C HAPTER 13 Dynamic DNS Setup 13.1 Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Chapter 13 Dynamic DNS Setup Figure 81 Network Setting > Dynamic DNS The following table describes the fields in this screen. Table 61 Network Setting > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider This is the website of your Dynamic DNS service provider. Host Name Type the domain name assigned to your AMG1312-T Series by your Dynamic DNS provider.
C HAPTER 14 Filters 14.1 Overview This chapter introduces three types of filters supported by the AMG1312-T Series. You can configure rules to restrict traffic by IP addresses, MAC addresses, IPv6 addresses and/or URLs. 14.1.1 What You Can Do in the Filter Screens • Use the IP/MAC Filter screen (Section 14.2 on page 163) to create IP and MAC filter rules. • Use the IPv6/MAC Filter screen (Section 14.3 on page 166) to create IPv6 and MAC filter rules. 14.1.
Chapter 14 Filters Figure 82 Security > Filter > IP/MAC Filter The following table describes the labels in this screen. Table 62 Security > Filter > IP/MAC Filter LABEL DESCRIPTION Rule Type Rule Type selection Select White List to specify traffic to allow and Black List to specify traffic to disallow. IP / MAC Filter Rule Editing IP / MAC Filter Rule Index Select the index number of the filter rule. Active Use this field to enable or disable the filter rule.
Chapter 14 Filters Table 62 Security > Filter > IP/MAC Filter (continued) LABEL DESCRIPTION Subnet Mask Enter the IP subnet mask for the destination IP address. Port Number Enter the destination port of the packets that you wish to filter. The range of this field is 0 to 65535. This field is ignored if it is 0. Protocol Select ICMP, TCP or UDP for the upper layer protocol. IP / MAC Filter Listing IP / MAC Filter Rule Index Select the index number of the filter set from the drop-down list box.
Chapter 14 Filters 14.3 IPv6/MAC Filter Use this screen to create and apply IPv6 filters. Click Security > Filter > IPv6/MAC Filter. The screen appears as shown. Figure 83 Security > Filter > IPv6/MAC Filter The following table describes the labels in this screen. Table 63 Security > Filter > IPv6/MAC Filter LABEL DESCRIPTION Rule Type Rule Type selection Select White List to specify traffic to allow and Black List to specify traffic to block.
Chapter 14 Filters Table 63 Security > Filter > IPv6/MAC Filter (continued) LABEL DESCRIPTION Destination Prefix Length Enter the prefix length for the destination IPv6 address. ICMPv6 Type Select the ICMPv6 message type to filter.
C HAPTER 15 Firewall 15.1 Overview This chapter shows you how to enable the AMG1312-T Series firewall. Use the firewall to protect your AMG1312-T Series and network from attacks by hackers on the Internet and control access to it. The firewall: • allows traffic that originates from your LAN computers to go to all other networks. • blocks traffic that originates on other networks from going to the LAN. • blocks SYN and port scanner attacks.
Chapter 15 Firewall 15.1.2 What You Need to Know About Firewall SYN Attack A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYNACKs are moved off the queue only when an ACK comes back or when an internal timer terminates the three-way handshake.
Chapter 15 Firewall Anti-Probing If an outside user attempts to probe an unsupported port on your AMG1312-T Series, an ICMP response packet is automatically returned. This allows the outside user to know the AMG1312-T Series exists. The AMG1312-T Series supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your AMG1312-T Series when unsupported ports are probed.
Chapter 15 Firewall The following table describes the labels in this screen. Table 64 Security > Firewall > General LABEL DESCRIPTION High This setting blocks all traffic to and from the Internet. Only local network traffic and LAN to WAN service (Telnet, FTP, HTTP, HTTPS, DNS, POP3, SMTP) is permitted. Medium This is the recommended setting. It allows traffic to the Internet but blocks anyone from the Internet from accessing any services on your local network.
Chapter 15 Firewall The following table describes the labels in this screen. Table 65 Security > Firewall > Default Action LABEL DESCRIPTION Packet Direction This is the direction of travel of packets (LAN to Router, LAN to WAN, WAN to Router, WAN to LAN). Firewall rules are grouped based on the direction of travel of packets to which they apply. For example, LAN to Router means packets traveling from a computer/subnet on the LAN to the AMG1312-T Series itself.
