ZyXEL Communications AMG1202T10A Wireless N-Lite ADSL2+ 4-port Gateway User Manual AMG1202 T10A Part2

ZyXEL Communications Corporation Wireless N-Lite ADSL2+ 4-port Gateway AMG1202 T10A Part2

Contents

AMG1202-T10A_User manual_Part2

Download: ZyXEL Communications AMG1202T10A Wireless N-Lite ADSL2+ 4-port Gateway User Manual AMG1202 T10A  Part2
Mirror Download [FCC.gov]ZyXEL Communications AMG1202T10A Wireless N-Lite ADSL2+ 4-port Gateway User Manual AMG1202 T10A  Part2
Document ID1610210
Application ID4Fg1TNcVD4ro9IhBZ/S/vg==
Document DescriptionAMG1202-T10A_User manual_Part2
Short Term ConfidentialNo
Permanent ConfidentialNo
SupercedeNo
Document TypeUser Manual
Display FormatAdobe Acrobat PDF - pdf
Filesize361.95kB (4524331 bits)
Date Submitted2011-12-27 00:00:00
Date Available2011-12-27 00:00:00
Creation Date2011-12-12 10:52:18
Producing SoftwareFoxit Phantom - Foxit Corporation
Document Lastmod2011-12-12 10:52:18
Document TitleAMG1202-T10A_User manual_Part2
Document Author: Test

Chapter 18 System Settings
Table 71 Maintenance > System > Time and Date (continued)
LABEL
DESCRIPTION
Manual
Select this radio button to enter the time and date manually. If you configure a
new time and date, Time Zone and Daylight Saving at the same time, the new
time and date you entered has priority and the Time Zone and Daylight Saving
settings do not affect it.
New Time
This field displays the last updated time from the time server or the last time
configured manually.
(hh:mm:ss)
When you set Time and Date Setup to Manual, enter the new time in this field
and then click Apply.
New Date
(yyyy/mm/dd)
This field displays the last updated date from the time server or the last date
configured manually.
When you set Time and Date Setup to Manual, enter the new date in this field
and then click Apply.
Get from Time
Server
Select this radio button to have the ZyXEL Device get the time and date from
the time server you specified below.
Time Server
Address
Enter the IP address or URL (up to 20 extended ASCII characters in length) of
your time server. Check with your ISP/network administrator if you are unsure
of this information.
Time Zone Setup
Time Zone
Choose the time zone of your location. This will set the time difference between
your time zone and Greenwich Mean Time (GMT).
Daylight Savings
Daylight saving is a period from late spring to early fall when many countries set
their clocks ahead of normal local time by one hour to give more daytime light in
the evening.
Select this option if you use Daylight Saving Time.
Start Date
Configure the day and time when Daylight Saving Time starts if you selected
Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a
couple of examples:
Daylight Saving Time starts in most parts of the United States on the second
Sunday of March. Each time zone in the United States starts using Daylight
Saving Time at 2 A.M. local time. So in the United States you would select
Second, Sunday, March and type 2 in the o'clock field.
Daylight Saving Time starts in the European Union on the last Sunday of March.
All of the time zones in the European Union start using Daylight Saving Time at
the same moment (1 A.M. GMT or UTC). So in the European Union you would
select Last, Sunday, March. The time you type in the o'clock field depends on
your time zone. In Germany for instance, you would type 2 because Germany's
time zone is one hour ahead of GMT or UTC (GMT+1).
End Date
Configure the day and time when Daylight Saving Time ends if you selected
Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a
couple of examples:
Daylight Saving Time ends in the United States on the first Sunday of November.
Each time zone in the United States stops using Daylight Saving Time at 2 A.M.
local time. So in the United States you would select First, Sunday, November
and type 2 in the o'clock field.
Daylight Saving Time ends in the European Union on the last Sunday of October.
All of the time zones in the European Union stop using Daylight Saving Time at
the same moment (1 A.M. GMT or UTC). So in the European Union you would
select Last, Sunday, October. The time you type in the o'clock field depends
on your time zone. In Germany for instance, you would type 2 because
Germany's time zone is one hour ahead of GMT or UTC (GMT+1).
AMG1202-T10A User’s Guide
191
Chapter 18 System Settings
Table 71 Maintenance > System > Time and Date (continued)
LABEL
192
DESCRIPTION
Apply
Click this to save your changes.
Cancel
Click this to restore your previously saved settings.
AMG1202-T10A User’s Guide
C HAPTER
19
Logs
19.1 Overview
This chapter contains information about viewing the ZyXEL Device’s logs.
The web configurator allows you to choose which types of events and/or alerts to have the ZyXEL
Device log and then display the logs.
19.1.1 What You Need To Know About Logs
Alerts
An alert is a message that is enabled as soon as the event occurs. They include system errors,
attacks (access control) and attempted access to blocked web sites. Some categories such as
System Errors consist of both logs and alerts. You may differentiate them by their color in the
View Log screen. Alerts display in red and logs display in black.
Logs
A log is a message about an event that occurred on your ZyXEL Device. For example, when
someone logs in to the ZyXEL Device, you can set a schedule for how often logs should be enabled,
or sent to a syslog server.
19.2 The System Log Screen
Use the System Log screen to configure and view the logs you wish to display.
To change your ZyXEL Device’s log settings, click Maintenance > Logs > Log Settings. The
screen appears as shown.
AMG1202-T10A User’s Guide
193
Chapter 19 Logs
Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full.
Selecting many alert and/or log categories (especially Access Control) may result in many e-mails
being sent.
Figure 99 Maintenance > System Logs
The following table describes the fields in this screen.
Table 72 Maintenance > Logs > Log Settings
LABEL
DESCRIPTION
System Log
Log Type
Select the types of logs that you want to display and record. Then click Submit to
display the details.
Clear Log
Click this to delete all the logs.
Save Log
Click this to save the logs in a text file.
19.3 Log Descriptions
This section provides descriptions of example log messages.
Table 73 System Maintenance Logs
194
LOG MESSAGE
DESCRIPTION
Time calibration is
successful
The router has adjusted its time based on information from
the time server.
Time calibration failed
The router failed to get information from the time server.
WAN interface gets IP: %s
A WAN interface got a new IP address from the DHCP,
PPPoE, or dial-up server.
AMG1202-T10A User’s Guide
Chapter 19 Logs
Table 73 System Maintenance Logs (continued)
LOG MESSAGE
DESCRIPTION
DHCP client IP expired
A DHCP client's IP address has expired.
DHCP server assigns %s
The DHCP server assigned an IP address to a client.
Successful WEB login
Someone has logged on to the router's web configurator
interface.
WEB login failed
Someone has failed to log on to the router's web
configurator interface.
Successful TELNET login
Someone has logged on to the router via telnet.
TELNET login failed
Someone has failed to log on to the router via telnet.
Successful FTP login
Someone has logged on to the router via ftp.
FTP login failed
Someone has failed to log on to the router via ftp.
NAT Session Table is Full!
The maximum number of NAT session table entries has been
exceeded and the table is full.
Starting Connectivity
Monitor
Starting Connectivity Monitor.
Time initialized by Daytime
Server
The router got the time and date from the Daytime server.
Time initialized by Time
server
The router got the time and date from the time server.
Time initialized by NTP
server
The router got the time and date from the NTP server.
Connect to Daytime server
fail
The router was not able to connect to the Daytime server.
Connect to Time server fail
The router was not able to connect to the Time server.
Connect to NTP server fail
The router was not able to connect to the NTP server.
Too large ICMP packet has
been dropped
The router dropped an ICMP packet that was too large.
Configuration Change: PC =
0x%x, Task ID = 0x%x
The router is saving configuration changes.
Successful SSH login
Someone has logged on to the router’s SSH server.
SSH login failed
Someone has failed to log on to the router’s SSH server.
Successful HTTPS login
Someone has logged on to the router's web configurator
interface using HTTPS protocol.
HTTPS login failed
Someone has failed to log on to the router's web
configurator interface using HTTPS protocol.
Table 74 System Error Logs
LOG MESSAGE
DESCRIPTION
%s exceeds the max.
number of session per
host!
This attempt to create a NAT session exceeds the maximum
number of NAT session table entries allowed to be created per
host.
setNetBIOSFilter: calloc
error
The router failed to allocate memory for the NetBIOS filter
settings.
AMG1202-T10A User’s Guide
195
Chapter 19 Logs
Table 74 System Error Logs (continued)
LOG MESSAGE
DESCRIPTION
readNetBIOSFilter: calloc
error
The router failed to allocate memory for the NetBIOS filter
settings.
WAN connection is down.
A WAN connection is down. You cannot access the network
through this interface.
Table 75 Access Control Logs
LOG MESSAGE
DESCRIPTION
Firewall default policy: [ TCP |
UDP | IGMP | ESP | GRE | OSPF ]

Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access
matched the default policy and was blocked or
forwarded according to the default policy’s setting.
Firewall rule [NOT] match:[ TCP
| UDP | IGMP | ESP | GRE | OSPF
] , 
Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access
matched (or did not match) a configured firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule.
Triangle route packet forwarded:
[ TCP | UDP | IGMP | ESP | GRE |
OSPF ]
The firewall allowed a triangle route session to pass
through.
Packet without a NAT table entry
blocked: [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]
The router blocked a packet that didn't have a
corresponding NAT table entry.
Router sent blocked web site
message: TCP
The router sent a message to notify a user that the
router blocked access to a web site that the user
requested.
Table 76 TCP Reset Logs
196
LOG MESSAGE
DESCRIPTION
Under SYN flood attack,
sent TCP RST
The router sent a TCP reset packet when a host was under a SYN
flood attack (the TCP incomplete count is per destination host.)
Exceed TCP MAX
incomplete, sent TCP RST
The router sent a TCP reset packet when the number of TCP
incomplete connections exceeded the user configured threshold.
(the TCP incomplete count is per destination host.) Note: Refer
to TCP Maximum Incomplete in the Firewall Attack Alerts
screen.
Peer TCP state out of
order, sent TCP RST
The router sent a TCP reset packet when a TCP connection state
was out of order.Note: The firewall refers to RFC793 Figure 6 to
check the TCP state.
Firewall session time
out, sent TCP RST
The router sent a TCP reset packet when a dynamic firewall
session timed out.Default timeout values:ICMP idle timeout (s):
60UDP idle timeout (s): 60TCP connection (three way
handshaking) timeout (s): 30TCP FIN-wait timeout (s): 60TCP
idle (established) timeout (s): 3600
AMG1202-T10A User’s Guide
Chapter 19 Logs
Table 76 TCP Reset Logs (continued)
LOG MESSAGE
DESCRIPTION
Exceed MAX incomplete,
sent TCP RST
The router sent a TCP reset packet when the number of
incomplete connections (TCP and UDP) exceeded the userconfigured threshold. (Incomplete count is for all TCP and UDP
connections through the firewall.)Note: When the number of
incomplete connections (TCP + UDP) > “Maximum Incomplete
High”, the router sends TCP RST packets for TCP connections and
destroys TOS (firewall dynamic sessions) until incomplete
connections < “Maximum Incomplete Low”.
Access block, sent TCP
RST
The router sends a TCP RST packet and generates this log if you
turn on the firewall TCP reset mechanism (via CI command: "sys
firewall tcprst").
Table 77 Packet Filter Logs
LOG MESSAGE
DESCRIPTION
[ TCP | UDP | ICMP | IGMP |
Generic ] packet filter
matched (set: %d, rule: %d)
Attempted access matched a configured filter rule (denoted
by its set and rule number) and was blocked or forwarded
according to the rule.
For type and code details, see Table 86 on page 200.
Table 78 ICMP Logs
LOG MESSAGE
DESCRIPTION
Firewall default policy: ICMP
, ,

ICMP access matched the default policy and was
blocked or forwarded according to the user's setting.
Firewall rule [NOT] match: ICMP
, ,
, 
ICMP access matched (or didn’t match) a firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule.
Triangle route packet forwarded:
ICMP
The firewall allowed a triangle route session to pass
through.
Packet without a NAT table entry
blocked: ICMP
The router blocked a packet that didn’t have a
corresponding NAT table entry.
Unsupported/out-of-order ICMP:
ICMP
The firewall does not support this kind of ICMP packets
or the ICMP packets are out of order.
Router reply ICMP packet: ICMP
The router sent an ICMP reply packet to the sender.
Table 79 CDR Logs
LOG MESSAGE
DESCRIPTION
board %d line %d channel %d,
call %d, %s C01 Outgoing Call
dev=%x ch=%x %s
The router received the setup requirements for a call. “call”
is the reference (count) number of the call. “dev” is the
device type (3 is for dial-up, 6 is for PPPoE, 10 is for PPTP)
"channel" or “ch” is the call channel ID. For example,"board
0 line 0 channel 0, call 3, C01 Outgoing Call dev=6 ch=0
"Means the router has dialed to the PPPoE server 3 times.
AMG1202-T10A User’s Guide
197
Chapter 19 Logs
Table 79 CDR Logs (continued)
LOG MESSAGE
DESCRIPTION
board %d line %d channel %d,
call %d, %s C02 OutCall
Connected %d %s
The PPPoE, PPTP or dial-up call is connected.
board %d line %d channel %d,
call %d, %s C02 Call
Terminated
The PPPoE, PPTP or dial-up call was disconnected.
