ZyXEL Communications MAX207HW2 WiMAX MIMO 2.5GHz Indoor Multiple-user CPE User Manual Quick Start Guide
ZyXEL Communications Corporation WiMAX MIMO 2.5GHz Indoor Multiple-user CPE Quick Start Guide
Contents
- 1. Manual 1
- 2. Manual 2
- 3. Manual 3
Manual 3
Appendix D IP Addresses and Subnetting
User’s Guide
232
Notation
Since the mask is always a continuous number of ones beginning from the left,
followed by a continuous number of zeros for the remainder of the 32 bit mask,
you can simply specify the number of ones instead of writing the value of each
octet. This is usually specified by writing a “/” followed by the number of bits in
the mask after the address.
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask
255.255.255.128.
The following table shows some possible subnet masks using both notations.
Subnetting
You can use subnetting to divide one network into multiple sub-networks. In the
following example a network administrator creates two sub-networks to isolate a
group of servers from the rest of the company network for security reasons.
In this example, the company network address is 192.168.1.0. The first three
octets of the address (192.168.1) are the network number, and the remaining
octet is the host ID, allowing a maximum of 28 – 2 or 254 possible hosts.
Table 74 Alternative Subnet Mask Notation
SUBNET MASK ALTERNATIVE
NOTATION LAST OCTET
(BINARY) LAST OCTET
(DECIMAL)
255.255.255.0 /24 0000 0000 0
255.255.255.128 /25 1000 0000 128
255.255.255.192 /26 1100 0000 192
255.255.255.224 /27 1110 0000 224
255.255.255.240 /28 1111 0000 240
255.255.255.248 /29 1111 1000 248
255.255.255.252 /30 1111 1100 252
Appendix D IP Addresses and Subnetting
User’s Guide 233
The following figure shows the company network before subnetting.
Figure 119 Subnetting Example: Before Subnetting
You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into
two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or
/25).
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two
subnets; 192.168.1.0 /25 and 192.168.100.128 /25.
Appendix D IP Addresses and Subnetting
User’s Guide
234
The following figure shows the company network after subnetting. There are now
two sub-networks, A and B.
Figure 120 Subnetting Example: After Subnetting
In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of
27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself,
all ones is the subnet’s broadcast address).
192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.100.127
with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP
address that can be assigned to an actual host for subnet A is 192.168.100.1 and
the highest is 192.168.100.126.
Similarly, the host ID range for subnet B is 192.168.100.129 to 192.168.1.254.
Example: Four Subnets
The previous example illustrated using a 25-bit subnet mask to divide a 24-bit
address into two subnets. Similarly, to divide a 24-bit address into four subnets,
you need to “borrow” two host ID bits to give four possible combinations (00, 01,
10 and 11). The subnet mask is 26 bits
(11111111.11111111.11111111.11000000) or 255.255.255.192.
Appendix D IP Addresses and Subnetting
User’s Guide 235
Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a
host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast
address).
Table 75 Subnet 1
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address (Decimal) 192.168.1. 0
IP Address (Binary) 11000000.10101000.00000001. 00000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.0 Lowest Host ID: 192.168.100.1
Broadcast Address:
192.168.1.63 Highest Host ID: 192.168.1.62
Table 76 Subnet 2
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 64
IP Address (Binary) 11000000.10101000.00000001. 01000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.64 Lowest Host ID: 192.168.1.65
Broadcast Address:
192.168.100.127 Highest Host ID: 192.168.100.126
Table 77 Subnet 3
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 128
IP Address (Binary) 11000000.10101000.00000001. 10000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.100.128 Lowest Host ID: 192.168.100.129
Broadcast Address:
192.168.100.191 Highest Host ID: 192.168.100.190
Table 78 Subnet 4
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 192
IP Address (Binary) 11000000.10101000.00000001. 11000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.100.192 Lowest Host ID: 192.168.100.193
Broadcast Address:
192.168.1.255 Highest Host ID: 192.168.1.254
Appendix D IP Addresses and Subnetting
User’s Guide
236
Example: Eight Subnets
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100,
101, 110 and 111).
The following table shows IP address last octet values for each subnet.
Subnet Planning
The following table is a summary for subnet planning on a network with a 24-bit
network number.
The following table is a summary for subnet planning on a network with a 16-bit
network number.
