ZyXEL Communications MAX200HW2 WiMAX Router User Manual UserMan I88MAX200HW2 revised

ZyXEL Communications Corporation WiMAX Router UserMan I88MAX200HW2 revised

User manual revised 1

 About This User's GuideMAX-200HW2 Series User s Guide 3About This User's GuideCongratulations on your purchase of the ZyXEL MAX-200HW2 Series WiMAX WiFi Router with Built-In Switch and VOIP. Your ZyXEL Device allows you to access WiMAX wireless networks, set up a WiFi network and make Voice over Internet (VoIP) phone calls.Your ZyXEL Device is easy to install and configure. Intended AudienceThis manual is designed to guide you through the configuration of your ZyXEL Device for its various applications.Related Documentation Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access. Supporting DiskRefer to the included CD for support documents. ZyXEL Web SitePlease refer to www.zyxel.com for additional support documentation and product certifications.User s Guide FeedbackHelp us help you. Send all User!s Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you!The Technical Writing Team,ZyXEL Communications Corp.,6 Innovation Road II,Science-Based Industrial Park, Hsinchu, 300, Taiwan.E-mail: techwriters@zyxel.com.tw
Document ConventionsMAX-200HW2 Series User s Guide4Document ConventionsWarnings and NotesThese are how warnings and notes are shown in this User!s Guide. Warnings tell you about things that could harm you or your ZyXEL Device.Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.Syntax Conventions The ZyXEL MAX-200HW2 Series may be referred to as the "ZyXEL Device#, the "device#, the "system# or the "product# in this User!s Guide. Product labels, screen names, field labels and field choices are all in bold font. A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the "enter# or "return# key on your keyboard. "Enter# means for you to type one or more characters and then press the [ENTER] key. "Select# or "choose# means for you to use one of the predefined choices. A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen. Units of measurement may denote the "metric# value or the "scientific# value. For example, "k# for kilo may denote "1000# or "1024#, "M# for mega may denote "1000000# or "1048576# and so on. "e.g.,# is a shorthand for "for instance#, and "i.e.,# means "that is# or "in other words#.Icons Used in FiguresFigures in this User!s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your ZyXEL Device.
 Document ConventionsMAX-200HW2 Series User s Guide 5Table 1   Common IconsZyXEL DeviceComputerNotebookWireless SignalWireless Base StationInternet CloudRouterServerFirewall
Safety WarningsMAX-200HW2 Series User s Guide6Safety WarningsFor your safety, be sure to read and follow all warning notices and instructions.For your safety, be sure to read and follow all warning notices and instructions. Do NOT use this product near water, for example, in a wet basement or near a swimming pool. Do NOT expose your device to dampness, dust or corrosive liquids. Do NOT store things on the device. Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. Connect ONLY suitable accessories to the device. ONLY qualified service personnel should service or disassemble this device.  Make sure to connect the cables to the correct ports. Place connecting cables carefully so that no one will step on them or stumble over them. Always disconnect all cables from this device before servicing or disassembling. Use ONLY an appropriate power adaptor or cord for your device. Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe). Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord. Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution. If the power adaptor or cord is damaged, remove it from the power outlet. Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one. Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.  Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device. Use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s).
 Safety WarningsMAX-200HW2 Series User s Guide 7This product is recyclable. Dispose of it properly.
Safety WarningsMAX-200HW2 Series User s Guide8
 Contents OverviewMAX-200HW2 Series User s Guide 9Contents OverviewIntroduction ............................................................................................................................31Getting Started ...........................................................................................................................33Introducing the Web Configurator ..............................................................................................39Tutorials and Wizard ..............................................................................................................47Tutorial .......................................................................................................................................49Internet Setup Wizard................................................................................................................ 61VoIP Wizard ...............................................................................................................................73Web Configurator ...................................................................................................................77Status Screens ..........................................................................................................................79Wireless LAN .............................................................................................................................91WAN Setup ..............................................................................................................................107LAN ...........................................................................................................................................119NAT ..........................................................................................................................................129VPN Transport .........................................................................................................................137SIP ...........................................................................................................................................149Phone ......................................................................................................................................165Phone Book .............................................................................................................................173Firewall ....................................................................................................................................179Certificates ...............................................................................................................................187Content Filter ...........................................................................................................................205Static Route .............................................................................................................................209Remote MGMT ........................................................................................................................213UPnP .......................................................................................................................................221System .....................................................................................................................................233Logs .........................................................................................................................................241Tools ........................................................................................................................................255Troubleshooting and Specifications ..................................................................................261Troubleshooting .......................................................................................................................263Product Specifications .............................................................................................................269Appendices and Index .........................................................................................................273
Contents OverviewMAX-200HW2 Series User s Guide10
 Table of ContentsMAX-200HW2 Series User s Guide 11Table of ContentsAbout This User's Guide..........................................................................................................3Document Conventions............................................................................................................4Safety Warnings........................................................................................................................6Contents Overview...................................................................................................................9Table of Contents....................................................................................................................11List of Figures.........................................................................................................................21List of Tables...........................................................................................................................27Part I: Introduction.................................................................................31Chapter  1Getting Started........................................................................................................................331.1 About Your ZyXEL Device   .................................................................................................331.1.1 Wireless Internet Access ............................................................................................331.1.2 WiFi Network ..............................................................................................................341.1.3 Make Calls via Internet Telephony Service Provider ..................................................341.2 ZyXEL Device Hardware .....................................................................................................351.2.1 LEDs ..........................................................................................................................351.2.2 Antennas ....................................................................................................................361.3 Good Habits for Managing the ZyXEL Device .....................................................................37Chapter  2Introducing the Web Configurator........................................................................................392.1 Web Configurator Overview .................................................................................................392.1.1 Accessing the Web Configurator ................................................................................392.1.2 The RESET Button .....................................................................................................412.2 Web Configurator Main Screen ...........................................................................................422.2.1 Title Bar ......................................................................................................................422.2.2 Navigation Panel ........................................................................................................432.2.3 Main Window ..............................................................................................................452.2.4 Status Bar ...................................................................................................................45
Table of ContentsMAX-200HW2 Series User s Guide12Part II: Tutorials and Wizard..................................................................47Chapter  3Tutorial.....................................................................................................................................493.1 Connect to the Internet ........................................................................................................493.1.1 Configure Internet Access Settings ............................................................................493.1.2 Configure WiMAX Settings .........................................................................................523.2 Set Up a WiFi Network ........................................................................................................533.2.1 Configuring the AP (Your ZyXEL Device) ...................................................................533.3 Connect to the WiFi Network ...............................................................................................543.3.1 Connecting to a Wireless LAN ...................................................................................553.4 Make a Telephone Call Over the Internet ............................................................................573.4.1 Configure Your SIP Account ......................................................................................573.4.2 Configure a Phone .....................................................................................................583.4.3 Set Up Speed Dialing and Make a Call ......................................................................59Chapter  4Internet Setup Wizard.............................................................................................................614.1 Wizard Setup Overview .......................................................................................................614.2 Internet Connection Wizard Setup .......................................................................................614.3 Step One: System Information .............................................................................................624.4 Step Two: Wireless LAN Wizard ..........................................................................................634.4.1 Wireless LAN Screen .................................................................................................634.4.2 Basic (WEP) Security .................................................................................................644.4.3 Extend (WPA-PSK or WPA2-PSK) Security ...............................................................654.4.4 The OTIST Screen .....................................................................................................654.5 Step Three: Internet Configuration ......................................................................................664.5.1 Connection Type Screen ............................................................................................664.5.2 ISP Parameters for Internet Access Screen ..............................................................674.5.3 Antenna Selection Screen ..........................................................................................684.5.4 IP Address Screen .....................................................................................................694.5.5 WAN IP Address Assignment .....................................................................................704.5.6 Wizard Complete ........................................................................................................71Chapter  5VoIP Wizard.............................................................................................................................735.1 Introduction ..........................................................................................................................735.2 VOIP Wizard Setup .............................................................................................................73Part III: Web Configurator.....................................................................77
 Table of ContentsMAX-200HW2 Series User s Guide 13Chapter  6Status Screens........................................................................................................................796.1 Status Screen ......................................................................................................................796.2 Site Information ...................................................................................................................836.3 Profile ..................................................................................................................................846.4 Packet Statistics ..................................................................................................................856.5 DHCP Table Screen ............................................................................................................866.6 VoIP Statistics Window ........................................................................................................87Chapter  7Wireless LAN...........................................................................................................................917.1 Wireless Network Overview .................................................................................................917.2 Wireless Security Overview .................................................................................................927.2.1 SSID ...........................................................................................................................927.2.2 MAC Address Filter ....................................................................................................927.2.3 User Authentication ....................................................................................................927.2.4 Encryption ..................................................................................................................937.2.5 One-Touch Intelligent Security Technology (OTIST) ..................................................947.3 General Wireless LAN Screen  ............................................................................................947.3.1 No Security .................................................................................................................957.3.2 WEP Encryption .........................................................................................................967.3.3 WPA-PSK/WPA2-PSK ................................................................................................977.3.4 WPA/WPA2 ................................................................................................................997.4 OTIST  ...............................................................................................................................1017.4.1 Enabling OTIST ........................................................................................................1017.4.2 Starting OTIST .........................................................................................................1037.4.3 Notes on OTIST .......................................................................................................1037.5 MAC Filter ..........................................................................................................................1047.6 Wireless LAN Advanced Screen .......................................................................................105Chapter  8WAN Setup.............................................................................................................................1078.1 WAN Overview  .................................................................................................................1078.2 WiMAX ...............................................................................................................................1078.2.1 Authentication ..........................................................................................................1088.3 Internet Access Setup  ......................................................................................................1088.4 Frequency Settings .............................................................................................................1118.4.1 Frequency Ranges ....................................................................................................1118.4.2 Configuring Frequency Settings ................................................................................1118.5 Configuring Advanced WAN Settings .................................................................................1148.6 Configuring Traffic Redirect Settings ..................................................................................1158.6.1 Configuring The Antenna ..........................................................................................117
Table of ContentsMAX-200HW2 Series User s Guide14Chapter  9LAN.........................................................................................................................................1199.1 LAN Overview .....................................................................................................................1199.1.1 IP Address and Subnet Mask ....................................................................................1199.1.2 DHCP Setup .............................................................................................................1209.1.3 LAN TCP/IP ..............................................................................................................1209.1.4 DNS Server Address ................................................................................................1209.1.5 RIP Setup .................................................................................................................1219.1.6 Multicast ...................................................................................................................1219.2 LAN Screens .....................................................................................................................1229.2.1 LAN IP Screen .........................................................................................................1229.2.2 LAN DHCP Setup Screen ........................................................................................1229.2.3 LAN Static DHCP Screen .........................................................................................1239.2.4 LAN Client List Screen .............................................................................................1249.2.5 LAN IP Alias Screen .................................................................................................1259.2.6 LAN Advanced Screen .............................................................................................126Chapter  10NAT.........................................................................................................................................12910.1 NAT Overview ..................................................................................................................12910.1.1 Port Forwarding: Services and Port Numbers ........................................................12910.1.2 Trigger Port Forwarding .........................................................................................13010.1.3 SIP ALG .................................................................................................................13110.2 NAT Screens ....................................................................................................................13110.2.1 NAT General Screen ..............................................................................................13110.2.2 NAT Port Forwarding Screen .................................................................................13210.2.3 NAT Port Forwarding Edit Screen ..........................................................................13310.2.4 NAT Trigger Port Screen ........................................................................................13410.2.5 NAT ALG Screen ....................................................................................................135Chapter  11VPN Transport.......................................................................................................................13711.1 Overview ..........................................................................................................................13711.1.1 What You Can Do in the VPN Transport Screens ..................................................13811.1.2 What You Need to Know about VPN Transport ......................................................13811.1.3 Before You Begin ....................................................................................................14011.2 The General Screen .........................................................................................................14011.3 The Customer Interface Screen .......................................................................................14111.4 The Customer Interface Edit Screen ................................................................................14211.5 The Ethernet Pseudowire Screen ....................................................................................14311.6 The Ethernet Pseudowire Edit Screen .............................................................................14411.7 The Statistics Screen .......................................................................................................14511.8 VPN Transport Technical Reference ................................................................................146
 Table of ContentsMAX-200HW2 Series User s Guide 1511.8.1 Multi-Protocol Label Switching ...............................................................................14611.8.2 Generic Routing Encapsulation ..............................................................................147Chapter  12SIP..........................................................................................................................................14912.1 SIP Overview ...................................................................................................................14912.1.1 Introduction to VoIP ................................................................................................14912.1.2 Introduction to SIP ..................................................................................................14912.1.3 SIP Identities ..........................................................................................................14912.1.4 SIP Call Progression ..............................................................................................15012.1.5 SIP Client Server ....................................................................................................15012.1.6 RTP ........................................................................................................................15212.1.7 NAT and SIP ..........................................................................................................15212.1.8 Voice Coding ..........................................................................................................15312.1.9 PSTN Call Setup Signaling ....................................................................................15412.1.10 MWI (Message Waiting Indication) .......................................................................15412.1.11 Custom Tones (IVR) .............................................................................................15512.1.12 Quality of Service (QoS) ......................................................................................15512.2 SIP Screens .....................................................................................................................15712.2.1 SIP Settings Screen ...............................................................................................15712.2.2 Advanced SIP Setup Screen ..................................................................................15812.2.3 SIP QoS Screen .....................................................................................................162Chapter  13Phone.....................................................................................................................................16513.1 Phone Overview ..............................................................................................................16513.1.1 Voice Activity Detection/Silence Suppression/Comfort Noise ................................16513.1.2 Echo Cancellation ..................................................................................................16513.1.3 Supplementary Phone Services Overview .............................................................16513.2 Phone Screens ................................................................................................................16913.2.1 Analog Phone Screen ............................................................................................16913.2.2 Advanced Analog Phone Setup Screen .................................................................17013.2.3 Common Phone Settings Screen ...........................................................................17113.2.4 Phone Region Screen ............................................................................................171Chapter  14Phone Book...........................................................................................................................17314.1 Phone Book Overview .....................................................................................................17314.2 Phone Book Screens .......................................................................................................17314.2.1 Incoming Call Policy Screen ..................................................................................17314.2.2 Speed Dial Screen .................................................................................................175Chapter  15Firewall...................................................................................................................................179
Table of ContentsMAX-200HW2 Series User s Guide1615.1 Firewall Overview ............................................................................................................17915.1.1 Stateful Inspection Firewall. ...................................................................................17915.1.2 About the ZyXEL Device Firewall ...........................................................................17915.1.3 Guidelines For Enhancing Security With Your Firewall ..........................................18015.1.4 The Firewall, NAT and Remote Management ........................................................18015.2 Triangle Route .................................................................................................................18115.2.1 The !Triangle Route" Problem ................................................................................18115.2.2 Solving the !Triangle Route" Problem ....................................................................18215.3 Firewall Screens ..............................................................................................................18315.3.1 General Firewall Screen .........................................................................................18315.3.2 Firewall Services Screen ........................................................................................183Chapter  16Certificates............................................................................................................................18716.1 Certificates Overview .......................................................................................................18716.1.1 Advantages of Certificates .....................................................................................18816.2 Self-signed Certificates ....................................................................................................18816.3 Factory Default Certificate ...............................................................................................18816.3.1 Certificate File Formats ..........................................................................................18816.4 Certificate Configuration Screens Summary ...................................................................18916.5 Verifying a Certificate .......................................................................................................18916.5.1 Checking the Fingerprint of a Certificate on Your Computer ..................................18916.6 My Certificates Screen ....................................................................................................19016.6.1 My Certificates Create Screen   .............................................................................19216.6.2 My Certificate Details Screen  ................................................................................19516.6.3 My Certificate Import Screen  .................................................................................19816.7 Trusted CAs   ...................................................................................................................19916.8 Trusted CA Details  ..........................................................................................................20116.9 Trusted CA Import   .........................................................................................................203Chapter  17Content Filter.........................................................................................................................20517.1 Content Filtering Overview ..............................................................................................20517.2 Content Filtering Screens ................................................................................................20517.2.1 Content Filter Screen .............................................................................................20517.2.2 Content Filter Schedule Screen .............................................................................207Chapter  18Static Route...........................................................................................................................20918.1 Static Route Overview .....................................................................................................20918.2 Static Route Screens .......................................................................................................20918.2.1 IP Static Route Screen ...........................................................................................20918.2.2 IP Static Route Edit Screen ....................................................................................210
 Table of ContentsMAX-200HW2 Series User s Guide 17Chapter  19Remote MGMT.......................................................................................................................21319.1 Remote Management Overview ......................................................................................21319.1.1 Remote Management Limitations ..........................................................................21319.1.2 Remote Management and NAT ..............................................................................21319.1.3 System Timeout .....................................................................................................21419.2 Remote Management Screens ........................................................................................21419.2.1 WWW Screen .........................................................................................................21419.2.2 Telnet Screen .........................................................................................................21419.2.3 FTP Screen ............................................................................................................21519.3 SNMP ..............................................................................................................................21619.3.1 Supported MIBs .....................................................................................................21719.3.2 SNMP Traps ...........................................................................................................21719.3.3 Configuring SNMP .................................................................................................21719.3.4 DNS Screen ...........................................................................................................21819.3.5 Security Screen ......................................................................................................219Chapter  20UPnP......................................................................................................................................22120.1 Introducing Universal Plug and Play ................................................................................22120.1.1 How do I know if I'm using UPnP? .........................................................................22120.1.2 NAT Traversal ........................................................................................................22120.1.3 Cautions with UPnP ...............................................................................................22120.1.4 UPnP and ZyXEL ...................................................................................................22220.2 UPnP Examples ..............................................................................................................22220.2.1 Installing UPnP in Windows Example ....................................................................22220.2.2 Using UPnP in Windows XP Example ...................................................................22520.3 UPnP Screen ...................................................................................................................231Chapter  21System...................................................................................................................................23321.1 System Features Overview .............................................................................................23321.1.1 System Name .........................................................................................................23321.1.2 Domain Name ........................................................................................................23321.1.3 DNS Server Address Assignment ..........................................................................23321.1.4 Dynamic DNS .........................................................................................................23421.1.5 Pre-defined NTP Time Servers List ........................................................................23421.1.6 Resetting the Time .................................................................................................23521.2 System Screens ..............................................................................................................23521.2.1 General System Screen .........................................................................................23521.2.2 Dynamic DNS Screen ............................................................................................23621.2.3 Time Setting Screen ...............................................................................................237
Table of ContentsMAX-200HW2 Series User s Guide18Chapter  22Logs.......................................................................................................................................24122.1 Logs Overview .................................................................................................................24122.1.1 Alerts ......................................................................................................................24122.1.2 Syslog Logs ............................................................................................................24122.2 Logs Screens ...................................................................................................................24322.2.1 Log Viewer Screen .................................................................................................24322.2.2 Log Settings Screen ...............................................................................................24322.3 Log Message Descriptions ..............................................................................................245Chapter  23Tools.......................................................................................................................................25523.1 Tools Overview ................................................................................................................25523.1.1 Firmware ................................................................................................................25523.2 Tools Screens ..................................................................................................................25523.2.1 Firmware Screen ....................................................................................................25523.2.2 Firmware Upload Screens ......................................................................................25623.2.3 Configuration Screen .............................................................................................25723.2.4 Restore Configuration Screens ..............................................................................25823.2.5 Restart Screen .......................................................................................................259Part IV: Troubleshooting and Specifications.....................................261Chapter  24Troubleshooting....................................................................................................................26324.1 Power, Hardware Connections, and LEDs ......................................................................26324.2 ZyXEL Device Access and Login ....................................................................................26424.3 Internet Access ................................................................................................................26524.4 Phone Calls and VoIP ......................................................................................................26724.5 Reset the ZyXEL Device to Its Factory Defaults ..............................................................26724.5.1 Pop-up Windows, JavaScripts and Java Permissions ...........................................26824.6 Wireless LAN Troubleshooting ........................................................................................268Chapter  25Product Specifications.........................................................................................................269Part V: Appendices and Index............................................................273Appendix  A  WiMAX Security................................................................................................275Appendix  B  Setting up Your Computer s IP Address............................................................279
 Table of ContentsMAX-200HW2 Series User s Guide 19Appendix  C  Pop-up Windows, JavaScripts and Java Permissions......................................301Appendix  D  IP Addresses and Subnetting...........................................................................309Appendix  E  Wireless LANs..................................................................................................319Appendix  F  Common Services.............................................................................................333Appendix  G  Legal Information..............................................................................................337Appendix  H  Customer Support.............................................................................................341Index.......................................................................................................................................347
Table of ContentsMAX-200HW2 Series User s Guide20
 List of FiguresMAX-200HW2 Series User s Guide 21List of FiguresFigure 1 Mobile Station and Base Station ...............................................................................................34Figure 2 WLAN Application Example .....................................................................................................34Figure 3 ZyXEL Device s VoIP Features ................................................................................................35Figure 4 The ZyXEL Device ...................................................................................................................35Figure 5 Password Screen .....................................................................................................................40Figure 6 Change Password Screen ........................................................................................................40Figure 7 Replace Certificate Screen .......................................................................................................40Figure 8 Wizard or Advanced Screen  ....................................................................................................41Figure 9 Main Screen .............................................................................................................................42Figure 10 Tutorial: Security .....................................................................................................................50Figure 11 Tutorial: Trusted CAs Tab .......................................................................................................50Figure 12 Tutorial: Trusted CAs Screen .................................................................................................50Figure 13 Tutorial: Network ....................................................................................................................51Figure 14 Tutorial: Internet Access Settings  ..........................................................................................51Figure 15 Tutorial: WiMAX Frequency Setup .........................................................................................52Figure 16 Network > Wireless LAN > General .......................................................................................53Figure 17 Network > Wireless LAN > Device Information ......................................................................54Figure 18 Network > Wireless LAN > Interface Status ...........................................................................54Figure 19 ZyXEL Utility: Security Settings  .............................................................................................56Figure 20 ZyXEL Utility: Confirm Save ...................................................................................................56Figure 21 ZyXEL Utility: Link Info  ..........................................................................................................56Figure 22 Tutorial: SIP Account Setup ...................................................................................................58Figure 23 Tutorial: the Analog Phone Screen .........................................................................................59Figure 24 Tutorial: the Speed Dial Screen ..............................................................................................60Figure 25 Tutorial: New Speed Dial Rule ................................................................................................60Figure 26 Select a Mode ........................................................................................................................61Figure 27 Connection Wizard: Introduction ............................................................................................62Figure 28 Wizard > Step 1 > System Information ...................................................................................62Figure 29 Wizard > Step 2 > Wireless LAN  ...........................................................................................63Figure 30 Wizard > Step 2 > Basic (WEP) Security ...............................................................................64Figure 31 Wizard > Step 2 > Extend (WPA-PSK or WPA2-PSK) Security .............................................65Figure 32 Wizard > Step 2 > OTIST .......................................................................................................66Figure 33 Wizard > Step 3 > Connection Type Screen ..........................................................................67Figure 34 Wizard > Step 3 > ISP Parameters for Internet Access Screen .............................................67Figure 35 Wizard > Step 3 > Antenna Selection .....................................................................................69Figure 36 Wizard > Step 3 > IP Address ................................................................................................70Figure 37 Wizard > Step 3 > WAN IP Address Assignment ...................................................................71Figure 38 The Connection Wizard: Congratulations ...............................................................................72
