ZyXEL Communications AMG1202-T10A manual

AMG1202-T10A

Wireless N-lite ADSL2+ 4-port Ethernet Gateway

Default Login Details

IP Address	http://192.168.1.1
Password	1234

Firmware Version 1.00

Edition 1, 6/2011

www.zyxel.com

Contents

IP Address http://192.168.1.1 Password Copyright © ZyXEL Communications Corporation Page About This User's Guide Page Document Conventions Firewall RouterSwitch Safety Warnings Page Contents Overview Page Table of Contents Part I: User’s Guide Chapter 4.5.1 Full Feature NAT + Many-to-ManyNo Overload Mapping LAN Setup 8.8.1 Wireless Network Overview 8.8.2 Additional Wireless Terms 8.8.3 Wireless Security Overview 8.8.7 Wireless Distribution System (WDS) 8.8.8 WiFi Protected Setup (WPS) 11.2 The URL Filter Screen 11.3 The Application Filter Screen 11.4 The IP/MAC Filter Screen 12.1 Overview 12.2 The Static Route Screen 16.1.2 What You Need to Know About Remote Management 16.2.1 Configuring the WWW Screen 16.5.1 Configuring SNMP Appendix C Pop-upWindows, JavaScripts and Java Permissions Page Page Page Introduction 1.1 Overview 1.2 Ways to Manage the ZyXEL Device 1.3Good Habits for Managing the ZyXEL Device 1.4 Applications for the ZyXEL Device 1.5 Wireless Access WPS/WLAN POWER WPS/ WLAN 1.6 LEDs (Lights) 1.7 The RESET Button Page The Web Configurator 2.1 Overview Ignore Go to Wizard setup Go to Advanced setup 2.2 The Main Screen Table 3 Navigation Panel Summary LINK TAB FUNCTION Chapter 3 on page Page Status Screens 3.1 Overview 3.2 The Status Screen Chapter 3 Status Screens Host Name Model Number This is the model name of your device MAC Address Chapter 3 Status Screens This field displays how long the ZyXEL Device has been running since it last Uptime (Maintenance > Tools > Restart), or when you reset it ), or when you reset it Page Tutorials 4.1 Overview 4.2Setting Up a Secure Wireless Network 802.11b+g+n 802.11 Mode There are two WPS methods to set up the wireless client settings: Push Button Configuration (PBC) PIN Configuration Start Push and hold the Wireless Client ZyXEL Device PIN Wireless Client ZyXEL Device Authentication by PIN Wireless Network Scheduling 4.3 Configuring the MAC Address Filter Client List MAC Filter 4.4Configuring Static Route for Routing to Another Network This tutorial uses the following example IP settings: Table 5 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS 2Click Advanced > Static Route Static Route Static Route Setup 4.5 Multiple Public and Private IP Address Mappings 1Click Network > NAT Address Mapping •Type: Many-to-ManyNo Overload •Local IP addresses: 192.168.1.2 •Global IP addresses: 172.16.1.253 Type: One-to-One 4.6 Multiple WAN Connections Example Page Page Internet and Wireless Setup Wizard 5.1 Overview 5.2Internet Access Wizard Setup Chapter 5 Internet and Wireless Setup Wizard INTERNET/WIRELESS SETUP Figure 11 Wizard Welcome Restart the INTERNET/WIRELESS SETUP Wizard Manually configure your Internet connection Figure 13 Auto-Detection:PPPoE Figure 14 Auto Detection: Failed Figure 15 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen Table 7 Internet Access Wizard Setup: ISP Parameters Device list box. Choices vary depending on what you select in the Mode field Chapter 5 Internet and Wireless Setup Wizard VCI Enter the VCI assigned to you. This field may already be configured Back Click this to return to the previous screen without saving Table 8 Internet Connection with PPPoE User Name exactly as given Password Enter the password associated with the user name above Table 9 Internet Connection with RFC Figure 18 Internet Connection with ENET ENCAP Table 10 Internet Connection with ENET ENCAP Obtain an IP Address Automatically Static IP 5.3 Wireless Connection Wizard Setup Page Configure your wireless settings in this screen. Click Table 13 Wireless LAN Setup Wizard Name(SSID) same SSID in