ZyXEL Communications MAX208M WiMAX Indoor Gateway User Manual MAX208M Users guide

ZyXEL Communications Corporation WiMAX Indoor Gateway MAX208M Users guide

Contents

User Manual Part 1

www.zyxel.comwww.zyxel.comMAX208MWiMAX Indoor GatewayCopyright © 2011ZyXEL Communications CorporationSoftware Version 2.00Edition 1, 2/2011Default Login DetailsIP Address: http://192.168.1.1Admin s User Name and Password:admin / 1234Guest s User Name and Password:guest / guest
 About This User's GuideMAX208M User s Guide 3About This User's GuideIntended AudienceThis manual is intended for people who want to configure the ZyXEL WiMAX Device using the ZyXEL Web Configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.Related Documentation!Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.!Support DiscRefer to the included CD for support documents.!ZyXEL Web SitePlease refer to www.zyxel.com for additional support documentation and product certifications.Documentation FeedbackSend your comments, questions or suggestions to: techwriters@zyxel.com.twThank you!The Technical Writing Team, ZyXEL Communications Corp.Need More Help?More help is available at www.zyxel.com.
About This User's GuideMAX208M User s Guide4!Download LibrarySearch for the latest product updates and documentation from this link. Read the Tech Doc Overview to find out how to efficiently use the documentation in order to better understand how to use your product. !Knowledge BaseIf you have a specific question about your product, the answer may be here. This is a collection of answers to previously asked questions about ZyXEL products. !ForumThis contains discussions on ZyXEL products. Learn from others who use ZyXEL products and share your experiences as well.Customer SupportShould problems arise that cannot be solved by the methods listed above, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/web/contact_us.php for contact information. Please have the following information ready when you contact an office.!Product model and serial number.!Warranty Information.!Date that you received your device.!Brief description of the problem and the steps you took to solve it.
 Document ConventionsMAX208M User s Guide 5Document ConventionsWarnings and NotesThese are how warnings and notes are shown in this User s Guide. Warnings tell you about things that could harm you or your WiMAX Device.Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.Syntax Conventions!The product(s) described in this book may be referred to as the "WiMAX Device#, the "device#, the "system# or the "product# in this User s Guide.!Product labels, screen names, field labels and field choices are all in bold font.!A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the "enter# or "return# key on your keyboard.!"Enter# means for you to type one or more characters and then press the [ENTER] key. "Select# or "choose# means for you to use one of the predefined choices.!A right angle bracket ( > ) within a screen name denotes a mouse click. For example, TOOLS > Logs > Log Settings means you first click Tools in the navigation panel, then the Logs sub menu and finally the Log Settings tab to get to that screen.!Units of measurement may denote the "metric# value or the "scientific# value. For example, "k# for kilo may denote "1000# or "1024#, "M# for mega may denote "1000000# or "1048576# and so on.!"e.g.,# is a shorthand for "for instance#, and "i.e.,# means "that is# or "in other words#.
Document ConventionsMAX208M User s Guide6Icons Used in FiguresFigures in this User s Guide may use the following generic icons. The WiMAX Device icon is not an exact representation of your product.Table 1   Common IconsWiMAX Device ComputerWireless SignalNotebookServerBase StationTelephoneSwitchRouterInternet CloudNetwork Cloud
 Safety WarningsMAX208M User s Guide 7Safety WarningsFor your safety, be sure to read and follow all warning notices and instructions.!Do NOT use this product near water, for example, in a wet basement or near a swimming pool.!Do NOT expose your device to dampness, dust or corrosive liquids.!Do NOT store things on the device.!Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.!Connect ONLY suitable accessories to the device.!Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.!Make sure to connect the cables to the correct ports.!Place connecting cables carefully so that no one will step on them or stumble over them.!Always disconnect all cables from this device before servicing or disassembling.!Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).!Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug to the power adaptor first before connecting it to a power outlet.!Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.!Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.!If the power adaptor or cord is damaged, remove it from the device and the power source.!Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.!Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.Use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord.!Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s).!If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged.
Safety WarningsMAX208M User s Guide8!Make sure that the cable system is grounded so as to provide some protection against voltage surges.Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately.
 Contents OverviewMAX208M User s Guide 9Contents OverviewUser!s Guide ...........................................................................................................................15Getting Started ...........................................................................................................................17The Web Configurator ...............................................................................................................21Setup Wizard............................................................................................................................. 27Tutorials .....................................................................................................................................35Technical Reference ..............................................................................................................51System Status ............................................................................................................................53WiMAX .......................................................................................................................................57Network Settings .......................................................................................................................77Security ....................................................................................................................................107Maintenance .............................................................................................................................113Troubleshooting .......................................................................................................................139Product Specifications .............................................................................................................145
Contents OverviewMAX208M User s Guide10
 Table of ContentsMAX208M User s Guide 11Table of ContentsAbout This User's Guide..........................................................................................................3Document Conventions............................................................................................................5Safety Warnings........................................................................................................................7Contents Overview...................................................................................................................9Table of Contents....................................................................................................................11Part I: User!s Guide................................................................................15Chapter  1Getting Started........................................................................................................................171.1 About Your WiMAX Device ..................................................................................................171.1.1 WiMAX Internet Access .............................................................................................171.2 WiMAX Device Hardware ....................................................................................................181.2.1 LEDs ..........................................................................................................................181.3 Good Habits for Device Management ..................................................................................19Chapter  2The Web Configurator............................................................................................................212.1 Overview ..............................................................................................................................212.1.1 Accessing the Web Configurator ................................................................................212.1.2 The Reset Button .......................................................................................................222.1.3 Saving and Canceling Changes .................................................................................232.1.4 Working with Tables ...................................................................................................242.2 The Main Screen .................................................................................................................24Chapter  3Setup Wizard...........................................................................................................................273.1 Overview ..............................................................................................................................273.1.1 Welcome to the Setup Wizard ....................................................................................273.1.2 LAN Settings ..............................................................................................................283.1.3 WiMAX Frequency Settings .......................................................................................293.1.4 WiMAX Authentication Settings .................................................................................313.1.5 Setup Complete .........................................................................................................33
Table of ContentsMAX208M User s Guide12Chapter  4Tutorials...................................................................................................................................354.1 Overview ..............................................................................................................................354.2 WiMAX Connection Settings ...............................................................................................354.3 Configuring LAN DHCP .......................................................................................................364.4 Changing Certificate ............................................................................................................384.5 Blocking Web Access ..........................................................................................................394.6 Configuring the MAC Address Filter ....................................................................................404.7 Setting Up NAT Port Forwarding .........................................................................................424.8 Access the WiMAX Device Using DDNS .............................................................................454.8.1 Registering a DDNS Account on www.dyndns.org ....................................................454.8.2 Configuring DDNS on Your WiMAX Device ...............................................................464.8.3 Testing the DDNS Setting ..........................................................................................464.9 Configuring Static Route for Routing to Another Network ...................................................464.10 Remotely Managing Your WiMAX Device .........................................................................49Part II: Technical Reference..................................................................51Chapter  5System Status.........................................................................................................................535.1 Overview ..............................................................................................................................535.2 System Status ......................................................................................................................53Chapter  6WiMAX......................................................................................................................................576.1 Overview ..............................................................................................................................576.1.1 What You Need to Know ............................................................................................576.2 Connection Settings ............................................................................................................616.3 Frequency Settings ..............................................................................................................636.4 Authentication Settings ........................................................................................................656.5 Connect ...............................................................................................................................686.6 Wide Scan ...........................................................................................................................716.7 Link Status ...........................................................................................................................726.8 Link Statistics .......................................................................................................................746.9 Connection Info ...................................................................................................................756.10 Service Flow ......................................................................................................................75Chapter  7Network Settings.....................................................................................................................777.1 Overview ..............................................................................................................................777.1.1 What You Need to Know ............................................................................................77
 Table of ContentsMAX208M User s Guide 137.2 WAN ....................................................................................................................................827.3 PPPoE .................................................................................................................................847.4 GRE .....................................................................................................................................857.5 EtherIP .................................................................................................................................867.6 IP .........................................................................................................................................867.7 DHCP ..................................................................................................................................877.8 Static Route .........................................................................................................................887.9 RIP .......................................................................................................................................897.10 Port Forwarding .................................................................................................................907.10.1 Port Forwarding Wizard ...........................................................................................927.11 Port Trigger ........................................................................................................................937.11.1 Port Trigger Wizard ..................................................................................................947.11.2 Trigger Port Forwarding Example .............................................................................957.12 DMZ ...................................................................................................................................967.13 ALG ...................................................................................................................................977.14 UPnP .................................................................................................................................987.14.1 Installing UPnP in Windows XP ...............................................................................987.14.2 Web Configurator Easy Access .............................................................................1027.15 DDNS ..............................................................................................................................1047.16 Content Filter ...................................................................................................................105Chapter  8Security..................................................................................................................................1078.1 Overview ............................................................................................................................1078.1.1 What You Need to Know ..........................................................................................1078.2 IP Filter ..............................................................................................................................1088.3 MAC Filter ..........................................................................................................................1098.4 DDOS .................................................................................................................................110Chapter  9Maintenance..........................................................................................................................1139.1 Overview .............................................................................................................................1139.1.1 What You Need to Know ...........................................................................................1139.2 Password ...........................................................................................................................1209.3 HTTP .................................................................................................................................1219.4 Telnet .................................................................................................................................1229.5 SSH ...................................................................................................................................1229.6 SNMP ................................................................................................................................1239.7 CWMP ...............................................................................................................................1249.8 OMA-DM ............................................................................................................................1269.9 Date ...................................................................................................................................1289.10 Time Zone ........................................................................................................................1299.11 Upgrade File ....................................................................................................................129
Table of ContentsMAX208M User s Guide149.11.1 The Firmware Upload Process ...............................................................................1309.12 Upgrade Link ...................................................................................................................1319.13 CWMP Upgrade ..............................................................................................................1319.14 Backup .............................................................................................................................1329.15 Restore ............................................................................................................................1339.15.1 The Restore Configuration Process .......................................................................1339.16 Factory Defaults ..............................................................................................................1349.17 Log Setting ......................................................................................................................1349.18 Log Display ......................................................................................................................1359.19 About ...............................................................................................................................1369.20 Reboot .............................................................................................................................136Chapter  10Troubleshooting....................................................................................................................13910.1 Power, Hardware Connections, and LEDs ......................................................................13910.2 WiMAX Device Access and Login ...................................................................................14010.3 Internet Access ................................................................................................................14210.4 Reset the WiMAX Device to Its Factory Defaults ............................................................14310.5 Pop-up Windows, JavaScript and Java Permissions ......................................................144Chapter  11Product Specifications.........................................................................................................145Appendix  A  WiMAX Security................................................................................................151Appendix  B  Setting Up Your Computer s IP Address...........................................................155Appendix  C  Pop-up Windows, JavaScript and Java Permissions........................................183Appendix  D  IP Addresses and Subnetting...........................................................................193Appendix  E  Importing Certificates........................................................................................205Appendix  F  Common Services.............................................................................................237Appendix  G  Legal Information..............................................................................................241Index.......................................................................................................................................245
15PART IUser!s Guide
16
MAX208M User s Guide 17CHAPTER  1 Getting Started1.1  About Your WiMAX Device The WiMAX Device allows you to access the Internet by connecting to a WiMAX wireless network. You can configure firewall and content filtering as well as a host of other features.  The browser-based user interface -- the Web Configurator -- can be used to easily manage the device.See Chapter 11 on page 145 for a complete list of features for your model.1.1.1  WiMAX Internet AccessConnect your computer or network to the WiMAX Device for WiMAX Internet access. See the Quick Start Guide for instructions on hardware connections.In a wireless metropolitan area network (MAN), the WiMAX Device connects to a WiMAX base station (BS) for Internet access. The following diagram shows a notebook computer equipped with the WiMAX Device connecting to the Internet through a WiMAX base station (BS).Figure 1   Mobile Station and Base StationWhen the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network. Use content filtering to block access to web sites with URLs containing keywords that you specify. You can define time periods and days during which content filtering is enabled and include or exclude particular computers on your network from content filtering. For example, you could block access to certain web sites.
Chapter 1Getting StartedMAX208M User s Guide181.2  WiMAX Device HardwareFollow the instructions in the Quick Start Guide to make hardware connections.1.2.1  LEDsThe following figure shows the LEDs (lights) on the WiMAX Device.Figure 2   The WiMAX Device s LEDsThe following table describes your WiMAX Device s LEDs (from top to bottom). Table 2   The WiMAX Device LEDs behaviorLED STATE DESCRIPTIONPowerOffThe WiMAX Device is not receiving power.RedThe WiMAX Device is receiving power but has been unable to start up correctly or is not receiving enough power. See the Troubleshooting section for more information.Green Solid: The WiMAX Device is receiving power and functioning correctly.Flashing: the device is self-testing (startup)WiMAX LinkOffThe WiMAX Device is not connected to a wireless (WiMAX) network.GreenThe WiMAX Device is successfully connected to a wireless (WiMAX) network.Green (Blinking Slowly)The WiMAX Device is searching for a wireless (WiMAX) network.Green (Blinking Quickly)The WiMAX Device has found a wireless (WiMAX) network and is connecting.STRENGTHPOWER LEDWIMAXINDICATORSLINK LED
 Chapter 1Getting StartedMAX208M User s Guide 191.3  Good Habits for Device ManagementDo the following things regularly to make the WiMAX Device more secure and to manage the WiMAX Device more effectively.!Change the password. Use a password that s not easy to guess and that consists of different types of characters, such as numbers and letters.!Write down the password and put it in a safe place.!Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the WiMAX Device becomes unstable or even crashes. If you forget your password, you will have to reset the WiMAX Device to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the WiMAX Device. You could simply restore your last configuration.Signal Strength IndicatorThe Strength Indicator LEDs display the Interference-plus-Noise Ratio (CINR) of the wireless (WiMAX) connection.LEDs 1, 2, 3 onRSSI >= -69 dBmLEDs 1, 2 onRSSI: -70~-79 dBmLED 1 onRSSI: -80~-89 dBmTable 2   The WiMAX Device LEDs behaviorLED STATE DESCRIPTION
Chapter 1Getting StartedMAX208M User s Guide20
MAX208M User s Guide 21CHAPTER  2 The Web Configurator2.1  OverviewThe Web Configurator is an HTML-based management interface that allows easy device set up and management via any web browser that supports: HTML 4.0, CSS 2.0, and JavaScript 1.5, and higher. The recommended screen resolution for using the web configurator is 1024 by 768 pixels and 16-bit color, or higher.In order to use the Web Configurator you need to allow:!Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in many operating systems and web browsers.!JavaScript (enabled by default in most web browsers).!Java permissions (enabled by default in most web browsers).See the Appendix C on page 183 for more information on configuring your web browser.2.1.1  Accessing the Web Configurator1Make sure your WiMAX Device hardware is properly connected (refer to the Quick Start Guide for more information).2Launch your web browser.3Enter "192.168.1.1" as the URL.