List of FiguresMAX-200HW2 Series User s Guide22Figure 39 Select a Mode ........................................................................................................................73Figure 40 VOIP Wizard: Configuration ...................................................................................................74Figure 41 VoIP Wizard: SIP Registration Test ........................................................................................75Figure 42 VoIP Wizard: Fail ....................................................................................................................75Figure 43 VOIP Wizard: Finish  ..............................................................................................................75Figure 44 Status Screen .........................................................................................................................79Figure 45 The Site Information Screen ...................................................................................................83Figure 46 The WiMAX Profile Screen  ....................................................................................................84Figure 47 Packet Statistics .....................................................................................................................85Figure 48 DHCP Table ............................................................................................................................86Figure 49 VoIP Statistics .........................................................................................................................87Figure 50 Example of a Wireless Network .............................................................................................91Figure 51 Network > Wireless LAN > General  ......................................................................................94Figure 52 Network > Wireless LAN > General: No Security ...................................................................95Figure 53 Network > Wireless LAN > General: Static WEP ...................................................................96Figure 54 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK ..................................................98Figure 55 Network > Wireless LAN > General: WPA/WPA2 ...................................................................99Figure 56 Network > Wireless LAN > OTIST  .......................................................................................101Figure 57 Example Wireless Client OTIST Screen ..............................................................................102Figure 58 Security Key .........................................................................................................................103Figure 59 OTIST in Progress (AP) .......................................................................................................103Figure 60 OTIST in Progress (Client) ...................................................................................................103Figure 61 No AP with OTIST Found .....................................................................................................103Figure 62 Start OTIST? ........................................................................................................................104Figure 63 Network > Wireless LAN > MAC Filter .................................................................................105Figure 64 Network > Wireless LAN > Advanced ..................................................................................106Figure 65 WiMax: Mobile Station ..........................................................................................................107Figure 66 WiMAX: Multiple Mobile Stations ..........................................................................................108Figure 67 Using an AAA Server ...........................................................................................................108Figure 68 Network > WAN > Internet Connection ................................................................................109Figure 69 Frequency Ranges ................................................................................................................111Figure 70 Network > WAN >WiMAX Frequency ....................................................................................113Figure 71 Completing the WiMAX Frequency Screen ...........................................................................114Figure 72 Network > WAN > Advanced .................................................................................................114Figure 73 Network > WAN > Traffic Redirect .........................................................................................116Figure 74 Network > WAN > Antenna Selection ....................................................................................117Figure 75 Network > LAN > IP ..............................................................................................................122Figure 76 Network > LAN > DHCP Setup ............................................................................................123Figure 77 Network > LAN > Static DHCP .............................................................................................124Figure 78 Network > LAN > Client List .................................................................................................125Figure 79 Network > LAN > IP Alias .....................................................................................................125Figure 80 Network > LAN > Advanced .................................................................................................127Figure 81 Multiple Servers Behind NAT Example ................................................................................129
 List of FiguresMAX-200HW2 Series User s Guide 23Figure 82 Trigger Port Forwarding Process: Example ..........................................................................130Figure 83 Network > NAT > General ....................................................................................................131Figure 84 Network > NAT > Port Forwarding .......................................................................................132Figure 85 Network > NAT > Port Forwarding > Edit .............................................................................133Figure 86 Network > NAT > Trigger Port ..............................................................................................134Figure 87 Network > NAT > ALG ..........................................................................................................135Figure 88 VPN Transport example .......................................................................................................137Figure 89 Identifying Users ...................................................................................................................138Figure 90 Ethernet Pseudowire Settings Example   .............................................................................139Figure 91 Pseudowire Mapping ............................................................................................................139Figure 92 Network > VPN Transport > General ....................................................................................140Figure 93 Network > VPN Transport > Customer Interface ..................................................................141Figure 94 Network > VPN Transport > Customer Interface Edit ...........................................................142Figure 95 Network > VPN Transport > Ethernet Pseudowire ...............................................................144Figure 96 Network > VPN Transport > Ethernet Pseudowire > Edit .....................................................145Figure 97 Network > VPN Transport > Statistics ..................................................................................146Figure 98 VPLS Tunneling ....................................................................................................................147Figure 99 SIP User Agent .....................................................................................................................151Figure 100 SIP Proxy Server ................................................................................................................151Figure 101 SIP Redirect Server ............................................................................................................152Figure 102 STUN ..................................................................................................................................153Figure 103 DiffServ: Differentiated Service Field ..................................................................................156Figure 104 VoIP > SIP > SIP Settings ..................................................................................................157Figure 105 VoIP > SIP > SIP Settings > Advanced ..............................................................................159Figure 106 VoIP > SIP > QoS ...............................................................................................................163Figure 107 VoIP > Phone > Analog Phone ...........................................................................................169Figure 108 VoIP > Phone > Analog Phone > Advanced ......................................................................170Figure 109 VoIP > Phone > Common ...................................................................................................171Figure 110 VoIP > Phone > Region ......................................................................................................171Figure 111 VoIP > Phone Book > Incoming Call Policy ........................................................................174Figure 112 VoIP > Phone Book > Speed Dial .......................................................................................176Figure 113 Firewall Rule Directions ......................................................................................................180Figure 114 Ideal Firewall Setup ............................................................................................................181Figure 115 !Triangle Route" Problem ...................................................................................................182Figure 116 IP Alias ...............................................................................................................................182Figure 117 Security > Firewall > General .............................................................................................183Figure 118 Security > Firewall > Services ............................................................................................184Figure 119 Remote Host Certificates ....................................................................................................189Figure 120 Certificate Details  ..............................................................................................................190Figure 121 Security > Certificates > My Certificates    .........................................................................191Figure 122 Security > Certificates > My Certificates > Create ..............................................................193Figure 123 Security > Certificates > My Certificates > Details  ............................................................196Figure 124 Security > Certificates > My Certificates > Import ..............................................................199
List of FiguresMAX-200HW2 Series User s Guide24Figure 125 Security > Certificates > Trusted CAs ................................................................................200Figure 126 Security > Certificates > Trusted CAs > Details .................................................................201Figure 127 Security > Certificates > Trusted CAs > Import ..................................................................204Figure 128 Security > Content Filter > Filter .........................................................................................206Figure 129 Security > Content Filter > Schedule ..................................................................................207Figure 130 Example of Static Routing Topology ...................................................................................209Figure 131 Management > Static Route > IP Static Route ...................................................................210Figure 132 Management > Static Route > IP Static Route > Edit ..........................................................211Figure 133 Management > Remote MGMT > WWW ...........................................................................214Figure 134 Management > Remote MGMT > Telnet ............................................................................215Figure 135 Management > Remote MGMT > FTP ...............................................................................215Figure 136 SNMP Management Model ................................................................................................216Figure 137 Management > Remote MGMT > SNMP ...........................................................................218Figure 138 Management > Remote MGMT > DNS ..............................................................................219Figure 139 Management > Remote MGMT > Security .........................................................................219Figure 140 Add/Remove Programs: Windows Setup: Communication ................................................222Figure 141 Add/Remove Programs: Windows Setup: Communication Components ...........................223Figure 142 Network Connections .........................................................................................................223Figure 143 Windows Optional Networking Components Wizard ..........................................................224Figure 144 Networking Services ...........................................................................................................224Figure 145 Network Connections .........................................................................................................225Figure 146 Internet Connection Properties  ..........................................................................................226Figure 147 Internet Connection Properties: Advanced Settings ...........................................................227Figure 148 Internet Connection Properties: Advanced Settings: Add ..................................................227Figure 149 System Tray Icon ................................................................................................................228Figure 150 Internet Connection Status .................................................................................................228Figure 151 Network Connections .........................................................................................................229Figure 152 Network Connections: My Network Places ........................................................................230Figure 153 Network Connections: My Network Places: Properties: Example ......................................230Figure 154 Management > UPnP .........................................................................................................231Figure 155 Maintenance > System > General ......................................................................................235Figure 156 Maintenance > System > Dynamic DNS ............................................................................236Figure 157 Maintenance > System > Time Setting ...............................................................................238Figure 158 Maintenance > Logs > View Log ........................................................................................243Figure 159 Maintenance > Logs > Log Settings ...................................................................................244Figure 160 Maintenance > Tools > Firmware .......................................................................................256Figure 161 Firmware Upload In Process ..............................................................................................256Figure 162 Network Temporarily Disconnected ....................................................................................257Figure 163 Firmware Upload Error .......................................................................................................257Figure 164 Maintenance > Tools > Configuration .................................................................................257Figure 165 Configuration Upload Successful .......................................................................................258Figure 166 Network Temporarily Disconnected ....................................................................................259Figure 167 Configuration Upload Error .................................................................................................259
 List of FiguresMAX-200HW2 Series User s Guide 25Figure 168 Maintenance > Tools > Restart ...........................................................................................259Figure 169 Maintenance > Tools > Restart > In Progress ....................................................................260Figure 170 WIndows 95/98/Me: Network: Configuration ......................................................................280Figure 171 Windows 95/98/Me: TCP/IP Properties: IP Address ..........................................................281Figure 172 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ..............................................282Figure 173 Windows XP: Start Menu ....................................................................................................283Figure 174 Windows XP: Control Panel ...............................................................................................283Figure 175 Windows XP: Control Panel: Network Connections: Properties .........................................284Figure 176 Windows XP: Local Area Connection Properties ...............................................................284Figure 177 Windows XP: Internet Protocol (TCP/IP) Properties ..........................................................285Figure 178 Windows XP: Advanced TCP/IP Properties .......................................................................286Figure 179 Windows XP: Internet Protocol (TCP/IP) Properties ..........................................................287Figure 180 Windows Vista: Start Menu .................................................................................................288Figure 181 Windows Vista: Control Panel ............................................................................................288Figure 182 Windows Vista: Network And Internet ................................................................................288Figure 183 Windows Vista: Network and Sharing Center .....................................................................288Figure 184 Windows Vista: Network and Sharing Center .....................................................................289Figure 185 Windows Vista: Local Area Connection Properties ............................................................289Figure 186 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties ...................................290Figure 187 Windows Vista: Advanced TCP/IP Properties ....................................................................291Figure 188 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties ...................................292Figure 189 Macintosh OS 8/9: Apple Menu ..........................................................................................293Figure 190 Macintosh OS 8/9: TCP/IP .................................................................................................293Figure 191 Macintosh OS X: Apple Menu ............................................................................................294Figure 192 Macintosh OS X: Network ..................................................................................................295Figure 193 Red Hat 9.0: KDE: Network Configuration: Devices  .........................................................296Figure 194 Red Hat 9.0: KDE: Ethernet Device: General   ..................................................................296Figure 195 Red Hat 9.0: KDE: Network Configuration: DNS  ...............................................................297Figure 196 Red Hat 9.0: KDE: Network Configuration: Activate  ........................................................297Figure 197 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0   ...............................................298Figure 198 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0    ...................................................298Figure 199 Red Hat 9.0: DNS Settings in resolv.conf    ........................................................................298Figure 200 Red Hat 9.0: Restart Ethernet Card   .................................................................................298Figure 201 Red Hat 9.0: Checking TCP/IP Properties   .......................................................................299Figure 202 Pop-up Blocker ...................................................................................................................301Figure 203 Internet Options: Privacy ....................................................................................................302Figure 204 Internet Options: Privacy ....................................................................................................303Figure 205 Pop-up Blocker Settings .....................................................................................................303Figure 206 Internet Options: Security ...................................................................................................304Figure 207 Security Settings - Java Scripting .......................................................................................305Figure 208 Security Settings - Java ......................................................................................................305Figure 209 Java (Sun) ..........................................................................................................................306Figure 210 Mozilla Firefox: Tools > Options .........................................................................................307
List of FiguresMAX-200HW2 Series User s Guide26Figure 211 Mozilla Firefox Content Security .........................................................................................307Figure 212 Network Number and Host ID ............................................................................................310Figure 213 Subnetting Example: Before Subnetting ............................................................................312Figure 214 Subnetting Example: After Subnetting ...............................................................................313Figure 215 Conflicting Computer IP Addresses Example ....................................................................317Figure 216 Conflicting Computer IP Addresses Example ....................................................................317Figure 217 Conflicting Computer and Router IP Addresses Example ..................................................318Figure 218 Peer-to-Peer Communication in an Ad-hoc Network .........................................................319Figure 219 Basic Service Set ...............................................................................................................320Figure 220 Infrastructure WLAN ...........................................................................................................321Figure 221  RTS/CTS ...........................................................................................................................322Figure 222 WPA(2) with RADIUS Application Example .......................................................................329Figure 223 WPA(2)-PSK Authentication ...............................................................................................330
 List of TablesMAX-200HW2 Series User s Guide 27List of TablesTable 1 Common Icons  ............................................................................................................................5Table 2 Models Covered  ........................................................................................................................33Table 3 The ZyXEL Device  ....................................................................................................................35Table 4 Web Configurator Icons in the Title Bar  ....................................................................................43Table 5 Navigation Panel Summary  ......................................................................................................43Table 6 Example Internet Access Information  .......................................................................................49Table 7 Wizard > Step 1 > System Information  .....................................................................................62Table 8 Wizard > Step 2 > Wireless LAN  ...............................................................................................63Table 9 Wizard > Step 2 > Basic (WEP) Security  ..................................................................................64Table 10 Wizard > Step 2 > Extend (WPA-PSK or WPA2-PSK) Security  ..............................................65Table 11 Wizard > Step 2 > OTIST  ........................................................................................................66Table 12 Wizard > Step 3 > ISP Parameters for Internet Access Screen  ..............................................67Table 13 Wizard > Step 3 > Antenna Selection  .....................................................................................69Table 14 Wizard > Step 3 > IP Address  .................................................................................................70Table 15 Wizard > Step 3 > WAN IP Address Assignment  ....................................................................71Table 16 VOIP Wizard Configuration  .....................................................................................................74Table 17 Status Screen  ..........................................................................................................................80Table 18 The Site Information Screen  ...................................................................................................84Table 19 The WiMAX Profile Screen  .....................................................................................................84Table 20 Packet Statistics  ......................................................................................................................86Table 21 DHCP Table  ............................................................................................................................87Table 22 VoIP Statistics  .........................................................................................................................87Table 23 Types of Encryption for Each Type of Authentication  .............................................................93Table 24 Network > Wireless LAN > General  ........................................................................................95Table 25 Wireless No Security  ...............................................................................................................96Table 26 Network > Wireless LAN > General: Static WEP  ....................................................................97Table 27 Network > Wireless LAN > General: WPA-PSK/WPA2-PSK  ..................................................98Table 28 Network > Wireless LAN > General: WPA/WPA2  .................................................................100Table 29 Network > Wireless LAN > OTIST  ........................................................................................102Table 30 Network > Wireless LAN > MAC Filter  ..................................................................................105Table 31 Network > Wireless LAN > Advanced  ...................................................................................106Table 32 Network > WAN > Internet Connection  .................................................................................109Table 33 Radio Frequency Conversion  ................................................................................................111Table 34 DL Frequency Example Settings  ...........................................................................................112Table 35 Network > WAN > WiMAX Frequency  ...................................................................................113Table 36 Example Supported Frequencies (GHz)  ................................................................................113Table 37 Network > WAN > Advanced  .................................................................................................115Table 38 Network > WAN > Traffic Redirect  .........................................................................................116
List of TablesMAX-200HW2 Series User s Guide28Table 39 Network > WAN > Antenna Selection  ....................................................................................117Table 40 Network > LAN > IP  ..............................................................................................................122Table 41 Network > LAN > DHCP Setup  .............................................................................................123Table 42 Network > LAN > Static DHCP  ..............................................................................................124Table 43 Network > LAN > Client List  ..................................................................................................125Table 44 Network > LAN > IP Alias  .....................................................................................................126Table 45 Network > LAN > Advanced  ..................................................................................................127Table 46 Network > NAT > General  .....................................................................................................131Table 47 Network > NAT > Port Forwarding  ........................................................................................133Table 48 Network > NAT > Port Forwarding > Edit  ..............................................................................134Table 49 Network > NAT > Trigger Port  ...............................................................................................135Table 50 Network > NAT > ALG  ..........................................................................................................135Table 51 Network > VPN Transport > General  ....................................................................................140Table 52 Network > VPN Transport > Customer Interface  ..................................................................141Table 53 Network > VPN Transport > Customer Interface Edit  ...........................................................142Table 54 Network > VPN Transport > Ethernet Pseudowire  ................................................................144Table 55 Network > VPN Transport > Ethernet Pseudowire > Edit  .....................................................145Table 56 Network > VPN Transport > Statistics  ...................................................................................146Table 57 SIP Call Progression  .............................................................................................................150Table 58 Custom Tones Details  ...........................................................................................................155Table 59 VoIP > SIP > SIP Settings  .....................................................................................................157Table 60 VoIP > SIP > SIP Settings > Advanced  ................................................................................160Table 61 VoIP > SIP > QoS  .................................................................................................................163Table 62 European Type Flash Key Commands  .................................................................................166Table 63 USA Type Flash Key Commands  .........................................................................................168Table 64 VoIP > Phone > Analog Phone  .............................................................................................169Table 65 VoIP > Phone > Analog Phone > Advanced  .........................................................................170Table 66 VoIP > Phone > Common  .....................................................................................................171Table 67 VoIP > Phone > Region  ........................................................................................................171Table 68 VoIP > Phone Book > Incoming Call Policy  ..........................................................................174Table 69 VoIP > Phone Book > Speed Dial  .........................................................................................176Table 70 Security > Firewall > General  ................................................................................................183Table 71 Security > Firewall > Services  ...............................................................................................184Table 72 Security > Certificates > My Certificates  ...............................................................................191Table 73 Security > Certificates > My Certificates > Create  ................................................................193Table 74 Security > Certificates > My Certificates > Details  ................................................................196Table 75 Security > Certificates > My Certificates > Import  .................................................................199Table 76 Security > Certificates > Trusted CAs  ...................................................................................200Table 77 Security > Certificates > Trusted CAs > Details  ....................................................................202Table 78 Security > Certificates > Trusted CAs Import  ........................................................................204Table 79 Security > Content Filter > Filter  ...........................................................................................206Table 80 Security > Content Filter > Schedule  ....................................................................................207Table 81 Management > Static Route > IP Static Route  ......................................................................210
 List of TablesMAX-200HW2 Series User s Guide 29Table 82 Management > Static Route > IP Static Route > Edit  ............................................................211Table 83   ..............................................................................................................................................213Table 84 Management > Remote MGMT > WWW  ..............................................................................214Table 85 Management > Remote MGMT > Telnet  ...............................................................................215Table 86 Management > Remote MGMT > FTP  .................................................................................215Table 87 SNMP Traps  ..........................................................................................................................217Table 88 Remote Management: SNMP  ...............................................................................................218Table 89 Management > Remote MGMT > DNS  .................................................................................219Table 90 Management > Remote MGMT > Security  ...........................................................................220Table 91 Management > UPnP  ............................................................................................................231Table 92 Pre-defined NTP Time Servers  .............................................................................................234Table 93 Maintenance > System > General  ........................................................................................235Table 94 Maintenance > System > Dynamic DNS  ...............................................................................237Table 95 Maintenance > System > Time Setting  .................................................................................238Table 96 Syslog Logs  ..........................................................................................................................242Table 97 RFC-2408 ISAKMP Payload Types  ......................................................................................242Table 98 Maintenance > Logs > View Log  ...........................................................................................243Table 99 Maintenance > Logs > Log Settings  .....................................................................................244Table 100 System Error Logs  ..............................................................................................................245Table 101 System Maintenance Logs  ..................................................................................................246Table 102 Access Control Logs  ...........................................................................................................246Table 103 TCP Reset Logs  ..................................................................................................................247Table 104 Packet Filter Logs  ...............................................................................................................248Table 105 ICMP Logs  ..........................................................................................................................248Table 106 CDR Logs  ...........................................................................................................................248Table 107 PPP Logs  ............................................................................................................................248Table 108 UPnP Logs  ..........................................................................................................................249Table 109 Content Filtering Logs  .........................................................................................................249Table 110 Attack Logs  ..........................................................................................................................249Table 111 Remote Management Logs  .................................................................................................250Table 112 ICMP Notes  .........................................................................................................................251Table 113 SIP Logs  ..............................................................................................................................252Table 114 RTP Logs  ............................................................................................................................252Table 115 FSM Logs: Caller Side  ........................................................................................................252Table 116 FSM Logs: Callee Side  .......................................................................................................253Table 117 Lifeline Logs  ........................................................................................................................253Table 118 Maintenance > Tools > Firmware  ........................................................................................256Table 119 Maintenance > Tools > Configuration  ..................................................................................258Table 120 Product Specifications  .........................................................................................................269Table 121 Physical Features  ...............................................................................................................270Table 122 Non-Physical Features  ........................................................................................................270Table 123 IP Address Network Number and Host ID Example  ...........................................................310Table 124 Subnet Masks  ......................................................................................................................311
List of TablesMAX-200HW2 Series User s Guide30Table 125 Maximum Host Numbers  .....................................................................................................311Table 126 Alternative Subnet Mask Notation  ........................................................................................311Table 127 Subnet 1  ..............................................................................................................................313Table 128 Subnet 2  ..............................................................................................................................314Table 129 Subnet 3  ..............................................................................................................................314Table 130 Subnet 4  ..............................................................................................................................314Table 131 Eight Subnets  ......................................................................................................................314Table 132 24-bit Network Number Subnet Planning  ............................................................................315Table 133 16-bit Network Number Subnet Planning  ............................................................................315Table 134 IEEE 802.11g  ......................................................................................................................323Table 135 Wireless Security Levels  .....................................................................................................324Table 136 Comparison of EAP Authentication Types  ..........................................................................327Table 137 Wireless Security Relational Matrix  ....................................................................................330Table 138 Commonly Used Services  ...................................................................................................333
31PART IIntroductionGetting Started  (33)Introducing the Web Configurator  (39)
32
MAX-200HW2 Series User s Guide 33CHAPTER  1 Getting StartedThis chapter introduces the main features and applications of the ZyXEL Device.1.1  About Your ZyXEL Device    The ZyXEL Device is a WiMAX WiFi router with built-in switch and VoIP. It allows you to access the Internet by connecting to a WiMAX wireless network. You can create a WiFi network using the Wireless LAN feature.You can use a traditional analog telephone to make Internet calls using the ZyXEL Device!s Voice over IP (VoIP) communication capabilities. You can configure firewall and content filtering for secure Internet access, as well as a host of other features. The web browser-based Graphical User Interface (GUI), also known as the web configurator, provides easy management.See Chapter 25 on page 269 for a complete list of features for your model.At the time of writing, this User!s Guide covers the following models:This User!s Guide uses screens and example settings from the MAX-210HW2 model.1.1.1  Wireless Internet AccessConnect your computer or network to the ZyXEL Device for wireless Internet access. See the Quick Start Guide for instructions on hardware connection.In a wireless metropolitan area network (MAN), the ZyXEL Device connects to a base station (BS) for Internet access. The following diagram shows a notebook computer equipped with the ZyXEL Device connecting to the Internet through a base station (marked BS).Table 2   Models CoveredMAX-200HW22.5GhzMAX-210HW23.5GhzMAX-230HW22.3Ghz
Chapter 1Getting StartedMAX-200HW2 Series User s Guide34Figure 1   Mobile Station and Base StationYou can also configure firewall and content filtering on the ZyXEL Device for secure Internet access. When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files. Use content filtering to block access to web sites with URLs containing keywords that you specify. You can define time periods and days during which content filtering is enabled and include or exclude particular computers on your network from content filtering. For example, you could block access to certain web sites for the kids.1.1.2  WiFi NetworkThe ZyXEL Device Wireless LAN feature allows IEEE 802.11b or IEEE 802.11g compatible wireless clients to access the Internet or the local network as well as to communicate with each other. Wireless stations can move freely anywhere in the coverage area and use resources on the wired network.Figure 2   WLAN Application Example1.1.3  Make Calls via Internet Telephony Service ProviderIn a home or small office environment, you can use the ZyXEL Device to make and receive the following types of VoIP telephone calls: Peer-to-Peer calls (A) - Use the ZyXEL Device to make a call to the recipient!s IP address without using a SIP proxy server.
