Chapter 10 Quality of Service (QoS) Token Bucket The token bucket algorithm uses tokens in a bucket to control when traffic can be transmitted. The bucket stores tokens, each of which represents one byte. The algorithm allows bursts of up to b bytes which is also the bucket size, so the bucket can hold up to b tokens. Tokens are generated and added into the bucket at a constant rate.
Chapter 10 Quality of Service (QoS) • If there are not enough tokens in the CBS bucket, the EMG checks the EBS bucket. The packet is marked yellow if there are sufficient tokens in the EBS bucket. Otherwise, the packet is marked red. No tokens are removed if the packet is dropped.
CHAPTER 11 Network Address Translation (NAT) 11.1 Overview This chapter discusses how to configure NAT on the EMG. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 11.1.
Chapter 11 Network Address Translation (NAT) NAT In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Chapter 11 Network Address Translation (NAT) Figure 91 Multiple Servers Behind NAT Example Click Network Setting > NAT > Port Forwarding to open the following screen. See Appendix D on page 304 for port numbers commonly used for particular services. Figure 92 Network Setting > NAT > Port Forwarding The following table describes the fields in this screen. Table 51 Network Setting > NAT > Port Forwarding LABEL DESCRIPTION Add New Rule Click this to add a new rule.
Chapter 11 Network Address Translation (NAT) Table 51 Network Setting > NAT > Port Forwarding (continued) LABEL DESCRIPTION Protocol This shows the IP protocol supported by this virtual server, whether it is TCP, UDP, or TCP/UDP. Modify Click the Edit icon to edit this rule. Click the Delete icon to delete an existing rule. 11.2.1 Add/Edit Port Forwarding Click Add New Rule in the Port Forwarding screen or click the Edit icon next to an existing rule to open the following screen.
Chapter 11 Network Address Translation (NAT) Table 52 Port Forwarding: Add/Edit (continued) LABEL DESCRIPTION Start Port Enter the original destination port for the packets. To forward only one port, enter the port number again in the End Port field. To forward a series of ports, enter the start port number here and the end port number in the End Port field. End Port Enter the last port of the original destination port range.
Chapter 11 Network Address Translation (NAT) The following table describes the labels in this screen. Table 53 Network Setting > NAT > Applications LABEL DESCRIPTION Add New Application Click this to add a new NAT application rule. Application Forwarded This field shows the type of application that the service forwards. WAN Interface This field shows the WAN interface through which the service is forwarded. Server IP Address This field displays the destination IP address for the service.
Chapter 11 Network Address Translation (NAT) 11.4 The Port Triggering Screen Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address.
Chapter 11 Network Address Translation (NAT) Figure 97 Network Setting > NAT > Port Triggering The following table describes the labels in this screen. Table 55 Network Setting > NAT > Port Triggering LABEL DESCRIPTION Add New Rule Click this to create a new rule. # This is the index number of the entry. Status This field displays whether the port triggering rule is active or not. A yellow bulb signifies that this rule is active. A gray bulb signifies that this rule is not active.
Chapter 11 Network Address Translation (NAT) Figure 98 Port Triggering: Add/Edit The following table describes the labels in this screen. Table 56 Port Triggering: Configuration Add/Edit LABEL DESCRIPTION Active Select to enable or disable this rule. Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on). WAN Interface Select a WAN interface for which you want to configure port triggering rules.
Chapter 11 Network Address Translation (NAT) Figure 99 Network Setting > NAT > DMZ The following table describes the fields in this screen. Table 57 Network Setting > NAT > DMZ LABEL DESCRIPTION Default Server Address Enter the IP address of the default server which receives packets from ports that are not specified in the NAT Port Forwarding screen.
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 58 Network Setting > NAT > ALG LABEL DESCRIPTION NAT ALG Enable this to make sure applications such as FTP and file transfer in IM applications work correctly with port-forwarding and address-mapping rules. SIP ALG Enable this to make sure SIP (VoIP) works correctly with port-forwarding and address-mapping rules.
Chapter 11 Network Address Translation (NAT) Table 59 Network Setting > NAT > Address Mapping (continued) LABEL DESCRIPTION Type This is the address mapping type. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. Many-to-One: This mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e.
Chapter 11 Network Address Translation (NAT) Table 60 Address Mapping: Add/Edit (continued) LABEL DESCRIPTION Local End IP Enter the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This field is blank for One-to-One mapping types. Global Start IP Enter the starting Inside Global IP Address (IGA). Enter 0.0.0.
Chapter 11 Network Address Translation (NAT) 11.9.1 NAT Definitions Inside/outside denotes where a host is located relative to the EMG, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Chapter 11 Network Address Translation (NAT) 11.9.3 How NAT Works Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN.
Chapter 11 Network Address Translation (NAT) Figure 105 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers.
Chapter 11 Network Address Translation (NAT) Port Forwarding Example Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet.
CHAPTER 12 Dynamic DNS Setup 12.1 Overview DNS DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list.
Chapter 12 Dynamic DNS Setup If you have a private WAN IP address, then you cannot use Dynamic DNS. 12.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the EMG. Click Network Setting > DNS to open the DNS Entry screen. Figure 107 Network Setting > DNS > DNS Entry The following table describes the fields in this screen. Table 64 Network Setting > DNS > DNS Entry LABEL DESCRIPTION Add New DNS Entry Click this to create a new DNS entry. # This is the index number of the entry.
Chapter 12 Dynamic DNS Setup The following table describes the labels in this screen. Table 65 DNS Entry: Add/Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry. IPv4 Address Enter the IPv4 address of the DNS entry. OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. 12.3 The Dynamic DNS Screen Use this screen to change your EMG’s DDNS. Click Network Setting > DNS > Dynamic DNS. The screen appears as shown.
Chapter 12 Dynamic DNS Setup Table 66 Network Setting > DNS > > Dynamic DNS (continued) LABEL DESCRIPTION Enable Wildcard Option Select the check box to enable DynDNS Wildcard. Enable Off Line Option (Only applies to custom DNS) Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line. Dynamic DNS Status User Authentication Result This shows Success if the account is correctly set up with the Dynamic DNS provider account.
CHAPTER 13 IGMP/MLD 13.1 Overview Use the IGMP/MLD screen to configure IGMP/MLD group settings. 13.1.1 What You Need To Know Multicast and IGMP See Multicast on page 75 for more information. Multicast Listener Discovery (MLD) The Multicast Listener Discovery (MLD) protocol (defined in RFC 2710) is derived from IPv4's Internet Group Management Protocol version 2 (IGMPv2). MLD uses ICMPv6 message types, rather than IGMP message types. MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3.
Chapter 13 IGMP/MLD Figure 110 Network Setting > IGMP/MLD The following table describes the labels in this screen. Table 67 Network Setting > IGMP/MLD LABEL DESCRIPTION IGMP/MLD Configuration Default Version Enter the version of IGMP (1~3) and MLD (1~2) that you want the EMG to use on the WAN. Query Interval Enter the number of seconds the EMG sends a query message to hosts to get the group membership information.