Chapter 2The Web ConfiguratorMAX208M User s Guide224Enter the default Username and Password (see the cover page), then click Login. 5The Main screen displays. Note: For security reasons, the WiMAX Device automatically logs you out if you do not use the Web Configurator for five minutes. If this happens, log in again.2.1.2  The Reset ButtonIf you forget your password or cannot access the Web Configurator, you will need to use the Reset button to reload the factory-default configuration file. This
 Chapter 2The Web ConfiguratorMAX208M User s Guide 23means that you will lose all configurations that you had previously and the password will be reset to the default (see the cover page).2.1.2.1  Using The Reset Button1Make sure the Power light is on (not blinking).2To set the device back to the factory default settings, press the Reset button for five seconds or until all LED lights blink one time, then release it. The device restarts when the defaults have been restored. 3Reconfigure the WiMAX Device following the steps in your Quick Start Guide.2.1.3  Saving and Canceling ChangesAll screens to which you can make configuration changes must be saved before those changes can go into effect. If you make a mistake while configuring the WiMAX Device, you can cancel those changes and start over.Figure 3   Saving and Canceling ChangesThis screen contains the following fields:Note: If you make changes to a page but do not save before switching to another page or exiting the Web Configurator, those changes are disgarded.Table 3   Saving and Canceling ChangesLABEL DESCRIPTIONSaveClick this to save your changes.CancelClick this to restore the settings on this page to their last saved values.
Chapter 2The Web ConfiguratorMAX208M User s Guide242.1.4  Working with TablesMany screens in the WiMAX Device contain tables to provide information or additional configuration options.Figure 4   Tables ExampleThis screen contains the following fields:2.2  The Main ScreenWhen you first log into the Web Configurator, the Main screen appears. Here you can view a summary of your WiMAX Device s connection status. This is also the default "home# page for the Web Configurator and it contains conveniently-placed shortcuts to all of the other screens.Table 4   Saving and Canceling ChangesLABEL DESCRIPTIONItems per PageThis displays the number of items displayed per table page. Use the menu to change this value.First PageClick this to go to the first page in the table.Previous PageClick this to go to the previous page in the table.Page Indicator / Jump to PageThis indicates which page is currently displayed in the table. Use the menu to jump to another page. You can only jump to other pages if those pages exist.Next PageClick this to go to the previous page in the table.Last PageClick this to go to the last page in the table.#This indicates an item s position in the table. It has no bearing on that item s importance or lack there of.Total NumThis indicates the total number of items in the table, including items on pages that are not visible.
 Chapter 2The Web ConfiguratorMAX208M User s Guide 25Note: Some features in the Web Configurator may not be available depending on your firmware version and/or configuration.Figure 5   Main ScreenThe following table describes the icons in this screen.Table 5   Icons in the Main ScreenICON DESCRIPTIONSystem StatusClick this to open the Main screen, which shows your WiMAX Device status and other information.WiMAXClick this to open the WiMAX menu, which gives you options for configuring your WiMAX settings.Network SettingClick this to open the Network menu, which gives you options for configuring your network settings.SecurityClick this to open the Security menu, which gives you options for configuring your firewall and security settings.
Chapter 2The Web ConfiguratorMAX208M User s Guide26MaintenanceClick this to open the Maintenance menu, which gives you options for maintaining your WiMAX Device.LanguageUse this menu to select the Web Configurator s language.Setup WizardClick this to open the Setup Wizard, where you can configure the most essential settings for your WiMAX Device to work.LogoutClick this to log out of the Web Configurator.Table 5   Icons in the Main Screen (continued)ICON DESCRIPTION
MAX208M User s Guide 27CHAPTER  3 Setup Wizard3.1  OverviewThis chapter provides information on the ZyXEL Setup Wizard. The wizard guides you through several steps for onfiguring your network settings.3.1.1  Welcome to the Setup WizardThis screen provides a quick summary of the configuration tasks the wizard helps you to perform. They are:1Set up your Local Area Network (LAN) options, which determine how the devices in your home or office connect to the WiMAX Device.2Set up your WiMAX Device s broadcast frequency, which is the radio channel it uses to communicate with the ISP s base station.3Set up your WiMAX Device s login options, which are used to connect your LAN to the ISP s network and verify your account. Figure 6   Setup Wizard > Welcome
Chapter 3Setup WizardMAX208M User s Guide283.1.2  LAN SettingsThe LAN Settings screen allows you to configure your local network options.Figure 7   Setup Wizard > LAN SettingsThe following table describes the labels in this screen.Table 6   Setup Wizard > LAN SettingsLABEL DESCRIPTIONLAN TCP/IPIP AddressEnter the IP address of the WiMAX Device on the LAN.Note: This field is the IP address you use to access the WiMAX Device on the LAN. If the web configurator is running on a computer on the LAN, you lose access to it as soon as you change this field. You can access the web configurator again by typing the new IP address in the browser.IP Subnet MaskEnter the subnet mask of the LAN.DHCP ServerEnable Select this if you want the WiMAX Device to be the DHCP server on the LAN. As a DHCP server, the WiMAX Device assigns IP addresses to DHCP clients on the LAN and provides the subnet mask and DNS server information.
 Chapter 3Setup WizardMAX208M User s Guide 293.1.3  WiMAX Frequency SettingsThe WiMAX Frequency Settings screen allows you to configure the broadcast radio frequency used by the WiMAX Device.Note: These settings should be provided by your ISP.Figure 8   Setup Wizard > WiMAX Frequency SettingsStart IP Enter the IP address from which the WiMAX Device begins allocating IP addresses.End IP Enter the IP address at which the WiMAX Device stops allocating IP addresses.Lease TimeEnter the duration in minutes before the device requests a new IP address from the DHCP server.DNS Server assigned by DHCP ServerFirst DNS ServerSpecify the first IP address of three DNS servers that the network can use. The WiMAX Device provides these IP addresses to DHCP clients.Second DNS ServerSpecify the second IP address of three DNS servers that the network can use. The WiMAX Device provides these IP addresses to DHCP clients.Third DNS ServerSpecify the third IP address of three DNS servers that the network can use. The WiMAX Device provides these IP addresses to DHCP clients.Back Click to display the previous screen.Next Click to proceed to the next screen. Table 6   Setup Wizard > LAN Settings (continued)LABEL DESCRIPTION
Chapter 3Setup WizardMAX208M User s Guide30The following table describes the labels in this screen.Table 7   Setup Wizard > WiMAX Frequency SettingsLABEL DESCRIPTIONSetting TypeSelect the WiMAX frequency setting type from the list.!By Range - Select this to set up the frequency based on a range of MHz.!By List - Select this to set up the frequency on an individual MHz basis. You can add multiple MHz values to the list.StepEnter the increments in MHz by which to increase the frequency range.Note: This field only appears when you select By Range under Setting Type.Start FrequencyEnter the frequency value at the beginning of the frequency range to use. The frequency is increased in increments equal to the Step value until the End Frequency is reached, at which time the cycle starts over with the Start Frequency.Note: This field only appears when you select By Range under Setting Type.End FrequencyEnter the frequency value at the end of the frequency range to use. Note: This field only appears when you select By Range under Setting Type.BandwidthSet the frequency bandwidth in MHz that this WiMAX Device uses.#This is an index number for enumeration purposes only.Frequency (MHz)Displays the frequency MHz for the item in the list.Total NumDisplays the total number of items in the list.DeleteClick this to remove an item from the list.AddClick this to add an item to the list.OKClick this to save an newly added item to the list.#This is an index number for enumeration purposes only.Band Start (KHz)Indicates the beginning of the frequency band in KHz.Band End (KHz)Indicates the end of the frequency band in KHz.Total NumDisplays the total number of items in the list.Back Click to display the previous screen.Next Click to proceed to the next screen.
 Chapter 3Setup WizardMAX208M User s Guide 313.1.4  WiMAX Authentication SettingsThe WiMAX Authentication Settings screen allows you to configure how your WiMAX Device logs into the service provider s network.Note: These settings should be provided by your ISP.Figure 9   Setup Wizard > WiMAX Authentication SettingsThe following table describes the labels in this screen.Table 8   Setup Wizard > WiMAX Authentication SettingsLABEL DESCRIPTIONAuthenticationAuthentication ModeSelect a WiMAX authentication mode for authentication network sessions with the ISP. Options are:!No authentication!User authentication!Device authentication!User and Device authenticationEAP SupplicationEAP Mode Select an EAP authentication mode.Anonymous IdEnter your anonymous ID. Note: Some modes may not require this.
Chapter 3Setup WizardMAX208M User s Guide32Ignore Cert VerificationSelect this to ignore base station certification verification when a certificate is received during EAP-TLS or EAP-TTLS.Server Root CA Cert. FileBrowse for and choose a server root certificate file, if required.Server Root CA Cert. InfoThis field displays information about the assigned server root certificate.Device Cert. FileBrowse for and choose a device certificate file, if required.Device Cert. Info.This field displays information about the assigned device certificate.Device Private KeyBrowse for and choose a device private key, if required.Device Private KeyInfoThis field displays information about the assigned device private key.Device Private Key PasswordEnter the device private key, if required.Inner Mode Select an inner authentication mode.Note: Some modes may not require this.Username Enter your authentication username.Note: Some modes may not require this.Password Enter your authentication password.Note: Some modes may not require this.Back Click to display the previous screen.Next Click to proceed to the next screen. Table 8   Setup Wizard > WiMAX Authentication Settings (continued)LABEL DESCRIPTION
 Chapter 3Setup WizardMAX208M User s Guide 333.1.5  Setup CompleteClick Save to save the Setup Wizard settings and close it.Figure 10   Setup Wizard > Setup CompleteLaunch your web browser and navigate to www.zyxel.com. If everything was configured properly, the web page should display. You can now surf the Internet!Refer to the rest of this guide for more detailed information on the complete range of WiMAX Device features available in the more advanced web configurator. Note: If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct.
Chapter 3Setup WizardMAX208M User s Guide34
MAX208M User s Guide 35CHAPTER  4 Tutorials4.1  OverviewThis chapter shows you how to configure some of the WiMAX Device s features.Note: Be sure to read The Web Configurator on page 21 before working through the tutorials presented here. For field descriptions for individual screens, see the related technical reference in this User's Guide.This chapter includes the following configuration examples:!WiMAX Connection Settings on page 35!Configuring LAN DHCP on page 36!Changing Certificate on page 38!Blocking Web Access on page 39!Configuring the MAC Address Filter, see page40!Setting Up NAT Port Forwarding, see page 42!Access the WiMAX Device Using DDNS, see page 45!Configuring Static Route for Routing to Another Network, see page 46!Remotely Managing Your WiMAX Device on page 494.2  WiMAX Connection SettingsThis tutorial provides you with pointers for configuring the WiMAX Device to connect to an ISP.1Connect the WiMAX Device to the ISP s nearest base station. See Section 6.2 on page 61.2Configure the WiMAX Device s broadcast frequency. Section 6.3 on page 63.3Configure the WiMAX Device to connect securely to the ISP s authentication servers. See Section 6.4 on page 65.
Chapter 4TutorialsMAX208M User s Guide364Check the WiMAX Device s connection status to ensure everything is working properly. See Section 6.7 on page 72.4.3  Configuring LAN DHCPThis tutorial shows you how to set up a small network in your office or home.Goal: Connect three computers to your WiMAX Device to form a small network. Required: The following table provides a summary of the information you will need to complete the tasks in this tutorial. 1In the Web Configurator, open the Network Setting > LAN screen and set the IP Address to 192.168.100.1. Use the default IP Subnet Mask of 255.255.255.0. Click Save.2Manually change the IP address of your computer that your are using to 192.168.100.x (for example, 192.168.100.5) and keep the subnet set to 255.255.255.0.INFORMATION VALUE SEE ALSOLAN IP Address192.168.100.1 Chapter 7 on page 86Starting IP Address192.168.100.10 Chapter 7 on page 87Ending IP Address192.168.100.30DNS ServersFrom ISP
 Chapter 4TutorialsMAX208M User s Guide 373Type http://192.168.100.1 in your browser after the WiMAX Device finishes starting up completely.4Log into the Web Configurator and open the Network Setting > LAN > DHCP screen.5Select Server for the DHCP mode, then enter 192.168.100.10 and 192.168.100.30 as your DHCP starting and ending IP addresses.6Leave the other settings as their defaults and click Save.7Next, go to the Network Setting > WAN screen and select NAT in the Operation Mode field. Click Save.8Connect your computers to the WiMAX Device s Ethernet ports and you re all set!
Chapter 4TutorialsMAX208M User s Guide38Note: You may need to configure the computers on your LAN to automatically obtain IP addresses. For information on how to do this, see Appendix B on page 155.Once your network is configured and hooked up, you will want to connect it to the Internet next. To do this, just run the Internet Connection Wizard (Chapter 3 on page 27), which walks you through the process.4.4  Changing CertificateThis tutorial shows you how to import a new security certificate, which allows your device to communicate with another  network servers.Goal: Import a new security certificate into the WiMAX Device.See Also: Appendix E on page 205.1Go to the WiMAX > Profile > Authentication Settings screen. In the EAP Supplicant section, click each Browse button and locate the security certificates that were provided by your new ISP. s2Configure your new Internet access settings based on the information provided by the ISP.Note: You can also use the Internet Connection Wizard to configure the Internet access settings.
 Chapter 4TutorialsMAX208M User s Guide 393You may need to configure the Options section according to the information provided by the ISP.4Click Save. You should now be able to connect to the Internet through your new service provider!4.5  Blocking Web AccessIf your WiMAX Device is in a home or office environment you may decide that you want to block an Internet website access. You may need to block both the website s IP address and domain name.Goal: Configure the WiMAX Device s content filter to block a website with a domain name www.example.com.See Also: Section 7.16 on page 105.1Open the Network Setting > Content Filter.2Select Enable URL Filter.3Select Blacklist.4Click Add and configure a URL filter rule by selecting Active and entering www.example.com as the URL.5Click OK.
Chapter 4TutorialsMAX208M User s Guide406Click Save.Open a browser from your computer in the WiMAX Device s LAN network, you should get an "Access Violation# message when you try to access to http://www.example.com. You may also need to block the IP address of the website if you do not want users to access to the website through its IP address.4.6  Configuring the MAC Address FilterThis tutorial shows you how to use the MAC filter to block a DHCP client s access to hosts and to the WiMAX network.
 Chapter 4TutorialsMAX208M User s Guide 411First of all, you have to know the MAC address of the computer. If not, you can look for the MAC address in the Network Setting > LAN > DHCP screen. (192.168.100.3 mapping to 00:02:E3:53:16:95 in this example). 2Click Security > Firewall > MAC Filter. Select Blacklist and click the Add button in the MAC Filter Rules table.
Chapter 4TutorialsMAX208M User s Guide423An empty entry appears. Enter the computer s MAC address in the Source MAC field and leave the other fields set to their defaults. Click Save.The computer will no longer be able to access any host on the WiMAX network through the WiMAX Device.4.7  Setting Up NAT Port ForwardingThomas recently received an Xbox 360 as his birthday gift. His friends invited him to play online games with them on Xbox LIVE. In order to communicate and play with other gamers on Xbox LIVE, Thomas needs to configure the port settings on his WiMAX Device.Xbox 360 requires the following ports to be available in order to operate Xbox LIVE correctly:TCP: 53, 80, 3074UDP: 53, 88, 30741You have to know the Xbox 360 s IP address first. You can check it through the Xbox 360 console. You may be able to check the IP address on the WiMAX Device if the WiMAX Device has assigned a DHCP IP address to the Xbox 360. Check the DHCP Leased Hosts table in the Network Setting > LAN > DHCP screen. Look for the IP address for the Xbox 360.