 Chapter 1Getting StartedMAX-200HW2 Series User s Guide 35 Calls via a VoIP service provider (B) - The ZyXEL Device sends your call to a VoIP service provider!s SIP server which forwards your calls to either VoIP or PSTN phones.Figure 3   ZyXEL Device s VoIP Features1.2  ZyXEL Device HardwareFollow the instructions in the Quick Start Guideto make hardware connections.1.2.1  LEDsThe following figure shows the LEDs (lights) on the ZyXEL Device.Figure 4   The ZyXEL DeviceThe following table describes your ZyXEL Device!s LEDs.Table 3   The ZyXEL DeviceLED STATE DESCRIPTIONPWROFFThe ZyXEL Device is not receiving power.REDThe ZyXEL Device is receiving power but has been unable to start up correctly. See the Troubleshooting section for more information.RED / ORANGE(BLINKING)The ZyXEL Device is starting up.GREENThe ZyXEL Device is receiving power and functioning correctly.GREEN (BLINKING)The ZyXEL Device is performing a self-test.
Chapter 1Getting StartedMAX-200HW2 Series User s Guide361.2.2  AntennasIf you have a MAX-210HW2 you should have a 2dBi WiFi omni antenna and a 2dBi WiMAX omni antenna. Connect the WiFi antenna to the SMA connector port labelled WiFi. Connect the WiMAX antenna to the SMA connector port labelled WiMAX. Make sure you connect the correct antenna to the correct connector port.LAN 1 to 4OFFThe LAN is not connected.GREENThe ZyXEL Device has a successful Local Area Network (Ethernet) connection. GREEN(BLINKING)Your device is sending/receiving data through the wireless LAN.VoIP 1 to 2OFFNo SIP account is registered, or the ZyXEL Device is not receiving power.GREENA SIP account is registered.GREEN(BLINKING)A SIP account is registered, and the phone attached to the LINE port is in use (off the hook).ORANGEA SIP account is registered and has a voice message.ORANGE (BLINKING)A SIP account is registered and has a voice message, and the phone attached to the LINE port is in use (off the hook).LINKOFFThe ZyXEL Device is not connected to a wireless (WiMAX) network.GREENThe ZyXEL Device is successfully connected to a wireless (WiMAX) network.GREEN(BLINKING SLOWLY)The ZyXEL Device is searching for a wireless (WiMAX) network.GREEN(BLINKING QUICKLY)The ZyXEL Device has found a wireless (WiMAX) network and is connecting.WLANOFFThe wireless LAN is not ready or has failed.GREENThe wireless LAN is active.GREEN(BLINKING)The ZyXEL Device is sending/receiving data through the wireless LAN.SIGNAL 1 ~ 5The SIGNAL LEDs display the Received Signal Strength Indication (RSSI) of the wireless (WiMAX) connection. NO SIGNAL LEDS ONThere is no wireless connection.SIGNAL 1 ONThe signal strength is less than -80 dBmSIGNAL 2 ONThe signal strength is between -79 and -70 dBmSIGNAL 3 ONThe signal strength is between -69 and -60 dBmSIGNAL 4 ONThe signal strength is between -59 and -50 dBmSIGNAL 5 ONThe signal strength is more than -50 dBmTable 3   The ZyXEL DeviceLED STATE DESCRIPTION
 Chapter 1Getting StartedMAX-200HW2 Series User s Guide 37If you have a MAX-200HW2 or MAX-210HW2 you should have a 2dBi Wifi omni antenna and a panel directional antenna. Connect the WiFi omni antenna to the connector port labelled WiFi. Connect the cable to the panel directional antenna and connector port labelled WiMAX. Make sure you position the panel directional antenna as far away from the device as possible to minimize interference. See the panel directional antenna documentation on how to set it up.The MAX-210HW2 is also equipped with one internal 6dBi directional patch antenna for WiMAX. If your signal strength is poor (use the SIGNAL LEDs to gauge received signal strength) orient the front of the ZyXEL Device (the side with the LEDs) towards the base station. If you do not know the location of the base station, experiment with moving the ZyXEL Device while observing the SIGNAL LEDs.1.3  Good Habits for Managing the ZyXEL DeviceDo the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effectively. Change the password. Use a password that!s not easy to guess and that consists of different types of characters, such as numbers and letters. Write down the password and put it in a safe place. Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the ZyXEL Device becomes unstable or even crashes. If you forget your password, you will have to reset the ZyXEL Device to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the ZyXEL Device. You could simply restore your last configuration.
Chapter 1Getting StartedMAX-200HW2 Series User s Guide38
MAX-200HW2 Series User s Guide 39CHAPTER  2 Introducing the WebConfiguratorThis chapter describes how to access and navigate the web configurator.2.1  Web Configurator OverviewThe web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.In order to use the web configurator you need to allow: Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2. JavaScripts (enabled by default). Java permissions (enabled by default).See the Troubleshooting chapter if you need to make sure these functions are allowed in Internet Explorer.2.1.1  Accessing the Web Configurator1Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide).2Launch your web browser.3Type "192.168.1.1" as the URL.4A password screen displays. The default password ("1234#) displays in non-readable characters. If you haven!t changed the password yet, you can just click Login. Click Cancel to revert to the default password in the password field. If you have changed the password, enter your password and click Login.
Chapter 2Introducing the Web ConfiguratorMAX-200HW2 Series User s Guide40Figure 5   Password Screen5The following screen displays if you have not yet changed your password. It is highly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.Figure 6   Change Password Screen6Click Apply in the next screen to create a certificate using your ZyXEL Device!s MAC address that will be specific to this device. This certificate is used for authentication when using a secure HTTPS connection over the Internet. Figure 7   Replace Certificate Screen
 Chapter 2Introducing the Web ConfiguratorMAX-200HW2 Series User s Guide 417 A screen displays to let you choose whether to go to the wizard or the advanced screens. Click Go to Wizard setup if you are logging in for the first time or if you want to make basic changes. The wizard selection screen appears after you click Apply. See Chapter 4 on page 61 for more information. Click Go to Advanced setup if you want to configure features that are not available in the wizards. The main screen appears after you click Apply. See Section 2.2 on page 42 for more information. Click Exit if you want to log out.For security reasons, by default the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes. If this happens, log in again.Figure 8   Wizard or Advanced Screen 2.1.2  The RESET ButtonIf you forget your password or cannot access the web configurator, you will need to use the RESET button to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to "1234#.2.1.2.1  Using The Reset Button1Make sure the POWER light is on (not blinking).2To set the device back to the factory default settings, press the RESET button for ten seconds or until the POWER light begins to blink and then release it. When the POWER light begins to blink, the defaults have been restored and the device restarts. 3Reconfigure the ZyXEL Device, following the steps in your Quick Start Guide.
Chapter 2Introducing the Web ConfiguratorMAX-200HW2 Series User s Guide422.2  Web Configurator Main ScreenFigure 9   Main ScreenAs illustrated above, the main screen is divided into these parts: A - title bar B - navigation panel C - main window D - status bar2.2.1  Title BarThe title bar provides some icons in the upper right corner.CBAD
 Chapter 2Introducing the Web ConfiguratorMAX-200HW2 Series User s Guide 43The icons have the following functions.2.2.2  Navigation PanelUse the menu items on the navigation panel to open screens to configure ZyXEL Device features. The following table describes the menu items.Table 4   Web Configurator Icons in the Title BarICON  DESCRIPTIONWizards: Click this icon to go to the configuration wizards. See Chapter 4 on page 61 for more information.Logout: Click this icon to log out of the web configurator.Table 5   Navigation Panel SummaryLINK TAB FUNCTIONStatus This screen contains administrative and system-related information.NetworkWireless LAN General Use this screen to enable Wireless LAN and configure WiFi security.OTIST Use this screen to enable OTIST.MAC Filter Use this screen to configure the MAC address filtering options.Advanced Use this screen to set the 802.11 mode.WAN Internet ConnectionUse this screen to configure ISP parameters, WAN IP address assignment and other advanced properties.WiMAXFrequencyUse this screen to set the radio frequencies the ZyXEL Device searches for a WiMAX connection.Advanced Use this screen to configure DNS servers, RIP & Multicast, and Windows networking settings.Traffic Redirect Use this screen to configure your traffic redirect propertiesAntenna SelectionUse this screen to choose which antenna (external or internal) you want the ZyXEL Device to use.LAN IP Use this screen to configure LAN TCP/IP settings.DHCP Setup Use this screen to configure LAN DHCP and DNS settings.Static DHCP Use this screen to always assign specific IP addresses to individual MAC addresses.Client List Use this screen to view current DHCP client information.IP Alias Use this screen to partition your LAN interface into subnets.Advanced Use this screen to configure RIP and Multicast setup settings.NAT General Use this screen to enable NAT.Port Forwarding Use this screen to make your localservers visible to the outside world.Trigger Port Use this screen to set port triggering rules.ALG Use this screen to configure Application Level Gateway settings.
Chapter 2Introducing the Web ConfiguratorMAX-200HW2 Series User s Guide44VPN Transport General Use the General screen to turn VPN transport on or off, and to set the VPN transport endpoint (your service provider s router).Customer InterfaceUse this screen to configure the VPNs used by the ZyXEL Device.Ethernet PseudowireUse this screen to configure Ethernet pseudowires. Each Ethernet pseudowire mimics a regular wired Ethernet connection, transporting VPLS data over the WiMAX network.Statistics Use this screen to view details and performance information of each active customer interface and its associated Ethernet pseudowire.VoIPSIP SIP Settings Use this screen to configure your ZyXEL Device s Voice over IP settings.QoS Use this screen to configure your ZyXEL Device s Quality of Service settings for VoIP.Phone Analog Phone Use this screen to set which SIP account to use for outgoing or incoming calls.Common Use this screen to configure general phone settings.Region Use this screen to select your location and call service mode.Phone Book Incoming Call PolicyUse this screen to configure call-forwarding.Speed Dial Use this screen to configure speed dial for SIP phone numbers that you call often.SecurityFirewall General Use this screen to activate/deactivate the firewall and the default action to take on network traffic going in specific directions. Services Use this screen to set the days and times for your device to perform service blocking.Certificates My Certificates Use this screen to generate and export self-signed certificates or certification requests and import the ZyXEL Device s CA-signed certificates.Trusted CAs Use this screen to save CA certificates and trusted remote host certificates to the ZyXEL Device.Content Filter Filter Use this screen to block sites containing certain keywords in the URL, exclude a range of users on the LAN from content filtering on your ZyXEL Device and restrict certain web features.Schedule Use this screen to set the days and times for your ZyXEL Device to perform content filtering.ManagementStatic Route IP Static Route Use this screen to configure IP static routes to tell your device about networks beyond the directly connected remote nodes.Table 5   Navigation Panel SummaryLINK TAB FUNCTION
 Chapter 2Introducing the Web ConfiguratorMAX-200HW2 Series User s Guide 452.2.3  Main WindowThe main window displays information and configuration fields. It is discussed in the rest of this document.Right after you log in, the Status screen is displayed. See Chapter 6 on page 79 for more information about the Status screen.2.2.4  Status BarCheck the status bar when you click Apply or OK to verify that the configuration has been updated.Remote MGMT WWW Use this screen to configure through which interface(s) and from which IP address(es) users can use HTTP to manage the ZyXEL Device.Telnet Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the ZyXEL Device.FTP Use this screen to configure through which interface(s) and from which IP address(es) users can use FTP to access the ZyXEL Device.SNMP Use this screen to configure your ZyXEL Device s settings for Simple Network Management Protocol management.DNS Use this screen to configure through which interface(s) and from which IP address(es) users can send DNS queries to the ZyXEL Device.Security Use this screen to set whether or not your device will respond to pings and probes for services that you have not made available.UPnP General Use this screen to turn UPnP on or off.MaintenanceSystem General This screen contains administrative and system-related information and also allows you to change your password.Dynamic DNS Use this screen to set up Dynamic DNS.Time Setting Use this screen to change your ZyXEL Device s time and date.Logs View Log Use this screen to display your device s logs.Log Settings Use this screen to select which logs and/or immediate alerts your device is to record. You can also set it to e-mail the logs to you.Tools Firmware Use this screen to upload firmware to your device.Configuration Use this screen to backup and restore your device s configuration (settings) or reset the factory default settings.Restart This screen allows you to reboot the ZyXEL Device without turning the power off.Table 5   Navigation Panel SummaryLINK TAB FUNCTION
Chapter 2Introducing the Web ConfiguratorMAX-200HW2 Series User s Guide46
47PART IITutorials and WizardTutorial  (49)Internet Setup Wizard  (61)VoIP Wizard  (73)
48
MAX-200HW2 Series User s Guide 49CHAPTER  3 TutorialThis chapter provides examples showing how to use the ZyXEL Device to access the Internet, set up a WiFi network, set up VoIP and make a telephone call over the Internet using the ZyXEL Device!s speed dial feature. 3.1  Connect to the InternetThis section shows how to set up your Internet access details on the ZyXEL Device and configure your WiMAX frequency settings. See Section 8.2 on page 107 for more information on how WiMAX works.3.1.1  Configure Internet Access SettingsTo access the Internet, you need information from your Internet Service Provider (ISP) about your account and the network. In this example, your ISP has given you the following information.The information provided by your ISP may be quite different from this example information. When you enter user information, always enter the information supplied by your service provider and leave other fields at their defaults.Your ISP has also told you that you will be assigned a dynamic IP address each time you connect to the Internet. See Section 8.3 on page 108 for more details about dynamic and static IP addresses. Table 6   Example Internet Access InformationUsernameUser1234Password4321CertificateIncluded on CDAuthentication TypeTTLSTTLS Inner EAP modeCHAP
Chapter 3TutorialMAX-200HW2 Series User s Guide50Once you have connected the ZyXEL Device to your computer and accessed the Web Configurator (see the Quick Start Guide for details) follow the steps below to connect to a network.1First, install your security certificate. In the Web Configurator, click Security > Certificates.Figure 10   Tutorial: Security2Click the Trusted CAs tab.Figure 11   Tutorial: Trusted CAs Tab3The following screen displays. This is where you can choose a security certificate for the ZyXEL Device to use. Figure 12   Tutorial: Trusted CAs Screen4Click Import, then click Browse in the screen that appears. Browse to the location of your certificate (on the CD from your ISP in this example) and click Open.5The certificate!s location displays in the File Path field. Click Apply. The Trusted CAsscreen displays again, showing the certificate!s details in the Trusted CA Certificatessection. You have successfully uploaded your certificate!6Next, configure your Internet access settings. In the Web Configurator, click Network > WAN in the navigation panel.
 Chapter 3TutorialMAX-200HW2 Series User s Guide 51Figure 13   Tutorial: Network7The following screen displays. This screen is where you enter your Internet access details.Not all fields are available in all ZyXEL Devices.Figure 14   Tutorial: Internet Access Settings In the ISP Parameters for Internet Access area, enter your username ($User1234!) in the User field, and enter your password ($4321!) in the Password field. Select TTLSfrom the Authentication list, and select CHAP from the TTLS Inner EAP list. Leave PKM at its default.In the WAN IP Address Assignment area, make sure that Get Automatically from ISP (Default) is selected. Leave all other fields at their default values.
Chapter 3TutorialMAX-200HW2 Series User s Guide528Click Apply. Your Internet access settings are saved to the ZyXEL Device, and are used automatically each time you connect to the Internet.3.1.2  Configure WiMAX SettingsThe WiMAX Frequency screen allows you to specify a set of frequencies to search for a connection to a base station. Before you start, you need information from your ISP about the supported frequencies. In this example, your ISP has told you that the supported WiMAX frequencies are at 2.55 and 2.56 Gigahertz (GHz). See Section 8.4 on page 111 for more information on radio frequencies.Follow the steps below to configure your frequency settings.1Click Network > WAN > WiMAX Frequency to open the screen shown next.Figure 15   Tutorial: WiMAX Frequency Setup2Enter the frequency settings your ISP gave you in the DL Frequency fields. Note that these fields are in kilohertz (kHz).2.55 GHz is equal to 2550000 kHz, so enter 2550000 in the DL Frequency [1] field.2.56 GHz is equal to 2560000 kHZ, so enter 2560000 in the DL Frequency [2] field.3Click Apply to save your settings. The ZyXEL Device scans for an available wireless connection at the DL Frequency [1] setting (2.55 GHz) and, if it does not find an available connection, searches at the DL Frequency [2] setting (2.56 GHz). When it finds an available connection, the fields in this screen will be automatically set to use that frequency.For an example of using the WiMAX Frequency screen to configure more frequencies, see Section 8.4.2.1 on page 113.4Look at the LEDs on your ZyXEL Device. When the ZyXEL Device successfully connects to a base station, the LINK LED shines green steadily. The SIGNAL 1 ~ 5LEDs indicate the signal strength, with SIGNAL 5 showing a very strong signal and SIGNAL 1 showing a very weak signal.5Open your Internet browser and enter http://www.zyxel.com or the URL of any other web site in the address bar. If you are able to access the web site, your wireless
 Chapter 3TutorialMAX-200HW2 Series User s Guide 53connection is successfully configured. If you cannot access the web site, check the Troubleshooting section of this User's Guide.3.2  Set Up a WiFi NetworkAn access point (AP) or wireless router is referred to as an "AP# and a computer with a wireless network card or USB/PCI adapter is referred to as a "wireless client# here.We use the M-302 utility screens as an example for the wireless client. The screens may vary for different models.3.2.1  Configuring the AP (Your ZyXEL Device)Follow the steps below to configure the wireless settings on your ZyXEL Device.1Open the Wireless LAN > General screen in the ZyXEL Device!s web configurator.Figure 16   Network > Wireless LAN > General2Make sure the Enable Wireless LAN check box is selected.3Enter SSID_Example3 as the SSID and select a channel.4Set security mode to WPA-PSK and enter ThisismyWPA-PSKpre-sharedkey in the Pre-Shared Key field. Click Apply.5Open the Status screen.Verify your wireless and wireless security settings under Device Information.SSID SSID_Example3Channel 6Security  WPA-PSK(Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey)802.11 mode IEEE 802.11b/g
Chapter 3TutorialMAX-200HW2 Series User s Guide54Figure 17   Network > Wireless LAN > Device Information6Check if the WLAN connection is up under Interface Status.Figure 18   Network > Wireless LAN > Interface Status3.3  Connect to the WiFi NetworkThis section describes how to connect the wireless client to your WiFi network.
