbox to enable the VMG to provide public IP addresses by DHCP server. by DHCP Enable ARP Select the checkbox to enable the ARP (Address Resolution Protocol) proxy.
Chapter 8 Home Networking Figure 57 Network Setting > Home Networking > STB Vendor ID The following table describes the labels in this screen. Table 35 Network Setting > Home Networking > STB Vendor ID LABEL DESCRIPTION STB Vendor ID Enter an STB’s Vendor Class Identifier which is used for informing the DHCP server the STB’s vendor and functionality.
Chapter 8 Home Networking The following table describes the labels in this screen. Table 36 Network Setting > Home Networking > 5th Ethernet Port LABEL DESCRIPTION State Select Enable to use the Ethernet WAN port as a LAN port on the VMG. Apply Click Apply to save your changes.
Chapter 8 Home Networking 8.9 The TFTP Server Name Screen Use the TFTP Server screen to identify a TFTP server for configuration file download using DHCP option 66. RFC 2132 defines the option 66 open standard. DHCP option 66 supports the IP address or the hostname of a single TFTP server.
Chapter 8 Home Networking Figure 61 LAN and WAN IP Addresses 8.10.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the VMG as a DHCP server or disable it.
Chapter 8 Home Networking 8.10.4 LAN TCP/IP The VMG has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.
Page 150
Chapter 8 Home Networking Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, “Address Allocation for Private Internets” and RFC 1466, “Guidelines for Management of IP Address Space”.
H A PT ER Routing 9.1 Overview The VMG usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the VMG send data to devices not reachable through the default gateway, use static routes.
Chapter 9 Routing The following table describes the labels in this screen. Table 39 Network Setting > Routing > Static Route LABEL DESCRIPTION Add new static Click this to configure a new static route. route This is the index number of the entry. Status This field displays whether the static route is active or not.
Chapter 9 Routing Table 40 Routing: Add/Edit (Sheet 2 of 2) LABEL DESCRIPTION IP Subnet Mask If you are using IPv4 and need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID.
Chapter 9 Routing 9.3.1 The DNS Route Add Screen You can manually add the VMG’s DNS route entry. Click Add new DNS Route in the Network Setting > Routing > DNS Route screen. The screen shown next appears. Figure 66 DNS Route Add The following table describes the labels in this screen.
Page 155
Chapter 9 Routing The Policy Forwarding screen let you view and configure routing policies on the VMG. Click Network Setting > Routing > Policy Forwarding to open the following screen. Figure 67 Network Setting > Routing > Policy Forwarding The following table describes the labels in this screen. Table 43 Network Setting >...
Chapter 9 Routing 9.4.1 Add/Edit Policy Forwarding Click Add new Policy Forward Rule in the Policy Forwarding screen or click the Edit icon next to a policy. Use this screen to configure the required information for a policy route. Figure 68 Policy Forwarding: Add/Edit The following table describes the labels in this screen.
Chapter 9 Routing 9.5.1 The RIP Screen Click Network Setting > Routing > RIP to open the RIP screen. Figure 69 RIP The following table describes the labels in this screen. Table 45 RIP LABEL DESCRIPTION This is the index of the interface in which the RIP setting is used. Interface This is the name of the interface in which the RIP setting is used.
Page 158
Chapter 9 Routing VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER Quality of Service (QoS) 10.1 Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested.
Page 160
Chapter 10 Quality of Service (QoS) similar types of traffic together and treating each type as a class. You can use CoS to give different priorities to different packet types. CoS technologies include IEEE 802.1p layer 2 tagging and DiffServ (Differentiated Services or DS). IEEE 802.1p tagging makes use of three bits in the packet header, while DiffServ is a new protocol and defines a new DS field, which replaces the eight-bit ToS (Type of Service) field in the IP header.
Chapter 10 Quality of Service (QoS) which are performed on the colored packets. See Section 10.7 on page 171 for more information on each metering algorithm. 10.3 The Quality of Service General Screen Click Network Setting > QoS > General to open the screen as shown next. Use this screen to enable or disable QoS and set the upstream bandwidth.
Chapter 10 Quality of Service (QoS) Table 46 Network Setting > QoS > General (continued) (continued) LABEL DESCRIPTION LAN Managed Enter the amount of downstream bandwidth for the LAN interfaces (including WLAN) that Downstream you want to allocate using QoS. Bandwidth The recommendation is to set this speed to match the WAN interfaces’...
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 47 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add new Queue Click this button to create a new queue entry. This is the index number of the entry. Status This field displays whether the queue is active or not.
Chapter 10 Quality of Service (QoS) Table 48 Queue Setup: Add (continued) LABEL DESCRIPTION Priority Select the priority level (from 1 to 7) of this queue. The smaller the number, the higher the priority level. Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network is congested.
Chapter 10 Quality of Service (QoS) Figure 73 Network Setting > QoS > Class Setup The following table describes the labels in this screen. Table 49 Network Setting > QoS > Class Setup LABEL DESCRIPTION Add new Classifier Click this to create a new classifier. This is the index number of the entry.
Page 166
Chapter 10 Quality of Service (QoS) Figure 74 Class Setup: Add/Edit The following table describes the labels in this screen. Table 50 Class Setup: Add/Edit LABEL DESCRIPTION Active Select this to enable this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces.
Page 167
Chapter 10 Quality of Service (QoS) Table 50 Class Setup: Add/Edit (continued) LABEL DESCRIPTION Classification Select an existing number for where you want to put this classifier to move the classifier to Order the number you selected after clicking Apply. Select Last to put this rule in the back of the classifier list.
Page 168
Chapter 10 Quality of Service (QoS) Table 50 Class Setup: Add/Edit (continued) LABEL DESCRIPTION IP Protocol This field is available only when you select IP in the Ether Type field. Select this option and select the protocol (service type) from TCP, UDP, ICMP or IGMP. If you select User defined, enter the protocol (service type) number.
Chapter 10 Quality of Service (QoS) Table 50 Class Setup: Add/Edit (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 10.6 The QoS Policer Setup Screen Use this screen to configure QoS policers that allow you to limit the transmission rate of incoming traffic.
Chapter 10 Quality of Service (QoS) 10.6.1 Add/Edit a QoS Policer Click Add new Policer in the Policer Setup screen or the Edit icon next to a policer to show the following screen. Figure 76 Policer Setup: Add/Edit The following table describes the labels in this screen. Table 52 Policer Setup: Add/Edit LABEL DESCRIPTION...
Chapter 10 Quality of Service (QoS) Table 52 Policer Setup: Add/Edit LABEL DESCRIPTION Conforming Specify what the VMG does for packets within the committed rate and burst size (green- Action marked packets). • Pass: Send the packets without modification. • DSCP Mark: Change the DSCP mark value of the packets.
Page 172
Chapter 10 Quality of Service (QoS) Table 53 IEEE 802.1p Priority Level and Traffic Type PRIORITY TRAFFIC TYPE LEVEL Level 1 This is typically used for non-critical “background” traffic such as bulk transfers that are allowed but that should not affect other applications and users. Level 0 Typically used for best-effort traffic.
Page 173
Chapter 10 Quality of Service (QoS) The following table shows you the internal layer-2 and layer-3 QoS mapping on the VMG. On the VMG, traffic assigned to higher priority queues gets through faster while traffic in lower index queues is dropped if the network is congested. Table 54 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3...
Page 174
Chapter 10 Quality of Service (QoS) • If there are no tokens in the bucket, the VMG stops transmitting until enough tokens are generated. • If not enough tokens are available, the VMG treats the packet in either one of the following ways: In traffic shaping: •...