 Chapter 4TutorialsMAX208M User s Guide 432NAT mode is required to use port forwarding. Click Network Setting > WAN and make sure NAT is selected in the Operation Mode field. Click Save.3Click Network Setting > NAT > Port Forwarding and then click the first entry to edit the rule.4Configure the screen as follows to open TCP/UDP port 53 for the Xbox 360. Click OK.
Chapter 4TutorialsMAX208M User s Guide445Repeat steps 2 and 3 to open the rest of the ports for the Xbox 360. The port forwarding settings you configured are listed in the Port Forwarding screen.6Click Save.Thomas can then connect his Xbox 360 to the Internet and play online games with his friends.In this tutorial, all port 80 traffic is forwarded to the Xbox 360, but port 80 is also the default listening port for remote management via WWW. If Thomas also wants to manage the WiMAX Device from the Internet, he has to assign an unused port to WWW remote access.Click Maintenance > Remote MGMT. Enter an unused port in the Port field (81 in this example). Click Save.
 Chapter 4TutorialsMAX208M User s Guide 454.8  Access the WiMAX Device Using DDNSIf you connect your WiMAX Device to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The WiMAX Device s WAN IP address changes dynamically. Dynamic DNS (DDNS) allows you to access the WiMAX Device using a domain name. To use this feature, you have to apply for DDNS service at www.dyndns.org.This tutorial covers:!Registering a DDNS Account on www.dyndns.org!Configuring DDNS on Your WiMAX Device!Testing the DDNS SettingNote: If you have a private WAN IP address (see Private IP Addresses on page 202), then you cannot use DDNS.4.8.1  Registering a DDNS Account on www.dyndns.org1Open a browser and type http://www.dyndns.org.2Apply for a user account. This tutorial uses UserName1 and 12345 as the username and password.3Log into www.dyndns.org using your account.4Add a new DDNS host name. This tutorial uses the following settings as an example.!Hostname: mywimax.dyndns.org!Service Type: Host with IP address!IP Address: Enter the WAN IP address that your WiMAX Device is currently using. You can find the IP address on the WiMAX Device s Web Configurator Status page.Then you will need to configure the same account and host name on the WiMAX Device later.w.x.y.z a.b.c.dhttp://mywimax.dyndns.orgA
Chapter 4TutorialsMAX208M User s Guide464.8.2  Configuring DDNS on Your WiMAX DeviceConfigure the following settings in the Network Setting > DDNS screen.1Select Enable Dynamic DNS.2Select dyndns.org for the service provider.3Select Dynamic for the service type.4Type mywimax.dyndns.org in the Domain Name field.5Enter the user name (UserName1) and password (12345).6Select WAN IP for the IP update policy.7Click Save.4.8.3  Testing the DDNS SettingNow you should be able to access the WiMAX Device from the Internet. To test this:1Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet.2Type http://mywimax.dyndns.org and press [Enter].3The WiMAX Device s login page should appear. You can then log into the WiMAX Device and manage it.4.9  Configuring Static Route for Routing to Another NetworkIn order to extend your Intranet and control traffic flowing directions, you may connect a router to the WiMAX Device s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings.
 Chapter 4TutorialsMAX208M User s Guide 47In the following figure, router R is connected to the WiMAX Device s LAN. R connects to two networks, N1 (192.168.1.x/24) and N2 (192.168.10.x/24). If you want to send traffic from computer A (in N1 network) to computer B (in N2 network), the traffic is sent to the WiMAX Device s WAN default gateway by default. In this case, computer B will never receive the traffic.You need to specify a static routing rule on the WiMAX Device to specify R as the router in charge of forwarding traffic to N2. In this case, the WiMAX Device routes traffic from computer A to R and then R routes the traffic to computer B.N2BARN1N2BN1AR
Chapter 4TutorialsMAX208M User s Guide48This tutorial uses the following example IP settings:To configure a static route to route traffic from N1 to N2:1Click Network Setting > Route > Static Route.2Click Add to create a new route.3Configure the Edit Static Route screen using the following settings:3a Enter 192.168.10.0 and subnet mask 255.255.255.0 for the destination, N2.3b Enter 192.168.1.253 (R s IP address on N1) in the IP Address field under Next Hop.3a Click Save.Now computer B should be able to receive traffic from computer A. You may need to additionally configure R s firewall settings to accept specific traffic to pass through.Table 9   IP Settings in this TutorialDEVICE / COMPUTER IP ADDRESSThe WiMAX Device s WAN172.16.1.1The WiMAX Device s LAN192.168.1.1A192.168.1.34R s IP address on N1 192.168.1.253R s IP address on N2 192.168.10.2B192.168.10.33
 Chapter 4TutorialsMAX208M User s Guide 494.10  Remotely Managing Your WiMAX DeviceThe remote management feature allows you to log into the device through the Internet.Goal: Set up the WiMAX Device to allow management requests from the WAN (Internet).See Also: Section 9.3 on page 121.1Open the Maintenance > Remote MGMT > HTTP screen.2Select Enable in both HTTP Server and HTTPS Server sections and leave the Port Number settings as "80# and "443#.3Select Allow Connection from WAN. This allows remote management connections not only from the local network but also the WAN network (Internet).4Click Save.
Chapter 4TutorialsMAX208M User s Guide50
51PART IITechnical Reference
52
MAX208M User s Guide 53CHAPTER  5 System Status5.1  OverviewUse this screen to view a summary of your WiMAX Device connection status.5.2  System StatusThis screen allows you to view the current status of the device, system resources, and interfaces (LAN and WAN).Click System Status to open this screen as shown next.Figure 11   System Status
Chapter 5System StatusMAX208M User s Guide54The following tables describe the labels in this screen. Table 10   StatusLABEL DESCRIPTIONSystem InformationSystem Model NameThis field displays the WiMAX Device system model name. It is used for identification. Software VersionThis field displays the Web Configurator version number.Firmware VersionThis field displays the current version of the firmware inside the device.Firmware DateThis field shows the date the firmware version was created. System TimeThis field displays the current system time.UptimeThis field displays how long the WiMAX Device has been running since it last started up. System ResourcesMemoryThis field displays what percentage of the WiMAX Device s memory is currently used. The higher the memory usage, the more likely the WiMAX Device is to slow down. Some memory is required just to start the WiMAX Device and to run the web configurator. You can reduce the memory usage by disabling some services; by reducing the amount of memory allocated to NAT and firewall rules (you may have to reduce the number of NAT rules or firewall rules to do so); or by deleting rules in functions such as incoming call policies, speed dial entries, and static routes.CPUThis field displays what percentage of the WiMAX Device s CPU is currently used. The higher the CPU usage, the more likely the WiMAX Device is to slow down. WiMAXDevice StatusThis field displays the WiMAX Device current status for connecting to the selected base station.Scanning - The WiMAX Device is scanning for available base stations.Ready - The WiMAX Device has finished a scanning and you can connect to a base station.Connecting - The WiMAX Device attempts to connect to the selected base station.Connected - The WiMAX Device has successfully connected to the selected base station.UMAC StateThis field displays the status of the WiMAXconnection between the WiMAX Device and the base station.Network Search - The WiMAX Device is scanning for any available WiMAX connections.Disconnected - No WiMAX connection is available.Network Entry - A WiMAX connection is initializing.Normal - The WiMAX connection has successfully established.
 Chapter 5System StatusMAX208M User s Guide 55BSIDThis field displays the MAC address of the base station to which the device is connected.FrequencyThis field indicates the frequency the WiMAX Device is using.Signal StrengthThis field indicates the strength of the connection that the WiMAX Device has with the base station.Link QualityThis field indicates the relative quality of the link the WiMAX Device has with the base station.WANStatusThis field indicates the status of the WAN connection to the WiMAX Device.MAC AddressThis field indicates the MAC address of the port making the WAN connection on the WiMAX Device.IP AddressThis field indicates the current IP address of the WiMAX Device in the WAN.Subnet MaskThis field indicates the current subnet mask on the WAN.GatewayThis field indicates the IP address of the gateway to which the WiMAX Device is connected.MTUThis field indicates the Maximum Transmission Unit (MTU) between the WiMAX Device and the ISP servers to which it is connected.DNSThis field indicates the Domain Name Server (DNS) to which your WiMAX Device is connected.LANMAC AddressThis field indicates the MAC address of the port making the LAN connection on the WiMAX Device.IP AddressThis field displays the current IP address of the WiMAX Device in the LAN.Subnet MaskThis field displays the current subnet mask in the LAN.MTUThis field indicates the Maximum Transmission Unit (MTU) between the WiMAX Device and the client devices to which it is connected.Table 10   Status (continued)LABEL DESCRIPTION
Chapter 5System StatusMAX208M User s Guide56
MAX208M User s Guide 57CHAPTER  6 WiMAX6.1  OverviewThis chapter shows you how to set up and manage the connection between the WiMAX Device and your ISP s base stations.6.1.1  What You Need to KnowThe following terms and concepts may help as you read through this chapter.WiMAX WiMAX (Worldwide Interoperability for Microwave Access) is the IEEE 802.16 wireless networking standard, which provides high-bandwidth, wide-range wireless service across wireless Metropolitan Area Networks (MANs). ZyXEL is a member of the WiMAX Forum, the industry group dedicated to promoting and certifying interoperability of wireless broadband products.In a wireless MAN, a wireless-equipped computer is known either as a mobile station (MS) or a subscriber station (SS). Mobile stations use the IEEE 802.16e standard and are able to maintain connectivity while switching their connection from one base station to another base station (handover) while subscriber stations use other standards that do not have this capability (IEEE 802.16-2004, for example). The following figure shows an MS-equipped notebook computer MS1 moving from base station BS1 s coverage area and connecting to BS2.Figure 12   WiMax: Mobile Station
Chapter 6WiMAXMAX208M User s Guide58WiMAX technology uses radio signals (around 2 to 10 GHz) to connect subscriber stations and mobile stations to local base stations. Numerous subscriber stations and mobile stations connect to the network through a single base station (BS), as in the following figure. Figure 13   WiMAX: Multiple Mobile StationsA base station s coverage area can extend over many hundreds of meters, even under poor conditions. A base station provides network access to subscriber stations and mobile stations, and communicates with other base stations.The radio frequency and bandwidth of the link between the WiMAX Device and the base station are controlled by the base station. The WiMAX Device follows the base station s configuration. AuthenticationWhen authenticating a user, the base station uses a third-party RADIUS or Diameter server known as an AAA (Authentication, Authorization and Accounting) server to authenticate the mobile or subscriber stations. The following figure shows a base station using an AAA server to authenticate mobile station MS, allowing it to access the Internet.Figure 14   Using an AAA ServerIn this figure, the dashed arrow shows the PKM (Privacy Key Management) secured connection between the mobile station and the base station, and the solid arrow shows the EAP secured connection between the mobile station, the base station and the AAA server. See the WiMAX security appendix for more details.
 Chapter 6WiMAXMAX208M User s Guide 59Frequency RangesThe following figure shows the WiMAX Device searching a range of frequencies to find a connection to a base station. Figure 15   Frequency RangesIn this figure, A is the WiMAX frequency range. "WiMAX frequency range# refers to the entire range of frequencies the WiMAX Device is capable of using to transmit and receive (see the Product Specifications appendix for details). In the figure, B shows the operator frequency range. This is the range of frequencies within the WiMAX frequency range supported by your operator (service provider).The operator range is subdivided into bandwidth steps. In the figure, each C is a bandwidth step.The arrow D shows the WiMAX Device searching for a connection.Have the WiMAX Device search only certain frequencies by configuring the downlink frequencies. Your operator can give you information on the supported frequencies. The downlink frequencies are points of the frequency range your WiMAX Device searches for an available connection. Use the Site Survey screen to set these bands. You can set the downlink frequencies anywhere within the WiMAX frequency range. In this example, the downlink frequencies have been set to search all of the operator range for a connection.Certification AuthorityA Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. You can use the WiMAX Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority.
Chapter 6WiMAXMAX208M User s Guide60Certificate File FormatsThe certification authority certificate that you want to import has to be in one of these file formats:!Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates.!PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters, uppercase letters and numerals to convert a binary X.509 certificate into a printable form.!Binary PKCS#7: This is a standard that defines the general syntax for data (including digital signatures) that may be encrypted. The WiMAX Device currently allows the importation of a PKS#7 file that contains a single certificate.!PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form.CINRCarrier to Interference-plus-Noise Ratio (CINR) measures the effectiveness of a wireless signal and plays an important role in allowing the WiMAX Device to decode signal burts. If a burst has a high signal strength and a high interference-plus-noise ratio, it can use Digital Signal Processing (DSP) to decode it; if the signal strength is lower, it can switch to an alternate burst profile.RSSIReceived Signal Strength Indicator (RSSI) measures the relative strength of a given wireless signal. This is important in determining if a signal is below the Clear-To-Send (CTS) threshold. If it is below the arbitrarily specified threshold, then WiMAX Device is free to transmit any data packets.EAP Authentication EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The WiMAX Device supports EAP-TLS and EAP-TTLS (at the time of writing, TTLS is not available in Windows Vista) . For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). Certificates (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.
 Chapter 6WiMAXMAX208M User s Guide 616.2  Connection SettingsThis screen allows you to configure how the WiMAX Device connects to the base stations on the WiMAX network.Click WiMAX > Profile > Connection Settings to open this screen as shown next.Figure 16   Connection Settings ScreenThis screen contains the following fields:Table 11   Connection SettingsLABEL DESCRIPTIONConnection Option SettingsAuto ReconnectSelect the interval in seconds that the WiMAX Device waits after getting disconnected from the base station before attempting to reconnect.Auto Connect ModeSelect the auto connect mode.!By channel power - Auto connects to the base station if the signal strength of the channel is sufficient for the WiMAX Device.!By CINR - Auto connects to the base station if the signal-to-noise ratio is sufficient for the WiMAX Device.Enable HandoverSelect this to maintain connectivity while the WiMAX Device switches its connection from one base station to another base station. Enable Idle ModeSelect this to have the WiMAX Device enter the idle mode after it has no traffic passing through for a pre-defined period. Make sure your base station also supports this before selecting this.Idle Mode IntervalSet the idle duration in minutes. This is how long the WiMAX Device waits during periods of no activity before going into idle mode.