 Chapter 3TutorialMAX-200HW2 Series User s Guide 553.3.1  Connecting to a Wireless LANThe following sections show you how to join a wireless network using the ZyXEL utility, as in the following diagram. The wireless client is labelled C and the access point is labelled AP.There are three ways to connect the client to an access point. Configure nothing and leave the wireless client to automatically scan for and connect to any available network that has no wireless security configured. Manually connect to a network. Configure a profile to have the wireless client automatically connect to a specific network or peer computer. This example illustrates how to manually connect your wireless client to an access point (AP) which is configured for WPA-PSK security and connected to the Internet. Before you connect to the access point, you must know its Service Set IDentity (SSID) and WPA-PSK pre-shared key. In this example, the SSID is "SSID_Example3# and the pre-shared key is "ThisismyWPA-PSKpre-sharedkey#. After you install the ZyXEL utility and then insert the wireless client, follow the steps below to connect to a network using the Site Survey screen. 1Open the ZyXEL utility and click the Site Survey tab to open the screen shown next.2The wireless client automatically searches for available wireless networks. Click Scan if you want to search again. If no entry displays in the Available Network List, that means there is no wireless network available within range. Make sure the AP or peer computer is turned on or move the wireless client closer to the AP or peer computer.3When you try to connect to an AP with security configured, a window will pop up prompting you to specify the security settings. Enter the pre-shared key and leave the encryption type at the default setting.Use the Next button to move on to the next screen. You can use the Back button at any time to return to the previous screen, or the Exit button to return to the Site Surveyscreen.
Chapter 3TutorialMAX-200HW2 Series User s Guide56Figure 19   ZyXEL Utility: Security Settings 4The Confirm Save window appears. Check your settings and click Save to continue.Figure 20   ZyXEL Utility: Confirm Save5The ZyXEL utility returns to the Link Info screen while it connects to the wireless network using your settings. When the wireless link is established, the ZyXEL utility icon in the system tray turns green and the Link Info screen displays details of the active connection. Check the network information in the Link Info screen to verify that you have successfully connected to the selected network. If the wireless client is not connected to a network, the fields in this screen remain blank. Figure 21   ZyXEL Utility: Link Info 6Open your Internet browser and enter http://www.zyxel.com or the URL of any other web site in the address bar. If you are able to access the web site, your wireless connection is successfully configured.
 Chapter 3TutorialMAX-200HW2 Series User s Guide 57If you cannot access the web site, try changing the encryption type in the SecuritySettings screen, check the Troubleshooting section of this User's Guide or contact your network administrator.3.4  Make a Telephone Call Over the InternetTo make a call over the Internet using the ZyXEL Device, first do the following things: Set up hardware connections from the ZyXEL Device to your computer, your telephone and the power supply (see the Quick Start Guide for more details on hardware connections). Set up your Internet access and WiMAX settings on the ZyXEL Device (see Section 3.1.1 on page 49 and Section 3.1.2 on page 52 for examples). Set up an account with a Voice over IP (VoIP) provider. This account (called a SIP account) allows you to make calls over the Internet. See Chapter 12 on page 149 for more information on SIP accounts.Use the sections below to set up your SIP account and speed dialing, and place a VoIP call.3.4.1  Configure Your SIP AccountYour ZyXEL Device needs to be configured with the details of your SIP account before you can use it to make calls over the Internet. In this example, your SIP identity is "id123@abcvoip.com#, your user name is "id123# and your password is "zyx987#. Your VoIP provider has told you that the SIP server address is "sipserver-abcvoip.com#. See Section12.1.3 on page 149 for more information on SIP identities.Once you have connected the ZyXEL Device to your computer and accessed the Web Configurator (see the Quick Start Guide for details) follow the steps below to configure your SIP settings.1In the Web Configurator, click VoIP > SIP in the navigation panel. The following screen displays. This screen is where you enter your SIP account details.
Chapter 3TutorialMAX-200HW2 Series User s Guide58Figure 22   Tutorial: SIP Account Setup2Select SIP1 from the SIP Account list and  make sure that the Active SIP Account box is selected.3Enter your SIP user name ($id123!) in the Number field.4Enter your VoIP provider!s SIP server name ($sipserver-abcvoip.com!) in the SIP Server Address field. As your VoIP provider did not give you a different REGISTER Server Address, enter $sipserver-abcvoip.com! again.Enter your VoIP provider!s domain name ($abcvoip.com!) in the SIP Service Domainfield.5In the Authentication area, enter $id123! in the User Name field, and $zyx987! in the Password field. Leave the SIP Local Port,SIP Server Port and REGISTER Server Port fields at their default values, as your VoIP provider did not supply port details. Click Apply.6Click on the Status button in the navigation panel to check that your SIP account is correctly registered. Look in the VoIP Status area towards the bottom of the Status screen. If the SIP 1account displays Registered in the Registration field, it is ready to use. If the Registration field for the SIP 1 account displays Register Fail or Inactive, click the Register button, check your settings in the VoIP > SIP screen or contact your VoIP provider to confirm that you have the correct settings and that your account is active.3.4.2  Configure a Phone Once you have set up your SIP account, click VoIP > Phone > Analog Phone in the navigation panel. The following screen displays.
 Chapter 3TutorialMAX-200HW2 Series User s Guide 59Figure 23   Tutorial: the Analog Phone ScreenUse this screen to make sure that the phone connected to your ZyXEL Device uses the correct SIP account.1Select Phone1 from the drop-down list box.2In the Outgoing Call Use area, select SIP1.3In the Incoming Call apply to area, select both SIP1 and SIP2.4Click Apply. Your analog phone settings are saved.3.4.3  Set Up Speed Dialing and Make a CallIn this example you want to set up speed dialling to make calls to a friend, Bob, whose SIP account number is 2345@xyzvoip.com. Your voIP provider, abcvoip.com, has told you that to call an xyzvoip.com number you must add $555! at its start.Different VoIP providers implement calls to other networks in different ways. Check with your provider for details.To configure speed dialling on the ZyXEL Device, click VoIP > Phone Book > Speed Dial.The following screen displays.
Chapter 3TutorialMAX-200HW2 Series User s Guide60Figure 24   Tutorial: the Speed Dial ScreenUse the following steps to set up a speed dial entry.1You can have up to ten speed dial rules. Select the rule number (1, in this example) from the Speed Dial drop-down list box.2In the Number field, enter "5552345# and in the Name field enter "Bob#. Under Type,select Use Proxy and click Add.The new speed dial rule is displayed in the Speed Dial Phone book List.Figure 25   Tutorial: New Speed Dial RuleUse the following steps to call a number from the speed dial list.1Ensure that your phone is correctly connected to the ZyXEL Device. See the Quick Start Guide for details of hardware connections.2Lift the phone!s receiver and type the speed dial number exactly as it appears in the Speed Dial Phone Book list. In this case, Bob!s phone number occupies rule #01, so dial "#01# on the phone!s keypad to make the call.
MAX-200HW2 Series User s Guide 61CHAPTER  4 Internet Setup WizardThis chapter provides information on the wizard setup screens for Internet access.4.1  Wizard Setup OverviewThe wizard will guide you through several steps. You will need to enter some information for identification purposes, then the wizard will guide you through configuring your Internet settings.4.2  Internet Connection Wizard Setup1After you enter the password to access the web configurator, select Go to Wizard setup.Otherwise, click the wizard icon () in the top right corner of the web configuratortogo to the wizards. Figure 26   Select a Mode2Click CONNECTION WIZARD to configure the system for Internet access.3The following screen displays. Click Next to continue. Click Back at any time to return to the previous screen, or Exit to leave the wizard setup.
Chapter 4Internet Setup WizardMAX-200HW2 Series User s Guide62Figure 27   Connection Wizard: Introduction4.3  Step One: System InformationIn the next screen you can give your ZyXEL Device a name (optional) in the System Namefield. Enter up to thirty letters (this field is case-sensitive) or numbers. The $at! symbol (@), dash (-), underscore (_) and period (.) are also permitted. Enter your ISP!s IP address in the Domain Name field if your ISP has instructed you to do so, or if you are having trouble accessing the Internet. Otherwise, leave this field blank. Click Next.Figure 28   Wizard > Step 1 > System InformationThe following table describes the labels in this screen.Table 7   Wizard > Step 1 > System InformationLABEL DESCRIPTIONSystem Name System Name is a unique name to identify the ZyXEL Device in an Ethernet network. Enter a descriptive name. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_" are accepted. Domain Name Type the domain name (if you know it) here. If you leave this field blank, the ISP may assign a domain name via DHCP. The domain name entered by you is given priority over the ISP assigned domain name.Back Click Back to display the previous screen.Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving.
 Chapter 4Internet Setup WizardMAX-200HW2 Series User s Guide 634.4  Step Two: Wireless LAN WizardSet up your wireless LAN using the following screens.4.4.1  Wireless LAN ScreenFigure 29   Wizard > Step 2 > Wireless LAN The following table describes the labels in this screen.Table 8   Wizard > Step 2 > Wireless LANLABEL DESCRIPTIONName (SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.If you change this field on the ZyXEL Device, make sure all wireless stations use the same SSID in order to access the network.Security Select a Security level from the drop-down list box.Choose Auto to have the ZyXEL Device generate a pre-shared key automatically. If you choose this option go directly to Section 4.4.4 on page 65.Choose None to have no wireless LAN security configured. If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. If you choose this option, skip directly to Section 4.4.4 on page 65.Choose Basic (WEP) security if you want to configure WEP Encryption parameters. If you choose this option, go directly to Section 4.4.2 on page 64.Choose Extend (WPA-PSK or WPA2-PSK) security to configure a Pre-Shared Key. Choose this option only if your wireless clients support WPA-PSK or WPA2-PSK respectively. If you choose this option, skip directly to Section 4.4.3 on page 65.Channel SelectionThe range of radio frequencies used by IEEE 802.11b/g wireless devices is called a channel. Click the Scan button to have the ZyXEL Device automatically select a channel.Back Click Back to display the previous screen.Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving.
Chapter 4Internet Setup WizardMAX-200HW2 Series User s Guide64The ZyXEL Device and other wireless devices must use the same SSID, channel ID and WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) or WPA2-PSK (if WPA2-PSK is enabled) for wireless communication.4.4.2  Basic (WEP) SecurityChoose Basic (WEP) to set up WEP Encryption parameters.Figure 30   Wizard > Step 2 > Basic (WEP) SecurityThe following table describes the labels in this screen.Table 9   Wizard > Step 2 > Basic (WEP) SecurityLABEL DESCRIPTIONPassphrase Type a Passphrase (up to 32 printable characters) and click Generate. The ZyXEL Device automatically generates a WEP key.WEPEncryptionSelect 64-bit WEP or 128-bit WEP to allow data encryption.ASCII Select this option in order to enter ASCII characters as the WEP keys. ASCII characters include the characters available on a standard English language keyboard.HEX Select this option to enter hexadecimal characters as the WEP keys.The preceding !0x" is entered automatically.
 Chapter 4Internet Setup WizardMAX-200HW2 Series User s Guide 654.4.3  Extend (WPA-PSK or WPA2-PSK) SecurityChoose Extend (WPA-PSK) or Extend (WPA2-PSK) security in the Wireless LAN setup screen to set up a Pre-Shared Key.Figure 31   Wizard > Step 2 > Extend (WPA-PSK or WPA2-PSK) SecurityThe following table describes the labels in this screen. 4.4.4  The OTIST ScreenAfter configuring your security settings or choosing Auto or None the OTIST screen will display.You mustenable OTIST if you have selected Auto. For the other security types you may click No if you do not plan to use OTIST. OTIST is only compatible with certain wireless devices, please check your other device!s documentation to see if it supports OTIST. For more information on OTIST see Section 7.4 on page 101.Key 1 to Key 4  The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission.If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters   ("0-9", "A-F"). You must configure at least one key, only one key can be activated at any one time. The default key is key 1.Back Click Back to display the previous screen.Next Click Next to proceed to the next screen. Proceed to Section 4.4.4 on page 65.Exit Click Exit to close the wizard screen without saving.Table 9   Wizard > Step 2 > Basic (WEP) SecurityLABEL DESCRIPTIONTable 10   Wizard > Step 2 > Extend (WPA-PSK or WPA2-PSK) SecurityLABEL DESCRIPTIONPre-Shared KeyType from 8 to 63 case-sensitive ASCII characters. You can set up the most secure wireless connection by configuring WPA in the wireless LAN screens. You need to configure an authentication server to do this.Back Click Back to display the previous screen.Next Click Next to proceed to the next screen. Proceed toExit Click Exit to close the wizard screen without saving.
Chapter 4Internet Setup WizardMAX-200HW2 Series User s Guide66Note: The text in the screen below may be different depending on your chosen security settings.Figure 32   Wizard > Step 2 > OTISTThe following table describes the labels in this screen. 4.5  Step Three: Internet ConfigurationSet up your Internet access using the following screens.4.5.1  Connection Type ScreenLeave the Connection Type at the default setting WIMAX and click Next.Table 11   Wizard > Step 2 > OTISTLABEL DESCRIPTIONEnable OTIST Select Yes to enable OTIST. Select No to not use OTIST.Setup Key If you select Yes then type an OTIST Setup Key of exactly eight ASCII characters in length. Back Click Back to display the previous screen.Next Click Next to proceed to the next screen. Proceed to Section 4.5 on page 66Exit Click Exit to close the wizard screen without saving.
 Chapter 4Internet Setup WizardMAX-200HW2 Series User s Guide 67Figure 33   Wizard > Step 3 > Connection Type Screen4.5.2  ISP Parameters for Internet Access ScreenEnter your Internet account information (username and password) exactly as provided by your ISP. Leave the fields for which you were not given information at their default settings. Click Next to continue.Figure 34   Wizard > Step 3 > ISP Parameters for Internet Access ScreenThe following table describes the labels in this screen.Table 12   Wizard > Step 3 > ISP Parameters for Internet Access ScreenLABEL DESCRIPTIONISP Parameters for Internet AccessUserUse this field to enter the username associated with your Internet access account. You can enter up to 61 printable ASCII characters.PasswordUse this field to enter the password associated with your Internet access account. You can enter up to 47 printable ASCII characters.
Chapter 4Internet Setup WizardMAX-200HW2 Series User s Guide684.5.3  Antenna Selection ScreenIf you have the MAX-210HW2 you can choose to use the internal antenna or external antenna for WiMAX. The internal antenna is fixed, and the external antenna is removable.Anonymous IdentityEnter the anonymous identity provided by your Internet Service Provider. Anonymous identity (also known as outer identity) is used with EAP-TTLS encryption. The anonymous identity is used to route your authentication request to the correct authentication server, and does not reveal your real user name. Your real user name and password are encrypted in the TLS tunnel, and only the anonymous identity can be seen.Leave this field blank if your ISP did not give you an anonymous identity to use.PKMThis field displays the Privacy Key Management version number. PKM provides security between the ZyXEL Device and the base station. At the time of writing, the ZyXEL Device supports PKMv2 only. See the WiMAX security appendix for more information.AuthenticationThis field displays the user authentication method. Authentication is the process of confirming the identity of a mobile station (by means of a username and password, for example).Check with your service provider if you are unsure of the correct setting for your account. Choose from the following user authentication methods:#TTLS (Tunnelled Transport Layer Security)#TLS (Transport Layer Security)Note: Not all ZyXEL Devices support TLS authentication. Check with your service provider for details.TTLS Inner EAPThis field displays the type of secondary authentication method. Once a secure EAP-TTLS connection is established, the inner EAP is the protocol used to exchange security information between the mobile station, the base station and the AAA server to authenticate the mobile station. See the WiMAX security appendix for more details. The ZyXEL Device supports the following inner authentication types:#CHAP (Challenge Handshake Authentication Protocol)#MSCHAP (Microsoft CHAP)#MSCHAPV2 (Microsoft CHAP version 2)#PAP (Password Authentication Protocol)Auth ModeSelect the authentication mode from the drop-down list box.This field is not available in all ZyXEL Devices. Check with your service provider for details.The ZyXEL Device supports the following authentication modes:#User Only#Device Only with Cert#Certs and User AuthenticationCertificateThis is the security certificate the ZyXEL Device uses to authenticate the AAA server. Use the Security > Certificates > Trusted CAscreen to import certificates to the ZyXEL Device.Back Click Back to display the previous screen.Next Click Next to proceed to the next screen.Exit Click Exit to close the wizard screen without saving.Table 12   Wizard > Step 3 > ISP Parameters for Internet Access ScreenLABEL DESCRIPTION
 Chapter 4Internet Setup WizardMAX-200HW2 Series User s Guide 69In the screen that appears, you can select which antenna to use. Select Automatic Selection to have the ZyXEL Device use whichever antenna has the best reception (recommended). Alternatively, if you do not want to use the external antenna, select Use Internal Antenna,and if you do not want to use the internal antenna, select Use External Antenna. Click Next.The MAX-200HW2 and MAX-230HW2 do not have an internal antenna.Figure 35   Wizard > Step 3 > Antenna SelectionThe following table describes the labels in this screen.4.5.4  IP Address ScreenA fixed IP address is a static IP that your ISP gives you. An automatic (dynamic) IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.In the following screen, select Use fixed IP address provided by your ISP if your ISP gave you an IP address to use.Otherwise, select Get automatically from your ISP.Table 13   Wizard > Step 3 > Antenna SelectionLABEL DESCRIPTIONAutomatic SelectionSelect Automatic Selection to have the ZyXEL Device choose which antenna to use. This setting is recommend as it will choose the antenna with the best signal to the base station.Use Internal AntennaSelect Use Internal Antenna to have the ZyXEL Device use it s internal antenna. This option is not applicable for the MAX-200HW2 and MAX-230HW2.Use External AntennaSelect Use External Antenna to have the ZyXEL Device use it s external antenna. BackClick Back to display the previous screen.Next Click Next to proceed to the next screen.Exit Click Exit to close the wizard screen without saving.
Chapter 4Internet Setup WizardMAX-200HW2 Series User s Guide70Figure 36   Wizard > Step 3 > IP AddressThe following table describes the labels in this screen.4.5.5  WAN IP Address AssignmentIf you selected Get automatically from your ISP in the previous screen, skip this step. If you selected Use fixed IP address provided by your ISP, the following screen appears.Enter your IP address, subnet mask, gateway address and DNS details exactly as they were given to you by your ISP.Table 14   Wizard > Step 3 > IP AddressLABEL DESCRIPTIONYour IP AddressGet automatically from ISP (Default)Select this if you have a dynamic IP address. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.Use Fixed IP Address provided by your ISPA static IP address is a fixed IP that your ISP gives you.BackClick Back to display the previous screen.Next Click Next to proceed to the next screen.Exit Click Exit to close the wizard screen without saving.
 Chapter 4Internet Setup WizardMAX-200HW2 Series User s Guide 71Figure 37   Wizard > Step 3 > WAN IP Address AssignmentThe following table describes the labels in this screen.4.5.6  Wizard CompleteClick Finish to complete and save the Connection Wizard settings.Table 15   Wizard > Step 3 > WAN IP Address AssignmentLABEL DESCRIPTIONWAN IP Address AssignmentMy WAN IP AddressType your ISP assigned IP address in this field.My WAN IP Subnet MaskEnter a subnet mask in dotted decimal notation.Refer to the appendicesto calculate a subnet mask If you are implementing subnetting.Gateway IP AddressSpecify a gateway IP address (supplied by your ISP).DNS Server Address AssignmentFirst, Second and Third DNS ServerEnter the DNS server's IP address in the field(s). Leave the IP address set to 0.0.0.0 to ignore the field.BackClick Back to display the previous screen.Next Click Next to proceed to the next screen.Exit Click Exit to close the wizard screen without saving.
Chapter 4Internet Setup WizardMAX-200HW2 Series User s Guide72Figure 38   The Connection Wizard: CongratulationsLaunch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct.
MAX-200HW2 Series User s Guide 73CHAPTER  5 VoIP WizardThis chapter shows you how to use the wizard to set up your SIP account(s).5.1  IntroductionThe ZyXEL Device has Voice over IP (VoIP) communication capabilities that allow you to use a traditional analog telephone to make Internet calls. You can configure the ZyXEL Device to use up to two SIP based VoIP accounts.5.2  VOIP Wizard Setup1After you enter the password to access the web configurator, select Go to Wizard setup.Otherwise, click the wizard icon (  ) in the top right corner of the web configuratorto display the wizard main screen. Click VOIP SETUP to configure the system for Voice Over Internet connection.Figure 39   Select a Mode2The following screen displays. This wizard screen allows you to configure your voice settings for SIP account 1. Fill in the fields with information from your VoIP service provider. Leave the default settings in fields for which no information was provided (except if otherwise specified). See Chapter 12 on page 149 for background information on these fields.
Chapter 5VoIP WizardMAX-200HW2 Series User s Guide74Figure 40   VOIP Wizard: ConfigurationThe following table describes the labels in this screen3The ZyXEL Device attempts to register your SIP account with the SIP server.Table 16   VOIP Wizard ConfigurationLABEL DESCRIPTIONSIP NumberEnter your SIP number in this field (use the number or text that comes before the @ symbol in a SIP account like 1234@VoIP-provider.com).You can use up to 127 ASCII characters.SIP Server AddressType the IP address or domain name of the SIP server in this field. It doesn t matter whether the SIP server is a proxy, redirect or register server. You can use up to 95 ASCII characters.SIP Service DomainEnter the SIP service domain name in this field (the domain name that comes after the @ symbol in a SIP account like 1234@VoIP-provider.com). You can use up to 127 ASCII Extended set characters.User NameThis is the user name for registering this SIP account with the SIP register server. Type the user name exactly as it was given to you. You can use up to 95 ASCII characters.PasswordType the password associated with the user name above. You can use up to 95 ASCII Extended set characters.Check here to set up SIP2 settings.This screen configures SIP account 1. Select the check box if you have a second SIP account that you want to use. You will need to configure the same fields for the second SIP account.Back Click Back to return to the previous screen.Apply Click Apply to complete the wizard setup and save your configuration.Exit Click Exit to close the wizard without saving your settings.