Chapter 15 Firewall 15.4 The Rules Screen Click Security > Firewall > Rules to display the following screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. Note: The firewall configuration screen shown in this section is specific to the following devices: P-The ordering of your rules is very important as rules are applied in turn. Figure 87 Security > Firewall > Rules The following table describes the labels in this screen.
Chapter 15 Firewall Table 66 Security > Firewall > Rules (continued) LABEL DESCRIPTION Destination Interface This column displays the destination interface to which this firewall rule applies. This is the interface through which the traffic is destined to leave the AMG1312-T Series. Please note that a blank source interface is equivalent to Any. Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule.
Chapter 15 Firewall Figure 88 Security > Firewall > Rules > Add The following table describes the labels in this screen. Table 67 Security > Firewall > Rules > Add LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Packets Use the drop-down list box to select whether to discard (Drop), deny and send an ICMP destination-unreachable message to the sender of (Reject) or allow the passage of (Permit) packets that match this rule.
Chapter 15 Firewall Table 67 Security > Firewall > Rules > Add (continued) LABEL DESCRIPTION Address Type Do you want your rule to apply to packets with a particular (single) IP, a range of IP addresses (for instance, 192.168.1.10 to 192.169.1.50), a subnet or any IP address? Select an option from the drop-down list box that includes: Single Address, Range Address, Subnet Address and Any Address. Start IP Address Enter the single IP address or the starting IP address in a range here.
Chapter 15 Firewall Figure 89 Security > Firewall > Rules: Edit: Edit Customized Services The following table describes the labels in this screen. Table 68 Security > Firewall > Rules: Edit: Edit Customized Services LABEL DESCRIPTION # This is the number of your customized port. Name This is the name of your customized service. Protocol This shows the IP protocol (TCP or UDP) that defines your customized service. Port Type This is the port number or range that defines your customized service.
Chapter 15 Firewall The following table describes the labels in this screen. Table 69 Security > Firewall > Rules: Edit: Edit Customized Services: Add/Edit LABEL DESCRIPTION Config Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP or UDP) that defines your customized port from the drop down list box. Port Configuration 178 Type Click Single to specify one port only or Port Range to specify a span of ports that define your customized service.
Chapter 15 Firewall 15.5 The DoS Screen Use this screen to enable DoS protection. Click Security > Firewall > Dos to display the following screen. Figure 91 Security > Firewall > Dos The following table describes the labels in this screen. Table 70 Security > Firewall > Dos LABEL DESCRIPTION Denial of Services Enable this to protect against DoS attacks. The AMG1312-T Series will drop sessions that surpass maximum thresholds. Apply Click this to save your changes.
Chapter 15 Firewall 15.5.1.1 Threshold Values If everything is working properly, you probably do not need to change the threshold settings as the default threshold values should work for most small offices. Tune these parameters when you believe the AMG1312-T Series has been receiving DoS attacks that are not recorded in the logs or the logs show that the AMG1312-T Series is classifying normal traffic as DoS attacks.
Chapter 15 Firewall The following table describes the labels in this screen. Table 71 Security > Firewall > DoS > Advanced LABEL DESCRIPTION TCP SYN-Request Count This is the rate of new TCP half-open sessions per second that causes the firewall to start deleting half-open sessions. When the rate of new connection attempts rises above this number, the AMG1312-T Series deletes half-open sessions as required to accommodate new connection attempts.
Chapter 15 Firewall • LAN to WAN These rules specify which computers on the LAN can access which computers or services on the WAN. By default, the AMG1312-T Series’s stateful packet inspection drops packets traveling in the following directions: • WAN to LAN These rules specify which computers on the WAN can access which computers or services on the LAN.
Chapter 15 Firewall 11 Protect against IP spoofing by making sure the firewall is active. 12 Keep the firewall in a secured (locked) room. 15.6.3 Security Considerations Note: Incorrectly configuring the firewall may block valid access or introduce security risks to the AMG1312-T Series and your protected network. Use caution when creating or deleting firewall rules and test your rules after you configure them.
Chapter 15 Firewall 1 A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on the WAN. 2 The AMG1312-T Series reroutes the SYN packet through Gateway A on the LAN to the WAN. 3 The reply from the WAN goes directly to the computer on the LAN without going through the AMG1312-T Series. As a result, the AMG1312-T Series resets the connection, as the connection has not been acknowledged. Figure 95 “Triangle Route” Problem WAN LAN 1 ISP 1 3 2 ISP 2 A 15.6.4.