Chapter 6WiMAXMAX208M User s Guide62CINR & RSSI Refresh IntervalSet the refresh interval in milliseconds for calculating the signal-to-noise measurement (CINR) and signal strength measurement (RSSI) of the WiMAX Device.LDRP (Low Data Rate Protection)Enter the Low Data Rate Protection (LDRP) time in milliseconds. If the uplink/downlink data rate is smaller than the LDRP time, the WiMAX Device sends a disconnect request to the base station.LDRP TX RateEnter the outgoing data rates for LDRP in bytes per second.LDRP RX RateEnter the incoming data rates for LDRP in bytes per second.Connection Type SettingsMode SelectSelect how the WiMAX Device connects to the base station.!Auto Connect Mode - The device connects automatically to the first base station in range.!Network Search Mode - The device scans for available base stations then connects to the best one it can.BSIDThis displays the MAC address of a base station within range of the WiMAX Device.Preamble IDThe preamble ID is the index identifier in the header of the base station s broadcast messages. In the beginning of a mobile stations s network entry process, it searches for the preamble and uses it to additional channel information. The preamble ID is used to synchronize the upstream and downstream transmission timing with the base station.Frequency (MHz)This field displays the radio frequency of the WiMAX Device s connection to the base station.Bandwidth (MHz)This field displays the bandwidth of the base station in megahertz (MHz).RSSI (dBm)This field displays the Received Signal Strength Indication (RSSI), which is an overal measurement of radio signal strength. A higher RSSI level indicates a stronger signal.CINR (dB) R3/R1This field displays the average Carrier to Interference plus Noise Ratio for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal.SearchClick this to have the WiMAX Device scan for base stations.Table 11   Connection Settings (continued)LABEL DESCRIPTION
 Chapter 6WiMAXMAX208M User s Guide 636.3  Frequency SettingsUse this screen to have the WiMAX Device scan one or more specific radio frequencies (given by your WiMAX service provider) to find available connections to base stations.Click WiMAX > Profile > Frequency Settings to open this screen as shown next.Figure 17   Frequency Settings Screen (By List)Figure 18   Frequency Settings Screen (By Range)This screen contains the following fields:Table 12   Frequency SettingsLABEL DESCRIPTIONSetting TypeSelect whether to scan base stations by entering specific frequency(-ies) (By List) or a range of frequencies (By Range).Note: When you select By Range, you can only configure one range of frequencies in this screen. To configure multiple frequency ranges, use the WiMAX > Wide Scan screen.Note: Some settings in this screen are only available depending on the Setting Type selected.Join Wide Scan Result The scanning result of the frequency to scan you configured in this screen will be shown in the WiMAX > Connect screen. Select this option to determine whether to also append the wide scanning result (configured in the WiMAX > Wide Scan screen) to the same table.Default BandwidthSelect the default bandwidth (size) per frequency band you specify in table A.ABAB
Chapter 6WiMAXMAX208M User s Guide64A (When By List is selected in the Setting Type field)Frequency (KHz)This displays the center frequency of an frequency band in kilohertz (KHz).Click the number to modify it.Enter the center frequency in this field when you are adding an entry.Bandwidth (MHz)This displays the bandwidth of the frequency band in megahertz (MHz). If you set a center frequency to 2610000 KHz with the bandwidth of 10 MHz, then the frequency band is from 2605000 to 2615000 KHz.Click the number to modify it.Enter the bandwidth of the frequency band in this field when you are adding an entry.DeleteClick this button to remove an item from the list.AddClick this button to add an item to the list.OKClick this button to save any changes made to the list.A (When By Range is selected in the Setting Type field)Start Frequency (KHz)This indicates the beginning of a frequency band in kilohertz (KHz).Click this field to modify it.Enter the beginning frequency when you are adding an entry.End Frequency (KHz)This indicates the end of the frequency band in kilohertz (KHz).Click this field to modify it.Step (KHz)This indicates the frequency step within each band in kilohertz (KHz).Click this field to modify it.Bandwidth (MHz)This indicates the bandwidth in megahertz (MHz).Click this field to modify it.OKClick this button to save any changes made to the list.Valid Band Info (B)This table displays the entire frequency band the WiMAX Device supports. The frequenc(ies) to scan that you configured in table A must be within this range.Band Start (KHz)This indicates the beginning of the frequency band in kilohertz (KHz).Band End (KHz)This indicates the end of the frequency band in kilohertz (KHz).Table 12   Frequency Settings (continued)LABEL DESCRIPTION
 Chapter 6WiMAXMAX208M User s Guide 656.4  Authentication SettingsThese settings allow the WiMAX Device to establish a secure (authenticated) connection with the service provider.Click WiMAX > Profile > Authentication Settings to open this screen as shown next.Figure 19   Authentication Settings Screen
Chapter 6WiMAXMAX208M User s Guide66This screen contains the following fields:Table 13   Authentication SettingsLABEL DESCRIPTIONAuthentication ModeSelect the authentication mode from the list.The WiMAX Device supports the following authentication modes:!No authentication!User authentication!Device authentication!User and device authenticationData EncryptionAES-CCMSelect this to enable AES-CCM encryption. CCM combines counter-mode encryption with CBC-MAC authentication.AES-CBCSelect this to enable AES-CBC encryption. CBC creates message authentication code from a block cipher.Key EncryptionAES-key wrapSelect this encapsulate cryptographic keys in a symmetric encryption algorithm.AES-ECBSelect this to divide cryptographic keys into blocks and encrypt them separately.EAP SupplicantEAP ModeSelect an Extensible Authentication Protocol (EAP) mode.The WiMAX Device supports the following:!EAP-TLS - In this protocol, digital certifications are needed by both the server and the wireless clients for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead.!EAP-TTLS - This protocol is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. Anonymous IDEnter the anonymous ID used for EAP supplicant authentication.Server Root CA Cert FileBrowse for and choose a server root certificate file, if required.Server Root CA InfoThis field displays information about the assigned server root certificate.Device Cert FileBrowse for and choose a device certificate file, if required.Device Cert InfoThis field displays information about the assigned device certificate.
 Chapter 6WiMAXMAX208M User s Guide 67Device Private KeyBrowse for and choose a device private key, if required.Device Private Key InfoThis field displays information about the assigned device private key.Device Private Key PasswordEnter the device private key, if required.Inner ModeSets the EAP-TTLS inner mode.The WiMAX Device supports the following:!MS-CHAP v2 - This is version 2 of Microsoft s variant of Challenge Handshake Authentication Protocol (CHAP). It allows for mutual authentication between devices.!MS-CHAP - This is Microsoft s variant of Challenge Handshake Authentication Protocol (CHAP). It allows for mutual authentication between devices.!CHAP - The Challenge Handshake Authentication Protocol (CHAP) uses PPP to authenticate remote devices using a three-way handshake and shared secret verification.!MD5 - Message-Digest, algorithm 5, (MD5) encryption is typically used for checking file integrity. Because this encryption protocol contains a number of serious security flaws it is generally not recommended that you use it for authentication security.!PAP - Password Authentication Protocol uses unencrypted plaintext to send a passwords for authentication over the network. It s probably not a good idea to rely on this for security.UsernameEnter the username required for the EAP-TTLS inner method.PasswordEnter the password required for the EAP-TTLS inner method.OptionsEnable Auth Mode Decoration in EAP Outer IDSelect this to enable authentication mode.Enable Service Mode Decoration in EAP Outer IDSelect this to enable service mode.Random Outer IDSelect this to allow the WiMAX Device to generate a 16-byte random number as a username for the EAP Identity Response message.Ignore Cert VerificationSelect this to ignore base station certification verification when a certificate is received during EAP-TLS or EAP-TTLS.Same EAP OuterID in ReAuthSelect this to use the same EAP to the outer ID when reauthenticating.MAC address in EAP-TLS outer IdAdds the MAC address of the WiMAX Device to the outer ID while the EAP mode is set to EAP-TLS.Table 13   Authentication Settings (continued)LABEL DESCRIPTION
Chapter 6WiMAXMAX208M User s Guide686.5  ConnectThis screen allows you to view the available WiMAX frequency band(s) and base station(s) the WiMAX Device found through scanning and choose a base station to which to connect.Click WiMAX > Connect to open this screen as shown next.Figure 20   Connect ScreenDelete existed Root Certificate fileSelect this to delete an existing root certificate file from the WiMAX Device.Delete existed Device Certificate fileSelect this to delete an existing device certificate file from the WiMAX Device.Delete existed Private KeySelect this to delete an existing private key from the WiMAX Device.Table 13   Authentication Settings (continued)LABEL DESCRIPTION
 Chapter 6WiMAXMAX208M User s Guide 69This screen contains the following fields:Table 14   ConnectLABEL DESCRIPTIONApplied Frequency InformationThis table shows the scanning result you made in the WiMAX > Profile > Frequency Settings and WiMAX > Wide Scan screens.Note: You cannot see the wide scanning result that you made in WiMAX > Wide Scan screen if the Join Wide Scan Result is set to No in the WiMAX > Profile > Frequency Settings screen.Frequency (KHz)This field displays the available center frequency of a frequency band in kilohertz (KHz).Bandwidth (MHz)This field displays the bandwidth of the frequency band in megahertz (MHz).Available Network ListConnected ModeSelect a connect mode:!Auto Connect Mode - This allows the WiMAX Device to connect to any of the base stations on the list automatically.!Network Search Mode - This allows the WiMAX Device to connect to a user-specified base station. Select this option,  choose a base station, click Connect.ConnectClick this to connect to the selected base station.DisconnectClick this to disconnect from the selected base station.BSIDThis field displays the base station MAC address.Preamble IDThis field displays the preamble ID.The preamble ID is the index identifier in the header of the base station s broadcast messages. In the beginning of a mobile stations s network entry process, it searches for the preamble and uses it to additional channel information. The preamble ID is used to synchronize the upstream and downstream transmission timing with the base station.Frequency (MHz)This field displays the center frequency the base station uses in kilohertz (KHz).Bandwidth (MHz)This field displays the frequency band bandwidth the base station uses in megahertz (MHz).RSSI (dBm)This field displays the Received Signal Strength Indication (RSSI), which is an overal measurement of radio signal strength. A higher RSSI level indicates a stronger signal.CINR (dB) R3/R1This field displays the average Carrier to Interference plus Noise Ratio for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal.SearchClick this to have the WiMAX Device scan for base stations in the frequency band(s) listed in the Applied Frequency Information table.Connected BS Info
Chapter 6WiMAXMAX208M User s Guide70Device StatusThis field displays the WiMAX Device current status for connecting to the selected base station.Scanning - The WiMAX Device is scanning for available base stations.Ready - The WiMAX Device has finished scanning and you can connect to a base station.Connecting - The WiMAX Device attempts to connect to the selected base station.Connected - The WiMAX Device has successfully connected to the selected base station.UMAC StateThis field displays the status of the WiMAXconnection between the WiMAX Device and the base station.Network Search - The WiMAX Device is scanning for any available WiMAX connections.Disconnected - No WiMAX connection is available.Network Entry - A WiMAX connection is initializing.Normal - The WiMAX connection has been successfully established.BSIDThis field displays the MAC address of the base station to which the WiMAX Device is connected.Frequency (MHz)This field displays the frequency the base station uses in megahertz (MHz).RSSI (dBm)This field displays the Received Signal Strength Indication (RSSI), which is an overal measurement of radio signal strength. A higher RSSI level indicates a stronger signal.CINR (dB)This field displays the average Carrier to Interference plus Noise Ratio for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal.Table 14   Connect (continued)LABEL DESCRIPTION
 Chapter 6WiMAXMAX208M User s Guide 716.6  Wide ScanThis screen allows you to discover base stations by entering one or more frequency ranges and bandwidth on which to scan.Click WiMAX > Wide Scan to open this screen as shown next.Figure 21   Wide Scan ScreenThis screen contains the following fields:Table 15   Wide ScanLABEL DESCRIPTIONWide Scan SettingsAuto Wide ScanUse this to enable (Yes) or disable (No) automatically scanning for base stations.Wide Scan RangeStart Frequency (KHz)Enter the start frequency in kilohertz (KHz) for a wide scan range.End Frequency (KHz)Enter the end frequency in kilohertz (KHz) for a wide scan range.Step (KHz)Enter the step increment in kilohertz (KHz) that the wide scan jumps each time it scans between the start and end frequencies.Bandwidth (MHz)Enter the frequency bandwidth to be scanned.DeleteClick this to remove a range of frequencies from the wide scan range list.AddClick this to add a range of frequencies to the wide scan range list.OKClick this so save any changes to the wide scan range list.Wide Scan ResultThis table displays the available frequency band(s) found through the wide scan.Frequency (KHz)This field displays the frequency in kilohertz (KHz).Bandwidth (MHz)This field displays the bandwidth in megahertz (MHz).
Chapter 6WiMAXMAX208M User s Guide726.7  Link StatusThis screen provides a general overview of the current WiMAX connection with the service provider.Click WiMAX > Link Status to open this screen as shown next.Figure 22   Link Status ScreenThis screen contains the following fields:SearchClick this to initiate a wide scan.ClearClick this to clear the wide scan results.Table 15   Wide Scan (continued)LABEL DESCRIPTIONTable 16   Link StatusLABEL DESCRIPTIONProfileThis field displays the profile name.BSIDThis field displays the MAC address of the base station to which the WiMAX Device is currently connected.RSSIThis field displays the Received Signal Strength Indication (RSSI), which is an overal measurement of radio signal strength. A higher RSSI level indicates a stronger signal.CINR R3This field displays the average Carrier to Interference plus Noise Ratio (R3) for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal.CINR R1This field displays the average Carrier to Interference plus Noise Ratio (R1) for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal.CINR Std DevThis field displays the average Carrier to Interference plus Noise Ratio (Std Dev) for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal.
 Chapter 6WiMAXMAX208M User s Guide 73FrequencyThis field displays the frequency in kilohertz (KHz).TX PowerThis field displays the transmission power of the WiMAX Device in dBm.UL MCSThis field displays the Uplink Modulation and Coding Sequence (UL MCS).DL MCSThis field displays the Downlink Modulation and Coding Sequence (DL MCS).RF TemperatureThis field displays the temperature of the WiMAX Device s RF circuit.Handover SuccessThis field displays how many times the WiMAX Device had ever successfully switched its connection from one base station to another base station, since the WiMAX Device last restarted.Handover FailThis field displays how many times the WiMAX Device had been failed to switch its connection from one base station to another base station, since the WiMAX Device last restarted.Table 16   Link Status (continued)LABEL DESCRIPTION
Chapter 6WiMAXMAX208M User s Guide746.8  Link StatisticsThis screen provides a detailed overview of the current WiMAX connection with the service provider..Click WiMAX > Link Statistics to open this screen as shown next.Figure 23   Link Statistics ScreenThis screen contains the following sections:Table 17   Link StatisticsLABEL DESCRIPTIONLinkThis section provides a detailed overview of link statistics.HARQThis section provides a detailed overview of Hybrid Automatic Repeat Request link statistics.TX/RXThis section provides a detailed overview of transmission and receiving link statistics.MCSThis section provides a detailed overview of Modulation and Coding Sequence (MCS) link statistics
 Chapter 6WiMAXMAX208M User s Guide 756.9  Connection InfoThis screen displays all of the connections made through the WiMAX device since its last reboot.Click WiMAX > Connection Info to open this screen as shown next.Figure 24   Connection Info ScreenThis screen contains the following fields:6.10  Service FlowThis screen displays data priority information for all of the connections made through the WiMAX device since its last reboot.Click WiMAX > Service Flow to open this screen as shown next.Figure 25   Service Flow ScreenThis screen contains the following fields:Table 18   Connection InfoLABEL DESCRIPTIONActive Connection CIDThis displays the unique, unidirectional 16-bit Connection Identifier (CID) for an active connection.Connection TypeThis displays the type of connection.Table 19   Service FlowLABEL DESCRIPTIONSFIDThis displays a 32-bit service flow identifier.SF StatusThis display the service flow status.SF DirectionThis displays the service flow direction.
Chapter 6WiMAXMAX208M User s Guide76
MAX208M User s Guide 77CHAPTER  7 Network Settings7.1  OverviewThis chapter shows you how to configure the WiMAX Device s network settings.7.1.1  What You Need to KnowThe following terms and concepts may help as you read through this chapter.IP AddressIP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.Subnet MasksSubnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.DHCPA DHCP (Dynamic Host Configuration Protocol) server can assign your WiMAX Device an IP address, subnet mask, DNS and other routing information when it s turned on.
