ZyXEL Communications P-2608HWL-Dx Series manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of ZyXEL Communications P-2608HWL-Dx Series, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of ZyXEL Communications P-2608HWL-Dx Series one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of ZyXEL Communications P-2608HWL-Dx Series. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of ZyXEL Communications P-2608HWL-Dx Series should contain:
- informations concerning technical data of ZyXEL Communications P-2608HWL-Dx Series
- name of the manufacturer and a year of construction of the ZyXEL Communications P-2608HWL-Dx Series item
- rules of operation, control and maintenance of the ZyXEL Communications P-2608HWL-Dx Series item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of ZyXEL Communications P-2608HWL-Dx Series alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of ZyXEL Communications P-2608HWL-Dx Series, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the ZyXEL Communications service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of ZyXEL Communications P-2608HWL-Dx Series.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the ZyXEL Communications P-2608HWL-Dx Series item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    P-2608HWL-Dx Series 802.1 1g Wireless ADSL2+ V oIP IAD User ’ s Guide V ersion 3.4 0 10 / 2 0 06 Edition 1[...]

  • Page 2

    [...]

  • Page 3

    P-2608HWL-Dx Series User ’s Guide Copyright 3 Copyright Copyright © 2006 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a whole, transcribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, mechanical , magnetic,[...]

  • Page 4

    P-2608HWL-Dx Series User’s Guide 4 Certifications Certifications Federal Communications Commissi on (FCC) Interference St atement The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference rece ived, including[...]

  • Page 5

    P-2608HWL-Dx Series User ’s Guide Certifications 5 第十二條 經型式 認證合格之低功率射頻電機,非經 許可,公司、商號或使用 者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。 第十四條 低功率 射頻電機之使用不得影響飛航安全 及干擾合法通信;經發現 有干[...]

  • Page 6

    P-2608HWL-Dx Series User’s Guide 6 Safety Warnings Safety W arnings For your safety , be sure to read and fo llow all warning notices and instructions. • Do NOT use this product near water , for exam ple, in a wet basement or nea r a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store thin gs on[...]

  • Page 7

    P-2608HWL-Dx Series User ’s Guide Safety Warnings 7 This product is recyclable . Dispose of it properly .[...]

  • Page 8

    P-2608HWL-Dx Series User’s Guide 8 ZyXEL Limited Warranty ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to two ye ars from the date of purchase. During the warranty period, and upon proof of purchase, should the product have i[...]

  • Page 9

    P-2608HWL-Dx Series User ’s Guide Customer Support 9 Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice. • Brief description of the problem and the steps yo u took to solve i t. METHOD LOCATION S[...]

  • Page 10

    P-2608HWL-Dx Series User’s Guide 10 Customer Suppo rt +” is the (prefix) number you enter to make an interna tional telephone call. NORWAY support@zyxel.no +47-22-80-61-80 www .zyxel.no ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway sales@zyxel.no +47-22-80-61-81 POLAND info@pl.zyxel.com +48 (22) 333 8250 www .pl.zyxel.com ZyXEL [...]

  • Page 11

    P-2608HWL-Dx Series User ’s Guide Table of Contents 11 T able of Content s Copyright .................................................. ................................................................ 3 Certifications ............................................ ................................................................ 4 Safety W arnings .[...]

  • Page 12

    P-2608HWL-Dx Series User’s Guide 12 Table of Contents 3.3 Wireless Connection Wizard Setup .............. ................ ................. ................ .....60 3.3.1 Automatically ass ign a WP A key ................... ................ ................ ............ 63 3.3.2 Manually Assign a WP A key ....................... ................[...]

  • Page 13

    P-2608HWL-Dx Series User ’s Guide Table of Contents 13 7.3 T r affic Shaping ............. ................ ................ ................ ................. ................... ..92 7.3.1 A T M T raffic Classes ............... ................. ................ ................ .................. 93 7.3.1.1 Constant Bit Rate (CBR) ........... [...]

  • Page 14

    P-2608HWL-Dx Series User’s Guide 14 Table of Contents 9.3 Wireless Performance Overview ............... ................ .................... ................ ...122 9.3.1 Quality of Service (QoS) ..... .................... ................ ................ ................ 122 9.4 Additional Wireles s T erms ............... ................. ...[...]

  • Page 15

    P-2608HWL-Dx Series User ’s Guide Table of Contents 15 1 1.1.4 SIP Call Progression ................... ................ ................ ............. ............. 152 1 1.1.5 SIP Client Server .............. .................... ................ ................ ................ 152 1 1.1.5.1 SIP User Agent ........... .................... ...[...]

  • Page 16

    P-2608HWL-Dx Series User’s Guide 16 Table of Contents Chapter 13 Phone Book .............................................................................. ............................ 177 13.1 Phone Book Overview .......... ................ ................... ................ ................ .......177 13.2 S peed Dial Screen ..................[...]

  • Page 17

    P-2608HWL-Dx Series User ’s Guide Table of Contents 17 Chapter 16 Firewall Configuration .................................................................................. ....... 199 16.1 Access Methods ... ............ ................. ................ ................ ................ ............. 199 16.2 Firewall Policies Overview ........[...]

  • Page 18

    P-2608HWL-Dx Series User’s Guide 18 Table of Contents 18.1.2 Additional T opics for IKE SA ....................... ................ ................... .......226 18.1.2.1 Negotiation Mode ....... ................. ................... ................ ............. 226 18.1.2.2 VPN, NA T and NA T T raversal . ............. ................ ......[...]

  • Page 19

    P-2608HWL-Dx Series User ’s Guide Table of Contents 19 Chapter 20 St atic Route ........................................................ ........................................... ....... 273 20.1 S tatic Route ............. ................ ................ ................ ................. ................ ...273 20.2 Configuring S tatic Rout[...]

  • Page 20

    P-2608HWL-Dx Series User’s Guide 20 Table of Contents 23.6 Configuring FTP .............. ................. ................ ................... ................ .......... 298 23.7 SNMP ............... ................ ................. ................ ................... ................ .......... 299 23.7.1 Supported MIBs ...................[...]

  • Page 21

    P-2608HWL-Dx Series User ’s Guide Table of Contents 21 27.5.2 Restore Configuratio n ............. ................ ................ ................ ............. 335 27.5.3 Reset to Factory De faults ... ................. ................ ................ ................ 336 27.6 Restart ........... ................ ................ ..........[...]

  • Page 22

    P-2608HWL-Dx Series User’s Guide 22 Table of Contents Windows 95/98/Me ........... ................ ................... ................ ................. .................. 367 Configuring ......... ................ ................. ................ ................ ................ ............ 369 V erifying Settings ....... ................ [...]

  • Page 23

    P-2608HWL-Dx Series User ’s Guide Table of Contents 23 Log Commands ...................... ................ .................... ................ ................ ............ 412 Configuring What Y ou W ant the ZyXEL D evice to Log ........................ ............ 412 Displaying Logs ............ ................ ................ ..........[...]

  • Page 24

    P-2608HWL-Dx Series User’s Guide 24 Table of Contents[...]

  • Page 25

    P-2608HWL-Dx Series User ’s Guide List of Figure s 25 List of Figures Figure 1 ZyXEL Device’s V oIP Feat ures ... ................... ................ ................ .......... 41 Figure 2 Internet Access ......... ................. ................ ................... ................ .......... 42 Figure 3 LEDs .......... ..................[...]

  • Page 26

    P-2608HWL-Dx Series User’s Guide 26 List of Figures Figure 39 Bandwidth Management Wizard: Complete ....... .................... ................ 77 Figure 40 S tatus Screen ........... ................. ................... ................ ................ .......... 79 Figure 41 Any IP T able .......... .................... ................ ...[...]

  • Page 27

    P-2608HWL-Dx Series User ’s Guide List of Figure s 27 Figure 82 Edit Address Mappin g Rule ..................... ................ ................ ............. 148 Figure 83 Network > NA T > ALG ................. ................ ................ ................... ....... 150 Figure 84 SIP User Agent ........ .................... .......[...]

  • Page 28

    P-2608HWL-Dx Series User’s Guide 28 List of Figures Figure 125 VPN: T ransport and T unnel Mo de Encapsulation ...................... .......... 228 Figure 126 VPN Setup .......... ................ ................. ................ ................... ............. 231 Figure 127 Edit VPN Policies ...................... ................ ........[...]

  • Page 29

    P-2608HWL-Dx Series User ’s Guide List of Figure s 29 Figure 168 Configuring UPnP ............... ................. ................ ................ ................ 308 Figure 169 Add/Remove Prog rams: Windows Setup: Communication ........... ....... 310 Figure 170 Add/Remove Programs: Windows Setup: Communication: Componen ts 310 Figure 171 Ne[...]

  • Page 30

    P-2608HWL-Dx Series User’s Guide 30 List of Figures Figure 210 Java (Sun) ..... ................ ................... ................ ................. ................... 359 Figure 21 1 WIndows 95/98/Me: Network: Conf iguration .............. ................... ....... 368 Figure 212 Windows 95/98/Me: TCP/IP Prope rties: IP Address ...........[...]

  • Page 31

    P-2608HWL-Dx Series User ’s Guide List of Figure s 31 Figure 253 Internal SPTGEN FTP Downlo ad Example ........... ................... .......... 417 Figure 254 Internal SPTGEN FTP Upload Example .......... .................... ................ 417[...]

  • Page 32

    P-2608HWL-Dx Series User’s Guide 32 List of Figures[...]

  • Page 33

    P-2608HWL-Dx Series User ’s Guide List of Tables 33 List of T ables T able 1 Models Covered ................ ................ ................... ................. ................... 41 T able 2 LEDs .................. ................ ................ ................ ................ .................... ... 43 T able 3 Web Configurator Icons [...]

  • Page 34

    P-2608HWL-Dx Series User’s Guide 34 List of Tables T able 39 Wireless: WP A(2) .. ................ .................... ................ ................... .......... 128 T able 40 Wireless LAN: Advanced ........... ................ ................... ................... ....... 130 T able 41 Network > Wireless LAN > OTIST ...............[...]

  • Page 35

    P-2608HWL-Dx Series User ’s Guide List of Tables 35 T able 82 VPN Example: Mismatching ID T ype and Content .............. ................... 225 T able 83 VPN Setup ............. ................ .................... ................ ................ ............. 231 T able 84 Edit VPN Policies ... .................... ................ .......[...]

  • Page 36

    P-2608HWL-Dx Series User’s Guide 36 List of Tables T able 123 Configuring UPnP ............................. .................... ................ ................ 309 T able 124 System G eneral Setup .. ................... ................ .................... ................ 320 T able 125 System Time Setting ......... ................ .......[...]

  • Page 37

    P-2608HWL-Dx Series User ’s Guide List of Tables 37 T able 166 CDR Logs ................... ................ ................ ................ ................ .......... 406 T able 167 PPP Logs .... ................ ................ ................ ................ ................... ....... 406 T able 168 UPnP Logs .......................... [...]

  • Page 38

    P-2608HWL-Dx Series User’s Guide 38 List of Tables[...]

  • Page 39

    P-2608HWL-Dx Series User ’s Guide Preface 39 Preface Congratulations on you r purchase of the P-2608HWL-Dx ADSL V oIP IAD with 802.1 1g W ireless (the “ZyXEL Device”). Y our ZyXEL Device is easy to install and configure. About This U ser's Guide This manual is designed to gu ide you through the configuratio n of your ZyXEL Device for its[...]

  • Page 40

    P-2608HWL-Dx Series User’s Guide 40 Preface • The P-2608HWL-Dx series may be referred to as the ”ZyXEL Device” or the “device” in this user ’ s guide. This refers to all mode ls (ADSL over POTS, ADSL over ISD N and ADSL over T -ISDN) unless specifically identified. Graphics Icons Key ZyXEL Device Computer Notebook computer Server Swit[...]

  • Page 41

    P-2608HWL-Dx Series User ’s Guide Chapter 1 Getting To Know the ZyXEL Device 41 C HAPTER 1 Getting T o Know the ZyXEL Device This chapter introduces the main features and applications of the ZyXEL Device. 1.1 Overview The P-2608HWL-Dx series are Integrated Ac cess Devices (IADs) that combine an ADSL2+ router with V oice over IP (V oIP) communicat[...]

  • Page 42

    P-2608HWL-Dx Series User’s Guide 42 Chapter 1 Getting To Know the ZyXEL Device 1.1.2 DSL Router Y our ZyXEL Device is an ideal solution for fast Internet access. Comput ers can connect to the ZyXEL Device’ s LAN ports (or wirelessly) and use it as a gateway to the Internet. Figure 2 Internet Access Y ou can also configure firewall and content f[...]

  • Page 43

    P-2608HWL-Dx Series User ’s Guide Chapter 1 Getting To Know the ZyXEL Device 43 The following table describes your device’ s LEDs. Table 2 LEDs LIGHT COLOR ST ATUS DESCRIPTION POWER Green On Y o ur device is receiving power and functioning properly . Blinking Y our device is reboot ing and performing a self-test. Red On Y o ur device is not rec[...]

  • Page 44

    P-2608HWL-Dx Series User’s Guide 44 Chapter 1 Getting To Know the ZyXEL Device[...]

  • Page 45

    P-2608HWL-Dx Series User ’s Guide Chapter 2 Introducing the Web Configur ator 45 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to access and navigate the web configurator . 2.1 W eb Configurator Overview The web configur ator is an HTML-based managem e nt interface that allows easy device setup and management via Interne[...]

  • Page 46

    P-2608HWL-Dx Series User’s Guide 46 Chapter 2 Introducing the Web Configurator Figure 4 Password Screen 5 The following screen displays if you have no t yet changed your password. It is highly recommended you change the default passwo rd. Enter a new passwor d, retype it to confirm and click Apply ; alternatively click Ignor e to proceed to the m[...]

  • Page 47

    P-2608HWL-Dx Series User ’s Guide Chapter 2 Introducing the Web Configur ator 47 Figure 6 Factory Default Certificate 7 A screen displays to let you choose whether to go to the wizard or the advanced screens. • Click Go to W izard setup if you are logging in for the firs t time or if you want to make basic changes. The wizard selectio n screen [...]

  • Page 48

    P-2608HWL-Dx Series User’s Guide 48 Chapter 2 Introducing the Web Configurator 2.1.2 The RESET Button Y ou can use the RESET button on the sid e of the device to reboot the device. If you for get your password or cannot access the web configurator , you will need to use the RESET button to reload the factory-default conf iguration file. This mean[...]

  • Page 49

    P-2608HWL-Dx Series User ’s Guide Chapter 2 Introducing the Web Configur ator 49 • B - navigation panel • C - main window • D - status bar 2.2.1 T itle Bar The title bar provides some icon s in the upper right corner . The icons provide th e following functions. 2.2.2 Navigation Panel Use the men u items on the na vigation panel to open scr[...]

  • Page 50

    P-2608HWL-Dx Series User’s Guide 50 Chapter 2 Introducing the Web Configurator Wireless LAN General Use this screen to configure the wireless LAN settings and WLAN authentication/security settings. OTIST Use this screen to configure a setup key for OTIST as well as start OTIST on the ZyXEL Device. MAC Filter Use this screen to configure the ZyXEL[...]

  • Page 51

    P-2608HWL-Dx Series User ’s Guide Chapter 2 Introducing the Web Configur ator 51 VPN Setup Use this screen to config ure each VPN tunnel. Monitor Use this screen to look at t he current status of each VPN tunnel. VPN Global Setting Use this screen to allow NetBIOS traffic through VPN tunnels. Certificates My Certific ates Use this screen to gener[...]

  • Page 52

    P-2608HWL-Dx Series User’s Guide 52 Chapter 2 Introducing the Web Configurator Main W indow The main window displays informa tion and configuration fields. It is discussed in the rest of this document. Right after you log in, the St a t u s screen is displayed. See Ch apter 6 on page 79 for more information about the St a t u s screen. 2.2.3 St a[...]

  • Page 53

    P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 53 C HAPTER 3 Internet and Wireless Setup Wi z a r d This chapter provides informatio n on the W izard Setup screens for Internet access in the web configurator . 3.1 Introduction Use the wizard setup screens to configure your system for Internet access with the infor[...]

  • Page 54

    P-2608HWL-Dx Series User’s Guide 54 Chapter 3 Internet and Wireless Setup Wizar d Figure 10 Wizard Welcome 3 Y our ZyXEL Device attempts to detect your DSL connectio n and your connection type. a The following screen appears if a conn ection is not detected. Check your hardware connections and click Restart the Internet/Wireless Setup Wiz ar d to[...]

  • Page 55

    P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 55 Figure 12 Auto-Detection: PPPoE c The following screen appears if the Zy XEL Device detects a connection but not the connection type. Click Next and refer to Section 3.2.1 o n page 55 on how to manually configure the ZyXEL Device for Internet access. Figure 13 Auto[...]