order to access the network Selection Manually assign a key Pre- Shared Key Figure 25 Manually Assign a WPA-PSKkey Table 14 Manually Assign a WPA-PSKkey Table 15 Manually Assign a WEP key stations must use the same WEP key for data transmission F") for a 64-bitor 128-bitWEP key respectively 5Click Apply to save your wireless LAN settings. Figure 27 Wireless LAN Setup Finish Page WAN Setup 6.1 Overview Chapter 6 WAN Setup See Section 6.4 on page 79 for technical background information on WAN 6.2 The Internet Access Setup Screen Table 16 Network > WAN > Internet Access Setup (continued) NAT on the ZyXEL Device box. Choices vary depending on the mode you select in the Mode field If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE Internet Access Setup Figure 31 Network > WAN > Internet Access Setup: Advanced Setup Table 17 Network > WAN > Internet Access Setup: Advanced Setup Both In Only 6.3 The More Connections Screen WAN > Internet Access Setup Figure 32 Network > WAN > More Connections Table 18 Network > WAN > More Connections This field indicates whether the connection is active or not Name Page Table 19 Network > WAN > More Connections: Edit (continued) list box. Choices vary depending on the mode you select in the Mode field list. Choices are VC or LLC By prior agreement, a protocol is assigned a specific virtual circuit, for More Connections Edit 6.4 WAN Technical Reference Page 6.5 Traffic Shaping Page Page Page LAN Setup 7.1 Overview 7.2 The LAN IP Screen IP Subnet Mask 7.3 The DHCP Setup Screen 7.4 The Client List Screen 7.5 The IP Alias Screen Note: Make sure that the subnets of the logical networks do not overlap The following figure shows a LAN divided into subnets A, B, and C Figure 40 Physical Network & Partitioned Logical Networks A: 192.168.1.1 Ethernet 7.6 LAN Technical Reference There are two ways that an ISP disseminates the DNS server addresses DNS Server •10.0.0.0 — •172.16.0.0 — •192.168.0.0 — Both In Only Version IGMP-v1 IGMP-v2 IGMP-v3 Page Wireless LAN 8.1 Overview Chapter 8 Wireless LAN Section 8.8 on page Section 8.1.2 on page Do the other wireless devices in your network support WPS 8.2 The AP Screen Edit Click this to go to the MAC Filter screen to configure MAC filter settings. See Section 8.2.6 on page 106 for more details Select this check box to activate Quality of Service (QoS) your WLAN setup. See Section 8.2.5 on page 104 for more details Figure 45 Network > Wireless LAN > AP: Static WEP Choose Static WEP from the drop-downlist box Passphrase Device automatically generates a WEP key WEP Key Network > Wireless LAN Figure 46 Network > Wireless LAN > AP: WPA(2)-PSK The following table describes the wireless LAN security labels in this screen Table 29 Network > Wireless LAN > AP: WPA(2)-PSK Choose WPA-PSK or WPA2-PSK from the drop-downlist box WPAMixed Authentication Server notation Port Number Enter the port number of the external authentication server to do so with additional information Chapter 8 Wireless LAN Preamble See the Appendix D on page 269 for more information 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to Figure 49 Network > Wireless LAN > AP: MAC Address Filter Table 32 Network > Wireless LAN > AP: MAC Address Filter Active MAC Select the check box to enable MAC address filtering Filter Action 8.3 The More AP Screen 8.4 The WPS Screen Click Network > Wireless LAN > WPS. The following screen displays Figure 52 Network > Wireless LAN > WPS Table 35 Network > Wireless LAN > WPS WPS Setup Select the check box to activate WPS on the ZyXEL Device 8.5 The WPS Station Screen 8.6 The WDS Screen Click Network > Wireless LAN > WDS. The following screen displays Figure 54 Network > Wireless LAN > WDS Table 37 Network > Wireless LAN > WDS WDS Security (including the ZyXEL Device) must use the same pre-sharedkey for data 8.7 The Scheduling