Chapter 13 IGMP/MLD Table 67 Network Setting > IGMP/MLD (continued) LABEL DESCRIPTION Fast Leave Enable Select this option to set the EMG to remove a port from the multicast tree immediately (without sending an IGMP or MLD membership query message) once it receives an IGMP or MLD leave message. This is helpful if a user wants to quickly change a TV channel (multicast group change) especially for IPTV applications.
CHAPTER 14 VLAN Group 14.1 Overview Virtual LAN IDs are used to identify different traffic types over the same physical link. In the following example, the EMG can use VLAN IDs (VID) 100 and 200 to identify Video-on-Demand and IPTV traffic respectively coming from the two VoD and IPTV multicast servers. The EMG can also tag outgoing requests to these servers with these VLAN IDs. Figure 111 VLAN Group Example 14.1.
Chapter 14 VLAN Group The following table describes the fields in this screen. Table 68 Network Setting > Vlan Group LABEL DESCRIPTION Add New VLAN Group Click this button to create a new VLAN group. # This is the index number of the VLAN group. Group Name This shows the descriptive name of the VLAN group. VLAN ID This shows the unique ID number that identifies the VLAN group.
CHAPTER 15 Interface Grouping 15.1 Overview By default, all LAN and WAN interfaces on the EMG are in the same group and can communicate with each other. Create interface groups to have the EMG assign the IP addresses in different domains to different groups. Each group acts as an independent network on the EMG. This lets devices connected to an interface group’s LAN interfaces communicate through the interface group’s WAN or LAN interfaces but not other WAN or LAN interfaces. 15.1.
Chapter 15 Interface Grouping Figure 114 Interface Grouping Application Click Network Setting > Interface Grouping to open the following screen. Figure 115 Network Setting > Interface Grouping The following table describes the fields in this screen. Table 70 Network Setting > Interface Grouping LABEL DESCRIPTION Add New Interface Group Click this button to create a new interface group. Group Name This shows the descriptive name of the group.
Chapter 15 Interface Grouping Figure 116 Interface Group Configuration The following table describes the fields in this screen. Table 71 Interface Group Configuration LABEL DESCRIPTION Group Name Enter a name to identify this group. You can enter up to 30 characters. You can use letters, numbers, hyphens (-) and underscores (_). Spaces are not allowed. WAN Interfaces used in the grouping Select the WAN interface this group uses. The group can have up to one ETH interface.
Chapter 15 Interface Grouping Table 71 Interface Group Configuration (continued) LABEL DESCRIPTION Automatically Add Clients With the following DHCP Vendor IDs Click Add to identify LAN hosts to add to the interface group by criteria such as the type of the hardware or firmware. See Section 15.2.2 on page 182 for more information. # This shows the index number of the rule. Filter Criteria This shows the filtering criteria.
Chapter 15 Interface Grouping Table 72 Interface Grouping Criteria (continued) LABEL DESCRIPTION Enterprise Number Enter the vendor’s 32-bit enterprise number registered with the IANA (Internet Assigned Numbers Authority). Manufactur er OUI Specify the vendor’s OUI (Organization Unique Identifier). It is usually the first three bytes of the MAC address. Serial Number Enter the serial number of the device. Product Class Enter the product class of the device.
CHAPTER 16 Home Connectivity 16.1 Overview One Connect is a Zyxel-proprietary feature. It complies with the IEEE 1905.1 standard and allows autodetection and auto-configuration. Auto-configuration enables the Multy-Pro-supported extenders to use the same wireless settings as the controller, the EMG, in a MESH network. See Section 7.7 on page 87 for more information about Zyxel MESH (Multy Pro).
CHAPTER 17 Firewall 17.1 Overview This chapter shows you how to enable and configure the EMG’s security settings. Use the firewall to protect your EMG and network from attacks by hackers on the Internet and control access to it. By default the firewall: • allows traffic that originates from your LAN computers to go to all other networks. • blocks traffic that originates on other networks from going to the LAN. The following figure illustrates the default firewall action.
Chapter 17 Firewall 17.1.2 What You Need to Know SYN Attack A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYNACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer terminates the three-way handshake.
Chapter 17 Firewall Figure 121 Security > Firewall > General The following table describes the labels in this screen. Table 73 Security > Firewall > General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the EMG. Low Select Low to allow LAN to WAN and WAN to LAN packet directions. Medium Select Medium to allow LAN to WAN but deny WAN to LAN packet directions. High Select High to deny LAN to WAN and WAN to LAN packet directions.
Chapter 17 Firewall Figure 122 Security > Firewall > Protocol The following table describes the labels in this screen. Table 74 Security > Firewall > Protocol LABEL DESCRIPTION Add New Protocol Entry Click this to add a new service. Name This is the name of your customized service. Description This is the description of your customized service. Ports/Protocol Number This shows the IP protocol (TCP, UDP, ICMP, or TCP/UDP) and the port number or range of ports that defines your customized service.
Chapter 17 Firewall Table 75 Security > Firewall > Protocol: Add/Edit (continued) LABEL DESCRIPTION Protocol Choose the IP protocol (TCP, UDP, ICMP, ICMPv6 or Other) that defines your customized port from the drop-down list box. Select Other to be able to enter a protocol number. Source/ Destination Port These fields are displayed if you select TCP or UDP as the IP port. Select Single to specify one port only or Range to specify a span of ports that define your customized service.
Chapter 17 Firewall Table 76 Security > Firewall > Access Control (continued) LABEL DESCRIPTION Action This field displays whether the rule silently discards packets (DROP), discards packets and sends a TCP reset packet or an ICMP destination-unreachable message to the sender (REJECT) or allows the passage of packets (ACCEPT). Modify Click the Edit icon to edit the rule. Click the Delete icon to delete an existing rule. Note that subsequent rules move up by one when you take this action.
Chapter 17 Firewall Table 77 Access Control: Add/Edit (continued) LABEL DESCRIPTION Destination IP Address Enter the destination IP address. IP Type Select whether your IP type is IPv4 or IPv6. Select Service Select the transport layer protocol that defines your customized port from the drop-down list box. If you want to configure a customized protocol, select Specific Service. Protocol This field is displayed only when you select Specific Protocol in Select Protocol.
Chapter 17 Firewall The following table describes the labels in this screen. Table 78 Security > Firewall > DoS LABEL DESCRIPTION DoS Protection Blocking Select Enable to enable protection against DoS attacks. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
CHAPTER 18 MAC Filter 18.1 Overview You can configure the EMG to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. 18.
Chapter 18 MAC Filter The following table describes the labels in this screen. Table 79 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate the MAC filter function. MAC Restrict Mode Select Allow to only permit the listed MAC addresses access to the EMG. Select Deny to permit anyone access to the EMG except the listed MAC addresses. Set This is the index number of the MAC address. Active Select Active to enable the MAC filter rule.
CHAPTER 19 Parental Control 19.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the EMG performs parental control on a specific user. 19.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules. Note: When One Connect (See Chapter 16 on page 184) and MESH (See Section 7.