Table 79 Eight Subnets
SUBNET SUBNET
ADDRESS FIRST ADDRESS LAST
ADDRESS BROADCAST
ADDRESS
1 0 1 30 31
232 33 62 63
364 65 94 95
496 97 126 127
5128 129 158 159
6160 161 190 191
7192 193 222 223
8224 225 254 255
Table 80 24-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER
SUBNET
1255.255.255.128 (/25) 2126
2255.255.255.192 (/26) 462
3255.255.255.224 (/27) 830
4255.255.255.240 (/28) 16 14
5255.255.255.248 (/29) 32 6
6255.255.255.252 (/30) 64 2
7255.255.255.254 (/31) 128 1
Table 81 16-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER
SUBNET
1255.255.128.0 (/17) 232766
2255.255.192.0 (/18) 416382
Appendix D IP Addresses and Subnetting
User’s Guide 237
Configuring IP Addresses
Where you obtain your network number depends on your particular situation. If
the ISP or your network administrator assigns you a block of registered IP
addresses, follow their instructions in selecting the IP addresses and the subnet
mask.
If the ISP did not explicitly give you an IP network number, then most likely you
have a single user account and the ISP will assign you a dynamic IP address when
the connection is established. If this is the case, it is recommended that you select
a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned
Number Authority (IANA) reserved this block of addresses specifically for private
use; please do not use any other number unless you are told otherwise. You must
also enable Network Address Translation (NAT) on the WiMAX Modem.
Once you have decided on the network number, pick an IP address for your WiMAX
Modem that is easy to remember (for instance, 192.168.100.1) but make sure
that no other device on your network is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your
WiMAX Modem will compute the subnet mask automatically based on the IP
address that you entered. You don't need to change the subnet mask computed by
the WiMAX Modem unless you are instructed to do otherwise.
3255.255.224.0 (/19) 88190
4255.255.240.0 (/20) 16 4094
5255.255.248.0 (/21) 32 2046
6255.255.252.0 (/22) 64 1022
7255.255.254.0 (/23) 128 510
8255.255.255.0 (/24) 256 254
9255.255.255.128 (/25) 512 126
10 255.255.255.192 (/26) 1024 62
11 255.255.255.224 (/27) 2048 30
12 255.255.255.240 (/28) 4096 14
13 255.255.255.248 (/29) 8192 6
14 255.255.255.252 (/30) 16384 2
15 255.255.255.254 (/31) 32768 1
Table 81 16-bit Network Number Subnet Planning (continued)
NO. “BORROWED”
HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER
SUBNET
Appendix D IP Addresses and Subnetting
User’s Guide
238
Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are
isolated from the Internet (running only between two branch offices, for example)
you can assign any IP addresses to the hosts without problems. However, the
Internet Assigned Numbers Authority (IANA) has reserved the following three
blocks of IP addresses specifically for private networks:
• 10.0.0.0 — 10.255.255.255
• 172.16.0.0 — 172.31.255.255
• 192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP, or it can be assigned
from a private network. If you belong to a small organization and your Internet
access is through an ISP, the ISP can provide you with the Internet addresses for
your local networks. On the other hand, if you are part of a much larger
organization, you should consult your network administrator for the appropriate IP
addresses.
Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address assignment,
please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466,
Guidelines for Management of IP Address Space.
IP Address Conflicts
Each device on a network must have a unique IP address. Devices with duplicate
IP addresses on the same network will not be able to access the Internet or other
resources. The devices may also be unreachable through the network.
Conflicting Computer IP Addresses Example
More than one device can not use the same IP address. In the following example
computer A has a static (or fixed) IP address that is the same as the IP address
that a DHCP server assigns to computer B which is a DHCP client. Neither can
access the Internet. This problem can be solved by assigning a different static IP
Appendix D IP Addresses and Subnetting
User’s Guide 239
address to computer A or setting computer A to obtain an IP address
automatically.
Figure 121 Conflicting Computer IP Addresses Example
Conflicting Router IP Addresses Example
Since a router connects different networks, it must have interfaces using different
network numbers. For example, if a router is set between a LAN and the Internet
(WAN), the router’s LAN and WAN addresses must be on different subnets. In the
following example, the LAN and WAN are on the same subnet. The LAN computers
cannot access the Internet because the router cannot route between networks.
Figure 122 Conflicting Computer IP Addresses Example
Conflicting Computer and Router IP Addresses Example
More than one device can not use the same IP address. In the following example,
the computer and the router’s LAN port both use 192.168.100.1 as the IP address.
Appendix D IP Addresses and Subnetting
User’s Guide
240
The computer cannot access the Internet. This problem can be solved by
assigning a different IP address to the computer or the router’s LAN port.
Figure 123 Conflicting Computer and Router IP Addresses Example
User’s Guide 241
APPENDIX E
Importing Certificates
This appendix shows you how to import public key certificates into your web
browser.
Public key certificates are used by web browsers to ensure that a secure web site
is legitimate. When a certificate authority such as VeriSign, Comodo, or Network
Solutions, to name a few, receives a certificate request from a website operator,
they confirm that the web domain and contact information in the request match
those on public record with a domain name registrar. If they match, then the
certificate is issued to the website operator, who then places it on the site to be
issued to all visiting web browsers to let them know that the site is legitimate.