Table 80 PPP Logs
LOG MESSAGE
DESCRIPTION
ppp:LCP Starting
The PPP connection’s Link Control Protocol stage has started.
ppp:LCP Opening
The PPP connection’s Link Control Protocol stage is opening.
ppp:CHAP Opening
The PPP connection’s Challenge Handshake Authentication Protocol stage is
opening.
ppp:IPCP
Starting
The PPP connection’s Internet Protocol Control Protocol stage is starting.
ppp:IPCP Opening
The PPP connection’s Internet Protocol Control Protocol stage is opening.
ppp:LCP Closing
The PPP connection’s Link Control Protocol stage is closing.
ppp:IPCP Closing
The PPP connection’s Internet Protocol Control Protocol stage is closing.
Table 81 UPnP Logs
LOG MESSAGE
DESCRIPTION
UPnP pass through Firewall
UPnP packets can pass through the firewall.
Table 82 Content Filtering Logs
LOG MESSAGE
DESCRIPTION
%s: block keyword
The content of a requested web page matched a user defined
keyword.
%s
The system forwarded web content.
For type and code details, see Table 86 on page 200.
Table 83 Attack Logs
198
LOG MESSAGE
DESCRIPTION
attack [ TCP | UDP | IGMP
| ESP | GRE | OSPF ]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack.
attack ICMP (type:%d,
code:%d)
The firewall detected an ICMP attack.
land [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land
attack.
land ICMP (type:%d,
code:%d)
The firewall detected an ICMP land attack.
AMG1202-T10A User’s Guide
Chapter 19 Logs
Table 83 Attack Logs (continued)
LOG MESSAGE
DESCRIPTION
ip spoofing - WAN [ TCP |
UDP | IGMP | ESP | GRE |
OSPF ]
The firewall detected an IP spoofing attack on the WAN port.
ip spoofing - WAN ICMP
(type:%d, code:%d)
The firewall detected an ICMP IP spoofing attack on the WAN
port.
icmp echo : ICMP
(type:%d, code:%d)
The firewall detected an ICMP echo attack.
syn flood TCP
The firewall detected a TCP syn flood attack.
ports scan TCP
The firewall detected a TCP port scan attack.
teardrop TCP
The firewall detected a TCP teardrop attack.
teardrop UDP
The firewall detected an UDP teardrop attack.
teardrop ICMP (type:%d,
code:%d)
The firewall detected an ICMP teardrop attack.
illegal command TCP
The firewall detected a TCP illegal command attack.
NetBIOS TCP
The firewall detected a TCP NetBIOS attack.
ip spoofing - no routing
entry [ TCP | UDP | IGMP
| ESP | GRE | OSPF ]
The firewall classified a packet with no source routing entry as an
IP spoofing attack.
ip spoofing - no routing
entry ICMP (type:%d,
code:%d)
The firewall classified an ICMP packet with no source routing
entry as an IP spoofing attack.
vulnerability ICMP
(type:%d, code:%d)
The firewall detected an ICMP vulnerability attack.
traceroute ICMP (type:%d,
code:%d)
The firewall detected an ICMP traceroute attack.
Table 84 802.1X Logs
LOG MESSAGE
DESCRIPTION
RADIUS accepts user.
A user was authenticated by the RADIUS Server.
RADIUS rejects user. Pls check
RADIUS Server.
A user was not authenticated by the RADIUS Server.
Please check the RADIUS Server.
User logout because of session
timeout expired.
The router logged out a user whose session expired.
User logout because of user
deassociation.
The router logged out a user who ended the session.
User logout because of no
authentication response from
user.
The router logged out a user from which there was no
authentication response.
User logout because of idle
timeout expired.
The router logged out a user whose idle timeout period
expired.
User logout because of user
request.
A user logged out.
No response from RADIUS. Pls
check RADIUS Server.
There is no response message from the RADIUS server,
please check the RADIUS server.
AMG1202-T10A User’s Guide
199
Chapter 19 Logs
Table 84 802.1X Logs (continued)
LOG MESSAGE
DESCRIPTION
Use RADIUS to authenticate user. The RADIUS server is operating as the authentication
server.
No Server to authenticate user.
There is no authentication server to authenticate a user.
Table 85 ACL Setting Notes
PACKET DIRECTION
DIRECTION
DESCRIPTION
(L to W)
LAN to WAN
ACL set for packets traveling from the LAN to the WAN.
(W to L)
WAN to LAN
ACL set for packets traveling from the WAN to the LAN.
(L to L/ZyXEL Device)
LAN to LAN/
ZyXEL Device
ACL set for packets traveling from the LAN to the LAN or
the ZyXEL Device.
(W to W/ZyXEL
Device)
WAN to WAN/
ZyXEL Device
ACL set for packets traveling from the WAN to the WAN
or the ZyXEL Device.
Table 86 ICMP Notes
TYPE
CODE
Echo Reply
Net unreachable
Host unreachable
Protocol unreachable
Port unreachable
A packet that needed fragmentation was dropped because it was set to Don't
Fragment (DF)
Source route failed
Source Quench
A gateway may discard internet datagrams if it does not have the buffer space
needed to queue the datagrams for output to the next network on the route to
the destination network.
Redirect
Redirect datagrams for the Network
Redirect datagrams for the Host
Redirect datagrams for the Type of Service and Network
Redirect datagrams for the Type of Service and Host
Echo
Echo message
Time Exceeded
11
200
Echo reply message
Destination Unreachable
12
DESCRIPTION
Time to live exceeded in transit
Fragment reassembly time exceeded
Parameter Problem
AMG1202-T10A User’s Guide
Chapter 19 Logs
Table 86 ICMP Notes (continued)
TYPE
CODE
DESCRIPTION
Pointer indicates the error
Timestamp
13
Timestamp request message
Timestamp Reply
14
Timestamp reply message
Information Request
15
Information request message
Information Reply
16
Information reply message
Table 87 Syslog Logs
LOG MESSAGE
DESCRIPTION
Mon dd
hr:mm:ss hostname
src=""
dst=""
msg="" note=""
devID="" cat="
"This message is sent by the system ("RAS" displays as
the system name if you haven’t configured one) when the
router generates a syslog. The facility is defined in the
web MAIN MENU->LOGS->Log Settings page. The
severity is the log’s syslog class. The definition of
messages and notes are defined in the various log charts
throughout this appendix. The “devID” is the last three
characters of the MAC address of the router’s LAN port.
The “cat” is the same as the category in the router’s logs.
The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to
RFC 2408 for detailed information on each type.
Table 88 RFC-2408 ISAKMP Payload Types
LOG DISPLAY
PAYLOAD TYPE
SA
Security Association
PROP
Proposal
TRANS
Transform
KE
Key Exchange
ID
Identification
CER
Certificate
CER_REQ
Certificate Request
HASH
Hash
SIG
Signature
NONCE
Nonce
NOTFY
Notification
DEL
Delete
VID
Vendor ID
AMG1202-T10A User’s Guide
201
Chapter 19 Logs
202
AMG1202-T10A User’s Guide
C HAPTER
20
Tools
20.1 Overview
This chapter explains how to upload new firmware, manage configuration files and restart your
ZyXEL Device.
Use the instructions in this chapter to change the device’s configuration file or upgrade its firmware.
After you configure your device, you can backup the configuration file to a computer. That way if
you later misconfigure the device, you can upload the backed up configuration file to return to your
previous settings. You can alternately upload the factory default configuration file if you want to
return the device to the original default settings. The firmware determines the device’s available
features and functionality. You can download new firmware releases from your nearest ZyXEL FTP
site (or www.zyxel.com) to use to upgrade your device’s performance.
Only use firmware for your device’s specific model. Refer to the label on
the bottom of your ZyXEL Device.
20.1.1 What You Can Do in the Tool Screens
• Use the Firmware Upgrade screen (Section 20.2 on page 203) to upload firmware to your
device.
• Use the Configuration screen (Section 20.3 on page 206) to backup and restore device
configurations. You can also reset your device settings back to the factory default.
• Use the Restart screen (Section 20.4 on page 208) to restart your ZyXEL device.
20.2 The Firmware Screen
Click Maintenance > Tools to open the Firmware screen. Follow the instructions in this screen to
upload firmware to your ZyXEL Device. The upload process uses HTTP (Hypertext Transfer Protocol)
and may take up to two minutes. After a successful upload, the system will reboot.
AMG1202-T10A User’s Guide
203
Chapter 20 Tools
Do NOT turn off the ZyXEL Device while firmware upload is in progress!
Figure 100 Maintenance > Tools > Firmware
The following table describes the labels in this screen.
Table 89 Maintenance > Tools > Firmware
LABEL
DESCRIPTION
Current
Firmware
Version
This is the present Firmware version and the date created.
File Path
Type in the location of the file you want to upload in this field or click Browse ...
to find it.
Browse...
Click this to find the .bin file you want to upload. Remember that you must
decompress compressed (.zip) files before you can upload them.
Upload
Click this to begin the upload process. This process may take up to two minutes.
After you see the Firmware Upload in Progress screen, wait two minutes before logging into the
ZyXEL Device again.
Figure 101 Firmware Upload In Progress
204
AMG1202-T10A User’s Guide
Chapter 20 Tools
The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In
some operating systems, you may see the following icon on your desktop.
Figure 102 Network Temporarily Disconnected
After two minutes, log in again and check your new firmware version in the Status screen.
If the upload was not successful, the following screen will appear. Click Return to go back to the
Firmware screen.
Figure 103 Error Message
AMG1202-T10A User’s Guide
205
Chapter 20 Tools
20.3 The Configuration Screen
Click Maintenance > Tools > Configuration. Information related to factory defaults, backup
configuration, and restoring configuration appears in this screen, as shown next.
Figure 104 Maintenance > Tools > Configuration
Backup Configuration
Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file
on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly
recommended that you back up your configuration file before making configuration changes. The
backup configuration file will be useful in case you need to return to your previous settings.
Click Backup to save the ZyXEL Device’s current configuration to your computer.
Restore Configuration
Restore Configuration allows you to upload a new or previously saved configuration file from your
computer to your ZyXEL Device.
Table 90 Restore Configuration
206
LABEL
DESCRIPTION
File Path
Type in the location of the file you want to upload in this field or click Browse ... to
find it.
AMG1202-T10A User’s Guide
Chapter 20 Tools
Table 90 Restore Configuration
LABEL
DESCRIPTION
Browse...
Click this to find the file you want to upload. Remember that you must decompress
compressed (.ZIP) files before you can upload them.
Upload
Click this to begin the upload process.
Do not turn off the ZyXEL Device while configuration file upload is in
progress.
After you see a “restore configuration successful” screen, you must then wait one minute before
logging into the ZyXEL Device again.
Figure 105 Configuration Upload Successful
The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In
some operating systems, you may see the following icon on your desktop.
Figure 106 Network Temporarily Disconnected
If you uploaded the default configuration file you may need to change the IP address of your
computer to be in the same subnet as that of the default device IP address (192.168.1.1). See
Appendix A on page 225 for details on how to set up your computer’s IP address.
If the upload was not successful, the following screen will appear. Click Return to go back to the
Configuration screen.
Figure 107 Configuration Upload Error
AMG1202-T10A User’s Guide
207
Chapter 20 Tools
Reset to Factory Defaults
Click the Reset button to clear all user-entered configuration information and return the ZyXEL
Device to its factory defaults. The following warning screen appears.
Figure 108 Reset Warning Message
Figure 109 Reset In Process Message
You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL
Device. Refer to Section 1.7 on page 25 for more information on the RESET button.
20.4 The Restart Screen
System restart allows you to reboot the ZyXEL Device remotely without turning the power off. You
may need to do this if the ZyXEL Device hangs, for example.
Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does
not affect the ZyXEL Device's configuration.
Figure 110 Maintenance > Tools >Restart
208
AMG1202-T10A User’s Guide
C HAPTER
21
Diagnostic
21.1 Overview
These read-only screens display information to help you identify problems with the ZyXEL Device.
21.1.1 What You Can Do in the Diagnostic Screens
• Use the General screen (Section 21.2 on page 209) to ping an IP address.
• Use the DSL Line screen (Section 21.3 on page 210) to view the DSL line statistics and reset the
ADSL line.
21.2 The General Screen
Use this screen to ping an IP address. Click Maintenance > Diagnostic to open the screen shown
next.
Figure 111 Maintenance > Diagnostic > General
AMG1202-T10A User’s Guide
209
Chapter 21 Diagnostic
The following table describes the fields in this screen.
Table 91 Maintenance > Diagnostic > General
LABEL
DESCRIPTION
TCP/IP
Address
Type the IP address of a computer that you want to ping in order to test a
connection.
Ping
Click this to ping the IP address that you entered.
21.3 The DSL Line Screen
Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance >
Diagnostic > DSL Line to open the screen shown next.
Figure 112 Maintenance > Diagnostic > DSL Line
210
AMG1202-T10A User’s Guide
Chapter 21 Diagnostic
The following table describes the fields in this screen.
Table 92 Maintenance > Diagnostic > DSL Line
LABEL
DESCRIPTION
ATM Status
Click this to view your DSL connection’s Asynchronous Transfer Mode (ATM)
statistics. ATM is a networking technology that provides high-speed data transfer.
ATM uses fixed-size packets of information called cells. With ATM, a high QoS
(Quality of Service) can be guaranteed.
The (Segmentation and Reassembly) SAR driver translates packets into ATM cells.
It also receives ATM cells and reassembles them into packets.