Page 175
Chapter 10 Quality of Service (QoS) on the guaranteed and maximum bandwidth respectively as negotiated between a service provider and client. The trTCM evaluates incoming packets and marks them with one of three colors which refer to packet loss priority levels. High packet loss priority level is referred to as red, medium is referred to as yellow and low is referred to as green.
Page 176
Chapter 10 Quality of Service (QoS) VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER Network Address Translation (NAT) 11.1 Overview This chapter discusses how to configure NAT on the VMG. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Chapter 11 Network Address Translation (NAT) In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 179
Chapter 11 Network Address Translation (NAT) Figure 77 Multiple Servers Behind NAT Example A=192.168.1.33 B=192.168.1.34 192.168.1.1 IP Address assigned by ISP C=192.168.1.3 D=192.168.1.36 Click Network Setting > NAT > Port Forwarding to open the following screen. Appendix D on page 391 for port numbers commonly used for particular services.
Chapter 11 Network Address Translation (NAT) Table 55 Network Setting > NAT > Port Forwarding (continued) LABEL DESCRIPTION End Port This is the last external port number that identifies a service. Translation This is the first internal port number that identifies a service. Start Port Translation End This is the last internal port number that identifies a service.
Chapter 11 Network Address Translation (NAT) Table 56 Port Forwarding: Add/Edit (continued) LABEL DESCRIPTION WAN IP Enter the WAN IP address for which the incoming service is destined. If the packet’s destination IP address doesn’t match the one specified here, the port forwarding rule will not be applied.
Chapter 11 Network Address Translation (NAT) The following table describes the labels in this screen. Table 57 Network Setting > NAT > Applications LABEL DESCRIPTION Add new Click this to add a new NAT application rule. application Application This field shows the type of application that the service forwards. Forwarded WAN Interface This field shows the WAN interface through which the service is forwarded.
Chapter 11 Network Address Translation (NAT) 11.4 The Port Triggering Screen Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN).
Chapter 11 Network Address Translation (NAT) Figure 83 Network Setting > NAT > Port Triggering The following table describes the labels in this screen. Table 59 Network Setting > NAT > Port Triggering LABEL DESCRIPTION Add new rule Click this to create a new rule. This is the index number of the entry.
Chapter 11 Network Address Translation (NAT) Figure 84 Port Triggering: Add/Edit The following table describes the labels in this screen. Table 60 Port Triggering: Configuration Add/Edit LABEL DESCRIPTION Active Select the check box to enable this rule. Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on). WAN Interface Select a WAN interface for which you want to configure port triggering rules.
Chapter 11 Network Address Translation (NAT) Figure 85 Network Setting > NAT > DMZ The following table describes the fields in this screen. Table 61 Network Setting > NAT > DMZ LABEL DESCRIPTION Default Server Enter the IP address of the default server which receives packets from ports that are not Address specified in the NAT Port Forwarding screen.
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 62 Network Setting > NAT > ALG LABEL DESCRIPTION NAT ALG Enable this to make sure applications such as FTP and file transfer in IM applications work correctly with port-forwarding and address-mapping rules.
Chapter 11 Network Address Translation (NAT) Table 63 Network Setting > NAT > Address Mapping (continued) LABEL DESCRIPTION Type This is the address mapping type. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type.
Chapter 11 Network Address Translation (NAT) Table 64 Address Mapping: Add/Edit (continued) LABEL DESCRIPTION Local End IP Enter the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address.
Chapter 11 Network Address Translation (NAT) 11.9.1 NAT Definitions Inside/outside denotes where a host is located relative to the VMG, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts. Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is...
Chapter 11 Network Address Translation (NAT) 11.9.3 How NAT Works Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN.
Page 192
Chapter 11 Network Address Translation (NAT) Figure 91 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also refer to the Supporting CD for more examples and details on port forwarding and NAT.
Page 193
Chapter 11 Network Address Translation (NAT) third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 92 Multiple Servers Behind NAT Example A=192.168.1.33 192.168.1.1 B=192.168.1.34...
Page 194
Chapter 11 Network Address Translation (NAT) VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER Dynamic DNS Setup 12.1 Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list.
Chapter 12 Dynamic DNS Setup If you have a private WAN IP address, then you cannot use Dynamic DNS. 12.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the VMG. Click Network Setting > DNS to open the DNS Entry screen.
Chapter 12 Dynamic DNS Setup The following table describes the labels in this screen. Table 69 DNS Entry: Add/Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry. IP Address Enter the IP address of the DNS entry. Apply Click Apply to save your changes.
Page 198
Chapter 12 Dynamic DNS Setup Table 70 Network Setting > DNS > > Dynamic DNS (continued) LABEL DESCRIPTION Last Updated This shows the last time the IP address the Dynamic DNS provider has associated Time with the hostname was updated. Current Dynamic This shows the IP address your Dynamic DNS provider has currently associated with the hostname.
HAPTER IGMP/MLD 13.1 Overview Use the IGMP/MLD screen to configure IGMP/MLD group settings. 13.1.1 What You Need To Know Multicast and IGMP Multicast on page 98 for more information. Multicast Listener Discovery (MLD) The Multicast Listener Discovery (MLD) protocol (defined in RFC 2710) is derived from IPv4's Internet Group Management Protocol version 2 (IGMPv2).
Page 200
Chapter 13 IGMP/MLD Figure 96 Network Setting > IGMP/MLD The following table describes the labels in this screen. Table 71 Network Setting > IGMP/MLD LABEL DESCRIPTION IGMP/MLD Configuration Default Version Enter the version of IGMP (1~3) and MLD (1~2) that you want the VMG to use on the WAN. Query Interval Enter the number of seconds the VMG sends a query message to hosts to get the group membership information.
Page 201
Chapter 13 IGMP/MLD Table 71 Network Setting > IGMP/MLD (continued) LABEL DESCRIPTION Maximum Enter a number to limit the number of multicast data sources (1-24) a multicast group is Multicast Data allowed to have. Sources Note: The setting only works for IGMPv3 and MLDv2. Maximum Enter a number to limit the number of multicast members a multicast group can have.
Page 202
Chapter 13 IGMP/MLD VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER Vlan Group 14.1 Overview Virtual LAN IDs are used to identify different traffic types over the same physical link. In the following example, the VMG (DSL) can use VLAN IDs (VID) 100 and 200 to identify Video-on- Demand and IPTV traffic respectively coming from the two VoD and IPTV multicast servers. The VMG (DSL) can also tag outgoing requests to these servers with these VLAN IDs.
Chapter 14 Vlan Group The following table describes the fields in this screen. Table 72 Network Setting > Vlan Group LABEL DESCRIPTION Add New Vlan Click this button to create a new VLAN group. Group This is the index number of the VLAN group. Group Name This shows the descriptive name of the VLAN group.
HAPTER Interface Group 15.1 Overview By default, all LAN and WAN interfaces on the VMG are in the same group and can communicate with each other. Create interface groups to have the VMG assign the IP addresses in different domains to different groups. Each group acts as an independent network on the VMG. This lets devices connected to an interface group’s LAN interfaces communicate through the interface group’s WAN or LAN interfaces but not other WAN or LAN interfaces.
Chapter 15 Interface Group Figure 100 Interface Grouping Application Default: ETH 2~4 192.168.1.x/24 eth10.0 Internet VDSL_PoE/ppp0.1 192.168.2.x/24 DHCP Vendor ID option: MSFT 5.0 Click Network Setting > Interface Group to open the following screen. Figure 101 Network Setting > Interface Group The following table describes the fields in this screen.