Chapter 7Network SettingsMAX208M User s Guide78DNS Server AddressDNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask.There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server fields; otherwise, leave them blank.Some ISPs choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The WiMAX Device supports the IPCP DNS server extensions through the DNS proxy feature.If the Primary and Secondary DNS Server fields are not specified, for instance, left as 0.0.0.0, the WiMAX Device tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the WiMAX Device, the WiMAX Device forwards the query to the real DNS server learned through IPCP and relays the response back to the computer.Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses. This way, the WiMAX Device can pass the DNS servers to the computers and the computers can query the DNS server directly without the WiMAX Device s intervention.RIP SetupRIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets.  When set to:!RX/TX - the WiMAX Device will broadcast its routing table periodically and incorporate the RIP information that it receives.!RX Only - the WiMAX Device will not send any RIP packets but will accept all RIP packets received.!TX Only - the WiMAX Device will send out RIP packets but will not accept any RIP packets received.!None - the WiMAX Device will not send any RIP packets and will ignore any RIP packets received.
 Chapter 7Network SettingsMAX208M User s Guide 79The Version field controls the format and the broadcasting method of the RIP packets that the WiMAX Device sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting.Port Forwarding A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world.With port forwarding, you can forward incoming service requests to the server(s) on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. In addition to the servers for specified services, NAT supports a default server. A service request that does not have a server explicitly designated for it is forwarded to the default server. If the default is not defined, the service request is simply discarded.For example, let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet.Figure 26   Multiple Servers Behind NAT Example
Chapter 7Network SettingsMAX208M User s Guide80Trigger PortsSome services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address, Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The WiMAX Device records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a "trigger" port). When the WiMAX Device's WAN port receives a response with a specific port number and protocol ("incoming" port), the WiMAX Device forwards the traffic to the LAN IP address of the computer that sent the request. After that computer s connection for that service closes, another computer on the LAN can use the service in the same manner. This way you do not need to configure a new IP address each time you want a different LAN computer to use the application.ALGSome applications, such as SIP, cannot operate through NAT (are NAT un-friendly) because they embed IP addresses and port numbers in their packets  data payload. Some NAT routers may include a SIP Application Layer Gateway (ALG). An Application Layer Gateway (ALG) manages a specific protocol (such as SIP, H.323 or FTP) at the application layer. A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream.UPnPUniversal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.How do I know if I'm using UPnP? UPnP hardware is identified as an icon in the Network Connections folder (Windows XP). Each UPnP compatible device installed on your network will appear as a separate icon. Selecting the icon of a UPnP device will allow you to access the information and properties of that device.
 Chapter 7Network SettingsMAX208M User s Guide 81NAT TraversalUPnP NAT traversal automates the process of allowing an application to operate through NAT. UPnP network devices can automatically configure network addressing, announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following:!Dynamic port mapping!Learning public IP addresses!Assigning lease times to mappingsWindows Messenger is an example of an application that supports NAT traversal and UPnP. Cautions with UPnPThe automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. UPnP and ZyXELZyXEL has received UPnP certification from the official UPnP Forum (http://www.upnp.org). ZyXEL's UPnP implementation supports IGD 1.0 (Internet Gateway Device).The WiMAX Device only sends UPnP multicasts to the LAN.Content FilterInternet content filtering allows you to create and enforce Internet access policies tailored to their needs. Content filtering is the ability to block certain specific URL keywords.
Chapter 7Network SettingsMAX208M User s Guide827.2  WANUse these settings to configure the WAN connection between the WiMAX Device and the service provider.Click Network Setting > WAN to open this screen as shown next.Figure 27   WAN ScreenThis screen contains the following fields:Table 20   WANLABEL DESCRIPTIONOperation ModeSelect the WiMAX Device s operational mode.!Bridge - This puts the WiMAX Device in bridge mode, acting as a transparent middle man between devices on the LAN and the devices on the WAN.!NAT - This allows the WiMAX Device to tag frames for NAT, allowing devices on the LAN to use their own internal IP addresses while communicating with devices on the WAN.WAN ProtocolSelect the protocol the WiMAX Device uses to connect to the WAN.The options are:!Ethernet - Select this if you have a persistent connection to the network.!PPPoE - Select this if must log into the network before initiating a persistent connection.!GRE Tunnel - Select this if you connect to the network using Point-to-Point Protocol to create VPNs.!EtherIP - Select this if you need to tunnel Ethernet and IEEE 802.3 MAC frames across an IP Internet.
 Chapter 7Network SettingsMAX208M User s Guide 83Bridging LAN ARPThis option enables or disables allow ARP requests to cross the WiMAX Device.Get IP MethodSelect how the WiMAX Device receives its IP address.!User - Select this to manually enter the IP address the WiMAX Device uses.!From ISP - Select to automatically get the IP address the WiMAX Device uses from the ISP.WAN IP Request TimeoutEnter the number of seconds the WiMAX Device waits for an IP from the ISP before it times out.WAN IP AddressIf the WiMAX Device gets its IP from the user, enter the IP address it is to use.WAN IP Subnet MaskIf the WiMAX Device gets its IP from the ISP, enter the IP address it is to use.Gateway IP AddressIf the WiMAX Device gets its gateway IP address from the user, enter the IP address it is to use.MTUEnter the Maximum Transmission Unit (MTU) for the WiMAX Device. This is the largest protocol unit that the WiMAX Device allows to pass through it.Clone MAC AddressEnter a MAC address here for registering bridged devices on the network if their current MAC addresses are causing problems. For example, this can happen when a desktop computer swaps network interface cards; the original NIC may have used its MAC address to register itself on the network and now the new NIC is unrecognized. Using a MAC address that you know is valid, i.e. a "clone#, allows that device to stay registered.First~Third DNS ServerSelect how the WiMAX Device acquires its DNS server address.!From ISP - Select this to have the WiMAX Device acquire its DNS server address from the ISP.!User Define - Select this to manually enter the DNS server used by the WiMAX Device.Table 20   WAN (continued)LABEL DESCRIPTION
Chapter 7Network SettingsMAX208M User s Guide847.3  PPPoEUse these settings to configure the PPPoE connection between the WiMAX Device and the service provider.Click Network Setting > WAN > PPPoEFigure 28   PPPoE ScreenThis screen contains the following fields:Table 21   PPPoELABEL DESCRIPTIONUser NameEnter the username for PPPoE login into the WAN network.PasswordEnter the password for PPPoE login into the WAN network.Retype PasswordRetype the password to confirm it.Auth ProtocolSelect a PPPoE authentication protocol. The WiMAX Device supports the following:!CHAP - The Challenge Handshake Authentication Protocol (CHAP) uses PPP to authenticate remote devices using a three-way handshake and shared secret verification.!PAP - Password Authentication Protocol uses unencrypted plaintext to send a passwords for authentication over the network. It s probably not a good idea to rely on this for security.!MS-CHAP v1/2 -This is Microsoft s variant of Challenge Handshake Authentication Protocol (CHAP). It allows for mutual authentication between devices.MPPE EncryptionUse this option to enable or disable authentication through Microsoft Point-To-Point Encryption (MPPE) protocol.
 Chapter 7Network SettingsMAX208M User s Guide 857.4  GREUse these settings to configure the peer setting of the Generic Routing Encapsulation (GRE) tunnel between the WiMAX Device and another GRE peer.Click Network Setting > WAN > GRE to open this screen as shown next.Figure 29   GRE ScreenThis screen contains the following fields:MPPE StatefulUse this option to allow or disallow the WiMAX Device to use the Microsoft Point-To-Point Encryption (MPPE) protocol for stateful peer negotiation.Idle TimeoutEnter the number of second the WiMAX Device waits during authentication before timing out.AC NameEnter the access concentrator name for the PPPoE interface if your ISP uses an AC PPPoE service.DNS OverwriteUse this option to allow or disallow the WiMAX Device to overwrite DNS static DNS entries on client devices.Connection TriggerSet whether the WiMAX Device is persistently connected to the WAN (AlwaysOn) or you must click the PPPoE Connect button each time you want to get on the WAN (Manual).Connection TimeoutEnter in seconds the duration the WiMAX Device waits for idle activity before disconnecting from the WAN.PPPoE ConnectClick this to connect to the WAN using PPPoE.PPPoE DisconnectClick this to disconnect from the WAN.Table 21   PPPoE (continued)LABEL DESCRIPTIONTable 22   GRELABEL DESCRIPTIONPeer IP AddressEnter the IP address of the GRE peer.
Chapter 7Network SettingsMAX208M User s Guide867.5  EtherIPUse these settings to configure the peer setting of the EtherIP tunnel between the WiMAX Device and another EtherIP peer.Click Network Setting > WAN > EtherIP to open this screen as shown next.Figure 30   EtherIP ScreenThis screen contains the following fields:7.6  IPUse these settings to configure the LAN connection between the WiMAX Device and your local network.Click Network Setting > LAN > IP to open this screen as shown next.Figure 31   IP ScreenThis screen contains the following fields:Table 23   EtherIPLABEL DESCRIPTIONPeer IP AddressEnter the IP address of the EtherIP peer.Table 24   IPLABEL DESCRIPTIONIP addressEnter the IP address of the LAN interface for the WiMAX Device.IP Subnet MaskEnter the IP subnet maks of the LAN interface for the WiMAX Device.
 Chapter 7Network SettingsMAX208M User s Guide 877.7  DHCPUse these settings to configure whether the WiMAX Device functions as a DHCP server for your local network, or a DHCP relay between the local network and the service provider. You can also disable the DHCP functions.Click Network Setting > LAN > DHCP to open this screen as shown next.Figure 32   DHCP ScreenThis screen contains the following fields:Table 25   DHCPLABEL DESCRIPTIONDHCP ServerDHCP ModeSelect this if you want the WiMAX Device to be the DHCP server on the LAN. As a DHCP server, the WiMAX Device assigns IP addresses to DHCP clients on the LAN and provides the subnet mask and DNS server information.!None - This disables DHCP mode for the WiMAX Device.!Server - This sets the WiMAX Device as a DHCP server for the LAN.!Relay - This sets the WiMAX Device as a DHCP relay for the LAN, allowing it to pass-through IP addresses assigned to LAN devices from the ISP servers.
Chapter 7Network SettingsMAX208M User s Guide887.8  Static RouteUse these settings to create fixed paths through the network.Click Network Setting > Route > Static Route to open this screen as shown next.Figure 33   Static Route ScreenStart IPEnter the start IP address from which the WiMAX Device begins allocating IP addresses.End IPEnter the end IP address at which the WiMAX Device ceases allocating IP addresses.Lease TimeEnter the duration in minutes that devices on the LAN retain their DHCP-issued IP addresses. At the end of the lease time, they poll the WiMAX Device for a renewed or replacement IP.Relay IPEnter the name of the IP address to be used.DNS Server Assigned by the DHCP ServerFirst~Third DNS ServerSelect how the WiMAX Device acquires its DNS server address.!None - Select this to not use a DNS server.!From ISP - Select this to have the WiMAX Device acquire its DNS server address from the ISP.!User Define - Select this to manually enter the DNS server used by the WiMAX Device.Static DHCPMAC AddressThis field displays the MAC address of the static DHCP client connected to the WiMAX Device.IP AddressThis field displays the IP address of the static DHCP client connected to the WiMAX Device.AddClick this to add a new static DHCP entry.OKClick this to save any changes made to this list.DHCP Leased HostsMAC AddressThis displays the MAC address of the DHCP leased host.IP AddressThis displays the IP address of the DHCP leased host.Remaining TimeThis displays the how much time is left on the host s lease.RefreshClick this to refresh the list.Table 25   DHCP (continued)LABEL DESCRIPTION
 Chapter 7Network SettingsMAX208M User s Guide 89This screen contains the following fields:7.9  RIPUse these settings to configure how the WiMAX Device exchanges information with other routers.Click Network Setting > Route > RIP to open this screen as shown next.Figure 34   RIP ScreenTable 26   Static RouteLABEL DESCRIPTIONDestinationThis field displays the destination IP address of the static route.Subnet MaskThis field displays the subnet mask of the static route.Next HopThis field displays next hop information of the static route.MetricThis field displays the static route metric.AddClick this to add a new static route to the list.
Chapter 7Network SettingsMAX208M User s Guide90This screen contains the following fields:7.10  Port ForwardingUse these settings to forward incoming service requests to the ports on your local network.Note: Make sure you did not configure a DMZ host in the Network Setting > NAT > DMZ screen if you want to make the settings of this screen work.Table 27   RIPLABEL DESCRIPTIONGeneral SetupEnableSelect this to enable RIP on the WiMAX Device.RedistributeActiveThis indicates whether a route is being redistributed.TypeThis indicates what type of route is being redistributed.MetricThis indicates the metric that is being used for redistribution.EditClick this to edit a selected route.OKClick this to save any changes to the redistribution table.LANDirectionSet the LAN network direction to use with RIP.VersionSet the RIP version to use.AuthenticationUse this option to enable or disable RIP authentication.Authentication IDEnter the authentication ID to use for RIP authentication.Authentication KeyEnter the authentication key to use for RIP authentication.WANDirectionSet the WAN network direction to use with RIP.VersionSet the RIP version to use.AuthenticationUse this option to enable or disable RIP authentication.Authentication IDEnter the authentication ID to use for RIP authentication.Authentication KeyEnter the authentication key to use for RIP authentication.
 Chapter 7Network SettingsMAX208M User s Guide 91Click Network Setting > NAT > Port Forwarding to open this screen as shown next.Figure 35   Port Forwarding ScreenThis screen contains the following fields:Table 28   Port ForwardingLABEL DESCRIPTIONActiveThis indicates whether the port forwarding rule is active or not.NameThe displays the name of the port forwarding rule.ProtocolThis displays the protocol to which the port forwarding rule applies.Incoming Port(s)Start PortThis displays the starting port number for incoming traffic for the port forwarding rule.End PortThis displays the ending port number for incoming traffic for the port forwarding rule.Forward Port(s)Start Port This field displays the beginning of the range of port numbers forwarded by this rule.End Port This field displays the end of the range of port numbers forwarded by this rule. If it is the same as the Start Port, only one port number is forwarded.Server IPThis displays the IP address of the server to which packet for the selected port(s) are forwarded.DeleteClick this to delete a specified rule.WizardClick this to open the port forwarding "wizard#.AddClick this to add a new port forwarding rule.OKClick this to save any changes made to the port forwarding list.
Chapter 7Network SettingsMAX208M User s Guide927.10.1  Port Forwarding WizardUse this wizard to set up a port forwarding rule for incoming service requests to the ports on your local network.Click Network Setting > NAT > Port Forwarding > Wizard to open this screen as shown next.Figure 36   Port Forwarding Wizard ScreenThis screen contains the following fields:Table 29   Port Forwarding WizardLABEL DESCRIPTIONActiveSelect this to make this port forwarding rule active.Port Forward RuleSelect the type of port forwarding rule.Rule NameEnter a name for the port forwarding rule.ProtocolSelect the port forwarding protocol.Incoming Start PortEnter the starting port number for incoming traffic for the port forwarding rule.Incoming End PortEnter the ending port number for incoming traffic for the port forwarding rule.Forwarding Start PortEnter the starting port number for forwarded traffic for the port forwarding rule.Forwarding End PortEnter the ending port number for forwarded traffic for the port forwarding rule.Server IPEnter the port forwarding server IP address.