These counters are set back to zero whenever the device starts up.
inPkts is the number of good ATM cells that have been received.
inDiscards is the number of received ATM cells that were rejected.
outPkts is the number of ATM cells that have been sent.
outDiscards is the number of ATM cells sent that were rejected.
inF4Pkts is the number of ATM Operations, Administration, and Management
(OAM) F4 cells that have been received. See ITU recommendation I.610 for more
on OAM for ATM.
outF4Pkts is the number of ATM OAM F4 cells that have been sent.
inF5Pkts is the number of ATM OAM F5 cells that have been received.
outF5Pkts is the number of ATM OAM F5 cells that have been sent.
openChan is the number of times that the ZyXEL Device has opened a logical DSL
channel.
closeChan is the number of times that the ZyXEL Device has closed a logical DSL
channel.
txRate is the number of bytes transmitted per second.
rxRate is the number of bytes received per second.
ATM Loopback
Test
AMG1202-T10A User’s Guide
Click this to start the ATM loopback test. Make sure you have configured at least
one PVC with proper VPIs/VCIs before you begin this test. The ZyXEL Device sends
an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to
the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems
with the DSLAM and ATM network.
211
Chapter 21 Diagnostic
Table 92 Maintenance > Diagnostic > DSL Line (continued)
LABEL
DESCRIPTION
DSL Line Status
Click this to view statistics about the DSL connections.
noise margin downstream is the signal to noise ratio for the downstream part
of the connection (coming into the ZyXEL Device from the ISP). It is measured in
decibels. The higher the number the more signal and less noise there is.
output power upstream is the amount of power (in decibels) that the ZyXEL
Device is using to transmit to the ISP.
attenuation downstream is the reduction in amplitude (in decibels) of the DSL
signal coming into the ZyXEL Device from the ISP.
Discrete Multi-Tone (DMT) modulation divides up a line’s bandwidth into subcarriers (sub-channels) of 4.3125 KHz each called tones. The rest of the display is
the line’s bit allocation. This is displayed as the number (in hexadecimal format) of
bits transmitted for each tone. This can be used to determine the quality of the
connection, whether a given sub-carrier loop has sufficient margins to support
certain ADSL transmission rates, and possibly to determine whether particular
specific types of interference or line attenuation exist. Refer to the ITU-T G.992.1
recommendation for more information on DMT.
The better (or shorter) the line, the higher the number of bits transmitted for a
DMT tone. The maximum number of bits that can be transmitted per DMT tone is
15. There will be some tones without any bits as there has to be space between
the upstream and downstream channels.
Reset ADSL Line
Click this to reinitialize the ADSL line. The large text box above then displays the
progress and results of this operation, for example:
"Start to reset ADSL
Loading ADSL modem F/W...
Reset ADSL Line Successfully!"
Capture All Logs
212
Click this to display information and statistics about your ZyXEL Device’s ATM
statistics, DSL connection statistics, DHCP settings, firmware version, WAN and
gateway IP address, VPI/VCI and LAN IP address.
AMG1202-T10A User’s Guide
C HAPTER
22
Troubleshooting
This chapter offers some suggestions to solve problems you might encounter. The potential
problems are divided into the following categories.
• Power, Hardware Connections, and LEDs
• ZyXEL Device Access and Login
• Internet Access
22.1 Power, Hardware Connections, and LEDs
The ZyXEL Device does not turn on. None of the LEDs turn on.
Make sure the ZyXEL Device is turned on.
Make sure you are using the power adaptor or cord included with the ZyXEL Device.
Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an
appropriate power source. Make sure the power source is turned on.
Turn the ZyXEL Device off and on.
If the problem continues, contact the vendor.
One of the LEDs does not behave as expected.
Make sure you understand the normal behavior of the LED. See Section 1.6 on page 24.
Check the hardware connections.
Inspect your cables for damage. Contact the vendor to replace any damaged cables.
Turn the ZyXEL Device off and on.
If the problem continues, contact the vendor.
AMG1202-T10A User’s Guide
213
Chapter 22 Troubleshooting
22.2 ZyXEL Device Access and Login
I forgot the IP address for the ZyXEL Device.
The default IP address is 192.168.1.1.
If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL
Device by looking up the IP address of the default gateway for your computer. To do this in most
Windows computers, click Start > Run, enter cmd, and then enter ipconfig. The IP address of the
Default Gateway might be the IP address of the ZyXEL Device (it depends on the network), so
enter this IP address in your Internet browser.
If this does not work, you have to reset the device to its factory defaults. See Section 1.7 on page
25.
I forgot the password.
The default admin password is 1234.
If this does not work, you have to reset the device to its factory defaults. See Section 1.7 on page
25.
I cannot see or access the Login screen in the web configurator.
Make sure you are using the correct IP address.
• The default IP address is 192.168.1.1.
• If you changed the IP address (Section 7.2 on page 86), use the new IP address.
• If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I
forgot the IP address for the ZyXEL Device.
Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick
Start Guide.
Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java
enabled. See Appendix C on page 255.
Reset the device to its factory defaults, and try to access the ZyXEL Device with the default IP
address. See Section 1.7 on page 25.
If the problem continues, contact the network administrator or vendor, or try one of the advanced
suggestions.
Advanced Suggestions
214
AMG1202-T10A User’s Guide
Chapter 22 Troubleshooting
• Try to access the ZyXEL Device using another service, such as Telnet. If you can access the
ZyXEL Device, check the remote management settings and firewall rules to find out why the
ZyXEL Device does not respond to HTTP.
• If your computer is connected to the WAN port or is connected wirelessly, use a computer that is
connected to a ETHERNET port.
I can see the Login screen, but I cannot log in to the ZyXEL Device.
Make sure you have entered the password correctly. The default admin password is 1234. The field
is case-sensitive, so make sure [Caps Lock] is not on.
You cannot log in to the web configurator while someone is using Telnet to access the ZyXEL Device.
Log out of the ZyXEL Device in the other session, or ask the person who is logged in to log out.
Turn the ZyXEL Device off and on.
If this does not work, you have to reset the device to its factory defaults. See Section 22.1 on page
213.
I cannot Telnet to the ZyXEL Device.
See the troubleshooting suggestions for I cannot see or access the Login screen in the web
configurator. Ignore the suggestions about your browser.
I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload
new firmware.
See the troubleshooting suggestions for I cannot see or access the Login screen in the web
configurator. Ignore the suggestions about your browser.
22.3 Internet Access
I cannot access the Internet.
Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick
Start Guide and Section 1.6 on page 24.
Make sure you entered your ISP account information correctly in the wizard. These fields are casesensitive, so make sure [Caps Lock] is not on.
AMG1202-T10A User’s Guide
215
Chapter 22 Troubleshooting
If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless
client are the same as the settings in the AP.
If you are trying to access the Internet wirelessly, make sure you enabled the wireless LAN and
have selected the correct channel in the Wireless LAN > AP screen.
Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again.
If the problem continues, contact your ISP.
I cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device),
but my Internet connection is not available anymore.
Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick
Start Guide and Section 1.6 on page 24.
Turn the ZyXEL Device off and on.
If the problem continues, contact your ISP.
The Internet connection is slow or intermittent.
There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.6 on page 24.
If the ZyXEL Device is sending or receiving a lot of information, try closing some programs that use
the Internet, especially peer-to-peer applications.
Check the signal strength. If the signal strength is low, try moving your computer closer to the
ZyXEL Device if possible, and look around to see if there are any devices that might be interfering
with the wireless network (for example, microwaves, other wireless networks, and so on).
Turn the ZyXEL Device off and on.
If the problem continues, contact the network administrator or vendor, or try one of the advanced
suggestions.
Advanced Suggestions
• Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you
might consider raising or lowering the priority for some applications.
216
AMG1202-T10A User’s Guide
C HAPTER
23
Product Specifications
The following tables summarize the ZyXEL Device’s hardware and firmware features.
23.1 Hardware Specifications
Table 93 Hardware Specifications
Dimensions
133 x 61 x 163 mm
Weight
215g
Power Specification
12VDC 1A
Built-in Switch
Four auto-negotiating, auto MDI/MDI-X 10/100 Mbps RJ-45 Ethernet ports
ADSL Port
1 RJ-11 FXS POTS port
RESET Button
Restores factory defaults
Antenna
1 internal antenna, 3dBi
WPS Button
1 second: turn on or off WLAN
5 seconds: enable WPS (Wi-Fi Protected Setup)
Operation Temperature
0º C ~ 40º C
Storage Temperature
-20º ~ 60º C
Operation Humidity
20% ~ 90% RH
Storage Humidity
20% ~ 90% RH
23.2 Firmware Specifications
Table 94 Firmware Specifications
Default IP Address
192.168.1.1
Default Subnet Mask
255.255.255.0 (24 bits)
Default Admin Password
1234
DHCP Server IP Pool
192.168.1.32 to 192.168.1.64
Static DHCP Addresses
10
URL Filtering
URL web page blocking
Static Routes
16
Device Management
Use the web configurator to easily configure the rich range of features on
the ZyXEL Device.
AMG1202-T10A User’s Guide
217
Chapter 23 Product Specifications
Table 94 Firmware Specifications (continued)
Wireless Functionality
(wireless devices only)
Firmware Upgrade
Allow the IEEE 802.11b/g/n wireless clients to connect to the ZyXEL
Device wirelessly. Enable wireless security (WEP, WPA(2), WPA(2)-PSK)
and/or MAC filtering to protect your wireless network.
Download new firmware (when available) from the ZyXEL web site and use
the web configurator to put it on the ZyXEL Device.
Note: Only upload firmware for your specific model!
Configuration Backup &
Restoration
Make a copy of the ZyXEL Device’s configuration. You can put it back on
the ZyXEL Device later if you decide to revert back to an earlier
configuration.
Network Address
Translation (NAT)
Each computer on your network must have its own unique IP address. Use
NAT to convert your public IP address(es) to multiple private IP addresses
for the computers on your network.
Port Forwarding
If you have a server (mail or web server for example) on your network,
you can use this feature to let people access it from the Internet.
DHCP (Dynamic Host
Configuration Protocol)
Use this feature to have the ZyXEL Device assign IP addresses, an IP
default gateway and DNS servers to computers on your network. Your
device can also act as a surrogate DHCP server (DHCP Relay) where it
relays IP address assignment from the actual real DHCP server to the
clients.
Dynamic DNS Support
With Dynamic DNS (Domain Name System) support, you can use a fixed
URL, www.zyxel.com for example, with a dynamic IP address. You must
register for this service with a Dynamic DNS service provider.
IP Multicast
IP multicast is used to send traffic to a specific group of computers. The
ZyXEL Device supports versions 1 and 2 of IGMP (Internet Group
Management Protocol) used to join multicast groups (see RFC 2236).
Time and Date
Get the current time and date from an external server when you turn on
your ZyXEL Device. You can also set the time manually. These dates and
times are then used in logs.
Logs
Use logs for troubleshooting. You can send logs from the ZyXEL Device to
an external syslog server.
Universal Plug and Play
(UPnP)
A UPnP-enabled device can dynamically join a network, obtain an IP
address and convey its capabilities to other devices on the network.
Firewall
Your device has a stateful inspection firewall with DoS (Denial of Service)
protection. By default, when the firewall is activated, all incoming traffic
from the WAN to the LAN is blocked unless it is initiated from the LAN. The
firewall supports TCP/UDP inspection, DoS detection and prevention, real
time alerts, reports and logs.
URL Filtering
URL filtering allows you to block access to Internet web sites of certain
URL that you specify.
QoS (Quality of Service) You can efficiently manage traffic on your network by reserving bandwidth
and giving priority to certain types of traffic and/or to particular
computers.
Remote Management
This allows you to decide whether a service (HTTP or FTP traffic for
example) from a computer on a network (LAN or WAN for example) can
access the ZyXEL Device.
PPPoE Support
(RFC2516)
PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up
connection. It allows your ISP to use their existing network configuration
with newer broadband technologies such as ADSL. The PPPoE driver on
your device is transparent to the computers on the LAN, which see only
Ethernet and are not aware of PPPoE thus saving you from having to
manage PPPoE clients on individual computers.
Other PPPoE Features
PPPoE idle time out
PPPoE dial on demand
218
AMG1202-T10A User’s Guide
Chapter 23 Product Specifications
Table 94 Firmware Specifications (continued)
Multiple PVC
(Permanent Virtual
Circuits) Support
Your device supports up to 8 Permanent Virtual Circuits (PVCs).
IP Alias
IP alias allows you to partition a physical network into logical networks
over the same Ethernet interface. Your device supports three logical LAN
interfaces via its single physical Ethernet interface with the your device
itself as the gateway for each LAN network.
Packet Filters
Your device’s packet filtering function allows added network security and
management.
ADSL Standards
Support Multi-Mode standard (ANSI T1.413, Issue 2; G.dmt (G.992.1);
G.lite (G992.2))
EOC specified in ITU-T G.992.1
ADSL2 G.dmt.bis (G.992.3)
ADSL2 G.lite.bis (G.992.4)
ADSL2+ (G.992.5)
Reach Extended ADSL (RE ADSL)
SRA (Seamless Rate Adaptation)
Auto-negotiating rate adaptation
ADSL physical connection ATM AAL5 (ATM Adaptation Layer type 5)
Support multi-protocol over AAL5 (RFC2684/1483)
Support PPP over ATM AAL5 (RFC2364)
PPP over Ethernet support for DSL connection (RFC 2516)
Support VC-based and LLC-based multiplexing
Support up to 8 PVCs
I.610 F4/F5 OAM
TR-067/TR-100 supported
AMG1202-T10A User’s Guide
219
Chapter 23 Product Specifications
Table 94 Firmware Specifications (continued)
Other Protocol Support
SIP pass-through
DNS Proxy
Dynamic DNS (www.dyndns.org)
IP Alias
DHCP client/server/relay
RIP I/ RIP II supported
Support 16 IP Static routes by Gateway
IGMP v1 and v2
IP Policy Routing
UPnP support
Transparent bridging, VLAN-tagging pass-through bridge mode
Static DHCP
Management
Embedded Web Configurator(remove webhelp)
SNMP v1 & v2c with MIB II
Remote Management Control: Telnet, FTP, and Web.