Screen 8.8 Wireless LAN Technical Reference Page TERM Page Section 8.8.3.3 on page Table 40 Types of Encryption for Each Type of Authentication NO AUTHENTICATION RADIUS SERVER Weakest WPA compatible Figure 57 Basic Service set Wireless devices can use different BSSIDs to associate with the same AP •A maximum of eight BSSs are allowed on one AP simultaneously Figure 58 WDS Link Example WDS Take the following steps to set up WPS using the button 1Ensure WPS is enabled on both devices Section 8.4 on page 4Enter the client’s PIN in the AP’s configuration interface 6Start WPS on both devices within two minutes Use the configuration utility to activate WPS, not the Figure 59 Example WPS Process: PIN Method ENROLLEE REGISTRAR WITHIN 2 MINUTES SECURE EAP TUNNEL Figure 60 How WPS works ACTIVATE WPS HANDSHAKE SECURE TUNNEL SECURITY INFO Figure 61 WPS: Example Network Step CLIENT Figure 62 WPS: Example Network Step EXISTING CONNECTION AP2 Figure 63 WPS: Example Network Step SECURITY INFO AP2 WPS has some limitations of which you should be aware WPS works only with other Page Page Network Address Translation (NAT) 9.1 Overview 9.2 The NAT General Setup Screen 9.3 The Port Forwarding Screen Figure 65 Multiple Servers Behind NAT Example A=192.168.1.33 LAN B=192.168.1.34 C=192.168.1.35 D=192.168.1.36 IP Address assigned by ISP Figure 67 Network > NAT > Port Forwarding: Edit 9.4 The Address Mapping Screen Network > NAT > Address Mapping Figure 68 Network > NAT > Address Mapping Table 44 Network > NAT > Address Mapping This is the rule index number Local Start IP Figure 69 Network > NAT > Address Mapping: Edit Table 45 Network > NAT > Address Mapping: Edit Choose the port mapping type from one of the following One-to-One: One-to-Onemode maps one local IP address to one global IP IP address to unique global IP addresses 9.5 The ALG Screen 9.6 NAT Technical Reference NAT Definitions ITEM Inside This refers to the host on the LAN Outside Inside Local Inside Global Address (ILA) Address (IGA) One to One Many to One Many to Many Overload No Overload Server Firewall 10.1 Overview Page 10.2 The Firewall Screen Page Filters 11.1 Overview 11.2 The URL Filter Screen 11.3 The Application Filter Screen 11.4 The IP/MAC Filter Screen Table 52 Access Management > Filter (IP/MAC) (continued) ICMP TCP UDP Page Static Route 12.1 Overview 12.2 The Static Route Screen Figure 79 Advanced > Static Route: Edit Table 54 Advanced > Static Route: Edit Static Route Setup Destination IP is always based on network number. If you need to specify a route to a single Page 13.1 Overview Ports VLAN Groups Priority Levels 13.2 The 802.1Q/1P Group Setting Screen Figure 81 Advanced > 802.1Q/1P > Group Setting Table 55 Advanced > 802.1Q/1P > Group Setting Use this screen to configure the settings for each VLAN group Modify Figure 82 Advanced > 802.1Q/1P > Group Setting > Edit Table 56 Advanced > 802.1Q/1P > Group Setting > Edit Fixed 13.3 The 802.1Q/1P Port Setting Screen Page Quality of Service (QoS) 14.1 Overview VoIP: Queue Boss: Queue IP=192.168.1.23 14.2 The QoS Screen Click Advanced Setup > QoS to open the screen as shown next Figure 85 Advanced Setup > QoS Table 58 Advanced Setup > QoS Use this field to turn on QoS to improve your network performance You can give priority to traffic that the ZyXEL Device forwards out through the Application choose Physical Ports Select Enet1 to apply the rule to the Ethernet port Destination MAC Advanced > QoS QoS Settings Summary Figure 86 Advanced Setup > QoS > QoS Settings Summary Table 59 Advanced Setup > QoS > QoS Settings Summary 14.3 QoS Technical Reference LAYER IEEE 802.1P USER TOS (IP IP PACKET QUEUE Page Dynamic DNS Setup 15.1 Overview 15.2 The Dynamic DNS Screen Remote Management 16.1 Overview Chapter 16 Remote Management Section 16.2 on page Telnet Section 16.3 on page Section 