Chapter 15 Firewall Figure 96 IP Alias Subnet 1 LAN WAN 1 ISP 1 4 2 ISP 2 3 Subnet 2 AMG1312-T Series User’s Guide A 185
C HAPTER 16 Parental Control 16.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the AMG1312-T Series performs parental control on a specific user. 16.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules. Click Security > Parental Control to open the following screen.
Chapter 16 Parental Control Table 72 Security > Parental Control (continued) LABEL DESCRIPTION Website Blocked This shows whether the website block is configured. If not, None will be shown. Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Delete icon to delete an existing rule. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 16.2.
Chapter 16 Parental Control Table 73 Parental Control: Add/Edit (continued) LABEL DESCRIPTION Parental Control Profile Name Enter a descriptive name for the rule. Home Network User Select the LAN user that you want to apply this rule to from the drop-down list box. If you select Custom, enter the LAN user’s MAC address. If you select All, the rule applies to all LAN users. Internet Access Schedule Day Select check boxes for the days that you want the AMG1312-T Series to perform parental control.
C HAPTER 17 Certificate 17.1 Overview The AMG1312-T Series can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 17.1.1 What You Can Do in this Chapter • Use the Local Certificates screen to view and import the AMG1312-T Series’s CA-signed certificates (Section 17.3 on page 189).
Chapter 17 Certificate • Web Server - This certificate secures HTTP connections. • SSH - This certificate secures remote connections. Click Security > Certificates to open the Local Certificates screen. Figure 99 Security > Certificates > Local Certificates The following table describes the labels in this screen. Table 74 Security > Certificates > Local Certificates LABEL DESCRIPTION WebServer Click Browse... to find the certificate file you want to upload.
Chapter 17 Certificate 17.4 The Trusted CA Screen Use this screen to view a summary list of certificates of the certification authorities that you have set the AMG1312-T Series to accept as trusted. The AMG1312-T Series accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities. Click Security > Certificates > Trusted CA to open the Trusted CA screen.
Chapter 17 Certificate Note: You must remove any spaces from the certificate’s filename before you can import the certificate. Figure 101 Trusted CA > Import The following table describes the labels in this screen. Table 76 Security > Certificates > Trusted CA > Import LABEL DESCRIPTION Certificate File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click Browse to find the certificate file you want to upload.
Chapter 17 Certificate Click Security > Certificates > Trusted CA to open the Trusted CA screen. Click the View icon to open the View Certificate screen. Figure 102 Trusted CA: View The following table describes the labels in this screen. Table 77 Trusted CA: View LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
C HAPTER 18 Logs 18.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the AMG1312-T Series log and then display the logs or have the AMG1312-T Series send them to an administrator (as e-mail) or to a syslog server. 18.1.1 What You Can Do in this Chapter • Use the Log screen to see the system logs for the categories that you select (Section 18.2 on page 195). 18.1.
Chapter 18 Logs Table 78 Syslog Severity Levels (continued) CODE SEVERITY 6 Informational: The syslog contains an informational message. 7 Debug: The message is intended for debug-level purposes. 18.2 The System Log Screen Click System Monitor > Log to open the System Log screen. Use the System Log screen to see the system logs for the categories that you select in the upper left drop-down list box. Figure 103 System Monitor > Log > System Log The following table describes the fields in this screen.
C HAPTER 19 Traffic Status 19.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. 19.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 19.2 on page 196). • Use the LAN screen to view the LAN traffic statistics (Section 19.3 on page 197). • Use the NAT screen to view the NAT status of the AMG1312-T Series’s client(s) (Section 19.4 on page 198). 19.
Chapter 19 Traffic Status Table 80 System Monitor > Traffic Status > WAN (continued) LABEL DESCRIPTION Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface. Drop This indicates the number of outgoing packets dropped on this interface. Packets Received Data This indicates the number of received packets on this interface.
Chapter 19 Traffic Status Table 81 System Monitor > Traffic Status > LAN (continued) LABEL DESCRIPTION Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface. Drop This indicates the number of outgoing packets dropped on this interface. Received (Packet) Data This indicates the number of received packets on this interface.
C HAPTER 20 User Account 20.1 Overview You can configure system password for different user accounts in the User Account screen. 20.2 The User Account Screen Use the User Account screen to configure system password. Click Maintenance > User Account to open the following screen. Figure 107 Maintenance > User Account The following table describes the labels in this screen.
