ZyXEL Communications P-2608HWL-Dx Series 2

Contents

User’s Guide Page Copyright Disclaimer Trademarks Certifications Federal Communications Commission (FCC) Interference Statement FCC Radiation Exposure Statement Notices Viewing Certifications Safety Warnings Page ZyXEL Limited Warranty Note Registration Customer Support Page Table of Contents VoIP Wizard And Example Bandwidth Management Wizard Status Screens Wireless LAN Network Address Translation (NAT) Screens SIP Phone Chapter Phone Book PSTN Line Firewall Configuration Content Filtering IPSec VPN Page Static Route Bandwidth Management Remote Management Configuration Universal Plug-and-Play(UPnP) System Diagnostic Troubleshooting Appendix A Product Specifications Appendix B Appendix C IP Addresses and Subnetting Appendix D Appendix E Importing Certificates Appendix H Internal SPTGEN Page List of Figures Page Page Page Page Page Page Page List of Tables Page Page Page Page Page Preface About This User's Guide Related Documentation User Guide Feedback Syntax Conventions Graphics Icons Key Getting To Know the ZyXEL Device 1.1 Overview 1.2 LEDs (Lights) Table 2 LEDs Page Introducing the Web Configurator 2.1 Web Configurator Overview Ignore Go to Wizard setup Go to Advanced setup Exit 2.1.2.1 Using The Reset Button 2.2Web Configurator Main Screen 2.2.1Title Bar 2.2.2 Navigation Panel Page Page 2.2.3 Status Bar Internet and Wireless Setup Wizard 3.1 Introduction 3.2Internet Access Wizard Setup Restart the Internet/Wireless Setup Wizard Manually configure your Internet connection 3.2.1Manual Configuration Page Page Page Back to Username and Password setup 3.3 Wireless Connection Wizard Setup Page Page 3.3.1Automatically assign a WPA key Manually assign a WPA key 3.3.2 Manually Assign a WPA key Pre- Shared Key 3.3.3 Manually Assign a WEP key Page Finish Page VoIP Wizard And Example 4.1 Introduction 4.2VoIP Wizard Setup Page SIPA-Account.com is your SIP Analog Phone PHONE Register Again Back Return to Wizard Main Page Go to Advanced Setup page Page Bandwidth Management Wizard 5.1 Introduction 5.2 Predefined Media Bandwidth Management Services 5.3 Bandwidth Management Wizard Setup 2Click BANDWIDTH MANAGEMENT SETUP Page Page Page Status Screens 6.1 Status Screen Page Page 6.2 Any IP Table 6.3 WLAN Status 6.4 Packet Statistics Page 6.5 VoIP Statistics Page Page Page WAN Setup 7.1 WAN Overview 7.1.1.1 ENET ENCAP 7.1.1.2 PPP over Ethernet 7.1.1.3 PPPoA 7.1.1.4RFC 7.1.2.1 VC-basedMultiplexing 7.1.2.2 LLC-basedMultiplexing 7.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation 7.1.4.2 IP Assignment with RFC 1483 Encapsulation 7.1.4.3 IP Assignment with ENET ENCAP Encapsulation 7.2 Metric 7.3 Traffic Shaping 7.3.1.1 Constant Bit Rate (CBR) 7.3.1.2 Variable Bit Rate (VBR) 7.3.1.3 Unspecified Bit Rate (UBR) 7.4 Zero Configuration Internet Access 7.5Internet Access Setup Page Page 7.5.1 Advanced Internet Access Setup Internet Access Setup 7.6 WAN More Connections 7.6.1 WAN More Connections Modify Screen Page Page 7.7 Traffic Redirect 7.8 WAN Backup Setup Page LAN Setup 8.1 LAN Overview 8.1.1LANs, WANs and the ZyXEL Device 8.1.2.1 IP Pool Setup 8.2LAN TCP/IP 8.2.1.1 Private IP Addresses 8.2.3 Multicast IGMP-v1 IGMP WAN None 8.2.4.1 How Any IP Works 8.3 Configuring LAN IP Page 8.4 DHCP Setup 8.5 LAN Client List 8.6 LAN IP Alias IP Alias Page Page Wireless LAN 9.1 Wireless