  • Page 56

    P-2608HWL-Dx Series User’s Guide 56 Chapter 3 Internet and Wireless Setup Wizar d Figure 14 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. T able 5 Internet Access Wizar d Setup: ISP Parame ters LABEL DESCRIPTION Mode Fro m the Mode drop-down list box, select Routing (default) if your ISP all[...]

  • Page 57

    P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 57 2 The next wizard screen varies depending on wh at mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 3.3 on page 6 0 for wireless connection wizard setup Figure 15 Internet Con[...]

  • Page 58

    P-2608HWL-Dx Series User’s Guide 58 Chapter 3 Internet and Wireless Setup Wizar d The following table describes the fields in this screen. Figure 17 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Table 7 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you sele[...]

  • Page 59

    P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 59 Figure 18 Internet Connection with PPPoA The following table describes the fields in this screen. • If the user name and/or password you ente red for PPPoE or PPPoA connection are not correct, the screen displays as shown next. Click Back to Username and Password[...]

  • Page 60

    P-2608HWL-Dx Series User’s Guide 60 Chapter 3 Internet and Wireless Setup Wizar d Figure 19 Connection T est Failed- 1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wir ele ss Setup W izard to verify your In ternet access settings. Figure 20 Connection T est Failed- 2. 3.3 Wireless Connecti[...]

  • Page 61

    P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 61 Figure 21 Connection T est Successful 2 Use this screen to activate the wireless LAN. Click Next to continue. Figure 22 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. Table 10 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Activ[...]

  • Page 62

    P-2608HWL-Dx Series User’s Guide 62 Chapter 3 Internet and Wireless Setup Wizar d 3 Configure your wireless settin gs in this screen. Click Next . Figure 23 Wireless LAN The following table describes the labels in this screen. Note: The wireless stations and ZyXEL Device must use the same SSID, channel ID and WEP encryption key (if WEP is enabled[...]

  • Page 63

    P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 63 4 This screen varies depending on the security mode you selected in the previous screen. Fill in the field (if available) and click Next . 3.3.1 Automatically assign a WP A key Choose Manually assign a WP A ke y in the W ireless LAN setup screen to allow the ZyXEL [...]

  • Page 64

    P-2608HWL-Dx Series User’s Guide 64 Chapter 3 Internet and Wireless Setup Wizar d Figure 25 Manually Assign a WEP key The following table describes the labels in this screen. 5 Click Apply to save your wireless LAN settings. Table 13 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data. Both the ZyXEL Device and t[...]

  • Page 65

    P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 65 Figure 26 Wireless LAN Setup 3 6 Use the read-only summary table to check whet her what you have configured is correct. Click Finish to complete and save the wizard setup. Note: No wireless LAN settings display if you chose not to configure wireless LAN settings. F[...]

  • Page 66

    P-2608HWL-Dx Series User’s Guide 66 Chapter 3 Internet and Wireless Setup Wizar d[...]

  • Page 67

    P-2608HWL-Dx Series User ’s Guide Chapter 4 VoIP Wizard And Example 67 C HAPTER 4 V oIP Wizard And Example This chapter shows you how to configure your SIP account(s) and make a V oIP phone call. 4.1 Introduction The ZyXEL Device has V oice over IP (V oIP) communication capabili ties that allow you to use a traditional analog telephone to make In[...]

  • Page 68

    P-2608HWL-Dx Series User’s Guide 68 Chapter 4 VoIP Wizard And Example Figure 29 Select a Mode 2 Click V OICE OVER INTERNET SETUP to configure your SIP settings. Figure 30 Wizard: Welcome[...]

  • Page 69

    P-2608HWL-Dx Series User ’s Guide Chapter 4 VoIP Wizard And Example 69 3 Fill in the V O ICE OVER INTERNET SETUP wizard screen with the information provided by your V oIP service provider . Y our V oIP service provider supplies you with the following information. Wh en you are finished, click Apply . Figure 31 V oIP Wizard Configur ation The foll[...]

  • Page 70

    P-2608HWL-Dx Series User’s Guide 70 Chapter 4 VoIP Wizard And Example 4 Y our ZyXEL Device will attempt to register your SIP account with your V oIP service provider . When your account is registered your PHONE 1 light will come on and you are ready to make and receive V oIP phone calls. Figure 32 SIP Registration T est 5 This screen displays if [...]

  • Page 71

    P-2608HWL-Dx Series User ’s Guide Chapter 4 VoIP Wizard And Example 71 Figure 33 V o IP Wizard Fail 6 This screen displays if your SIP ac count registration was successful. Click Return to Wiz ar d Ma i n P a ge if you want to use anoth er configuration wizard. Cl ick Go to Advanced Setup page or Finish to close the wizard and go to the main web [...]

  • Page 72

    P-2608HWL-Dx Series User’s Guide 72 Chapter 4 VoIP Wizard And Example[...]

  • Page 73

    P-2608HWL-Dx Series User ’s Guide Chapter 5 Bandwidth Management Wizard 73 C HAPTER 5 Bandwid th Management W izard This chapter shows you how to configure basic bandwidth management using th e wizard screens. 5.1 Introduction Bandwidth management allows y ou to control the amount of b andwidth going out through the ZyXEL Device’ s W AN p ort a[...]

  • Page 74

    P-2608HWL-Dx Series User’s Guide 74 Chapter 5 Bandwidth Man agement Wizard 5.3 Bandwid th Management Wizard Setup 1 After you enter the password to access the web configurator , selec t Go to W izard setup and click Apply . Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to display the wiza rd main screen. Fig[...]

  • Page 75

    P-2608HWL-Dx Series User ’s Guide Chapter 5 Bandwidth Management Wizard 75 2 Click BANDWIDTH MANAGEMENT SETUP . Figure 36 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the packet size or services. Figure 37 Bandwidt h Management Wizard: General Information The following fields describe the la[...]

  • Page 76

    P-2608HWL-Dx Series User’s Guide 76 Chapter 5 Bandwidth Man agement Wizard Figure 38 Bandwidt h Management Wizard: Service Configuration The following table describes the labels in this screen. Table 18 Bandwid th Management Wizard: Service Configuration LABEL DESCRIPTION Active Select Active to enable bandwidth management for service sp ecified [...]

  • Page 77

    P-2608HWL-Dx Series User ’s Guide Chapter 5 Bandwidth Management Wizard 77 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuratio n. Figure 39 Bandwid th Management Wizard: Complete[...]

  • Page 78

    P-2608HWL-Dx Series User’s Guide 78 Chapter 5 Bandwidth Man agement Wizard[...]

  • Page 79

    P-2608HWL-Dx Series User ’s Guide Chapter 6 Status Screens 79 C HAPTER 6 S t atus Screens Use the St a t u s screens to look at the current status of the device, syst em resources, interfaces (LAN and W AN), and SIP ac counts. Y o u can also register and unregister SIP accounts. The St a t u s screen also provides detailed informatio n from Any I[...]

  • Page 80

    P-2608HWL-Dx Series User’s Guide 80 Chapter 6 Sta tus Screens Each field is described in the following table. Table 19 Status Scree n LABEL DESCRIPTION Refresh Interval Enter how often you want the ZyXEL Device to update this screen. Apply Click this to update this screen immediately . Device Information Host Name This field displays the ZyXEL De[...]

  • Page 81

    P-2608HWL-Dx Series User ’s Guide Chapter 6 Status Screens 81 Security Firewall This displays whether or not the ZyXEL Device’s firewall is activated. Click this to go to the screen where you can change it. Content Filter This disp lays whether or not the ZyXEL Devi ce’s content filtering is activated. Click this to go to the screen where you[...]

  • Page 82

    P-2608HWL-Dx Series User’s Guide 82 Chapter 6 Sta tus Screens 6.2 Any IP T able Click S tatus > AnyIP T able to access this screen. Use this screen to view the IP address and MAC address of each computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device. Figure 41 Any IP T able VPN S tatus Click this link to vie[...]

  • Page 83

    P-2608HWL-Dx Series User ’s Guide Chapter 6 Status Screens 83 Each field is described in the following table. 6.3 WLAN S tatus Click St a t u s > W L A N St a t u s to access this screen. Use this screen to view the wireless stations that are currently ass ociated to the ZyXEL Device. Figure 42 WLAN S tatus The following table describes the la[...]

  • Page 84

    P-2608HWL-Dx Series User’s Guide 84 Chapter 6 Sta tus Screens Figure 43 Packet S tatistics The following table describes th e fields in this screen. Table 22 Packet S tatistics LABEL DESCRIPTION System Monitor System up T ime This is the elapsed time the system has been up. Current Date/T ime This field displays your ZyXEL Device’s present date[...]

  • Page 85

    P-2608HWL-Dx Series User ’s Guide Chapter 6 Status Screens 85 6.5 V oIP St atistics Click St a t u s > V o I P St a t i s t i c s to access this screen. Figure 44 V oIP S tatistics Up T ime This field displays the elapsed time this port has been up. LAN Port S tatistics Interface This fie ld displays either Interface (LAN ports) or Wireless (W[...]

  • Page 86

    P-2608HWL-Dx Series User’s Guide 86 Chapter 6 Sta tus Screens Each field is described in the following table. Table 23 VoIP Statistics LABEL DESCRIPTION SIP S tatus Account This column disp lays each SIP account in the ZyXEL Device. Registration This field displays the current registrati on status of the SIP account. Y ou can change this in the S[...]

  • Page 87

    P-2608HWL-Dx Series User ’s Guide Chapter 6 Status Screens 87 Tx B/s This field displays how quickly the ZyXEL Device has transmitted p ackets in the current call. The rate is the average number of bytes transmitted per second. Rx B/s This field displays how quickly the Zy XEL Device has receiv ed p ackets in the current call. The rate is the ave[...]

  • Page 88

    P-2608HWL-Dx Series User’s Guide 88 Chapter 6 Sta tus Screens[...]

  • Page 89

    P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 89 C HAPTER 7 W AN Setup This chapter describes how to configure W AN settings. 7.1 W AN Overview A W AN (Wide Area Network) is an outside conn ection to another network or the Internet. 7.1.1 Encap sulation Be sure to use the encapsulat ion method required by your ISP . The ZyXEL Device supp [...]

  • Page 90

    P-2608HWL-Dx Series User’s Guide 90 Chapter 7 WAN Setup By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NA T , all of the LANs’ computers will have access. 7.1.1.3 PPPoA PPPoA[...]

  • Page 91

    P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 91 7.1.4 IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Si ngle User Account feature can be enabled or disabled if you have either a dynamic or static IP . Howeve r the encapsulation method [...]

  • Page 92

    P-2608HWL-Dx Series User’s Guide 92 Chapter 7 WAN Setup 7.2 Metric The metric represents the "cost of transmissi on". A router determines the best route for transmission by choosing a path with the lowest "cost". RI P routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected netw[...]

  • Page 93

    P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 93 Maximum Burst Size (MBS) is the maximum numb er of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again. If the PCR, SCR or MBS is set to the defaul[...]

  • Page 94

    P-2608HWL-Dx Series User’s Guide 94 Chapter 7 WAN Setup The VBR-nR T (non real-time V ariable Bit Rate) ty pe is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for " bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An [...]

  • Page 95

    P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 95 Figure 46 Internet Access Setup (PPPoE) The following table describes the labels in this screen. Table 24 Internet Access Setup LABEL DESCRIPTION General Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Inter net account. Otherwise [...]

  • Page 96

    P-2608HWL-Dx Series User’s Guide 96 Chapter 7 WAN Setup Multiplexing Select the meth od of multiplexing used by your ISP from the drop-do wn list. Choices are VC or LLC . Virtual Circuit ID VPI (Virtual Path Iden tifier) an d VCI (Virtual Channel Id entifier) define a virtual circuit. Refer to the appendix for more information. VPI The valid rang[...]

  • Page 97

    P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 97 7.5.1 Advanced Internet Access Setup T o edit your ZyXEL Device's ad vanced W AN settings, click the Advanced Setup button in the Internet Access Setup screen. The screen appears as shown. Figure 47 Advanced Internet Access Setup The following table describes the labels in this screen.[...]

  • Page 98

    P-2608HWL-Dx Series User’s Guide 98 Chapter 7 WAN Setup 7.6 W AN More Connections The ZyXEL Device allows you to configure more than one Internet access connection. T o configure additional Internet access connections click Network > W AN > More Connections . The screen differs by the encapsulation. A TM QoS T ype Select CBR (Continuous Bit[...]

  • Page 99

    P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 99 Figure 48 W AN More Connections The following table describes the labels in this screen. 7.6.1 W AN More Conn ections Modify Screen Use this screen to modify or create additional W AN conn ections. Click the Modify icon in the Network > W AN > More Connections screen to edi t your W A[...]

  • Page 100

    P-2608HWL-Dx Series User’s Guide 100 Chapter 7 WAN Setup Figure 49 W AN More Connections > Modify The following table describes the labels in this screen. Table 27 W AN More Connections > Modify LABEL DESCRIPTION General Active Use this checkbox to activate or deactivate this WAN connection. Name Give a name to this W AN connection. This if[...]

  • Page 101

    P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 101 Multiplexing Select the method of multipl exing used by your ISP from the drop-down li st. Choices are VC or LLC . Virtual Circuit ID VPI (V irtual Path Identifier) and VCI (Virtual Channel Identi fier) define a virtual circuit. Refer to the appendix fo r more information. VPI The valid ra[...]

  • Page 102

    P-2608HWL-Dx Series User’s Guide 102 Chapter 7 WAN Setup 7.7 T raffic Redirect T raffic redirect forwards traf fic to a backup gateway when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below . Figure 50 T raffic Redirect Example The following network topology allows you to avoid triangle route security issues[...]

  • Page 103

    P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 103 Figure 51 T raffic Redirect LAN Setup 7.8 W AN Backup Setup T o configure your ZyXEL Device’ s W AN backup, click Network > W AN > W AN Backup Setup .[...]

  • Page 104

    P-2608HWL-Dx Series User’s Guide 104 Chapter 7 WAN Setup The following table describes the labels in this screen. Table 28 W AN Backup Setup LABEL DESCRIPTION Backup T ype Select the method tha t the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if th e connection to the DSLAM is up. Select ICMP to [...]

  • Page 105

    P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 105 C HAPTER 8 LAN Setup This chapter describes how to configure LAN settings. 8.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached. A LAN is a computer network lim ited to the immediate area, usually the same building or floor of a[...]

  • Page 106

    P-2608HWL-Dx Series User’s Guide 106 Chapter 8 LAN Setup 8.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP configuration at start-up from a server . Y ou ca n configure the ZyXEL Device as a DHCP server or disable it. When configured as a server , the ZyXEL Device provi[...]

  • Page 107

    P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 107 8.1.4 DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because wit hout it, you must know the IP address of a computer before you can access it. There are two ways that an I[...]

  • Page 108

    P-2608HWL-Dx Series User’s Guide 108 Chapter 8 LAN Setup 8.2.1.1 Private IP Addresses Every machine on the Internet must ha ve a unique address. If your netw orks are isolated from the Internet, for example, only between your two branch of fice s, you can assign any IP addresses to the hosts without problems. However , the Internet Assigned Numbe[...]

  • Page 109

    P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 109 8.2.3 Multicast T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of host s on the network - not everybody and not just 1. IGMP (Internet Grou[...]

  • Page 110

    P-2608HWL-Dx Series User’s Guide 110 Chapter 8 LAN Setup Figure 53 Any IP Example The Any IP fe ature does n ot apply to a computer using either a dynami c IP address or a static IP address tha t is in the sa me subnet as the ZyXEL De vice’ s IP address. Note: Y ou must enable NA T/SUA to use the Any IP featu re on the ZyXEL Device. 8.2.4.1 How[...]

  • Page 111

    P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 111 8.3 Configuring LAN IP Click Network > LAN to open the IP screen. See Section 8.1 on page 10 5 fo r background information. Figure 54 LAN IP The following table describes th e fields in this screen. 8.3.1 Configuring Advanced LAN Setup T o edit your ZyXEL Device's advanced LAN sett[...]

  • Page 112

    P-2608HWL-Dx Series User’s Guide 112 Chapter 8 LAN Setup Figure 55 Advanced LAN Setup The following table describes the labels in this screen. Table 30 Advanced LA N Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Se lect the RIP direction from None , Both , In Only and Out Only . RIP V ersion Select the RIP versi on from RIP-1 , [...]

  • Page 113

    P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 113 8.4 DHCP Setup Click Network > D HCP Setup to open this screen. Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devi ces on the LAN. Figure 56 DHCP Setup The following table describes the labels in this screen. Table 31 DHCP Setup L[...]