 Chapter 5VoIP WizardMAX-200HW2 Series User s Guide 75Figure 41   VoIP Wizard: SIP Registration Test4This screen displays if SIP account registration fails. Check your WiMAX connection using the LINK and SIGNAL LEDs on the front of the ZyXEL Device. Then wait a few seconds and click Register Again. If your Internet connection was already working, you can click Back and try re-entering your SIP account settings. Figure 42   VoIP Wizard: Fail5This screen displays if your SIP account registration was successful. Click Return to Wizard Main Page if you want to use another configuration wizard. Click Go to Advanced Setup page or Finish to close the wizard and go to the main web configurator screens.Figure 43   VOIP Wizard: Finish
Chapter 5VoIP WizardMAX-200HW2 Series User s Guide76
77PART IIIWeb ConfiguratorStatus Screens  (79)NetworkWireless LAN  (91)WAN Setup  (107)LAN  (119)NAT  (129)VPN Transport  (137)VoIPSIP  (149)Phone  (165)Phone Book  (173)SecurityFirewall  (179)Certificates  (187)Content Filter  (205)ManagementStatic Route  (209)Remote MGMT  (213)UPnP  (221)MaintenanceSystem  (233)Logs  (241)Tools  (255)
78
MAX-200HW2 Series User s Guide 79CHAPTER  6 Status ScreensUse the Status screens to look at the current status of the device, system resources, interfaces (LAN, WAN and WLAN), and SIP accounts. You can also register and unregister SIP accounts. The Status screen also provides detailed information from DHCP and statistics from WiMAX, VoIP, bandwidth management, and traffic.6.1  Status ScreenClick Status to open this screen.Figure 44   Status Screen
Chapter 6Status ScreensMAX-200HW2 Series User s Guide80Each field is described in the following table.Table 17   Status ScreenLABEL DESCRIPTIONRefresh IntervalSelect how often you want the ZyXEL Device to update this screen.Refresh NowClick this to update this screen immediately.DeviceInformationSystem NameThis field displays the ZyXEL Device system name. It is used for identification. You can change this in the Maintenance > System > General screen s System Namefield.FirmwareVersionThis field displays the current version of the firmware inside the device. It also shows the date the firmware version was created. You can change the firmware version by uploading new firmware in Maintenance > Tools > Firmware.WAN InformationIP AddressThis field displays the current IP address of the ZyXEL Device in the WAN.IP Subnet MaskThis field displays the current subnet mask on the WAN.DHCPThis field displays what DHCP services the ZyXEL Device is using in the WAN. Choices are:Client - The ZyXEL Device is a DHCP client in the WAN. Its IP address comes from a DHCP server on the WAN.None - The ZyXEL Device is not using any DHCP services in the WAN. It has a static IP address.If you are not using Roadrunner on Ethernet,  you can change this in Network > WAN. If you are using Roadrunner on Ethernet, this is controlled by Roadrunner.LAN InformationIP AddressThis field displays the current IP address of the ZyXEL Device in the LAN.IP Subnet MaskThis field displays the current subnet mask in the LAN.DHCPThis field displays what DHCP services the ZyXEL Device is providing to the LAN. Choices are:Server - The ZyXEL Device is a DHCP server in the LAN. It assigns IP addresses to other computers in the LAN.Relay - The ZyXEL Device is routing DHCP requests to one or more DHCP servers. The DHCP server(s) may be on another network.None - The ZyXEL Device is not providing any DHCP services to the LAN.You can change this in Network > LAN > DHCP Setup.WLANInformationName (SSID) This is the descriptive name used to identify the ZyXEL Device in the wireless LAN.Channel This is the channel number used by the ZyXEL Device.Security Mode This is the WiFi security mode used by the ZyXEL Device.WiMAXInformationOperator ID Every WiMAX service provider has a unique Operator ID number, which is broadcast by each base station it owns. You can only connect to the Internet through base stations belonging to your service provider s network.
 Chapter 6Status ScreensMAX-200HW2 Series User s Guide 81BSID This field displays the identification number of the wireless base station to which the ZyXEL Device is connected. Every base station transmits a unique BSID, which identifies it across the network.Cell ID A base station s coverage area can be divided into multiple cells. This field shows the identification number of the cell in which the ZyXEL Device is connected.Frequency This field displays the radio frequency of the ZyXEL Device s wireless connection to a base station.MAC address This field displays the Media Access Control address of the ZyXEL Device. Every network device has a unique MAC address which identifies it across the network.WiMAX StateThis field displays the status of the ZyXEL Device s current connection. #NA: the ZyXEL Device is starting up.#Fail: The ZyXEL Device is unable to connect to a base station.#Initial Synchronization: the ZyXEL Device is attempting to locate a base station.#Initial DCD (Downlink Channel Descriptor): the ZyXEL Device has located a base station and is receiving information about a possible downlink connection.#Initial UCD (Uplink Channel Descriptor): the ZyXEL Device is receiving information from the base station about a possible uplink connection.#Initial Ranging and Calibration: the ZyXEL Device and the base station are transmitting and receiving information about the distance between them. Ranging allows the ZyXEL Device to use a lower transmission power level when communicating with a nearby base station, and a higher transmission power level when communicating with a distant base station.#Initial Negotiation: the ZyXEL Device and the base station are exchanging information about their capabilities.#Initial PKM (Privacy Key Management): the ZyXEL Device and the base station are exchanging security information.#Initial Registration: the ZyXEL Device is registering with a RADIUS server.#Running: the ZyXEL Device has successfully registered with the base station. Traffic can now flow between the ZyXEL Device and the base station.#Sleep: the ZyXEL Device is in power saving mode, but periodically checks whether a base station has traffic waiting.#Idle: the ZyXEL Device is in power saving mode, but can connect when a base station alerts it that there is traffic waiting.#Handover: the ZyXEL Device is moving from one coverage area to another, and is connecting to the new base station.Bandwidth This field shows the size of the bandwidth step the ZyXEL Device uses to connect to a base station in megahertz (MHz).  CINR mean This field shows the average Carrier to Interference plus Noise Ratio of the current connection. This value is an indication of overall radio signal quality. A higher value indicates a higher signal quality, and a lower value indicates a lower signal quality.CINR deviationThis field shows the amount of change in the CINR level. This value is an indication of radio signal stability. A lower number indicates a more stable signal, and a higher number indicates a less stable signal. RSSI This field shows the Received Signal Strength Indication. This value is a measurement of overall radio signal strength. A higher RSSI level indicates a stronger signal, and a lower RSSI level indicates a weaker signal.A strong signal does not necessarily indicate a good signal: a strong signal may have a low signal-to-noise ratio (SNR).UL Data Rate This field shows the number of data packets uploaded from the ZyXEL Device to the base station each second.DL Data Rate This field shows the number of data packets downloaded to the ZyXEL Device from the base station each second.Table 17   Status ScreenLABEL DESCRIPTION
Chapter 6Status ScreensMAX-200HW2 Series User s Guide82PER This field shows the Packet Error Rate. The PER is the percentage of data packets transmitted across the network but not successfully received.Tx Power This field shows the output transmission (Tx) level of the ZyXEL Device.FirmwareVersionThis shows the WiMAX chipset firmware version.Site InformationClick the Details... link to view details of the radio frequencies used by the ZyXEL Device to connect to a base station.Profile Click the Details... link to view details of the current wireless security settings.System StatusSystem Up TimeThis field displays how long the ZyXEL Device has been running since it last started up. The ZyXEL Device starts up when you plug it in, when you restart it (Maintenance > Tools > Restart), or when you reset it (see Section 2.1.2 on page 41).Current Date/TimeThis field displays the current date and time in the ZyXEL Device. You can change this in Maintenance > System > Time Setting.CPU UsageThis field displays what percentage of the ZyXEL Device s processing ability is currently being used. The higher the CPU usage, the more likely the ZyXEL Device is to slow down. You can reduce this by disabling some services, such as DHCP, NAT, or content filtering.Memory UsageThis field displays what percentage of the ZyXEL Device s memory is currently used. The higher the memory usage, the more likely the ZyXEL Device is to slow down. Some memory is required just to start the ZyXEL Device and to run the web configurator. You can reduce the memory usage by disabling some services (see CPU Usage); by reducing the amount of memory allocated to NAT and firewall rules (you may have to reduce the number of NAT rules or firewall rules to do so); or by deleting rules in functions such as incoming call policies, speed dial entries, and static routes.IVR UsageThis field displays what percentage of the ZyXEL Device s IVR memory is currently used. IVR (Interactive Voice Response) refers to the customizable ring tone and on-hold music you set. See Section 12.1.11 on page 155 for more information.Interface StatusInterfaceThis column displays each interface of the ZyXEL Device.StatusThis field indicates whether or not the ZyXEL Device is using the interface.For the WAN interface, this field displays Up when the ZyXEL Device is connected to a WiMAX network, and Down when the ZyXEL Device is not connected to a WiMAX network.For the LAN interface, this field displays Up when the ZyXEL Device is using the interface and Down when the ZyXEL Device is not using the interface.For the WLAN port, it displays Up when WLAN is enabled or Down when WLAN is disabled.RateFor the LAN ports this displays the port speed and duplex setting.For the WAN interface, it displays the downstream and upstream transmission rate or N/A if the ZyXEL Device is not connected to a base station.For the WLAN port, it displays the transmission rate when WLAN is enabled or N/A when WLAN is disabled.SummaryPacket StatisticsClick this link to view port status and packet specific statistics.Table 17   Status ScreenLABEL DESCRIPTION
 Chapter 6Status ScreensMAX-200HW2 Series User s Guide 836.2  Site InformationClick Status > Site Information to view this screen. This read-only screen shows information about the ZyXEL Device!s connection with a WiMAX base station. To configure these settings, go to the Network > WAN > WiMAX Frequency screen.Figure 45   The Site Information ScreenDHCP TableClick this link to see details of computers to which the ZyXEL Device has given an IP address.VoIP StatisticsClick this link to view statistics about your VoIP usage. VoIP StatusAccountThis column displays each SIP account in the ZyXEL Device.RegistrationThis field displays the current registration status of the SIP account. You have to register SIP accounts with a SIP server to use VoIP.If the SIP account is already registered with the SIP server,Click Unregister to delete the SIP account s registration in the SIP server. This does not cancel your SIP account, but it deletes the mapping between your SIP identity and your IP address or domain name.The second field displays Registered.If the SIP account is not registered with the SIP server,Click Register to have the ZyXEL Device attempt to register the SIP account with the SIP server.The second field displays the reason the account is not registered.Inactive - The SIP account is not active. You can activate it in VoIP > SIP > SIP Settings.Register Fail - The last time the ZyXEL Device tried to register the SIP account with the SIP server, the attempt failed. The ZyXEL Device automatically tries to register the SIP account when you turn on the ZyXEL Device or when you activate it.URIThis field displays the account number and service domain of the SIP account. You can change these in VoIP > SIP > SIP Settings.Table 17   Status ScreenLABEL DESCRIPTION
Chapter 6Status ScreensMAX-200HW2 Series User s Guide84The following table describes the labels in this screen. 6.3  ProfileClick Status > Profile to view this screen. This read-only screen displays information about the security settings you are using. To configure these settings, go to the Network > WAN > Internet Connection screen.Not all ZyXEL Device models have all the fields shown here.Figure 46   The WiMAX Profile Screen The following table describes the labels in this screen.Table 18   The Site Information ScreenLABEL DESCRIPTIONSite InformationDL Frequency[0] ~ [9]These fields show the downlink frequency settings in kilohertz (kHz). These settings determine how the ZyXEL Device searches for an available wireless connection. See Section 8.4 on page 111 for more information.Table 19   The WiMAX Profile ScreenLABEL DESCRIPTIONProfileUserThis is the username for your Internet access account. PasswordThis is the password for your Internet access account. The password displays as a row of asterisks.Anonymous IdentityThis is the anonymous identity provided by your Internet Service Provider. Anonymous identity (also known as outer identity) is used with EAP-TTLS encryption.PKMThis field displays the Privacy Key Management version number. PKM provides security between the ZyXEL Device and the base station. See the WiMAX security appendix for more information.
 Chapter 6Status ScreensMAX-200HW2 Series User s Guide 856.4  Packet StatisticsTo access this screen, open the Status screen (see Section 6.1 on page 79), and click (Details...) next to Packet Statistics. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable.Figure 47   Packet StatisticsAuthenticationThis field displays the user authentication method. Authentication is the process of confirming the identity of a user (by means of a username and password, for example).EAP-TTLS allows an MS/SS and a base station to establish a secure link (or $tunnel ) with an AAA (Authentication, Authorization and Accounting) server in order to exchange authentication information. See the WiMAX security appendix for more details.TTLS Inner EAPThis field displays the type of secondary authentication method. Once a secure EAP-TTLS connection is established, the inner EAP is the protocol used to exchange security information between the mobile station, the base station and the AAA server to authenticate the mobile station. See the WiMAX security appendix for more details.The ZyXEL Device supports the following inner authentication types:#CHAP (Challenge Handshake Authentication Protocol)#MSCHAP (Microsoft CHAP)#MSCHAPV2 (Microsoft CHAP version 2)#PAP (Password Authentication Protocol)Auth ModeThis is the authentication mode. The ZyXEL Device supports the following authentication modes:#User Only#Device Only with Cert#Certs and User AuthenticationCertificateThis is the security certificate the ZyXEL Device uses to authenticate the AAA server.Table 19   The WiMAX Profile ScreenLABEL DESCRIPTION
Chapter 6Status ScreensMAX-200HW2 Series User s Guide86The following table describes the fields in this screen.  6.5  DHCP Table ScreenThis screen displays information about computers that received an IP address from the ZyXEL Device. To access this screen, open the Status screen (see Section 6.1 on page 79), and click (Details...) next to DHCP Table.Figure 48   DHCP TableTable 20   Packet StatisticsLABEL DESCRIPTIONPacket StatisticsPortThis column displays each interface of the ZyXEL Device.Status  This field indicates whether or not the ZyXEL Device is using the interface.For the WAN interface, this field displays Up when the ZyXEL Device is connected to a WiMAX network, and Down when the ZyXEL Device is not connected to a WiMAX network.For the LAN interface, this field displays Up when the ZyXEL Device is using the interface and Down when the ZyXEL Device is not using the interface.For the WLAN port, it displays Up when WLAN is enabled or Down when WLAN is disabled.TxPkts  This field displays the number of packets transmitted on this interface.RxPkts  This field displays the number of packets received on this interface.Collisions This field displays the number of collisions on this port.Tx B/s  This field displays the number of bytes transmitted in the last second.Rx B/s This field displays the number of bytes received in the last second.Up Time  This field displays the elapsed time this interface has been connected. System up Time This is the elapsed time the system has been on.Poll Interval(s) Type the time interval for the browser to refresh system statistics.Set Interval Click this button to apply the new poll interval you entered in the Poll Intervalfield above.Stop Click this button to halt the refreshing of the system statistics.
 Chapter 6Status ScreensMAX-200HW2 Series User s Guide 87Each field is described in the following table.6.6  VoIP Statistics WindowThis screen displays SIP registration information, status of calls and VoIP traffic statistics. To access this screen, open the Status screen (see Section 6.1 on page 79), and click (Details...)next to VoIP Statistics.Figure 49   VoIP StatisticsEach field is described in the following table.Table 21   DHCP TableLABEL DESCRIPTIONDHCP Table#This field is a sequential value. It is not associated with a specific entry.IP AddressThis field displays the IP address the ZyXEL Device assigned to a computer in the network.Host NameThis field displays the system name of the computer to which the ZyXEL Device assigned the IP address.MAC AddressThis field displays the MAC address of the computer to which the ZyXEL Device assigned the IP address.RefreshClick this to update this screen.Table 22   VoIP Statistics LABEL DESCRIPTIONSIP StatusAccountThis column displays each SIP account in the ZyXEL Device.
Chapter 6Status ScreensMAX-200HW2 Series User s Guide88RegistrationThis field displays the current registration status of the SIP account. You can change this in the Status screen.Registered - The SIP account is registered with a SIP server.Register Fail - The last time the ZyXEL Device tried to register the SIP account with the SIP server, the attempt failed. The ZyXEL Device automatically tries to register the SIP account when you turn on the ZyXEL Device or when you activate it.Inactive - The SIP account is not active. You can activate it in VoIP > SIP > SIP Settings.Last RegistrationThis field displays the last time you successfully registered the SIP account. It displays N/A if you never successfully registered this account.URIThis field displays the account number and service domain of the SIP account. You can change these in VoIP > SIP > SIP Settings.ProtocolThis field displays the transport protocol the SIP account uses. SIP accounts always use UDP.Message WaitingThis field indicates whether or not there are any messages waiting for the SIP account.Last Incoming NumberThis field displays the last number that called the SIP account. It displays N/A if no number has ever dialed the SIP account.Last Outgoing NumberThis field displays the last number the SIP account called. It displays N/A if the SIP account has never dialed a number.Call StatisticsPhoneThis field displays the ZyXEL Device s phone port number.HookThis field indicates whether the phone is on the hook or off the hook.On - The phone is hanging up or already hung up.Off - The phone is dialing, calling, or connected.StatusThis field displays the current state of the phone call.N/A - There are no current VoIP calls, incoming calls or outgoing calls being made.DIAL - The callee s phone is ringing.RING - The phone is ringing for an incoming VoIP call.Process - There is a VoIP call in progress.DISC - The callee s line is busy, the callee hung up or your phone was left off the hook.CodecThis field displays what voice codec is being used for a current VoIP call through a phone port.Peer NumberThis field displays the SIP number of the party that is currently engaged in a VoIP call through a phone port.DurationThis field displays how long the current call has lasted.Tx PktsThis field displays the number of packets the ZyXEL Device has transmitted in the current call.Rx PktsThis field displays the number of packets the ZyXEL Device has received in the current call.Tx B/sThis field displays how quickly the ZyXEL Device has transmitted packets in the current call. The rate is the average number of bytes transmitted per second.Rx B/sThis field displays how quickly the ZyXEL Device has received packets in the current call. The rate is the average number of bytes transmitted per second.Table 22   VoIP Statistics LABEL DESCRIPTION
 Chapter 6Status ScreensMAX-200HW2 Series User s Guide 89Poll Interval(s)Enter how often you want the ZyXEL Device to update this screen, and click SetInterval.Set IntervalClick this to make the ZyXEL Device update the screen based on the amount of time you specified in Poll Interval.StopClick this to make the ZyXEL Device stop updating the screen.Table 22   VoIP Statistics LABEL DESCRIPTION
Chapter 6Status ScreensMAX-200HW2 Series User s Guide90
MAX-200HW2 User s Guide 91CHAPTER  7 Wireless LANThis chapter discusses how to configure the wireless network settings in your ZyXEL Device. See the appendices for more detailed information about wireless networks.7.1  Wireless Network OverviewThe following figure provides an example of a wireless network.Figure 50   Example of a Wireless NetworkThe wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients. The wireless clients use the access point (AP) to interact with other devices (such as the printer) or with the Internet. Your ZyXEL Device is the AP.Every wireless network must follow these basic guidelines. Every wireless client in the same wireless network must use the same SSID.The SSID is the name of the wireless network. It stands for Service Set IDentity. If two wireless networks overlap, they should use different channels.Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information.
Chapter 7Wireless LANMAX-200HW2 User s Guide92 Every wireless client in the same wireless network must use security compatible with the AP.Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network.7.2  Wireless Security OverviewThe following sections introduce different types of wireless security you can set up in the wireless network.7.2.1  SSIDNormally, the AP acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the AP does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess.This type of security is fairly weak, however, because there are ways for unauthorized devices to get the SSID. In addition, unauthorized devices can still see the information that is sent in the wireless network.7.2.2  MAC Address FilterEvery wireless client has a unique identification number, called a MAC address.1 A MAC address is usually written using twelve hexadecimal characters2; for example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each wireless client, see the appropriate User!s Guide or other documentation.You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to use the wireless network. If a wireless client is allowed to use the wireless network, it still has to have the correct settings (SSID, channel, and security). If a wireless client is not allowed to use the wireless network, it does not matter if it has the correct settings.This type of security does not protect the information that is sent in the wireless network. Furthermore, there are ways for unauthorized devices to get the MAC address of an authorized wireless client. Then, they can use that MAC address to use the wireless network.7.2.3  User AuthenticationYou can make every user log in to the wireless network before they can use it. This is called user authentication. However, every wireless client in the wireless network has to support IEEE 802.1x to do this.For wireless networks, there are two typical places to store the user names and passwords for each user. In the AP: this feature is called a local user database or a local database. In a RADIUS server: this is a server used in businesses more than in homes.1.Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses.2.Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.