C HAPTER 21 TR-069 Client 21.1 Overview The AMG1312-T Series supports TR-069 Amendment 1 (CPE WAN Management Protocol Release 2.0) and TR-069 Amendment 2 (CPE WAN Management Protocol v1.1, Release 3.0). TR-069 is a protocol that defines how your AMG1312-T Series (ZD) can be managed via a management server (MS) such as ZyXEL’s Vantage Access.
Chapter 21 TR-069 Client Figure 109 Maintenance > TR-069 Client The following table describes the fields in this screen. Table 84 Maintenance > TR-069 Client LINK DESCRIPTION CWMP Select Enable to allow the AMG1312-T Series to be managed by a management server or select Disable to not allow the AMG1312-T Series to be managed by a management server. ACS URL Type the IP address or domain name of the management server.
C HAPTER 22 System Settings 22.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 22.1.1 What You Can Do in the System Settings Screens • Use the System screen (Section 22.2 on page 202) to configure system settings. • Use the Time Setting screen (Section 22.3 on page 202) to set the system time. 22.2 The System Screen Use this screen to configure system admin password.
Chapter 22 System Settings Figure 111 Maintenance > System > Time Setting The following table describes the fields in this screen. Table 86 Maintenance > System > Time LABEL DESCRIPTION Current Date/Time Current Time This field displays the time and date of your AMG1312-T Series. Each time you reload this page, the AMG1312-T Series synchronizes the time and date with the time server. Time and Date Setup Manual Select this radio button to enter the time and date manually.
Chapter 22 System Settings Table 86 Maintenance > System > Time (continued) LABEL DESCRIPTION Daylight Savings Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening. Select this option if you use Daylight Saving Time. Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format.
C HAPTER 23 Firmware Upgrade 23.1 Overview This chapter explains how to upload new firmware to your AMG1312-T Series. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your AMG1312-T Series. 23.2 The Firmware Screen Click Maintenance > Firmware Upgrade to open the following screen.
Chapter 23 Firmware Upgrade Figure 113 Firmware Uploading The AMG1312-T Series automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 114 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, an error screen will appear. Click OK to go back to the Firmware Upgrade screen.
C HAPTER 24 Backup/Restore 24.1 Overview The Backup/Restore screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 24.2 The Backup/Restore Screen Click Maintenance > Backup/Restore. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Chapter 24 Backup/Restore Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your AMG1312-T Series. Table 88 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find it. Browse... Click this to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 24 Backup/Restore 24.3 The Reboot Screen System restart allows you to reboot the AMG1312-T Series remotely without turning the power off. You may need to do this if the AMG1312-T Series hangs, for example. Click Maintenance > Reboot. Click the Reboot button to have the AMG1312-T Series reboot. This does not affect the AMG1312-T Series's configuration.
C HAPTER 25 Remote Management 25.1 Overview Remote management allows you to determine which services/protocols can access which AMG1312-T Series interface (if any) from which computers. The following figure shows remote management of the AMG1312-T Series coming in from the WAN. Figure 120 Remote Management From the WAN LAN WAN HTTP Telnet Note: When you configure remote management to allow management from the WAN, you still need to configure a IP filter rule to allow access.
Chapter 25 Remote Management • Your AMG1312-T Series can act as an SNMP agent, which allows a manager station to manage and monitor the AMG1312-T Series through the network. Use the SNMP screen (see Section 25.5 on page 214) to configure through which interface(s) and from which IP address(es) users can use SNMP to access the AMG1312-T Series. • Use the DNS screen (Section 25.
Chapter 25 Remote Management Figure 121 Maintenance > RemoteMGMT > WWW The following table describes the labels in this screen. Table 89 Maintenance > RemoteMGMT > WWW LABEL DESCRIPTION Server Port This displays the service port number for accessing the AMG1312-T Series using HTTP or HTTPS. If the number is grayed out, it is not editable. Server Access Select the interface(s) through which a computer may access the AMG1312-T Series using this service.
Chapter 25 Remote Management 25.3 The Telnet Screen You can use Telnet to access the AMG1312-T Series’s command line interface. Specify which interfaces allow Telnet access and from which IP address the access can come. Click Maintenance > RemoteMGMT > Telnet tab to display the screen as shown. Figure 122 Maintenance > RemoteMGMT > Telnet The following table describes the labels in this screen.