  • Page 114

    P-2608HWL-Dx Series User’s Guide 114 Chapter 8 LAN Setup 8.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss. The MAC address is assigned at the factory and consists of six pairs of hexadec[...]

  • Page 115

    P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 115 The following table describes the labels in this screen. 8.6 LAN IP Alias IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface. The ZyXEL Device s upports three logical LA N interfaces via its single physical Ethernet interf[...]

  • Page 116

    P-2608HWL-Dx Series User’s Guide 116 Chapter 8 LAN Setup Figure 58 Physical Network & Partitioned Logical Networks Click Network > LAN > IP Alias to open the following screen. Use this screen to change your ZyXEL Device’ s IP alias settings. Figure 59 LAN IP Alias The following table describes the labels in this screen. T able 33 LAN [...]

  • Page 117

    P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 117 RIP Direction RIP (Routing Information Protocol , RFC 1058 and RFC 1389) allows a router to exchange routing informatio n with other routers. The RIP Direction field controls the sending and receiving of RIP packe ts. Select the RIP direction from Both / In Only / Out Only / None . When se[...]

  • Page 118

    P-2608HWL-Dx Series User’s Guide 118 Chapter 8 LAN Setup[...]

  • Page 119

    P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 119 C HAPTER 9 W ireless LAN This chapter discusses how to configure the wire less network settings in your ZyXEL Device. 9.1 Wireless Network Overview The following figure provides an exampl e of a wireless network. Figure 60 Example of a Wireless Network The wireless network is the part i[...]

  • Page 120

    P-2608HWL-Dx Series User’s Guide 120 Chapter 9 Wireless LAN Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 9.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network. 9.2.[...]

  • Page 121

    P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 121 For wireless networks, you can store the user names and passwords for each user in a RADIUS server . This is a se rver used in businesses more than in homes. If you do not have a RADIUS server , you cannot set up user names and passwords for your us ers. Unauthorized wireless devices ca[...]

  • Page 122

    P-2608HWL-Dx Series User’s Guide 122 Chapter 9 Wireless LAN Many types of encryption use a key to protect the information in the wireless network . The longer the key , the stronger the encryption. Ev ery device in the wireless network must have the same key . 9.2.5 One-T ouch Intelligent S ecurity T echnology (OTIST) W ith ZyXEL ’ s OTIST , yo[...]

  • Page 123

    P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 123 9.5 General Wireless LAN Screen Note: If you are configuring the ZyXEL Devi ce from a computer connected to the wireless LAN and you change the ZyXEL Device ’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. Y ou must then change the wirel[...]

  • Page 124

    P-2608HWL-Dx Series User’s Guide 124 Chapter 9 Wireless LAN The following table describes the general wireless LAN labels in this screen. 9.5.1 No Security Select No Security to allow wireless stations to commun icate with the access points without any data encryption. Note: If you do not enable an y wireless security on your ZyXEL Device, your n[...]

  • Page 125

    P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 125 Figure 62 Wireless: No Security The following table describes the labels in this screen. 9.5.2 WEP Encryption Screen In order to configure and enable WEP encryption; click Network > Wir eless LAN to display the General sc reen. Select S tatic WEP from the Security Mode list. Table 36[...]

  • Page 126

    P-2608HWL-Dx Series User’s Guide 126 Chapter 9 Wireless LAN Figure 63 Wireless: S tatic WEP Encryption The following table describes the wireless LAN security labels in this screen. 9.5.3 WP A(2)-PSK In order to configure and enable WP A-PSK authentication; click Network > Wir eless LAN to display the General screen. Select WP A-PSK or WP A2-P[...]

  • Page 127

    P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 127 Figure 64 Wireless: WP A(2)-PSK The following table describes the wireless LAN security labels in this screen. Table 38 Wireless: WPA(2)-PSK LABEL DESCRIPTION Security Mode Choose WP A-PSK or WP A2-PSK from the drop-d own list box. WP A Compatible This field is only available for WP A2-[...]

  • Page 128

    P-2608HWL-Dx Series User’s Guide 128 Chapter 9 Wireless LAN 9.5.4 WP A(2) Auth entication Screen In order to configure and enable WP A Authentication; click the Wir eles s LAN link under Network to display the Wir e less screen. Select WP A or WP A2 from the Security list. Figure 65 Wirele ss: WP A(2) The following table describes the wireless LA[...]

  • Page 129

    P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 129 9.5.5 Wireless LAN Advanced Setup T o configure advanced wi reless settings, click the Advanced Setup button in the General screen. The screen appears as shown. Idle T imeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivit[...]

  • Page 130

    P-2608HWL-Dx Series User’s Guide 130 Chapter 9 Wireless LAN Figure 66 Advanced The following table describes the labels in this screen. 9.6 OTIST Screen Use this screen to set up and start OTIST on the ZyXEL Device in yo ur wireless network.T o open this screen, click Network > Wir eless LAN > OTIST . Table 40 Wireless LAN: Advanced LABEL D[...]

  • Page 131

    P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 131 Figure 67 Network > Wireless LAN > OTIST The following table describes the labels in this screen. Before you click St a r t , you should enable OTIST on all the OTIST -enabled devices in the wireless network. For most devices, follow these steps. 1 Start the ZyXEL utility 2 Click [...]

  • Page 132

    P-2608HWL-Dx Series User’s Guide 132 Chapter 9 Wireless LAN Figure 68 Example: Wireless Client OTIST Screen T o start OTIST in the device, click St a r t in this screen. Note: Y ou must c lick Star t in the ZyXEL Device and in the wireless device(s) within three minutes of each other . Y ou can start OTIST in the wireless devices and the ZyXEL De[...]

  • Page 133

    P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 133 The following screen appears on the wireless client. Figure 71 OTIST : In Progress on the Wireless Device These screens close when the tra nsfer is complete. 9.6.1 Notes on OTIST 1 If you enable OTIST in a wireless device, you see this screen each time you start the utility . Click Ye s[...]

  • Page 134

    P-2608HWL-Dx Series User’s Guide 134 Chapter 9 Wireless LAN 9.7 MAC Filter T o change your ZyXEL Device ’ s MAC filter settings, click Network > Wir e less LAN > MAC Filter . The screen appea rs as shown. Figure 73 MAC Addres s Filter The following table describes the labels in this menu. Table 42 MAC Address F ilter LABEL DESCRIPTION Act[...]

  • Page 135

    P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 135 9.8 QoS Screen The QoS screen by default allows you to au tomatically give a service a priority level. Click Network > Wi reless LAN > QoS . The following screen displays. Wireless LAN: QoS The following table describes the fields in this screen. Apply Click Apply to save your cha[...]

  • Page 136

    P-2608HWL-Dx Series User’s Guide 136 Chapter 9 Wireless LAN 9.8.1 Application Pr iority Configuration T o edit a WMM QoS application entry , click the edit icon under Modif y . The following screen displays. Figure 74 Application Priority Configuration See Appendix A on pa ge 387 for a list of commonly-used serv ices and destination ports. The fo[...]

  • Page 137

    P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 137 Service The following is a d escription of the application s you can prioritize with WMM QoS. Select a service from the drop-down list box. • FTP File Transfer Program enables fast transf er of files, including large files that may not be possible by e-mail. FTP uses port number 21. ?[...]

  • Page 138

    P-2608HWL-Dx Series User’s Guide 138 Chapter 9 Wireless LAN[...]

  • Page 139

    P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 139 C HAPTER 10 Network Address T ranslation (NA T) Screens This chapter discusses how to configure NA T on the ZyXEL Device. 10.1 NA T Overview NA T (Netw ork Address T rans lation - NA T , RFC 1631) is the translation of the IP address of a host in a packet,[...]

  • Page 140

    P-2608HWL-Dx Series User’s Guide 140 Chapter 10 Network Address Translation (NAT) Scree ns 10.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP addres s in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W AN side. When the resp onse come[...]

  • Page 141

    P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 141 10.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the ZyXEL Devi ce can communicate with three distinct W AN networks. Figure 76 NA T Application With IP Alia[...]

  • Page 142

    P-2608HWL-Dx Series User’s Guide 142 Chapter 10 Network Address Translation (NAT) Scree ns Port numbers do NOT change for One-to-One and Many-to-Many No Overload NA T mapping types. The following table summarizes these types. 10.2 SUA (Single User Account) V ersus NA T SUA (Single User Account) is a ZyNOS implemen tation of a subset of NA T that [...]

  • Page 143

    P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 143 Figure 77 NA T Gener al The following table describes the labels in this screen. 10.4 Port Forwarding A port forwarding set is a list of inside (behind NA T on the LAN) servers, for example, web or FTP , that you can make visible to the outsid e world even[...]

  • Page 144

    P-2608HWL-Dx Series User’s Guide 144 Chapter 10 Network Address Translation (NAT) Scree ns Y ou may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server . The port number identifies a servic e; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unk[...]

  • Page 145

    P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 145 10.5 Configuring Port Forwarding Note: If you do not assign a Default Serve r IP address, the ZyXEL Device discards all packet s received for ports that are not specified here or in the remote management setup. Click Network > NA T > Port Forwarding [...]

  • Page 146

    P-2608HWL-Dx Series User’s Guide 146 Chapter 10 Network Address Translation (NAT) Scree ns 10.5.1 Port Forwarding Rule Edit T o edit a port forwarding rule, c lick the rule’ s edit icon in the Port Forwarding screen to display the screen shown next. Figure 80 Port Forwarding Rule Setup The following table describes th e fields in this screen. M[...]

  • Page 147

    P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 147 10.6 Address Mapping Note: The Address Mapping screen is available only when you select Ful l Feature in the NA T > General screen. Ordering your rules is important because the Zy XEL Device applies the rules in the order that you specify . When a rule [...]

  • Page 148

    P-2608HWL-Dx Series User’s Guide 148 Chapter 10 Network Address Translation (NAT) Scree ns 10.6.1 Address Mapping Rule Edit T o edit an address mapping rule, click the rule’ s edit icon in the Address Mapping screen to display the screen shown next. Figure 82 Edit Address Mapping Rule Local End IP This is the end Inside Lo cal IP Address (ILA).[...]

  • Page 149

    P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 149 The following table describes th e fields in this screen. 10.6.2 SIP ALG Some NA T routers may include a SIP Application Layer Gate way (ALG). A SIP ALG allows SIP calls to pass through NA T by examining an d translating IP addr esses embedded in the data [...]

  • Page 150

    P-2608HWL-Dx Series User’s Guide 150 Chapter 10 Network Address Translation (NAT) Scree ns Figure 83 Network > NA T > ALG Each field is described in the following table. Table 52 Network > NAT > ALG LABEL DESCRIPTION Enable SIP ALG Select this to make sure SIP (V oIP) works correctly with po rt-forwardi ng and address-mapping rules. A[...]

  • Page 151

    P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 151 C HAPTER 11 SIP Use these screens to set up your SIP a ccounts and to configure QoS settings. 1 1 .1 SIP Overview 1 1.1.1 Introduction to V oIP V oIP (V oice over IP) is the sending of voice s i gnals over the Internet Protocol. This allows you to make phone calls and send faxes over the In ter[...]

  • Page 152

    P-2608HWL-Dx Series User’s Guide 152 Chapter 11 SIP 1 1.1.3.2 SIP Service Domain The SIP service domain of the V oIP service provider (the company that lets you make phone calls over the Internet) is the domain name in a SIP URI. For example, if the SIP a ddress is 1 122334455@V oIP-provider .com , then “V oIP-provider .com” is the SIP servic[...]

  • Page 153

    P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 153 1 1.1.5.1 S IP User Agent A SIP user agent can make and receive V oIP tele phone ca lls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol. In the following figure, either A or B can act as a SIP user agent client to initiate a call. A an[...]

  • Page 154

    P-2608HWL-Dx Series User’s Guide 154 Chapter 11 SIP 1 1.1.5.3 SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to th e device that sent the request. Then the client device that originally sent the re quest can send requests to the IP addres[...]

  • Page 155

    P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 155 1 1.1.7 NA T and SIP The ZyXEL Device must register its public IP ad dress with a SIP register server . If there is a NA T router between the ZyXEL De vice and th e SIP register server , the ZyXEL Device probably has a private IP address. The ZyXEL De vice lists its IP address in the SIP messag[...]

  • Page 156

    P-2608HWL-Dx Series User’s Guide 156 Chapter 11 SIP Figure 87 STUN 1 1.1.7.4 Outbound Proxy Y our V oIP service provider may host a SIP outbo und proxy server to handle all of the ZyXEL Device’ s V oIP traffic. This allows the ZyXEL Device to work with any type of NA T router and eliminates the need for STUN or a SIP ALG . Turn of f a SIP ALG o[...]

  • Page 157

    P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 157 1 1.1.10 MWI (Message W aiting Indication) Enable Message W aiting Indication (MWI) en ables your phone to give you a message– waiting (beeping) dial tone when you have a voice message(s). Y our V oIP service provider must have a messaging system that sends messag e waiting status SIP packets[...]

  • Page 158

    P-2608HWL-Dx Series User’s Guide 158 Chapter 11 SIP 1 Pick up the phone and press “****” on yo ur phone’ s keypad and wait for the message that says you are in the configuration menu. 2 Press a number from 1301~1308 followed by th e “#” key to delete the tone of your choice. Press 14 followed by the “#” key if you wish to clear all [...]

  • Page 159

    P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 159 The DSCP value determines the forwardi ng behavior , the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, dif f e rent kinds of traffic can be marked for different priorities of fo rwarding. Resources can then be allocated according to the DS[...]

  • Page 160

    P-2608HWL-Dx Series User’s Guide 160 Chapter 11 SIP Figure 89 V o IP > SIP > SIP Settings Each field is described in the following table. Table 55 VoIP > SIP > SIP Settings LABEL DESCRIPTION SIP Account Select the SIP account you want to see in this screen. If you change this field, the screen automatica lly refreshes. SIP Settings Ac[...]

  • Page 161

    P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 161 1 1.2.2 Advanced SIP Setup Screen Use this screen to maintain a dvanced settings for each SIP acc ount. T o access this screen, click Advanced Setup in V oIP > SIP > SIP Settings . Send Caller ID Select th is if you want to send identification when you make VoIP phone calls. Clear this if[...]

  • Page 162

    P-2608HWL-Dx Series User’s Guide 162 Chapter 11 SIP Figure 90 V o IP > SIP > SIP Settings > Advanced Each field is described in the following table. Table 56 VoIP > SIP Settings > Advanc ed LABEL DESCRIPTION SIP Account This field displays the SIP account you see in this screen. SIP Server Set- tings[...]

  • Page 163

    P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 163 URL T ype Select whether or not to include th e SIP service domain name when the ZyXEL Device sends the SIP number . SIP - include the SIP service domain name TEL - do not include the SIP servic e domain name Expiration Dura- tion Enter the number of seconds your SIP acco unt is registered with[...]

  • Page 164

    P-2608HWL-Dx Series User’s Guide 164 Chapter 11 SIP Enable Select this if your V oIP servi ce prov ider has a SIP outbound serve r to handle voice calls. This allow s the ZyXEL Device to work with any type of NA T router and eliminates the need fo r STUN or a SIP ALG . T urn off any SIP ALG on a NA T router in front of the ZyXEL Device to keep it[...]

  • Page 165

    P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 165 1 1.2.3 SIP QoS Screen Use this screen to maintain T oS and VLAN se ttings for the ZyXEL De vice. T o access this screen, click V oIP > SIP > QoS . Figure 91 V o IP > SIP > QoS Each field is described in the following table. Table 57 VoIP > SIP > QoS LABEL DESCRIPTION SIP TOS [...]

  • Page 166

    P-2608HWL-Dx Series User’s Guide 166 Chapter 11 SIP[...]

  • Page 167

    P-2608HWL-Dx Series User ’s Guide Chapter 12 Phone 167 C HAPTER 12 Phone Use these screens to configure the phones you use to make phone calls. 12.1 Phone Overview Y ou can configure the volume, ec ho cancellation and V AD settings for each individual phone port on the ZyXEL Device. Y ou can also select which SIP account to use fo r making outgoi[...]

  • Page 168

    P-2608HWL-Dx Series User’s Guide 168 Chapter 1 2 Phone Note: T o take full advant age of the supplementar y phone services available though the ZyXEL Device's phone port s, you may need to subscribe to the services from your V oIP service provider . 12.1.3.1 The Flash Key Flashing means to press the h ook for a short period of tim e (a few h[...]

  • Page 169

    P-2608HWL-Dx Series User ’s Guide Chapter 12 Phone 169 Press the flash key and then “0” to disconnect th e call presently on hold and keep the current call on line. Press the flash key and then “1” to disconnect th e current call and resume the call on hold. If you hang up the phone but a caller is still on hold, there will be a remind ri[...]