Many ZyXEL products, such as the NSA-2401, issue their own public key
certificates. These can be used by web browsers on a LAN or WAN to verify that
they are in fact connecting to the legitimate device and not one masquerading as
it. However, because the certificates were not issued by one of the several
organizations officially recognized by the most common web browsers, you will
need to import the ZyXEL-created certificate into your web browser and flag that
certificate as a trusted authority.
Note: You can see if you are browsing on a secure website if the URL in your web
browser’s address bar begins with https:// or there is a sealed padlock
icon ( ) somewhere in the main browser window (not all browsers show the
padlock in the same location.)
In this appendix, you can import a public key certificate for:
• Internet Explorer on page 242
•Firefox on page 252
•Opera on page 258
• Konqueror on page 266
Appendix E Importing Certificates
User’s Guide
242
Internet Explorer
The following example uses Microsoft Internet Explorer 7 on Windows XP
Professional; however, they can also apply to Internet Explorer on Windows Vista.
1If your device’s web configurator is set to use SSL certification, then the first time
you browse to it you are presented with a certification error.
Figure 124 Internet Explorer 7: Certification Error
2Click Continue to this website (not recommended).
Figure 125 Internet Explorer 7: Certification Error
Appendix E Importing Certificates
User’s Guide 243
3In the Address Bar, click Certificate Error > View certificates.
Figure 126 Internet Explorer 7: Certificate Error
4In the Certificate dialog box, click Install Certificate.
Figure 127 Internet Explorer 7: Certificate
Appendix E Importing Certificates
User’s Guide
244
5In the Certificate Import Wizard, click Next.
Figure 128 Internet Explorer 7: Certificate Import Wizard
6If you want Internet Explorer to Automatically select certificate store based
on the type of certificate, click Next again and then go to step 9.
Figure 129 Internet Explorer 7: Certificate Import Wizard
Appendix E Importing Certificates
User’s Guide 245
7Otherwise, select Place all certificates in the following store and then click
Browse.
Figure 130 Internet Explorer 7: Certificate Import Wizard
8In the Select Certificate Store dialog box, choose a location in which to save the
certificate and then click OK.
Figure 131 Internet Explorer 7: Select Certificate Store
Appendix E Importing Certificates
User’s Guide
246
9In the Completing the Certificate Import Wizard screen, click Finish.
Figure 132 Internet Explorer 7: Certificate Import Wizard
10 If you are presented with another Security Warning, click Yes.
Figure 133 Internet Explorer 7: Security Warning
Appendix E Importing Certificates
User’s Guide 247
11 Finally, click OK when presented with the successful certificate installation
message.
Figure 134 Internet Explorer 7: Certificate Import Wizard
12 The next time you start Internet Explorer and go to a ZyXEL web configurator
page, a sealed padlock icon appears in the address bar. Click it to view the page’s
Website Identification information.
Figure 135 Internet Explorer 7: Website Identification
Appendix E Importing Certificates
User’s Guide
248
Installing a Stand-Alone Certificate File in Internet Explorer
Rather than browsing to a ZyXEL web configurator and installing a public key
certificate when prompted, you can install a stand-alone certificate file if one has
been issued to you.
1Double-click the public key certificate file.
Figure 136 Internet Explorer 7: Public Key Certificate File
2In the security warning dialog box, click Open.
Figure 137 Internet Explorer 7: Open File - Security Warning
3Refer to steps 4-12 in the Internet Explorer procedure beginning on page 242 to
complete the installation process.
Appendix E Importing Certificates
User’s Guide 249
Removing a Certificate in Internet Explorer
This section shows you how to remove a public key certificate in Internet Explorer
7.
1Open Internet Explorer and click TOOLS > Internet Options.
Figure 138 Internet Explorer 7: Tools Menu
2In the Internet Options dialog box, click Content > Certificates.
Figure 139 Internet Explorer 7: Internet Options
Appendix E Importing Certificates
User’s Guide
250
3In the Certificates dialog box, click the Trusted Root Certificates Authorities
tab, select the certificate that you want to delete, and then click Remove.
Figure 140 Internet Explorer 7: Certificates
4In the Certificates confirmation, click Yes.
Figure 141 Internet Explorer 7: Certificates
5In the Root Certificate Store dialog box, click Yes.
Figure 142 Internet Explorer 7: Root Certificate Store
Appendix E Importing Certificates
User’s Guide 251
6The next time you go to the web site that issued the public key certificate you just
removed, a certification error appears.
Appendix E Importing Certificates
User’s Guide
252
Firefox
The following example uses Mozilla Firefox 2 on Windows XP Professional;
however, the screens can also apply to Firefox 2 on all platforms.