Chapter 19 Parental Control Table 80 Security > Parental Control (continued) LABEL DESCRIPTION Home Network User MAC This shows the MAC address of the LAN user’s computer to which this rule applies. Internet Access Schedule This shows the day(s) and time on which parental control is enabled. Network Service This shows whether the network service is configured. If not, None will be shown. Website Blocked This shows whether the website block is configured. If not, None will be shown.
Chapter 19 Parental Control The following table describes the fields in this screen. Table 81 Parental Control Rule: Add/Edit LABEL DESCRIPTION General Active Select to enable or disable this parental control rule. Parental Control Profile Name Enter a descriptive name for the rule. Home Network User Select the LAN user that you want to apply this rule to from the drop-down list box. If you select Custom, enter the LAN user’s MAC address. If you select All, the rule applies to all LAN users.
Chapter 19 Parental Control The following table describes the fields in this screen. Table 82 Parental Control Rule: Add/Edit > Add New Service LABEL DESCRIPTION Service Name Select the name of the service. Otherwise, select User Define and manualy specify the protocol and the port of the service. If you have chosen a pre-defined service in the Service Name field, this field will not be configurable. Protocol Select the transport layer protocol used for the service. Choices are TCP, UDP, or TCP & UDP.
CHAPTER 20 Scheduler Rule 20.1 Overview You can define time periods and days during which the EMG performs scheduled rules of certain features (such as Firewall Access Control) in the Scheduler Rule screen. 20.2 The Scheduler Rule Screen Use this screen to view, add, or edit time schedule rules. Click Security > Scheduler Rule to open the following screen. Figure 132 Security > Scheduler Rule The following table describes the fields in this screen.
Chapter 20 Scheduler Rule Figure 133 Scheduler Rule: Add/Edit The following table describes the fields in this screen. Table 85 Scheduler Rule: Add/Edit LABEL DESCRIPTION Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this schedule. Day Select check boxes for the days that you want the EMG to perform this scheduler rule. Time of Day Range Enter the time period of each day, in 24-hour format, during which the rule will be enforced.
CHAPTER 21 Certificates 21.1 Overview The EMG can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 21.1.1 What You Can Do in this Chapter • Use the Local Certificates screen to generate certification requests and import the EMG's CA-signed certificates (Section 21.4 on page 204).
Chapter 21 Certificates Figure 134 Security > Certificates > Local Certificates The following table describes the labels in this screen. Table 86 Security > Certificates > Local Certificates LABEL DESCRIPTION Private Key is protected by a password Select the checkbox and enter the private key into the text box to store it on the EMG. The private key should not exceed 63 ASCII characters (not including spaces). Choose File Click this to find the certificate file you want to upload.
Chapter 21 Certificates Figure 135 Create Certificate Request The following table describes the labels in this screen. Table 87 Create Certificate Request LABEL DESCRIPTION Certificate Name Type up to 63 ASCII characters (not including spaces) to identify this certificate. Common Name Select Auto to have the EMG configure this field automatically. Or select Customize to enter it manually. Type the IP address (in dotted decimal notation), domain name or e-mail address in the field provided.
Chapter 21 Certificates Figure 136 Certificate Request: View The following table describes the fields in this screen. Table 88 Certificate Request: View LABEL DESCRIPTION Name This field displays the identifying name of this certificate. Type This field displays general information about the certificate. ca means that a Certification Authority signed the certificate.
Chapter 21 Certificates Figure 137 Security > Certificates > Trusted CA The following table describes the fields in this screen. Table 89 Security > Certificates > Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority that you trust to the EMG. # This is the index number of the entry. Name This field displays the name used to identify this certificate.
Chapter 21 Certificates Figure 138 Trusted CA: View The following table describes the fields in this screen. Table 90 Trusted CA: View LABEL Name DESCRIPTION This field displays the identifying name of this certificate. This read-only text box displays the certificate in Privacy Enhanced Mail (PEM) format. PEM uses base 64 to convert the binary certificate into a printable form.
Chapter 21 Certificates Figure 139 Trusted CA: Import Certificate The following table describes the fields in this screen. Table 91 Trusted CA: Import Certificate LABEL DESCRIPTION Certificate File Path Type in the location of the certificate you want to upload in this field or click Choose File to find it. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
CHAPTER 22 Voice See Table 1 on page 17 for the feature difference. 22.1 Overview Use this chapter to: • Connect an analog phone to the EMG. • Configure settings such as speed dial. • Configure network settings to optimize the voice quality of your phone calls. 22.1.1 What You Can Do in this Chapter These screens allow you to configure your EMG to make phone calls over the Internet and your regular phone line, and to set up the phones you connect to the EMG. • Use the SIP Account screen (Section 22.
Chapter 22 Voice SIP SIP stands for Session Initiation Protocol. SIP is a signaling standard that lets one network device (like a computer or the EMG) send messages to another. In VoIP, these messages are about phone calls over the network. For example, when you dial a number on your EMG, it sends a SIP message over the network asking the other device (the number you dialed) to take part in the call. SIP Accounts A SIP account is a type of VoIP account.
Chapter 22 Voice Figure 140 VoIP > SIP > SIP Account Each field is described in the following table. Table 92 VoIP > SIP > SIP Account LABEL DESCRIPTION Add new account Click this to configure a SIP account. # This is the index number of the entry. Enable This shows whether the SIP account is activated or not. A yellow bulb signifies that this SIP account is activated. A gray bulb signifies that this SIP account is not activated. SIP Account This shows the name of the SIP account.
Chapter 22 Voice Figure 141 VoIP > SIP > SIP Account > Add new account/Edit EMG6726/8726-B10A User’s Guide 211
Chapter 22 Voice Each field is described in the following table. Table 93 VoIP > SIP > SIP Account > Add new account/Edit LABEL DESCRIPTION SIP Account Selection SIP Account Selection This field displays ADD_NEW if you are creating a new SIP account or the SIP account you are modifying. SIP Service Provider Association SIP Account Associated with Select the SIP service provider profile to use for the SIP account you are configuring in this screen.
Chapter 22 Voice Table 93 VoIP > SIP > SIP Account > Add new account/Edit (continued) LABEL DESCRIPTION Enable G.168 (Echo Cancellation) Select this if you want to eliminate the echo caused by the sound of your voice reverberating in the telephone receiver while you talk. Enable VAD (Voice Active Detector) Select this if the EMG should stop transmitting when you are not speaking. This reduces the bandwidth the EMG uses.
Chapter 22 Voice Table 93 VoIP > SIP > SIP Account > Add new account/Edit (continued) LABEL DESCRIPTION Warm Line Timer Enter a number of seconds that the EMG waits before dialing the warm line number if you pick up the telephone and do not press any keys on the keypad. Enable Missed Call Email Notification Select this option to have the EMG email you a notification when there is a missed call. Mail Account Select a mail account for the email address specified below.