TR-069 HTTPS
MTU adjustable on WebGUI
SMT
23.3 Wireless Features
Table 95 Wireless Features
220
Internal Antenna
The ZyXEL Device is equipped with one internal antenna to provide a
clear radio signal between the wireless stations and the access
points.
Wireless LAN MAC Address
Filtering
Your device can check the MAC addresses of wireless stations
against a list of allowed or denied MAC addresses.
WEP Encryption
WEP (Wired Equivalent Privacy) encrypts data frames before
transmitting over the wireless network to help keep network
communications private.
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i
security standard. Key differences between WPA and WEP are user
authentication and improved data encryption.
WPA2
WPA 2 is a wireless security standard that defines stronger
encryption, authentication and key management than WPA.
AMG1202-T10A User’s Guide
Chapter 23 Product Specifications
Table 95 Wireless Features
WMM QoS
WMM (Wi-Fi MultiMedia) QoS (Quality of Service) allows you to
prioritize wireless traffic according to the delivery requirements of
individual services.
Other Wireless Features
WDS(wireless client: G-570S v2)
IEEE 802.11n Compliance
Frequency Range:2.4 GHz
Advanced Orthogonal Frequency Division Multiplexing (OFDM)
Data Rates:150Mbps and Auto Fallback
EIRP: 22dBm
Wired Equivalent Privacy (WEP) Data Encryption 64/128
WLAN bridge to LAN
32 MAC Address filter
WPA, WPA-PSK, WPA2, WPA2-PSK
WPS
IEEE 802.1x (EAP-MD5, TLS and TTLS)
WMM
WDS
Multi BSSID (4 BSSIDs)
Wireless Scheduling
The following list, which is not exhaustive, illustrates the standards supported in the ZyXEL Device.
Table 96 Standards Supported
STANDARD
DESCRIPTION
RFC 867
Daytime Protocol
RFC 868
Time Protocol.
RFC 1058
RIP-1 (Routing Information Protocol)
RFC 1112
IGMP v1
RFC 1305
Network Time Protocol (NTP version 3)
RFC 1483
Multiprotocol Encapsulation over ATM Adaptation Layer 5
RFC 1631
IP Network Address Translator (NAT)
RFC 1661
The Point-to-Point Protocol (PPP)
RFC 1723
RIP-2 (Routing Information Protocol)
RFC 2236
Internet Group Management Protocol, Version 2.
RFC 2364
PPP over AAL5 (PPP over ATM over ADSL)
RFC 2408
Internet Security Association and Key Management Protocol (ISAKMP)
RFC 2516
A Method for Transmitting PPP Over Ethernet (PPPoE)
RFC 2684
Multiprotocol Encapsulation over ATM Adaptation Layer 5.
RFC 2766
Network Address Translation - Protocol
IEEE 802.11
Also known by the brand Wi-Fi, denotes a set of Wireless LAN/WLAN
standards developed by working group 11 of the IEEE LAN/MAN
Standards Committee (IEEE 802).
IEEE 802.11b
Uses the 2.4 gigahertz (GHz) band
AMG1202-T10A User’s Guide
221
Chapter 23 Product Specifications
Table 96 Standards Supported (continued)
STANDARD
DESCRIPTION
IEEE 802.11g
Uses the 2.4 gigahertz (GHz) band
IEEE 802.11n
Uses the 2.4 gigahertz (GHz) band
IEEE 802.11g+
Turbo and Super G modes
IEEE 802.11d
Standard for Local and Metropolitan Area Networks: Media Access
Control (MAC) Bridges
IEEE 802.11x
Port Based Network Access Control.
IEEE 802.11e QoS
IEEE 802.11 e Wireless LAN for Quality of Service
ANSI T1.413, Issue 2
Asymmetric Digital Subscriber Line (ADSL) standard.
G dmt(G.992.1)
G.992.1 Asymmetrical Digital Subscriber Line (ADSL) Transceivers
ITU G.992.1 (G.DMT)
ITU standard for ADSL using discrete multitone modulation.
ITU G.992.2 (G. Lite)
ITU standard for ADSL using discrete multitone modulation.
ITU G.992.3 (G.dmt.bis)
ITU standard (also referred to as ADSL2) that extends the capability of
basic ADSL in data rates.
ITU G.992.4 (G.lite.bis)
ITU standard (also referred to as ADSL2) that extends the capability of
basic ADSL in data rates.
ITU G.992.5 (ADSL2+)
ITU standard (also referred to as ADSL2+) that extends the capability of
basic ADSL by doubling the number of downstream bits.
Microsoft PPTP
MS PPTP (Microsoft's implementation of Point to Point Tunneling Protocol)
MBM v2
Media Bandwidth Management v2
RFC 2383
ST2+ over ATM Protocol Specification - UNI 3.1 Version
TR-069
TR-069 DSL Forum Standard for CPE Wan Management.
1.363.5
Compliant AAL5 SAR (Segmentation And Re-assembly)
23.4 Power Adaptor Specifications
Table 97 ZyXEL Device Series Power Adaptor Specifications
NORTH AMERICAN PLUG
STANDARDS
AC Power Adapter Model
12V 1A SOCB PA
Input Power
AC 120Volts/60Hz
Output Power
DC 12Volts/1.0A
Power Consumption
7.7 Watt max
Safety Standards
ANSI/UL 60950-1, CSA 60950-1
EUROPEAN PLUG
STANDARDS
AC Power Adapter Model
222
Input Power
AC 230Volts/50Hz
Output Power
DC 12Volts/1.0A
Power Consumption
8.3 Watt max
Safety Standards
CE, GS or TUV, EN60950-1
AMG1202-T10A User’s Guide
Chapter 23 Product Specifications
AMG1202-T10A User’s Guide
223
Chapter 23 Product Specifications
224
AMG1202-T10A User’s Guide
A PPENDIX
Setting up Your Computer’s IP Address
All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed.
Windows 95/98/Me/NT/2000/XP/Vista, Macintosh OS 7 and later operating systems and all versions
of UNIX/LINUX include the software components you need to install and use TCP/IP on your
computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS 7 and
later operating systems.
After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to
"communicate" with your network.
If you manually assign IP information instead of using dynamic assignment, make sure that your
computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port.
Windows 95/98/Me
Click Start, Settings, Control Panel and double-click the Network icon to open the Network
window.
Figure 113 WIndows 95/98/Me: Network: Configuration
AMG1202-T10A User’s Guide
225
Appendix A Setting up Your Computer’s IP Address
Installing Components
The Network window Configuration tab displays a list of installed components. You need a
network adapter, the TCP/IP protocol and Client for Microsoft Networks.
If you need the adapter:
In the Network window, click Add.
Select Adapter and then click Add.
Select the manufacturer and model of your network adapter and then click OK.
If you need TCP/IP:
In the Network window, click Add.
Select Protocol and then click Add.
Select Microsoft from the list of manufacturers.
Select TCP/IP from the list of network protocols and then click OK.
If you need Client for Microsoft Networks:
Click Add.
Select Client and then click Add.
Select Microsoft from the list of manufacturers.
Select Client for Microsoft Networks from the list of network clients and then click OK.
Restart your computer so the changes you made take effect.
Configuring
In the Network window Configuration tab, select your network adapter's TCP/IP entry and click
Properties
Click the IP Address tab.
• If your IP address is dynamic, select Obtain an IP address automatically.
226
AMG1202-T10A User’s Guide
Appendix A Setting up Your Computer’s IP Address
• If you have a static IP address, select Specify an IP address and type your information into
the IP Address and Subnet Mask fields.
Figure 114 Windows 95/98/Me: TCP/IP Properties: IP Address
Click the DNS Configuration tab.
• If you do not know your DNS information, select Disable DNS.
• If you know your DNS information, select Enable DNS and type the information in the fields
below (you may not need to fill them all in).
Figure 115 Windows 95/98/Me: TCP/IP Properties: DNS Configuration
AMG1202-T10A User’s Guide
227
Appendix A Setting up Your Computer’s IP Address
Click the Gateway tab.
• If you do not know your gateway’s IP address, remove previously installed gateways.
• If you have a gateway IP address, type it in the New gateway field and click Add.
Click OK to save and close the TCP/IP Properties window.
Click OK to close the Network window. Insert the Windows CD if prompted.
Turn on your ZyXEL Device and restart your computer when prompted.
Verifying Settings
Click Start and then Run.
In the Run window, type "winipcfg" and then click OK to open the IP Configuration window.
Select your network adapter. You should see your computer's IP address, subnet mask and default
gateway.
Windows 2000/NT/XP
The following example figures use the default Windows XP GUI theme.
Click start (Start in Windows 2000/NT), Settings, Control Panel.
Figure 116 Windows XP: Start Menu
228
AMG1202-T10A User’s Guide
Appendix A Setting up Your Computer’s IP Address
In the Control Panel, double-click Network Connections (Network and Dial-up Connections
in Windows 2000/NT).
Figure 117 Windows XP: Control Panel
Right-click Local Area Connection and then click Properties.
Figure 118 Windows XP: Control Panel: Network Connections: Properties
AMG1202-T10A User’s Guide
229
Appendix A Setting up Your Computer’s IP Address
Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties.
Figure 119 Windows XP: Local Area Connection Properties
The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
• If you have a dynamic IP address click Obtain an IP address automatically.
• If you have a static IP address click Use the following IP Address and fill in the IP address,
Subnet mask, and Default gateway fields.
230
AMG1202-T10A User’s Guide
Appendix A Setting up Your Computer’s IP Address
• Click Advanced.
Figure 120 Windows XP: Internet Protocol (TCP/IP) Properties
If you do not know your gateway's IP address, remove any previously installed gateways in the IP
Settings tab and click OK.
Do one or more of the following if you want to configure additional IP addresses:
• In the IP Settings tab, in IP addresses, click Add.
• In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask,
and then click Add.
• Repeat the above two steps for each IP address you want to add.
• Configure additional default gateways in the IP Settings tab by clicking Add in Default
gateways.
• In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To
manually configure a default metric (the number of transmission hops), clear the Automatic
metric check box and type a metric in Metric.
• Click Add.
• Repeat the previous three steps for each default gateway you want to add.
AMG1202-T10A User’s Guide
231
Appendix A Setting up Your Computer’s IP Address
• Click OK when finished.
Figure 121 Windows XP: Advanced TCP/IP Properties
In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP):
• Click Obtain DNS server address automatically if you do not know your DNS server IP
address(es).
• If you know your DNS server IP address(es), click Use the following DNS server
addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
232
AMG1202-T10A User’s Guide
Appendix A Setting up Your Computer’s IP Address
If you have previously configured DNS servers, click Advanced and then the DNS tab to order
them.
Figure 122 Windows XP: Internet Protocol (TCP/IP) Properties
Click OK to close the Internet Protocol (TCP/IP) Properties window.
Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.
10
Close the Network Connections window (Network and Dial-up Connections in Windows
2000/NT).
11 Turn on your ZyXEL Device and restart your computer (if prompted).
Verifying Settings
Click Start, All Programs, Accessories and then Command Prompt.
In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open
Network Connections, right-click a network connection, click Status and then click the Support
tab.
Windows Vista
This section shows screens from Windows Vista Enterprise Version 6.0.
AMG1202-T10A User’s Guide
233
Appendix A Setting up Your Computer’s IP Address
Click the Start icon, Control Panel.
Figure 123 Windows Vista: Start Menu
In the Control Panel, double-click Network and Internet.
Figure 124 Windows Vista: Control Panel
Click Network and Sharing Center.
Figure 125 Windows Vista: Network And Internet
234
AMG1202-T10A User’s Guide
Appendix A Setting up Your Computer’s IP Address
Click Manage network connections.
Figure 126 Windows Vista: Network and Sharing Center
Right-click Local Area Connection and then click Properties.
Note: During this procedure, click Continue whenever Windows displays a screen saying
that it needs your permission to continue.
Figure 127 Windows Vista: Network and Sharing Center
AMG1202-T10A User’s Guide
235
Appendix A Setting up Your Computer’s IP Address
Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Figure 128 Windows Vista: Local Area Connection Properties
The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab).
• If you have a dynamic IP address click Obtain an IP address automatically.
• If you have a static IP address click Use the following IP address and fill in the IP address,
Subnet mask, and Default gateway fields.
236
AMG1202-T10A User’s Guide
Appendix A Setting up Your Computer’s IP Address
• Click Advanced.
Figure 129 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties
If you do not know your gateway's IP address, remove any previously installed gateways in the IP
Settings tab and click OK.
Do one or more of the following if you want to configure additional IP addresses:
• In the IP Settings tab, in IP addresses, click Add.
• In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask,
and then click Add.
• Repeat the above two steps for each IP address you want to add.
• Configure additional default gateways in the IP Settings tab by clicking Add in Default
gateways.
• In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To
manually configure a default metric (the number of transmission hops), clear the Automatic
metric check box and type a metric in Metric.
• Click Add.
• Repeat the previous three steps for each default gateway you want to add.
AMG1202-T10A User’s Guide
237
Appendix A Setting up Your Computer’s IP Address
• Click OK when finished.