1If your device’s web configurator is set to use SSL certification, then the first time
you browse to it you are presented with a certification error.
2Select Accept this certificate permanently and click OK.
Figure 143 Firefox 2: Website Certified by an Unknown Authority
Appendix E Importing Certificates
User’s Guide 253
3The certificate is stored and you can now connect securely to the web configurator.
A sealed padlock appears in the address bar, which you can click to open the Page
Info > Security window to view the web page’s security information.
Figure 144 Firefox 2: Page Info
Appendix E Importing Certificates
User’s Guide
254
Installing a Stand-Alone Certificate File in Firefox
Rather than browsing to a ZyXEL web configurator and installing a public key
certificate when prompted, you can install a stand-alone certificate file if one has
been issued to you.
1Open Firefox and click TOOLS > Options.
Figure 145 Firefox 2: Tools Menu
2In the Options dialog box, click ADVANCED > Encryption > View Certificates.
Figure 146 Firefox 2: Options
Appendix E Importing Certificates
User’s Guide 255
3In the Certificate Manager dialog box, click Web Sites > Import.
Figure 147 Firefox 2: Certificate Manager
4Use the Select File dialog box to locate the certificate and then click Open.
Figure 148 Firefox 2: Select File
5The next time you visit the web site, click the padlock in the address bar to open
the Page Info > Security window to see the web page’s security information.
Appendix E Importing Certificates
User’s Guide
256
Removing a Certificate in Firefox
This section shows you how to remove a public key certificate in Firefox 2.
1Open Firefox and click TOOLS > Options.
Figure 149 Firefox 2: Tools Menu
2In the Options dialog box, click ADVANCED > Encryption > View Certificates.
Figure 150 Firefox 2: Options
Appendix E Importing Certificates
User’s Guide 257
3In the Certificate Manager dialog box, select the Web Sites tab, select the
certificate that you want to remove, and then click Delete.
Figure 151 Firefox 2: Certificate Manager
4In the Delete Web Site Certificates dialog box, click OK.
Figure 152 Firefox 2: Delete Web Site Certificates
5The next time you go to the web site that issued the public key certificate you just
removed, a certification error appears.
Appendix E Importing Certificates
User’s Guide
258
Opera
The following example uses Opera 9 on Windows XP Professional; however, the
screens can apply to Opera 9 on all platforms.
1If your device’s web configurator is set to use SSL certification, then the first time
you browse to it you are presented with a certification error.
2Click Install to accept the certificate.
Figure 153 Opera 9: Certificate signer not found
Appendix E Importing Certificates
User’s Guide 259
3The next time you visit the web site, click the padlock in the address bar to open
the Security information window to view the web page’s security details.
Figure 154 Opera 9: Security information
Appendix E Importing Certificates
User’s Guide
260
Installing a Stand-Alone Certificate File in Opera
Rather than browsing to a ZyXEL web configurator and installing a public key
certificate when prompted, you can install a stand-alone certificate file if one has
been issued to you.
1Open Opera and click TOOLS > Preferences.
Figure 155 Opera 9: Tools Menu
Appendix E Importing Certificates
User’s Guide 261
2In Preferences, click ADVANCED > Security > Manage certificates.
Figure 156 Opera 9: Preferences
Appendix E Importing Certificates
User’s Guide
262
3In the Certificates Manager, click Authorities > Import.
Figure 157 Opera 9: Certificate manager
4Use the Import certificate dialog box to locate the certificate and then click
Open.
Figure 158 Opera 9: Import certificate
Appendix E Importing Certificates
User’s Guide 263
5In the Install authority certificate dialog box, click Install.
Figure 159 Opera 9: Install authority certificate
6Next, click OK.
Figure 160 Opera 9: Install authority certificate
7The next time you visit the web site, click the padlock in the address bar to open
the Security information window to view the web page’s security details.
Appendix E Importing Certificates
User’s Guide
264
Removing a Certificate in Opera
This section shows you how to remove a public key certificate in Opera 9.
1Open Opera and click TOOLS > Preferences.
Figure 161 Opera 9: Tools Menu
2In Preferences, ADVANCED > Security > Manage certificates.
Figure 162 Opera 9: Preferences
Appendix E Importing Certificates
User’s Guide 265
3In the Certificates manager, select the Authorities tab, select the certificate
that you want to remove, and then click Delete.
Figure 163 Opera 9: Certificate manager
4The next time you go to the web site that issued the public key certificate you just
removed, a certification error appears.
Note: There is no confirmation when you delete a certificate authority, so be
absolutely certain that you want to go through with it before clicking the button.