 Chapter 7Wireless LANMAX-200HW2 User s Guide 93If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users.Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network.Local user databases also have an additional limitation that is explained in the next section.7.2.4  EncryptionWireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message.The types of encryption you can choose depend on the type of user authentication. (See Section 7.2.3 on page 92 for information about this.)For example, if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users do not log in to the wireless network, you can choose no encryption, Static WEP,WPA-PSK, or WPA2-PSK.Usually, you should set up the strongest encryption that every wireless client in the wireless network supports. For example, suppose the AP does not have a local user database, and you do not have a RADIUS server. Therefore, there is no user authentication. Suppose the wireless network has two wireless clients. Device A only supports WEP, and device B supports WEP and WPA. Therefore, you should set up Static WEP in the wireless network.It is recommended that wireless networks use WPA-PSK,WPA, or stronger encryption. IEEE 802.1x and WEP encryption are better than none at all, but it is still possible for unauthorized devices to figure out the original information pretty quickly.It is not possible to use WPA-PSK,WPA or stronger encryption with a local user database. In this case, it is better to set up stronger encryption with no authentication than to set up weaker encryption with the local user database.Table 23   Types of Encryption for Each Type of AuthenticationNO AUTHENTICATION RADIUS SERVERWeakest No SecurityWPAStatic WEPWPA-PSKStrongest WPA2-PSKWPA2
Chapter 7Wireless LANMAX-200HW2 User s Guide94When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA Compatible) to support WPA as well. In this case, if some wireless clients support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA Compatible option in the ZyXEL Device.Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every wireless client in the wireless network must have the same key.7.2.5  One-Touch Intelligent Security Technology (OTIST)With ZyXEL!s OTIST, you set up the SSID and WPA-PSK on the ZyXEL Device. Then, the ZyXEL Device transfers them to the devices in the wireless networks. As a result, you do not have to set up the SSID and encryption on every device in the wireless network.The devices in the wireless network have to support OTIST, and they have to be in range of the ZyXEL Device when you activate it. See Section 7.4 on page 101 for more details.7.3  General Wireless LAN Screen If you are configuring the ZyXEL Device from a computer connected to the wireless LAN and you change the ZyXEL Device s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the ZyXEL Device s new settings.Click Network > Wireless LAN to open the General screen.Figure 51   Network > Wireless LAN > General
 Chapter 7Wireless LANMAX-200HW2 User s Guide 95The following table describes the general wireless LAN labels in this screen.See the rest of this chapter for information on the other labels in this screen. 7.3.1  No SecuritySelect No Security to allow wireless stations to communicate with the access points without any data encryption. If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range.Figure 52   Network > Wireless LAN > General: No SecurityTable 24   Network > Wireless LAN > GeneralLABEL DESCRIPTIONEnable Wireless LANClick the check box to activate wireless LAN.Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool.Channel SelectionSet the operating frequency/channel depending on your particular region. Select a channel from the drop-down list box. The options vary depending on whether you are using A or B/G frequency band and the country you are in. Refer to the Connection Wizard chapter for more information on channels.Apply Click Apply to save your changes back to the ZyXEL Device.Reset Click Reset to reload the previous configuration for this screen.
Chapter 7Wireless LANMAX-200HW2 User s Guide96The following table describes the labels in this screen.7.3.2  WEP EncryptionWEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key.Your ZyXEL Device allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time.In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen. Select Static WEP from the Security Mode list.Figure 53   Network > Wireless LAN > General: Static WEPTable 25   Wireless No SecurityLABEL DESCRIPTIONSecurity Mode Choose No Security from the drop-down list box.Apply Click Apply to save your changes back to the ZyXEL Device.Reset Click Reset to reload the previous configuration for this screen.
 Chapter 7Wireless LANMAX-200HW2 User s Guide 97The following table describes the wireless LAN security labels in this screen.7.3.3  WPA-PSK/WPA2-PSKClick Network > Wireless LAN to display the General screen. Select WPA-PSK or WPA2-PSK from the Security Mode list.Table 26   Network > Wireless LAN > General: Static WEPLABEL DESCRIPTIONPassphrase Enter a passphrase (password phrase) of up to 32 printable characters and click Generate. The ZyXEL Device automatically generates four different WEP keys and displays them in the Key fields below.WEPEncryptionSelect 64-bit WEP or 128-bit WEP to enable data encryption.Authentication MethodThis field is activated when you select 64-bit WEP or 128-bit WEP in the WEP Encryption field.Select Auto,Open System or Shared Key from the drop-down list box. ASCII Select this option in order to enter ASCII characters as WEP key. Hex Select this option in order to enter hexadecimal characters as a WEP key. The preceding "0x", that identifies a hexadecimal key, is entered automatically.Key 1 to Key 4 The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission.If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F"). You must configure at least one key, only one key can be activated at any one time. The default key is key 1.Apply Click Apply to save your changes back to the ZyXEL Device.Reset Click Reset to reload the previous configuration for this screen.
Chapter 7Wireless LANMAX-200HW2 User s Guide98Figure 54   Network > Wireless LAN > General: WPA-PSK/WPA2-PSKThe following table describes the labels in this screen.Table 27   Network > Wireless LAN > General: WPA-PSK/WPA2-PSKLABEL DESCRIPTIONWPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the ZyXEL Device even when the ZyXEL Device is using WPA2-PSK or WPA2.Pre-Shared Key  The encryption mechanisms used for WPA/WPA2 and WPA-PSK/WPA2-PSK are the same. The only difference between the two is that WPA-PSK/WPA2-PSK uses a simple common password, instead of user-specific credentials.Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).ReAuthentication Timer (in seconds)Specify how often wireless stations have to resend usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour).Group Key Update TimerThe Group Key Update Timer is the rate at which the AP (if using WPA-PSK/WPA2-PSK key management) or RADIUSserver (if using WPA/WPA2 key management) sends a new group key out to all clients. The re-keying process is the WPA/WPA2 equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA-PSK/WPA2-PSK mode. The default is 1800seconds (30 minutes).
 Chapter 7Wireless LANMAX-200HW2 User s Guide 997.3.4  WPA/WPA2Click Network > Wireless LAN to display the General screen. Select WPA or WPA2 from the Security Mode list.Figure 55   Network > Wireless LAN > General: WPA/WPA2Apply Click Apply to save your changes back to the ZyXEL Device.Reset Click Reset to reload the previous configuration for this screen.Table 27   Network > Wireless LAN > General: WPA-PSK/WPA2-PSKLABEL DESCRIPTION
Chapter 7Wireless LANMAX-200HW2 User s Guide100The following table describes the labels in this screen.Table 28   Network > Wireless LAN > General: WPA/WPA2LABEL DESCRIPTIONWPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the ZyXEL Device even when the ZyXEL Device is using WPA2-PSK or WPA2.ReAuthentication Timer (in seconds)Specify how often wireless stations have to resend usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour).Group Key Update TimerThe Group Key Update Timer is the rate at which the AP (if using WPA-PSK/WPA2-PSK key management) or RADIUSserver (if using WPA/WPA2 key management) sends a new group key out to all clients. The re-keying process is the WPA/WPA2 equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA-PSK/WPA2-PSK mode. The ZyXEL Device default is 1800 seconds (30 minutes).Authentication ServerIP Address Enter the IP address of the external authentication server in dotted decimal notation.Port Number Enter the port number of the external authentication server. The default port number is 1812.You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the ZyXEL Device.The key must be the same on the external authentication server and your ZyXEL Device. The key is not sent over the network. Accounting ServerActive Select the checkbox to enable user accounting through an external authentication server.IP Address Enter the IP address of the external accounting server in dotted decimal notation.Port Number Enter the port number of the external accounting server. The default port number is 1813.You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external accounting server and the ZyXEL Device.The key must be the same on the external accounting server and your ZyXEL Device. The key is not sent over the network. Apply Click Apply to save your changes back to the ZyXEL Device.Reset Click Reset to reload the previous configuration for this screen.
 Chapter 7Wireless LANMAX-200HW2 User s Guide 1017.4  OTISTIn a wireless network, the wireless clients must have the same SSID and security settings as the access point (AP) or wireless router (we will refer to both as "AP# here) in order to associate with it. Traditionally this meant that you had to configure the settings on the AP and then manually configure the exact same settings on each wireless client.OTIST (One-Touch Intelligent Security Technology) allows you to transfer your AP!s SSID and WPA-PSK security settings to wireless clients that support OTIST and are within transmission range. You can also choose to have OTIST generate a WPA-PSK key for you if you didn!t configure one manually.OTIST replaces the pre-configured wireless settings on the wireless clients.7.4.1  Enabling OTISTYou must enable OTIST on both the AP and wireless client before you start transferring settings.The AP and wireless client(s) MUST use the same Setupkey.Click the Network > Wireless LAN >OTIST. The following screen displays.Figure 56   Network > Wireless LAN > OTIST
Chapter 7Wireless LANMAX-200HW2 User s Guide102The following table describes the labels in this screen. 7.4.1.1  Wireless ClientStart the ZyXEL utility and click the Adapter tab. Select the OTIST check box, enter the same Setup Key as your AP!s and click Save.Figure 57   Example Wireless Client OTIST ScreenTable 29   Network > Wireless LAN > OTISTLABEL DESCRIPTIONSetup KeyType an OTIST Setup Key of exactly eight ASCII characters in length. The default OTIST setup key is "01234567".Note: If you change the OTIST setup key here, you must also make the same change on the wireless client(s).Yes! If you want OTIST to automatically generate a WPA-PSK, you must:#Change your security to any security other than WPA-PSK in the Wireless LAN > General screen.#Select the Yes! checkbox in the OTIST screen and click Start.#The wireless screen displays an auto generated WPA-PSK and is now in WPA-PSK security mode. The WPA-PSK security settings are assigned to the wireless client when you start OTIST.Note: If you already have a WPA-PSK configured in the Wireless LAN > General screen, and you run OTIST with Yes! selected, OTIST will use the existing WPA-PSK.Start Click Start to encrypt the wireless security data using the setup key and have the ZyXEL Device set the wireless client to use the same wireless settings as the ZyXEL Device. You must also activate and start OTIST on the wireless client all within three minutes.
 Chapter 7Wireless LANMAX-200HW2 User s Guide 1037.4.2  Starting OTISTNote: You must click Start in the AP OTIST web configurator screen and in the wireless client(s) Adapter screen all within three minutes (at the time of writing). You can start OTIST in the wireless clients and AP in any order but they must all be within range and have OTIST enabled.1In the AP, a web configurator screen pops up showing you the security settings to transfer. You can use the key in this screen to set up WPA-PSK encryption manually for non-OTIST devices in the wireless network. After reviewing the settings, click OK.Figure 58   Security Key2This screen appears while OTIST settings are being transferred. It closes when the transfer is complete.  In the wireless client, you see this screen if it can't find an OTIST-enabled AP (with the same Setup key). Click OK to go back to the ZyXEL utility main screen.Figure 61   No AP with OTIST Found If there is more than one OTIST-enabled AP within range, you see a screen asking you to select one AP to get settings from.7.4.3  Notes on OTIST1If you enabled OTIST in the wireless client, you see this screen each time you start the utility. Click Yes for it to search for an OTIST-enabled AP.Figure 59   OTIST in Progress (AP) Figure 60   OTIST in Progress (Client)
Chapter 7Wireless LANMAX-200HW2 User s Guide104Figure 62   Start OTIST?2If an OTIST-enabled wireless client loses its wireless connection for more than ten seconds, it will search for an OTIST-enabled AP for up to one minute. (If you manually have the wireless client search for an OTIST-enabled AP, there is no timeout; click Cancel in the OTIST progress screen to stop the search.)3When the wireless client finds an OTIST-enabled AP, you must still click Start in the AP OTIST web configurator screen for the AP to transfer settings.4If you change the SSID or the keys on the AP after using OTIST, you need to run OTIST again or enter them manually in the wireless client(s).5If you configure OTIST to generate a WPA-PSK key, this key changes each time you run OTIST. Therefore, if a new wireless client joins your wireless network, you need to run OTIST on the AP and ALL wireless clients again.7.5  MAC FilterThe MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow) or exclude up to 32 devices from accessing the ZyXEL Device (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure this screen.To change your ZyXEL Device!s MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown.
 Chapter 7Wireless LANMAX-200HW2 User s Guide 105Figure 63   Network > Wireless LAN > MAC FilterThe following table describes the labels in this menu.7.6  Wireless LAN Advanced ScreenClick Network > Wireless LAN > Advanced. The screen appears as shown.Table 30   Network > Wireless LAN > MAC FilterLABEL DESCRIPTIONActive Select Yes from the drop down list box to enable MAC address filtering.Filter Action  Define the filter action for the list of MAC addresses in the MAC Address table.Select Deny to block access to the ZyXEL Device, MAC addresses not listed will be allowed to access the ZyXEL Device.Select Allow to permit access to the ZyXEL Device, MAC addresses not listed will be denied access to the ZyXEL Device.Set This is the index number of the MAC address.MAC AddressEnter the MAC addresses of the wireless station that are allowed or denied access to the ZyXEL Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.Apply Click Apply to save your changes back to the ZyXEL Device.Reset Click Reset to reload the previous configuration for this screen.
Chapter 7Wireless LANMAX-200HW2 User s Guide106Figure 64   Network > Wireless LAN > AdvancedThe following table describes the labels in this screen. Table 31   Network > Wireless LAN > AdvancedLABEL DESCRIPTIONWireless Advanced SetupRTS/CTS ThresholdData with its frame size larger than this value will perform the RTS (Request To Send)/CTS (Clear To Send) handshake. If the RTS/CTS value is greater than the Fragmentation Threshold value, then the RTS/CTS handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.Enter a value between 0 and 2432. Fragmentation ThresholdIt is the maximum data fragment size that can be sent. Enter a value between 256 and 2432. 802.11 Mode Select 802.11b to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device.Select 802.11g to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device.Select 802.11b/g to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL Device might be reduced. Apply Click Apply to save your changes back to the ZyXEL Device.Reset Click Reset to reload the previous configuration for this screen.
MAX-200HW2 Series User s Guide 107CHAPTER  8 WAN SetupThis chapter describes how to configure WAN settings.8.1  WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. Your ZyXEL Device uses the IEEE 802.16e WiMAX standard to connect wirelessly to a WiMAX base station (see Section 1.1 on page 33).8.2  WiMAX WiMAX (Worldwide Interoperability for Microwave Access) is the IEEE 802.16 wireless networking standard, which provides high-bandwidth, wide-range wireless service across wireless Metropolitan Area Networks (MANs). ZyXEL is a member of the WiMAX Forum, the industry group dedicated to promoting and certifying interoperability of wireless broadband products.In a wireless MAN, a wireless-equipped computer is known either as a mobile station (MS) or a  subscriber station (SS). Mobile stations use the IEEE 802.16e standard and are able to maintain connectivity while switching their connection from one base station to another base station (handover) while subscriber stations use other standards that do not have this capability (IEEE 802.16-2004, for example). The following figure shows an MS-equipped notebook computer MS1 moving from base station BS1!s coverage area and connecting to BS2.Figure 65   WiMax: Mobile StationWiMAX technology uses radio signals (around 2 to 10 GHz) to connect subscriber stations and mobile stations to local base stations. Numerous subscriber stations and mobile stations connect to the network through a single base station (BS), as in the following figure.
Chapter 8WAN SetupMAX-200HW2 Series User s Guide108Figure 66   WiMAX: Multiple Mobile StationsA base station's coverage area can extend over many hundreds of meters, even under poor conditions. A base station provides network access to subscriber stations and mobile stations, and communicates with other base stations.The radio frequency and bandwidth of the link between the ZyXEL Device and the base station are controlled by the base station. The ZyXEL Device follows the base station!s configuration. 8.2.1  AuthenticationWhen authenticating a user, the base station uses a third-party RADIUS or Diameter server known as an AAA (Authentication, Authorization and Accounting) server to authenticate the mobile or subscriber stations. The following figure shows a base station using an AAA server to authenticate mobile station MS, allowing it to access the Internet.Figure 67   Using an AAA ServerIn this figure, the dashed arrow shows the PKM (Privacy Key Management) secured connection between the mobile station and the base station, and the solid arrow shows the EAP secured connection between the mobile station, the base station and the AAA server. See the WiMAX security appendix for more details.8.3  Internet Access Setup To change your ZyXEL Device!s Internet access settings, click Network > WAN. The Internet Connection screen displays.
 Chapter 8WAN SetupMAX-200HW2 Series User s Guide 109Not all ZyXEL Device models have all the fields shown here.Figure 68   Network > WAN > Internet ConnectionThe following table describes the labels in this screen.Table 32   Network > WAN > Internet ConnectionLABEL DESCRIPTIONISP Parameters for Internet AccessUserUse this field to enter the username associated with your Internet access account. You can enter up to 61 printable ASCII characters.PasswordUse this field to enter the password associated with your Internet access account. You can enter up to 47 printable ASCII characters.Anonymous IdentityEnter the anonymous identity provided by your Internet Service Provider. Anonymous identity (also known as outer identity) is used with EAP-TTLS encryption. The anonymous identity is used to route your authentication request to the correct authentication server, and does not reveal your real user name. Your real user name and password are encrypted in the TLS tunnel, and only the anonymous identity can be seen.Leave this field blank if your ISP did not give you an anonymous identity to use.
Chapter 8WAN SetupMAX-200HW2 Series User s Guide110PKMThis field displays the Privacy Key Management version number. PKM provides security between the ZyXEL Device and the base station. At the time of writing, the ZyXEL Device supports PKMv2 only. See the WiMAX security appendix for more information.AuthenticationThis field displays the user authentication method. Authentication is the process of confirming the identity of a mobile station (by means of a username and password, for example).Check with your service provider if you are unsure of the correct setting for your account. Choose from the following user authentication methods:#TTLS (Tunnelled Transport Layer Security)#TLS (Transport Layer Security)Note: Not all ZyXEL Devices support TLS authentication. Check with your service provider for details.TTLS Inner EAPThis field displays the type of secondary authentication method. Once a secure EAP-TTLS connection is established, the inner EAP is the protocol used to exchange security information between the mobile station, the base station and the AAA server to authenticate the mobile station. See the WiMAX security appendix for more details.This field is available only when TTLS is selected in the Authentication field.The ZyXEL Device supports the following inner authentication types:#CHAP (Challenge Handshake Authentication Protocol)#MSCHAP (Microsoft CHAP)#MSCHAPV2 (Microsoft CHAP version 2)#PAP (Password Authentication Protocol)Auth ModeSelect the authentication mode from the drop-down list box.This field is not available in all ZyXEL Devices. Check with your service provider for details.The ZyXEL Device supports the following authentication modes:#User Only#Device Only with Cert#Certs and User AuthenticationCertificateThis is the security certificate the ZyXEL Device uses to authenticate the AAA server. Use the Security > Certificates > Trusted CAscreen to import certificates to the ZyXEL Device.WAN IP Address AssignmentGet automatically from ISP (Default)Select this if you have a dynamic IP address. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet. Use Fixed IP AddressA static IP address is a fixed IP that your ISP gives you. Type your ISP assigned IP address in the IP Address field below. IP Subnet MaskEnter a subnet mask in dotted decimal notation. Refer to the appendicesto calculate a subnet mask If you are implementing subnetting.Gateway IP AddressSpecify a gateway IP address (supplied by your ISP).ApplyClick this button to save your settings.ResetClick this button to return all the fields in this screen to their default values.Table 32   Network > WAN > Internet ConnectionLABEL DESCRIPTION
 Chapter 8WAN SetupMAX-200HW2 Series User s Guide 1118.4  Frequency SettingsIn a WiMAX network, a mobile or subscriber station must use a radio frequency supported by the base station to communicate. When the ZyXEL Device looks for a connection to a base station, it can search a range of frequencies. Radio frequency is measured in Hertz (Hz). 8.4.1  Frequency RangesThe following figure shows the ZyXEL Device searching a range of frequencies to find a connection to a base station.  Figure 69   Frequency RangesIn this figure, A is the WiMAX frequency range. "WiMAX frequency range# refers to the entire range of frequencies the ZyXEL Device is capable of using to transmit and receive (see the Product Specifications appendix for details). In the figure, B shows the operator frequency range. This is the range of frequencies within the WiMAX frequency range supported by your operator (service provider).The operator range is subdivided into bandwidth steps. In the figure, each C is a bandwidth step.The arrow D shows the ZyXEL Device searching for a connection.Have the ZyXEL Device search only certain frequencies by configuring the downlink frequencies. Your operator can give you information on the supported frequencies. The downlink frequencies are points of the frequency range your ZyXEL Device searches for an available connection. Use the Site Survey screen to set these bands. You can set the downlink frequencies anywhere within the WiMAX frequency range. In this example, the downlink frequencies have been set to search all of the operator range for a connection.8.4.2  Configuring Frequency SettingsYou need to set the ZyXEL Device to scan one or more specific radio frequencies to find an available connection to a WiMAX base station. Table 33   Radio Frequency Conversion1 kHz = 1000 Hz1 MHz = 1000 kHz (1000000 Hz)1 GHz = 1000 MHz (1000000 kHz)
Chapter 8WAN SetupMAX-200HW2 Series User s Guide112Use the WiMAX Frequency screen to define the  radio frequencies to be searched for available wireless connections. See Section 8.4.2.1 on page 113 for an example of using the WiMAX Frequency screen.It may take several minutes for the ZyXEL Device to find a connection. The ZyXEL Device searches the DL Frequency settings in ascending numerical order, from [0] to [9]. If you enter a 0 in a DL Frequency field, the ZyXEL Device immediately moves on to the next DL Frequency field. When the ZyXEL Device connects to a base station, the values in this screen are automatically set to the base station!s frequency. The next time the ZyXEL Device searches for a connection, it searches only this frequency. If you want the ZyXEL Device to search other frequencies, enter them in the DL Frequency fields.The following table describes some examples of DL Frequency settings.Click Network > WAN > WiMAX Frequency to display the screen shown next.Table 34   DL Frequency Example SettingsEXAMPLE 1 EXAMPLE 2DL Frequency [0]:25000002500000DL Frequency [1]:25500002550000DL Frequency [2] 02600000DL Frequency [3]:00DL Frequency [4]:00The ZyXEL Device searches at 2500000 kHz, and then searches at 2550000 kHz if it has not found a connection.The ZyXEL Devicesearches at 2500000 kHz and then at 2550000 kHz if it has not found an available connection. If it still does not find an available connection, it searches at 2600000 kHz.