  • Page 170

    P-2608HWL-Dx Series User’s Guide 170 Chapter 1 2 Phone 12.1.3.3 USA T ype S upplement ary Services This section describes how to use su pplementary phone services with the USA T ype Call Service Mode . Commands for supplementary serv ices are listed in the table below . After pressing the flash key , if you do not issue the sub-command before the[...]

  • Page 171

    P-2608HWL-Dx Series User ’s Guide Chapter 12 Phone 171 1 When you are o n the phone talk ing to someone, place the fl ash key to put the caller on hold and get a di al tone. 2 Dial a phon e number dire ctly to make an other call. 3 When the second call is answered, press th e flash key , wait for the sub-comman d tone and press “3” to create [...]

  • Page 172

    P-2608HWL-Dx Series User’s Guide 172 Chapter 1 2 Phone Figure 92 V oIP > Phone > Analog Phone Each field is described in the following table. 12.2.2 Advanced Anal og Phone Setup Screen Use this screen to edit advanced settings for eac h phone port. T o access this screen, click Advanced Setup in V oIP > Phone > Analog Phone . Table 60[...]

  • Page 173

    P-2608HWL-Dx Series User ’s Guide Chapter 12 Phone 173 Figure 93 V oIP > Phone > Analog Phone > Advance d Each field is described in the following table. Table 61 VoIP > Phone > Ana log Phone > Advanced LABEL DESCRIPTION Analog Phone This field displays the phone port you see in th is screen. Vo i c e Vo l u m e Control S peakin[...]

  • Page 174

    P-2608HWL-Dx Series User’s Guide 174 Chapter 1 2 Phone 12.2.3 Common Phone Settings Screen Use this screen to activate and deactivate im mediate dialing. T o access this screen, click Vo I P > Phone > Common . Figure 94 V oIP > Phone > Common Each field is described in the following table. 12.2.4 Phone Region Screen Use this screen to[...]

  • Page 175

    P-2608HWL-Dx Series User ’s Guide Chapter 12 Phone 175 Figure 95 V oIP > Phone > Region Each field is described in the following table. Table 63 VoIP > Phone > Reg ion LABEL DESCRIPTION Region Settings Select the place in which the ZyXEL Devi ce is located. Call Service Mod e Select the mode for supplementary phone services (call hold[...]

  • Page 176

    P-2608HWL-Dx Series User’s Guide 176 Chapter 1 2 Phone[...]

  • Page 177

    P-2608HWL-Dx Series User ’s Guide Chapter 13 Phone Book 177 C HAPTER 13 Phone Book Use these screens to maintain call-forw arding rules and speed-dial settings . 13.1 Phone Book Overview Speed dial provides shortcuts for dialing frequently used (V oIP) phone numbers. It is also required if you want to make peer-to-peer calls. In peer-to-peer call[...]

  • Page 178

    P-2608HWL-Dx Series User’s Guide 178 Chapter 13 Phone Bo ok Figure 96 Phone Book > S peed Dial Each field is described in the following table. Table 64 Phone Book > Speed Dial LABEL DESCRIPTION S peed D ial Use this section to create or edit speed-dial entries. S peed D ial Select the speed -dial number you want to use for this phone number[...]

  • Page 179

    P-2608HWL-Dx Series User ’s Guide Chapter 13 Phone Book 179 13.3 Incoming Call Policy Screen Use this screen to maintain rules for handlin g inco ming calls. Y ou can block, redirect, or accept them. T o acce ss this screen, click V oIP > Phone Book > Incoming Call Policy . Destination This field is blank, if the speed-dial entry uses one o[...]

  • Page 180

    P-2608HWL-Dx Series User’s Guide 180 Chapter 13 Phone Bo ok Figure 97 Phone Book > Incoming Call Policy Y ou can create two sets of c all-forwarding rules. Each one is stored in a call-forwarding table. Each field is described in the following table. Table 65 Phone Book > Incoming Call Policy LABEL DESCRIPTION T able N umber Select the call[...]

  • Page 181

    P-2608HWL-Dx Series User ’s Guide Chapter 13 Phone Book 181 13.4 Group Ring Screen This screen lets you specify ring types for ca lls from particular numbers. The ring types vary by ring duration and stop ring duration. Any standard phon e is compatible with this feat ure. When an incoming call comes in, the ZyXEL Device checks if it is from any [...]

  • Page 182

    P-2608HWL-Dx Series User’s Guide 182 Chapter 13 Phone Bo ok Figure 98 Phone Book > Group Ring Each field is described in the following table. Table 66 Phone Book > Group Ring LABEL DESCRIPTION Active Select this if you want to activate the group ring feature. Y ou also have to enable individual entries. T est the Rin g Use the drop do wn li[...]

  • Page 183

    P-2608HWL-Dx Series User ’s Guide Chapter 13 Phone Book 183 Name T ype a name for the associated telephone nu mber . TEL T ype the tele phone number you wa nt to add to a group. Group Select a group for the telephone nu mber you entered. Y ou can select Family , Workmate , Friend or VIP . SIP1-SIP8 Y ou can also assign spec ial rings for the diff[...]

  • Page 184

    P-2608HWL-Dx Series User’s Guide 184 Chapter 13 Phone Bo ok[...]

  • Page 185

    P-2608HWL-Dx Series User ’s Guide Chapter 14 PSTN Line 185 C HAPTER 14 PSTN Line This chapter applies to P-2608H WL-Dx models only . Use this sc reen to set up the PSTN line used to make regular phone calls. Th e se phone calls do not use the Internet. 14.1 PSTN Line Overview W ith the Public Switched T ele phone Network (PSTN) line, you can make[...]

  • Page 186

    P-2608HWL-Dx Series User’s Guide 186 Chapter 14 PSTN Line Figure 99 V o IP > PSTN Line > General Each field is described in the following table. Table 67 VoIP > PSTN Line > General LABEL DESCRIPTION PSTN Line Pre-fix Number Enter 1 - 7 telephone keys (0 - 9, #, *) you dial before yo u dial the phone number , if you want to make a regu[...]

  • Page 187

    P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 187 C HAPTER 15 Firewalls This chapter gives some back ground information on firewa lls and introduces the ZyXEL Device firewall. 15.1 Firewall Overview The networking term “firewall ” is a system or group of systems that enforces an access- control policy between two networks. It may als[...]

  • Page 188

    P-2608HWL-Dx Series User’s Guide 188 Chapter 15 Firewalls 15.2.2 Application-level Firewalls Application-level firewalls restrict access by serv ing as proxies for e xternal servers. Since they use programs written for specific Internet servic es, such as HTTP, FTP and tel net, they can evaluate network packets for valid applicatio n-sp ecific da[...]

  • Page 189

    P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 189 • The LAN (Local Area Network) port attache s to a network of computers, which needs security from the outside world. These computer s will have access to Internet services such as e-mail, FTP , and the W orld W ide W e b. However, “ inbound access” will not be allowed unless you co[...]

  • Page 190

    P-2608HWL-Dx Series User’s Guide 190 Chapter 15 Firewalls 15.4.2 T ypes of DoS Att acks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. 5 " Ping of Death " a[...]

  • Page 191

    P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 191 Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server . The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the in itiator responds with an ACK (acknowledgment). After this handsh ake, a [...]

  • Page 192

    P-2608HWL-Dx Series User’s Guide 192 Chapter 15 Firewalls Figure 103 Smurf Attack 15.4.2.1 ICMP V ulnerability ICMP is an error -reporting protocol that work s in concert with IP . The following ICMP types trigger an alert: 15.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal. All[...]

  • Page 193

    P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 193 15.4.2.3 T raceroute T raceroute is a utility used to determine th e path a packet takes between two endpoints. Sometimes when a packet filter firewall is conf igured incorrectly an at ta cker can traceroute the firewall gaining knowledge of the network topology inside the firewall. Often[...]

  • Page 194

    P-2608HWL-Dx Series User’s Guide 194 Chapter 15 Firewalls The previous figure shows the ZyXEL Device’ s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a T elnet session from within the LAN and responses to this request are allowe d. However other T elnet traffic initiated from the W A[...]

  • Page 195

    P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 195 • Allow certain types of traffic from the In ternet to specific hosts on the LAN. • Allow access to a W eb server to everyone but competitors. • Restrict use of certain protocols, such as T elnet, to authoriz ed users on the LAN. These custom rules work by evaluating the networ k tr[...]

  • Page 196

    P-2608HWL-Dx Series User’s Guide 196 Chapter 15 Firewalls A similar situation exists for ICMP , except that the ZyXEL Device is even more restrictive. Specifically , only outgoing echoes will allow in coming echo replies, outgoing address mask requests will allow incoming address mask replies, and ou tgoing timestamp requests wi ll allow incoming[...]

  • Page 197

    P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 197 • Encourage your co mpany or organization to develop a comp rehensive security plan. Good network administration takes into ac count what hackers can do and prepares against attacks. The best defense against hack ers and crackers is information. Educate all employees about the importanc[...]

  • Page 198

    P-2608HWL-Dx Series User’s Guide 198 Chapter 15 Firewalls 15.7.1.1 When T o Use Filtering • T o block/allow LAN packet s by their MAC addresses. • T o block/allow special IP packets which are neither TCP nor UDP , nor ICMP packets. • T o block/allow both in bound (W AN to LAN) and outbound (LAN to W AN) traffic between the specific inside h[...]

  • Page 199

    P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 199 C HAPTER 16 Firewall Configuration This chapter shows you how to enable and configure t he ZyXEL Device firewall. 16.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your ZyXEL Device has to offer . For this reason , it i[...]

  • Page 200

    P-2608HWL-Dx Series User’s Guide 200 Chapter 16 Firewall Configuration Note: If you configure firewall rules wit hout a good understanding of how they work, you might inadvertently introduce securi ty risks to the f irewall and to the protected network. Make sure you test your rules af ter you configure them. For example, you may create rules to:[...]

  • Page 201

    P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 201 4 Does a rule that allows Internet users acces s to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are al lowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does thi[...]

  • Page 202

    P-2608HWL-Dx Series User’s Guide 202 Chapter 16 Firewall Configuration 16.4.1 LAN to W AN Rules The default rule for LAN to W AN traf fic is that all users on the LAN are allowed non- restricted access to the W AN. When you config ure a LAN to W AN rule , you in essence want to limit some or all users from accessing cer tain services on the W A N[...]

  • Page 203

    P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 203 The following table describes the labels in this screen. 16.6 Firewall Rules Summary Note: The ordering of your rule s is very important as rules are app lied in turn. Refer to Section 15.1 on page 187 for more information. Click Security > Firewall > Rules to bring up[...]

  • Page 204

    P-2608HWL-Dx Series User’s Guide 204 Chapter 16 Firewall Configuration Figure 106 Firewall Rules The following table describes the labels in this screen. Table 73 Firewall Rules LABEL DESCRIPTION Firewall Rules S torage Sp ace in Use This read-only bar shows how much of the ZyXEL De vice's memory for recording firewall rules it is currently [...]

  • Page 205

    P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 205 16.6.1 Configuring Firewall Rules Refer to Section 15.1 on page 187 for more information. In the Rules screen, select an index number and click Add or click a rule’ s Edit icon to display this screen and refe r to the following table for information on the l a bels. Modify[...]

  • Page 206

    P-2608HWL-Dx Series User’s Guide 206 Chapter 16 Firewall Configuration Figure 107 Firewall: Edit Rule[...]

  • Page 207

    P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 207 The following table describes the labels in this screen. Table 74 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to ena ble this firewall rule. Action for Matched Packet Use the drop-down list box to select what the firewa ll is to do w ith packets that matc[...]

  • Page 208

    P-2608HWL-Dx Series User’s Guide 208 Chapter 16 Firewall Configuration 16.6.2 Customized Services Configure customized services and port number s not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. See Appendix D on page 387 for some examples. Clic[...]

  • Page 209

    P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 209 16.6.3 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This actio n displays the following screen. Refer to Section 15.1 on page 187 for more information. Figure 109 Firewall[...]

  • Page 210

    P-2608HWL-Dx Series User’s Guide 210 Chapter 16 Firewall Configuration 2 Select W AN to LAN in the Packet Dir ection field. Figure 1 10 Firewall Example: R ules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule b ecomes number 7 and the previous rule 7 (if there i[...]

  • Page 211

    P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 211 Figure 1 12 Firewall Example: E dit Rule: Destination Address 9 Use the Add >> and Remove buttons between A vailable Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” befor[...]

  • Page 212

    P-2608HWL-Dx Series User’s Guide 212 Chapter 16 Firewall Configuration Figure 1 13 Firewall Example: E dit Rule : Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the W AN to IP addresses 10.0.0.10 [...]

  • Page 213

    P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 213 Figure 1 14 Firewall Example: R ules: MyService 16.8 DoS Thresholds For DoS attacks, the ZyXEL Device uses threshol ds to determine when to drop sessions that do not become fully established. These thresholds ap ply globally to all sessions. Y ou can use the default threshol[...]

  • Page 214

    P-2608HWL-Dx Series User’s Guide 214 Chapter 16 Firewall Configuration Y ou should make any ch anges to the threshold values before you continue con figuring firewall rules. 16.8.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service a[...]

  • Page 215

    P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 215 16.8.3 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold an d timeout apply to all TCP connections. Click Fir ewall , and Threshold to bring up the next screen. Figure[...]

  • Page 216

    P-2608HWL-Dx Series User’s Guide 216 Chapter 16 Firewall Configuration Maximum Incomplete Low This is the number of existing half-open sessions that cau ses the firewall to stop deleting half-open sessions. Th e ZyXEL Device continues to delete half-op en requests as necessary , until the numbe r of existing half-open sessions drops below this nu[...]

  • Page 217

    P-2608HWL-Dx Series User ’s Guide Chapter 17 Content Filtering 217 C HAPTER 17 Content Filtering This chapter covers how to configure content filtering. 17.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ab ility to block web [...]

  • Page 218

    P-2608HWL-Dx Series User’s Guide 218 Chapter 17 Content Filtering The following table describes the labels in this screen. 17.3 Configuring the Schedule T o set the days and times for the ZyXEL De vice to perform content filtering, click Security > Content Filter > Schedule . The screen appears as shown. Figure 1 17 Co ntent Filter: Sched u[...]

  • Page 219

    P-2608HWL-Dx Series User ’s Guide Chapter 17 Content Filtering 219 The following table describes the labels in this screen. 17.4 Configuring T rusted Computers T o exclude a range of users on the LAN from content fi ltering on your Zy XEL Device, click Security > Content Filter > Tr u s t e d . The screen appears as shown. Figure 1 18 Co nt[...]

  • Page 220

    P-2608HWL-Dx Series User’s Guide 220 Chapter 17 Content Filtering[...]

  • Page 221

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 221 C HAPTER 18 IPSec VPN This chapter explains how tos set up and maintain IPSec VPNs in the Z yXEL Device. 18.1 IPSec VPN Overview A virtual private network (VPN) provides secu re communications between sites without the expense of leased site-to-site lines. A secure VP N is a combination [...]

  • Page 222

    P-2608HWL-Dx Series User’s Guide 222 Chapter 18 IPSec VPN Figure 120 VPN: IKE SA and IPSec SA In this example, a computer in network A is exchanging data with a computer in network B . Inside networks A and B , the data is transmitte d the same way data is normally transmitted in the networks. Between routers X an d Y , the data is protected by t[...]

  • Page 223

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 223 18.1.1.2 IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, au thentication algorithm, and Diffie-Hellman (DH) key group that the ZyXEL Device and remote IPSec router use in the IKE SA. In main mode, this is done i n steps 1 and 2, as ill ustrated below . F[...]

  • Page 224

    P-2608HWL-Dx Series User’s Guide 224 Chapter 18 IPSec VPN 18.1.1.4 Authentication Before the ZyXEL Device and remote IPSec router establish an IKE SA , they have to verify each other ’ s identity . This process is based on pre-shared keys and router identities. In main mode, the ZyXEL Dev ice and remote I PSec router authenticate each other in [...]

  • Page 225

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 225 In the following example, the authentication fails, so they cannot establish an IKE SA. It is also possible to config ure the ZyXEL Device to ignore the identity of the remote IPSec router . In this case, you usually set the peer ID type to Any . This is not as secure as other peer ID ty[...]

  • Page 226

    P-2608HWL-Dx Series User’s Guide 226 Chapter 18 IPSec VPN 18.1.2 Additional T opics for IKE SA This section provides more information about IKE SA. 18.1.2.1 Negotiation Mode There are two negotiation modes: main mode and aggressive mode. Main mode provides better security , while aggressive mode is faster . Main mode takes six steps to establish [...]