Page 207
Chapter 15 Interface Group Figure 102 Interface Group Configuration The following table describes the fields in this screen. Table 75 Interface Group Configuration LABEL DESCRIPTION Group Name Enter a name to identify this group. You can enter up to 30 characters. You can use letters, numbers, hyphens (-) and underscores (_).
Chapter 15 Interface Group Table 75 Interface Group Configuration (continued) LABEL DESCRIPTION WildCard This shows if wildcard on DHCP option 60 is enabled. Support Remove Click the Remove icon to delete this rule from the VMG. Apply Click Apply to save your changes back to the VMG. Cancel Click Cancel to exit this screen without saving.
Page 209
Chapter 15 Interface Group Table 76 Interface Grouping Criteria (continued) LABEL DESCRIPTION DUID type Select DUID-LLT (DUID Based on Link-layer Address Plus Time) to enter the hardware type, a time value and the MAC address of the device. Select DUID-EN (DUID Assigned by Vendor Based upon Enterprise Number) to enter the vendor’s registered enterprise number.
Page 210
Chapter 15 Interface Group VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER USB Service 16.1 Overview You can share files on a USB memory stick or hard drive connected to your VMG with users on your network. The following figure is an overview of the VMG’s file server feature. Computers A and B can access files on a USB device (C) which is connected to the VMG.
Page 212
Chapter 16 USB Service 16.1.2.1 About File Sharing Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a printer or files. Windows automatically assigns the workgroup name when you set up a network.
Chapter 16 USB Service Supported OSs Your operating system must support TCP/IP ports for printing and be compatible with the RAW (port 9100) protocol. The following OSs support VMG’s printer sharing feature. • Microsoft Windows 95, Windows 98 SE (Second Edition), Windows Me, Windows NT 4.0, Windows 2000, Windows XP or Macintosh OS X.
Chapter 16 USB Service Each field is described in the following table. Table 77 Network Setting > USB Service > File Sharing LABEL DESCRIPTION Information Volume This is the volume name the VMG gives to an inserted USB device. Capacity This is the total available memory size (in megabytes) on the USB device.
Chapter 16 USB Service Figure 106 Network Setting > USB Service > File Sharing > Add new user Each field is described in the following table. Table 78 Network Setting > USB Service > File Sharing > Add new user LABEL DESCRIPTION User Name...
Chapter 16 USB Service Figure 107 Network Setting > USB Service > Media Server The following table describes the labels in this menu. Table 79 Network Setting > USB Service > Media Server LABEL DESCRIPTION Media Server Select Enable to have the VMG function as a DLNA-compliant media server. Enable the media server to let (DLNA-compliant) media clients on your network play media files located in the shares.
Chapter 16 USB Service 16.4.2 The Print Server Screen Use this screen to enable or disable sharing of a USB printer via your VMG. To access this screen, click Network Setting > USB Service > Print Server. Figure 108 Network Setting > USB Service > Printer Server The following table describes the labels in this menu.
Page 218
Chapter 16 USB Service VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER Power Management 17.1 Overview Power management allows you to turn on/off one or more interfaces and all LED lights without power off the whole system when necessary. You can configure a schedule to do so automatically or manually do it on the Web Configurator. 17.1.1 What You Can Do in this Chapter •...
Chapter 17 Power Management Figure 109 Network Setting > Power Management Each field is described in the following table. Table 81 Network Setting > Power Management LABEL DESCRIPTION Manually Select POWER ON or POWER OFF to turn on/off the interface or LED lights. Switch On/Off Apply Click Apply to save your changes.
Chapter 17 Power Management The following table describes the labels in this menu. Table 82 Network Setting > Power Managment > Auto Switch OffNetwork Setting > Power Managment > Auto Switch Off LABEL DESCRIPTION Add or modify Click this link to create or edit a schedule. rules This is the index number of a schedule rule.
Chapter 17 Power Management 17.3.2 The Add/Edit Rule Screen Use this screen to configure a schedule rule. To access this screen, click the Add new rule link or the Edit icon in the Network Setting > Power Management > Auto Switch Off > Add or modify rules screen.
HAPTER Firewall 18.1 Overview This chapter shows you how to enable and configure the VMG’s security settings. Use the firewall to protect your VMG and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Chapter 18 Firewall 18.1.2 What You Need to Know SYN Attack A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue.
Chapter 18 Firewall Figure 114 Security > Firewall > General The following table describes the labels in this screen. Table 85 Security > Firewall > General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the VMG. Easy Select Easy to allow LAN to WAN and WAN to LAN packet directions.
Chapter 18 Firewall Figure 115 Security > Firewall > Protocol The following table describes the labels in this screen. Table 86 Security > Firewall > Protocol LABEL DESCRIPTION Add new Click this to add a new service. service entry Name This is the name of your customized service.
Page 227
Chapter 18 Firewall Figure 116 Service: Add/Edit The following table describes the labels in this screen. Table 87 Service: Add/Edit LABEL DESCRIPTION Protocol Choose the IP protocol (TCP, UDP, ICMP, or Other) that defines your customized port from the drop-down list box. Select Other to be able to enter a protocol number. Source/ These fields are displayed if you select TCP or UDP as the IP port.
Chapter 18 Firewall 18.4 The Access Control Screen Click Security > Firewall > Access Control to display the following screen. This screen displays a list of the configured incoming or outgoing filtering rules. Figure 117 Security > Firewall > Access Control The following table describes the labels in this screen.
Page 229
Chapter 18 Firewall Figure 118 Access Control: Add/Edit The following table describes the labels in this screen. Table 89 Access Control: Add/Edit LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes. You must enter the filter name to add an ACL rule.
Chapter 18 Firewall Table 89 Access Control: Add/Edit (continued) LABEL DESCRIPTION Custom This field is displayed only when you select Specific Protocol in Select Protocol. Destination Port Enter a single port number or the range of port numbers of the destination. Policy Use the drop-down list box to select whether to discard (DROP), deny and send an ICMP destination-unreachable message to the sender of (REJECT) or allow the passage of...
Page 231
Chapter 18 Firewall Table 90 Security > Firewall > DoS (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 232
Chapter 18 Firewall VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER MAC Filter 19.1 Overview You can configure the VMG to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 234
Chapter 19 MAC Filter The following table describes the labels in this screen. Table 91 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate the MAC filter function. MAC Restrict Mode Select Allow to only permit the listed MAC addresses access to the VMG. Select Deny to permit anyone access to the VMG except the listed MAC addresses.
HAPTER Parental Control 20.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the VMG performs parental control on a specific user. 20.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules.
Chapter 20 Parental Control Table 92 Security > Parental Control (continued) LABEL DESCRIPTION PCP Name This shows the name of the rule. Home Network This shows the MAC address of the LAN user’s computer to which this rule applies. User (MAC) Internet Access This shows the day(s) and time on which parental control is enabled.
Page 237
Chapter 20 Parental Control Figure 122 Parental Control Rule: Add/Edit Rule Figure 123 Parental Control Rule: Add/Edit Rule > Add Service VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 238
Chapter 20 Parental Control Figure 124 Parental Control Rule: Add/Edit Rule > Add Keyword The following table describes the fields in this screen. Table 93 Parental Control Rule: Add/Edit LABEL DESCRIPTION General Active Select the checkbox to activate this parental control rule. Parental Enter a descriptive name for the rule.