Appendix E Importing Certificates
User’s Guide
266
Konqueror
The following example uses Konqueror 3.5 on openSUSE 10.3, however the
screens apply to Konqueror 3.5 on all Linux KDE distributions.
1If your device’s web configurator is set to use SSL certification, then the first time
you browse to it you are presented with a certification error.
2Click Continue.
Figure 164 Konqueror 3.5: Server Authentication
3Click Forever when prompted to accept the certificate.
Figure 165 Konqueror 3.5: Server Authentication
Appendix E Importing Certificates
User’s Guide 267
4Click the padlock in the address bar to open the KDE SSL Information window
and view the web page’s security details.
Figure 166 Konqueror 3.5: KDE SSL Information
Appendix E Importing Certificates
User’s Guide
268
Installing a Stand-Alone Certificate File in Konqueror
Rather than browsing to a ZyXEL web configurator and installing a public key
certificate when prompted, you can install a stand-alone certificate file if one has
been issued to you.
1Double-click the public key certificate file.
Figure 167 Konqueror 3.5: Public Key Certificate File
2In the Certificate Import Result - Kleopatra dialog box, click OK.
Figure 168 Konqueror 3.5: Certificate Import Result
The public key certificate appears in the KDE certificate manager, Kleopatra.
Figure 169 Konqueror 3.5: Kleopatra
Appendix E Importing Certificates
User’s Guide 269
3The next time you visit the web site, click the padlock in the address bar to open
the KDE SSL Information window to view the web page’s security details.
Appendix E Importing Certificates
User’s Guide
270
Removing a Certificate in Konqueror
This section shows you how to remove a public key certificate in Konqueror 3.5.
1Open Konqueror and click Settings > Configure Konqueror.
Figure 170 Konqueror 3.5: Settings Menu
2In the Configure dialog box, select Crypto.
3On the Peer SSL Certificates tab, select the certificate you want to delete and
then click Remove.
Figure 171 Konqueror 3.5: Configure
4The next time you go to the web site that issued the public key certificate you just
removed, a certification error appears.
Appendix E Importing Certificates
User’s Guide 271
Note: There is no confirmation when you remove a certificate authority, so be
absolutely certain you want to go through with it before clicking the button.
Appendix E Importing Certificates
User’s Guide
272
User’s Guide 273
APPENDIX F
SIP Passthrough
Enabling/Disabling the SIP ALG
You can turn off the WiMAX Modem SIP ALG to avoid retranslating the IP address
of an existing SIP device that is using STUN. If you want to use STUN with a SIP
client device (a SIP phone or IP phone for example) behind the WiMAX Modem,
use the ip alg disable ALG_SIP command to turn off the SIP ALG.
Signaling Session Timeout
Most SIP clients have an “expire” mechanism indicating the lifetime of signaling
sessions. The SIP UA sends registration packets to the SIP server periodically and
keeps the session alive in the WiMAX Modem.
If the SIP client does not have this mechanism and makes no call during the
WiMAX Modem SIP timeout default (60 minutes), the WiMAX Modem SIP ALG
drops any incoming calls after the timeout period. You can use the ip alg
siptimeout command to change the timeout value.
Audio Session Timeout
If no voice packets go through the SIP ALG before the timeout period default (5
minutes) expires, the SIP ALG does not drop the call but blocks all voice traffic and
deletes the audio session. You cannot hear anything and you will need to make a
new call to continue your conversation.
Appendix F SIP Passthrough
User’s Guide
274
User’s Guide 275
APPENDIX G
Common Services
The following table lists some commonly-used services and their associated
protocols and port numbers. For a comprehensive list of port numbers, ICMP type/
code numbers and services, visit the IANA (Internet Assigned Number Authority)
web site.
•Name: This is a short, descriptive name for the service. You can use this one or
create a different one, if you like.
•Protocol: This is the type of IP protocol used by the service. If this is TCP/
UDP, then the service uses the same port number with TCP and UDP. If this is
USER-DEFINED, the Port(s) is the IP protocol number, not the port number.
•Port(s): This value depends on the Protocol. Please refer to RFC 1700 for
further information about port numbers.
•If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.
•If the Protocol is USER, this is the IP protocol number.
•Description: This is a brief explanation of the applications that use this service
or the situations in which this service is used.
Table 82 Commonly Used Services
NAME PROTOCOL PORT(S) DESCRIPTION
AH
(IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication
Header) tunneling protocol uses this
service.
AIM/New-ICQ TCP 5190 AOL’s Internet Messenger service. It
is also used as a listening port by
ICQ.
AUTH TCP 113 Authentication protocol used by some
servers.
BGP TCP 179 Border Gateway Protocol.
BOOTP_CLIENT UDP 68 DHCP Client.
BOOTP_SERVER UDP 67 DHCP Server.