  • Page 227

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 227 Figure 124 VPN/NA T Example If router A does NA T , it might change IP addresses (source or destination), port numbers (source or destination), or any comb ination of these. If router X and router Y try to establish a VPN tunnel, the authentication fails because authentication depends on[...]

  • Page 228

    P-2608HWL-Dx Series User’s Guide 228 Chapter 18 IPSec VPN 18.1.3.1 Local Networ k and Remo te Network In IPSec SA terminology , the local network, th e one(s) connected to the ZyXEL Device, may be called the local policy . Similarly , the remote network, the one(s) connected to the remote IPSec router , may be called the remote policy . 18.1.3.2 [...]

  • Page 229

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 229 In transport mode, the IP header is the origin al IP header , and the encapsulation depends on the active prot ocol. If the active protocol is AH, the ZyXEL Device includes part of the IP header when it encapsulates the packet. If the active protocol is ESP , the ZyXEL Device does not in[...]

  • Page 230

    P-2608HWL-Dx Series User’s Guide 230 Chapter 18 IPSec VPN 18.1.4.1.1 IPSec SA Proposal using Manual Keys In IPSec SAs using manual keys, you can only specify one encryption algorithm and one authentication algorithm. Y ou can not specify several proposals. There is no DH key exchange, so you have to pr ovide the encryption key and the authenticat[...]

  • Page 231

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 231 Figure 126 VPN Setup The following table describes the fields in this screen. Table 83 VPN Se tup LABEL DESCRIPTION No. This is the VPN policy index number . Click a numbe r to edit VPN policies. Active This field displays whether the VPN policy is active or not. A Ye s signi fies that t[...]

  • Page 232

    P-2608HWL-Dx Series User’s Guide 232 Chapter 18 IPSec VPN 18.3 Editing VPN Policies Click an Edit icon in the VPN Setup Screen to edit VPN policies. Remote Address This is the IP address(es) of computer(s) on the remote network behind the remote IPSec router . This field displays N/A when the Se cure Gateway Add ress field displays 0.0.0.0 . In t[...]

  • Page 233

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 233 Figure 127 Edit VPN Policies The following table describes the fields in this screen. Table 84 Edit VPN Policies LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy . Th is option determines whether a VPN rule is applied before a packet leaves the firew[...]

  • Page 234

    P-2608HWL-Dx Series User’s Guide 234 Chapter 18 IPSec VPN NA T Traversal This function is available if the VPN protocol is ESP . Select this check box if you want to set up a VPN tunnel when there are NA T routers between the ZyXEL Devi ce and remo te IPSec router . The remote IPSec router must also enable NA T traversal, and the NA T routers h a[...]

  • Page 235

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 235 Remote Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when th e Secure Gateway IP Address field is configured to 0.0.0.0 . In this case only the remote IPSec router can initiate the VPN. T [...]

  • Page 236

    P-2608HWL-Dx Series User’s Guide 236 Chapter 18 IPSec VPN Peer ID T ype Select IP to id entify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address. Content The configuration of the peer content depends on the peer ID type[...]

  • Page 237

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 237 18.4 Configuring Advanced IKE Settings Click Advanced in the Edit VPN Policies screen to open this screen. Encryption Algorithm Select DES , 3DES , AES or NULL from the drop-down list box. When you use one of these encryption al gori thms for data communications, both the sending device [...]

  • Page 238

    P-2608HWL-Dx Series User’s Guide 238 Chapter 18 IPSec VPN Figure 128 Advanced VPN Policies The following table describes the fields in this screen. Table 85 Advanced VPN Policies LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP , 6 for TCP , 17 for UDP , etc. 0 is the default and signi fies any protocol. Enable Replay Detection As a VPN setu[...]

  • Page 239

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 239 Negotiati on Mode Select Main or Aggressive from th e drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode . Pre-Shared Key T ype your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE [...]

  • Page 240

    P-2608HWL-Dx Series User’s Guide 240 Chapter 18 IPSec VPN 18.5 Configuring Manual Key Y ou only configure VP N Manual Key when you sele ct Manual in the IP Sec Key Mode field on the VPN IKE screen. This is the VPN Manual Key screen as shown next. Authentication Algorithm Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and S[...]

  • Page 241

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 241 Figure 129 VPN: Manual Key The following table describes the fields in this screen. Table 86 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy . Name T ype up to 32 characters to identify this VPN policy . Y ou may use any ch aracter ,[...]

  • Page 242

    P-2608HWL-Dx Series User’s Guide 242 Chapter 18 IPSec VPN DNS Server (for IPSec VPN) If there is a private DNS server that se rvices the VPN, type its IP address here. The ZyXEL Device a ssigns this additio nal DNS server to the ZyXEL Device 's DHCP clients that have IP addresses in this IPSec rule's range of lo cal addresses. A DNS ser[...]

  • Page 243

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 243 18.6 V iewing SA Monitor Click Security , VPN and Monitor to open the SA Monito r screen as shown. Use this screen to display and ma nage active VPN conn ections. A Security Association (SA) is the group of se cu rity settings related to a specific VPN tunnel. This screen displays active[...]

  • Page 244

    P-2608HWL-Dx Series User’s Guide 244 Chapter 18 IPSec VPN When there is outbound traffic but no inbound tr affic, the SA times out automatically after two minutes. A tunnel with no outb ound or inbound traf fic is "idle" and does not timeout until the SA lifetime period expires. See Section 18. 1.3 on page 227 on keep alive to have the [...]

  • Page 245

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 245 18.7 Configuring Global Setting T o change your ZyXEL Devi ce’ s global settings, click VPN and then Global Setti ng . The screen appears as shown. Figure 131 VPN: Global Setting The following table describes the fields in this screen. 18.8 T elecommuter VPN/IPSec Examples The followin[...]

  • Page 246

    P-2608HWL-Dx Series User’s Guide 246 Chapter 18 IPSec VPN Figure 132 T elecommuters Sharing One VPN Rule Example 18.8.2 T elecommuters Using Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic W AN IP addresse s (use Dynamic DNS to do this). W i[...]

  • Page 247

    P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 247 Figure 133 T e lecommuters Using Uniq ue VPN Rules Example Table 90 T elecommuters Using Unique VPN Rules Example T ELECOMMUTERS HEADQUARTERS All T elecommu ter Rules: All Headquarters Rules: My IP Address 0.0.0. 0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.com [...]

  • Page 248

    P-2608HWL-Dx Series User’s Guide 248 Chapter 18 IPSec VPN 18.9 VPN and Remote Management If a VPN tunnel uses T elnet, FTP , WWW , then you should config ure remote management ( Advanced > Remote Management ) to allow access for that service.[...]

  • Page 249

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 249 C HAPTER 19 Certificates This chapter gives background in formation about public-key certificates and explains how to use them. 19.1 Certificates Overview The ZyXEL Device can use certificates (also ca lled digital IDs) to authenticate users. Certificates are based on public -private k[...]

  • Page 250

    P-2608HWL-Dx Series User’s Guide 250 Chapter 19 Certificates A certification path is the hierarchy of certif ication authority certificates that validate a certificate. The ZyXEL Device does not trust a ce rtificate if any certificate on its path has expired or been revoked. Certification authorities maintain directory ser vers with databases of [...]

  • Page 251

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 251 Use the My Certificates sc reens to generate and export self-signed certificates or certification requests and import the ZyXEL Device’ s CA-signed certificates. Use the T rusted CAs screens to save CA certificates to the ZyXEL Device. Use the T rusted Remote Hosts screens to import [...]

  • Page 252

    P-2608HWL-Dx Series User’s Guide 252 Chapter 19 Certificates # This field displays the certificate index number . The certi ficates are listed in alphabetical order. Name This fie ld displays the name used to iden tify thi s certificate. It is recommended that you give each certificate a unique name. T ype This field displays what kind of certifi[...]

  • Page 253

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 253 19.5 My Certificate Import Click Security > Certificates > My Certificates and then Impor t to open the My Certificate Import screen. Follow the instructions in this sc reen to save an exis ting certificate to the ZyXEL Device. Note: Y ou can only import a certificate that matche[...]

  • Page 254

    P-2608HWL-Dx Series User’s Guide 254 Chapter 19 Certificates The following table describes the labels in this screen. 19.6 My Certificate Create Click Security > Certificates > My Certificates > Crea te to open the My Certificate Create screen. Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificat[...]

  • Page 255

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 255 The following table describes the labels in this screen. T able 93 My Certificate Create LABEL DESCRIPTION Certificate Name T ype up to 31 ASCII characters (not includ ing spaces ) to identify this certifi cate. Subject Information Use these fields to record information that iden tifie[...]

  • Page 256

    P-2608HWL-Dx Series User’s Guide 256 Chapter 19 Certificates After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyXEL Device is generating the self-signe d certificate or certification request. After the ZyXEL Device successfully enrolls a ce rtificate or generates a certification request or a self-sign[...]

  • Page 257

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 257 Figure 138 My Certificate Details[...]

  • Page 258

    P-2608HWL-Dx Series User’s Guide 258 Chapter 19 Certificates The following table describes the labels in this screen. Table 94 My Certificate Det ails LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certifica te. Y ou may use any charact[...]

  • Page 259

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 259 19.8 T rusted CAs Click Security > Certificates > T rusted CAs to open the T rusted CAs screen. This screen displays a summary list of certificates of the certification authorities that you ha ve set the ZyXEL Device to accept as trusted. The ZyXEL De vice accepts any valid certi[...]

  • Page 260

    P-2608HWL-Dx Series User’s Guide 260 Chapter 19 Certificates Figure 139 T rusted CAs The following table describes the labels in this screen. Table 95 Tr u s t e d C A s LABEL DESCRIPTION PKI S torage S pace in Use This bar displays the percentage of the Zy XEL Device’s PKI storage space that is currently in use. The bar turns from green to red[...]

  • Page 261

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 261 19.9 T rusted CA Import Click Security > Certificates > T rusted CAs to open the T rusted CAs screen and then click Import to open the T rusted CA Import screen. Follow the instructions in this screen to save a trusted certification authority’ s certificate to the ZyXEL Device.[...]

  • Page 262

    P-2608HWL-Dx Series User’s Guide 262 Chapter 19 Certificates 19.10 T rusted CA Det ails Click Security > Certificates > T rusted CAs to open the T r usted CAs screen. Click the details icon to open the T rusted CA Details sc reen. Use this screen to view in-depth information about the certification authority’ s certif icate, change the ce[...]

  • Page 263

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 263 The following table describes the labels in this screen. Table 97 T rusted CA Details LABEL DESCRIPTION Name This field disp lays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key cert ificat e. Y ou may use any char[...]

  • Page 264

    P-2608HWL-Dx Series User’s Guide 264 Chapter 19 Certificates 19.1 1 T rusted Remote Host s Click Security > Certificates > T rusted Remote Hosts to open the T rusted Remote Hosts screen. This screen displays a list of the certificates of peers that you trust but which are not signed by one of the certification authorities on the T rusted CA[...]

  • Page 265

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 265 Figure 142 T rusted Remote Hosts The following table describes the labels in this screen. Table 98 T rusted Remote Hosts LABEL DESCRIPTION PKI S torage S pace in Use This bar displays th e percentage of the Zy XEL Device’s PKI storage space that is currently in use. The bar turns fro[...]

  • Page 266

    P-2608HWL-Dx Series User’s Guide 266 Chapter 19 Certificates 19.12 V erifying a T rusted Remote Host’ s Certificate Certificates issued by certific ation authorities have the certificat ion authority’ s signature for you to check. Self-sig ned certificates only ha ve th e signature of the host itself. This means that you must be very careful [...]

  • Page 267

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 267 V erify (over the phone for example) that the remote host has the sa me information in the Thumbprint Algorithm and Thumbprint fields. 19.13 T rusted Remote Host s Import Click Security > Certificates > T rusted Remote Hosts to open the T rusted Remote Hosts screen and then click[...]

  • Page 268

    P-2608HWL-Dx Series User’s Guide 268 Chapter 19 Certificates Figure 146 T rusted Remote Host Details[...]

  • Page 269

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 269 The following table describes the labels in this screen. Table 100 T rusted Remote Host Details LABEL DESCRIPTION Name Th is field displays the identi fying name of this certificate. If you want to change the name, type up to 31 characters to id entify this key certificate. Y ou may us[...]

  • Page 270

    P-2608HWL-Dx Series User’s Guide 270 Chapter 19 Certificates 19.15 Directory Servers Click Security > Certificates > Dir ec tory Servers to open the Directory Servers screen. This screen display s a summary list of dire ctory servers (that conta in lists of valid a nd revoked certificates) that have been save d into the ZyXEL Device. If you[...]

  • Page 271

    P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 271 Figure 147 Directory Servers The following table describes the labels in this screen. 19.16 Directory Server Add or Edit Click Security > Certificates > Dir ec tory Servers to open the Directory Servers screen. Click Add (or the details icon) to open the Dir ectory Server Add scr[...]

  • Page 272

    P-2608HWL-Dx Series User’s Guide 272 Chapter 19 Certificates Figure 148 Directory Server Add The following table describes the labels in this screen. T able 102 Directory Server Add LABEL DESCRIPTION Directory Service Setting Name T ype up to 31 ASCII characters (spaces ar e not permitted) to identify this directory server . Access Protocol Use t[...]

  • Page 273

    P-2608HWL-Dx Series User ’s Guide Chapter 20 Static Rout e 273 C HAPTER 20 S t atic Route This chapter shows you how to configure static routes for your ZyXEL Device. 20.1 S t atic Route Each remote node specifies only the network to which the gateway is di rectly connected, and the ZyXEL Device has no know ledge of the network s beyond. For inst[...]

  • Page 274

    P-2608HWL-Dx Series User’s Guide 274 Chapter 20 Static Route Figure 150 S tatic Route The following table describes the labels in this screen. 20.2.1 S t atic Route Edit Select a static route index numb er and click Edit . The screen shown next appears. Use this screen to configure the required information for a static route. T able 103 St a t i [...]

  • Page 275

    P-2608HWL-Dx Series User ’s Guide Chapter 20 Static Rout e 275 Figure 151 S tatic Route Edit The following table describes the labels in this screen. T able 104 S tatic Route Edit LABEL DESCRIPTION Active This field allows you to activa te/deactivate this st atic route. Route Name Enter the name of the IP static route. Leave this field blank to d[...]

  • Page 276

    P-2608HWL-Dx Series User’s Guide 276 Chapter 20 Static Route[...]

  • Page 277

    P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 277 C HAPTER 21 Bandwid th Management This chapter contains information about configuri ng bandwidth management, editing rules and viewing the ZyXEL Device’ s bandwidth man agement logs. 21.1 Bandwid th Management Overview ZyXEL ’ s Bandwidth Management allows you to specify b[...]

  • Page 278

    P-2608HWL-Dx Series User’s Guide 278 Chapter 21 Bandwidth Management The following figure shows LAN subnets. Y ou could configure one bandwidth class for subnet A and another for subnet B . Figure 152 Subnet-based Ba ndwidt h Management Example 21.4 Application and Subnet-based Bandwid th Management Y ou could also create bandwidth classes based [...]

  • Page 279

    P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 279 21.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one ba ndwidth class from using all of the interface’ s bandwidth. 21.6 Maximize Bandwid th Usage The maximize bandwi d[...]

  • Page 280

    P-2608HWL-Dx Series User’s Guide 280 Chapter 21 Bandwidth Management 21.6.2 Maximize Ba ndwid th Usag e Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each ba nd width class’ s bandwidth budget. The classes are set up based on subnets. The interface is set to 102[...]

  • Page 281

    P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 281 • Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the unbudgeted and unu sed bandwidth goes to the higher priority sales and marketing classes. 21.6.2.2 Fairness-based Allotmen t of Unused & Unbudgeted Bandwidth The following table sh[...]

  • Page 282

    P-2608HWL-Dx Series User’s Guide 282 Chapter 21 Bandwidth Management 21.7 Over Allotment of Bandwid th Y ou can set the bandwidth management speed fo r an interface higher than the interface’ s actual transmission speed. Higher priority traf fi c gets to use up to its allocated bandwidth, even if it takes up all of the interface’ s ava ilable[...]

  • Page 283

    P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 283 The following table describes the labels in this screen. 21.9 Bandwid th Management Rule Setup Y ou must use the Bandwidth Management Summary scr een to enab le bandwidth management on an interface before yo u can configure rules for that interface. Click Advanced > Bandwid[...]

  • Page 284

    P-2608HWL-Dx Series User’s Guide 284 Chapter 21 Bandwidth Management Figure 154 Bandwidth Management: Rule Setup The following table describes the labels in this screen. Table 112 Bandwidth Management: Rule Setup LABEL DESCRIPTION Direction Select LAN to a pply bandwidth management to traffic that the ZyXEL Device forwards to the LAN. Select WA N[...]