Network Overview 9.2 Wireless Security Overview 9.2.4 Encryption WPA WPA2 Static WEP WPA-PSK 9.3 Wireless Performance Overview 9.4 Additional Wireless Terms 9.5 General Wireless LAN Screen 9.5.1 No Security No Security 9.5.2 WEP Encryption Screen Network > Wireless LAN 9.5.3 WPA(2)-PSK Network > Wireless LAN General WPA-PSK WPA2-PSK Page 9.5.4 WPA(2) Authentication Screen Wireless LAN Wireless 9.5.5 Wireless LAN Advanced Setup 9.6 OTIST Screen Adapter OTIST Setup Key Page 9.6.1Notes on OTIST 9.7 MAC Filter 9.8 QoS Screen 9.8.1 Application Priority Configuration Page Page Network Address Translation (NAT) Screens 10.1 NAT Overview 10.1.2 What NAT Does 10.1.3 How NAT Works 10.1.4 NAT Application 10.1.5 NAT Mapping Types One to One Many to One Many to Many Overload 10.2 SUA (Single User Account) Versus NAT 10.3NAT General Setup 10.4 Port Forwarding 10.4.1 Default Server IP Address 10.4.2 Port Forwarding: Services and Port Numbers 10.4.3 Configuring Servers Behind Port Forwarding (Example) 10.5 Configuring Port Forwarding 10.5.1 Port Forwarding Rule Edit 10.6 Address Mapping 10.6.1 Address Mapping Rule Edit Address Mapping 10.6.2 SIP ALG Network > NAT > ALG Page SIP 11.1 SIP Overview 11.1.3.1 SIP Number 11.1.3.2 SIP Service Domain 11.1.5.1 SIP User Agent 11.1.5.2 SIP Proxy Server 11.1.5.3 SIP Redirect Server 11.1.5.4 SIP Register Server 11.1.7.1 SIP ALG 11.1.7.2 Use NAT 11.1.7.3 STUN 11.1.7.4 Outbound Proxy 11.1.11.1 Recording Custom Tones 11.1.11.2Listening to Custom Tones 11.1.11.3Deleting Custom Tones 11.1.12.1 Type Of Service (ToS) 11.1.12.2 DiffServ 11.1.12.3 DSCP and Per-HopBehavior 11.1.12.4 VLAN 11.2 SIP Screens Page 11.2.2 Advanced SIP Setup Screen Page Page Page 11.2.3 SIP QoS Screen VoIP > SIP > QoS Page Phone 12.1 Phone Overview 12.1.3.1 The Flash Key 12.1.3.2 Europe Type Supplementary Phone Services Page 12.1.3.3 USA Type Supplementary Services 12.2Phone Screens 12.2.2 Advanced Analog Phone Setup Screen Page 12.2.3 Common Phone Settings Screen VoIP > Phone > Common 12.2.4 Phone Region Screen VoIP > Phone > Region Page Page Phone Book 13.1 Phone Book Overview 13.2 Speed Dial Screen Page 13.3 Incoming Call Policy Screen Page 13.4 Group Ring Screen Page Page Page PSTN Line 14.1 PSTN Line Overview 14.2 PSTN Line Screen Page Firewalls 15.1 Firewall Overview 15.2 Types of Firewalls 15.3 Introduction to ZyXEL’s Firewall 15.4 Denial of Service 15.4.2 Types of DoS Attacks Ping of Death Teardrop SYN Flood LAND SYN Attack LAND Attack brute-force 15.4.2.1 ICMP Vulnerability 15.4.2.2 Illegal Commands (NetBIOS and SMTP) 15.4.2.3 Traceroute 15.5 Stateful Inspection 15.5.1 Stateful Inspection Process Firewall General 15.5.2Stateful Inspection on Your ZyXEL Device 15.5.3 TCP Security 15.5.4 UDP/ICMP Security 15.6Guidelines for Enhancing Security with Your Firewall 15.7Packet Filtering Vs Firewall 15.7.1.1When To Use Filtering 15.7.2.1When To Use The Firewall Firewall Configuration 16.1 Access Methods 16.2 Firewall Policies Overview 16.3 Rule Logic Overview 16.3.3.1 Action 16.3.3.2 Service 16.3.3.3 Source Address 16.3.3.4 Destination Address 16.4 Connection Direction 16.5 General Firewall Policy 16.6 Firewall Rules Summary Page 16.6.1 Configuring Firewall Rules Rules Page Page 16.6.2 Customized Services Edit Customized Services 16.7 Example Firewall Rule 2Select WAN to LAN in the Packet Direction field Customized Service Customized Services Config Destination Address Delete Services Rules Page 16.8 DoS Thresholds 16.8.2.1 TCP Maximum Incomplete and Blocking Time 16.8.3 Configuring Firewall Thresholds Firewall Threshold Page Content Filtering 17.1 Content Filtering Overview 17.2 Configuring Keyword Blocking 17.3 Configuring the Schedule 17.4 Configuring Trusted Computers Page IPSec VPN 18.1 IPSec VPN Overview 18.