Chapter 22 Voice Table 94 VoIP > SIP > SIP Service Provider (continued) LABEL DESCRIPTION REGISTER Server Address This shows the IP address or domain name of the SIP register server. SIP Service Domain This shows the SIP service domain name. Modify Click the Edit icon to configure the SIP service provider. Click the Delete icon to delete this SIP service provider from the EMG. 22.4.1 SIP Service Provider Add/Edit Use this screen to configure a SIP service provider on the EMG.
Chapter 22 Voice Figure 143 VoIP > SIP > SIP Service Provider > Add New Provider/Edit EMG6726/8726-B10A User’s Guide 216
Chapter 22 Voice Each field is described in the following table. Table 95 VoIP > SIP > SIP Service Provider > Add new provider/Edit LABEL DESCRIPTION SIP Service Provider Selection Service Provider Selection Select the SIP service provider profile you want to use for the SIP account you configure in this screen. If you change this field, the screen automatically refreshes. General SIP Service Provider Select this to enable the SIP service provider.
Chapter 22 Voice Table 95 VoIP > SIP > SIP Service Provider > Add new provider/Edit (continued) LABEL DESCRIPTION Use DHCP Option 120 First Select this to enable the SIP server via DHCP option 120. RTP Port Range Start Port End Port Enter the listening port number(s) for RTP traffic, if your VoIP service provider gave you this information. Otherwise, keep the default values. To enter one port number, enter the port number in the Start Port and End Port fields.
Chapter 22 Voice Table 95 VoIP > SIP > SIP Service Provider > Add new provider/Edit (continued) LABEL DESCRIPTION SIP DSCP Mark Setting Enter the DSCP (DiffServ Code Point) number for SIP message transmissions. The EMG creates Class of Service (CoS) priority tags with this number to SIP traffic that it transmits. RTP DSCP Mark Setting Enter the DSCP (DiffServ Code Point) number for RTP voice transmissions.
Chapter 22 Voice Each field is described in the following table. Table 96 VoIP > Phone > Phone Device LABEL DESCRIPTION # This displays the index number of the phone device. Phone ID This field displays the name of a phone port on the EMG. Internal Number This field displays the internal call prefix of a phone port on the EMG. Incoming SIP Number This field displays the SIP number that you use to receive calls on this phone port.
Chapter 22 Voice Table 97 VoIP > Phone > Phone Device > Edit LABEL DESCRIPTION Immediate Dial Enable Select this if you want to use the pound key (#) to tell the EMG to make the phone call immediately, instead of waiting the number of seconds you selected in the Dialing Interval Selection field of the VoIP > SIP > SIP Service Provider > Add New Provider/Edit screen. If you select this, dial the phone number, and then press the pound key. The EMG makes the call immediately, instead of waiting.
Chapter 22 Voice Figure 147 VoIP > Call Rule Each field is described in the following table. Table 99 VoIP > Call Rule LABEL DESCRIPTION Clear All Speed Dials Click this to erase all the speed-dial entries on this screen. Keys This field displays the speed-dial number you should dial to use this entry. Number Enter the SIP number you want the EMG to call when you dial the speed-dial number. Description Enter a name to identify the party you call when you dial the speed-dial number.
Chapter 22 Voice SIP signaling is separate from the media for which it handles sessions. The media that is exchanged during the session can use a different path from that of the signaling. SIP handles telephone calls and can interface with traditional circuit-switched telephone networks. SIP Identities A SIP account uses an identity (sometimes referred to as a SIP address). A complete SIP identity is called a SIP URI (Uniform Resource Identifier).
Chapter 22 Voice SIP Servers SIP is a client-server protocol. A SIP client is an application program or device that sends SIP requests. A SIP server responds to the SIP requests. When you use SIP to make a VoIP call, it originates at a client and terminates at a server. A SIP client could be a computer or a SIP phone. One device can act as both a SIP client and a SIP server. SIP User Agent A SIP user agent can make and receive VoIP telephone calls.
Chapter 22 Voice SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server. Redirect servers do not initiate SIP requests. In the following example, you want to use client device A to call someone who is using client device C.
Chapter 22 Voice SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call. A calls B. Table 100 SIP Call Progression A B 1. INVITE 2. Ringing 3. OK 4. ACK 5.Dialogue (voice traffic) 6. BYE 7. OK 1 A sends a SIP INVITE request to B. This message is an invitation for B to participate in a SIP telephone call. 2 B sends a response indicating that the telephone is ringing. 3 B sends an OK response after the call is answered.
Chapter 22 Voice Figure 151 SIP Call Through Proxy Servers DSL DSL The following table shows the SIP call progression. Table 101 SIP Call Progression UA 1 PROXY 1 PROXY 2 UA 2 Invite Invite 100 Trying Invite 100 Trying 180 Ringing 180 Ringing 180 Ringing 200 OK 200 OK 200 OK ACK RTP RTP BYE 200 OK 1 User Agent 1 sends a SIP INVITE request to Proxy 1. This message is an invitation to User Agent 2 to participate in a SIP telephone call.
Chapter 22 Voice 4 User Agent 2 sends a response back to Proxy 2 indicating that the phone is ringing. The response is relayed back to User Agent 1 via Proxy 1. 5 User Agent 2 sends an OK response to Proxy 2 after the call is answered. This is also relayed back to User Agent 1 via Proxy 1. 6 User Agent 1 and User Agent 2 exchange RTP packets containing voice data directly, without involving the proxies. 7 When User Agent 2 hangs up, he sends a BYE request.
Chapter 22 Voice Custom Tones (IVR) IVR (Interactive Voice Response) is a feature that allows you to use your telephone to interact with the EMG. The EMG allows you to record custom tones for the Early Media and Music On Hold functions. The same recordings apply to both the caller ringing and on hold tones.
Chapter 22 Voice You can continue to add, listen to, or delete tones, or you can hang up the receiver when you are done. 22.8.1 Quality of Service (QoS) Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to provide bandwidth for real-time multimedia applications.
Chapter 22 Voice • Call Return • Call Hold • Call Waiting • Making a Second Call • Call Transfer • Call Forwarding • Three-Way Conference • Internal Calls • Call Park and Pickup • Do not Disturb • IVR • Call Completion • CCBS • Outgoing SIP Note: To take full advantage of the supplementary phone services available through the EMG's phone ports, you may need to subscribe to the services from your VoIP service provider. 22.8.2.
Chapter 22 Voice Table 103 European Flash Key Commands COMMAND SUB-COMMAND DESCRIPTION Flash 2 1. Switch back and forth between two calls. 2. Put a current call on hold to answer an incoming call. 3. Separate the current three-way conference call into two individual calls (one is on-line, the other is on hold). Flash 3 Create three-way conference connection. Flash *98# Transfer the call to another phone.
Chapter 22 Voice European Three-Way Conference Use the following steps to make three-way conference calls. 1 When you are on the phone talking to someone, press the flash key to put the caller on hold and get a dial tone. 2 Dial a phone number directly to make another call. 3 When the second call is answered, press the flash key and press “3” to create a three-way conversation. 4 Hang up the phone to drop the connection.