Figure 130 Windows Vista: Advanced TCP/IP Properties
In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab):
• Click Obtain DNS server address automatically if you do not know your DNS server IP
address(es).
• If you know your DNS server IP address(es), click Use the following DNS server
addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
238
AMG1202-T10A User’s Guide
Appendix A Setting up Your Computer’s IP Address
If you have previously configured DNS servers, click Advanced and then the DNS tab to order
them.
Figure 131 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties
10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window.
11 Click Close to close the Local Area Connection Properties window.
12
Close the Network Connections window.
13 Turn on your ZyXEL Device and restart your computer (if prompted).
Verifying Settings
Click Start, All Programs, Accessories and then Command Prompt.
In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open
Network Connections, right-click a network connection, click Status and then click the Support
tab.
AMG1202-T10A User’s Guide
239
Appendix A Setting up Your Computer’s IP Address
Macintosh OS 8/9
Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control
Panel.
Figure 132 Macintosh OS 8/9: Apple Menu
240
AMG1202-T10A User’s Guide
Appendix A Setting up Your Computer’s IP Address
Select Ethernet built-in from the Connect via list.
Figure 133 Macintosh OS 8/9: TCP/IP
For dynamically assigned settings, select Using DHCP Server from the Configure: list.
For statically assigned settings, do the following:
• From the Configure box, select Manually.
• Type your IP address in the IP Address box.
• Type your subnet mask in the Subnet mask box.
• Type the IP address of your ZyXEL Device in the Router address box.
Close the TCP/IP Control Panel.
Click Save if prompted, to save changes to your configuration.
Turn on your ZyXEL Device and restart your computer (if prompted).
Verifying Settings
Check your TCP/IP properties in the TCP/IP Control Panel window.
Macintosh OS X
Click the Apple menu, and click System Preferences to open the System Preferences window.
Figure 134 Macintosh OS X: Apple Menu
Click Network in the icon bar.
• Select Automatic from the Location list.
AMG1202-T10A User’s Guide
241
Appendix A Setting up Your Computer’s IP Address
• Select Built-in Ethernet from the Show list.
• Click the TCP/IP tab.
For dynamically assigned settings, select Using DHCP from the Configure list.
Figure 135 Macintosh OS X: Network
For statically assigned settings, do the following:
• From the Configure box, select Manually.
• Type your IP address in the IP Address box.
• Type your subnet mask in the Subnet mask box.
• Type the IP address of your ZyXEL Device in the Router address box.
Click Apply Now and close the window.
Turn on your ZyXEL Device and restart your computer (if prompted).
Verifying Settings
Check your TCP/IP properties in the Network window.
242
AMG1202-T10A User’s Guide
Appendix A Setting up Your Computer’s IP Address
Linux
This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0.
Procedure, screens and file location may vary depending on your Linux distribution and release
version.
Note: Make sure you are logged in as the root administrator.
Using the K Desktop Environment (KDE)
Follow the steps below to configure your computer IP address using the KDE.
Click the Red Hat button (located on the bottom left corner), select System Setting and click
Network.
Figure 136 Red Hat 9.0: KDE: Network Configuration: Devices
AMG1202-T10A User’s Guide
243
Appendix A Setting up Your Computer’s IP Address
Double-click on the profile of the network card you wish to configure. The Ethernet Device
General screen displays as shown.
Figure 137 Red Hat 9.0: KDE: Ethernet Device: General
• If you have a dynamic IP address, click Automatically obtain IP address settings with and
select dhcp from the drop down list.
• If you have a static IP address, click Statically set IP Addresses and fill in the Address,
Subnet mask, and Default Gateway Address fields.
Click OK to save the changes and close the Ethernet Device General screen.
If you know your DNS server IP address(es), click the DNS tab in the Network Configuration
screen. Enter the DNS server information in the fields provided.
Figure 138 Red Hat 9.0: KDE: Network Configuration: DNS
244
Click the Devices tab.
AMG1202-T10A User’s Guide
Appendix A Setting up Your Computer’s IP Address
Click the Activate button to apply the changes. The following screen displays. Click Yes to save
the changes in all screens.
Figure 139 Red Hat 9.0: KDE: Network Configuration: Activate
After the network card restart process is complete, make sure the Status is Active in the Network
Configuration screen.
Using Configuration Files
Follow the steps below to edit the network configuration files and set your computer IP address.
Assuming that you have only one network card on the computer, locate the ifconfig-eth0
configuration file (where eth0 is the name of the Ethernet card). Open the configuration file with
any plain text editor.
• If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure
shows an example.
Figure 140 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
USERCTL=no
PEERDNS=yes
TYPE=Ethernet
• If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed
by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet
mask. The following example shows an example where the static IP address is 192.168.1.10
and the subnet mask is 255.255.255.0.
Figure 141 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0
USERCTL=no
PEERDNS=yes
TYPE=Ethernet
AMG1202-T10A User’s Guide
245
Appendix A Setting up Your Computer’s IP Address
If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf
file in the /etc directory. The following figure shows an example where two DNS server IP
addresses are specified.
Figure 142 Red Hat 9.0: DNS Settings in resolv.conf
nameserver 172.23.5.1
nameserver 172.23.5.2
After you edit and save the configuration files, you must restart the network card. Enter ./network
restart in the /etc/rc.d/init.d directory. The following figure shows an example.
Figure 143 Red Hat 9.0: Restart Ethernet Card
[root@localhost init.d]# network restart
Shutting down interface eth0:
Shutting down loopback interface:
Setting network parameters:
Bringing up loopback interface:
Bringing up interface eth0:
[OK]
[OK]
[OK]
[OK]
[OK]
Verifying Settings
Enter ifconfig in a terminal screen to check your TCP/IP properties.
Figure 144 Red Hat 9.0: Checking TCP/IP Properties
[root@localhost]# ifconfig
eth0
Link encap:Ethernet HWaddr 00:50:BA:72:5B:44
inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:717 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb)
Interrupt:10 Base address:0x1000
[root@localhost]#
246
AMG1202-T10A User’s Guide
A PPENDIX
IP Addresses and Subnetting
This appendix introduces IP addresses and subnet masks.
IP addresses identify individual devices on a network. Every networking device (including
computers, servers, routers, printers, etc.) needs an IP address to communicate across the
network. These networking devices are also known as hosts.
Subnet masks determine the maximum number of possible hosts on a network. You can also use
subnet masks to divide one network into multiple sub-networks.
Introduction to IP Addresses
One part of the IP address is the network number, and the other part is the host ID. In the same
way that houses on a street share a common street name, the hosts on a network share a common
network number. Similarly, as each house has its own house number, each host on the network has
its own unique identifying number - the host ID. Routers use the network number to send packets
to the correct network, while the host ID determines to which host on the network the packets are
delivered.
Structure
An IP address is made up of four parts, written in dotted decimal notation (for example,
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary
number (for example 11000000, which is 192 in decimal notation).
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in
decimal.
AMG1202-T10A User’s Guide
247
Appendix B IP Addresses and Subnetting
The following figure shows an example IP address in which the first three octets (192.168.1) are
the network number, and the fourth octet (16) is the host ID.
Figure 145 Network Number and Host ID
How much of the IP address is the network number and how much is the host ID varies according
to the subnet mask.
Subnet Masks
A subnet mask is used to determine which bits are part of the network number, and which bits are
part of the host ID (using a logical AND operation). The term “subnet” is short for “sub-network”.
A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP
address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit
in the IP address is part of the host ID.
The following example shows a subnet mask identifying the network number (in bold text) and host
ID of an IP address (192.168.1.2 in decimal).
Table 98 Subnet Masks
1ST OCTET: 2ND
OCTET:
(192)
(168)
3RD
OCTET:
4TH OCTET
(1)
(2)
IP Address (Binary)
11000000
10101000
00000001
00000010
Subnet Mask (Binary)
11111111
11111111
11111111
00000000
Network Number
11000000
10101000
00000001
Host ID
00000010
By convention, subnet masks always consist of a continuous sequence of ones beginning from the
leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.
248
AMG1202-T10A User’s Guide
Appendix B IP Addresses and Subnetting
Subnet masks can be referred to by the size of the network number part (the bits with a “1” value).
For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24
bits are zeroes.
Subnet masks are expressed in dotted decimal notation just like IP addresses. The following
examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks.
Table 99 Subnet Masks
BINARY
DECIMAL
1ST
OCTET
2ND
OCTET
3RD
OCTET
4TH OCTET
8-bit mask
11111111
00000000
00000000
00000000
255.0.0.0
16-bit mask
11111111
11111111
00000000
00000000
255.255.0.0
24-bit mask
11111111
11111111
11111111
00000000
255.255.255.0
29-bit mask
11111111
11111111
11111111
11111000
255.255.255.248
Network Size
The size of the network number determines the maximum number of possible hosts you can have
on your network. The larger the number of network number bits, the smaller the number of
remaining host ID bits.
An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit
subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that
network (192.168.1.255 with a 24-bit subnet mask, for example).
As these two IP addresses cannot be used for individual hosts, calculate the maximum number of
possible hosts in a network as follows:
Table 100 Maximum Host Numbers
SUBNET MASK
HOST ID SIZE
MAXIMUM NUMBER OF HOSTS
24
8 bits
255.0.0.0
24 bits
16 bits
255.255.0.0
16 bits
216 – 2
65534
24 bits
255.255.255.0
8 bits
28 – 2
254
29 bits
255.255.255.24
3 bits
–2
2 –2
16777214
Notation
Since the mask is always a continuous number of ones beginning from the left, followed by a
continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the
number of ones instead of writing the value of each octet. This is usually specified by writing a “/”
followed by the number of bits in the mask after the address.
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128.
AMG1202-T10A User’s Guide
249
Appendix B IP Addresses and Subnetting
The following table shows some possible subnet masks using both notations.
Table 101 Alternative Subnet Mask Notation
SUBNET MASK
ALTERNATIVE
NOTATION
LAST OCTET
(BINARY)
LAST OCTET
(DECIMAL)
255.255.255.0
/24
0000 0000
255.255.255.128
/25
1000 0000
128
255.255.255.192
/26
1100 0000
192
255.255.255.224
/27
1110 0000
224
255.255.255.240
/28
1111 0000
240
255.255.255.248
/29
1111 1000
248
255.255.255.252
/30
1111 1100
252
Subnetting
You can use subnetting to divide one network into multiple sub-networks. In the following example
a network administrator creates two sub-networks to isolate a group of servers from the rest of the
company network for security reasons.
In this example, the company network address is 192.168.1.0. The first three octets of the address
(192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum
of 28 – 2 or 254 possible hosts.
The following figure shows the company network before subnetting.
Figure 146 Subnetting Example: Before Subnetting
You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate subnetworks. The subnet mask is now 25 bits (255.255.255.128 or /25).
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25
and 192.168.1.128 /25.
250
AMG1202-T10A User’s Guide
Appendix B IP Addresses and Subnetting
The following figure shows the company network after subnetting. There are now two subnetworks, A and B.
Figure 147 Subnetting Example: After Subnetting
In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126
possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s
broadcast address).
192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask
255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to
an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126.
Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.
Example: Four Subnets
The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two
subnets. Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID
bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits
(11111111.11111111.11111111.11000000) or 255.255.255.192.
Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all
zeroes is the subnet itself, all ones is the subnet’s broadcast address).
Table 102 Subnet 1
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
IP Address (Decimal)
192.168.1.
IP Address (Binary)
11000000.10101000.00000001.
00000000
Subnet Mask (Binary)
11111111.11111111.11111111.
11000000
AMG1202-T10A User’s Guide
251
Appendix B IP Addresses and Subnetting
Table 102 Subnet 1 (continued)
IP/SUBNET MASK
NETWORK NUMBER
Subnet Address:
192.168.1.0
Lowest Host ID: 192.168.1.1
Broadcast Address:
192.168.1.63
Highest Host ID: 192.168.1.62
LAST OCTET BIT
VALUE
Table 103 Subnet 2
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
IP Address
192.168.1.
64
IP Address (Binary)
11000000.10101000.00000001.
01000000
Subnet Mask (Binary)
11111111.11111111.11111111.
11000000
Subnet Address:
192.168.1.64
Lowest Host ID: 192.168.1.65
Broadcast Address:
192.168.1.127
Highest Host ID: 192.168.1.126
Table 104 Subnet 3
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT VALUE
IP Address
192.168.1.
128
IP Address (Binary)
11000000.10101000.00000001.
10000000
Subnet Mask (Binary)
11111111.11111111.11111111.
11000000
Subnet Address:
192.168.1.128
Lowest Host ID: 192.168.1.129
Broadcast Address:
192.168.1.191
Highest Host ID: 192.168.1.190
Table 105 Subnet 4
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT VALUE
IP Address
192.168.1.
192
IP Address (Binary)
11000000.10101000.00000001.
11000000
Subnet Mask (Binary)
11111111.11111111.11111111.
11000000
Subnet Address:
192.168.1.192
Lowest Host ID: 192.168.1.193
Broadcast Address:
192.168.1.255
Highest Host ID: 192.168.1.254
Example: Eight Subnets
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111).
The following table shows IP address last octet values for each subnet.
Table 106 Eight Subnets
252
SUBNET
SUBNET
ADDRESS
FIRST ADDRESS
LAST
ADDRESS
BROADCAST
ADDRESS
30
31
32
33
62
63
AMG1202-T10A User’s Guide
Appendix B IP Addresses and Subnetting
Table 106 Eight Subnets (continued)
SUBNET
SUBNET
ADDRESS
FIRST ADDRESS
LAST
ADDRESS
BROADCAST
ADDRESS
64
65
94
95
96
97
126
127
128
129
158
159
160
161
190
191
192
193
222
223
224
225
254
255
Subnet Planning
The following table is a summary for subnet planning on a network with a 24-bit network number.
