ZyXEL Communications MAX207HW2 WiMAX MIMO 2.5GHz Indoor Multiple-user CPE User Manual Quick Start Guide

ZyXEL Communications Corporation WiMAX MIMO 2.5GHz Indoor Multiple-user CPE Quick Start Guide

UserManual.wiki >

ZyXEL Communications >

MAX207HW2 User Manual >

Contents

Manual 3

Appendix D IP Addresses and SubnettingUser’s Guide232NotationSince the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. SubnettingYou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 – 2 or 254 possible hosts.Table 74 Alternative Subnet Mask NotationSUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL)255.255.255.0 /24 0000 0000 0255.255.255.128 /25 1000 0000 128255.255.255.192 /26 1100 0000 192255.255.255.224 /27 1110 0000 224255.255.255.240 /28 1111 0000 240255.255.255.248 /29 1111 1000 248255.255.255.252 /30 1111 1100 252

Appendix D IP Addresses and SubnettingUser’s Guide 233The following figure shows the company network before subnetting. Figure 119 Subnetting Example: Before SubnettingYou can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.100.128 /25.

Appendix D IP Addresses and SubnettingUser’s Guide234The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 120 Subnetting Example: After SubnettingIn a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.100.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.100.1 and the highest is 192.168.100.126. Similarly, the host ID range for subnet B is 192.168.100.129 to 192.168.1.254.Example: Four Subnets The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.

Appendix D IP Addresses and SubnettingUser’s Guide 235Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 75 Subnet 1IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address (Decimal) 192.168.1. 0IP Address (Binary) 11000000.10101000.00000001. 00000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.100.1Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62Table 76 Subnet 2IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 64IP Address (Binary) 11000000.10101000.00000001. 01000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65Broadcast Address: 192.168.100.127 Highest Host ID: 192.168.100.126Table 77 Subnet 3IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 128IP Address (Binary) 11000000.10101000.00000001. 10000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.100.128 Lowest Host ID: 192.168.100.129Broadcast Address: 192.168.100.191 Highest Host ID: 192.168.100.190Table 78 Subnet 4IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 192IP Address (Binary) 11000000.10101000.00000001. 11000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.100.192 Lowest Host ID: 192.168.100.193Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254

Appendix D IP Addresses and SubnettingUser’s Guide236Example: Eight SubnetsSimilarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.Subnet PlanningThe following table is a summary for subnet planning on a network with a 24-bit network number.The following table is a summary for subnet planning on a network with a 16-bit network number. Table 79 Eight SubnetsSUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS1 0 1 30 31232 33 62 63364 65 94 95496 97 126 1275128 129 158 1596160 161 190 1917192 193 222 2238224 225 254 255Table 80 24-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.255.128 (/25) 21262255.255.255.192 (/26) 4623255.255.255.224 (/27) 8304255.255.255.240 (/28) 16 145255.255.255.248 (/29) 32 66255.255.255.252 (/30) 64 27255.255.255.254 (/31) 128 1Table 81 16-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.128.0 (/17) 2327662255.255.192.0 (/18) 416382

Appendix D IP Addresses and SubnettingUser’s Guide 237Configuring IP AddressesWhere you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the WiMAX Modem. Once you have decided on the network number, pick an IP address for your WiMAX Modem that is easy to remember (for instance, 192.168.100.1) but make sure that no other device on your network is using that IP address.The subnet mask specifies the network number portion of an IP address. Your WiMAX Modem will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the WiMAX Modem unless you are instructed to do otherwise.3255.255.224.0 (/19) 881904255.255.240.0 (/20) 16 40945255.255.248.0 (/21) 32 20466255.255.252.0 (/22) 64 10227255.255.254.0 (/23) 128 5108255.255.255.0 (/24) 256 2549255.255.255.128 (/25) 512 12610 255.255.255.192 (/26) 1024 6211 255.255.255.224 (/27) 2048 3012 255.255.255.240 (/28) 4096 1413 255.255.255.248 (/29) 8192 614 255.255.255.252 (/30) 16384 215 255.255.255.254 (/31) 32768 1Table 81 16-bit Network Number Subnet Planning (continued)NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET

Appendix D IP Addresses and SubnettingUser’s Guide238Private IP AddressesEvery machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:• 10.0.0.0 — 10.255.255.255• 172.16.0.0 — 172.31.255.255• 192.168.0.0 — 192.168.255.255You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.IP Address ConflictsEach device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources. The devices may also be unreachable through the network. Conflicting Computer IP Addresses ExampleMore than one device can not use the same IP address. In the following example computer A has a static (or fixed) IP address that is the same as the IP address that a DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP

Appendix D IP Addresses and SubnettingUser’s Guide 239address to computer A or setting computer A to obtain an IP address automatically. Figure 121 Conflicting Computer IP Addresses ExampleConflicting Router IP Addresses ExampleSince a router connects different networks, it must have interfaces using different network numbers. For example, if a router is set between a LAN and the Internet (WAN), the router’s LAN and WAN addresses must be on different subnets. In the following example, the LAN and WAN are on the same subnet. The LAN computers cannot access the Internet because the router cannot route between networks.Figure 122 Conflicting Computer IP Addresses ExampleConflicting Computer and Router IP Addresses ExampleMore than one device can not use the same IP address. In the following example, the computer and the router’s LAN port both use 192.168.100.1 as the IP address.

Appendix D IP Addresses and SubnettingUser’s Guide240The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router’s LAN port. Figure 123 Conflicting Computer and Router IP Addresses Example

User’s Guide 241APPENDIX E Importing CertificatesThis appendix shows you how to import public key certificates into your web browser. Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as VeriSign, Comodo, or Network Solutions, to name a few, receives a certificate request from a website operator, they confirm that the web domain and contact information in the request match those on public record with a domain name registrar. If they match, then the certificate is issued to the website operator, who then places it on the site to be issued to all visiting web browsers to let them know that the site is legitimate.Many ZyXEL products, such as the NSA-2401, issue their own public key certificates. These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it. However, because the certificates were not issued by one of the several organizations officially recognized by the most common web browsers, you will need to import the ZyXEL-created certificate into your web browser and flag that certificate as a trusted authority.Note: You can see if you are browsing on a secure website if the URL in your web browser’s address bar begins with https:// or there is a sealed padlock icon ( ) somewhere in the main browser window (not all browsers show the padlock in the same location.)In this appendix, you can import a public key certificate for:• Internet Explorer on page 242•Firefox on page 252•Opera on page 258• Konqueror on page 266

Appendix E Importing CertificatesUser’s Guide242Internet ExplorerThe following example uses Microsoft Internet Explorer 7 on Windows XP Professional; however, they can also apply to Internet Explorer on Windows Vista.1If your device’s web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error.Figure 124 Internet Explorer 7: Certification Error2Click Continue to this website (not recommended).Figure 125 Internet Explorer 7: Certification Error

Appendix E Importing CertificatesUser’s Guide 2433In the Address Bar, click Certificate Error > View certificates.Figure 126 Internet Explorer 7: Certificate Error4In the Certificate dialog box, click Install Certificate.Figure 127 Internet Explorer 7: Certificate

Appendix E Importing CertificatesUser’s Guide2445In the Certificate Import Wizard, click Next.Figure 128 Internet Explorer 7: Certificate Import Wizard6If you want Internet Explorer to Automatically select certificate store based on the type of certificate, click Next again and then go to step 9.Figure 129 Internet Explorer 7: Certificate Import Wizard

Appendix E Importing CertificatesUser’s Guide 2457Otherwise, select Place all certificates in the following store and then click Browse.Figure 130 Internet Explorer 7: Certificate Import Wizard8In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK.Figure 131 Internet Explorer 7: Select Certificate Store

Appendix E Importing CertificatesUser’s Guide2469In the Completing the Certificate Import Wizard screen, click Finish.Figure 132 Internet Explorer 7: Certificate Import Wizard10 If you are presented with another Security Warning, click Yes.Figure 133 Internet Explorer 7: Security Warning

Appendix E Importing CertificatesUser’s Guide 24711 Finally, click OK when presented with the successful certificate installation message.Figure 134 Internet Explorer 7: Certificate Import Wizard12 The next time you start Internet Explorer and go to a ZyXEL web configurator page, a sealed padlock icon appears in the address bar. Click it to view the page’s Website Identification information.Figure 135 Internet Explorer 7: Website Identification

Appendix E Importing CertificatesUser’s Guide248Installing a Stand-Alone Certificate File in Internet ExplorerRather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.1Double-click the public key certificate file.Figure 136 Internet Explorer 7: Public Key Certificate File2In the security warning dialog box, click Open.Figure 137 Internet Explorer 7: Open File - Security Warning3Refer to steps 4-12 in the Internet Explorer procedure beginning on page 242 to complete the installation process.