Chapter 22 Voice 1 Press the flash key to put the caller on hold. 2 When you hear the dial tone, dial “*98#” followed by the number to which you want to transfer the call. 3 After you hear the ring signal or the second party answers it, hang up the phone. USA Three-Way Conference Use the following steps to make three-way conference calls. 1 When you are on the phone talking to someone (party A), press the flash key to put the caller on hold and get a dial tone.
CHAPTER 23 Log 23.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the EMG log and then display the logs or have the EMG send them to an administrator (as e-mail) or to a syslog server. 23.1.1 What You Can Do in this Chapter • Use the System Log screen to see the system logs (Section 23.2 on page 236). • Use the Security Log screen to see the security-related logs for the categories that you select (Section 23.3 on page 236). 23.1.
Chapter 23 Log Table 106 Syslog Severity Levels CODE SEVERITY 5 Notice: There is a normal but significant condition on the system. 6 Informational: The syslog contains an informational message. 7 Debug: The message is intended for debug-level purposes. 23.2 The System Log Screen Use the System Log screen to see the system logs. Click System Monitor > Log to open the System Log screen. Figure 153 System Monitor > Log > System Log The following table describes the fields in this screen.
Chapter 23 Log Figure 154 System Monitor > Log > Security Log The following table describes the fields in this screen. Table 108 System Monitor > Log > Security Log LABEL DESCRIPTION Level Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the EMG searches through all logs of that severity or higher. Category Select the type of logs to display. Clear Log Click this to delete all the logs.
CHAPTER 24 Traffic Status 24.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. 24.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 24.2 on page 238). • Use the LAN screen to view the LAN traffic statistics (Section 24.3 on page 239). • Use the NAT screen to view the NAT status of the EMG’s client(s) (Section 24.4 on page 240) 24.
Chapter 24 Traffic Status The following table describes the fields in this screen. Table 109 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Refresh Interval Select how often you want the EMG to update this screen. Connected Interface This shows the name of the WAN interface that is currently connected. Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface.
Chapter 24 Traffic Status Figure 156 System Monitor > Traffic Status > LAN The following table describes the fields in this screen. Table 110 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Refresh Interval Select how often you want the EMG to update this screen. Interface This shows the LAN or WLAN interface. Bytes Sent This indicates the number of bytes transmitted on this interface. Bytes Received This indicates the number of bytes received on this interface.
Chapter 24 Traffic Status Figure 157 System Monitor > Traffic Status > NAT The following table describes the fields in this screen. Table 111 System Monitor > Traffic Status > NAT LABEL DESCRIPTION Refresh Interval Select how often you want the EMG to update this screen. Device Name This displays the name of the connected host. IPv4 Address This displays the IP address of the connected host. MAC Address This displays the MAC address of the connected host. No.
CHAPTER 25 ARP Table 25.1 Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP Table maintains an association between each MAC address and its corresponding IP address. 25.1.
Chapter 25 ARP Table The following table describes the labels in this screen. Table 112 System Monitor > ARP Table LABEL DESCRIPTION # This is the ARP table entry number. IPv4/IPv6 Address This is the learned IPv4 or IPv6 address of a device connected to a port. MAC Address This is the MAC address of the device with the listed IP address. Device This is the type of interface used by the device.
CHAPTER 26 Routing Table 26.1 Overview Routing is based on the destination address only and the EMG takes the shortest path to forward a packet. 26.2 The Routing Table Screen Click System Monitor > Routing Table to open the following screen. Figure 159 System Monitor > Routing Table The following table describes the labels in this screen.
Chapter 26 Routing Table Table 113 System Monitor > Routing Table (continued) LABEL DESCRIPTION Flag This indicates the route status. U-Up: The route is up. !-Reject: The route is blocked and will force a route lookup to fail. G-Gateway: The route uses a gateway to forward traffic. H-Host: The target of the route is a host. R-Reinstate: The route is reinstated for dynamic routing. D-Dynamic (redirect): The route is dynamically installed by a routing daemon or redirect.
CHAPTER 27 Multicast Status 27.1 Overview Use the Multicast Status screens to look at IGMP/MLD group status and traffic statistics. 27.2 The IGMP Status Screen Use this screen to look at the current list of multicast groups the EMG has joined and which ports have joined it. To open this screen, click System Monitor > Multicast Status > IGMP Status. Figure 160 System Monitor > Multicast Status > IGMP Status The following table describes the labels in this screen.
Chapter 27 Multicast Status Figure 161 System Monitor > Multicast Status > MLD Status The following table describes the labels in this screen. Table 115 System Monitor > Multicast Status > MLD Status LABEL DESCRIPTION Refresh Click this button to update the status on this screen. Interface This field displays the name of an interface on the EMG that belongs to an MLD multicast group. Multicast Group This field displays the name of the MLD multicast group to which the interface belongs.
CHAPTER 28 System 28.1 Overview In the System screen, you can name your EMG (Host) and give it an associated domain name for identification purposes. 28.2 The System Screen Click Maintenance > System to open the following screen. Figure 162 Maintenance > System The following table describes the labels in this screen. Table 116 Maintenance > System LABEL DESCRIPTION Host Name Type a hostname for your EMG.
CHAPTER 29 User Account 29.1 Overview In the User Account screen, you can view the settings of the “admin” and other user accounts that you used to log in the EMG. You can create and manage multiple login accounts for your EMG. ‘Admin’ and ‘user’ accounts have different configuration privileges. You can only use an ‘admin’ account to modify or delete a user account. You cannot delete an ‘admin’ account. For troubleshooting purposes only, there is a support account for qualified technical support engineers.
Chapter 29 User Account Table 117 Maintenance > User Account (continued) (continued) LABEL DESCRIPTION Group This field displays whether this user has Administrator or User privileges. Modify Click the Edit icon to configure the entry. Click the Delete icon to remove the entry. Apply Click Apply to save your changes back to the EMG. Cancel Click Cancel to restore your previously saved settings. 29.2.
Chapter 29 User Account Table 118 Maintenance > User Account > Add/Edit (continued) (continued) LABEL DESCRIPTION Password/New Password Type your new system password (up to 256 characters). Note that as you type a password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the EMG. Verify Password/ Verify New Password Type the new password again for confirmation.
CHAPTER 30 Remote Management 30.1 Overview Remote management controls through which interface(s), which services can access the EMG. Note: The EMG is managed using the Web Configurator. 30.2 The MGMT Services Screen Use this screen to configure through which interface(s), which services can access the EMG. You can also specify the port numbers the services must use to connect to the EMG. Click Maintenance > Remote Management > MGMT Services to open the following screen.
Chapter 30 Remote Management Table 119 Maintenance > Remote Management > MGMT Services (continued) LABEL DESCRIPTION WAN Select the Enable check box for the corresponding services that you want to allow access to the EMG from all WAN connections. Trust Domain Select the Enable check box for the corresponding services that you want to allow access to the EMG from the trusted hosts configured in the Maintenance > Remote MGMT > Trust Domain screen.