Page 239
Chapter 20 Parental Control Table 93 Parental Control Rule: Add/Edit (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Delete icon to delete an existing rule. Blocked Site/ Click Add to show a screen to enter the URL of web site or URL keyword to which the VMG URL Keyword blocks access.
Page 240
Chapter 20 Parental Control VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER Scheduler Rule 21.1 Overview You can define time periods and days during which the VMG performs scheduled rules of certain features (such as Firewall Access Control) in the Scheduler Rule screen. 21.2 The Scheduler Rule Screen Use this screen to view, add, or edit time schedule rules. Click Security >...
Chapter 21 Scheduler Rule 21.2.1 Add/Edit a Schedule Click the Add button in the Scheduler Rule screen or click the Edit icon next to a schedule rule to open the following screen. Use this screen to configure a restricted access schedule. Figure 126 Scheduler Rule: Add/Edit The following table describes the fields in this screen.
HAPTER Certificates 22.1 Overview The VMG can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 22.1.1 What You Can Do in this Chapter •...
Chapter 22 Certificates Figure 127 Security > Certificates > Local Certificates The following table describes the labels in this screen. Table 96 Security > Certificates > Local Certificates LABEL DESCRIPTION Private Key is Select the checkbox and enter the private key into the text box to store it on the VMG. protected by a The private key should not exceed 63 ASCII characters (not including spaces).
Page 245
Chapter 22 Certificates Figure 128 Create Certificate Request The following table describes the labels in this screen. Table 97 Create Certificate Request LABEL DESCRIPTION Certificate Type up to 63 ASCII characters (not including spaces) to identify this certificate. Name Common Name Select Auto to have the VMG configure this field automatically.
Chapter 22 Certificates 22.3.2 Load Signed Certificate After you create a certificate request and have it signed by a Certificate Authority, in the Local Certificates screen click the certificate request’s Load Signed icon to import the signed certificate into the VMG. Note: You must remove any spaces from the certificate’s filename before you can import Figure 130 Load Signed Certificate The following table describes the labels in this screen.
Chapter 22 Certificates Figure 131 Security > Certificates > Trusted CA The following table describes the fields in this screen. Table 99 Security > Certificates > Trusted CA LABEL DESCRIPTION Import Click this button to open a screen where you can save the certificate of a certification Certificate authority that you trust to the VMG.
Chapter 22 Certificates Figure 132 Trusted CA: View The following table describes the fields in this screen. Table 100 Trusted CA: View LABEL DESCRIPTION Name This field displays the identifying name of this certificate. Type This field displays general information about the certificate. ca means that a Certification Authority signed the certificate.
Page 249
Chapter 22 Certificates Figure 133 Trusted CA: Import Certificate The following table describes the fields in this screen. Table 101 Trusted CA: Import Certificate LABEL DESCRIPTION Certificate File Type in the location of the certificate you want to upload in this field or click Browse ... to Path find it.
Page 250
Chapter 22 Certificates VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER 23.1 Overview A virtual private network (VPN) provides secure communications over the the Internet. Internet Protocol Security (IPSec) is a standards-based VPN that provides confidentiality, data integrity, and authentication. This chapter shows you how to configure the VMG’s VPN settings. Figure 134 IPSec Fields Summary Remote Network Local Network...
Chapter 23 VPN This screen contains the following fields: Table 102 Security > IPSec VPN LABEL DESCRIPTION Add New Click this button to add an item to the list. Connection This displays the index number of an entry. Status This displays whether the VPN policy is enabled (Enable) or not (Disable). Connection Name The name of the VPN policy.
Page 253
Chapter 23 VPN Figure 136 Security > IPSec VPN: Add/Edit This screen contains the following fields: Table 103 Security > IPSec VPN: Add/Edit LABEL DESCRIPTION Active Select this to activate this VPN policy. IPSec Connection Enter the name of the VPN policy. Name Remote IPSec Enter the IP address of the remote IPSec router in the IKE SA.
Page 254
Chapter 23 VPN Table 103 Security > IPSec VPN: Add/Edit LABEL DESCRIPTION IP Address for If Single Address is selected, enter a (static) IP address on the LAN behind your VMG. If Subnet is selected, specify IP addresses on a network by their subnet mask by entering a (static) IP address on the LAN behind your VMG.
Page 255
Chapter 23 VPN Table 103 Security > IPSec VPN: Add/Edit LABEL DESCRIPTION Local ID Content When you select IP in the Local ID Type field, type the IP address of your computer in this field. If you configure this field to 0.0.0.0 or leave it blank, the VMG automatically uses the Pre-Shared Key (refer to the Pre-Shared Key field description).
Page 256
Chapter 23 VPN Table 103 Security > IPSec VPN: Add/Edit LABEL DESCRIPTION Encryption Select which key size and encryption algorithm to use in the IKE SA. Choices are: Algorithm DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm AES - 128 - a 128-bit key with the AES encryption algorithm AES - 196 - a 196-bit key with the AES encryption algorithm AES - 256 - a 256-bit key with the AES encryption algorithm...
Page 257
Chapter 23 VPN Table 103 Security > IPSec VPN: Add/Edit LABEL DESCRIPTION Perfect Forward Select whether or not you want to enable Perfect Forward Secrecy (PFS) Secrecy (PFS) PFS changes the root key that is used to generate encryption keys for each IPSec SA. The longer the key, the more secure the encryption, but also the longer it takes to encrypt and decrypt information.
Chapter 23 VPN 23.3 The IPSec VPN Monitor Screen Use this screen to check your VPN tunnel’s current status. You can also manually trigger a VPN tunnel to the remote network. Click Security > IPSec VPN > Monitor to open this screen as shown next.
Chapter 23 VPN Figure 138 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Chapter 23 VPN Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Chapter 23 VPN Figure 140 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm. •...
Chapter 23 VPN • Aggressive Mode is quicker than Main Mode because it eliminates several steps when the communicating parties are negotiating authentication (phase 1). However the trade-off is that faster speed limits its negotiating power and it also does not provide identity protection. It is useful in remote access situations where the address of the initiator is not know by the responder and both parties want to use pre-shared key authentication.
Chapter 23 VPN Figure 141 NAT Router Between IPSec Routers Normally you cannot set up an IKE SA with a NAT router between the two IPSec routers because the NAT router changes the header of the IPSec packet. NAT traversal solves the problem by adding a UDP port 500 header to the IPSec packet.
Chapter 23 VPN The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address, domain name, or e-mail address. Table 107 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= Type the IP address of your computer.
HAPTER PPTP VPN 24.1 Overview Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks. 24.2 The PPTP VPN Setup Screen Use this screen to configure the PPTP VPN settings on the VMG for a dial-up connection.
Page 266
Chapter 24 PPTP VPN This screen contains the following fields: Table 110 Security > PPTP VPN LABEL DESCRIPTION Enable PPTP Select this to activate this PPTP VPN policy. Name Enter the name of this PPTP VPN policy. Server IP/Name Type the IP address of the PPTP server. PPTP Account Type the user name given to you by your ISP.
HAPTER Voice 25.1 Overview Use this chapter to: • Connect an analog phone to the VMG. • Make phone calls over the Internet, as well as the regular phone network. • Configure settings such as speed dial. • Configure network settings to optimize the voice quality of your phone calls. 25.1.1 What You Can Do in this Chapter These screens allow you to configure your VMG to make phone calls over the Internet and your regular phone line, and to set up the phones you connect to the VMG.
Chapter 25 Voice 25.1.2 What You Need to Know About VoIP VoIP VoIP stands for Voice over IP. IP is the Internet Protocol, which is the message-carrying standard the Internet runs on. So, Voice over IP is the sending of voice signals (speech) over the Internet (or another network that uses the Internet Protocol).