 Chapter 7Network SettingsMAX208M User s Guide 937.11  Port TriggerUse these settings to automate port forwarding and allow computers on local network to provide services that would normally require a fixed address on the local network.Click Network Setting > NAT > Port Trigger to open this screen as shown next.Figure 37   Port Trigger ScreenThis screen contains the following fields:Table 30   Port TriggerLABEL DESCRIPTIONActiveThis indicates whether the port trigger rule is active or not.NameThe displays the name of the port trigger rule.Trigger ProtocolThis displays the protocol to which the port trigger rule applies.Trigger Port(s)Start / End PortThis displays the start / end trigger port for the port trigger rule.Click Add to create a new, empty rule, then enter the incoming port number or range of port numbers you want to forward to the IP address the WiMAX Device records.To forward one port number, enter the port number in the Start Port and End Port fields.To forward a range of ports,!enter the port number at the beginning of the range in the Start Port field!enter the port number at the end of the range in the End Port field.If you want to delete this rule, click the Delete icon.Open ProtocolThis indicates which protocol is used to open the port trigger ports.Open Port(s)
Chapter 7Network SettingsMAX208M User s Guide947.11.1  Port Trigger WizardUse the wizard to create a port trigger rules that will allow the WiMAX Device to  to automate port forwarding and allow computers on local network to provide services that would normally require a fixed address on the local network.Click Network Setting > NAT > Port Trigger > WizardFigure 38   Port Trigger Wizard ScreenStart / End PortThis displays the start / end open port for the port trigger rule.Click Add to create a new, empty rule, then enter the outgoing port number or range of port numbers that makes the WiMAX Device record the source IP address and assign it to the selected incoming port number(s).To select one port number, enter the port number in the Start Port and End Port fields.To select a range of ports,!enter the port number at the beginning of the range in the Start Port field!enter the port number at the end of the range in the End Port field.If you want to delete this rule, click the Delete icon.DeleteClick this to delete a specified rule.WizardClick this to open the port trigger "wizard#.AddClick this to add a new port trigger rule.OKClick this to save any changes made to the port trigger list.Table 30   Port Trigger (continued)LABEL DESCRIPTION
 Chapter 7Network SettingsMAX208M User s Guide 95This screen contains the following fields:7.11.2  Trigger Port Forwarding ExampleThe following is an example of trigger port forwarding. In this example, J is Jane s computer and S is the Real Audio server.Figure 39   Trigger Port Forwarding Example1Jane requests a file from the Real Audio server (port 7070).2Port 7070 is a "trigger# port and causes the WiMAX Device to record Jane s computer IP address. The WiMAX Device associates Jane's computer IP address with the "incoming" port range of 6970-7170.3The Real Audio server responds using a port number ranging between 6970-7170.4The WiMAX Device forwards the traffic to Jane s computer IP address. Table 31   Port Trigger WizardLABEL DESCRIPTIONActiveSelect this to make this port trigger rule active.Port Trigger RuleSelect the type of port trigger rule.Rule NameEnter a name for the port trigger rule.Trigger ProtocolSelect the type of port trigger protocol.Trigger Start PortEnter the port trigger start port.Trigger End PortEnter the port trigger end port.Open ProtocolSelect the type of open protocol for the port trigger rule.Open Start PortSelect the starting open port for the port trigger rule.Open End PortSelect the ending open port number for the port trigger rule.
Chapter 7Network SettingsMAX208M User s Guide965Only Jane can connect to the Real Audio server until the connection is closed or times out. The WiMAX Device times out in three minutes with UDP (User Datagram Protocol), or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol). Two points to remember about trigger ports:1Trigger events only happen on data that is coming from inside the WiMAX Device and going to the outside.2If an application needs a continuous data stream, that port (range) will be tied up so that another computer on the LAN can t trigger it. 7.12  DMZUse this page to set the IP address of your network DMZ (if you have one) for the WiMAX Device. All incoming packets received by this WiMAX Device s WAN interface will be forwarded to the DMZ host you set.Click Network Setting > NAT > DMZ to open this screen as shown next.Note: The configuration you set in this screen takes priority than the Network Setting > NAT > Port Forwarding screen.Figure 40   DMZ ScreenThis screen contains the following fields:Table 32   DMZLABEL DESCRIPTIONDMZ HostEnter the IP address of your network DMZ host, if you have one. 0.0.0.0 means this feature is disabled.
 Chapter 7Network SettingsMAX208M User s Guide 977.13  ALGUse these settings to bypass NAT on your WiMAX Device for those applications that are "NAT un-friendly".Click Network Setting > NAT > ALG to open this screen as shown next.Figure 41   ALG ScreenThis screen contains the following fields:Table 33   ALGLABEL DESCRIPTIONEnable FTP ALGTurns on the FTP ALG to detect FTP (File Transfer Program) traffic and helps build FTP sessions through the WiMAX Device s NAT. Enable H.323 ALGTurns on the H.323 ALG to detect H.323 traffic (used for audio communications) and helps build H.323 sessions through the WiMAX Device s NAT. Enable IPsec ALGTurns on the IPsec ALG to detect IPsec traffic and helps build IPsec sessions through the WiMAX Device s NAT. Enable L2TP ALGTurns on the L2TP ALG to detect L2TP traffic and helps build L2TP sessions through the WiMAX Device s NAT.Enable PPTP ALGTurns on the PPTP ALG to detect PPTP traffic and helps build PPTP sessions through the WiMAX Device s NAT. Enable RTSP ALGTurns on the RTSP ALG to detect RTSP traffic and helps build RTSP sessions through the WiMAX Device s NAT. Enable SIP ALGTurns on the SIP ALG to detect SIP traffic and helps build SIP sessions through the WiMAX Device s NAT.SIP PortIf you are using a custom UDP port number (not 5060) for SIP traffic, enter it here.Enable SIP ALG Set BSIDCheck this box to add the base station ID to the outgoing SIP messages. Select this option only if the media server forwarding calls requires this information.
Chapter 7Network SettingsMAX208M User s Guide987.14  UPnPUse this page to enable the UPnP networking protocol on your WiMAX Device and allow easy network connectivity with other UPnP-compatible devices.Click Network Setting > UPnP to open this screen as shown next.Figure 42   UPnP ScreenThis screen contains the following fields:7.14.1  Installing UPnP in Windows XPFollow the steps below to install the UPnP in Windows XP.1Click Start > Control Panel. 2Double-click Network Connections.3In the Network Connections window, click Advanced in the main menu and select Optional Networking Components  . Table 34   UPnPLABEL DESCRIPTIONEnable UPnPSelect this to enable UPnP on the WiMAX Device.Enable NAT-PMPSelect this to enable NAT Port Mapping Protocol on the WiMAX Device.
 Chapter 7Network SettingsMAX208M User s Guide 994The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. 5In the Networking Services window, select the Universal Plug and Play check box. 6Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Chapter 7Network SettingsMAX208M User s Guide1007.14.1.1  Auto-discover Your UPnP-enabled Network Device in Windows XPThis section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the WiMAX Device.Make sure the computer is connected to a LAN port of the WiMAX Device. Turn on your computer and the WiMAX Device. 1Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway.2Right-click the icon and select Properties.
 Chapter 7Network SettingsMAX208M User s Guide 1013In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. 4You may edit or delete the port mappings or click Add to manually add port mappings. 5When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Chapter 7Network SettingsMAX208M User s Guide1026Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. 7Double-click on the icon to display your current Internet connection status.7.14.2  Web Configurator Easy AccessWith UPnP, you can access the web-based configurator on the WiMAX Device without finding out the IP address of the WiMAX Device first. This becomes helpful if you do not know the IP address of the WiMAX Device.Follow the steps below to access the web configurator:1Click Start and then Control Panel. 2Double-click Network Connections.
 Chapter 7Network SettingsMAX208M User s Guide 1033Select My Network Places under Other Places. 4An icon with the description for each UPnP-enabled device displays under Local Network. 5Right-click on the icon for your WiMAX Device and select Invoke. The web configurator login screen displays.
Chapter 7Network SettingsMAX208M User s Guide1046Right-click on the icon for your WiMAX Device and select Properties. A properties window displays with basic information about the WiMAX Device. 7.15  DDNSUse this page to configure the WiMAX Device as a dynamic DNS client.Click Network Setting > DDNSFigure 43   DDNS Screen
 Chapter 7Network SettingsMAX208M User s Guide 105This screen contains the following fields:7.16  Content FilterUse these settings to allow ("whitelist") or block ("blacklist") connections to and from specific web sites through the WiMAX Device.Click Network Setting > Content Filter to open this screen as shown next.Figure 44   Content Filter ScreenTable 35   DDNSLABEL DESCRIPTIONEnable Dynamic DNSSelect this to enable dynamic DNS on the WiMAX Device.Service ProviderSelect the dynamice DNS service provider for the WiMAX Device.Service TypeSelect the dynamic DNS service type.Domain NameEnter the domain name.Login NameEnter the user name.PasswordEnter the password.IP Update PolicySelect the policy used by the WiMAX Device. Options are:!Auto Detect!WAN!User DefinedUser Defined IPIf you chose "User Defined# for the IP Update Policy, enter the user defined IP address.WildcardsSelect this to allow a hostname to use wildcards such as "*#.MXSelect this to enable mail routing, if supported by the specified DYNDNS service provider.Backup MXSelect this to enable a secondary mail routing, if supported by the specified DYNDNS service provider.MX HostEnter the host to which mail is routed when the MX option is selected.
Chapter 7Network SettingsMAX208M User s Guide106This screen contains the following fields:Table 36   Content FilterLABEL DESCRIPTIONURL ListEnable URL FilterSelect this employ the content filter to allow ("whitelist#) or block ("blacklist#) specific URL connections made through the WiMAX Device.Blacklist/WhitelistSelect whether the current filtering applies to the blacklist (sites that are blocked) or the whitelist (sites that are allowed).URL Filter RuleActiveIndicates whether the current URL filter is active or not.URLIndicates the URL to be filtered according to blacklist or whitelist rules.DeleteClick this to delete a specified rule.AddClick this to add a new filter rule.OKClick this to save any changes made to the list.
MAX208M User s Guide 107CHAPTER  8 Security8.1  OverviewThis chapter shows you how to configure the WiMAX Device s network settings.8.1.1  What You Need to KnowThe following terms and concepts may help as you read through this chapter.About the WiMAX Device!s Security FeaturesThe WiMAX Device security features are designed to protect against Denial of Service attacks when activated as well as block access to and from specific URLs and MAC addresses. Its purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The WiMAX Device can be used to prevent theft, destruction and modification of data. The WiMAX Device is installed between the LAN and a WiMAX base station connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN.The WiMAX Device has one Ethernet (LAN) port. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP and the World Wide Web. However, "inbound access# is not allowed (by default) unless the remote host is authorized to use a specific service.
Chapter 8SecurityMAX208M User s Guide1088.2  IP FilterUse this screen to block incoming connections from specific IP addresses.Click Security > Firewall > IP Filter to open this screen as shown next.Figure 45   IP Filter ScreenThis screen contains the following fields:Table 37   IP FilterLABEL DESCRIPTIONActiveIndicates whether the current IP filter is active or not.Source IPThis displays the source IP address for the IP filter rule.Click Add to create a new, empty rule, then enter the incoming IP address for the WiMAX Device to block.If you want to delete this rule, click the Delete icon.Source PortThis displays the source port number for the IP filter rule.Click Add to create a new, empty rule, then enter the incoming port number for the WiMAX Device to block.If you want to delete this rule, click the Delete icon.Destination IPThis displays the destination IP address for the IP filter rule.Click Add to create a new, empty rule, then enter the outgoing IP address for the WiMAX Device to block.If you want to delete this rule, click the Delete icon.Destination PortThis displays the destination port number for the IP filter rule.Click Add to create a new, empty rule, then enter the outgoing port number for the WiMAX Device to block.If you want to delete this rule, click the Delete icon.ProtocolThis displays the protocol blocked by the IP filter rule.Click Add to create a new, empty rule, then select the protocol type for the WiMAX Device to block.If you want to delete this rule, click the Delete icon.DeleteClick this to delete a specified rule.AddClick this to add a new filter rule.OKClick this to save any changes made to the list.
 Chapter 8SecurityMAX208M User s Guide 1098.3  MAC FilterUse this screen to allow ("whitelist") or block ("blacklist") connections to and from specific devices on the network based on their unique MAC addresses.Note: This feature only works when the WiMAX Device is in bridge mode.Click Security > Firewall > MAC Filter to open this screen as shown next.Figure 46   MAC Filter ScreenThis screen contains the following fields:Table 38   MAC FilterLABEL DESCRIPTIONBlacklist/WhitelistSelect either whitelist or blacklist for viewing and editing.Source MACThis displays the source MAC for the MAC filter rule.Click Add to create a new, empty rule, then enter the incoming MAC address for the WiMAX Device to block.If you want to delete this rule, click the Delete icon.Destination MACThis displays the destination MAC for the MAC filter rule.Click Add to create a new, empty rule, then enter the outgoing MAC address for the WiMAX Device to block.If you want to delete this rule, click the Delete icon.Mon ~ Sun Select which days of the week you want the filter rule to be effective.Start / End TimeSelect what time each day you want the filter rule to be effective. Enter times in 24-hour format; for example, 3:00pm should be entered as 15:00.AddClick this to add a new filter rule.OKClick this to save any changes made to the list.
Chapter 8SecurityMAX208M User s Guide1108.4  DDOSUse these settings to potentially block specific types of Denial of Service attacks directed at your WiMAX Device.Click Security > Firewall > DDOS to open this screen as shown next.Figure 47   DDOS ScreenThis screen contains the following fields:Table 39   DDOSLABEL DESCRIPTIONPrevent from TCP SYN FloodSelect this to monitor for and block TCP SYN flood attacks.A SYN flood is one type of denial of service attack where an overwhelming number of SYN requests assault a client device.Prevent from UDP FloodSelect this to monitor for and block UDP flood attacks.An UDP flood is a type of denial of service attack where an overwhelming number of UDP packets assault random ports on a client device. Because the device is forced to analyze and respond to each packet, it quickly becomes unreachable to other devices.Prevent from ICMP FloodSelect this to monitor for and block ICMP flood attacks.An ICMP flood is a type of denial of service attack where an overwhelming number of ICMP ping assault a client device, locking it down and preventing it from responding to requests from other servers.Prevent from Port ScanSelect this to monitor for and block port scan attacks.A port scan attack is typicall the precursor to a full-blown denial of service attack wherein each port on a device is probed for security holes that can be exploited. Once a security flaw is discovered, an attacker can initiate the appropriate denial of service attack or intrusion attack against the client device.Prevent from LAND AttackSelect this to monitor for and block LAND attacks.A Local Area Network Denial (LAND) attack is a type of denial of service attack where a spoofed TCP SYN  packet targets a client device s IP address and forces it into an infinite recursive loop of querying itself and then replying, effectively locking it down.