16.4 on page 16.2 The WWW Screen 16.3 The Telnet Screen 16.4 The FTP Screen 16.5 The SNMP Screen Figure 92 SNMP Management Model •Get - Allows the manager to retrieve an object variable from the agent •Set - Allows the manager to set values for object variables within an agent •Trap - Used by the agent to inform the manager of some events Figure 93 Advanced > Remote MGMT > SNMP Table 66 Advanced > Remote MGMT > SNMP on the ZyXEL Device Select All to allow any computer to access the SNMP agent to access the SNMP agent 16.6 The DNS Screen 16.7 The ICMP Screen Universal Plug-and-Play(UPnP) 17.1 Overview 17.2 The UPnP Screen 17.3 Installing UPnP in Windows Example Communications Universal Plug and Play Add/Remove Programs Properties 1Click Start and Control Panel 2Double-click Network Connections Network Connections Optional Networking Components … 17.4Using UPnP in Windows XP Example Properties Internet Connection Properties Settings Page Web Configurator Easy Access 1Click Start and then Control Panel 3Select My Network Places under Other Places Local Network Invoke System Settings 18.1 Overview 18.2 The General Screen 18.3 The Time and Date Screen Chapter 18 System Settings Table 71 Maintenance > System > Time and Date (continued) Manual settings do not affect it New Time Page Logs 19.1 Overview 19.2 The System Log Screen 19.3 Log Descriptions Table 73 System Maintenance Logs (continued) DHCP client IP expired DHCP server assigns %s Successful WEB login WEB login failed Table 74 System Error Logs (continued) readNetBIOSFilter: calloc WAN connection is down Table 75 Access Control Logs Firewall default policy: [ TCP | Table 76 TCP Reset Logs (continued) Exceed MAX incomplete Access block, sent TCP RST Table 77 Packet Filter Logs Table 79 CDR Logs (continued) call %d, %s C02 OutCall Connected %d %s call %d, %s C02 Call Terminated Table 83 Attack Logs (continued) ip spoofing - WAN [ TCP | UDP | IGMP | ESP | GRE | ip spoofing - WAN ICMP (type:%d, code:%d) Table 84 802.1X Logs (continued) Use RADIUS to authenticate user No Server to authenticate user Table 85 ACL Setting Notes PACKET DIRECTION Table 86 ICMP Notes (continued) TYPE CODE DESCRIPTION Table 87 Syslog Logs <Facility*8 + Severity>Mon dd hr:mm:ss hostname Page Tools 20.1 Overview 20.2 The Firmware Screen Chapter 20 Tools Figure 100 Maintenance > Tools > Firmware Table 89 Maintenance > Tools > Firmware Current This is the present Firmware version and the date created Return 20.3 The Configuration Screen Chapter 20 Tools compressed (.ZIP) files before you can upload them Click this to begin the upload process Figure 105 Configuration Upload Successful Figure 106 Network Temporarily Disconnected 20.4 The Restart Screen Diagnostic 21.1 Overview 21.2 The General Screen 21.3 The DSL Line Screen Table 92 Maintenance > Diagnostic > DSL Line ATM Status Click this to view your DSL connection’s Asynchronous Transfer Mode (ATM) ATM uses fixed-sizepackets of information called cells. With ATM, a high QoS (Quality of Service) can be guaranteed Table 92 Maintenance > Diagnostic > DSL Line (continued) DSL Line Status Click this to view statistics about the DSL connections output power upstream attenuation downstream Reset ADSL Line Troubleshooting 22.1Power, Hardware Connections, and LEDs 22.2 ZyXEL Device Access and Login 22.3 Internet Access Wireless LAN > AP 6If the problem continues, contact your ISP 2Turn the ZyXEL Device off and on 3If the problem continues, contact your ISP The Internet connection is slow or intermittent Product Specifications 23.1 Hardware Specifications 23.2 Firmware Specifications Table 94 Firmware Specifications (continued) Note: Only upload firmware for your specific model Page 23.3 Wireless Features Table 96 Standards Supported STANDARD 23.4 Power Adaptor Specifications Page Page Setting up Your Computer’s IP Address