  • Page 285

    P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 285 21.9.1 Rule Configuration Click the Edit icon or User define in the Service field to configure a bandwidth mana gement rule. Use bandwidth rules to allocate specific amounts of bandwidth capacity (ban dwidth budgets) to specific applications and/or subnets. Figure 155 Bandwidt[...]

  • Page 286

    P-2608HWL-Dx Series User’s Guide 286 Chapter 21 Bandwidth Management Rule Name Use the auto-ge nerated name or en ter a descriptive name of up to 20 alphanumeric characters, including spaces. BW Budget S pecify the maximum bandwidth allowed for the rule in kbps. The recommendation is a setting between 20 kbps and 20000 kbps for an individual rule[...]

  • Page 287

    P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 287 21.10 Bandwid th Monitor T o view the ZyXEL Device’ s bandwidth usage and allotments, click Advanced > Bandwidth MGMT > Mon itor . The screen appe ars as shown. Select an interface from the drop-down list box to view the bandwidth usa ge of its bandwidth rules. Figure [...]

  • Page 288

    P-2608HWL-Dx Series User’s Guide 288 Chapter 21 Bandwidth Management[...]

  • Page 289

    P-2608HWL-Dx Series User ’s Guide Chapter 22 Dynamic DNS Setup 289 C HAPTER 22 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 22.1 Dynamic DNS Overview Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in Ne tMe[...]

  • Page 290

    P-2608HWL-Dx Series User’s Guide 290 Chapter 2 2 Dynamic DNS Setup Figure 157 Dynamic DNS The following table describes th e fields in this screen. Table 114 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider This is the name of your Dyn amic DNS service provide r . Dynami[...]

  • Page 291

    P-2608HWL-Dx Series User ’s Guide Chapter 22 Dynamic DNS Setup 291 Dynamic DNS server auto detect IP Address Select this option only when there are one or more NA T routers between the ZyXEL Device and the DDNS server . This feat ure has the DDNS server automatically detect and use the IP address of th e NA T router that has a public IP address. [...]

  • Page 292

    P-2608HWL-Dx Series User’s Guide 292 Chapter 2 2 Dynamic DNS Setup[...]

  • Page 293

    P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 293 C HAPTER 23 Remote Management Configuration This chapter provides information on config uring remote management. 23.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which ZyXEL Device interface (if any) from[...]

  • Page 294

    P-2608HWL-Dx Series User’s Guide 294 Chapter 23 Remote Ma nagement Configuration • Y ou have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match th e client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately . • There is already[...]

  • Page 295

    P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 295 2 HTTP connection requ ests from a web browser go to po rt 80 (by default) on the ZyXEL Device’ s WS (web server). Figure 158 HTTPS Implement ation Note: If you disable HTTP Se rver Access ( Disable ) in the REMOTE MGMT WWW screen, then the ZyXEL Device blocks all[...]

  • Page 296

    P-2608HWL-Dx Series User’s Guide 296 Chapter 23 Remote Ma nagement Configuration The following table describes the labels in this screen. 23.4 T elnet Y ou can configure your ZyXEL Device for remote T elnet access as shown next. The administrator uses T elnet from a computer on a remote network to access the ZyXEL Device. Table 115 Remote Mana ge[...]

  • Page 297

    P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 297 Figure 160 T e lnet Configuration on a TCP/IP Network 23.5 Configuring T elnet Click Advanced > Remote MGMT > Te l n e t tab to display the screen as shown. Figure 161 Remote Mana gement: T elnet The following table describes the labels in this screen. Table 1[...]

  • Page 298

    P-2608HWL-Dx Series User’s Guide 298 Chapter 23 Remote Ma nagement Configuration 23.6 Configuring FTP Y ou can upload and download the ZyXEL Devi ce’ s firmware and configuration file s using FTP , please see Chapter 27 on page 331 for details. T o use this feat ure, your comp uter must have an FTP client. T o change your ZyX EL Device’ s FTP[...]

  • Page 299

    P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 299 23.7 SNMP Simple Network Management Protocol (SNM P) i s a protoc ol used for ex changing management information b etween network devices. SNMP is a member of the TCP/IP protocol suite. Y our ZyXEL Device support s SNMP agent functiona lity , which allows a manager [...]

  • Page 300

    P-2608HWL-Dx Series User’s Guide 300 Chapter 23 Remote Ma nagement Configuration • GetNext - Allows the manager to retrieve th e next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Ge t operation, followed by a series of GetNext operations. [...]

  • Page 301

    P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 301 Figure 164 Remote Mana gement: SNMP The following table describes the labels in this screen. Table 119 Remote Mana gement: SNMP LABEL DESCRIPTION SNMP Port Y ou may change the server port number for a service if needed, howe ver you must use the same port number in [...]

  • Page 302

    P-2608HWL-Dx Series User’s Guide 302 Chapter 23 Remote Ma nagement Configuration 23.8 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 8 on page 105 for background information. T o change your ZyXEL Device’ s DNS settings, click Advanced > Remote MGMT > DNS [...]

  • Page 303

    P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 303 If an outside user attempts to probe an unsupp orted port on your ZyXEL Device , an ICMP response packet is automatically returned. This allows the ou tside user to know the ZyXEL Device exists. Y our ZyXEL Device supports anti- probing, which prevents the ICMP resp[...]

  • Page 304

    P-2608HWL-Dx Series User’s Guide 304 Chapter 23 Remote Ma nagement Configuration 23.10 TR-069 TR-069 is a protocol that de fines how your ZyXEL Device can be managed via a management server such as ZyXEL ’ s V antage CNM Access. An administrator can use CNM Access to remotely set up the ZyXEL Device, mo dify settings, perform firmware upgrades [...]

  • Page 305

    P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 305 periodicEnable [0:Disable/ 1:Enable] Whether or not the device must periodical ly send information to CNM Access. It is recommen ded to set this value t o 1 in order for the ZyXEL Device to send information to CNM Access. informInterval [sec] The duration in second [...]

  • Page 306

    P-2608HWL-Dx Series User’s Guide 306 Chapter 23 Remote Ma nagement Configuration[...]

  • Page 307

    P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 307 C HAPTER 24 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configura tor . 24.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer [...]

  • Page 308

    P-2608HWL-Dx Series User’s Guide 308 Chapter 24 Univer sal Plug-and-Play (UPnP) 24.1.3 Cautions with UPnP The automated nature of NA T traversal applications in establishing their own services and opening firewall ports ma y present network security issues. Network information and configuration may also be obtained and modifi ed by users in some [...]

  • Page 309

    P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 309 The following table describes the fields in this screen. 24.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP . Inst alling UPnP in Windows Me Follow the steps below to inst all the UPnP in W indows Me. 1 Cli[...]

  • Page 310

    P-2608HWL-Dx Series User’s Guide 310 Chapter 24 Univer sal Plug-and-Play (UPnP) Figure 169 Add/Remove Programs: Wind ows Setup: Communication 3 In the Communications window , select the Universal Plug and Play check box in the Components selection box. Figure 170 Add/Remove Programs: Wind ows Setup: Communication: Components 4 Click OK to go back[...]

  • Page 311

    P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 311 Inst alling UPnP in Windows XP Follow the steps below to inst all the UPnP in W indows XP . 1 Click St a r t and Control Panel . 2 Double-click Network Connections . 3 In the Network Connections window , click Advanced in the main menu and select Optional Networking [...]

  • Page 312

    P-2608HWL-Dx Series User’s Guide 312 Chapter 24 Univer sal Plug-and-Play (UPnP) Figure 173 Networking Services 6 Click OK to go back to the W indows Optional Networking Component W izard window and click Next . 24.4 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in W indows XP . Y ou must already have UPnP in[...]

  • Page 313

    P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 313 Figure 174 Network Connections 3 In the Internet Connection Properties window , click Setti ngs to see the port mappings there were automatically created. Figure 175 Internet Connection Properties[...]

  • Page 314

    P-2608HWL-Dx Series User’s Guide 314 Chapter 24 Univer sal Plug-and-Play (UPnP) 4 Y ou may edit or delete the port map pings or click Add to manually add port mappings. Figure 176 Internet Connection Properties: Adva nced Settings Figure 177 Internet Connection Proper ties: Adva nced Settings: Add 5 When the UP nP-enabled device is disconn ected [...]

  • Page 315

    P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 315 Figure 178 System T r ay Icon 7 Double-click on the icon to display yo ur curr ent Internet co nnection status. Figure 179 Internet Connection S tatus Web Configurator Eas y Access W ith UPnP , you c an access the web-based configurator on the ZyXEL Device without fi[...]

  • Page 316

    P-2608HWL-Dx Series User’s Guide 316 Chapter 24 Univer sal Plug-and-Play (UPnP) Figure 180 Network Connections 4 An icon with the description for e ach UPnP-enabled device display s under Local Network . 5 Right-click on the icon for your ZyXEL Device an d select Invoke . The web configurator login screen displays.[...]

  • Page 317

    P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 317 Figure 181 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Pr operties . A properties window displays with basic info rmation about the ZyXEL Device. Figure 182 Network Connections: My Networ k Places: Properties: Exa[...]

  • Page 318

    P-2608HWL-Dx Series User’s Guide 318 Chapter 24 Univer sal Plug-and-Play (UPnP)[...]

  • Page 319

    P-2608HWL-Dx Series User ’s Guide Chapter 25 System 319 C HAPTER 25 System Use this screen to configure the ZyXEL Device’ s time and date settings. 25.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However , because some ISPs check this name you s[...]

  • Page 320

    P-2608HWL-Dx Series User’s Guide 320 Chapter 25 Syst em Figure 183 System General Setu p The following table describes the labels in this screen. T able 124 System Gene ral Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identificatio n purposes. It is recommended you enter your computer’s “Compu ter name” in[...]

  • Page 321

    P-2608HWL-Dx Series User ’s Guide Chapter 25 System 321 25.2 T ime Setting T o change your ZyXEL De vice’ s time and date, click Maintenance > System > Time Setting . The screen appears as shown. Use this screen to configure the ZyXEL Device’ s time based on your local time zone. Figure 184 System T ime Setting The following table descr[...]

  • Page 322

    P-2608HWL-Dx Series User’s Guide 322 Chapter 25 Syst em New T ime (hh:mm:ss) This field displays the last updated ti me from the time server or the last time configured manually . When you set Time and Date Setup to Manual , enter the new time in this field and then click Apply . New Date (yyyy/mm/dd) This field displays the last updated date fro[...]

  • Page 323

    P-2608HWL-Dx Series User ’s Guide Chapter 25 System 323 End Date Configure the day and time when Da ylight Saving Time ends if you selected Enable Daylight Saving . The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United S tates on the last Sunday of October . Each time zone in the Un[...]

  • Page 324

    P-2608HWL-Dx Series User’s Guide 324 Chapter 25 Syst em[...]

  • Page 325

    P-2608HWL-Dx Series User ’s Guide Chapter 26 Logs 325 C HAPTER 26 Logs This chapter contains inform ation about configuring genera l log settings and viewing the ZyXEL Device’ s logs. Refer to the append ix for example log message explanations. 26.1 Logs Overview The web confi gurator allows you to choose which c ategories of events and/or aler[...]

  • Page 326

    P-2608HWL-Dx Series User’s Guide 326 Chapter 26 Logs Figure 185 V iew Log The following table describes the fields in this screen. 26.3 Configuring Log Settings Use the Log Settings screen to configure to where the Zy XEL Device is to send logs; the schedule for when the ZyXEL Device is to send the logs and which logs and/or immediate alerts the [...]

  • Page 327

    P-2608HWL-Dx Series User ’s Guide Chapter 26 Logs 327 Alerts are e-mailed as soon as they happen. Logs may be e-ma iled as soon as the log is full. Selecting many alert and/or log categories (especially Access Control ) may result in many e- mails being sent. Figure 186 Log Settings The following table describes the fields in this screen. Table 1[...]

  • Page 328

    P-2608HWL-Dx Series User’s Guide 328 Chapter 26 Logs Send Log to The ZyXEL Device sen ds logs to the e-mail add ress specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail. Send Alerts to Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error , or fo r[...]

  • Page 329

    P-2608HWL-Dx Series User ’s Guide Chapter 26 Logs 329 26.4 SMTP Error Messages If there are difficulties in sending e-mail the following error message appears. “SMTP action request failed. ret= ??". The “??"are described in the following table. 26.4.1 Example E-mail Log An "End of Log" message displays for each ma il in wh[...]

  • Page 330

    P-2608HWL-Dx Series User’s Guide 330 Chapter 26 Logs Figure 187 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1| Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:0052 0 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.168.1.1[...]

  • Page 331

    P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 331 C HAPTER 27 To o l s This chapter explains how to upload new firm ware, manage configuration files and restart your ZyXEL Device. Note: Do not interrupt the file transfer p rocess as this may PERMANENTL Y DAMAGE YOUR ZyXEL Device. 27.1 Introduction Use the instructions in this chapter to chan[...]

  • Page 332

    P-2608HWL-Dx Series User’s Guide 332 Chapter 27 Tools This is a sample FTP session saving the cu rrent configuration to the computer file “ config.cfg ”. If your (T)FTP client does not allow you to ha ve a destination filena me different than the source, you will need to rena me them as the ZyXEL Device only recognizes “rom-0” and “ras?[...]

  • Page 333

    P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 333 Figure 188 Firmware Upgr ade The following table describes the labels in this screen. Note: Do NOT turn off th e ZyXEL Device while firmware upload is in pro gress! After you see the Firmware Upload in Pr ogress screen, wait two minutes before logging into the ZyXEL Device again. Figure 189 F[...]

  • Page 334

    P-2608HWL-Dx Series User’s Guide 334 Chapter 27 Tools Figure 190 Network T e mporarily Disconnected After two minutes, log in again an d check your new firmware version in the St a t u s screen. If the upload was not successful, the following screen will appear . Click Return to go back to the Firmwar e screen. Figure 191 Error Message 27.5 Backu[...]

  • Page 335

    P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 335 Figure 192 Configuration 27.5.1 Backup Configuration Backup Configuration allows you to back up (save) the ZyXE L Device’ s current configuration to a file on your co mputer . Once your ZyXEL Device i s configured and functioning prop erly , it is highly recommended that you b ack up your c[...]

  • Page 336

    P-2608HWL-Dx Series User’s Guide 336 Chapter 27 Tools After you see a “restore configuration successf ul” scree n, you must then wait one minute before logging into th e ZyXEL Device again. Figure 193 Configuration Upload Successfu l The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating[...]

  • Page 337

    P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 337 Figure 196 Reset In Process Message Y ou can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to Section 2.1.2 on pag e 48 for more info rmation on the RESET button. 27.6 Rest art System restart allows you t o reboot the Zy XEL Device wit[...]

  • Page 338

    P-2608HWL-Dx Series User’s Guide 338 Chapter 27 Tools 4 Enter your password as requested (the default is “1234”). 5 Enter “ bin ” to set transfer mode to binary . 6 Use “ get ” to transfer files from the ZyXEL Devi ce to the computer , for example, “ get rom-0 config.rom ” transfers the configuration file on the ZyXEL Device to yo[...]

  • Page 339

    P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 339 27.7.4 Backup Configuration Using TFTP The ZyXEL Device supports the up/downlo ading of the firmware and the configuratio n file using TFTP (T rivial File T ransfer Protocol) ov er LAN. Although TFTP should work over W AN as well, it is not recommended. T o use TFTP , your computer must have [...]

  • Page 340

    P-2608HWL-Dx Series User’s Guide 340 Chapter 27 Tools 27.7.6 Configuration Backup Using GUI-based TFTP Client s The following table describes some of the fiel ds that you may see in GUI-based TFTP clients. Refer to Section 27.3 on page 332 to read about configurations that disallow TFTP and FTP over W AN. 27.8 Using FTP or TFTP to Restore Configu[...]

  • Page 341

    P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 341 27.8.1 Restore Usin g FTP Session Example Figure 199 Restore Using FTP Session Example Refer to Section 27.3 on page 332 to read about configuratio ns that disallow TFTP and FTP over W AN. 27.9 FTP and TFTP Firmware and Configuration File Uploads This section shows yo u how to upload firmware[...]

  • Page 342

    P-2608HWL-Dx Series User’s Guide 342 Chapter 27 Tools 27.9.2 FTP Session Exampl e of Firmware File Upload Figure 200 FTP Session Example of Firmware File Upload More commands (found in GUI-based FTP clie nts) are listed earlier in this chapter . Refer to Section 27.3 on pa ge 332 to read about configurations that disallow TFTP and FTP over W AN. [...]