CU-SEEME TCP
UDP
7648
24032
A popular videoconferencing solution
from White Pines Software.
DNS TCP/UDP 53 Domain Name Server, a service that
matches web names (for example
www.zyxel.com) to IP numbers.
Appendix G Common Services
User’s Guide
276
ESP
(IPSEC_TUNNEL) User-Defined 50 The IPSEC ESP (Encapsulation
Security Protocol) tunneling protocol
uses this service.
FINGER TCP 79 Finger is a UNIX or Internet related
command that can be used to find out
if a user is logged on.
FTP TCP
TCP
20
21
File Transfer Program, a program to
enable fast transfer of files, including
large files that may not be possible by
e-mail.
H.323 TCP 1720 NetMeeting uses this protocol.
HTTP TCP 80 Hyper Text Transfer Protocol - a
client/server protocol for the world
wide web.
HTTPS TCP 443 HTTPS is a secured http session often
used in e-commerce.
ICMP User-Defined 1Internet Control Message Protocol is
often used for diagnostic or routing
purposes.
ICQ UDP 4000 This is a popular Internet chat
program.
IGMP
(MULTICAST) User-Defined 2Internet Group Management Protocol
is used when sending packets to a
specific group of hosts.
IKE UDP 500 The Internet Key Exchange algorithm
is used for key distribution and
management.
IRC TCP/UDP 6667 This is another popular Internet chat
program.
MSN Messenger TCP 1863 Microsoft Networks’ messenger
service uses this protocol.
NEW-ICQ TCP 5190 An Internet chat program.
NEWS TCP 144 A protocol for news groups.
NFS UDP 2049 Network File System - NFS is a client/
server distributed file service that
provides transparent file sharing for
network environments.
NNTP TCP 119 Network News Transport Protocol is
the delivery mechanism for the
USENET newsgroup service.
PING User-Defined 1Packet INternet Groper is a protocol
that sends out ICMP echo requests to
test whether or not a remote host is
reachable.
POP3 TCP 110 Post Office Protocol version 3 lets a
client computer get e-mail from a
POP3 server through a temporary
connection (TCP/IP or other).
Table 82 Commonly Used Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
Appendix G Common Services
User’s Guide 277
PPTP TCP 1723 Point-to-Point Tunneling Protocol
enables secure transfer of data over
public networks. This is the control
channel.
PPTP_TUNNEL
(GRE) User-Defined 47 PPTP (Point-to-Point Tunneling
Protocol) enables secure transfer of
data over public networks. This is the
data channel.
RCMD TCP 512 Remote Command Service.
REAL_AUDIO TCP 7070 A streaming audio service that
enables real time sound over the web.
REXEC TCP 514 Remote Execution Daemon.
RLOGIN TCP 513 Remote Login.
RTELNET TCP 107 Remote Telnet.
RTSP TCP/UDP 554 The Real Time Streaming (media
control) Protocol (RTSP) is a remote
control for multimedia on the
Internet.
SFTP TCP 115 Simple File Transfer Protocol.
SMTP TCP 25 Simple Mail Transfer Protocol is the
message-exchange standard for the
Internet. SMTP enables you to move
messages from one e-mail server to
another.
SNMP TCP/UDP 161 Simple Network Management
Program.
SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP
(RFC:1215).
SQL-NET TCP 1521 Structured Query Language is an
interface to access data on many
different types of database systems,
including mainframes, midrange
systems, UNIX systems and network
servers.
SSH TCP/UDP 22 Secure Shell Remote Login Program.
STRM WORKS UDP 1558 Stream Works Protocol.
SYSLOG UDP 514 Syslog allows you to send system logs
to a UNIX server.
TACACS UDP 49 Login Host Protocol used for (Terminal
Access Controller Access Control
System).
TELNET TCP 23 Telnet is the login and terminal
emulation protocol common on the
Internet and in UNIX environments. It
operates over TCP/IP networks. Its
primary function is to allow users to
log into remote host systems.
Table 82 Commonly Used Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
Appendix G Common Services
User’s Guide
278
TFTP UDP 69 Trivial File Transfer Protocol is an
Internet file transfer protocol similar
to FTP, but uses the UDP (User
Datagram Protocol) rather than TCP
(Transmission Control Protocol).
VDOLIVE TCP 7000 Another videoconferencing solution.
Table 82 Commonly Used Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
User’s Guide 279
APPENDIX H
Legal Information
Copyright
Copyright © 2009 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole,
transcribed, stored in a retrieval system, translated into any language, or
transmitted in any form or by any means, electronic, mechanical, magnetic,
optical, chemical, photocopying, manual, or otherwise, without the prior written
permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimers
ZyXEL does not assume any liability arising out of the application or use of any
products, or software described herein. Neither does it convey any license under
its patent rights nor the patent rights of others. ZyXEL further reserves the right
to make changes in any products described herein without notice. This publication
is subject to change without notice.