Chapter 25 Voice to enable and configure a SIP account, and map it to a phone port. The SIP account contains information that allows your VMG to connect to your VoIP service provider. Section 25.3.1 on page 269 for how to map a SIP account to a phone port. Use this screen to view SIP account information.
Page 270
Chapter 25 Voice Figure 144 VoIP > SIP > SIP Account > Add new accoun/Edit Each field is described in the following table. Table 112 VoIP > SIP > SIP Account > Add new accoun/Edit LABEL DESCRIPTION SIP Account This field displays ADD_NEW if you are creating a new SIP account or the SIP Selection account you are modifying.
Page 271
Chapter 25 Voice Table 112 VoIP > SIP > SIP Account > Add new accoun/Edit (continued) LABEL DESCRIPTION Apply To Phone Select a phone port on which you want to make or receive phone calls for this SIP account. If you map a phone port to more than one SIP account, there is no way to distinguish between the SIP accounts when you receive phone calls.
Page 272
Chapter 25 Voice Table 112 VoIP > SIP > SIP Account > Add new accoun/Edit (continued) LABEL DESCRIPTION Send Caller ID Select this if you want to send identification when you make VoIP phone calls. Clear this if you do not want to send identification. Enable Call Select this to enable call transfer on the VMG.
Chapter 25 Voice Table 112 VoIP > SIP > SIP Account > Add new accoun/Edit (continued) LABEL DESCRIPTION Warm Line Select this to have the VMG dial the specified warm line number after you pick up the telephone and do not press any keys on the keypad for a period of time. Hot Line Select this to have the VMG dial the specified hot line number immediately when you pick up the telephone.
Chapter 25 Voice Figure 145 VoIP > SIP > SIP Service Provider Each field is described in the following table. Table 113 VoIP > SIP > SIP Service Provider LABEL DESCRIPTION Add new provider This is the index number of the entry. SIP Service This shows the name of the SIP service provider.
Page 275
Chapter 25 Voice • The dot “.” appended to a digit allows the digit to be ignored or repeated multiple times. Any digit (0~9, *, #) after the dot will be ignored. For example, (01.) means a number matching this rule can be 0, 01, 0111, 01111, and so on. •...
Page 276
Chapter 25 Voice Figure 146 VoIP > SIP > SIP Service Provider > Add new provider/Edit Each field is described in the following table. Table 114 VoIP > SIP > SIP Service Provider > Add new provider/Edit LABEL DESCRIPTION SIP Service Provider Selection Service Select the SIP service provider profile you want to use for the SIP account you configure in Provider...
Page 277
Chapter 25 Voice Table 114 VoIP > SIP > SIP Service Provider > Add new provider/Edit (continued) LABEL DESCRIPTION SIP Server Port Enter the SIP server’s listening port number, if your VoIP service provider gave you one. Otherwise, keep the default value. REGISTER Enter the IP address or domain name of the SIP register server, if your VoIP service provider Server Address...
Page 278
Chapter 25 Voice Table 114 VoIP > SIP > SIP Service Provider > Add new provider/Edit (continued) LABEL DESCRIPTION Bound If you select LAN or Any_WAN, the VMG automatically activates the VoIP service when any Interface Name LAN or WAN connection is up. If you select Multi_WAN, you also need to select two or more pre-configured WAN interfaces.
Page 279
Chapter 25 Voice Table 114 VoIP > SIP > SIP Service Provider > Add new provider/Edit (continued) LABEL DESCRIPTION Ignore Direct IP Select Enable to have the connected CPE devices accept SIP requests only from the SIP proxy/register server specified above. SIP requests sent from other IP addresses will be ignored.
Page 280
Chapter 25 Voice Table 114 VoIP > SIP > SIP Service Provider > Add new provider/Edit (continued) LABEL DESCRIPTION No Answer Call Enter the key combinations that you can enter to forward incoming calls to the phone Forward Enable number you specified in the SIP > SIP Account screen if the calls are unanswered. No Answer Call Enter the key combinations that you can enter to turn the no answer call forward function Forward...
Chapter 25 Voice 25.5 The Phone Screen Use this screen to maintain settings that depend on which region of the world the VMG is in. To access this screen, click VoIP > Phone. Figure 147 VoIP > Phone Each field is described in the following table. Table 115 VoIP >...
Chapter 25 Voice Figure 148 VoIP > Call Rule Each field is described in the following table. Table 116 VoIP > Call Rule LABEL DESCRIPTION Clear all speed Click this to erase all the speed-dial entries on this screen. dials Keys This field displays the speed-dial number you should dial to use this entry.
Chapter 25 Voice Figure 149 VoIP > Call History > Call History Summary Each field is described in the following table. Table 117 VoIP > Call History > Call History Summary LABEL DESCRIPTION Refresh Click this button to renew the call history list. Clear All Click this button to remove all entries from the call history list.
Chapter 25 Voice Table 118 VoIP > Call History > Call History Outgoing LABEL DESCRIPTION phone port This is the phone port on which you made the call. phone number This is the SIP number you called. duration This displays how long the call lasted. 25.9 The Call History Incoming Calls Screen Use this screen to see detailed information for each incoming call from someone calling you.
Page 285
Chapter 25 Voice Circuit-switched telephone networks require 64 kilobits per second (Kbps) in each direction to handle a telephone call. VoIP can use advanced voice coding techniques with compression to reduce the required bandwidth. The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.
Page 286
Chapter 25 Voice The VMG attempts to register all enabled subscriber ports when it is switched on. When you enable a subscriber port that was previously disabled, the VMG attempts to register the port immediately. Authorization Requirements SIP registrations (and subsequent SIP requests) require a username and password for authorization.
Page 287
Chapter 25 Voice Figure 153 SIP Proxy Server SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server.
Page 288
Chapter 25 Voice Figure 154 SIP Redirect Server SIP Register Server A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register. When you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is used to handle voice data transfer.
Page 289
Chapter 25 Voice Table 120 SIP Call Progression (continued) 6. BYE 7. OK A sends a SIP INVITE request to B. This message is an invitation for B to participate in a SIP telephone call. B sends a response indicating that the telephone is ringing. B sends an OK response after the call is answered.
Page 290
Chapter 25 Voice The following table shows the SIP call progression. Table 121 SIP Call Progression UA 1 PROXY 1 PROXY 2 UA 2 Invite Invite 100 Trying Invite 100 Trying 180 Ringing 180 Ringing 180 Ringing 200 OK 200 OK 200 OK 200 OK User Agent 1 sends a SIP INVITE request to Proxy 1.
Page 291
Chapter 25 Voice • G.726 is an Adaptive Differential PCM (ADPCM) waveform codec that uses a lower bitrate than standard PCM conversion. ADPCM converts analog audio into digital signals based on the difference between each audio sample and a prediction based on previous samples. The more similar the audio sample is to the prediction, the less space needed to describe it.
Chapter 25 Voice Pick up the phone and press “****” on your phone’s keypad and wait for the message that says you are in the configuration menu. Press a number from 1101~1105 on your phone followed by the “#” key. Play your desired music or voice recording into the receiver’s mouthpiece.
Chapter 25 Voice desired. This allows the intermediary DiffServ-compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow. In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going.
Chapter 25 Voice Note: To take full advantage of the supplementary phone services available through the VMG's phone ports, you may need to subscribe to the services from your VoIP service provider. 25.10.2.1 The Flash Key Flashing means to press the hook for a short period of time (a few hundred milliseconds) before releasing it.