Chapter 25 Remote Management Use this screen to specify which interfaces allow FTP access and from which IP address the access can come. To change your AMG1312-T Series’s FTP settings, click Maintenance > RemoteMGMT > FTP. The screen appears as shown. Figure 123 Maintenance > RemoteMGMT > FTP The following table describes the labels in this screen. Table 91 Maintenance > RemoteMGMT > FTP LABEL DESCRIPTION Server Port This displays the service port number for accessing the AMG1312-T Series.
Chapter 25 Remote Management Figure 124 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the AMG1312-T Series). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
Chapter 25 Remote Management Figure 125 Maintenance > RemoteMGMT > SNMP The following table describes the labels in this screen. Table 92 Maintenance > RemoteMGMT > SNMP LABEL DESCRIPTION Server Port This displays the port the SNMP agent listens on. If the number is grayed out, it is not editable. Server Access Select the interface(s) through which a computer may access the AMG1312-T Series using this service.
Chapter 25 Remote Management 25.6 The DNS Screen Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Use this screen to set from which IP address the AMG1312-T Series will accept DNS queries and on which interface it can send them your AMG1312-T Series’s DNS settings. This feature is not available when the AMG1312-T Series is set to bridge mode. Click Maintenance > RemoteMGMT > DNS to change your AMG1312-T Series’s DNS settings.
Chapter 25 Remote Management packet from being sent. This keeps outsiders from discovering your AMG1312-T Series when unsupported ports are probed. Note: If you want your device to respond to pings and requests for unauthorized services, you will also need to configure the firewall accordingly by disabling SPI. Figure 127 Maintenance > RemoteMGMT > ICMP The following table describes the labels in this screen.
Chapter 25 Remote Management Figure 128 Maintenance > RemoteMGMT > SSH The following table describes the labels in this screen. Table 95 Maintenance > RemoteMGMT > SSH LABEL DESCRIPTION Server Port This displays the service port number for accessing the AMG1312-T Series. If the number is grayed out, it is not editable. Server Access Select the interface(s) through which a computer may access the AMG1312-T Series using this service.
Chapter 25 Remote Management 2 220 A window displays prompting you to store the host key in your computer. Click Yes to continue. 3 Enter your user name and password. 4 The command line interface displays.
C HAPTER 26 Diagnostic 26.1 Overview These read-only screens display information to help you identify problems with the AMG1312-T Series. 26.1.1 What You Can Do in the Diagnostic Screens • Use the Ping screen (Section 26.2 on page 221) to ping an IP address. • Use the DSL Line screen (Section 26.3 on page 222) to view the DSL line statistics and reset the ADSL line. 26.2 The General Screen Use this screen to ping an IP address. Click Maintenance > Diagnostic > Ping to open the screen shown next.
Chapter 26 Diagnostic 26.3 The DSL Line Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 130 Maintenance > Diagnostic > DSL Line The following table describes the fields in this screen. Table 97 Maintenance > Diagnostic > DSL Line LABEL DESCRIPTION ATM Status Click this to view your DSL connection’s Asynchronous Transfer Mode (ATM) statistics.
Chapter 26 Diagnostic Table 97 Maintenance > Diagnostic > DSL Line (continued) LABEL DESCRIPTION DSL Line Status Click this to view statistics about the DSL connections. noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the AMG1312-T Series from the ISP). It is measured in decibels. The higher the number the more signal and less noise there is.
C HAPTER 27 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • AMG1312-T Series Access and Login • Internet Access 27.1 Power, Hardware Connections, and LEDs The AMG1312-T Series does not turn on. None of the LEDs turn on. 1 Make sure the AMG1312-T Series is turned on.
Chapter 27 Troubleshooting 4 Turn the AMG1312-T Series off and on. 5 If the problem continues, contact the vendor. 27.2 AMG1312-T Series Access and Login I forgot the IP address for the AMG1312-T Series. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the AMG1312T Series by looking up the IP address of the default gateway for your computer.
Chapter 27 Troubleshooting 4 Reset the device to its factory defaults, and try to access the AMG1312-T Series with the default IP address. See Section 1.7 on page 18. 5 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the AMG1312-T Series using another service, such as Telnet.