Chapter 30 Remote Management Figure 167 Maintenance > Remote Management > Trust Domain > Add Trust Domain The following table describes the fields in this screen. Table 121 Maintenance > Remote Management > Trust Domain > Add Trust Domain LABEL DESCRIPTION IP Address Enter a public IPv4 IP address which is allowed to access the service on the EMG from the WAN. Apply Click Apply to save your changes back to the EMG. Cancel Click Cancel to exit this screen without saving.
CHAPTER 31 SNMP 31.1 Overview This chapter explains how to configure the SNMP settings on the EMG. 31.2 The SNMP Screen Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Your EMG supports SNMP agent functionality, which allows a manager station to manage and monitor the EMG through the network. The EMG supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation.
Chapter 31 SNMP SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: • Get - Allows the manager to retrieve an object variable from the agent. • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent.
CHAPTER 32 Time Settings 32.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 32.2 The Time Screen To change your EMG’s time and date, click Maintenance > Time. The screen appears as shown. Use this screen to configure the EMG’s time based on your local time zone.
Chapter 32 Time Settings The following table describes the fields in this screen. Table 123 Maintenance > Time LABEL DESCRIPTION Current Date/Time Current Time This field displays the time of your EMG. Each time you reload this page, the EMG synchronizes the time with the time server. Current Date This field displays the date of your EMG. Each time you reload this page, the EMG synchronizes the date with the time server.
CHAPTER 33 E-mail Notification 33.1 Overview A mail server is an application or a computer that runs such an application to receive, forward and deliver e-mail messages. To have the EMG send reports, logs or notifications via e-mail, you must specify an e-mail server and the e-mail addresses of the sender and receiver. 33.2 The E-mail Notification Screen Click Maintenance > E-mail Notification to open the E-mail Notification screen.
Chapter 33 E-mail Notification 33.2.1 E-mail Notification Edit Click the Add button in the E-mail Notification screen. Use this screen to configure the required information for sending e-mail via a mail server. Figure 172 Email Notification > Add The following table describes the labels in this screen. Table 125 Email Notification > Add LABEL DESCRIPTION Mail Server Address Enter the server name or the IP address of the mail server for the e-mail address specified in the Account Email Address field.
CHAPTER 34 Log Setting 34.1 Overview You can configure where the EMG sends logs and which logs and/or immediate alerts the EMG records in the Logs Setting screen. 34.2 The Log Settings Screen To change your EMG’s log settings, click Maintenance > Logs Setting. The screen appears as shown.
Chapter 34 Log Setting The following table describes the fields in this screen. Table 126 Maintenance > Logs Setting LABEL DESCRIPTION Syslog Setting Syslog Logging The EMG sends a log to an external syslog server. Select Enable to enable syslog logging. Mode Select the syslog destination from the drop-down list box. If you select Remote, the log(s) will be sent to a remote syslog server. If you select Local File, the log(s) will be saved in a local file.
Chapter 34 Log Setting Figure 174 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy |forward | 09:54:17 |UDP src port:00520 dest port:00520 |<1,00> | 3|Apr 7 00 |From:192.168.1.6 To:10.10.10.
CHAPTER 35 Firmware Upgrade 35.1 Overview This chapter explains how to upload new firmware to your EMG. You can download new firmware releases from your nearest Zyxel FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your EMG. 35.2 The Firmware Screen Click Maintenance > Firmware Upgrade to open the following screen.
Chapter 35 Firmware Upgrade Table 127 Maintenance > Firmware Upgrade LABEL DESCRIPTION Choose File Click this to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click this to begin the upload process. This process may take up to two minutes. Figure 176 Firmware Uploading The EMG automatically restarts in this time causing a temporary network disconnect.
CHAPTER 36 Backup/Restore 36.1 Overview The Backup/Restore screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 36.2 The Backup/Restore Screen Click Maintenance > Backup/Restore. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Chapter 36 Backup/Restore Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your EMG. Table 128 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Choose File to find it. Choose File Click this to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 36 Backup/Restore Figure 181 Reset Warning Message Figure 182 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your EMG. Refer to Section 1.4.5 on page 24 for more information on the RESET button. 36.3 The Reboot Screen System restart allows you to reboot the EMG remotely without turning the power off. You may need to do this if the EMG hangs, for example. Click Maintenance > Reboot. Click Reboot to have the EMG reboot.
CHAPTER 37 Diagnostic 37.1 Overview The Diagnostic screens display information to help you identify problems with the EMG. The route between a CO switch and one of its CPE may go through switches owned by independent organizations. A connectivity fault point generally takes time to discover and impacts subscriber’s network access. In order to eliminate the management and maintenance efforts, IEEE 802.
Chapter 37 Diagnostic 37.3 Ping & TraceRoute & NsLookup Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance > Diagnostic > Ping&TraceRoute&NsLookup to open the screen shown next. Figure 184 Maintenance > Diagnostic > Ping &TraceRoute&NsLookup The following table describes the fields in this screen.
Chapter 37 Diagnostic Figure 185 Maintenance > Diagnostic > 802.1ag The following table describes the fields in this screen. Table 130 Maintenance > Diagnostic > 802.1ag LABEL DESCRIPTION 802.1ag Connectivity Fault Management IEEE 802.1ag CFM Select Enable or Disable to activate or deactivate the IEEE802.1ag CFM (Connectivity Fault Management) specification, which allows network administrators to identify manage connection faults. Y.1731 Select Enable or Disable to activate or deactivate Y.
Chapter 37 Diagnostic Table 130 Maintenance > Diagnostic > 802.1ag (continued) LABEL DESCRIPTION Destination MAC Address Enter the target device’s MAC address to which the EMG performs a CFM loopback and linktrace test. Test Result Loopback Message (LBM) This shows Pass if a Loop Back Messages (LBMs) responses are received. If LBMs do not get a response it shows Fail. Linktrace Message (LTM) This shows the MAC address of MEPs that respond to the LTMs. Apply Click this button to save your changes.
Chapter 37 Diagnostic Table 131 Maintenance > Diagnostics > 802.3ah LABEL DESCRIPTION Auto Event Select Enable for the EMG to detect link status and send a notification when an error (such as errors in symbol, frames, or seconds) is detected. Otherwise, click Disable and you will not be notified. Features Select Variable Retrieval so the EMG can respond to requests for information, such as requests for Ethernet counters and statistics, about link events.
CHAPTER 38 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • EMG Access and Login • Internet Access • Wireless Internet Access • UPnP 38.1 Power, Hardware Connections, and LEDs The EMG does not turn on. None of the LEDs turn on. 1 Make sure the EMG is turned on. 2 Make sure you are using the power adaptor or cord included with the EMG.
Chapter 38 Troubleshooting 38.2 EMG Access and Login I forgot the IP address for the EMG. 1 The default LAN IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the EMG by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Chapter 38 Troubleshooting • Make sure you have logged out of any earlier management sessions using the same user account even if they were through a different interface or using a different browser. • Try to access the EMG using another service, such as Telnet. If you can access the EMG, check the remote management settings and firewall rules to find out why the EMG does not respond to HTTP. I can see the Login screen, but I cannot log in to the EMG. 1 Make sure you have entered the password correctly.