Table 107 24-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
255.255.255.128 (/25)
126
255.255.255.192 (/26)
62
255.255.255.224 (/27)
30
255.255.255.240 (/28)
16
14
255.255.255.248 (/29)
32
255.255.255.252 (/30)
64
255.255.255.254 (/31)
128
The following table is a summary for subnet planning on a network with a 16-bit network number.
Table 108 16-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
255.255.128.0 (/17)
32766
255.255.192.0 (/18)
16382
255.255.224.0 (/19)
8190
255.255.240.0 (/20)
16
4094
255.255.248.0 (/21)
32
2046
255.255.252.0 (/22)
64
1022
255.255.254.0 (/23)
128
510
255.255.255.0 (/24)
256
254
255.255.255.128 (/25)
512
126
10
255.255.255.192 (/26)
1024
62
11
255.255.255.224 (/27)
2048
30
12
255.255.255.240 (/28)
4096
14
13
255.255.255.248 (/29)
8192
14
255.255.255.252 (/30)
16384
15
255.255.255.254 (/31)
32768
AMG1202-T10A User’s Guide
253
Appendix B IP Addresses and Subnetting
Configuring IP Addresses
Where you obtain your network number depends on your particular situation. If the ISP or your
network administrator assigns you a block of registered IP addresses, follow their instructions in
selecting the IP addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single user
account and the ISP will assign you a dynamic IP address when the connection is established. If this
is the case, it is recommended that you select a network number from 192.168.0.0 to
192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses
specifically for private use; please do not use any other number unless you are told otherwise. You
must also enable Network Address Translation (NAT) on the ZyXEL Device.
Once you have decided on the network number, pick an IP address for your ZyXEL Device that is
easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network
is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will
compute the subnet mask automatically based on the IP address that you entered. You don't need
to change the subnet mask computed by the ZyXEL Device unless you are instructed to do
otherwise.
Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are isolated from the
Internet (running only between two branch offices, for example) you can assign any IP addresses to
the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has
reserved the following three blocks of IP addresses specifically for private networks:
• 10.0.0.0
• 172.16.0.0
— 10.255.255.255
— 172.31.255.255
• 192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private
network. If you belong to a small organization and your Internet access is through an ISP, the ISP
can provide you with the Internet addresses for your local networks. On the other hand, if you are
part of a much larger organization, you should consult your network administrator for the
appropriate IP addresses.
Regardless of your particular situation, do not create an arbitrary IP address; always follow the
guidelines above. For more information on address assignment, please refer to RFC 1597, Address
Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.
254
AMG1202-T10A User’s Guide
A PPENDIX
Pop-up Windows, JavaScripts and Java
Permissions
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device.
• JavaScripts (enabled by default).
• Java permissions (enabled by default).
Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer
versions may vary.
Internet Explorer Pop-up Blockers
You may have to disable pop-up blocking to log into your device.
Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow
pop-up blocking and create an exception for your device’s IP address.
Disable Pop-up Blockers
In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker.
Figure 148 Pop-up Blocker
You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab.
In Internet Explorer, select Tools, Internet Options, Privacy.
AMG1202-T10A User’s Guide
255
Appendix C Pop-up Windows, JavaScripts and Java Permissions
Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any
web pop-up blockers you may have enabled.
Figure 149 Internet Options: Privacy
Click Apply to save this setting.
Enable Pop-up Blockers with Exceptions
Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
256
In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
AMG1202-T10A User’s Guide
Appendix C Pop-up Windows, JavaScripts and Java Permissions
Select Settings…to open the Pop-up Blocker Settings screen.
Figure 150 Internet Options: Privacy
Type the IP address of your device (the web page that you do not want to have blocked) with the
prefix “http://”. For example, http://192.168.167.1.
AMG1202-T10A User’s Guide
257
Appendix C Pop-up Windows, JavaScripts and Java Permissions
Click Add to move the IP address to the list of Allowed sites.
Figure 151 Pop-up Blocker Settings
Click Close to return to the Privacy screen.
Click Apply to save this setting.
JavaScripts
If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts
are allowed.
258
AMG1202-T10A User’s Guide
Appendix C Pop-up Windows, JavaScripts and Java Permissions
In Internet Explorer, click Tools, Internet Options and then the Security tab.
Figure 152 Internet Options: Security
Click the Custom Level... button.
Scroll down to Scripting.
Under Active scripting make sure that Enable is selected (the default).
Under Scripting of Java applets make sure that Enable is selected (the default).
AMG1202-T10A User’s Guide
259
Appendix C Pop-up Windows, JavaScripts and Java Permissions
Click OK to close the window.
Figure 153 Security Settings - Java Scripting
Java Permissions
260
From Internet Explorer, click Tools, Internet Options and then the Security tab.
Click the Custom Level... button.
Scroll down to Microsoft VM.
Under Java permissions make sure that a safety level is selected.
AMG1202-T10A User’s Guide
Appendix C Pop-up Windows, JavaScripts and Java Permissions
Click OK to close the window.
Figure 154 Security Settings - Java
JAVA (Sun)
From Internet Explorer, click Tools, Internet Options and then the Advanced tab.
Make sure that Use Java 2 for  under Java (Sun) is selected.
AMG1202-T10A User’s Guide
261
Appendix C Pop-up Windows, JavaScripts and Java Permissions
Click OK to close the window.
Figure 155 Java (Sun)
Mozilla Firefox
Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary.
You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the
screen that appears.
Figure 156 Mozilla Firefox: Tools > Options
262
AMG1202-T10A User’s Guide
Appendix C Pop-up Windows, JavaScripts and Java Permissions
Click Content.to show the screen below. Select the check boxes as shown in the following screen.
Figure 157 Mozilla Firefox Content Security
AMG1202-T10A User’s Guide
263
Appendix C Pop-up Windows, JavaScripts and Java Permissions
264
AMG1202-T10A User’s Guide
A PPENDIX
Wireless LANs
Wireless LAN Topologies
This section discusses ad-hoc and infrastructure wireless LAN topologies.
Ad-hoc Wireless LAN Configuration
The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of
computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within
range of each other, they can set up an independent network, which is commonly referred to as an
ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an example
of notebook computers using wireless adapters to form an ad-hoc wireless LAN.
Figure 158 Peer-to-Peer Communication in an Ad-hoc Network
BSS
A Basic Service Set (BSS) exists when all communications between wireless clients or between a
wireless client and a wired network client go through one access point (AP).
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless
client A and B can access the wired network and communicate with each other. When Intra-BSS is
AMG1202-T10A User’s Guide
265
Appendix D Wireless LANs
disabled, wireless client A and B can still access the wired network but cannot communicate with
each other.
Figure 159 Basic Service Set
ESS
An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access
point, with each access point connected together by a wired network. This wired connection
between APs is called a Distribution System (DS).
This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only
provide communication with the wired network but also mediate wireless network traffic in the
immediate neighborhood.
266
AMG1202-T10A User’s Guide
Appendix D Wireless LANs
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated
wireless clients within the same ESS must have the same ESSID in order to communicate.
Figure 160 Infrastructure WLAN
Channel
A channel is the radio frequency(ies) used by wireless devices to transmit and receive data.
Channels available depend on your geographical area. You may have a choice of channels (for your
region) so you should use a channel different from an adjacent AP (access point) to reduce
interference. Interference occurs when radio signals from different access points overlap causing
interference and degrading performance.
Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should
be on a channel at least five channels away from a channel that an adjacent AP is using. For
example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to
select a channel between 6 or 11.
RTS/CTS
A hidden node occurs when two stations are within range of the same access point, but are not
within range of each other. The following figure illustrates a hidden node. Both stations (STA) are
within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they
AMG1202-T10A User’s Guide
267
Appendix D Wireless LANs
cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore,
they are considered hidden from each other.
Figure 161
RTS/CTS
When station A sends data to the AP, it might not know that the station B is already using the
channel. If these two stations send data at the same time, collisions may occur when both sets of
data arrive at the AP at the same time, resulting in a loss of messages for both stations.
RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest
size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is
invoked.
When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station
that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for
permission to send it. The AP then responds with a CTS (Clear to Send) message to all other
stations within its range to notify them to defer their transmission. It also reserves and confirms
with the requesting station the time frame for the requested transmission.
Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS
(Request To Send)/CTS (Clear to Send) handshake.
You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and
the "cost" of resending large frames is more than the extra network overhead involved in the RTS
(Request To Send)/CTS (Clear to Send) handshake.
If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be
fragmented before they reach RTS/CTS size.
Note: Enabling the RTS Threshold causes redundant network overhead that could
negatively affect the throughput performance instead of providing a remedy.
Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes)
that can be sent in the wireless network before the AP will fragment the packet into smaller data
frames.
A large Fragmentation Threshold is recommended for networks not prone to interference while
you should set a smaller threshold for busy networks or networks that are prone to interference.
268
AMG1202-T10A User’s Guide
Appendix D Wireless LANs
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you
set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames
will be fragmented before they reach RTS/CTS size.
Preamble Type
Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of
the synchronization field in a packet.
Short preamble increases performance as less time sending preamble means more time for sending
data. All IEEE 802.11 compliant wireless adapters support long preamble, but not all support short
preamble.
Use long preamble if you are unsure what preamble mode other wireless devices on the network
support, and to provide more reliable communications in busy wireless networks.
Use short preamble if you are sure all wireless devices on the network support it, and to provide
more efficient communications.
Use the dynamic setting to automatically use short preamble when all wireless devices on the
network support it, otherwise the ZyXEL Device uses long preamble.
Note: The wireless devices MUST use the same preamble mode in order to communicate.
IEEE 802.11g Wireless LAN
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b
adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or
lower depending on range. IEEE 802.11g has several intermediate rate steps between the
maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows:
Table 109 IEEE 802.11g
DATA RATE (MBPS)
MODULATION
DBPSK (Differential Binary Phase Shift Keyed)
DQPSK (Differential Quadrature Phase Shift Keying)
5.5 / 11
CCK (Complementary Code Keying)
6/9/12/18/24/36/48/
54
OFDM (Orthogonal Frequency Division Multiplexing)
Wireless Security Overview
Wireless security is vital to your network to protect wireless communication between wireless
clients, access points and the wired network.
Wireless security methods available on the ZyXEL Device are data encryption, wireless client
authentication, restricting access by device MAC address and hiding the ZyXEL Device identity.
AMG1202-T10A User’s Guide
269
Appendix D Wireless LANs
The following figure shows the relative effectiveness of these wireless security methods available on
your ZyXEL Device.
Table 110 Wireless Security Levels
SECURITY
LEVEL
Least
Secure
SECURITY TYPE
Unique SSID (Default)
Unique SSID with Hide SSID Enabled
MAC Address Filtering
WEP Encryption
IEEE802.1x EAP with RADIUS Server Authentication
Wi-Fi Protected Access (WPA)
WPA2
Most Secure
Note: You must enable the same wireless security settings on the ZyXEL Device and on all
wireless clients that you want to associate with it.
IEEE 802.1x
In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to
support extended authentication as well as providing additional accounting and control features. It
is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x
are:
• User based identification that allows for roaming.
• Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for
centralized user profile and accounting management on a network RADIUS server.
• Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional
authentication methods to be deployed with no changes to the access point or the wireless
clients.
RADIUS
RADIUS is based on a client-server model that supports authentication, authorization and
accounting. The access point is the client and the server is the RADIUS server. The RADIUS server
handles the following tasks:
• Authentication
Determines the identity of the users.
• Authorization
Determines the network services available to authenticated users once they are connected to the
network.
• Accounting
Keeps track of the client’s network activity.
270
AMG1202-T10A User’s Guide
Appendix D Wireless LANs
RADIUS is a simple package exchange in which your AP acts as a message relay between the
wireless client and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the RADIUS
server for user authentication:
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The access point
sends a proper response from the user and then sends another Access-Request message.
The following types of RADIUS messages are exchanged between the access point and the RADIUS
server for user accounting:
• Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared secret
key, which is a password, they both know. The key is not sent over the network. In addition to the
shared key, password information exchanged is also encrypted to protect the network from
unauthorized access.
Types of EAP Authentication
This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and
LEAP. Your wireless LAN device may not support all authentication types.
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE
802.1x transport mechanism in order to support multiple types of user authentication. By using EAP
to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a
RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that
supports IEEE 802.1x. .
For EAP-TLS authentication type, you must first have a wired connection to the network and obtain
the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used
to authenticate users and a CA issues certificates and guarantees the identity of each certificate
owner.
AMG1202-T10A User’s Guide
271
Appendix D Wireless LANs
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by
encrypting the password with the challenge and sends back the information. Password is not sent in
plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to get
the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session key. You
must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for
mutual authentication. The server presents a certificate to the client. After validating the identity of
the server, the client sends a different certificate to the server. The exchange of certificates is done
in the open before a secured tunnel is created. This makes user identity vulnerable to passive
attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity.
However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which
imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the serverside authentications to establish a secure connection. Client authentication is then done by sending
username and password through the secure connection, thus client identity is protected. For client
authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP,
CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then
use simple username and password methods through the secured connection to authenticate the
clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5,
EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is
implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when the
wireless connection times out, disconnects or reauthentication times out. A new WEP key is
generated each time reauthentication is performed.