 Chapter 8SecurityMAX208M User s Guide 111Prevent from IP SpoofSelect this to monitor for and block IP address spoof attacks.An IP address spoof is an attack whereby the source IP address in the incoming IP packets allows a malicious party to masquerade as a legitimate user and gain access to the client device.Prevent from ICMP redirectSelect this to monitor for and block ICMP redirect attacks.An ICMP redirect attack is one where forged ICMP redirect messages can force the client device to route packets for certain connections through an attacker s host.Prevent from PING of DeathSelect this to monitor for and block ping of death attacks.A Ping of Death (POD) attack is one where larger-than-allowed ping packets are fragmented then sent against a client device. This results in the client device suffering from a buffer overflow and subsequent system crash.Prevent from PING from WANSelect this to ignore ping requests from the WAN.Table 39   DDOS (continued)LABEL DESCRIPTION
Chapter 8SecurityMAX208M User s Guide112
MAX208M User s Guide 113CHAPTER  9 Maintenance9.1  OverviewUse these screens to manage and maintain your WiMAX Device.9.1.1  What You Need to KnowThe following terms and concepts may help as you read through this chapter.Remote Management LimitationsRemote management over LAN or WAN will not work when:1You have disabled that service in one of the remote management screens.2The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the WiMAX Device will disconnect the session immediately.3There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time.
Chapter 9MaintenanceMAX208M User s Guide114Remote Management and NATWhen NAT is enabled:!Use the WiMAX Device s WAN IP address when configuring from the WAN. !Use the WiMAX Device s LAN IP address when configuring from the LAN.System TimeoutThere is a default system management idle timeout of five minutes. The WiMAX Device automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling.SNMPSimple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your WiMAX Device supports SNMP agent functionality, which allows a manager station to manage and monitor the WiMAX Device through the network. The WiMAX Device supports SNMP version one (SNMPv1) and version two (SNMPv2). The next figure illustrates an SNMP management operation.Note: SNMP is only available if TCP/IP is configured.
 Chapter 9MaintenanceMAX208M User s Guide 115TR-069TR-069 is an abbreviation of "Technical Report 069#, a protocol designed to facilitate the remote management of Customer Premise Equipement (CPE), such as the WiMAX Device. It can be managed over a WAN by means of an Auto Configuration Server (ACS). TR-069 is based on sending Remote Procedure Calls (RPCs) between the ACS and the client device. RPCs are sent in Extensible Markup Language (XML) format over HTTP or HTTPS. An administrator can use an ACS to remotely set up the WiMAX Device, modify its settings, perform firmware upgrades, and monitor and diagnose it. In order to do so, you must enable the TR-069 feature on your WiMAX Device and then configure it appropriately. (The ACS server which it will use must also be configured by its administrator.)Figure 48   TR-069 ExampleIn this example, the WiMAX Device receives data from at least 3 sources: A SIP server for handling voice calls, an HTTP server for handling web services, and an ACS, for configuring the WiMAX Device remotely. All three servers are owned and operated by the client s Internet Service Provider. However, without the configuration settings from the ACS, the WiMAX Device cannot access the other two servers. Once the WiMAX Device receives its configuration settings and implements them, it can connect to the other servers. If the settings change, it will once again be unable to connect until it receives its updates from the ACS.The WiMAX Device can be configured to periodically check for updates from the auto-configuration server so that the end user need not be worried about it.SIPACSHTTP
Chapter 9MaintenanceMAX208M User s Guide116SNMPAn SNMP managed network consists of two main types of component: agents and a manager.Figure 49   SNMP Management ModelAn agent is a management software module that resides in a managed device (the WiMAX Device). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices. The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. The WiMAX Device supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance.SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: !Get - Allows the manager to retrieve an object variable from the agent. !GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
 Chapter 9MaintenanceMAX208M User s Guide 117!Set - Allows the manager to set values for object variables within an agent. !Trap - Used by the agent to inform the manager of some events.The WiMAX Device sends traps to the SNMP manager when any of the following events occurs:     OMA-DMWhen the WiMAX Device initiates communication with the server (often times at start up or after the first time you turn it on), the server uploads commands, new files (if any), and other information used by a service provider to customize the WiMAX Device s features.Device management works as follows: 1The server (A) sends out the query (1) to the WiMAX Device (B). 2The WiMAX Device responds by sending back its credentials (2), to which the server responds with its credentials along with a string of management operations (3). 3The client responds to the management operations (4), perhaps confirming file alterations or confirming receipt of file uploads and so on. Table 40   SNMP TrapsTRAP # TRAP NAME DESCRIPTION0coldStart (defined in RFC-1215)A trap is sent after booting (power on).1warmStart (defined in RFC-1215)A trap is sent after booting (software reboot).4authenticationFailure (defined in RFC-1215)A trap is sent to the manager when receiving any SNMP get or set requirements with the wrong community (password).6whyReboot (defined in ZYXEL-MIB)A trap is sent with the reason of restart before rebooting when the system is going to restart (warm start).6a For intentional reboot: A trap is sent with the message "System reboot by user!" if reboot is done intentionally, (for example, download new files, CI command "sys reboot", etc.).6b For fatal error:  A trap is sent with the message of the fatal code if the system reboots because of fatal errors.
Chapter 9MaintenanceMAX208M User s Guide1184The server disconnects from the WiMAX Device once all of its management operations have been carried out.Figure 50   OMA-DM Data ManagementOMA-DM AuthenticationIn order to ensure the integrity of the connection between an OMA-DM server and the WiMAX Device, communication between the two is encoded using one of three common algorithms. They are not intended to be used in lieu of proper digital security, but instead as a means of transmitting multiple disparate types of data over HTTP. Security encryption for communication is handled by different processes configured elsewhere in the WiMAX Device s web configuratorBasic Access Authentication $ Sends a person s user name and password in Base64. This auhentication protocol is supported by all browsers that are HTTP 1.0/1.1 compliant. Although converted to Base64 for the sake of cross-compatibility, credentials are nonetheless passed between the web browser and the server in plaintext, making it extremely easy to intercept and read. As such, it is rarely used anymore.Digest Access Authentication $ This protocol was designed to replace basic access authentication. Instead of encoding a user name and password in plaintext, this protocol uses what is known as an MD5 message authentication code. It allows the server to issue a single-use, randomly generated number (known as a %nonce ) to the client (in this case, the web browser), which then uses the number as the %public key  for encrypting its data. When the server receives the encrypted data, it unlocks it using the %key  that was just provided. While stronger than basic access authentication, this protocol is not as strong as, say, HMAC, or as secure as the client using a client-side private key encryption scheme. Hash Message Authentication Code $ Also known as HMAC, this code relies on cryptographic hash functions to bolster an existing protocol, such as MD5. It is a method for generating a stronger, significantly higher encryption key.
 Chapter 9MaintenanceMAX208M User s Guide 119OMA-DM Data ModelEach device that conforms to the current OMA-DM standard has an identical data structure embedded in its controlling firmware. This allows a similarly conforming OMA-DM server to navigate the folder structure and to make file alterations where appropriate or required.Figure 51   OMA-DM Data ModelIn the example data model shown here, the parent folders must conform to the OMA-DM standard. The child folders, on the other hand, can be customized on an individual basis. This allows the parent folders to all maintain a consistent URI (Uniform Resource Indentifier) across all devices that meet the OMA-DM standard s requirements. For example, in the preceding figure the URI for the "Games# folder is "./Vendor/Games/#. The "./Vendor/# portion of the URI exists on all devices that conform to the OMA-DM standard. The "Games# folder, however, may or may not exist depending on the services provided by the company managing the device.DaytimeA network protocol used by devices for debugging and time measurement. A computer can use this protocol to set its internal clock but only if it knows in which order the year, month, and day are returned by the server. Not all servers use the same format.TimeA network protocol for retrieving the current time from a server. The computer issuing the command compares the time on its clock to the information returned by the server, adjusts itself automatically for time zone differences, then calculates the difference and corrects itself if there has been any temporal drift.Root Folder./DMAccVendorOperatorMP3sGames
Chapter 9MaintenanceMAX208M User s Guide120NTPNTP stands for Network Time Protocol. It is employed by devices connected to the Internet in order to obtain a precise time setting from an official time server. These time servers are accurate to within 200 microseconds.9.2  PasswordUse this screen to set up user and admin accounts for logging into and managing the WiMAX Device.Click Maintenance > Password to open this screen as shown next.Figure 52   Password ScreenThis screen contains the following fields:Table 41   PasswordLABEL DESCRIPTIONChange PasswordGroupSelect the group for which you want to change the login password.Old PasswordEnter the old password for the login group.New PasswordEnter the new password for the login group.RetypeRetype the new password for the login group.
 Chapter 9MaintenanceMAX208M User s Guide 1219.3  HTTPUse this screen to allow remote access to the WiMAX Device from a network connection over HTTP.Click Maintenance > Remote MGMT > HTTP to open this screen as shown next.Figure 53   HTTP ScreenThis screen contains the following fields:Table 42   HTTPLABEL DESCRIPTIONHTTP ServerEnableSelect this to enable remote management using this service.Port NumberEnter the port number this service can use to access the WiMAX Device. The computer must use the same port number.HTTPS ServerEnableSelect this to enable remote management using this service.Port NumberEnter the port number this service can use to access the WiMAX Device. The computer must use the same port number.HTTP and HTTPSAllow Connection from WANSelect this to allow incoming connections from the WAN over either HTTP or HTTPS.HTTP Session TimeoutSession TimeoutEnter the number of minutes (0-99) the WiMAX Device waits to delete an inactive web connection (HTTP or HTTPS).
Chapter 9MaintenanceMAX208M User s Guide1229.4  TelnetUse this screen to allow remote access to the WiMAX Device from a network connection over Telnet.Click Maintenance > Remote MGMT > Telnet to open this screen as shown next.Figure 54   Telnet ScreenThis screen contains the following fields:9.5  SSHUse this screen to allow remote access to the WiMAX Device from a network connection over SSH.Click Maintenance > Remote MGMT > SSH to open this screen as shown next.Figure 55   SSH ScreenTable 43   TelnetLABEL DESCRIPTIONEnableSelect this to enable remote management using this service.Port NumberEnter the port number this service can use to access the WiMAX Device. The computer must use the same port number.Allow Connection from WANSelect this to allow connections using this service that originate on the WAN.Allow Connection from LANSelect this to allow connection using this service that originate on the LAN.
 Chapter 9MaintenanceMAX208M User s Guide 123This screen contains the following fields:9.6  SNMPUse this screen to allow remote access to the WiMAX Device from a network connection over SNMP.Click Maintenance > Remote MGMT > SNMP to open this screen as shown next.Figure 56   SNMP ScreenThis screen contains the following fields:Table 44   SSHLABEL DESCRIPTIONEnableSelect this to enable remote management using this service.Port NumberEnter the port number this service can use to access the WiMAX Device. The computer must use the same port number.Allow Connection from WANSelect this to allow connections using this service that originate on the WAN.Allow Connection from LANSelect this to allow connection using this service that originate on the LAN.Table 45   SNMPLABEL DESCRIPTIONEnableSelect this to enable remote management using this service.LocationEnter the location of the SNMP server (for example, "Engineering Dept., Floor 6, Building A, New York City#).ContactEnter contact information for the administrator managing the SNMP server (for example, "Bill Smith, IT Dept., (555) 555-5454#).Read CommunityEnter the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests.Write CommunityEnter the password for incoming Set requests from the management station. The default is public and allows all requests.
Chapter 9MaintenanceMAX208M User s Guide1249.7  CWMPUse this screen to allow CWMP connections for remote management, firmware upgrades and troubleshooting.Click Maintenance > Remote MGMT > CWMP to open this screen as shown next.Figure 57   CWMP ScreenThis screen contains the following fields:Trap Server Enter the IP address of the station to send your SNMP traps to.Trap CommunityEnter the trap community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests.Table 45   SNMP (continued)LABEL DESCRIPTIONTable 46   CWMPLABEL DESCRIPTIONEnableSelect this to enable remote management using this service.ACS Server URLEnter the URL or IP address of the auto-configuration server.Bootstrap EnableSelect this to enable bootstrap events.
 Chapter 9MaintenanceMAX208M User s Guide 125ACS Username Enter the user name sent when the WiMAX Device connects to the ACS and which is used for authentication.You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed.ACS Password Enter the password sent when the WiMAX Device connects to an ACS and which is used for authentication.You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed.Perodical Inform EnableSelect this to allow the WiMAX Device to periodically connect to the ACS and check for configuration updates. If you do not enable this feature then the WiMAX Device can only be updated automatically when the ACS initiates contact with it and if you selected the checkbox on this screen.Periodical Inform IntervalEnter the time interval (in seconds) at which the WiMAX Device connects to the auto-configuration server.Connection Request UsernameEnter the connection request user name that the ACS must send to the WiMAX Device when it requests a connection.You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed.Note: This must be provided by the ACS administrator.Connection Request PasswordEnter the connection request password that the ACS must send to the WiMAX Device when it requests a connection.You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed.Note: This must be provided by the ACS administrator.CA Certificate FileClick Browse to upload a Certificate Authority (CA) certificate to the WiMAX Device.CA Certificate InfoThis displays information about the currently active CA certificate.Client Certificate FileClick Browse to upload a client certificate to the WiMAX Device.Client Certificate InfoThis displays information about the currently active client certificate.Table 46   CWMP (continued)LABEL DESCRIPTION
Chapter 9MaintenanceMAX208M User s Guide1269.8  OMA-DMUse this screen to allow remote access to the WiMAX Device from a network connection over OMA-DM.Click Maintenance > Remote MGMT > OMA-DM to open this screen as shown next.Figure 58   OMA-DM ScreenThis screen contains the following fields:Table 47   OMA-DMLABEL DESCRIPTIONEnableSelect this to enable remote management using this service.Server URL Enter the IP address or URL of the OMA-DM server that you intend to use to manage this device. Server PortEnter the port number for the IP address of the OMA-DM server set up in the preceding field.Server Auth TypeSelect the encryption algorithm scheme used by the OMA-DM server to communicate with client devices. If the scheme selected here does not match the actual scheme used by the server, then server will challenge the WiMAX Device to automatically update its settings.!None - No authentication.!Basic - Server ID and Password are encoded using a Basic Access Authentication Code.!Digest (MD5) - Server ID and Password are encoded using a Digest Access Authentication Code.!HMAC - Server ID and Password are encoded using a keyed Hash Message Authentication Code.Server ID Enter the identification code for the server. This is used by the WiMAX Device during the communication handshake process to identify the server.