Your use of the WiMAX Modem is subject to the terms and conditions of any
related service providers.
Do not use the WiMAX Modem for illegal purposes. Illegal downloading or sharing
of files can result in severe civil and criminal penalties. You are subject to the
restrictions of copyright laws and any other applicable laws, and will bear the
consequences of any infringements thereof. ZyXEL bears NO responsibility or
liability for your use of the download service feature.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only
and may be properties of their respective owners.
Appendix H Legal Information
User’s Guide
280
Certifications
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the
following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that
may cause undesired operations.
This device has been tested and found to comply with the limits for a Class B
digital device pursuant to Part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a residential
installation. This device generates, uses, and can radiate radio frequency energy,
and if not installed and used in accordance with the instructions, may cause
harmful interference to radio communications. However, there is no guarantee
that interference will not occur in a particular installation.
If this device does cause harmful interference to radio/television reception, which
can be determined by turning the device off and on, the user is encouraged to try
to correct the interference by one or more of the following measures:
1Reorient or relocate the receiving antenna.
2Increase the separation between the equipment and the receiver.
3Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.
4Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement
•This transmitter must not be co-located or operating in conjunction
with any other antenna or transmitter.
• To comply with FCC RF exposure compliance requirements, a separation
distance of at least 20 cm must be maintained between the antenna of this
device and all persons.
注意 !
依據 低功率電波輻射性電機管理辦法
第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用
者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。
Appendix H Legal Information
User’s Guide 281
第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現
有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。
前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍
受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。
減少電磁波影響,請妥適使用。
Notices
Changes or modifications not expressly approved by the party responsible for
compliance could void the user's authority to operate the equipment.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du
Canada.
Viewing Certifications
1Go to http://www.zyxel.com.
2Select your product on the ZyXEL home page to go to that product's page.
3Select the certification you wish to view from this page.
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from
any defects in materials or workmanship for a period of up to two years from the
date of purchase. During the warranty period, and upon proof of purchase, should
the product have indications of failure due to faulty workmanship and/or
materials, ZyXEL will, at its discretion, repair or replace the defective products or
components without charge for either parts or labor, and to whatever extent it
shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally
equivalent product of equal or higher value, and will be solely at the discretion of
ZyXEL. This warranty shall not apply if the product has been modified, misused,
tampered with, damaged by an act of God, or subjected to abnormal working
conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of
the purchaser. This warranty is in lieu of all other warranties, express or implied,
Appendix H Legal Information
User’s Guide
282
including any implied warranty of merchantability or fitness for a particular use or
purpose. ZyXEL shall in no event be held liable for indirect or consequential
damages of any kind to the purchaser.
To obtain the services of this warranty, contact your vendor. You may also refer to
the warranty policy for the region in which you bought the device at http://
www.zyxel.com/web/support_warranty_info.php.
Registration
Register your product online to receive e-mail notices of firmware upgrades and
information at www.zyxel.com.
Index
User’s Guide 283
Index
Numerics
802.11 mode 68
A
AAA 78–79
AbS 114
access point, See AP 59
accounting server
see AAA
ACK message 121
activity 78
Advanced Encryption Standard
see AES
AES 189
alternative subnet mask notation 232
analysis-by-synthesis 114
AP (Access Point) 59
authentication 78, 80, 187
inner 190
key
server 78
types 190
authentication type 60
open system 61
shared key 61
authorization 187
request and reply 189
server 78
B
base station
see BS
BS 77–78
links 78
BYE request 121
C
CA 145
call
Europe type service mode 133
hold 133–135
service mode 133–134
transfer 134–135
waiting 133–135