Chapter 38 Troubleshooting 3 If you are trying to access the Internet wirelessly, make sure that you enabled the wireless LAN in the EMG and your wireless client and that the wireless settings in the wireless client are the same as the settings in the EMG. 4 Disconnect all the cables from your device and reconnect them. 5 If the problem continues, contact your ISP. I cannot connect to the Internet using an Ethernet connection.
Chapter 38 Troubleshooting • Obstacles: walls, ceilings, furniture, and so on. • Building Materials: metal doors, aluminum studs. • Electrical devices: microwaves, monitors, electric motors, cordless phones, and other wireless devices. To optimize the speed and quality of your wireless connection, you can: • Move your wireless device closer to the AP if the signal strength is low.
P ART III Appendices Appendices contain general information. Some information may not apply to your device.
APPENDIX A Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a Zyxel office for the region in which you bought the device. See https://www.zyxel.com/homepage.shtml and also https://www.zyxel.com/about_zyxel/zyxel_worldwide.shtml for the latest information. Please have the following information ready when you contact an office. Required Information • Product model and serial number.
Appendix A Customer Support Korea • Zyxel Korea Corp. • http://www.zyxel.kr Malaysia • Zyxel Malaysia Sdn Bhd. • http://www.zyxel.com.my Pakistan • Zyxel Pakistan (Pvt.) Ltd. • http://www.zyxel.com.pk Philippines • Zyxel Philippines • http://www.zyxel.com.ph Singapore • Zyxel Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • Zyxel Communications Corporation • https://www.zyxel.com/tw/zh/ Thailand • Zyxel Thailand Co., Ltd • https://www.zyxel.
Appendix A Customer Support • https://www.zyxel.com/be/fr/ Bulgaria • Zyxel България • https://www.zyxel.com/bg/bg/ Czech Republic • Zyxel Communications Czech s.r.o • https://www.zyxel.com/cz/cs/ Denmark • Zyxel Communications A/S • https://www.zyxel.com/dk/da/ Estonia • Zyxel Estonia • https://www.zyxel.com/ee/et/ Finland • Zyxel Communications • https://www.zyxel.com/fi/fi/ France • Zyxel France • https://www.zyxel.fr Germany • Zyxel Deutschland GmbH • https://www.zyxel.
Appendix A Customer Support Lithuania • Zyxel Lithuania • https://www.zyxel.com/lt/lt/ Netherlands • Zyxel Benelux • https://www.zyxel.com/nl/nl/ Norway • Zyxel Communications • https://www.zyxel.com/no/no/ Poland • Zyxel Communications Poland • https://www.zyxel.com/pl/pl/ Romania • Zyxel Romania • https://www.zyxel.com/ro/ro Russia • Zyxel Russia • https://www.zyxel.com/ru/ru/ Slovakia • Zyxel Communications Czech s.r.o. organizacna zlozka • https://www.zyxel.
Appendix A Customer Support Turkey • Zyxel Turkey A.S. • https://www.zyxel.com/tr/tr/ UK • Zyxel Communications UK Ltd. • https://www.zyxel.com/uk/en/ Ukraine • Zyxel Ukraine • http://www.ua.zyxel.com South America Argentina • Zyxel Communications Corporation • https://www.zyxel.com/co/es/ Brazil • Zyxel Communications Brasil Ltda. • https://www.zyxel.com/br/pt/ Colombia • Zyxel Communications Corporation • https://www.zyxel.com/co/es/ Ecuador • Zyxel Communications Corporation • https://www.zyxel.
Appendix A Customer Support Middle East • Zyxel Communications Corporation • https://www.zyxel.com/me/en/ North America USA • Zyxel Communications, Inc. - North America Headquarters • https://www.zyxel.com/us/en/ Oceania Australia • Zyxel Communications Corporation • https://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • https://www.zyxel.
APPENDIX B Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix B Wireless LANs Figure 188 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix B Wireless LANs Figure 189 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Appendix B Wireless LANs Figure 190 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
Appendix B Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range.
Appendix B Wireless LANs • Authorization Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Appendix B Wireless LANs EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses.
Appendix B Wireless LANs WPA2-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA2-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all wireless devices sharing the same encryption keys.
Appendix B Wireless LANs Figure 191 WPA2-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type. MAC address filters are not dependent on how you configure these security features.
Appendix B Wireless LANs Antenna Gain Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width. Higher antenna gain improves the range of the signal for better communications. For an indoor site, each 1 dB increase in antenna gain results in a range increase of approximately 2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a range increase of approximately 5%. Actual results may vary depending on the network environment.
APPENDIX C IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted.
Appendix C IPv6 Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. It is similar to “0.0.0.0” in IPv4. Loopback Address A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1” in IPv4. Multicast Address In IPv6, multicast addresses provide the same functionality as IPv4 broadcast addresses. Broadcasting is not supported in IPv6.
Appendix C IPv6 Table 137 Reserved Multicast Address (continued) MULTICAST ADDRESS FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F). Each block’s 16 bits are then represented by four hexadecimal characters. For example, FFFF:FFFF:FFFF:FFFF:FC00:0000:0000:0000.
Appendix C IPv6 does not respond, the client sends a Rebind message to any available server (S2). For an IA_TA, the client may send a Renew or Rebind message at the client's discretion. T2 T1 Renew Renew to S1 to S1 Renew Renew to S1 to S1 Renew to S1 Renew to S1 Rebind to S2 Rebind to S2 DHCP Relay Agent A DHCP relay agent is on the same network as the DHCP clients and helps forward messages between the DHCP server and clients.
Appendix C IPv6 • Router solicitation: A request from a host to locate a router that can act as the default router and forward packets. • Router advertisement: A response to a router solicitation or a periodical multicast advertisement from a router to advertise its presence and other parameters. IPv6 Cache An IPv6 host is required to have a neighbor cache, destination cache, prefix list and default router list.
Appendix C IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses. C:\>ipv6 install Installing... Succeeded. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific IP Address. . . . . Subnet Mask . . . . IP Address. . . . .
Appendix C IPv6 5 Click Start and then OK. 6 Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable IPv6 in Windows 7: 1 Select Control Panel > Network and Sharing Center > Local Area Connection. 2 Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. 3 Click OK to save the change.
Appendix C IPv6 4 Click Close to exit the Local Area Connection Status screen. 5 Select Start > All Programs > Accessories > Command Prompt. 6 Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS IPv6 Address. . . . . . Link-local IPv6 Address IPv4 Address. . . . . . Subnet Mask . . . . . . Default Gateway .
APPENDIX D Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.
Appendix D Services Table 138 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service. AIM TCP 5190 AOL’s Internet Messenger service. AUTH TCP 113 Authentication protocol used by some servers. BGP TCP 179 Border Gateway Protocol. BOOTP_CLIENT UDP 68 DHCP Client. BOOTP_SERVER UDP 67 DHCP Server.