Appendix E Importing CertificatesUser’s Guide 249Removing a Certificate in Internet ExplorerThis section shows you how to remove a public key certificate in Internet Explorer 7.1Open Internet Explorer and click TOOLS > Internet Options.Figure 138 Internet Explorer 7: Tools Menu2In the Internet Options dialog box, click Content > Certificates.Figure 139 Internet Explorer 7: Internet Options

Appendix E Importing CertificatesUser’s Guide2503In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, select the certificate that you want to delete, and then click Remove.Figure 140 Internet Explorer 7: Certificates4In the Certificates confirmation, click Yes.Figure 141 Internet Explorer 7: Certificates5In the Root Certificate Store dialog box, click Yes.Figure 142 Internet Explorer 7: Root Certificate Store

Appendix E Importing CertificatesUser’s Guide 2516The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.

Appendix E Importing CertificatesUser’s Guide252FirefoxThe following example uses Mozilla Firefox 2 on Windows XP Professional; however, the screens can also apply to Firefox 2 on all platforms.1If your device’s web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error.2Select Accept this certificate permanently and click OK.Figure 143 Firefox 2: Website Certified by an Unknown Authority

Appendix E Importing CertificatesUser’s Guide 2533The certificate is stored and you can now connect securely to the web configurator. A sealed padlock appears in the address bar, which you can click to open the Page Info > Security window to view the web page’s security information.Figure 144 Firefox 2: Page Info

Appendix E Importing CertificatesUser’s Guide254Installing a Stand-Alone Certificate File in FirefoxRather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.1Open Firefox and click TOOLS > Options.Figure 145 Firefox 2: Tools Menu2In the Options dialog box, click ADVANCED > Encryption > View Certificates.Figure 146 Firefox 2: Options

Appendix E Importing CertificatesUser’s Guide 2553In the Certificate Manager dialog box, click Web Sites > Import.Figure 147 Firefox 2: Certificate Manager4Use the Select File dialog box to locate the certificate and then click Open.Figure 148 Firefox 2: Select File5The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web page’s security information.

Appendix E Importing CertificatesUser’s Guide256Removing a Certificate in FirefoxThis section shows you how to remove a public key certificate in Firefox 2.1Open Firefox and click TOOLS > Options.Figure 149 Firefox 2: Tools Menu2In the Options dialog box, click ADVANCED > Encryption > View Certificates.Figure 150 Firefox 2: Options

Appendix E Importing CertificatesUser’s Guide 2573In the Certificate Manager dialog box, select the Web Sites tab, select the certificate that you want to remove, and then click Delete.Figure 151 Firefox 2: Certificate Manager4In the Delete Web Site Certificates dialog box, click OK.Figure 152 Firefox 2: Delete Web Site Certificates5The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.

Appendix E Importing CertificatesUser’s Guide258OperaThe following example uses Opera 9 on Windows XP Professional; however, the screens can apply to Opera 9 on all platforms.1If your device’s web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error.2Click Install to accept the certificate.Figure 153 Opera 9: Certificate signer not found

Appendix E Importing CertificatesUser’s Guide 2593The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web page’s security details.Figure 154 Opera 9: Security information

Appendix E Importing CertificatesUser’s Guide260Installing a Stand-Alone Certificate File in OperaRather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.1Open Opera and click TOOLS > Preferences.Figure 155 Opera 9: Tools Menu

Appendix E Importing CertificatesUser’s Guide 2612In Preferences, click ADVANCED > Security > Manage certificates.Figure 156 Opera 9: Preferences

Appendix E Importing CertificatesUser’s Guide2623In the Certificates Manager, click Authorities > Import.Figure 157 Opera 9: Certificate manager4Use the Import certificate dialog box to locate the certificate and then click Open.Figure 158 Opera 9: Import certificate

Appendix E Importing CertificatesUser’s Guide 2635In the Install authority certificate dialog box, click Install.Figure 159 Opera 9: Install authority certificate6Next, click OK.Figure 160 Opera 9: Install authority certificate7The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web page’s security details.

Appendix E Importing CertificatesUser’s Guide264Removing a Certificate in OperaThis section shows you how to remove a public key certificate in Opera 9.1Open Opera and click TOOLS > Preferences.Figure 161 Opera 9: Tools Menu2In Preferences, ADVANCED > Security > Manage certificates.Figure 162 Opera 9: Preferences

Appendix E Importing CertificatesUser’s Guide 2653In the Certificates manager, select the Authorities tab, select the certificate that you want to remove, and then click Delete.Figure 163 Opera 9: Certificate manager4The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.Note: There is no confirmation when you delete a certificate authority, so be absolutely certain that you want to go through with it before clicking the button.