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router 18.1.1.2 IKE SA Proposal 18.1.1.3 Diffie-Hellman(DH) Key Exchange 18.1.1.4 Authentication 18.1.1.5 Extended Authentication 18.1.2.1 Negotiation Mode 18.1.2.2 VPN, NAT and NAT Traversal 18.1.3 IPSec SA Overview 18.1.3.1 Local Network and Remote Network 18.1.3.2 Active Protocol 18.1.3.3 Encapsulation 18.1.3.4 IPSec SA Proposal and Perfect Forward Secrecy 18.1.4.1 IPSec SA using Manual Keys 18.2 VPN Setup Screen Figure 126 VPN Setup Table 83 VPN Setup 18.3 Editing VPN Policies Page Page Page Page 18.4 Configuring Advanced IKE Settings Page Page 18.5 Configuring Manual Key Page Page 18.6 Viewing SA Monitor Page 18.7 Configuring Global Setting 18.8 Telecommuter VPN/IPSec Examples 18.8.2 Telecommuters Using Unique VPN Rules Example Page 18.9 VPN and Remote Management Certificates 19.1 Certificates Overview 19.2Self-signedCertificates 19.3 Configuration Summary 19.4 My Certificates Page 19.5 My Certificate Import 19.6 My Certificate Create Page 19.7 My Certificate Details Page Page 19.8 Trusted CAs Figure 139 Trusted CAs 19.9 Trusted CA Import 19.10 Trusted CA Details Page 19.11 Trusted Remote Hosts Page 19.12 Verifying a Trusted Remote Host’s Certificate 19.13 Trusted Remote Hosts Import 19.14 Trusted Remote Host Certificate Details Page Page 19.15 Directory Servers 19.16 Directory Server Add or Edit Page Static Route 20.1 Static Route 20.2 Configuring Static Route 20.2.1 Static Route Edit Page Page Bandwidth Management 21.1 Bandwidth Management Overview 21.2Application-basedBandwidth Management 21.3 Subnet-basedBandwidth Management 21.4 Application and Subnet-basedBandwidth Management 21.5 Scheduler 21.6 Maximize Bandwidth Usage 21.6.2.1 Priority-basedAllotment of Unused & Unbudgeted Bandwidth 21.6.2.2Fairness-basedAllotment of Unused & Unbudgeted Bandwidth 21.7 Over Allotment of Bandwidth 21.8 Configuring Summary 21.9 Bandwidth Management Rule Setup Page 21.9.1 Rule Configuration User define Page 21.10 Bandwidth Monitor Page Dynamic DNS Setup 22.1 Dynamic DNS Overview 22.2 Configuring Dynamic DNS Figure 157 Dynamic DNS Page Page Remote Management Configuration 23.1 Remote Management Overview 23.2 Introduction to HTTPS 23.3 WWW 23.4 Telnet 23.5 Configuring Telnet 23.6 Configuring FTP 23.7 SNMP 23.7.1Supported MIBs 23.7.2 SNMP Traps 23.7.3 Configuring SNMP SNMP Page 23.8 Configuring DNS 23.9 Configuring ICMP Page 23.10 TR-069 Page Page Universal Plug-and-Play(UPnP) 24.1 Introducing Universal Plug and Play 24.2 UPnP and ZyXEL 24.3 Installing UPnP in Windows Example Communications Universal Plug and Play Add/Remove Programs Properties Installing UPnP in Windows XP 1Click Start and Control Panel 2Double-click Network Connections Network Connections Optional Networking Components … 24.4Using UPnP in Windows XP Example Page Page Web Configurator Easy Access 1Click Start and then Control Panel 3Select My Network Places under Other Places Local Network Invoke Page Page System 