 Chapter 8WAN SetupMAX-200HW2 Series User s Guide 113Figure 70   Network > WAN >WiMAX FrequencyThe following table describes the labels in this screen.8.4.2.1  Using the WiMAX Frequency Screen: ExampleIn this example, your Internet service provider has given you a list of supported frequencies, as follows.Use the WiMAX Frequency screen to enter the frequencies you want the ZyXEL Device to scan for a connection to a base station. 1In the DL Frequency [0] field, enter 2500000 (2500000 kilohertz (kHz) is equal to 2.5 gigahertz).2In the DL Frequency [1] field, enter 2525000.3In the DL Frequency [2] field, enter 2600000.4In the DL Frequency [3] field, enter 2625000.Leave the rest of the DL Frequency fields at zero. The screen appears as follows.Table 35   Network > WAN > WiMAX FrequencyLABEL DESCRIPTIONDL Frequency [0] ~ [9]These fields show the downlink frequency settings in kilohertz (kHz). Enter values in these fields to have the ZyXEL Device scan these frequencies for available channels in ascending numerical order.  Contact your service provider for details of supported frequencies.ApplyClick this button to save your settings.ResetClick this button to return all the fields in this screen to their default values.Table 36   Example Supported Frequencies (GHz)2.5 2.5252.62.625
Chapter 8WAN SetupMAX-200HW2 Series User s Guide114Figure 71   Completing the WiMAX Frequency Screen5Click Apply. The ZyXEL Device stores your settings. When the ZyXEL Device searches for available frequencies, it scans all frequencies from DL Frequency [0] to DL Frequency [3]. When it finds an available connection, the fields in this screen will be automatically set to use that frequency.8.5  Configuring Advanced WAN SettingsClick Network > WAN > Advanced to display the following screen.Figure 72   Network > WAN > Advanced
 Chapter 8WAN SetupMAX-200HW2 Series User s Guide 115The following table describes the labels in this screen.8.6  Configuring Traffic Redirect SettingsTo change your ZyXEL Device!s traffic redirect settings, click Network > WAN > Traffic Redirect. The screen appears as shown.Table 37   Network > WAN > AdvancedLABEL DESCRIPTIONDNS ServersFirst, Second and Third DNS ServerSelect Obtainedfrom ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). Use the drop-down list box to select a DNS server IP address that the ISP assigns in the field to the right. Select UserDefined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose UserDefined,but leave the IP address set to 0.0.0.0, UserDefined changes to None after you click Apply. If you set a second choice to UserDefined, and enter the same IP address, the second UserDefined changes to None after you click Apply.Select None if you do not want to configure DNS servers. You must have another DHCP server on your LAN, or else the computers must have their DNS server addresses manually configured. If you do not configure a DNS server, you must know the IP address of a computer in order to access it.RIP & Multicast SetupRIP DirectionSelect the RIP direction from None,Both,In Only and Out Only.RIP VersionSelect the RIP version from RIP-1,RIP-2B and RIP-2M.MulticastIGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it.Windows Networking (NetBIOS over TCP/IP)NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN.Allow between LAN and WANSelect this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN. If your firewall is enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default WAN to LAN firewall rule that forwards NetBIOS traffic.Clear this check box to block all NetBIOS packets going from the LAN to the WAN and from the WAN to the LAN.Allow Trigger DialSelect this option to allow NetBIOS packets to initiate calls.ApplyClick this button to save your settings.ResetClick this button to return all the fields in this screen to their default values.
Chapter 8WAN SetupMAX-200HW2 Series User s Guide116Figure 73   Network > WAN > Traffic RedirectThe following table describes the labels in this screen.Table 38   Network > WAN > Traffic RedirectLABEL DESCRIPTIONTraffic RedirectActiveSelect this check box to have the ZyXEL Device use traffic redirect if the normal WAN connection goes down.Note: If you activate traffic redirect, you must configure the CheckWAN IP Address field.Backup Gateway IP AddressType the IP address of your backup gateway in dotted decimal notation. The ZyXEL Device automatically forwards traffic to this IP address if the ZyXEL Device's Internet connection terminates. Check WAN IP AddressConfigure this field to test your ZyXEL Device's WAN accessibility. Type the IP address of a reliable nearby computer (for example, your ISP's DNS server address). Note: If you activate either traffic redirect or dial backup, you must configure an IP address here. When using a WAN backup connection, the ZyXEL Device periodically pings the addresses configured here and uses the other WAN backup connection (if configured) if there is no response.Fail ToleranceType the number of times (2 recommended) that your ZyXEL Device may ping the IP addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection).Period (sec)The ZyXEL Device tests a WAN connection by periodically sending a ping to either the default gateway or the address in the Check WAN IP Address field.Type a number of seconds (5 to 300) to set the time interval between checks. Allow more time if your destination IP address handles lots of traffic.Timeout (sec)Type the number of seconds (1 to 10) for your ZyXEL Device to wait for a response to the ping before considering the check to have failed. This setting must be less than the Period. Use a higher value in this field if your network is busy or congested.ApplyClick this button to save your settings.ResetClick this button to return all the fields in this screen to their default values.
 Chapter 8WAN SetupMAX-200HW2 Series User s Guide 1178.6.1 Configuring The AntennaIn this screen you can select whether to use the internal or external antenna for WiMAX. Select Automatic Selection to have the ZyXEL Device use whichever antenna has the best signal reception (recommended). Alternatively, if you do not want to use the external antenna, select Use Internal Antenna, and if you do not want to use the internal antenna, select Use External Antenna.The MAX-200HW2 and MAX-230HW2 does not have an internal antenna.To choose which antenna to use, click Network > WAN > Antenna Selection. The screen appears as shown.Figure 74   Network > WAN > Antenna SelectionThe following table describes the labels in this screen.Table 39   Network > WAN > Antenna SelectionLABEL DESCRIPTIONAutomatic SelectionSelect Automatic Selection to have the ZyXEL Device choose which antenna to use. This setting is recommend as it will choose the antenna with the stronger signal reception.Use Internal AntennaSelect Use Internal Antenna to have the ZyXEL Device use it s internal antenna. This option is not applicable for the MAX-200HW2 and MAX-230HW2.Use External AntennaSelect Use External Antenna to have the ZyXEL Device use it s external antenna. ApplyClick this button to save your settings.ResetClick this button to return the fields in this screen to their default settings.
Chapter 8WAN SetupMAX-200HW2 Series User s Guide118
MAX-200HW2 Series User s Guide 119CHAPTER  9 LANUse these screens to set up the ZyXEL Device on the LAN. You can configure its IP address and subnet mask, DHCP services, and other subnets. You can also control how the ZyXEL Device sends routing information using RIP.9.1  LAN OverviewA Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is usually a computer network limited to the immediate area, such as the same building or floor of a building.9.1.1  IP Address and Subnet MaskSimilar to the way houses on a street share a common street name, computers on a LAN share one common network number.Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT) feature of the ZyXEL Device. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network.Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your ZyXEL Device, but make sure that no other device on your network is using that IP address.The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise.
Chapter 9LANMAX-200HW2 Series User s Guide1209.1.2  DHCP SetupDHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN, or else each computer must be manually configured.The ZyXEL Device is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool). See the product specifications in the appendices. Do not assign static IP addresses from the DHCP pool to your LAN computers.These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), see Section 9.2.2 on page 122.9.1.3  LAN TCP/IPThe ZyXEL Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.The LAN parameters of the ZyXEL Device are preset in the factory with the following values: IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), see Section 9.2.2 on page 122.9.1.4  DNS Server AddressDNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it.  The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask.There are two ways that an ISP disseminates the DNS server addresses.  The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up.  If your ISP gives you the DNS server addresses, enter them in the DNS Serverfields in DHCP Setup, otherwise, leave them blank.Some ISPs choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The ZyXEL Device supports the IPCP DNS server extensions through the DNS proxy feature.If the Primary and Secondary DNS Server fields in the LAN Setup screen are notspecified,for instance, left as 0.0.0.0, the ZyXEL Device tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the ZyXEL Device, the ZyXEL Device forwards the query to the real DNS server learned through IPCP and relays the response back to the computer.
 Chapter 9LANMAX-200HW2 Series User s Guide 121Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the LAN Setup screen. This way, the ZyXEL Device can pass the DNS servers to the computers and the computers can query the DNS server directly without the ZyXEL Device!s intervention.9.1.5  RIP SetupRIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets.  When set to: Both - the ZyXEL Device will broadcast its routing table periodically and incorporate the RIP information that it receives. In Only - the ZyXEL Device will not send any RIP packets but will accept all RIP packets received. Out Only - the ZyXEL Device will send out RIP packets but will not accept any RIP packets received. None - the ZyXEL Device will not send any RIP packets and will ignore any RIP packets received.The Version field controls the format and the broadcasting method of the RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting.9.1.6  MulticastTraditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1.IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.
Chapter 9LANMAX-200HW2 Series User s Guide122The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the ZyXEL Device queries all directly connected networks to gather group membership. After that, the ZyXEL Device periodically updates this information. IP multicasting can be enabled/disabled on the ZyXEL Device LAN and/or WAN interfaces in the web configurator (LAN; WAN). Select None to disable IP multicasting on these interfaces.9.2  LAN Screens9.2.1  LAN IP ScreenUse this screen to set up the ZyXEL Device!s IP address and subnet mask. To access this screen, click Network > LAN > IP.Figure 75   Network > LAN > IPEach field is described in the following table.9.2.2  LAN DHCP Setup ScreenUse this screen to enable, disable, and configure the DHCP server in the ZyXEL Device. To access this screen, click Network > LAN > DHCP Setup.Table 40   Network > LAN > IPLABEL DESCRIPTIONIP Address Enter the IP address of the ZyXEL Device on the LAN.Note: This field is the IP address you use to access the ZyXEL Device on the LAN. If the web configurator is running on a computer on the LAN, you lose access to the web configurator as soon as you change this field and click Apply. You can access the web configurator again by typing the new IP address in the browser.IP Subnet Mask Enter the subnet mask of the LAN.Apply Click this to save your changes.Reset Click this to set every field in this screen to its default value.
 Chapter 9LANMAX-200HW2 Series User s Guide 123Figure 76   Network > LAN > DHCP SetupEach field is described in the following table.9.2.3  LAN Static DHCP ScreenThis screen has no effect if the DHCP server is not enabled. You can enable it in Network > LAN > DHCP Setup.Table 41   Network > LAN > DHCP SetupLABEL DESCRIPTIONDHCP SetupEnable DHCP ServerSelect this if you want the ZyXEL Device to be the DHCP server on the LAN. As a DHCP server, the ZyXEL Device assigns IP addresses to DHCP clients on the LAN and provides the subnet mask and DNS server information.IP Pool Starting AddressEnter the IP address from which the ZyXEL Device begins allocating IP addresses, if you have not specified an IP address for this computer in Network > LAN > Static DHCP.Pool Size Enter the number of IP addresses to allocate. This number must be at least one and is limited by a subnet mask of 255.255.255.0 (regardless of the subnet the ZyXEL Device is in). For example, if the IP Pool Start Address is 10.10.10.10, the ZyXEL Device can allocate up to 10.10.10.254, or 245 IP addresses.DNS ServerFirst DNS ServerSecond DNS ServerThird DNS ServerSpecify the IP addresses of a maximum of three DNS servers that the network can use. The ZyXEL Device provides these IP addresses to DHCP clients. You can specify these IP addresses two ways.From ISP - provide the DNS servers provided by the ISP on the WAN port.User Defined - enter a static IP address.DNS Relay - this setting will relay DNS information from the DNS server obtained by the ZyXEL Device.None -  no DNS service will be provided by the ZyXEL Device.Apply Click this to save your changes.Reset Click this to set every field in this screen to its default value.
Chapter 9LANMAX-200HW2 Series User s Guide124Use this screen to make the ZyXEL Device assign a specific IP address to a specific computer on the LAN. To access this screen, click Network > LAN > Static DHCP.Figure 77   Network > LAN > Static DHCPEach field is described in the following table.9.2.4  LAN Client List ScreenThis screen is empty if the DHCP server is not enabled. You can enable it in Network > LAN > DHCP Setup.Use this screen to look at the IP addresses the ZyXEL Device has assigned to DHCP clients on the LAN. To access this screen, click Network > LAN > Client List.Table 42   Network > LAN > Static DHCPLABEL DESCRIPTION#This field is a sequential value. It is not associated with a specific entry.MAC Address Enter the MAC address of the computer to which you want the ZyXEL Device to assign the same IP address.IP Address Enter the IP address you want the ZyXEL Device to assign to the computer.Apply Click this to save your changes.Reset Click this to set every field in this screen to its default value.
 Chapter 9LANMAX-200HW2 Series User s Guide 125Figure 78   Network > LAN > Client ListEach field is described in the following table.9.2.5  LAN IP Alias ScreenUse this screen to add subnets on the LAN port. You can also control what routing information is sent and received by each subnet. To access this screen, click Network > LAN > IP Alias.Figure 79   Network > LAN > IP AliasTable 43   Network > LAN > Client ListLABEL DESCRIPTION#This field is a sequential value. It is not associated with a specific entry.IP Address This field displays the IP address the ZyXEL Device assigned to the computer.Host Name This field displays the system name of the computer to which the ZyXEL Device assigned the IP address.MAC Address This field displays the MAC address of the computer to which the ZyXEL Device assigned the IP address.Reserve Select this if you want to always assign this IP address to this MAC address. Then, click Apply. The ZyXEL Device creates an entry in the LAN Static DHCP screen. See Section 9.2.2 on page 122.Apply Click this to save your changes and to apply them to the ZyXEL Device.Reset Click this to set every field in this screen to its default value.
Chapter 9LANMAX-200HW2 Series User s Guide126Each field is described in the following table.9.2.6  LAN Advanced ScreenUse this screen to control what routing information is sent and received by each subnet. To access this screen, click Network > LAN > Advanced.Table 44   Network > LAN > IP AliasLABEL DESCRIPTIONIP Alias 1IP Alias 1 Select this to add the specified subnet to the LAN port.IP Address Enter the IP address of the ZyXEL Device on the subnet.IP Subnet Mask Enter the subnet mask of the subnet.RIP Direction Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet.None - The ZyXEL Device does not send or receive routing information on the subnet.Both - The ZyXEL Device sends and receives routing information on the subnet.In Only - The ZyXEL Device only receives routing information on the subnet.Out Only - The ZyXEL Device only sends routing information on the subnet.RIP Version Select which version of RIP the ZyXEL Device uses when it sends or receives information on the subnet.RIP-1 - The ZyXEL Device uses RIPv1 to exchange routing information.RIP-2B - The ZyXEL Device broadcasts RIPv2 to exchange routing information.RIP-2M - The ZyXEL Device multicasts RIPv2 to exchange routing information.IP Alias 2IP Alias 2 Select this to add the specified subnet to the LAN port.IP Address Enter the IP address of the ZyXEL Device on the subnet.IP Subnet Mask Enter the subnet mask of the subnet.RIP Direction Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet.None - The ZyXEL Device does not send or receive routing information on the subnet.Both - The ZyXEL Device sends and receives routing information on the subnet.In Only - The ZyXEL Device only receives routing information on the subnet.Out Only - The ZyXEL Device only sends routing information on the subnet.RIP Version Select which version of RIP the ZyXEL Device uses when it sends or receives information on the subnet.RIP-1 - The ZyXEL Device uses RIPv1 to exchange routing information.RIP-2B - The ZyXEL Device broadcasts RIPv2 to exchange routing information.RIP-2M - The ZyXEL Device multicasts RIPv2 to exchange routing information.Apply Click this to save your changes.Reset Click this to set every field in this screen to its default value.
 Chapter 9LANMAX-200HW2 Series User s Guide 127Figure 80   Network > LAN > AdvancedEach field is described in the following table.Table 45   Network > LAN > AdvancedLABEL DESCRIPTIONRIP & Multicast SetupRIP Direction Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet.None - The ZyXEL Device does not send or receive routing information on the subnet.Both - The ZyXEL Device sends and receives routing information on the subnet.In Only - The ZyXEL Device only receives routing information on the subnet.Out Only - The ZyXEL Device only sends routing information on the subnet.RIP Version Select which version of RIP the ZyXEL Device uses when it sends or receives information on the subnet.RIP-1 - The ZyXEL Device uses RIPv1 to exchange routing information.RIP-2B - The ZyXEL Device broadcasts RIPv2 to exchange routing information.RIP-2M - The ZyXEL Device multicasts RIPv2 to exchange routing information.Multicast You do not have to enable multicasting to use RIP-2M. (See RIP Version.)Select which version of IGMP the ZyXEL Device uses to support multicasting on the LAN. Multicasting sends packets to some computers on the LAN and is an alternative to unicasting (sending packets to one computer) and broadcasting (sending packets to every computer).None - The ZyXEL Device does not support multicasting.IGMP-v1 - The ZyXEL Device supports IGMP version 1.IGMP-v2 - The ZyXEL Device supports IGMP version 2.Multicasting can improve overall network performance. However, it requires extra processing and generates more network traffic. In addition, other computers on the LAN have to support the same version of IGMP.Apply Click this to save your changes and to apply them to the ZyXEL Device.Reset Click this to set every field in this screen to its default value.
Chapter 9LANMAX-200HW2 Series User s Guide128
MAX-200HW2 Series User s Guide 129CHAPTER 10NATUse these screens to configure port forwarding and trigger ports for the ZyXEL Device. You can also enable and disable SIP, FTP, and H.323 ALG.10.1  NAT Overview10.1.1  Port Forwarding: Services and Port NumbersA NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world.Use the NAT Port Forwarding Screen to forward incoming service requests to the server(s) on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. In addition to the servers for specified services, NAT supports a default server. A service request that does not have a server explicitly designated for it is forwarded to the default server. If the default is not defined, the service request is simply discarded.See Appendix F on page 333 for some examples of services.For example, let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet.Figure 81   Multiple Servers Behind NAT Example
Chapter 10NATMAX-200HW2 Series User s Guide13010.1.2  Trigger Port ForwardingSome services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address, Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The ZyXEL Device records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a "trigger" port). When the ZyXEL Device's WAN port receives a response with a specific port number and protocol ("incoming" port), the ZyXEL Device forwards the traffic to the LAN IP address of the computer that sent the request. After that computer!s connection for that service closes, another computer on the LAN can use the service in the same manner. This way you do not need to configure a new IP address each time you want a different LAN computer to use the application.10.1.2.1  Trigger Port Forwarding ExampleThe following is an example of trigger port forwarding. In this example, J is Jane!s computer and S is the Real Audio server.Figure 82   Trigger Port Forwarding Process: Example1Jane requests a file from the Real Audio server (port 7070).2Port 7070 is a "trigger# port and causes the ZyXEL Device to record Jane!s computer IP address. The ZyXEL Device associates Jane's computer IP address with the "incoming" port range of 6970-7170.3The Real Audio server responds using a port number ranging between 6970-7170.4The ZyXEL Device forwards the traffic to Jane!s computer IP address. 5Only Jane can connect to the Real Audio server until the connection is closed or times out. The ZyXEL Device times out in three minutes with UDP (User Datagram Protocol), or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol). 10.1.2.2  Two Points To Remember About Trigger Ports1Trigger events only happen on data that is coming from inside the ZyXEL Device and going to the outside.
 Chapter 10NATMAX-200HW2 Series User s Guide 1312If an application needs a continuous data stream, that port (range) will be tied up so that another computer on the LAN can!t trigger it. 10.1.3  SIP ALGSome applications, such as SIP, cannot operate through NAT (are NAT un-friendly) because they embed IP addresses and port numbers in their packets! data payload. Some NAT routers may include a SIP Application Layer Gateway (ALG). An Application Layer Gateway (ALG) manages a specific protocol (such as SIP, H.323 or FTP) at the application layer. A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream. See Section 10.2.5 on page 135 for information on configuring the ZyXEL Device!s ALG.10.2  NAT Screens10.2.1  NAT General ScreenUse this screen to enable and disable NAT and to allocate memory for NAT and firewall rules. To access this screen, click Network > NAT > General.Figure 83   Network > NAT > GeneralEach field is described in the following table.Table 46   Network > NAT > GeneralLABEL DESCRIPTIONNAT SetupEnable Network Address TranslationSelect this if you want to use port forwarding, trigger ports, or any of the ALG.
Chapter 10NATMAX-200HW2 Series User s Guide13210.2.2  NAT Port Forwarding ScreenUse this screen to look at the current port-forwarding rules in the ZyXEL Device, and to enable, disable, activate, and deactivate each one. You can also set up a default server to handle ports not covered by rules. To access this screen, click Network > NAT > Port Forwarding.Figure 84   Network > NAT > Port ForwardingMax NAT/Firewall Session Per UserWhen computers use peer to peer applications, such as file sharing applications, they may use a large number of NAT sessions. If you do not limit the number of NAT sessions a single client can establish, this can result in all of the available NAT sessions being used. In this case, no additional NAT sessions can be established, and users may not be able to access the Internet.  Each NAT session establishes a corresponding firewall session. Use this field to limit the number of NAT/firewall sessions each client computer can establish through the ZyXEL Device. If your network has a small number of clients using peer to peer applications, you can raise this number to ensure that their performance is not degraded by the number of NAT sessions they can establish. If your network has a large number of users using peer to peer applications, you can lower this number to ensure no single client is using all of the available NAT sessions.  Apply Click this to save your changes and to apply them to the ZyXEL Device.Cancel Click this to set every field in this screen to its last-saved value.Table 46   Network > NAT > GeneralLABEL DESCRIPTION
 Chapter 10NATMAX-200HW2 Series User s Guide 133Each field is described in the following table.10.2.3  NAT Port Forwarding Edit ScreenUse this screen to activate, deactivate, and edit each port-forwarding rule in the ZyXEL Device. To access this screen, click an Edit icon in Network > NAT > Port Forwarding.Figure 85   Network > NAT > Port Forwarding > EditTable 47   Network > NAT > Port ForwardingLABEL DESCRIPTIONDefault Server SetupDefault Server Enter the IP address of the server to which the ZyXEL Device should forward packets for ports that are not specified in the Port Forwarding section below or in the Management > Remote MGMT screens. Enter 0.0.0.0 if you want the ZyXEL Device to discard these packets instead.Port Forwarding#This field is a sequential value, and it is not associated with a specific rule. The sequence is important, however. The ZyXEL Device checks each rule in order, and it only follows the first one that applies.Active Select this to enable this rule. Clear this to disable this rule.Name This field displays the name of the rule. It does not have to be unique.Start Port This field displays the beginning of the range of port numbers forwarded by this rule.End Port This field displays the end of the range of port numbers forwarded by this rule. If it is the same as the Start Port, only one port number is forwarded.Server IP Address This field displays the IP address of the server to which packet for the selected port(s) are forwarded.Modify This column provides icons to edit and delete rules.To edit a rule, click the Edit icon next to the rule. The NAT Port Forwarding Editscreen appears.To delete a rule, click the Remove icon next to the rule. All the information in the rule returns to the default settings.Apply Click this to save your changes and to apply them to the ZyXEL Device.Reset Click this to set every field in this screen to its last-saved value.