Appendix D Services Table 138 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION NFS UDP 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments. NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. PING User-Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.
Appendix D Services Table 138 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System). TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems. VDOLIVE TCP 7000 UDP userdefined A videoconferencing solution.
APPENDIX E Legal Information Copyright Copyright © 2019 by Zyxel Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of Zyxel Communications Corporation. Published by Zyxel Communications Corporation.
Appendix E Legal Information Innovation, Science and Economic Development Canada RSS-GEN & RSS-247 statement • • • This device contains licence-exempt transmitter(s)/receiver(s) that comply with Innovation, Science and Economic Development Canada's licence-exempt RSS(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device.
Appendix E Legal Information If the product with 5G wireless function operating in 5250-5350 MHz and 5470-5725 MHz, the following attention must be paid. • For devices with detachable antenna(s), the maximum antenna gain permitted for devices in the bands 5250-5350 MHz and 5470-5725 MHz shall be such that the equipment still complies with the e.i.r.p. limit.
Appendix E Legal Information • • Pour les dispositifs munis d'antennes amovibles, le gain maximal d'antenne permis (pour les dispositifs utilisant la bande de 5 725 à 5 850 MHz) doit être conforme à la limite de la p.i.r.e. spécifiée, selon le cas; Lorsqu'il y a lieu, les types d'antennes (s'il y en a plusieurs), les numéros de modèle de l'antenne et les pires angles d'inclinaison nécessaires pour rester conforme à l'exigence de la p.i.r.e. applicable au masque d'élévation, énoncée à la section 6.2.2.
Appendix E Legal Information Deutsch (German) Hiermit erklärt Zyxel, dass sich das Gerät Ausstattung in Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen der Richtlinie 2014/53/EU befindet. Eesti keel (Estonian) Käesolevaga kinnitab Zyxel seadme seadmed vastavust direktiivi 2014/53/EL põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele.
Appendix E Legal Information List of national codes COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE Austria AT Liechtenstein LI Belgium BE Lithuania LT Bulgaria BG Luxembourg LU Croatia HR Malta MT Cyprus CY Netherlands NL Czech Republic CZ Norway NO Denmark DK Poland PL Estonia EE Portugal PT Finland FI Romania RO France FR Serbia RS Germany DE Slovakia SK Greece GR Slovenia SI Hungary HU Spain ES Iceland IS Switzerland CH Ireland
Appendix E Legal Information Environment Statement ErP (Energy-related Products) Zyxel products put on the EU market in compliance with the requirement of the European Parliament and the Council published Directive 2009/ 125/EC establishing a framework for the setting of ecodesign requirements for energy-related products (recast), so called as "ErP Directive (Energy-related Products directive) as well as ecodesign requirement laid down in applicable implementing measures, power consumption has satisfied re
Appendix E Legal Information ⬱ℐ嬎⏲!.!䁢Ḯぐ䘬⬱ℐ炻婳⃰教嬨ẍᶳ嬎⏲⍲㊯䣢 ; ɀ 婳⊧⮯㬌䓊⑩㍍役㯜ˣ䀓䃘ㆾ㓦伖⛐檀㹓䘬䑘⠫ˤ ɀ 性姕⁁㍍妠 ; .!ảỽ㵚橼!.!↯⊧嬻姕⁁㍍妠㯜ˣ暐㯜ˣ檀㽽⹎ˣ㰉㯜僸国⿏䘬㵚橼ㆾ℞Ṿ㯜ấˤ .!䀘⠝⍲㰉䈑!.
Appendix E Legal Information To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http://www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
Index Index A call hold 232, 233 ACK message 226 call transfer 232, 233 ACL rule 190 call waiting 232, 233 activation firewalls 186 SIP ALG 163 Canonical Format Indicator See CFI call service mode 231, 233 CCMs 269 certificate factory default 202 Address Resolution Protocol 242 administrator password 27 Certificate Authority See CA.
Index reset 267 restoring 267 static route 127, 129, 171 E EAP Authentication 291 Connectivity Check Messages, see CCMs ECHO 168 contact information 280 echo cancellation 228 copyright 308 e-mail log example 262 CoS 149, 230 CoS technologies 135 CTS (Clear to Send) 289 Encapsulation 74 MER 74 PPP over Ethernet 74 CTS threshold 84, 91 encryption 92, 292 customer support 280 ESS 287 creating certificates 202 Europe type call service mode 231 Extended Service Set, See ESS 287 D data fragment t
Index link-local address 296 Neighbor Discovery Protocol 296 ping 296 prefix 65, 76, 296 prefix delegation 67 prefix length 65, 76, 296 unspecified address 297 H hidden node 288 HTTP 168 ITU-T 228 I IBSS 286 ICMPv6 174 K IEEE 802.11g 290 IEEE 802.
Index M network map 30 MA 269 non-proxy calls 221 NNTP 168 MAC address 106 filter 92 Mac filter 193 O Maintenance Association, see MA Maintenance Domain, see MD OK response 226, 228 Maintenance End Point, see MEP Management Information Base (MIB) 255 managing the device good habits 20 P MBSSID 94 Pairwise Master Key (PMK) 292, 293 MD 269 passwords 27 MEP 269 PBC 95 MLD 174 peer-to-peer calls 221 MLDv1 174 Per-Hop Behavior, see PHB 149 MLDv2 174 PHB 149, 230 MTU (Multi-Tenant Unit) 75
Index versus CoS 135 account 223 call progression 226 client 224 identities 223 INVITE request 226, 227 number 223 OK response 228 proxy server 224 redirect server 225 register server 225 servers 224 service domain 223 URI 223 user agent 224 Quality of Service, see QoS R RADIUS 290 message types 291 messages 291 shared secret key 291 RADIUS server 92 Real time Transport Protocol, see RTP reset 24, 267 SIP ALG 162 activation 163 restart 268 restoring configuration 267 SMTP 168 RFC 1058. See RIP.
Index syslog protocol 235 severity levels 235 V VAD 228 system firmware 264 version 61 passwords 27 reset 24 status 60 LAN 61 WAN 61 wireless LAN 61 time 257 Vendor ID 122 VID Virtual Local Area Network See VLAN VLAN 75 Introduction 75 number of possible VIDs priority frame static VLAN ID 75 VLAN Identifier See VID VLAN tag 75 voice activity detection 228 T voice coding 228 VoIP 222 peer-to-peer calls 221 Tag Control Information See TCI Tag Protocol Identifier See TPID TCI The 65 three-way conference
Index preamble 84, 91 RADIUS server 92 RTS/CTS threshold 84, 91 security 91 SSID 92 status 61 WEP 93 WPA 93 WPA-PSK 93 WPS 95 example 97 limitations 98 push button 95 wireless security 290 Wireless tutorial 42 wizard setup Internet 34 WLAN interference 288 security parameters 294 WPA 93 key caching 293 pre-authentication 293 wireless client supplicant 293 WPA2 wireless client supplicant 293 WPA2-PSK application example 293 WPA-PSK 93 application example 293 WPS 95 example 97 limitations 98 push button 95