25.1 General Setup and System Name Page 25.2 Time Setting Page Page Page Logs 26.1 Logs Overview 26.2 Viewing the Logs 26.3 Configuring Log Settings Access Control Page 26.4 SMTP Error Messages Page Tools 27.1 Introduction 27.2 Filename Conventions 27.3 File Maintenance Over WAN 27.4Firmware Upgrade Screen Firmware Upload in Progress 27.5 Backup and Restore 27.5.1 Backup Configuration Backup 27.5.2 Restore Configuration 27.5.3 Reset to Factory Defaults 27.6 Restart 27.7 Using FTP or TFTP to Back Up Configuration 27.7.2FTP Command Configuration Backup Example 27.7.3 Configuration Backup Using GUI-basedFTP Clients 27.7.4 Backup Configuration Using TFTP 27.7.5 TFTP Command Configuration Backup Example 27.8 Using FTP or TFTP to Restore Configuration 27.9 FTP and TFTP Firmware and Configuration File Uploads 27.9.2 FTP Session Example of Firmware File Upload 27.9.3 TFTP File Upload 27.9.4 TFTP Upload Command Example Page Diagnostic 28.1 General Diagnostic 28.2 DSL Line Diagnostic Page Page Page Troubleshooting 29.1 Problems Starting Up the ZyXEL Device 29.2 Problems with the LAN 29.3 Problems with the WAN 29.4 Problems Accessing the ZyXEL Device 29.4.1.1 Internet Explorer Pop-upBlockers 2Select Settings…to open the Pop-upBlocker Settings screen Allowed sites 29.4.1.2JavaScripts Custom Level Scripting Active scripting Scripting of Java applets 29.4.1.3 Java Permissions 2make sure that Use Java 2 for <applet> under Java (Sun) is selected 29.5 Telephone Problems Page Specification Tables Firmware Specifications Page Page Page Page P-2608HW/HWL-DxSeries Power Adaptor Specifications Windows 95/98/Me Installing Components Protocol Microsoft manufacturers Client Configuring Obtain an IP address automatically Specify an IP address Subnet Mask Disable DNS Windows 2000/NT/XP Network and Dial-up Connections 3Right-click Local Area Connection and then click Properties Internet Protocol (TCP/IP) Use the following IP Address Subnet mask Default gateway IP Settin IP Settings Macintosh OS 8/9 2Select Ethernet built-in from the Connect via list Using DHCP Server Configure: Macintosh OS Apply Now Page Introduction to IP Addresses IP Address Classes and Network ID Subnet Masks Subnetting Example: Two Subnets Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Page Page Import Prestige Certificates into Netscape Navigator Importing the Prestige’s Certificate into Internet Explorer 2Click Install Certificate to open the Install Certificate wizard Install Certificate Import Certificate Page Enrolling and Importing SSL Client Certificates Installing the CA’s Certificate Installing Your Personal Certificate(s) File name Browse Place all certificates in the following store Using a Certificate When Accessing the Prestige Example Page The Ideal Setup The “Triangle Route” Problem The “Triangle Route” Solutions IP Aliasing Gateways on the WAN Side Page Page Page Table 165 ICMP Logs Table 166 CDR Logs Table 167 PPP Logs Table 168 UPnP Logs Page Page Table 175 SIP Logs Table 176 RTP Logs Log Commands Displaying Logs Log Command Example Internal SPTGEN Overview The Configuration Text File Format Internal SPTGEN FTP Download Example Internal SPTGEN FTP Upload Example Example Internal SPTGEN Screens Table 183 Menu Page Page Page Page Table 185 Menu Page Page Page Page Page Page Page Page Page Page Page Page Page Page Command Examples Page Page Index