Chapter 27 Troubleshooting 27.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 27.1 on page 225. 2 Make sure you entered your ISP account information correctly in the wizard. These fields are casesensitive, so make sure [Caps Lock] is not on.
Chapter 27 Troubleshooting 4 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications.
A PPENDIX A Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter and TCP/IP installed. Windows 95/98/Me/NT/2000/XP/Vista, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
Appendix A Setting up Your Computer’s IP Address Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 In the Network window, click Add. 2 Select Protocol and then click Add.
Appendix A Setting up Your Computer’s IP Address Figure 132 Windows 95/98/Me: TCP/IP Properties: IP Address 3 Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Figure 133 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab.
Appendix A Setting up Your Computer’s IP Address • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your AMG1312-T Series and restart your computer when prompted. Verifying Settings 1 Click Start and then Run.
Appendix A Setting up Your Computer’s IP Address Figure 135 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Figure 136 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties.
Appendix A Setting up Your Computer’s IP Address Figure 137 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced.
Appendix A Setting up Your Computer’s IP Address 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add. • In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add. • Repeat the above two steps for each IP address you want to add.
Appendix A Setting up Your Computer’s IP Address Figure 140 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your AMG1312-T Series and restart your computer (if prompted).
Appendix A Setting up Your Computer’s IP Address Figure 141 Windows Vista: Start Menu 2 In the Control Panel, double-click Network and Internet. Figure 142 Windows Vista: Control Panel 3 Click Network and Sharing Center. Figure 143 Windows Vista: Network And Internet 4 Click Manage network connections.
Appendix A Setting up Your Computer’s IP Address 5 Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 145 Windows Vista: Network and Sharing Center 6 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Appendix A Setting up Your Computer’s IP Address • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. Figure 147 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 8 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Appendix A Setting up Your Computer’s IP Address Figure 148 Windows Vista: Advanced TCP/IP Properties 9 In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Appendix A Setting up Your Computer’s IP Address Figure 149 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window. 11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window. 13 Turn on your AMG1312-T Series and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt.
Appendix A Setting up Your Computer’s IP Address Figure 150 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 151 Macintosh OS 8/9: TCP/IP 242 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
Appendix A Setting up Your Computer’s IP Address • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your AMG1312-T Series in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your AMG1312-T Series and restart your computer (if prompted).
Appendix A Setting up Your Computer’s IP Address Figure 153 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your AMG1312-T Series in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your AMG1312-T Series and restart your computer (if prompted).
Appendix A Setting up Your Computer’s IP Address Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 154 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 155 Red Hat 9.
Appendix A Setting up Your Computer’s IP Address 4 If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 156 Red Hat 9.0: KDE: Network Configuration: DNS 5 Click the Devices tab. 6 Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 157 Red Hat 9.
Appendix A Setting up Your Computer’s IP Address Figure 158 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Appendix A Setting up Your Computer’s IP Address Figure 162 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.
A PPENDIX B IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix B IP Addresses and Subnetting Figure 163 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “sub-network”. A subnet mask has 32 bits.
Appendix B IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 99 Subnet Masks BINARY DECIMAL 1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET 8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0 16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0 24-bit mask 11111111 11111111 11111111 00000000 255.255.255.
Appendix B IP Addresses and Subnetting Table 101 Alternative Subnet Mask Notation (continued) SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.224 /27 1110 0000 224 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub-networks.
Appendix B IP Addresses and Subnetting Figure 165 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address.
Appendix B IP Addresses and Subnetting Table 103 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 Table 104 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1.
Appendix B IP Addresses and Subnetting Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 107 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.128 (/25) 2 126 2 255.255.255.192 (/26) 4 62 3 255.255.255.224 (/27) 8 30 4 255.255.255.240 (/28) 16 14 5 255.255.255.248 (/29) 32 6 6 255.255.255.252 (/30) 64 2 7 255.255.255.
Appendix B IP Addresses and Subnetting Once you have decided on the network number, pick an IP address for your AMG1312-T Series that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address. The subnet mask specifies the network number portion of an IP address. Your AMG1312-T Series will compute the subnet mask automatically based on the IP address that you entered.
A PPENDIX C Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix C Pop-up Windows, JavaScripts and Java Permissions Figure 167 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 258 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Appendix C Pop-up Windows, JavaScripts and Java Permissions Figure 168 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites.