Appendix E Importing CertificatesUser’s Guide266KonquerorThe following example uses Konqueror 3.5 on openSUSE 10.3, however the screens apply to Konqueror 3.5 on all Linux KDE distributions.1If your device’s web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error.2Click Continue.Figure 164 Konqueror 3.5: Server Authentication3Click Forever when prompted to accept the certificate.Figure 165 Konqueror 3.5: Server Authentication

Appendix E Importing CertificatesUser’s Guide 2674Click the padlock in the address bar to open the KDE SSL Information window and view the web page’s security details.Figure 166 Konqueror 3.5: KDE SSL Information

Appendix E Importing CertificatesUser’s Guide268Installing a Stand-Alone Certificate File in KonquerorRather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you.1Double-click the public key certificate file.Figure 167 Konqueror 3.5: Public Key Certificate File2In the Certificate Import Result - Kleopatra dialog box, click OK.Figure 168 Konqueror 3.5: Certificate Import ResultThe public key certificate appears in the KDE certificate manager, Kleopatra.Figure 169 Konqueror 3.5: Kleopatra

Appendix E Importing CertificatesUser’s Guide 2693The next time you visit the web site, click the padlock in the address bar to open the KDE SSL Information window to view the web page’s security details.

Appendix E Importing CertificatesUser’s Guide270Removing a Certificate in KonquerorThis section shows you how to remove a public key certificate in Konqueror 3.5.1Open Konqueror and click Settings > Configure Konqueror.Figure 170 Konqueror 3.5: Settings Menu2In the Configure dialog box, select Crypto. 3On the Peer SSL Certificates tab, select the certificate you want to delete and then click Remove.Figure 171 Konqueror 3.5: Configure4The next time you go to the web site that issued the public key certificate you just removed, a certification error appears.

Appendix E Importing CertificatesUser’s Guide 271Note: There is no confirmation when you remove a certificate authority, so be absolutely certain you want to go through with it before clicking the button.

Appendix E Importing CertificatesUser’s Guide272

User’s Guide 273APPENDIX F SIP PassthroughEnabling/Disabling the SIP ALGYou can turn off the WiMAX Modem SIP ALG to avoid retranslating the IP address of an existing SIP device that is using STUN. If you want to use STUN with a SIP client device (a SIP phone or IP phone for example) behind the WiMAX Modem, use the ip alg disable ALG_SIP command to turn off the SIP ALG.Signaling Session TimeoutMost SIP clients have an “expire” mechanism indicating the lifetime of signaling sessions. The SIP UA sends registration packets to the SIP server periodically and keeps the session alive in the WiMAX Modem. If the SIP client does not have this mechanism and makes no call during the WiMAX Modem SIP timeout default (60 minutes), the WiMAX Modem SIP ALG drops any incoming calls after the timeout period. You can use the ip alg siptimeout command to change the timeout value.Audio Session TimeoutIf no voice packets go through the SIP ALG before the timeout period default (5 minutes) expires, the SIP ALG does not drop the call but blocks all voice traffic and deletes the audio session. You cannot hear anything and you will need to make a new call to continue your conversation.

Appendix F SIP PassthroughUser’s Guide274

User’s Guide 275APPENDIX G Common ServicesThe following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.•Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.•Port(s): This value depends on the Protocol. Please refer to RFC 1700 for further information about port numbers.•If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.•If the Protocol is USER, this is the IP protocol number.•Description: This is a brief explanation of the applications that use this service or the situations in which this service is used.Table 82 Commonly Used ServicesNAME PROTOCOL PORT(S) DESCRIPTIONAH (IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service.AIM/New-ICQ TCP 5190 AOL’s Internet Messenger service. It is also used as a listening port by ICQ.AUTH TCP 113 Authentication protocol used by some servers.BGP TCP 179 Border Gateway Protocol.BOOTP_CLIENT UDP 68 DHCP Client.BOOTP_SERVER UDP 67 DHCP Server.CU-SEEME TCPUDP764824032A popular videoconferencing solution from White Pines Software.DNS TCP/UDP 53 Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers.