Chapter 10NATMAX-200HW2 Series User s Guide134Each field is described in the following table.10.2.4  NAT Trigger Port ScreenUse this screen to maintain port-triggering rules in the ZyXEL Device. To access this screen, click Network > NAT > Trigger Port.Figure 86   Network > NAT > Trigger PortTable 48   Network > NAT > Port Forwarding > EditLABEL DESCRIPTIONActive Select this to enable this rule. Clear this to disable this rule.Service Name Enter a name to identify this rule. You can use 1 - 31 printable ASCII characters, or you can leave this field blank. It does not have to be a unique name.Start PortEnd PortEnter the port number or range of port numbers you want to forward to the specified server.To forward one port number, enter the port number in the Start Port and End Portfields.To forward a range of ports,#enter the port number at the beginning of the range in the Start Port field#enter the port number at the end of the range in the End Port field.Server IP Address Enter the IP address of the server to which to forward packets for the selected port number(s). This server is usually on the LAN.Apply Click this to save your changes and to apply them to the ZyXEL Device.Cancel Click this to set every field in this screen to its last-saved value.
 Chapter 10NATMAX-200HW2 Series User s Guide 135Each field is described in the following table.10.2.5  NAT ALG ScreenUse this screen to enable and disable SIP (VoIP), FTP (file transfer), and H.323 (audio-visual) ALG in the ZyXEL Device. To access this screen, click Network > NAT > ALG.Figure 87   Network > NAT > ALGEach field is described in the following table.Table 49   Network > NAT > Trigger PortLABEL DESCRIPTIONName Enter a name to identify this rule. You can use 1 - 15 printable ASCII characters, or you can leave this field blank. It does not have to be a unique name.IncomingStart PortEnd PortEnter the incoming port number or range of port numbers you want to forward to the IP address the ZyXEL Device records.To forward one port number, enter the port number in the Start Port and End Portfields.To forward a range of ports,#enter the port number at the beginning of the range in the Start Port field#enter the port number at the end of the range in the End Port field.If you want to delete this rule, enter zero in the Start Port and End Port fields.TriggerStart PortEnd PortEnter the outgoing port number or range of port numbers that makes the ZyXEL Device record the source IP address and assign it to the selected incoming port number(s).To select one port number, enter the port number in the Start Port and End Portfields.To select a range of ports,#enter the port number at the beginning of the range in the Start Port field#enter the port number at the end of the range in the End Port field.If you want to delete this rule, enter zero in the Start Port and End Port fields.Apply Click this to save your changes and to apply them to the ZyXEL Device.Cancel Click this to discard your changes.Table 50   Network > NAT > ALGLABEL DESCRIPTIONEnable SIP ALG Select this to make sure SIP (VoIP) works correctly with port-forwarding and port-triggering rules.Enable FTP ALG Select this to make sure FTP (file transfer) works correctly with port-forwarding and port-triggering rules.
Chapter 10NATMAX-200HW2 Series User s Guide136Enable H.323 ALGSelect this to make sure H.323 (audio-visual programs, such as NetMeeting) works correctly with port-forwarding and port-triggering rules.Apply Click this to save your changes and to apply them to the ZyXEL Device.Cancel Click this to discard your most recent changes.Table 50   Network > NAT > ALGLABEL DESCRIPTION
MAX-200HW2 Series User s Guide 137CHAPTER 11 VPN Transport11.1  OverviewThis chapter describes the Network > VPN Transport screens.The ZyXEL Device!s VPN Transport feature allows traffic from multiple users to pass through the WiMAX network, to the service provider!s router. Each user has his own personal connection to the service provider, even though there is only a single WiMAX connection. This allows the service provider to identify which user traffic comes from.The following figure shows two users (A and B), connecting to the ZyXEL Device (Z)through a switch (S). Each user has his own connection over the WiMAX network to the service provider!s router (R).Figure 88   VPN Transport exampleThe services available may vary, depending upon the service provider.VPN stands for "Virtual Private Network#. There are many types of VPN; the type used by the ZyXEL Device is known as Virtual Private LAN Service, or VPLS. Unlike some other types of VPN (such as IPSec VPNs) VPLS VPNs do not use authentication or encryption to secure the data they carry. ABSZRWiMAX
Chapter 11VPN TransportMAX-200HW2 Series User s Guide13811.1.1  What You Can Do in the VPN Transport Screens Use the Network > VPN Transport > General screen (see Section 11.2 on page 140) to turn VPN transport on or off, and to set the VPN transport endpoint (your service provider!s router).  Use the Network > VPN Transport > Customer Interface screen (see Section 11.3 on page 141) to specify which users can use which WiMAX network links. Use the Network > VPN Transport > Ethernet Pseudowire screen (see Section 11.5 on page 143) to configure the links over the WiMAX network between the ZyXEL Device and the service provider!s router. Use the  Network > VPN Transport > Statistics screen (see Section 11.7 on page 145) to view performance information about the VPN transport connections.11.1.2  What You Need to Know about VPN TransportIdentifying UsersFor the ZyXEL Device!s VPN Transport feature to work, it must be able to identify users on the LAN. It does this by examining VLAN (Virtual Local Area Network) tags.These tags must be added to the data packets by a switch on the LAN. In the following example, two users (A and B) are connected to a switch (C). A and B are connected to different ports on the switch (port 1 and port 2). A and B send untagged packets to the switch. The switch adds tags to packets depending on the physical port on which they arrive. Packets arriving on port 1 are given a VLAN ID (VLAN IDentifier) of 1, and packets arriving on port 2 are given a VLAN ID of 2. When the packets reach the ZyXEL Device (D), their source is identified by examining their VLAN tags.Figure 89   Identifying UsersABPORT 1PORT 2PORT 1 VLAN 1PORT 2 VLAN 212CD
 Chapter 11VPN TransportMAX-200HW2 Series User s Guide 139Ethernet PseudowiresBecause VPLS mimics a simple wired Ethernet connection to your service provider!s router, the connection between the ZyXEL Device and the peer device is known as an "Ethernet pseudowire# or "PW#. The Ethernet pseudowires use MPLS (MultiProtocol Label Switching) virtual circuit labels to define the connection. In any such pseudowire, the ingress label on one device must be the same as the egress label on the peer device, as shown in the following figure. A is your ZyXEL Device and B is your service provider!s router.Figure 90   Ethernet Pseudowire Settings Example  Customer Interface MappingOnce the ZyXEL Device has examined a frame!s VLAN tag, it is able to assign the frame to a specified path. This is done using a customer interface. The customer interface is simply a set of information that takes frames from a VLAN and put them on an Ethernet pseudowire, and vice versa.In the following example, the ZyXEL Device takes frames tagged with two different VLAN IDs (10 and 20) and using the customer interfaces, assigns them to specific pseudowires (PW1and PW2).Figure 91   Pseudowire MappingINGRESS LABEL: XEGRESS LABEL: YINGRESS LABEL: YEGRESS LABEL: XPSEUDOWIRETO   YTO   XVLAN 10 PW1VLAN 20 PW210 20PW1PW212WiMAXR
Chapter 11VPN TransportMAX-200HW2 Series User s Guide140The ZyXEL Device has a default customer interface configured for frames that arrive at the ZyXEL Device without VLAN tags.11.1.3  Before You BeginBefore you start configuring your ZyXEL Device to use VPN transport, ensure that you have the following from the service provider. The IP address or domain name of the service provider!s edge router. Virtual circuit (VC) labels for each Ethernet Pseudowire you want to create.Also, ensure you know the VLAN IDs (Virtual LAN IDentifiers) of the VLANs on your LAN.11.2  The General ScreenUse this screen to turn VPN transport on or off, and to set the VPN transport endpoint (your service provider!s router). Click Network > VPN Transport > General. The following screen displays.Figure 92   Network > VPN Transport > GeneralThe following table describes the labels in this screen.Table 51   Network > VPN Transport > GeneralLABEL DESCRIPTIONL2/L3 VPN Transport General SetupTransport L2/L3 VPN traffic through WiMAX network by using Ethernet pseudowireSelect this to turn the VPN transport feature on. Deselect it to turn the VPN transport feature off.Remote GRE Tunnel EndEnter the domain name or IP address of your service provider s router.  ApplyClick this to save your settings.ResetClick this to return the fields in this screen to their defaults.
 Chapter 11VPN TransportMAX-200HW2 Series User s Guide 14111.3  The Customer Interface ScreenUse this screen to configure the VPNs used by the ZyXEL Device. The customer interfaces connect data coming from your computers to Ethernet pseudowires, according to the data!s VLAN (Virtual Local Area Network) information. One customer interface is for traffic that has no tag; this is the default interface (rule 0) which cannot be deleted in the GUI. All other customer interfaces are identified by their VLAN ID.Click Network > VPN Transport > Customer Interface. The following screen displays.Figure 93   Network > VPN Transport > Customer InterfaceThe following table describes the labels in this screen.Table 52   Network > VPN Transport > Customer InterfaceLABEL DESCRIPTION#This displays the interface index number. Interface 0 is the default rule for routing, and cannot be deleted.ActiveThis icon is green if the associated interface is enabled. The icon is grey if the associated interface is disabled. Enable or disable an interface by clicking its Edit icon and selecting or deselecting Active and clicking Apply in the screen that displays.InterfaceTypeThis displays either Tagged or Untagged. A tagged interface controls traffic with a specific IEEE 802.1Q VLAN tag, whereas an untagged interface controls traffic that does not have a VLAN tag. There can be only one untagged interface.
Chapter 11VPN TransportMAX-200HW2 Series User s Guide14211.4  The Customer Interface Edit ScreenCustomer interfaces map traffic onto specific Ethernet pseudowires for transport over the WiMAX network. There is also a default customer interface for routing traffic that does not possess a VLAN tag.Use this screen to configure the customer interface settings. Click the Edit icon in the Network > VPN Transport > Customer Interface screen. The following screen displays.Figure 94   Network > VPN Transport > Customer Interface EditThe following table describes the labels in this screen.VLAN IDFor a tagged interface, this displays the IEEE 802.1Q VLAN ID number. For the untagged interface, -1 displays.Mode (B, R)This displays either B (bridging) or R (routing). Only the default interface, interface 0, can be a routing interface.Associated Ethernet Pseudowire This displays the number of the Ethernet pseudowire that this interface uses, as well as the ingress and egress MPLS (Multi-Protocol Label Switching) VC (Virtual Circuit) label numbers.dscpThis displays the DiffServ Control Point value you previously entered in binary (see Section 12.1.12 on page 155 for more information on DSCP). This determines the pseudowire s priority on the network. The DSCP value is displayed in binary notation and has six bits.Interface DescriptionThis displays the information you previously entered describing the interface. For the default interface, interface 0, the description reads !for routing / NAT".ModifyClick the Edit icon to set up a new interface or alter the configuration of an existing interface.Click the Delete icon to remove an existing interface. Table 52   Network > VPN Transport > Customer InterfaceLABEL DESCRIPTIONTable 53   Network > VPN Transport > Customer Interface EditLABEL DESCRIPTIONCustomer InterfaceTypeA customer interface can be tagged (controlling traffic that has a specific VLAN ID) or untagged (controlling traffic without a specific VLAN ID). There can be only one untagged interface.
 Chapter 11VPN TransportMAX-200HW2 Series User s Guide 14311.5  The Ethernet Pseudowire ScreenUse this screen to configure Ethernet pseudowires. Each Ethernet pseudowire mimics a regular wired Ethernet connection, transporting VPLS data over the WiMAX network between the ZyXEL Device and the peer device (the endpoint you specify in the Network > VPN Transport > General screen).Click Network > VPN Transport > Ethernet Pseudowire. The following screen displays.VLAN IDEnter the Virtual Local Area Network Identifier number (1 ~ 4094) for this interface. This VLAN ID must not be used by any other customer interface. For the untagged interface, -1 displays.ModeThis displays Bridging or Routing. A tagged interface can operate in bridging mode only.Associated Ethernet PseudowireSelect the Ethernet pseudowire this interface should use for communications over the WiMAX network. You should configure the pseudowire (in the Network > VPN Transport >Ethernet Pseudowire screen) before you select it.DSCPIf you wish to prioritize an interface, enter a DiffServ Code Point value of six bits in binary notation. The higher the value, the higher the interface s priority on the ZyXEL Device s WiMAX link. See Section 12.1.12 on page 155 for more information on DSCP.Interface DescriptionEnter a brief (up to 31 characters) name or description for this interface.ApplyClick this to save your changes and return to the previous screen.CancelClick this to return to the previous screen without saving your changes.Table 53   Network > VPN Transport > Customer Interface EditLABEL DESCRIPTION
Chapter 11VPN TransportMAX-200HW2 Series User s Guide144Figure 95   Network > VPN Transport > Ethernet PseudowireThe following table describes the labels in this screen.11.6  The Ethernet Pseudowire Edit ScreenUse this screen to set up or modify an Ethernet pseudowire!s configuration. Click a pseudowire entry!s Edit icon in the Network > VPN Transport >Ethernet Pseudowirescreen. The following screen displays.Table 54   Network > VPN Transport > Ethernet PseudowireLABEL DESCRIPTION#This displays the pseudowire index number.ActiveThis icon is green if the associated pseudowire is enabled. The icon is grey if the associated pseudowire is disabled. Enable or disable a pseudowire by clicking its Edit icon.IngressThis is the MPLS virtual circuit label number for traffic coming from the peer device.EgressThis is the MPLS virtual circuit label number for traffic going to the peer device.Pseudowire DescriptionThis displays the information you previously entered describing the pseudowire. ModifyClick the Edit icon to set up a new interface or alter the configuration of an existing pseudowire.Click the Delete icon to remove an existing pseudowire.
 Chapter 11VPN TransportMAX-200HW2 Series User s Guide 145Figure 96   Network > VPN Transport > Ethernet Pseudowire > EditThe following table describes the labels in this screen.11.7  The Statistics ScreenUse this screen to view details and performance information of each active customer interface and its associated Ethernet pseudowire. Click Network > VPN Transport > Statistics. The following screen displays.Table 55   Network > VPN Transport > Ethernet Pseudowire > EditLABEL DESCRIPTIONActiveSelect this to enable the pseudowire. Deselect it to disable the pseudowire.IngressEnter the VC ingress label number for this pseudowire. This must be the egress label number of the peer device. This should not be the ingress label number of any other Ethernet pseudowire configured on the ZyXEL Device.EgressEnter the egress label number for this pseudowire. This must be the ingress label of the peer device. This should not be the egress label number of any other Ethernet pseudowire configured on the ZyXEL Device.Pseudowire DescriptionEnter a brief (up to 31 characters) description for this pseudowire.ApplyClick this to save your settings and return to the previous screen.ResetClick this to reset the fields in this screen to their last-saved values.
Chapter 11VPN TransportMAX-200HW2 Series User s Guide146Figure 97   Network > VPN Transport > StatisticsThe following table describes the labels in this screen.11.8  VPN Transport Technical ReferenceThis section includes background information about VPN Transport.11.8.1  Multi-Protocol Label SwitchingThe ZyXEL Device uses MPLS VPNs to create virtual private LANs. MPLS stands for Multi-Protocol Label Switching, and is a packet-switching technology that allows packets with different VLAN tags to be transported on different paths (known as LSPs, or Label Switched Paths). Each packet is identified by its VLAN tag and sent to a specific LSP for transport over the WiMAX network. Table 56   Network > VPN Transport > StatisticsLABEL DESCRIPTION#This is the index number of the customer interface.ActiveThis icon is green if the associated interface is enabled. The icon is grey if the associated interface is disabled. Enable or disable an interface by clicking its Edit icon.Total PacketsThis displays the number of packets received (Receive) and sent (Transmit) on the customer interface since the interface was activated, or the Clear button pressed.Total BytesThis displays the number of bytes received (Receive) and sent (Transmit) on the customer interface since the interface was activated, or the Clear button pressed.Interface DescriptionThis is the brief name or description of the customer interface you configured in the Network > VPN Transport > Customer Interface > Edit screen.
 Chapter 11VPN TransportMAX-200HW2 Series User s Guide 147Each LSP has a defined start-point and end-point. Since MPLS creates mono-directional paths (traffic flows in only one direction), each Ethernet pseudowire uses two LSPs so that traffic can flow both ways. One LSP carries upstream traffic, and the other carries downstream traffic.11.8.2  Generic Routing EncapsulationIn order to transport the VPLS traffic over the WiMAX network, the ZyXEL Device uses the Generic Routing Encapsulation (GRE) protocol. Like MPLS, GRE is a tunneling protocol that has specified endpoints. The GRE tunnel is bi-directional, and transports both LSPs. The GRE tunnel runs across the WiMAX network between the ZyXEL Device and your service provider!s router.  It is necessary to encapsulate the Ethernet pseudowire since the WiMAX connection is IP-only. MPLS information is carried in a packet!s Ethernet header and, without encapsulation, would be stripped from the packet prior to the packet!s transmission over the WiMAX link.The following figure shows the VPLS connection between your ZyXEL Device (A) and your service provider!s router (B), consisting of GRE-encapsulated Ethernet pseudowire traffic.Figure 98   VPLS TunnelingETHERNET PSEUDOWIRESGRETUNNELWiMAX CONNECTION
Chapter 11VPN TransportMAX-200HW2 Series User s Guide148
MAX-200HW2 Series User s Guide 149CHAPTER 12SIPUse these screens to set up your SIP accounts and to configure QoS settings.12.1  SIP Overview12.1.1  Introduction to VoIPVoIP (Voice over IP) is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit-switched telephone network. You can also use servers to run telephone service applications like PBX services and voice mail. Internet Telephony Service Provider (ITSP) companies provide VoIP service. A company could alternatively set up an IP-PBX and provide it!s own VoIP service.Circuit-switched telephone networks require 64 kilobits per second (kbps) in each direction to handle a telephone call. VoIP can use advanced voice coding techniques with compression to reduce the required bandwidth. 12.1.2  Introduction to SIPThe Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.SIP signaling is separate from the media for which it handles sessions. The media that is exchanged during the session can use a different path from that of the signaling. SIP handles telephone calls and can interface with traditional circuit-switched telephone networks.12.1.3  SIP IdentitiesA SIP account uses an identity (sometimes referred to as a SIP address). A complete SIP identity is called a SIP URI (Uniform Resource Identifier). A SIP account's URI identifies the SIP account in a way similar to the way an e-mail address identifies an e-mail account. The format of a SIP identity is SIP-Number@SIP-Service-Domain.12.1.3.1  SIP NumberThe SIP number is the part of the SIP URI that comes before the "@# symbol. A SIP number can use letters like in an e-mail address (johndoe@your-ITSP.com for example) or numbers like a telephone number (1122334455@VoIP-provider.com for example).
Chapter 12SIPMAX-200HW2 Series User s Guide15012.1.3.2  SIP Service DomainThe SIP service domain of the VoIP service provider (the company that lets you make phone calls over the Internet) is the domain name in a SIP URI. For example, if the SIP address is 1122334455@VoIP-provider.com, then "VoIP-provider.com# is the SIP service domain.12.1.4  SIP Call ProgressionThe following figure displays the basic steps in the setup and tear down of a SIP call. A calls B.1A sends a SIP INVITE request to B. This message is an invitation for B to participate in a SIP telephone call. 2B sends a response indicating that the telephone is ringing.3B sends an OK response after the call is answered. 4A then sends an ACK message to acknowledge that B has answered the call. 5Now A and B exchange voice media (talk). 6After talking, A hangs up and sends a BYE request. 7B replies with an OK response confirming receipt of the BYE request and the call is terminated.12.1.5  SIP Client ServerSIP is a client-server protocol. A SIP client is an application program or device that sends SIP requests. A SIP server responds to the SIP requests. When you use SIP to make a VoIP call, it originates at a client and terminates at a server. A SIP client could be a computer or a SIP phone. One device can act as both a SIP client and a SIP server. 12.1.5.1  SIP User Agent A SIP user agent can make and receive VoIP telephone calls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol. In the following figure, either A or B can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent to receive the call.Table 57   SIP Call ProgressionA B1. INVITE2. Ringing3. OK4. ACK 5.Dialogue (voice traffic)6. BYE7. OK
 Chapter 12SIPMAX-200HW2 Series User s Guide 151Figure 99   SIP User Agent12.1.5.2  SIP Proxy ServerA SIP proxy server receives requests from clients and forwards them to another server.In the following example, you want to use client device A to call someone who is using client device C. 1The client device (A in the figure) sends a call invitation to the SIP proxy server (B).2The SIP proxy server forwards the call invitation to C.Figure 100   SIP Proxy Server12.1.5.3  SIP Redirect ServerA SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server. Redirect servers do not initiate SIP requests. In the following example, you want to use client device A to call someone who is using client device C. 1Client device A sends a call invitation for C to the SIP redirect server (B).2The SIP redirect server sends the invitation back to A with C!s IP address (or domain name).3Client device A then sends the call invitation to client device C.
Chapter 12SIPMAX-200HW2 Series User s Guide152Figure 101   SIP Redirect Server12.1.5.4  SIP Register ServerA SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register. 12.1.6  RTPWhen you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is used to handle voice data transfer. See RFC 1889 for details on RTP.12.1.7  NAT and SIPThe ZyXEL Device must register its public IP address with a SIP register server. If there is a NAT router between the ZyXEL Device and the SIP register server, the ZyXEL Device probably has a private IP address. The ZyXEL Device lists its IP address in the SIP message that it sends to the SIP register server. NAT does not translate this IP address in the SIP message. The SIP register server gets the ZyXEL Device!s IP address from inside the SIP message and maps it to your SIP identity. If the ZyXEL Device has a private IP address listed in the SIP message, the SIP server cannot map it to your SIP identity. See Chapter 10 on page 129 for more information about NAT.Use a SIP ALG (Application Layer Gateway), Use NAT, STUN, or outbound proxy to allow the ZyXEL Device to list its public IP address in the SIP messages.12.1.7.1  SIP ALGSee Section 10.1.3 on page 131.

Navigation menu