272
AMG1202-T10A User’s Guide
Appendix D Wireless LANs
If this feature is enabled, it is not necessary to configure a default encryption key in the wireless
security configuration screen. You may still configure and store keys, but they will not be used while
dynamic WEP is enabled.
Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic
keys for data encryption. They are often deployed in corporate environments, but for public
deployment, a simple user name and password pair is more practical. The following table is a
comparison of the features of authentication types.
Table 111 Comparison of EAP Authentication Types
EAP-MD5
EAP-TLS
EAP-TTLS
PEAP
LEAP
Mutual Authentication
No
Yes
Yes
Yes
Yes
Certificate – Client
No
Yes
Optional
Optional
No
Certificate – Server
No
Yes
Yes
Yes
No
Dynamic Key Exchange
No
Yes
Yes
Yes
Yes
Credential Integrity
None
Strong
Strong
Strong
Moderate
Deployment Difficulty
Easy
Hard
Moderate
Moderate
Moderate
Client Identity Protection
No
No
Yes
Yes
No
WPA and WPA2
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a
wireless security standard that defines stronger encryption, authentication and key management
than WPA.
Key differences between WPA or WPA2 and WEP are improved data encryption and user
authentication.
If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use
WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use
WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into
each access point, wireless gateway and wireless client. As long as the passwords match, a wireless
client will be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on
whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less
secure than WPA or WPA2.
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity
Check (MIC) and IEEE 802.1x. WPA2 also uses TKIP when required for compatibility reasons, but
offers stronger encryption than TKIP with Advanced Encryption Standard (AES) in the Counter
mode with Cipher block chaining Message authentication code Protocol (CCMP).
TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server.
AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm
AMG1202-T10A User’s Guide
273
Appendix D Wireless LANs
called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check
(MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is
never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key
hierarchy and management system, using the PMK to dynamically generate unique data encryption
keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless
clients. This all happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets,
altering them and resending them. The MIC provides a strong mathematical function in which the
receiver and the transmitter each compute and then compare the MIC. If they do not match, it is
assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi
network than WEP and difficult for an intruder to break into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference
between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force
password-guessing attacks but it’s still an improvement over WEP as it employs a consistent,
single, alphanumeric password to derive a PMK which is used to generate unique temporal
encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of
WEP)
User Authentication
WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange
messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a
network. Other WPA2 authentication features that are different from WPA include key caching and
pre-authentication. These two features are optional and may not be supported in all wireless
devices.
Key caching allows a wireless client to store the PMK it derived through a successful authentication
with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not
need to go with the authentication process again.
Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an
AP) to perform IEEE 802.1x authentication with another AP before connecting to it.
Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the wireless
client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch
for Windows XP, Funk Software's Odyssey client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero
Configuration" wireless client. However, you must run Windows XP to use it.
274
AMG1202-T10A User’s Guide
Appendix D Wireless LANs
WPA(2) with RADIUS Application Example
To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812),
and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server
looks as follows. "A" is the RADIUS server. "DS" is the distribution system.
The AP passes the wireless client's authentication request to the RADIUS server.
The RADIUS server then checks the user's identification against its database and grants or denies
network access accordingly.
A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS
server and the client.
The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and
management system, using the PMK to dynamically generate unique data encryption keys. The
keys are used to encrypt every data packet that is wirelessly communicated between the AP and
the wireless clients.
Figure 162 WPA(2) with RADIUS Application Example
WPA(2)-PSK Application Example
A WPA(2)-PSK application looks as follows.
First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must
consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and
symbols).
The AP checks each wireless client's password and allows it to join the network only if the password
matches.
The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not
sent over the network, but is derived from the PSK and the SSID.
AMG1202-T10A User’s Guide
275
Appendix D Wireless LANs
The AP and wireless clients use the TKIP or AES encryption process, the PMK and information
exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data
exchanged between them.
Figure 163 WPA(2)-PSK Authentication
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each
authentication method or key management protocol type. MAC address filters are not dependent on
how you configure these security features.
Table 112 Wireless Security Relational Matrix
AUTHENTICATION
ENCRYPTIO
METHOD/ KEY
MANAGEMENT PROTOCOL N METHOD
ENTER
MANUAL KEY
IEEE 802.1X
Open
No
Disable
None
Enable without Dynamic WEP Key
Open
Shared
WEP
WEP
No
Enable with Dynamic WEP Key
Yes
Enable without Dynamic WEP Key
Yes
Disable
No
Enable with Dynamic WEP Key
Yes
Enable without Dynamic WEP Key
Yes
Disable
WPA
TKIP/AES
No
Enable
WPA-PSK
TKIP/AES
Yes
Disable
WPA2
TKIP/AES
No
Enable
WPA2-PSK
TKIP/AES
Yes
Disable
Antenna Overview
An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to
the antenna, which propagates the signal through the air. The antenna also operates in reverse by
capturing RF signals from the air.
Positioning the antennas properly increases the range and coverage area of a wireless LAN.
276
AMG1202-T10A User’s Guide
Appendix D Wireless LANs
Antenna Characteristics
Frequency
An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.11a)
is needed to communicate efficiently in a wireless LAN
Radiation Pattern
A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage
area.
Antenna Gain
Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width.
Higher antenna gain improves the range of the signal for better communications.
For an indoor site, each 1 dB increase in antenna gain results in a range increase of approximately
2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a range increase of
approximately 5%. Actual results may vary depending on the network environment.
Antenna gain is sometimes specified in dBi, which is how much the antenna increases the signal
power compared to using an isotropic antenna. An isotropic antenna is a theoretical perfect antenna
that sends out radio signals equally well in all directions. dBi represents the true gain that the
antenna provides.
Types of Antennas for WLAN
There are two types of antennas used for wireless LAN applications.
• Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The
coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room
environment. With a wide coverage area, it is possible to make circular overlapping coverage
areas with multiple access points.
• Directional antennas concentrate the RF signal in a beam, like a flashlight does with the light
from its bulb. The angle of the beam determines the width of the coverage pattern. Angles
typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional
antennas are ideal for hallways and outdoor point-to-point applications.
Positioning Antennas
In general, antennas should be mounted as high as practically possible and free of obstructions. In
point-to–point application, position both antennas at the same height and in a direct line of sight to
each other to attain the best performance.
For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For
omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single AP
application, place omni-directional antennas as close to the center of the coverage area as possible.
For directional antennas, point the antenna in the direction of the desired coverage area.
AMG1202-T10A User’s Guide
277
Appendix D Wireless LANs
278
AMG1202-T10A User’s Guide
A PPENDIX
Services
The following table lists some commonly-used services and their associated protocols and port
numbers.
• Name: This is a short, descriptive name for the service. You can use this one or create a
different one, if you like.
• Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service
uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP
protocol number, not the port number.
• Port(s): This value depends on the Protocol.
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.
• If the Protocol is USER, this is the IP protocol number.
• Description: This is a brief explanation of the applications that use this service or the situations
in which this service is used.
AMG1202-T10A User’s Guide
279
Appendix E Services
Table 113 Examples of Services
NAME
280
PROTOCOL
PORT(S)
DESCRIPTION
AH (IPSEC_TUNNEL) User-Defined
51
The IPSEC AH (Authentication Header)
tunneling protocol uses this service.
AIM
TCP
5190
AOL’s Internet Messenger service.
AUTH
TCP
113
Authentication protocol used by some
servers.
BGP
TCP
179
Border Gateway Protocol.
BOOTP_CLIENT
UDP
68
DHCP Client.
BOOTP_SERVER
UDP
67
DHCP Server.
CU-SEEME
TCP/UDP
7648
TCP/UDP
24032
A popular videoconferencing solution from
White Pines Software.
DNS
TCP/UDP
53
Domain Name Server, a service that
matches web names (for instance
www.zyxel.com) to IP numbers.
ESP
(IPSEC_TUNNEL)
User-Defined
50
The IPSEC ESP (Encapsulation Security
Protocol) tunneling protocol uses this
service.
FINGER
TCP
79
Finger is a UNIX or Internet related
command that can be used to find out if a
user is logged on.
FTP
TCP
20
TCP
21
File Transfer Protocol, a program to enable
fast transfer of files, including large files
that may not be possible by e-mail.
H.323
TCP
1720
NetMeeting uses this protocol.
HTTP
TCP
80
Hyper Text Transfer Protocol - a client/
server protocol for the world wide web.
HTTPS
TCP
443
HTTPS is a secured http session often used
in e-commerce.
ICMP
User-Defined
Internet Control Message Protocol is often
used for diagnostic purposes.
ICQ
UDP
4000
This is a popular Internet chat program.
IGMP (MULTICAST)
User-Defined
Internet Group Multicast Protocol is used
when sending packets to a specific group
of hosts.
IKE
UDP
500
The Internet Key Exchange algorithm is
used for key distribution and management.
IMAP4
TCP
143
The Internet Message Access Protocol is
used for e-mail.
IMAP4S
TCP
993
This is a more secure version of IMAP4 that
runs over SSL.
IRC
TCP/UDP
6667
This is another popular Internet chat
program.
MSN Messenger
TCP
1863
Microsoft Networks’ messenger service
uses this protocol.
NetBIOS
TCP/UDP
137
TCP/UDP
138
The Network Basic Input/Output System is
used for communication between
computers in a LAN.
TCP/UDP
139
TCP/UDP
445
AMG1202-T10A User’s Guide
Appendix E Services
Table 113 Examples of Services (continued)
NAME
PROTOCOL
PORT(S)
DESCRIPTION
NEW-ICQ
TCP
5190
An Internet chat program.
NEWS
TCP
144
A protocol for news groups.
NFS
UDP
2049
Network File System - NFS is a client/
server distributed file service that provides
transparent file sharing for network
environments.
NNTP
TCP
119
Network News Transport Protocol is the
delivery mechanism for the USENET
newsgroup service.
PING
User-Defined
Packet INternet Groper is a protocol that
sends out ICMP echo requests to test
whether or not a remote host is reachable.
POP3
TCP
110
Post Office Protocol version 3 lets a client
computer get e-mail from a POP3 server
through a temporary connection (TCP/IP or
other).
POP3S
TCP
995
This is a more secure version of POP3 that
runs over SSL.
PPTP
TCP
1723
Point-to-Point Tunneling Protocol enables
secure transfer of data over public
networks. This is the control channel.
PPTP_TUNNEL (GRE) User-Defined
47
PPTP (Point-to-Point Tunneling Protocol)
enables secure transfer of data over public
networks. This is the data channel.
RCMD
TCP
512
Remote Command Service.
REAL_AUDIO
TCP
7070
A streaming audio service that enables real
time sound over the web.
REXEC
TCP
514
Remote Execution Daemon.
RLOGIN
TCP
513
Remote Login.
ROADRUNNER
TCP/UDP
1026
This is an ISP that provides services mainly
for cable modems.
RTELNET
TCP
107
Remote Telnet.
RTSP
TCP/UDP
554
The Real Time Streaming (media control)
Protocol (RTSP) is a remote control for
multimedia on the Internet.
SFTP
TCP
115
The Simple File Transfer Protocol is an old
way of transferring files between
computers.
SMTP
TCP
25
Simple Mail Transfer Protocol is the
message-exchange standard for the
Internet. SMTP enables you to move
messages from one e-mail server to
another.
SMTPS
TCP
465
This is a more secure version of SMTP that
runs over SSL.
SNMP
TCP/UDP
161
Simple Network Management Program.
SNMP-TRAPS
TCP/UDP
162
Traps for use with the SNMP (RFC:1215).
AMG1202-T10A User’s Guide
281
Appendix E Services
Table 113 Examples of Services (continued)
282
NAME
PROTOCOL
PORT(S)
DESCRIPTION
SQL-NET
TCP
1521
Structured Query Language is an interface
to access data on many different types of
database systems, including mainframes,
midrange systems, UNIX systems and
network servers.
SSDP
UDP
1900
The Simple Service Discovery Protocol
supports Universal Plug-and-Play (UPnP).
SSH
TCP/UDP
22
Secure Shell Remote Login Program.
STRM WORKS
UDP
1558
Stream Works Protocol.
SYSLOG
UDP
514
Syslog allows you to send system logs to a
UNIX server.
TACACS
UDP
49
Login Host Protocol used for (Terminal
Access Controller Access Control System).
TELNET
TCP
23
Telnet is the login and terminal emulation
protocol common on the Internet and in
UNIX environments. It operates over TCP/
IP networks. Its primary function is to
allow users to log into remote host
systems.
VDOLIVE
TCP
7000
UDP
userdefined
A videoconferencing solution. The UDP port
number is specified in the application.
AMG1202-T10A User’s Guide
A PPENDIX
Legal Information
Copyright
Copyright © 2010 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise,
without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the patent
rights of others. ZyXEL further reserves the right to make changes in any products described herein
without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications,
Inc. Other trademarks mentioned in this publication are used for identification purposes only and
may be properties of their respective owners.
Certifications
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause
undesired operations.
This device has been tested and found to comply with the limits for a Class B digital device pursuant
to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against
harmful interference in a residential installation. This device generates, uses, and can radiate radio
frequency energy, and if not installed and used in accordance with the instructions, may cause
harmful interference to radio communications. However, there is no guarantee that interference will
not occur in a particular installation.
AMG1202-T10A User’s Guide
283
Appendix F Legal Information
If this device does cause harmful interference to radio/television reception, which can be
determined by turning the device off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and the receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement
• This transmitter must not be co-located or operating in conjunction with any other antenna or
transmitter.
• IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to channels 1
through 11.