Appendix G Common ServicesUser’s Guide276ESP (IPSEC_TUNNEL) User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service.FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.FTP TCPTCP2021File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail.H.323 TCP 1720 NetMeeting uses this protocol.HTTP TCP 80 Hyper Text Transfer Protocol - a client/server protocol for the world wide web.HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce.ICMP User-Defined 1Internet Control Message Protocol is often used for diagnostic or routing purposes.ICQ UDP 4000 This is a popular Internet chat program.IGMP (MULTICAST) User-Defined 2Internet Group Management Protocol is used when sending packets to a specific group of hosts.IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management.IRC TCP/UDP 6667 This is another popular Internet chat program.MSN Messenger TCP 1863 Microsoft Networks’ messenger service uses this protocol. NEW-ICQ TCP 5190 An Internet chat program.NEWS TCP 144 A protocol for news groups.NFS UDP 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments.NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.PING User-Defined 1Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other).Table 82 Commonly Used Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION

Appendix G Common ServicesUser’s Guide 277PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel.PPTP_TUNNEL (GRE) User-Defined 47 PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel.RCMD TCP 512 Remote Command Service.REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web.REXEC TCP 514 Remote Execution Daemon.RLOGIN TCP 513 Remote Login.RTELNET TCP 107 Remote Telnet.RTSP TCP/UDP 554 The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP TCP 115 Simple File Transfer Protocol.SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.SNMP TCP/UDP 161 Simple Network Management Program.SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).SQL-NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers.SSH TCP/UDP 22 Secure Shell Remote Login Program.STRM WORKS UDP 1558 Stream Works Protocol.SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server.TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System).TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.Table 82 Commonly Used Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION

Appendix G Common ServicesUser’s Guide278TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).VDOLIVE TCP 7000 Another videoconferencing solution.Table 82 Commonly Used Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION

User’s Guide 279APPENDIX H Legal InformationCopyrightCopyright © 2009 by ZyXEL Communications Corporation.The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.Published by ZyXEL Communications Corporation. All rights reserved.DisclaimersZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.Your use of the WiMAX Modem is subject to the terms and conditions of any related service providers.Do not use the WiMAX Modem for illegal purposes. Illegal downloading or sharing of files can result in severe civil and criminal penalties. You are subject to the restrictions of copyright laws and any other applicable laws, and will bear the consequences of any infringements thereof. ZyXEL bears NO responsibility or liability for your use of the download service feature.TrademarksTrademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

Appendix H Legal InformationUser’s Guide280CertificationsFederal Communications Commission (FCC) Interference StatementThe device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:• This device may not cause harmful interference.• This device must accept any interference received, including interference that may cause undesired operations.This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:1Reorient or relocate the receiving antenna.2Increase the separation between the equipment and the receiver.3Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.4Consult the dealer or an experienced radio/TV technician for help.FCC Radiation Exposure Statement•This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.• To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons. 注意 !依據低功率電波輻射性電機管理辦法第十二條經型式認證合格之低功率射頻電機，非經許可，公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。

Appendix H Legal InformationUser’s Guide 281第十四條低功率射頻電機之使用不得影響飛航安全及干擾合法通信；經發現有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用。前項合法通信，指依電信規定作業之無線電信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。減少電磁波影響，請妥適使用。Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.This Class B digital apparatus complies with Canadian ICES-003.Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.Viewing Certifications1Go to http://www.zyxel.com.2Select your product on the ZyXEL home page to go to that product's page.3Select the certification you wish to view from this page.ZyXEL Limited WarrantyZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.NoteRepair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied,

Appendix H Legal InformationUser’s Guide282including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http://www.zyxel.com/web/support_warranty_info.php.RegistrationRegister your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com.

IndexUser’s Guide 283IndexNumerics802.11 mode 68AAAA 78–79AbS 114access point, See AP 59accounting serversee AAAACK message 121activity 78Advanced Encryption Standardsee AESAES 189alternative subnet mask notation 232analysis-by-synthesis 114AP (Access Point) 59authentication 78, 80, 187inner 190keyserver 78types 190authentication type 60open system 61shared key 61authorization 187request and reply 189server 78Bbase stationsee BSBS 77–78links 78BYE request 121CCA 145callEurope type service mode 133hold 133–135service mode 133–134transfer 134–135waiting 133–135CBC-MAC 189CCMP 187, 189cell 77certificates 145, 187importing 146verification 189certificationauthority, see CAnotices 281requests 145viewing 281chaining 189chaining message authenticationsee CCMPchannel ID 64circuit-switched telephone networks 109Class of Service (CoS) 124client-serverprotocol 122SIP 122CMACsee MACcodec 113comfort noise 127copyright 279CoS 124counter modesee CCMPcoverage area 77cryptography 187