Page 295
Chapter 25 Voice European Call Waiting This allows you to place a call on hold while you answer another incoming call on the same telephone (directory) number. If there is a second call to a telephone number, you will hear a call waiting tone. Take one of the following actions.
Page 296
Chapter 25 Voice After pressing the flash key, if you do not issue the sub-command before the default sub-command timeout (2 seconds) expires or issue an invalid sub-command, the current operation will be aborted. Table 124 USA Flash Key Commands COMMAND SUB-COMMAND DESCRIPTION...
Chapter 25 Voice Hang up the phone to drop the connection. If you want to separate the activated three-way conference into two individual connections (with party A on-line and party B on hold), press the flash key. If you want to go back to the three-way conversation, press the flash key again. If you want to separate the activated three-way conference into two individual connections again, press the flash key.
Page 298
Chapter 25 Voice VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER 26.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the VMG log and then display the logs or have the VMG send them to an administrator (as e-mail) or to a syslog server. 26.1.1 What You Can Do in this Chapter •...
Chapter 26 Log Table 126 Syslog Severity Levels CODE SEVERITY Notice: There is a normal but significant condition on the system. Informational: The syslog contains an informational message. Debug: The message is intended for debug-level purposes. 26.2 The System Log Screen Use the System Log screen to see the system logs.
Chapter 26 Log 26.3 The Security Log Screen Use the Security Log screen to see the security-related logs for the categories that you select. Click System Monitor > Log > Security Log to open the following screen. Figure 158 System Monitor > Log > Security Log The following table describes the fields in this screen.
Page 302
Chapter 26 Log VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER Traffic Status 27.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. 27.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 27.2 on page 303).
Chapter 27 Traffic Status The following table describes the fields in this screen. Table 129 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Connected This shows the name of the WAN interface that is currently connected. Interface Packets Sent Data This indicates the number of transmitted packets on this interface.
Chapter 27 Traffic Status Figure 160 System Monitor > Traffic Status > LAN The following table describes the fields in this screen. Table 130 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Interface This shows the LAN or WLAN interface.
Page 306
Chapter 27 Traffic Status Figure 161 System Monitor > Traffic Status > NAT The following table describes the fields in this screen. Table 131 System Monitor > Traffic Status > NAT LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Device Name This displays the name of the connected host.
HAPTER VoIP Status 28.1 The VoIP Status Screen Click System Monitor > VoIP Status to open the following screen. You can view the VoIP registration, current call status and phone numbers in this screen. Figure 162 System Monitor > VoIP Status The following table describes the fields in this screen.
Page 308
Chapter 28 VoIP Status Table 132 System Monitor > VoIP Status (continued) LABEL DESCRIPTION Registration This field displays the last time the VMG successfully registered the SIP account. The field is Time blank if the VMG has never successfully registered this account. This field displays the account number and service domain of the SIP account.
HAPTER ARP Table 29.1 Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long.
Chapter 29 ARP Table 29.2 ARP Table Screen Use the ARP table to view IP-to-MAC address mapping(s). To open this screen, click System Monitor > ARP Table. Figure 163 System Monitor > ARP Table The following table describes the labels in this screen. Table 133 System Monitor >...
HAPTER Routing Table 30.1 Overview Routing is based on the destination address only and the VMG takes the shortest path to forward a packet. 30.2 The Routing Table Screen Click System Monitor > Routing Table to open the following screen. Figure 164 System Monitor >...
Page 312
Chapter 30 Routing Table Table 134 System Monitor > Routing Table (continued) LABEL DESCRIPTION Flag This indicates the route status. U-Up: The route is up. !-Reject: The route is blocked and will force a route lookup to fail. G-Gateway: The route uses a gateway to forward traffic. H-Host: The target of the route is a host.
HAPTER IGMP/MLD Status 31.1 Overview Use the IGMP Status screens to look at IGMP/MLD group status and traffic statistics. 31.2 The IGMP/MLD Group Status Screen Use this screen to look at the current list of multicast groups the VMG has joined and which ports have joined it.
Page 314
Chapter 31 IGMP/MLD Status Table 135 System Monitor > IGMP/MLD Group Status (continued) LABEL DESCRIPTION Filter Mode INCLUDE means that only the IP addresses in the Source List get to receive the multicast group’s traffic. EXCLUDE means that the IP addresses in the Source List are not allowed to receive the multicast group’s traffic but other IP addresses can.
HAPTER xDSL Statistics 32.1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics. Click System Monitor > xDSL Statistics to open the following screen. Figure 166 System Monitor > xDSL Statistics VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 316
Chapter 32 xDSL Statistics VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 317
Chapter 32 xDSL Statistics The following table describes the labels in this screen. Table 136 Status > xDSL Statistics LABEL DESCRIPTION Refresh Interval Select the time interval for refreshing statistics. Line Select which DSL line’s statistics you want to display. xDSL Training This displays the current state of setting up the DSL connection.
Page 318
Chapter 32 xDSL Statistics Table 136 Status > xDSL Statistics (continued) LABEL DESCRIPTION Downstream These are the statistics for the traffic direction coming into the port from the service provider. Upstream These are the statistics for the traffic direction going out from the port to the service provider.
HAPTER 3G Statistics 33.1 Overview Use the 3G Statistics screens to look at 3G Internet connection status. 33.2 The 3G Statistics Screen To open this screen, click System Monitor > 3G Statistics. The 3G status is available on this screen only when you insert a compatible 3G dongle in a USB port on the VMG. Figure 167 System Monitor >...
Page 320
Chapter 33 3G Statistics Table 137 System Monitor > 3G Statistics (continued) LABEL DESCRIPTION Connection This field displays the time the connection has been up. Uptime 3G Card This field displays the manufacturer of the 3G card. Manufacturer 3G Card Model This field displays the model name of the 3G card.
HAPTER User Account 34.1 Overview A user account is the In the Users Account screen, you can change the password of the “admin” user account that you used to log in the VMG. 34.2 The User Account Screen Click Maintenance > User Account to open the following screen. Figure 168 Maintenance >...
Chapter 34 User Account Table 138 Maintenance > User Account (continued) (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 34.2.1 The User Account Add/Edit Screen Click Add new user or the Edit icom of an existign account in the Maintenance > User Account to open the following screen.
HAPTER Remote Management 35.1 Overview Remote management controls through which interface(s), which services can access the VMG. Note: The VMG is managed using the Web Configurator. 35.2 The Remote MGMT Screen Use this screen to configure through which interface(s), which services can access the VMG. You can also specify the port numbers the services must use to connect to the VMG.
Chapter 35 Remote Management The following table describes the fields in this screen. Table 140 Maintenance > Remote MGMT LABEL DESCRIPTION WAN Interface Select Any WAN to have the VMG automatically activate the remote management service used for when any WAN connection is up. services Select Multi WAN and then select one or more WAN connections to have the VMG activate the remote management service when the selected WAN connections are up.
Chapter 35 Remote Management The following table describes the fields in this screen. Table 141 Maintenance > Remote MGMT > Trust Domain LABEL DESCRIPTION Add Trust Click this to add a trusted host IP address. Domain IPv4 Address This field shows a trusted host IP address. Delete Click the Delete icon to remove the trust IP address.
Page 326
Chapter 35 Remote Management VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER TR-069 Client 36.1 Overview This chapter explains how to configure the VMG’s TR-069 auto-configuration settings. 36.2 The TR-069 Client Screen TR-069 defines how Customer Premise Equipment (CPE), for example your VMG, can be managed over the WAN by an Auto Configuration Server (ACS). TR-069 is based on sending Remote Procedure Calls (RPCs) between an ACS and a client device.