• To comply with FCC RF exposure compliance requirements, a separation distance of at least 20
cm must be maintained between the antenna of this device and all persons.
注意 !
依據
低功率電波輻射性電機管理辦法
第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用
者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。
第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現
有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。
前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍
受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。
減少電磁波影響,請妥適使用。
Notices
Changes or modifications not expressly approved by the party responsible for compliance could
void the user's authority to operate the equipment.
This device has been designed for the WLAN 2.4 GHz network throughout the EC region and
Switzerland, with restrictions in France.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
284
AMG1202-T10A User’s Guide
Appendix F Legal Information
Viewing Certifications
Go to http://www.zyxel.com.
Select your product on the ZyXEL home page to go to that product's page.
Select the certification you wish to view from this page.
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in
materials or workmanship for a period of up to two years from the date of purchase. During the
warranty period, and upon proof of purchase, should the product have indications of failure due to
faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective
products or components without charge for either parts or labor, and to whatever extent it shall
deem necessary to restore the product or components to proper operating condition. Any
replacement will consist of a new or re-manufactured functionally equivalent product of equal or
higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the
product has been modified, misused, tampered with, damaged by an act of God, or subjected to
abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser.
This warranty is in lieu of all other warranties, express or implied, including any implied warranty of
merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for
indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material
Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that
the unit be insured when shipped. Any returned products without proof of purchase or those with
an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer
will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the
corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you
may also have other rights that vary from country to country.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information at
www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
AMG1202-T10A User’s Guide
285
Appendix F Legal Information
286
AMG1202-T10A User’s Guide
Index
Index
Numbers
applications, NAT 137
802.1p 162, 164
ATM 211
MBS 74, 78
PCR 74, 78
QoS 74, 78, 82
SCR 74, 78
status 211
Asynchronous Transfer Mode, see ATM
802.1Q/1P 153
activation 154
group settings 156
port settings 157
priority 153
PVC 154
PVID 157
tagging frames 153, 154, 156
authentication 114, 116
RADIUS server 116
WPA 104
activation
802.1Q/1P 154
dynamic DNS 168
DYNDNS wildcard 168
firewalls 141
MAC address filter 106
NAT 128
port forwarding 132
QoS 160, 161
SIP ALG 135
SSID 107
UPnP 179
wireless LAN 99
scheduling 112
WPS 109
backup
configuration 206
address mapping 132
rules 134
types 133, 134, 137
administrator password 28, 189
alerts 193
alternative subnet mask notation 250
antenna
directional 277
gain 277
omni-directional 277
Basic Service Set, See BSS 265
Basic Service Set, see BSS
broadcast 70
BSS 117, 265
example 117
CA 272
CBR 74, 78, 82
Certificate Authority
See CA.
certifications 283
notices 284
viewing 285
channel 267
interference 267
channel, wireless LAN 114
CLI 21
client list 89
AP (access point) 267
Command Line Interface, see CLI
application filter 145
compatibility, WDS 111
AMG1202-T10A User’s Guide
287
Index
configuration
backup 206
DHCP 89
firewalls 141
IP alias 91
IP filter 147
IP precedence 162
logs 193
port forwarding 130
reset 208
restoring 206
static route 151
WAN 71
wireless LAN 99
wizard 58
connection
nailed-up 77, 81
on demand 77
EAP Authentication 271
encapsulation 69, 72, 77
ENET ENCAP 79
PPPoA 80
PPPoE 79
RFC 1483 80
encryption 99, 116, 273
WEP 100
key 101
WPA 103
authentication 104
reauthentication 103
WPA-PSK 102
pre-shared key 102
ENET ENCAP 72, 77, 79
copyright 283
ESS 266
CTS (Clear to Send) 268
Extended Service Set, See ESS 266
CTS threshold 104, 114
data fragment threshold 104, 114
DDoS 139
default server, NAT 129, 130
Denials of Service, see DoS
DHCP 86, 89, 93
diagnostic 209
DiffServ Code Point, see DSCP
disclaimer 283
DNS 86, 89, 93, 176
Domain Name System, see DNS
DoS 139
DSCP 162
DSL connections, status 212
dynamic DNS 167
activation 168
wildcard 167
activation 168
Dynamic Host Configuration Protocol, see DHCP
dynamic WEP key exchange 272
DYNDNS wildcard 167
activation 168
288
FCC interference statement 283
filters 143
application 145
IP filter
configuration 147
IP/MAC 146
structure 143
MAC address 106, 115
activation 106
URL 143, 144
firewalls 139
configuration 141
DDoS 139
DoS 139
LAND attack 140
Ping of Death 140
status 34
SYN attack 139
firmware 203
version 34
forwarding ports 128, 129
activation 132
configuration 130
example 130
AMG1202-T10A User’s Guide
Index
rules 131
fragmentation threshold 104, 114, 268
FTP 21, 172
hidden node 267
IANA 254
Internet Assigned Numbers Authority
see IANA
IBSS 265
ICMP 177
IEEE 802.11g 269
IGA 136
IGMP 70, 86, 88, 95
ILA 136
Independent Basic Service Set
See IBSS 265
initialization vector (IV) 274
LAN 85
client list 89
DHCP 86, 89, 93
DNS 86, 89, 93
IGMP 86, 95
IP address 85, 86, 93
IP alias 90
configuration 91
MAC address 90
multicast 86, 88, 95
RIP 86, 88, 92, 94
status 34
subnet mask 86, 87, 93
LAND attack 140
LEDs 24
limitations
wireless LAN 117
WPS 124
Local Area Network, see LAN
login 27
passwords 27, 28
logs 193
alerts 193
settings 193
Inside Global Address, see IGA
Inside Local Address, see ILA
Internet Group Multicast Protocol, see IGMP
IP address 69, 72, 77, 80, 85, 93
default server 129, 130
ping 209
private 94
IP alias 90
configuration 91
NAT applications 137
IP filter
configuration 147
IP precedence 162, 164
configuration 162
IP/MAC filter 146
structure 143
MAC address 90, 106
filter 98, 99, 106, 115
MAC address filter
activation 106
Management Information Base (MIB) 174
mapping address 132
rules 134
types 133, 134, 137
Maximum Burst Size, see MBS
Maximum Transmission Unit, see MTU
MBS 74, 78, 82
MBSSID 118
MTU 74, 79
multicast 70, 74, 86, 88, 95
IGMPInternet Group Multicast Protocol, see IGMP
Multiple BSS, see MBSSID
AMG1202-T10A User’s Guide
289
Index
multiplexing 72, 77, 80
LLC-based 80
VC-based 80
nailed-up connection 72, 77, 81
NAT 77, 127, 135, 136, 254
activation 128
address mapping 132
rules 134
types 133, 134, 137
applications 137
IP alias 137
default server IP address 129, 130
example 137
global 136
IGA 136
ILA 136
inside 136
local 136
outside 136
P2P 129
port forwarding 128, 129
activation 132
configuration 130
example 130
rules 131
remote management 170
SIP ALG 135
activation 135
SUA 128
Network Address Translation
see NAT
PIN, WPS 109, 110, 119
example 121
Ping of Death 140
port forwarding 128, 129
activation 132
configuration 130
example 130
rules 131
PPPoA 72, 77, 80
PPPoE 72, 77, 79
preamble 105, 114
preamble mode 269
pre-shared key 102
private IP address 94
product registration 285
PSK 274
push button 23, 110
Push Button Configuration, see PBC
push button, WPS 119
PVC 154
PVID 157
QoS 159
802.1p 162, 164
activation 160, 161
DSCP 162
example 159
IP precedence 162, 164
priority queue 164
Quality of Service, see QoS
Network Address Translation, see NAT
P2P 129
Pairwise Master Key (PMK) 274, 275
passwords 27, 28
administrator 189
RADIUS 270
message types 271
messages 271
shared secret key 271
RADIUS server 116
PBC 119
reauthentication, WPA 103
PCR 74, 78, 81
registration
product 285
Peak Cell Rate, see PCR
290
AMG1202-T10A User’s Guide
Index
related documentation 3
Single User Account, see SUA
remote management 169
DNS 176
FTP 172
ICMP 177
limitations 170
NAT 170
Telnet 171
WWW 171
SIP ALG 135
activation 135
reset 25, 208
restart 208
restoring configuration 206
RFC 1483 72, 77, 80
RIP 73, 86, 88, 92, 94
Routing Information Protocol, see RIP
RTS (Request To Send) 268
threshold 267, 268
RTS threshold 104, 114
rules, port forwarding 131
safety warnings 7
schedules
wireless LAN 112
SCR 74, 78, 81
security
wireless LAN 99, 114
SNMP 173, 174
agents 174
Get 174
GetNext 174
Manager 174
managers 174
MIB 174
network components 174
Set 174
Trap 174
versions 173
SPI 140
SSID 98, 99, 108, 115
activation 107
MBSSID 118
static route 149
configuration 151
example 149
status 30, 33, 35
ATM 211
DSL connections 212
firewalls 34
firmware version 34
LAN 34
WAN 34
wireless LAN 34
WPS 109
SUA 128
Security Parameter Index, see SPI
subnet 247
Service Set IDentifier, see SSID
subnet mask 86, 93, 248
setup
DHCP 89
firewalls 141
IP alias 91
IP filter 147
IP precedenceQoS
IP precedence 162
logs 193
port forwarding 130
static route 151
WAN 71
wireless LAN 99
wizard 58
subnetting 250
shaping traffic 81, 82
Simple Network Management Protocol, see SNMP
AMG1202-T10A User’s Guide
Sustain Cell Rate, see SCR
SYN attack 139
syntax conventions 5
system 189
firmware 203
version 34
LED 24
passwords 27, 28
administrator 189
reset 25
status 30, 33
firewalls 34
LAN 34
WAN 34
291
Index
wireless LAN 34
time 190
tagging frames 153, 154, 156
Telnet 171
thresholds
data fragment 104, 114
RTS/CTS 104, 114
time 190
TR-069 21
trademarks 283
traffic priority 153
traffic shaping 81
example 82
UBR 74, 78, 83
unicast 70
Universal Plug and Play, see UPnP
upgrading firmware 203
UPnP 178
activation 179
cautions 178
example 180
installation 180
NAT traversal 178
URL 143
URL filter 144
URL 143
Virtual Path Identifier, see VPI
VLAN 153
802.1P priority 153
activation 154
group settings 156
port settings 157
PVC 154
PVID 157
tagging frames 153, 154, 156
VPI 72, 77, 80
WAN 69
ATM QoS 74, 78, 82
encapsulation 69, 72, 77
IGMP 70
IP address 69, 72, 77, 80
mode 72, 76
MTU 74, 79
multicast 70, 74
multiplexing 72, 77, 80
nailed-up connection 72, 77, 81
NAT 77
RIP 73
setup 71
status 34
traffic shaping 81
example 82
VCI 72, 77, 80
VPI 72, 77, 80
warranty 285
note 285
WDS 110, 118
compatibility 111
example 118
web configurator 21, 27
login 27
passwords 27, 28
VBR 82
WEP 100, 116
key 101
VBR-nRT 74, 78, 82
Wide Area Network, see WAN
VBR-RT 74, 78, 82
Wi-Fi Protected Access 273
VCI 72, 77, 80
WiFi Protected Setup, see WPS
Virtual Channel Identifier, see VCI
wireless client WPA supplicants 274
Virtual Local Area Network, see VLAN
Wireless Distribution System, see WDS
292
AMG1202-T10A User’s Guide
Index
wireless LAN 97, 113
activation 99
authentication 114, 116
BSS 117
example 117
channel 114
configuration 99
encryption 99, 116
example 113
fragmentation threshold 104, 114
limitations 117
MAC address filter 98, 99, 106, 115
MBSSID 118
preamble 105, 114
RADIUS server 116
RTS/CTS threshold 104, 114
scheduling 112
security 114
SSID 98, 99, 108, 115
activation 107
status 34
WDS 110, 118
compatibility 111
example 118
WEP 100, 116
key 101
wizard 63
WPA 103, 116
authentication 104
reauthentication 103
WPA-PSK 102, 116
pre-shared key 102
WPS 108, 118, 121
activation 109
adding stations 110
example 122
limitations 124
PIN 109, 110, 119
push button 23, 110, 119
status 109
authentication 104
key caching 274
pre-authentication 274
reauthentication 103
user authentication 274
vs WPA-PSK 274
wireless client supplicant 274
with RADIUS application example 275
WPA2 273
user authentication 274
vs WPA2-PSK 274
wireless client supplicant 274
with RADIUS application example 275
WPA2-Pre-Shared Key 273
WPA2-PSK 273, 274
application example 275
WPA-PSK 102, 116, 273, 274
application example 275
pre-shared key 102
WPS 108, 118, 121
activation 109
adding stations 110
example 122
limitations 124
PIN 109, 110, 119
example 121
push button 23, 110, 119
status 109
wireless security 269
Wireless tutorial 38
wizard 55
configuration 58
wireless LAN 63
WLAN
interference 267
security parameters 276
WPA 103, 116, 273
AMG1202-T10A User’s Guide
293
Index
294
AMG1202-T10A User’s Guide
Index
AMG1202-T10A User’s Guide
295
Index
296
AMG1202-T10A User’s Guide

Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : No
Page Count                      : 106
Producer                        : Foxit Phantom - Foxit Corporation
Author                          : Test
Create Date                     : 2011:12:12 10:52:18
Modify Date                     : 2011:12:12 10:52:18
EXIF Metadata provided by EXIF.tools
FCC ID Filing: I88AMG1202T10A

Navigation menu