Appendix C Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 170 Internet Options: Security 260 2 Click the Custom Level... button. 3 Scroll down to Scripting.
Appendix C Pop-up Windows, JavaScripts and Java Permissions Figure 171 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Appendix C Pop-up Windows, JavaScripts and Java Permissions Figure 172 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix C Pop-up Windows, JavaScripts and Java Permissions Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 174 Mozilla Firefox: Tools > Options Click Content to show the screen below. Select the check boxes as shown in the following screen.
A PPENDIX D Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix D Wireless LANs Figure 177 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix D Wireless LANs Figure 178 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Appendix D Wireless LANs Figure 179 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
Appendix D Wireless LANs Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet. Short preamble increases performance as less time sending preamble means more time for sending data. All IEEE 802.11 compliant wireless adapters support long preamble, but not all support short preamble.
Appendix D Wireless LANs The following figure shows the relative effectiveness of these wireless security methods available on your AMG1312-T Series. Table 110 Wireless Security Levels SECURITY LEVEL Least Secure SECURITY TYPE Unique SSID (Default) Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802.
Appendix D Wireless LANs RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access.
Appendix D Wireless LANs EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses.
Appendix D Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled. Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
Appendix D Wireless LANs called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice.
Appendix D Wireless LANs WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server.
Appendix D Wireless LANs 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. Figure 181 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type.
Appendix D Wireless LANs Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.11a) is needed to communicate efficiently in a wireless LAN Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area. Antenna Gain Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width.
A PPENDIX E IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted.
Appendix E IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. It is similar to “0.0.0.0” in IPv4. Loopback Address A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1” in IPv4.
Appendix E IPv6 Table 115 Reserved Multicast Address (continued) MULTICAST ADDRESS FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Appendix E IPv6 address which combines its interface ID and global and subnet information advertised from the router. This is a routable global IP address. DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration information to DHCP clients. DHCPv6 servers and clients exchange DHCP messages using UDP.
Appendix E IPv6 such as the system name. The interface-ID option provides slot number, port information and the VLAN ID to the DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply messages before the relay agent sends the packets to the clients. The DHCP server copies the interface-ID option from the Relay-Forward message into the Relay-Reply message and sends it to the relay agent. The interface-ID should not change even after the relay agent restarts.
Appendix E IPv6 On the AMG1312-T Series, you can either set up a configured tunnel or an automatic 6to4 tunnel. The following describes each method. Configured Tunnel A configured tunnel is a point-to-point tunnelling mechanism that encapsulates an IPv6 address with an IPv4 address. Routers (A and B) on both IPv6 networks (1 and 2) each must have an interface that connects to the IPv4 network (with an IPv4 address). This allows the router to send and receive IPv6 data over the IPv4 network.
Appendix E IPv6 For example, if you have an IPv4 address of 192.168.1.1 (first converted to binary notation and then to the colon hexadecimal representation of c0a8:0101), then the 6to4 addresses is 2002:c0a8:0101::1/ 64. Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses. C:\>
Appendix E IPv6 5 Click Start and then OK. 6 Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable IPv6 in Windows 7: 284 1 Select Control Panel > Network and Sharing Center > Local Area Connection. 2 Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. 3 Click OK to save the change.
Appendix E IPv6 4 Click Close to exit the Local Area Connection Status screen. 5 Select Start > All Programs > Accessories > Command Prompt. 6 Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS IPv6 Address. . . . . . Link-local IPv6 Address IPv4 Address. . . . . . Subnet Mask . . . . . .
A PPENDIX F Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.
Appendix F Services Table 116 Examples of Services NAME PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service. AIM TCP 5190 AOL’s Internet Messenger service. AUTH TCP 113 Authentication protocol used by some servers. BGP TCP 179 Border Gateway Protocol. BOOTP_CLIENT UDP 68 DHCP Client. BOOTP_SERVER UDP 67 DHCP Server.
Appendix F Services Table 116 Examples of Services (continued) 288 NAME PROTOCOL PORT(S) DESCRIPTION NEW-ICQ TCP 5190 An Internet chat program. NEWS TCP 144 A protocol for news groups. NFS UDP 2049 Network File System - NFS is a client/ server distributed file service that provides transparent file sharing for network environments. NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.
Appendix F Services Table 116 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SQL-NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. SSDP UDP 1900 The Simple Service Discovery Protocol supports Universal Plug-and-Play (UPnP). SSH TCP/UDP 22 Secure Shell Remote Login Program. STRM WORKS UDP 1558 Stream Works Protocol.