Page 328
Chapter 36 TR-069 Client The following table describes the fields in this screen. Table 143 Maintenance > TR-069 Client LABEL DESCRIPTION Inform Select Enable for the VMG to send periodic inform via TR-069 on the WAN. Otherwise, select Disable. Inform Interval Enter the time interval (in seconds) at which the VMG sends information to the auto- configuration server.
HAPTER TR-064 37.1 Overview This chapter explains how to configure the VMG’s TR-064 auto-configuration settings. 37.2 The TR-064 Screen TR-064 is a LAN-Side DSL CPE Configuration protocol defined by the DSL Forum. TR-064 is built on top of UPnP. It allows the users to use a TR-064 compliant CPE management application on their computers from the LAN to discover the CPE and configure user-specific parameters, such as the username and password.
Page 330
Chapter 37 TR-064 VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER SNMP 38.1 Overview This chapter explains how to configure the SNMP settings on the VMG. 38.2 The SNMP Screen Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Your VMG supports SNMP agent functionality, which allows a manager station to manage and monitor the VMG through the network.
Page 332
Chapter 38 SNMP SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: • Get - Allows the manager to retrieve an object variable from the agent. •...
HAPTER Time Settings 39.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 39.2 The Time Screen To change your VMG’s time and date, click Maintenance > Time. The screen appears as shown. Use this screen to configure the VMG’s time based on your local time zone.
Page 334
Chapter 39 Time Settings Table 146 Maintenance > Time (continued) LABEL DESCRIPTION Current Date This field displays the date of your VMG. Each time you reload this page, the VMG synchronizes the date with the time server. NTP Time Server First ~ Fifth NTP Select an NTP time server from the drop-down list box.
HAPTER E-mail Notification 40.1 Overview A mail server is an application or a computer that runs such an application to receive, forward and deliver e-mail messages. To have the VMG send reports, logs or notifications via e-mail, you must specify an e-mail server and the e-mail addresses of the sender and receiver.
Chapter 40 E-mail Notification 40.2.1 Email Notification Edit Click the Add button in the Email Notification screen. Use this screen to configure the required information for sending e-mail via a mail server. Figure 179 Email Notification > Add The following table describes the labels in this screen. Table 148 Email Notification >...
HAPTER Log Setting 41.1 Overview You can configure where the VMG sends logs and which logs and/or immediate alerts the VMG records in the Logs Setting screen. 41.2 The Log Settings Screen To change your VMG’s log settings, click Maintenance > Logs Setting. The screen appears as shown.
Chapter 41 Log Setting The following table describes the fields in this screen. Table 149 Maintenance > Logs Setting LABEL DESCRIPTION Syslog Setting Syslog Logging The VMG sends a log to an external syslog server. Select Enable to enable syslog logging. Mode Select the syslog destination from the drop-down list box.
Page 339
Chapter 41 Log Setting • "End of Log" message shows that a complete log has been sent. Figure 181 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP...
Page 340
Chapter 41 Log Setting VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER Firmware Upgrade 42.1 Overview This chapter explains how to upload new firmware to your VMG. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your VMG.
Page 342
Chapter 42 Firmware Upgrade Table 150 Maintenance > Firmware Upgrade LABEL DESCRIPTION Upgrade Firmware Current This is the present Firmware version and the date created. Firmware Version File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse...
Page 343
Chapter 42 Firmware Upgrade Figure 185 Error Message VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 344
Chapter 42 Firmware Upgrade VMG8924-B10A and VMG8924-B30A Series User’s Guide...
HAPTER Configuration 43.1 Overview The Configuration screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 43.2 The Configuration Screen Click Maintenance > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Page 346
Chapter 43 Configuration Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your VMG. Table 151 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse...
Chapter 43 Configuration Figure 189 Reset Warning Message Figure 190 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your VMG. Refer to Section 1.6 on page 24 for more information on the RESET button.
HAPTER Diagnostic 44.1 Overview The Diagnostic screens display information to help you identify problems with the VMG. The route between a CO VDSL switch and one of its CPE may go through switches owned by independent organizations. A connectivity fault point generally takes time to discover and impacts subscriber’s network access.
Chapter 44 Diagnostic 44.3 Ping & TraceRoute & NsLookup Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance > Diagnostic > Ping&TraceRoute&NsLookup to open the screen shown next. Figure 192 Maintenance > Diagnostic > Ping &TraceRoute&NsLookup The following table describes the fields in this screen.
Chapter 44 Diagnostic Figure 193 Maintenance > Diagnostic > 802.1ag The following table describes the fields in this screen. Table 153 Maintenance > Diagnostic > 802.1ag LABEL DESCRIPTION 802.1ag Connectivity Fault Management Maintenance Select a level (0-7) under which you want to create an MA. Domain (MD) Level Destination...
Page 351
Chapter 44 Diagnostic ATM sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel (VC) Logical connections between ATM devices • Virtual Path (VP) A bundle of virtual channels • Virtual Circuits A series of virtual paths between circuit end points Figure 194 Virtual Circuit Topology...
Page 352
Chapter 44 Diagnostic Figure 195 Maintenance > Diagnostic > OAM Ping The following table describes the fields in this screen. Table 154 Maintenance > Diagnostic > OAM Ping LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test. F4 segment Press this to perform an OAM F4 segment loopback test.
HAPTER Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • VMG Access and Login • Internet Access • Wireless Internet Access •...
Chapter 45 Troubleshooting If the problem continues, contact the vendor. 45.2 VMG Access and Login I forgot the IP address for the VMG. The default LAN IP address is 192.168.1.1. If you changed the IP address and have forgotten it, you might get the IP address of the VMG by looking up the IP address of the default gateway for your computer.
Page 355
Chapter 45 Troubleshooting Reset the device to its factory defaults, and try to access the VMG with the default IP address. See Section 1.6 on page If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.
Chapter 45 Troubleshooting 45.3 Internet Access I cannot access the Internet. Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page Make sure you entered your ISP account information correctly in the Network Setting > Broadband screen.
Chapter 45 Troubleshooting Make sure you have the Ethernet WAN port connected to a MODEM or Router. Make sure you converted LAN port number four as WAN. Click Enable in Network Setting > Broadband > Ethernet WAN screen. Make sure you configured a proper EthernetWAN interface (Network Setting > Broadband screen) with the Internet account information provided by your ISP and that it is enabled.
Chapter 45 Troubleshooting • Building Materials: metal doors, aluminum studs. • Electrical devices: microwaves, monitors, electric motors, cordless phones, and other wireless devices. To optimize the speed and quality of your wireless connection, you can: • Move your wireless device closer to the AP if the signal strength is low. •...
Page 359
Chapter 45 Troubleshooting Disconnect the Ethernet cable from the VMG’s LAN port or from your computer. Re-connect the Ethernet cable. The Local Area Connection icon for UPnP disappears in the screen. Restart your computer. VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 360
Chapter 45 Troubleshooting VMG8924-B10A and VMG8924-B30A Series User’s Guide...
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 364
• ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.th Vietnam • ZyXEL Communications Corporation-Vietnam Office • http://www.zyxel.com/vn/vi Europe Austria • ZyXEL Deutschland GmbH • http://www.zyxel.de VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 365
• ZyXEL BY • http://www.zyxel.by Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland •...
Page 366
• ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Spain • http://www.zyxel.es Sweden • ZyXEL Communications • http://www.zyxel.se Switzerland •...