Adapter Microsoft manufacturers TCP/IP Client for Microsoft Networks Specify an IP address Subnet Mask Disable DNS Enable DNS New gateway field TCP/IP Properties Run IP Configuration 1Click start (Start in Windows 2000/NT), Settings, Control Panel 3Right-click Local Area Connection and then click Properties Internet Protocol (TCP/IP) Use the following IP Address IP address Subnet mask Default gateway •Click Advanced IP Settings TCP/IP Address Default gateways TCP/IP Gateway Address Obtain DNS server address automatically Use the following DNS server addresses Preferred DNS server Alternate DNS server 8Click OK to close the Internet Protocol (TCP/IP) Properties window Close Local Area Connection Properties 1Click Start, All Programs, Accessories and then Command Prompt Command Prompt 1Click the Start icon, Control Panel 2In the Control Panel, double-click Network and Internet 3Click Network and Sharing Center Continue 6Select Internet Protocol Version 4 (TCP/IPv4) and click Properties Use the following IP address Page Page 11Click Close to close the Local Area Connection Properties window 12Close the Network Connections window Apple TCP/IP Control Panel 2Select Ethernet built-in from the Connect via list Using DHCP Server Configure: Configure Manually •Select Built-inEthernet from the Show list Using DHCP Apply Now Note: Make sure you are logged in as the root administrator System Setting Ethernet Device General Statically set IP Addresses Address Default Gateway Address Network Configuration Activate Yes to save the changes in all screens Active dhcp BOOTPROTO=dhcp resolv.conf /etc Figure 142 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver Figure 143 Red Hat 9.0: Restart Ethernet Card IP Addresses and Subnetting Appendix B IP Addresses and Subnetting Figure 145 Network Number and Host ID Table 98 Subnet Masks 1ST OCTET: 2ND Table 99 Subnet Masks BINARY 1ST DECIMAL OCTET ALTERNATIVE LAST OCTET NOTATION (BINARY) (DECIMAL) Table 102 Subnet IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE Table 102 Subnet 1 (continued) Table 103 Subnet Table 104 Subnet LAST OCTET BIT VALUE Table 105 Subnet Table 106 Eight Subnets (continued) Table 107 24-bitNetwork Number Subnet Planning NO. “BORROWED” NO. SUBNETS NO. HOSTS PER Page Pop-upWindows, JavaScripts and Java Permissions Block pop-ups 2Select Settings…to open the Pop-upBlocker Settings screen Allowed sites Custom Level Scripting Active scripting Scripting of Java applets Microsoft VM Java permissions 2Make sure that Use Java 2 for <applet> under Java (Sun) is selected Figure 155 Java (Sun) Tools Options Content Page Wireless LANs Page Figure 160 Infrastructure WLAN Figure 161 RTS/CTS RTS/CTS RTS/CTS Fragmentation Threshold Fragmentation Threshold Table 109 IEEE 802.11g DATA RATE (MBPS) MODULATION Table 110 Wireless Security Levels SECURITY SECURITY TYPE •User based identification that allows for roaming •Authentication •Access-Request Sent by an access point requesting authentication •Access-Reject Sent by a RADIUS server rejecting access •Access-Accept Page Note: EAP-MD5cannot be used with Dynamic WEP Key Exchange Table 111 Comparison of EAP Authentication Types EAP-MD5 EAP-TLS EAP-TTLS Page Page AUTHENTICATION ENCRYPTIO ENTER METHOD/ KEY IEEE There are two types of antennas used for wireless LAN applications Omni-directional Page Services Appendix E Services Table 113 Examples of Services NAME PROTOCOL PORT(S) Table 113 Examples of Services (continued) Page Legal Information Page 1Go to http://www.zyxel.com 2Select your product on the ZyXEL home page to go to that product's page 3Select the certification you wish to view from this page Page types 133, 134 CBR 74, 78 104 DHCP 86, 89 106 URL 143 86, 89, 93 FTP 21 IGMP 70, 86, 88 74, 78 RIP 73, 86, 88, 92 SCR 74, 78 173 SSID 98, 99, 108 86, 93 UBR 74, 78 VCI 72, 77 WPA 103, 116