A PPENDIX G Legal Information Copyright Copyright © 2013 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix G Legal Information Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications Go to www.zyxel.com to view the product’s documents and certifications.
Appendix G Legal Information [Hungarian] Alulírott, ZyXEL nyilatkozom, hogy a berendezés megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EK irányelv egyéb elõírásainak. [Polish] Niniejszym ZyXEL oświadcza, że sprzęt jest zgodny z zasadniczymi wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC. [Portuguese] ZyXEL declara que este equipamento está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/EC.
Appendix G Legal Information This product meets the National Radio Interface and the requirements specified in the National Frequency Allocation Table for Italy. Unless this wireless LAN product is operating within the boundaries of the owner's property, its use requires a “general authorization.” Please check http://www.sviluppoeconomico.gov.it/ for more details.
Index Index Numbers B 802.
Index CWMP 200 DHCP 119 IP alias 121 IP precedence 143 IP/MAC filter 164 port forwarding 149 reset 208 restoring 208 static route 133, 135 WAN 69 wizard 28 dynamic DNS 161 activation 162 wildcard 161 activation 162 Dynamic Host Configuration Protocol, see DHCP dynamic WEP key exchange 271 DYNDNS wildcard 161 activation 162 connection nailed-up 84 E copyright 290 EAP Authentication 270 CPE WAN Management Protocol, see CWMP encapsulation 68, 71, 78 ENET ENCAP 83 PPPoA 83 PPPoE 83 RFC 1483 83 CTS (Cle
Index logs 175 P2P 180 packet direction 172 Ping of Death 169 rules 181 security 182 SYN attack 169 three-way handshake 179 triangle route 183 solutions 184 firmware 205 forwarding ports 148, 149 activation 151 configuration 149 example 149 rules 150 fragmentation threshold 101, 104, 267 FTP 14, 213 G Independent Basic Service Set See IBSS 264 initialization vector (IV) 273 Inside Global Address, see IGA Inside Local Address, see ILA Internet Control Message Protocol, see ICMP Internet Protocol version 6
Index subnet mask 116, 129 LAND attack 169 limitations wireless LAN 106 WPS 113 Local Area Network, see LAN login passwords 19 logout 20 automatic 20 logs 194 firewalls 175 M MAC 65 MAC address 96, 120 filter 96, 105 MAC authentication 96 Management Information Base (MIB) 215 managing the device using FTP. See FTP.
Index summary screen 159 ICMP 217 limitations 211 NAT 211 SSH 218 Telnet 213 WWW 211 port forwarding 148, 149 activation 151 configuration 149 example 149 rules 150 PPPoA 71, 78, 83 reset 18, 208 PPPoE 71, 78, 83 restart 209 preamble 101, 104 restoring configuration 208 preamble mode 268 RFC 1483 71, 78, 83 private IP address 129 RFC 3164 194 probing, firewalls 170 RIP 74, 130 product registration 291 Routing Information Protocol, see RIP PSK 273 push button 17 RTS (Request To Send) 267 th
Index versions 214 trusted CAs, and certificates 191 SPI 169 SSH 218 SSID 105 activation 94 MBSSID 107 static route 132 configuration 133, 135 example 132 status 63 ATM 222 DSL connections 223 WPS 98 U UBR 74, 79, 86 unicast 69 Universal Plug and Play, see UPnP upgrading firmware 205 UPnP 121 cautions 117 NAT traversal 116 subnet 249 URL 163 subnet mask 116, 129, 250 URL filter URL 163 subnetting 252 Sustain Cell Rate, see SCR SYN attack 169 syslog protocol 194 severity levels 194 V system 202 fi
Index setup 69 traffic shaping 85 example 85 VCI 71, 78, 84 VPI 71, 78, 84 warranty 291 note 291 WDS 99, 108 compatibility 99 example 108 Web Configurator 19 web configurator 14 passwords 19 WEP 106 WEP Encryption 91, 92 WEP encryption 91 WEP key 91 Wide Area Network, see WAN WiFi Protected Access 272 WiFi Protected Setup, see WPS wireless client configuration 42 wireless client WPA supplicants 273 Wireless Distribution System, see WDS wireless LAN 87, 102 authentication 104, 105 BSS 107 example 107 channe