CBC-MAC 189
CCMP 187, 189
cell 77
certificates 145, 187
importing 146
verification 189
certification
authority, see CA
notices 281
requests 145
viewing 281
chaining 189
chaining message authentication
see CCMP
channel ID 64
circuit-switched telephone networks 109
Class of Service (CoS) 124
client-server
protocol 122
SIP 122
CMAC
see MAC
codec 113
comfort noise 127
copyright 279
CoS 124
counter mode
see CCMP
coverage area 77
cryptography 187
Index
User’s Guide
284
D
data 187–189
decryption 187
encryption 187
flow 189
DHCP 32, 46, 100
client 100
server 32, 46
diameter 79
Differentiated Services
see DiffServ
DiffServ 124
DiffServ Code Point (DSCP) 124
marking rule 125
digital ID 187
DL frequency 86
domain name 100
download frequency
see DL frequency
DS field 125
DSCP
see DiffServ
dynamic DNS 100
Dynamic Host Configuration Protocol
see DHCP
E
EAP 79
echo cancellation 127
encryption 187–189
traffic 189
encryption type 60
Ethernet
encapsulation 91
Europe type call service mode 133
Extensible Authorization Protocol
see EAP
F
FCC interference statement 280
flash key 132
flashing 132
fragmentation threshold 68
frequency
band 87
ranges 86
scanning 87
FTP 100, 150
restrictions 150
G
G.168 127
G.711 113
G.729 114
H
hide SSID 64
hybrid waveform codec 114
I
IANA 238
identity 78, 187
idle timeout 150
IEEE 802.11b 68
IEEE 802.11g 68
IEEE 802.16 77, 187
IEEE 802.16e 77
IEEE 802.1Q VLAN 120
importing a certificate 146
inner authentication 190
Internet
access 79
Internet Assigned Numbers Authority
see IANA 238
Internet Telephony Service Provider
see ITSP
interoperability 77
IP-PBX 109
Index
User’s Guide 285
ITSP 109
ITU-T 127
K
key 80, 187
request and reply 189
L
listening port 117
M
MAC 189
MAC address filter 62
action 70
MAC filter 69
MAN 77
Management Information Base (MIB) 154
manual site survey 86
Message Authentication Code
see MAC
message integrity 189
message waiting indication 114
Metropolitan Area Network
see MAN
microwave 77, 78
mobile station
see MS
MS 78
multimedia 110
MWI 114
N
NAT 112, 237
and remote management 150
routers 112
server sets 91
network
activity 78
services 78
O
OK response 121
outbound proxy 113, 124
server 113
SIP 113
P
pattern-spotting 189
PBX services 109
PCM 113
peer-to-peer calls 137
per-hop behavior 125
PHB (per-hop behavior) 125
phone
services 128
PKMv2 79, 80, 187, 190
plain text encryption 189
preamble 68
Privacy Key Management
see PKM
private key 187
product registration 282
proxy server
SIP 122
public certificate 189
public key 80, 187
public-private key pairs 145
pulse code modulation 113
R
RADIUS 78, 79, 188
Message Types 188
Messages 188
Shared Secret Key 188
Index
User’s Guide
286
Real-time Transport Protocol
see RTP
redirect server
SIP 123
register server
SIP 110
registration
product 282
related documentation 3
remote management and NAT 150
remote management limitations 150
required bandwidth 114
RFC 1889 110
RFC 3489 113
RFC 3842 114
RTP 110
RTS/CTS threshold 68
S
safety warnings 7
secure communication 80, 187
secure connection 79
security 187
security association 189
see SA
server
outbound proxy 113
service set 64
Service Set IDentification, see SSID
services 78
Session Initiation Protocol
see SIP
silence suppression 127
silent packets 127
SIP 109
account 110
ACK message 121
ALG 124
BYE request 121
call progression 121
client 122
client server 122
identities 110
INVITE request 121
number 110
OK response 121
outbound proxy 113
proxy server 122
redirect server 123
register server 110
servers 122
service domain 110
URI 110
user agent 122
SNMP 150
manager 154
sound quality 113
speed dial 137
SS 77, 78
SSID 64
STUN 113, 124
subnet 229
mask 230
subnetting 232
subscriber station
see SS
supplementary phone services 128
syntax conventions 5
system timeout 150
T
tampering
TCP/IP configuration 32, 46
TEK 189
TFTP restrictions 150
three-way conference 134, 135
TLS 80, 187
transport encryption key
see TEK
transport layer security
see TLS
trigger port forwarding
process 96
TTLS 80, 187, 190
tunneled TLS
see TTLS
Index
User’s Guide 287
U
unauthorized device 187
uniform resource identifier 110
USA type call service mode 134
use NAT 124
use NAT feature 110
user agent, SIP 122
user authentication 187
user name 101
V
VAD 127
verification 189
virtual local area network
see VLAN
VLAN 119
group 120
ID tags 120
tags 120
VLAN ID 120
voice
activity detection 127
coding 113
mail 109
Voice over IP
see VoIP
VoIP 109
W
waveform codec 113
WiMAX 77–78
security 189
WiMAX Forum 77
wireless client 59
Wireless Interoperability for Microwave Access
see WiMAX
wireless LAN
channel 64
MAC address filter 62
Wireless Metropolitan Area Network
see MAN
wireless network
access 77
example 59
overview 59
standard 77
wireless security 187
WLAN 59
802.11 mode 68
channel 64
fragmentation threshold 68
hide SSID 64
IEEE 802.11b 68
IEEE 802.11g 68
preamble 68
RTS/CTS threshold 68
see also wireless.
WPA-PSK 66
WPA-PSK 66
Index
User’s Guide
288