  • Page 343

    P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 343 27.9.4 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras Where “i” specifies binary image transfer mode (u se this mode when transferring binary files), “host” is the device’ s IP address, “put” transfer s the file source o[...]

  • Page 344

    P-2608HWL-Dx Series User’s Guide 344 Chapter 27 Tools[...]

  • Page 345

    P-2608HWL-Dx Series User ’s Guide Chapter 28 Diagnostic 345 C HAPTER 28 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 28.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 201 Diagnostic: General The following table describes th e fields in thi[...]

  • Page 346

    P-2608HWL-Dx Series User’s Guide 346 Chapter 28 Diagnostic Figure 202 Diagnostic: DSL Line The following table describes th e fields in this screen. Table 135 Diagnostic: DSL Line LABEL DESCRIPTION A TM S tatus Click this button to view your DSL connection’s Asynchronous T ransfer Mode (A TM) statistics. A TM is a networking technology that pro[...]

  • Page 347

    P-2608HWL-Dx Series User ’s Guide Chapter 28 Diagnostic 347 DSL Line S tatus Click this button to view stat istics about the DSL connections. noise margin downstream is th e signal to noise ratio for the dow nstream part of the connection (coming into the ZyXEL Device from the ISP). It is meas ured in decibels. The highe r the number the mo re si[...]

  • Page 348

    P-2608HWL-Dx Series User’s Guide 348 Chapter 28 Diagnostic[...]

  • Page 349

    P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 349 C HAPTER 29 T roubleshooting This chapter covers potential proble ms and the corresponding remedies. 29.1 Problems St arting Up the ZyXEL Device 29.2 Problems with the LAN Table 136 Troubleshooting Starting Up Your Device PROBLEM CORRECTIVE ACTION None of the lights turn on when I t[...]

  • Page 350

    P-2608HWL-Dx Series User’s Guide 350 Chapter 29 Troublesh ooting 29.3 Problems with the W AN Table 138 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL light is off. Check the telephone wire and connection s between the ZyXEL Device DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up[...]

  • Page 351

    P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 351 29.4 Problems Accessi ng the ZyXEL Device 29.4.1 Pop-up Windows, Ja vaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-up windows from your device. • JavaScripts (enabled by default). Table 139 Troubleshooting Accessing You[...]

  • Page 352

    P-2608HWL-Dx Series User’s Guide 352 Chapter 29 Troublesh ooting • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may va ry . 29.4.1.1 Internet Explorer Pop-up Blockers Y ou may have to disable pop-up b locking to log into y our device. Either disable pop-up b[...]

  • Page 353

    P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 353 Figure 204 Intern et Options 3 Click Apply to save this setting. 29.4.1.1.2 Enable pop-up Blockers with Exceptions Alternatively , if you only want to allow pop-up win dows from your device, see the following steps. 1 In Internet Explorer , select To o l s , Internet Options and the[...]

  • Page 354

    P-2608HWL-Dx Series User’s Guide 354 Chapter 29 Troublesh ooting Figure 205 Internet Options 3 T ype the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites .[...]

  • Page 355

    P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 355 Figure 206 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 29.4.1.2 JavaScript s If pages of the web configura tor do not display properly in Inte rnet Explorer , ch eck that JavaScripts are allowed. 1 In Internet Explorer ,[...]

  • Page 356

    P-2608HWL-Dx Series User’s Guide 356 Chapter 29 Troublesh ooting Figure 207 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting . 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is sele cted (the default). 6 Click OK to clos e the window [...]

  • Page 357

    P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 357 Figure 208 Security Settings - Java Scripting 29.4.1.3 Java Permissions 1 From Internet Explorer , click To o l s , In ternet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM . 4 Under Java permissions ma ke sure that a safety leve[...]

  • Page 358

    P-2608HWL-Dx Series User’s Guide 358 Chapter 29 Troublesh ooting Figure 209 Security Settings - Java 29.4.1.3.1 JA V A (Sun) 1 From Internet Explorer , click To o l s , In ternet Options and then the Adva nced tab. 2 make sure that Use Java 2 for <applet> u nder Java (Sun) is selected. 3 Click OK to clos e the window .[...]

  • Page 359

    P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 359 Figure 210 Java (Sun) 29.5 T elephone Problems Table 140 Troubleshooting Telephone PROBLEM CORRECTIVE ACTION The telephone port won’t work or the telephone lacks a dial to ne. Check the telephone con nections and telephone wire. Make sure you have the V oIP SIP Settings screen pro[...]

  • Page 360

    P-2608HWL-Dx Series User’s Guide 360 Chapter 29 Troublesh ooting[...]

  • Page 361

    P-2608HWL-Dx Series User ’s Guide Appendix A Product Specifications 361 A PPENDIX A Product S pecifications See also Chapter 1 on pa ge 41 for a general overview of the key features. S pecification T a bles Firmware S pecifications Table 141 Device Specifications Default IP Address 192.168.1 .1 Default Subnet Mask 255.255 .255.0 (24 bits) Default[...]

  • Page 362

    P-2608HWL-Dx Series User’s Guide 362 Appendix A Product Specifications IEEE 802.1 1b/g Wireless LAN The ZyXEL Device can serve as an IEEE 802.1 1g wireless access point. Expand your network by allowing IEEE 802.1 1g and IEEE 802.1 1b devices to connect to your network. Wireless Security The ZyXEL Device supports WEP encryption for basic security [...]

  • Page 363

    P-2608HWL-Dx Series User ’s Guide Appendix A Product Specifications 363 TR-069 TR-069 is a protocol that defines how your ZyXEL Device can be managed via a management server such as ZyXEL ’s V antage CNM Access. The manageme nt server can securely manage and update con figuration changes in ZyXEL Devices. Firewall Y our device has a stateful in[...]

  • Page 364

    P-2608HWL-Dx Series User’s Guide 364 Appendix A Product Specifications Table 143 Firmware Specifications ADSL S tandards Su pport ITU G .992.1 G .dmt (Annex B, U-R2) EOC specified in ITU-T G . 992.1 ADSL2 G .dmt.bis (G .992.3) ADSL2 G .l ite.bis (G .99 2.4) ADSL 2/2+ AnnexM ADSL2+ (G .992.5) Reach-Extended ADSL (RE ADSL) SRA (Seamless Rate Adapta[...]

  • Page 365

    P-2608HWL-Dx Series User ’s Guide Appendix A Product Specifications 365 Wireless IEEE 802.1 1g Compliance Frequency Range: 2.4 GHz ISM Band Advanced Orthogonal Frequency Divisio n Multiplexing (OFDM) Data Ra tes: 54Mbp s, 1 1Mbps, 5.5M bps, 2Mbps, and 1 Mbps Auto Fallback WP A/WP A2 security WMM IEEE 802.1 1i IEEE 802.1 1e Wired Equivalent Privac[...]

  • Page 366

    P-2608HWL-Dx Series User’s Guide 366 Appendix A Product Specifications P-2608HW/HWL-Dx Series Power Adaptor Specifications V oice Features SIP ve rsion 2 (Session Initiating Protocol RFC 3261) SDP (Session Description Protocol RFC 2327) RTP (RFC 1889) RTCP (RFC 1890) V oice codecs (co der/decoders) G .71 1, G .729 G .16 8 echo cancellation (8ms ~[...]

  • Page 367

    P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 367 A PPENDIX B Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed. W indows 95/98/Me/NT/2000/XP , Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the sof[...]

  • Page 368

    P-2608HWL-Dx Series User’s Guide 368 Appendix B Setting up Your Computer’s IP Add ress Figure 21 1 WIndows 95/98/Me: Network: Configuration Inst alling Component s The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microsof t Networks. If you need the ad[...]

  • Page 369

    P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 369 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect. Configuring 1 In the Network window Configuration tab[...]

  • Page 370

    P-2608HWL-Dx Series User’s Guide 370 Appendix B Setting up Your Computer’s IP Add ress Figure 213 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’ s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and [...]

  • Page 371

    P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 371 Figure 214 Windows XP: S tart Menu 2 For W indows XP , click Network Connections . For W indows 2000/NT , click Network and Dial-up Connections . Figure 215 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .[...]

  • Page 372

    P-2608HWL-Dx Series User’s Guide 372 Appendix B Setting up Your Computer’s IP Add ress Figure 216 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and click Properties . Figure 217 Windows XP: Local Area Conne ction Properties 5 The Internet Pr otocol TCP/IP Prop[...]

  • Page 373

    P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 373 • If you have a static IP address click Use the following IP Address and fill in the IP addr ess , Subnet mask , and Default gateway fields. Click Advanced . Figure 218 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP addres[...]

  • Page 374

    P-2608HWL-Dx Series User’s Guide 374 Appendix B Setting up Your Computer’s IP Add ress • Click Obtain DNS server address automatically if you do not know your DNS server IP addre ss(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses , and type them in the Preferr ed DNS server and Alternate DNS s[...]

  • Page 375

    P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 375 Figure 220 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 221 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list. 4 For statically assigned settings, d[...]

  • Page 376

    P-2608HWL-Dx Series User’s Guide 376 Appendix B Setting up Your Computer’s IP Add ress •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Contr ol Panel .[...]

  • Page 377

    P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 377 Figure 223 Macintosh O S X: Networ k 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x. • T ype your subnet mask in the Subnet mask box. • T ype the IP[...]

  • Page 378

    P-2608HWL-Dx Series User’s Guide 378 Appendix B Setting up Your Computer’s IP Add ress[...]

  • Page 379

    P-2608HWL-Dx Series User ’s Guide Appendix C IP Addresses and Subn etting 379 A PPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. Y ou use subnet masks to subdivid e a network in to smaller logical networks. Introduction to IP Addresses An IP address has two parts: the network numb e[...]

  • Page 380

    P-2608HWL-Dx Series User’s Guide 380 Appendix C IP Addresses a n d Subnetting The following table shows the network number and host ID arrangement for classes A, B and C. An IP address with host IDs of all zeros is the IP address of the n etwork (192.168. 1.0 for example). An IP address with host IDs of all ones is the broadcast address for that [...]

  • Page 381

    P-2608HWL-Dx Series User ’s Guide Appendix C IP Addresses and Subn etting 381 Subnet Masks A subnet mask is used to dete rmine which bits are part of th e network number , and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits. If a b it in the subnet mask is a “1” then the correspo nding bit in th e[...]

  • Page 382

    P-2608HWL-Dx Series User’s Guide 382 Appendix C IP Addresses a n d Subnetting The first mask shown is the class “C” natural m ask. Normally if no mask is specified it is understood that the natura l mask is being used. Example: T wo Subnet s As an example, you have a class “C” address 1 92.168.1.0 wi th subnet mask of 255.255.255 .0. The [...]

  • Page 383

    P-2608HWL-Dx Series User ’s Guide Appendix C IP Addresses and Subn etting 383 Host IDs of all zeros represent the subnet itsel f and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 2 7 – 2 or 126 h o sts for each subnet. 192.168.1.0 with mask 255.255.[...]

  • Page 384

    P-2608HWL-Dx Series User’s Guide 384 Appendix C IP Addresses a n d Subnetting Example Eight Subnet s Similarly use a 27-bit mask to create eight subnets (000, 001, 010 , 01 1, 100, 101, 1 10 and 111 ) . Subnet Address: 192.1 68.1.0 Lowest Ho st ID: 192.168.1.1 Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62 Table 153 Subnet 2 IP/SUB[...]

  • Page 385

    P-2608HWL-Dx Series User ’s Guide Appendix C IP Addresses and Subn etting 385 The following table shows class C IP ad dress last octet values for each subnet. The following table is a summary for class “C” subnet planning. Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet ma sk also determi[...]

  • Page 386

    P-2608HWL-Dx Series User’s Guide 386 Appendix C IP Addresses a n d Subnetting The following table is a summary for class “B” subnet planning. Table 158 Class B Subnet Planning NO. “BORROWED” HOST BIT S SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.128.0 (/17) 2 32766 2 255.255.192.0 (/18) 4 16382 3 255.255.224.0 (/19) 8 8190 4 25[...]

  • Page 387

    P-2608HWL-Dx Series User ’s Guide Appendix D Common Services 387 Appendix D Common Services The commonly used services and port numbers ar e shown in the following table. Please refer to RFC 1700 for further information about port numbers. Next to the name of the service, two fields appear in brackets. The first field indicat es the IP protocol t[...]

  • Page 388

    P-2608HWL-Dx Series User’s Guide 388 Appendix D Common Services NFS(UDP:2049) Network File System - NFS is a clie nt/server distributed file service that provides transparent file sharing for network environments. NNTP(TCP:1 19) Netwo rk News T ransport Protocol is the delivery mechani sm for the USENET newsg roup service. PING(ICMP:0) Packet INt[...]

  • Page 389

    P-2608HWL-Dx Series User ’s Guide Appendix E Importin g Certificates 389 A PPENDIX E Importing Certificates This appendix shows importing certificat es examples using In ternet Ex plorer 5. Import Prestige Certificates into Net scape Navigator In Netscape Navigator , you can permanently trus t the Prestige’ s server certificate by importing it [...]

  • Page 390

    P-2608HWL-Dx Series User’s Guide 390 Appe ndix E Importing Certificates Figure 225 Login Screen 2 Click Install Certificate to open the Install Certificate wizard. Figure 226 Certificate General Information befor e Import 3 Click Next to begin the Install Certificate wizard.[...]

  • Page 391

    P-2608HWL-Dx Series User ’s Guide Appendix E Importin g Certificates 391 Figure 227 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next . Figure 228 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard.[...]

  • Page 392

    P-2608HWL-Dx Series User’s Guide 392 Appe ndix E Importing Certificates Figure 229 Certificate Import Wizard 3 6 Click Ye s to add the Prestige certificate to the root store. Figure 230 Root Certificate S tore[...]

  • Page 393

    P-2608HWL-Dx Series User ’s Guide Appendix E Importin g Certificates 393 Figure 231 Certificate General Information af ter Import Enrolling and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the Prestige. Y ou must have imported at least one trus ted CA to the Prestige in or[...]

  • Page 394

    P-2608HWL-Dx Series User’s Guide 394 Appe ndix E Importing Certificates Figure 232 Prestige T rusted CA Screen The CA sends you a package containing the CA ’ s truste d certificate(s), your personal certificate(s) and a password to inst all the personal certificate(s). Inst alling the CA ’ s Certificate 1 Double click the CA ’ s trusted cer[...]

  • Page 395

    P-2608HWL-Dx Series User ’s Guide Appendix E Importin g Certificates 395 Inst alling Y o ur Personal Certificate(s) Y ou need a password in advance. The CA may is sue the password or you may have to sp ecify it during the enrollment. Double-click the person al certificate given to you by the CA to produce a screen simi lar to the one shown next 1[...]

  • Page 396

    P-2608HWL-Dx Series User’s Guide 396 Appe ndix E Importing Certificates Figure 236 Personal Certificate Import Wizard 3 4 Have the wizard determine where the certificat e should be saved on your computer or select Place all certificates in the following stor e and choose a different location. Figure 237 Personal Certificate Import Wizard 4 5 Clic[...]

  • Page 397

    P-2608HWL-Dx Series User ’s Guide Appendix E Importin g Certificates 397 Figure 238 Personal Certificate Import Wizard 5 6 Y ou should see the following screen when the ce rtificate is correctly installed on your computer . Figure 239 Personal Certificate Import Wizard 6 Using a Certificate When Accessing the Prestige Example Use the following pr[...]

  • Page 398

    P-2608HWL-Dx Series User’s Guide 398 Appe ndix E Importing Certificates Figure 241 SSL Client Authentication 3 Y ou next see the Prestige login screen. Figure 242 Prestige Secure Login Screen[...]

  • Page 399

    P-2608HWL-Dx Series User ’s Guide Appendix F Triangl e Route 399 A PPENDIX F T riangle Route The Ideal Setup When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology , a ll incoming and outgoing network traf fic passes through the ZyXEL Device to pr otect your LAN against [...]

  • Page 400

    P-2608HWL-Dx Series User’s Guide 400 Appendix F Tria ngle Route Figure 244 “T riangle Route” Problem The “T riangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Y our ZyXEL Devi[...]

  • Page 401

    P-2608HWL-Dx Series User ’s Guide Appendix F Triangl e Route 401 Figure 245 IP Alias Gateways on the W AN Side A second solution to the “triangle route” problem is to put all of your network gateways on the W AN side as the following figure shows. This en sure s that all incoming network traffic passes through your ZyXEL Device to your LAN. T[...]

  • Page 402

    P-2608HWL-Dx Series User’s Guide 402 Appendix F Tria ngle Route[...]

  • Page 403

    P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 403 A PPENDIX G Log Descriptions This appendix provides descrip tions of example log messages. Table 160 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server . Time calibration failed T[...]