IndexUser’s Guide284Ddata 187–189decryption 187encryption 187flow 189DHCP 32, 46, 100client 100server 32, 46diameter 79Differentiated Servicessee DiffServDiffServ 124DiffServ Code Point (DSCP) 124marking rule 125digital ID 187DL frequency 86domain name 100download frequencysee DL frequencyDS field 125DSCPsee DiffServdynamic DNS 100Dynamic Host Configuration Protocolsee DHCPEEAP 79echo cancellation 127encryption 187–189traffic 189encryption type 60Ethernetencapsulation 91Europe type call service mode 133Extensible Authorization Protocolsee EAPFFCC interference statement 280flash key 132flashing 132fragmentation threshold 68frequencyband 87ranges 86scanning 87FTP 100, 150restrictions 150GG.168 127G.711 113G.729 114Hhide SSID 64hybrid waveform codec 114IIANA 238identity 78, 187idle timeout 150IEEE 802.11b 68IEEE 802.11g 68IEEE 802.16 77, 187IEEE 802.16e 77IEEE 802.1Q VLAN 120importing a certificate 146inner authentication 190Internetaccess 79Internet Assigned Numbers Authoritysee IANA 238Internet Telephony Service Providersee ITSPinteroperability 77IP-PBX 109

IndexUser’s Guide 285ITSP 109ITU-T 127Kkey 80, 187request and reply 189Llistening port 117MMAC 189MAC address filter 62action 70MAC filter 69MAN 77Management Information Base (MIB) 154manual site survey 86Message Authentication Codesee MACmessage integrity 189message waiting indication 114Metropolitan Area Networksee MANmicrowave 77, 78mobile stationsee MSMS 78multimedia 110MWI 114NNAT 112, 237and remote management 150routers 112server sets 91networkactivity 78services 78OOK response 121outbound proxy 113, 124server 113SIP 113Ppattern-spotting 189PBX services 109PCM 113peer-to-peer calls 137per-hop behavior 125PHB (per-hop behavior) 125phoneservices 128PKMv2 79, 80, 187, 190plain text encryption 189preamble 68Privacy Key Managementsee PKMprivate key 187product registration 282proxy serverSIP 122public certificate 189public key 80, 187public-private key pairs 145pulse code modulation 113RRADIUS 78, 79, 188Message Types 188Messages 188Shared Secret Key 188

IndexUser’s Guide286Real-time Transport Protocolsee RTPredirect serverSIP 123register serverSIP 110registrationproduct 282related documentation 3remote management and NAT 150remote management limitations 150required bandwidth 114RFC 1889 110RFC 3489 113RFC 3842 114RTP 110RTS/CTS threshold 68Ssafety warnings 7secure communication 80, 187secure connection 79security 187security association 189see SAserveroutbound proxy 113service set 64Service Set IDentification, see SSIDservices 78Session Initiation Protocolsee SIPsilence suppression 127silent packets 127SIP 109account 110ACK message 121ALG 124BYE request 121call progression 121client 122client server 122identities 110INVITE request 121number 110OK response 121outbound proxy 113proxy server 122redirect server 123register server 110servers 122service domain 110URI 110user agent 122SNMP 150manager 154sound quality 113speed dial 137SS 77, 78SSID 64STUN 113, 124subnet 229mask 230subnetting 232subscriber stationsee SSsupplementary phone services 128syntax conventions 5system timeout 150TtamperingTCP/IP configuration 32, 46TEK 189TFTP restrictions 150three-way conference 134, 135TLS 80, 187transport encryption keysee TEKtransport layer securitysee TLStrigger port forwardingprocess 96TTLS 80, 187, 190tunneled TLSsee TTLS

IndexUser’s Guide 287Uunauthorized device 187uniform resource identifier 110USA type call service mode 134use NAT 124use NAT feature 110user agent, SIP 122user authentication 187user name 101VVAD 127verification 189virtual local area networksee VLANVLAN 119group 120ID tags 120tags 120VLAN ID 120voiceactivity detection 127coding 113mail 109Voice over IPsee VoIPVoIP 109Wwaveform codec 113WiMAX 77–78security 189WiMAX Forum 77wireless client 59Wireless Interoperability for Microwave Accesssee WiMAXwireless LANchannel 64MAC address filter 62Wireless Metropolitan Area Networksee MANwireless networkaccess 77example 59overview 59standard 77wireless security 187WLAN 59802.11 mode 68channel 64fragmentation threshold 68hide SSID 64IEEE 802.11b 68IEEE 802.11g 68preamble 68RTS/CTS threshold 68see also wireless.WPA-PSK 66WPA-PSK 66

IndexUser’s Guide288