Page 367
• ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Egypt • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml Middle East • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.us.zyxel.com/ VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 368
Appendix A Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za VMG8924-B10A and VMG8924-B30A Series User’s Guide...
PP EN D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Page 370
Appendix B Wireless LANs Figure 197 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 371
Appendix B Wireless LANs Figure 198 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference.
Page 372
Appendix B Wireless LANs RTS/CTS Figure 199 When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 373
Appendix B Wireless LANs IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range.
Page 374
Appendix B Wireless LANs • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients.
Page 375
Appendix B Wireless LANs shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication.
Page 376
Appendix B Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 377
Appendix B Wireless LANs WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not.
Page 378
Appendix B Wireless LANs pre-authentication. These two features are optional and may not be supported in all wireless devices. Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again.
Page 379
Appendix B Wireless LANs Figure 200 WPA(2) with RADIUS Application Example WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols).
Appendix B Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 158 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTIO...
Page 381
Appendix B Wireless LANs 2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a range increase of approximately 5%. Actual results may vary depending on the network environment. Antenna gain is sometimes specified in dBi, which is how much the antenna increases the signal power compared to using an isotropic antenna.
Page 382
Appendix B Wireless LANs VMG8924-B10A and VMG8924-B30A Series User’s Guide...
PP EN D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 addresses.
Page 384
Appendix C IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address.
Page 385
Appendix C IPv6 Table 161 Reserved Multicast Address (continued) MULTICAST ADDRESS FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Page 386
Appendix C IPv6 the time T2 is reached and the server does not respond, the client sends a Rebind message to any available server (S2). For an IA_TA, the client may send a Renew or Rebind message at the client's discretion.
Page 387
Appendix C IPv6 • Neighbor advertisement: A response from a node to announce its link-layer address. • Router solicitation: A request from a host to locate a router that can act as the default router and forward packets. • Router advertisement: A response to a router solicitation or a periodical multicast advertisement from a router to advertise its presence and other parameters.
Page 388
Appendix C IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses.
Page 389
Appendix C IPv6 Click Start and then OK. Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
Page 390
Appendix C IPv6 Click Close to exit the Local Area Connection Status screen. Select Start > All Programs > Accessories > Command Prompt. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:...
PP EN D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. •...
Page 392
Appendix D Services Table 162 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined The IPSEC AH (Authentication Header) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. AUTH Authentication protocol used by some servers. Border Gateway Protocol. BOOTP_CLIENT DHCP Client.
Page 393
Appendix D Services Table 162 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments. NNTP Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.
Page 394
Appendix D Services Table 162 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SYSLOG Syslog allows you to send system logs to a UNIX server. TACACS Login Host Protocol used for (Terminal Access Controller Access Control System). TELNET Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments.
Page 395
Appendix D Services VMG8924-B10A and VMG8924-B30A Series User’s Guide...
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 397
Appendix E Legal Information Industry Canada RSS-GEN & RSS-210 statement • This device complies with Industry Canada license-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device.
Page 398
Appendix E Legal Information Italiano Con la presente ZyXEL dichiara che questo attrezzatura è conforme ai requisiti essenziali ed alle altre disposizioni (Italian) pertinenti stabilite dalla direttiva 1999/5/CE. Latviešu valoda Ar šo ZyXEL deklarē, ka iekārtas atbilst Direktīvas 1999/5/EK būtiskajām prasībām un citiem ar to saistītajiem (Latvian) noteikumiem.
Appendix E Legal Information 2.4 GHz frekvenèu joslas izmantoðanai ârpus telpâm nepiecieðama atïauja no Elektronisko sakaru direkcijas. Vairâk informâcijas: http:// www.esd.lv. Notes: 1. Although Norway, Switzerland and Liechtenstein are not EU member states, the EU Directive 2014/53/EU has also been implemented in those countries.
Page 400
Appendix E Legal Information Environment statement ErP (Energy-related Products) ZyXEL products put on the EU market in compliance with the requirement of the European Parliament and the Council published Directive 2009/125/EC establishing a framework for the setting of ecodesign requirements for energy-related products (recast), so called as "ErP Directive (Energy-related Products directive) as well as ecodesign requirement laid down in applicable implementing measures, power consumption has satisfied regulation requirements which are: Network standby power consumption <...
Page 401
Appendix E Legal Information Environmental Product Declaration VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Appendix E Legal Information 台灣 以下訊息僅適用於產品銷售至台灣地區 第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。 前項合法通信,指依電信法規定作業之無線電通信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 Viewing Certifications Go to http://www.zyxel.com to view this product’s documentation and certifications. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in material or workmanship for a specific period (the Warranty Period) from the date of purchase.
Index Index Basic Service Set, See BSS Basic Service Set, see BSS blinking LEDs ACK message Broadband ACL rule broadcast activation 123, 369 example firewalls media server BYE request SIP ALG SSID adding a printer example Address Resolution Protocol administrator password 243, 375 call history algorithms...
Page 404
Index link trace test DUID loopback test differentiated services Differentiated Services, see DiffServ Diffie-Hellman key groups DiffServ channel marking rule interference DiffServ (Differentiated Services) channel, wireless LAN code points CHAP marking rule Class of Service digital IDs Class of Service, see CoS disclaimer client list DLNA...
Page 405
Index MPPE HTTP encryption 122, 377 Europe type call service mode Extended Service Set IDentification IBSS 103, 109 Extended Service Set, See ESS ICMPv6 Extensible Authentication Protocol, see EAP ID type and content IEEE 802.11g IEEE 802.1Q IGMP multicast group list Fast Leave 199, 313 version...
Page 406
Index IPSec VPN passwords IPv6 logs 75, 383 299, 303, 313, 319, 337 addressing Loop Back Response, see LBR 75, 98, 383 EUI-64 loopback global address interface ID link-local address Neighbor Discovery Protocol ping prefix 75, 98, 383 prefix delegation prefix length 75, 98, 383 unspecified address...
Page 407
Index PIN, WPS example Ping of Death 177, 178, 179, 190 Point-to-Point Tunneling Protocol, see PPTP applications IP alias POP3 example port forwarding global ports Power Mgmt Power Mgmt Add inside PPPoE IPSec Benefits local outside PPTP 192, 265 port forwarding preamble 117, 120 port number...
Page 408
Index RADIUS server call progression client Real time Transport Protocol, see RTP identities registration INVITE request 289, 290 product number remote management OK response TR-069 proxy server Remote Procedure Calls, see RPCs redirect server reset 24, 346 register server restart servers service domain restoring configuration...
Page 409
Index SYN attack Uniform Resource Identifier syslog Universal Plug and Play, see UPnP protocol upgrading firmware severity levels UPnP system cautions firmware NAT traversal version USA type call service mode passwords USB features reset status wireless LAN time Vendor ID 144, 145 Virtual Circuit (VC) Virtual Local Area Network See VLAN...
Page 410
Index web configurator pre-authentication login user authentication passwords vs WPA-PSK wireless client supplicant with RADIUS application example WEP Encryption 105, 106 WPA2 WEP encryption user authentication WEP key vs WPA2-PSK Wi-Fi Protected Access wireless client supplicant wireless client WPA supplicants with RADIUS application example Wireless Distribution System, see WDS WPA2-Pre-Shared Key...
Page 411
Index VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Page 412
Index VMG8924-B10A and VMG8924-B30A Series User’s Guide...
Need help?
Do you have a question about the VMG8924-B10A Series and is the answer not in the manual?
Questions and answers