  • Page 404

    P-2608HWL-Dx Series User’s Guide 404 Appendix G Log Descriptions Successful HTTPS login Someone has log ged on to the router's web configurator interface using HTTPS protocol. HTTPS login failed Someone has faile d to log on to the router's web configurator interface using HTTPS protocol. Table 161 System Error Logs LOG MESSAGE DESCRIPT[...]

  • Page 405

    P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 405 For type and code details, see T able 173 on page 409 . Table 163 TCP Reset Lo gs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was u nder a SYN flood attack (the TCP incomplete count is per desti nation host.) Exceed TC[...]

  • Page 406

    P-2608HWL-Dx Series User’s Guide 406 Appendix G Log Descriptions Triangle route packet forwarded: ICMP The firewall allow ed a triangle route session to pass through. Packet without a NAT table entry blocked: ICMP The router blocked a packet that didn’t have a corresponding NA T table entry . Unsupported/out-of-order ICMP: ICMP The firewall doe[...]

  • Page 407

    P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 407 For type and code details, see T able 173 on page 409 . Table 168 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can p ass thro ugh the firewall. Table 169 Content Filterin g Logs LOG MESSAGE DESCRIPTION %s: block keyword The content of a requested web p [...]

  • Page 408

    P-2608HWL-Dx Series User’s Guide 408 Appendix G Log Descriptions ip spoofing - no routing entry ICMP (type:%d, code:%d) The firewall classified an ICMP packet with no source routing entry as an IP spoofing attack. vulnerability ICMP (type:%d, code:%d) The firewall detecte d an ICMP vulnerability attack. traceroute ICMP (type:%d, code:%d) The fire[...]

  • Page 409

    P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 409 No Server to authenticate user. Th ere is no authentication serv er to authenticate a user . Local User Database does not find user`s credential. A user was not authenticated by the local user database because the user is not listed in th e local user database. Table 172 ACL Settin[...]

  • Page 410

    P-2608HWL-Dx Series User’s Guide 410 Appendix G Log Descriptions 11 T ime Exceeded 0 T ime to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 T imestamp 0 T imestamp request message 14 T imestamp Reply 0 T imestamp reply message 15 Information Request 0 Information request message[...]

  • Page 411

    P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 411 Table 176 RTP Logs LOG MESSAGE DESCRIPTION Error, RTP init fail The initialization of an RTP session failed. Error, Call fail: RTP connect fail A V oIP phone call failed because the RTP session could not be established. Error, RTP connection cannot close The termination of an RTP s[...]

  • Page 412

    P-2608HWL-Dx Series User’s Guide 412 Appendix G Log Descriptions The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to RFC 2408 for detail ed information on each type. Log Commands Go to the command in terpreter interface ( Appendix I on page 42 3 explains how to access and use the commands). Configuring W[...]

  • Page 413

    P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 413 Figure 248 Displaying Log Para meters Example 4 Use sys logs category foll owed by a log category and a parameter to decide what to record. Use 0 to not record logs for that category , 1 to record only logs fo r that category , 2 to record only alerts for that category , and 3 to r[...]

  • Page 414

    P-2608HWL-Dx Series User’s Guide 414 Appendix G Log Descriptions Log Command Example This example shows how to set the ZyXEL Devi ce to record the acc ess logs and alerts and then view the results. Figure 249 Log Command Example ras> sys logs load ras> sys logs category access 3 ras> sys logs save ras> sys logs display access # .time [...]

  • Page 415

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 415 A PPENDIX H Internal SPTGEN Internal SPTGEN Overview Internal SP TGEN (System Parame ter T able Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices. Internal SP TGEN lets you configure, save and upload multiple menus at the same time[...]

  • Page 416

    P-2608HWL-Dx Series User’s Guide 416 Appendix H Internal SPTG EN Some parameters are dependent on othe rs. For example, if you disable the Configur ed field in menu 1 (see Figure 250 on page 415 ), then you disable every field in this me nu. If you enter a parameter that is invalid in the In put column, the ZyXEL Device will not save the configur[...]

  • Page 417

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 417 Figure 253 Internal SP TGEN FTP Download Example Note: Y ou can rename your “ rom-t ” file when you save it to your computer but it must be named “ rom-t ” when you uplo ad it to your ZyXEL Device. Internal SPTGEN FTP Upload Example 1 Launch your FTP application. 2 Enter &q[...]

  • Page 418

    P-2608HWL-Dx Series User’s Guide 418 Appendix H Internal SPTG EN The following are the Internal SP TGEN menus. PV A Pa rameter V alues Allo wed INPUT An example of what you may enter * Applies to the ZyXEL Device. Table 181 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIA TION MEANING Table 182 Menu 1 General Setu p / Menu[...]

  • Page 419

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 419 FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Client IP Pool Starting Address = 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.0.0.0 30200005 = Secondary DNS Server = 0.0.0.0 30200006 = Remote DHCP Serv[...]

  • Page 420

    P-2608HWL-Dx Series User’s Guide 420 Appendix H Internal SPTG EN 30201008 = IP Alias #1 Incoming protocol filters Set 3 = 256 30201009 = IP Alias #1 Incoming protocol filters Set 4 = 256 30201010 = IP Alias #1 Outgoing protocol filters Set 1 = 256 30201011 = IP Alias #1 Outgoing protocol filters Set 2 = 256 30201012 = IP Alias #1 Outgoing protoco[...]

  • Page 421

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 421 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = WEP <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)> = 0 30500007 = Default Key <1|2|3|4> = 0 30500008 = WEP Key1 = 30500009 = WEP Key2 = 30500010 = WEP Key3 = [...]

  • Page 422

    P-2608HWL-Dx Series User’s Guide 422 Appendix H Internal SPTG EN 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name = ChangeMe 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> = 2 40000005 = Multiplexing <1(LLC-based) | 2(VC-based) = 1 40000006 = VPI # = 0 40000007 = VCI # = 35 40000008 = S[...]

  • Page 423

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 423 40000032= RIP Version <0(Ri p-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nailed-up Co nnection <0(No) |1(Yes)> = 0 Table 184 Menu 4 Internet Access Setup (con tinued) Table 185 Menu 12 / Menu 12.1.1 IP Static Route Setup FIN FN PVA INPUT 120101001 = IP Static Route set #1[...]

  • Page 424

    P-2608HWL-Dx Series User’s Guide 424 Appendix H Internal SPTG EN / Menu 12.1.4 IP Static Route Setup FIN FN PVA INPUT 120104001 = IP Static Route set #4, Name <Str> = 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> = 0 120104003 = IP Static Route set #4, Destination IP address = 0.0.0.0 120104004 = IP Static Route set #4, D[...]

  • Page 425

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 425 120107006 = IP Static Route set #7, Metric = 0 120107007 = IP Static Route set #7, Private <0(No) |1(Yes)> = 0 / Menu 12.1.8 IP Static Route Setup FIN FN PVA INPUT 120108001 = IP Static Route set #8, Name <Str> = 120108002 = IP Static Route set #8, Active <0(No) |1(Y[...]

  • Page 426

    P-2608HWL-Dx Series User’s Guide 426 Appendix H Internal SPTG EN 120111004 = IP Static Route set #11, Destination IP subnetmask = 0 120111005 = IP Static Route set #11, Gateway = 0.0.0.0 120111006 = IP Static Route set #11, Metric = 0 120111007 = IP Static Route set #11, Private <0(No) |1(Yes)> = 0 */ Menu 12.1.12 IP Static Route Set up FIN[...]

  • Page 427

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 427 120115002 = IP Static Route set #15, Active <0(No) |1(Yes)> = 0 120115003 = IP Static Route set #15, D estination IP address = 0.0.0.0 120115004 = IP Static Route set #15, D estination IP subnetmask = 0 120115005 = IP Static Route set #15, Gateway = 0.0.0.0 120115006 = IP Sta[...]

  • Page 428

    P-2608HWL-Dx Series User’s Guide 428 Appendix H Internal SPTG EN 150000014 = SUA Server #4 Port Start = 0 150000015 = SUA Server #4 Port End = 0 150000016 = SUA Server #4 Local IP address = 0.0.0.0 150000017 = SUA Server #5 Active <0(No) | 1(Yes)> = 0 150000018 = SUA Server #5 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000019 = SUA Serv[...]

  • Page 429

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 429 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000049 = SUA Server #11 Port Start = 0 150000050 = SUA Server #11 Port End = 0 150000051 = SUA Server #11 Local IP addr ess = 0.0.0.0 150000052 = SUA Server #12 Active <0(No) | 1(Yes)> = 0 150000053 = S[...]

  • Page 430

    P-2608HWL-Dx Series User’s Guide 430 Appendix H Internal SPTG EN / Menu 21.1.1.2 set #1, rule #2 FIN FN PVA INPUT 210102001 = IP Filter Set 1,Rule 2 Type <2(TCP/IP)> = 2 210102002 = IP Filter Set 1,Rule 2 Active <0(No)|1(Yes)> = 1 210102003 = IP Filter Set 1,Rule 2 Protocol = 6 210102004 = IP Filter Set 1,Rule 2 Dest IP address = 0.0.[...]

  • Page 431

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 431 210103013 = IP Filter Set 1,Rule 3 Act Match <1(check next)|2(forward)| 3(drop) = 3 210103014 = IP Filter Set 1,Rule 3 Act Not Match <1(check next)|2(forward)| 3(drop) = 1 / Menu 21.1.1.4 set #1, rule #4 FIN FN PVA INPUT 210104001 = IP Filter Set 1,Rule 4 Type <2(TCP/IP)&g[...]

  • Page 432

    P-2608HWL-Dx Series User’s Guide 432 Appendix H Internal SPTG EN 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask = 0 210105010 = IP Filter Set 1,Rule 5 Src Port = 0 210105011 = IP Filter Set 1,Rule 5 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0 210105013 = IP Filter Set 1,Rule 5 Act Match <1(check next)|2(for[...]

  • Page 433

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 433 / Menu 21.1.2.1 Filter set #2, rule #1 FIN FN PVA INPUT 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/IP)> = 2 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> = 1 210201003 = IP Filter Set 2, Rule 1 Protocol = 6 210201004 = IP Filter Set 2, Rule 1 De[...]

  • Page 434

    P-2608HWL-Dx Series User’s Guide 434 Appendix H Internal SPTG EN 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask = 0 210202010 = IP Filter Set 2,Rule 2 Src Port = 0 210202011 = IP Filter Set 2, Rule 2 Src Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 0 210202013 = IP Filter Set 2, Rule 2 Act Match <1(check next)|2([...]

  • Page 435

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 435 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes )> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP address = 0.0.0.0 210204005 = IP Filter Set 2, Rule 4 Dest Subnet Mask = 0 210204006 = IP Filter Set 2, Rule 4 Dest Por[...]

  • Page 436

    P-2608HWL-Dx Series User’s Guide 436 Appendix H Internal SPTG EN 210205011 = IP Filter Set 2, Rule 5 Src Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 0 210205013 = IP Filter Set 2, Rule 5 Act Match <1(check next)|2(forward)|3( drop)> = 3 210205014 = IP Filter Set 2, Rule 5 Act Not Match <1(check next)|2(forward)[...]

  • Page 437

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 437 Table 189 Menu 23 System Menus */ Menu 23.1 System Password Setup FIN FN PVA INPUT 230000000 = System Password = 1234 */ Menu 23.2 System security: radius server FIN FN PVA INPUT 230200001 = Authentication Server Configured <0(No) | 1(Yes)> = 1 230200002 = Authentication Serv[...]

  • Page 438

    P-2608HWL-Dx Series User’s Guide 438 Appendix H Internal SPTG EN Command Examples The following are example Internal SP TGEN screens associated with the ZyXEL Device’ s command interpreter commands. 230400008 = WPA Mixed Mode <0(Disable) |1(Enable)> = 0 230400009 = Data Privacy for Broadcast/ Multicast packets <0(TKIP) |1(WEP)> = 0 [...]

  • Page 439

    P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 439 FIN FN PVA INPUT 990000001 = ADSL OPMD <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> = 3 Table 191 Command Examples (continued) FIN FN PV A INPUT[...]

  • Page 440

    P-2608HWL-Dx Series User’s Guide 440 Appendix H Internal SPTG EN[...]

  • Page 441

    P-2608HWL-Dx Series User ’s Guide Index 441 Index A AAL5 364 AbS 156 active protocol 228 AH 228 and encapsulation 228 ESP 228 Address Resolution Protocol (ARP) 11 0 administrator passwor d 320 ADSL2 364 AH 228 and transport mode 229 alerts 326 alerts, and firewall 202 alerts, types of logs 325 ALG 149 alternative subnet mask notation 381 Analysis[...]

  • Page 442

    P-2608HWL-Dx Series User’s Guide 442 Index and cryptology 249 and directory servers 250 , 270 and IKE SA 225 and public-key cryptology 249 and public-private keys 249 and remote hosts 264 and remote managemen t 294 creating 254 file formats 253 generating requests 249 importing 253 remote hosts 267 replacing 251 revoked 250 storage space 251 trus[...]

  • Page 443

    P-2608HWL-Dx Series User ’s Guide Index 443 Domain Name System, See DNS domain name, and ISPs 319 domain name, of system 319 DoS 189 types 190 DoS (Denial of Service) basics 189 DoS thresholds, and firewall 213 DoS, attacks 190 DS Field 158 DS field 158 DSCPs 158 DSL line diagnostics 345 DTMF 156 DTMF Detection and Generation 366 Dual-T one Multi[...]

  • Page 444

    P-2608HWL-Dx Series User’s Guide 444 Index and Smurf attack 191 and SYN attack 191 and SYN Flood 190 and TCP/IP 190 and T ea rdrop 190 and three-way-handshake 190 and upper laye r protocols 196 application level 18 8 denial of service 188 guidelines for enhancing securi ty 196 introduction, ZyXEL 188 packet filtering 187 upper layer protocols 19 [...]

  • Page 445

    P-2608HWL-Dx Series User ’s Guide Index 445 passwor d 225 peer identity 224 pre-shared key 224 proposal 223 user name 225 IKE SA. See also VPN. importing certificates 253 importing trusted CA ’s 261 importing trusted remote hosts 267 installing UPnP 309 Integrated Access Device (IAD) 41 Internal SPTGEN 415 FTP Upload Ex ample 417 Points to Reme[...]

  • Page 446

    P-2608HWL-Dx Series User’s Guide 446 Index schedule 327 settings 326 sorting 325 syslog server 325 viewing 325 M MAC address filter a ction 134 MAC filter 134 Management Information Ba se (MIB) 299 Management Information Ba se, See MIB management software, SNMP 299 management tools 331 mapping rules, and NA T 148 maximizing bandwidth usage 279 Ma[...]

  • Page 447

    P-2608HWL-Dx Series User ’s Guide Index 447 pop-ups, browser settings 351 Port Forwarding 365 port forwarding 144 and servers 144 configuration 145 example 144 Power Adaptor 366 Power Adaptor S pecifi cations 366 PPP (Point-to-Point Protoc ol) Link Layer Protocol 364 PPP over A TM AAL5 36 4 PPP over Ethernet 364 PPPoE 89 benefits 89 PPPoE (Point-[...]

  • Page 448

    P-2608HWL-Dx Series User’s Guide 448 Index RFC 2684 364 RFC 3261 366 RFC 3489 155 RIP 108 direction 108 version 108 RIP (Routing Information Protocol) 108 romfile, configuration fi le 331 root class, and bandwidth management 280 router features 42 routing, st atic route 273 RTC P 366 RTP 154 , 366 rules LAN to W AN 202 rules, and bandwidth manage[...]

  • Page 449

    P-2608HWL-Dx Series User ’s Guide Index 449 configuration 274 example 273 reaching other networks 273 S torage Humidity 361 S torage T emperature 361 STUN 155 how it works 155 SUA 142 SUA (Single User Account) 142 SUA vs. NA T 142 subnet 379 subnet based bandwidth management 278 subnet mask 107 , 381 subnetting 381 supplementary phone services 16[...]

  • Page 450

    P-2608HWL-Dx Series User’s Guide 450 Index VBR-nRT 98 VBR-RT 98 VCI (Virtual Channel Identifier) 90 Virtual Channel Identifier (VCI) 90 virtual circuit (VC), and multiplexing 90 Virtual Local Area Network 159 Virtual Path Identifier (VPI) 90 virtual private networks. See VPN. VLAN 159 VLAN group 159 VLAN ID 159 VLAN ID tags 159 VLAN tag 159 V oic[...]

  • Page 451

    P-2608HWL-Dx Series User ’s Guide Index 451 Z zero configuration Internet access 94 ZyNOS 332 ZyNOS (ZyXEL Network Operating System) 331 ZyNOS firmware version 332 ZyXEL ’s firewall introduction 188[...]