 Chapter 9MaintenanceMAX208M User s Guide 127Server PasswordEnter the password for the server s identification code. This shared public key is used by the WiMAX Device during the communication handshake process to identify the server.Server Nonce The WiMAX Device and the OMA-DM server use nonces to authenticate each other if you select MD5 as the authentication algorithm in the Server Auth Type field. Nonce is an abbreviation of 'number used once'. It is normally a random or pseudo-random number applied in an authentication protocol to protect existing communications from being reused in %replay attacks .Type up to 20 digits for the OMA-DM server nonce.Client Auth TypeSelect the encryption algorithm scheme used by the OMA-DM server to communicate with client devices. If the scheme selected here does not match the actual scheme used by the server, then server will challenge the WiMAX Device to automatically update its settings.!None - No authentication.!Basic - Server ID and Password are encoded using a Basic Access Authentication Code.!Digest (MD5) - Server ID and Password are encoded using a Digest Access Authentication Code.!HMAC - Server ID and Password are encoded using a keyed Hash Message Authentication Code.Note:  Make sure that the scheme selected here matches the the Server Auth Type.Client ID Enter the client name for the WiMAX Device.Client Password Enter the password for the WiMAX Device s client name.Perodical Client- Initiated EnableSelect this to allow the WiMAX Device to periodically connect to the OMA-DM server and check for configuration updates. If you do not enable this feature then the WiMAX Device can only be updated automatically when the OM-DM server initiates contact with it and if you selected the checkbox on this screen.Periodical Client-Initiated IntervalEnter the time interval (in seconds) at which the WiMAX Device connects to the OMA-DM server.Table 47   OMA-DM (continued)LABEL DESCRIPTION
Chapter 9MaintenanceMAX208M User s Guide1289.9  DateUse these settings to set the system time or configure an NTP server for automatic time synchronization.Click Maintenance > Date/Time > Date to open this screen as shown next.Figure 59   Date ScreenThis screen contains the following fields:Table 48   DateLABEL DESCRIPTIONManualNew Time Enter the new time in this field.New Date Enter the new date in this field.Get from Time ServerTime ProtocolSelect the time service protocol that your time server uses.  Check with your ISP or network administrator, or use trial-and-error to find a protocol that works.!NTP (RFC 1305) - This format is similar to Time (RFC 868).Time Server Address 1~4Enter the IP address or URL of your time server. Check with your ISP or network administrator if you are unsure of this information.
 Chapter 9MaintenanceMAX208M User s Guide 1299.10  Time ZoneUse this screen to set the time zone in which the WiMAX device is physically located.Click Maintenance > Date/Time > Time Zone to open this screen as shown next.Figure 60   Time Zone ScreenThis screen contains the following fields:9.11  Upgrade FileUse this screen to browse to a firmware file on a local computer and upload it to the WiMAX Device. Firmware files usually use the system model name with a "*.bin" extension, such as "WiMAX Device.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system restarts. Contact your service provider for information on available firmware upgrades.Note: Only use firmware for your WiMAX Device s specific model.Table 49   Time ZoneLABEL DESCRIPTIONTime ZoneSelect the time zone at your location.Enable Daylight Savings TimeSelect this if your location uses daylight savings time. Daylight savings is a period from late spring to early fall when many places set their clocks ahead of normal local time by one hour to give more daytime light in the evening.Start DateEnter which hour on which day of which week of which month daylight-savings time starts.End DateEnter which hour on the which day of which week of which month daylight-savings time ends.
Chapter 9MaintenanceMAX208M User s Guide130Click Maintenance > Firmware Upgrade > Upgrade File to open this screen as shown next.Figure 61   Upgrade File ScreenThis screen contains the following fields:9.11.1  The Firmware Upload ProcessWhen the WiMAX Device uploads new firmware, the process usually takes about two minutes. The device also automatically restarts in this time. This causes a temporary network disconnect.Note: Do not turn off the device while firmware upload is in progress!After two minutes, log in again, and check your new firmware version in the Status screen. You might have to open a new browser window to log in.If the upload is not successful, you will be notified by error message.Table 50   Upgrade FileLABEL DESCRIPTIONUpgrade FileClick Browse then browse to the location of a firmware upgrade file and select it.Upgrade Click this to begin uploading the selected file. This may take up to two minutes.Note: Do not turn off the device while firmware upload is in progress!
 Chapter 9MaintenanceMAX208M User s Guide 1319.12  Upgrade LinkUse this screen to set the URL of a firmware file on a remote computer and upload it to the WiMAX Device.Click Maintenance > Firmware Upgrade > Upgrade Link to open this screen as shown next.Figure 62   Upgrade Link ScreenThis screen contains the following fields:9.13  CWMP UpgradeUse this screen to upgrade the firmware on the WiMAX Device using CWMP Request Download.Click Maintenance > Firmware Upgrade > CWMP Upgrade to open this screen as shown next.Figure 63   CWMP Upgrade ScreenTable 51   Upgrade LinkLABEL DESCRIPTIONUpgrade LinkEnter the URL or IP address of the firmware s upgrade location on the network.Upgrade Click this to begin uploading the selected file. This may take up to two minutes.Note: Do not turn off the device while firmware upload is in progress!
Chapter 9MaintenanceMAX208M User s Guide132This screen contains the following fields:9.14  BackupUse this screen to backup your current WiMAX Device settings to a local computer.Click Maintenance > Backup/Restore > Backup to open this screen as shown next.Figure 64   Backup/Restore ScreenThis screen contains the following fields:Table 52   CWMP UpgradeLABEL DESCRIPTIONUpgrade Click this to begin upgrading firmware using CWMP Request. This may take up to two minutes.Note: Do not turn off the device while firmware upload is in progress!Table 53   Backup/RestoreLABEL DESCRIPTIONBackupClick this to save the WiMAX Device s current configuration to a file on your computer. Once your device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file is useful if you need to return to your previous settings.
 Chapter 9MaintenanceMAX208M User s Guide 1339.15  RestoreUse this screen to restore your WiMAX Device settings from a backup file on a local computer.Click Maintenance > Backup/Restore > Restore to open this screen as shown next.Figure 65   Restore ScreenThis screen contains the following fields:9.15.1  The Restore Configuration ProcessWhen the WiMAX Device restores a configuration file, the device automatically restarts. This causes a temporary network disconnect. Note: Do not turn off the device while configuration file upload is in progress.If the WiMAX Device s IP address is different in the configuration file you selected, you may need to change the IP address of your computer to be in the same subnet as that of the default management IP address (192.168.5.1). See the Quick Start Guide or the appendices for details on how to set up your computer s IP address.Table 54   RestoreLABEL DESCRIPTIONConfiguration FileClick Browse then navigate to the location of a firmware upgrade file and select it. Click File Restore to upload the specified configuration to the WiMAX Device and replace the current settings.Backup Configuration File URLEnter the URL or IP address of the backup configuration file s location on the network.Click URL Restore to upload the specified configuration to the WiMAX Device and replace the current settings.
Chapter 9MaintenanceMAX208M User s Guide134You might have to open a new browser to log in again.If the upload was not successful, you are notified with an error message.9.16  Factory DefaultsUse this screen to restore the WiMAX Device to its factory default settings.Click Maintenance > Backup/Restore > Factory Defaults to open this screen as shown next.Figure 66   Factory Defaults ScreenThis screen contains the following fields:9.17  Log SettingUse this screen to configure which type of events on the WiMAX Device are logged.Click Maintenance > Log > Log Setting to open this screen as shown next.Figure 67   Log Setting ScreenTable 55   Factory DefaultsLABEL DESCRIPTIONReset Click this to clear all user-entered configuration information and return the WiMAX Device to its factory defaults. There is no warning screen.
 Chapter 9MaintenanceMAX208M User s Guide 135This screen contains the following fields:9.18  Log DisplayUse this screen to view the log messages of the WiMAX Device.Click Maintenance > Log > Log Display to open this screen as shown next.Figure 68   Log Display ScreenThis screen contains the following fields:Table 56   Log SettingLABEL DESCRIPTIONEnable LogSelect this to have the WiMAX Device log network activity according to the selected Log Level.Log LevelSelect the type of logs to record.Enable Remote LogSelect this to allow logs to be recorded and stored on a remote logs server.Remote Log HostEnter the remote log host IP address if Enable Remote Log is selected.Remote Log PortEnter the remote log host port if Enable Remote Log is selected.Table 57   Log DisplayLABEL DESCRIPTIONDisplay LevelSelect the type of logs to display from this menu.RefreshClick this to refresh the logs in the display window.
Chapter 9MaintenanceMAX208M User s Guide1369.19  AboutThis screen displays information about the WiMAX Device that can be useful when upgrading firmware, considering deployment options, and working with technical support if the device encounters difficulties.Click Maintenance > About to open this screen as shown next.Figure 69   About ScreenThis screen contains the following fields:9.20  RebootUse this screen to perform a software restart of the WiMAX Device. You may log in again within a few minutes of using the reboot button.Click Maintenance > Reboot to open this screen as shown next.Figure 70   Reboot ScreenTable 58   AboutLABEL DESCRIPTIONSystem Model NameThis field displays the WiMAX Device system name. It is used for identification. Software VersionThis field displays the Web Configurator software version that the WiMAX Device is currently running.Firmware VersionThis field displays the current version of the firmware inside the device.Firmware DateThis field displays the date the firmware version was created. Bootloader VersionThis field displays the bootloader version.
 Chapter 9MaintenanceMAX208M User s Guide 137This screen contains the following fields:Table 59   RebootLABEL DESCRIPTIONRebootClick this button to have the device perform a software restart. The Power LED blinks as it restarts and the shines steadily if the restart is successful.Note: Wait one minute before logging back into the WiMAX Device after a restart.
Chapter 9MaintenanceMAX208M User s Guide138
MAX208M User s Guide 139CHAPTER  10 TroubleshootingThis chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories:!Power, Hardware Connections, and LEDs!WiMAX Device Access and Login!Internet Access!Reset the WiMAX Device to Its Factory Defaults10.1  Power, Hardware Connections, and LEDsThe WiMAX Device does not turn on. None of the LEDs turn on.1Make sure you are using the power adapter or cord included with the WiMAX Device.2Make sure the power adapter or cord is connected to the WiMAX Device and plugged in to an appropriate power source. Make sure the power source is turned on.3Disconnect and re-connect the power adapter or cord to the WiMAX Device.4If the problem continues, contact the vendor.One of the LEDs does not behave as expected.1Make sure you understand the normal behavior of the LED. See Section 1.2.1 on page 18 for more information.2Check the hardware connections. See the Quick Start Guide.
Chapter 10TroubleshootingMAX208M User s Guide1403Inspect your cables for damage. Contact the vendor to replace any damaged cables.4Disconnect and re-connect the power adapter to the WiMAX Device.5If the problem continues, contact the vendor.10.2  WiMAX Device Access and LoginI forgot the IP address for the WiMAX Device.1See the cover page of this guide for the default IP address.2If you changed the IP address and have forgotten it, you might get the IP address of the WiMAX Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig. The IP address of the Default Gateway might be the IP address of the WiMAX Device (it depends on the network), so enter this IP address in your Internet browser.3If this does not work, you have to reset the WiMAX Device to its factory defaults. See Section 10.4 on page 143.I forgot the password.1See the cover page of this guide for the default password.2If this does not work, you have to reset the WiMAX Device to its factory defaults. See Section 10.4 on page 143.I cannot see or access the Login screen in the web configurator.1Make sure you are using the correct IP address.!See the cover page of this guide for the default IP address.!If you changed the IP address (Section 7.6 on page 86), use the new IP address.
 Chapter 10TroubleshootingMAX208M User s Guide 141!If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the WiMAX Device.2Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 18.3Make sure your Internet browser does not block pop-up windows and has JavaScript and Java enabled. See Appendix C on page 183.4If there is a DHCP server on your network, make sure your computer is using a dynamic IP address. Your WiMAX Device is a DHCP server by default.If there is no DHCP server on your network, make sure your computer s IP address is in the same subnet as the WiMAX Device. See Appendix D on page 193.5Reset the WiMAX Device to its factory defaults, and try to access the WiMAX Device with the default IP address. See Section 10.4 on page 143.6If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.Advanced Suggestions!Try to access the WiMAX Device using another service, such as Telnet. If you can access the WiMAX Device, check the remote management settings and firewall rules to find out why the WiMAX Device does not respond to HTTP.!If your computer is connected wirelessly, use a computer that is connected to a LAN/ETHERNET port.I can see the Login screen, but I cannot log in to the WiMAX Device.1Make sure you have entered the user name and password correctly. See the cover page of this guide for the default user name and password. These fields are case-sensitive, so make sure [Caps Lock] is not on.2You cannot log in to the web configurator while someone is using Telnet to access the WiMAX Device. Log out of the WiMAX Device in the other session, or ask the person who is logged in to log out.3Disconnect and re-connect the power adapter or cord to the WiMAX Device.4If this does not work, you have to reset the WiMAX Device to its factory defaults. See Section 10.4 on page 143.
Chapter 10TroubleshootingMAX208M User s Guide142I cannot Telnet to the WiMAX Device.See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator.  Ignore the suggestions about your browser.10.3  Internet AccessI cannot access the Internet.1Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 18.2Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on.3Check your security settings. See Chapter 8 on page 107.4Check your WiMAX settings. The WiMAX Device may have been set to search the wrong frequencies for a wireless connection. See Chapter 6 on page 57. If you are unsure of the correct values, contact your service provider.5If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP.6Disconnect all the cables from your WiMAX Device, and follow the directions in the Quick Start Guide again.7If the problem continues, contact your ISP.I cannot access the Internet any more. I had access to the Internet (with the WiMAX Device), but my Internet connection is not available any more.1Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 18.2Disconnect and re-connect the power adapter to the WiMAX Device.
 Chapter 10TroubleshootingMAX208M User s Guide 1433If the problem continues, contact your ISP.The Internet connection is slow or intermittent.1The quality of the WiMAX Device s wireless connection to the base station may be poor. Poor signal reception may be improved by moving the WiMAX Device away from thick walls and other obstructions, or to a higher floor in your building. 2There may be radio interference caused by nearby electrical devices such as microwave ovens and radio transmitters. Move the WiMAX Device away or switch the other devices off. Weather conditions may also affect signal quality.3There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.2.1 on page 18. If the WiMAX Device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications.4Disconnect and re-connect the power adapter to the WiMAX Device.5If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.The Internet connection disconnects.1Check your WiMAX link and signal strength using the Strength Indicator LEDs on the device.2Contact your ISP if the problem persists.10.4  Reset the WiMAX Device to Its Factory DefaultsIf you reset the WiMAX Device, you lose all of the changes you have made. The WiMAX Device re-loads its default settings, and the password resets to the default (see the cover page of this guide). You have to make all of your changes again.You will lose all of your changes when you push the Reset button.To reset the WiMAX Device,
Chapter 10TroubleshootingMAX208M User s Guide1441Make sure the Power LED is on and not blinking.2Press and hold the Reset button for five to ten seconds. Release the Reset button when the Power LED begins to blink. The default settings have been restored.If the WiMAX Device restarts automatically, wait for the WiMAX Device to finish restarting, and log in to the Web Configurator.If the WiMAX Device does not restart automatically, disconnect and reconnect the WiMAX Device s power. Then, follow the directions above again.10.5  Pop-up Windows, JavaScript and Java PermissionsPlease see Appendix C on page 183.
MAX208M User s Guide 145CHAPTER  11 Product SpecificationsThis chapter gives details about your WiMAX Device s hardware and firmware features.FEATURE DESCRIPTIONOperation Requirements !Storage conditions: $25°C to 55°C, 10% to 95% humidity!Operation conditions: 0°C to 45°C, 10% to 90% humidity !Operating Humidity: 10% to 95% RHPower Supply Requirement !DC 12 V, 1A LAN Port !RJ-45 Interface!1 Port!10/100BaseT!AUTO MDI/MDIXReset Button / Restore to Factory Default Button!System Reset!System configuration can be restored to factory default if hold the Reset Button longer than 5 secondsLAN Status LED (Green / Yellow)Green LED for 10M!ON: Linked!Blinking: Data transmitting!OFF: Link offYellow LED for 100M!ON: Linked!Blinking: Data transmitting!OFF: Link offRSSI LED (Green)3 LED bar : LED 1~3 indicates RSSI(Power level reception, only on when connected) !LEDs 1, 2, 3 on: RSSI >= -69 dBm!LEDs 1, 2 on: RSSI: -70~-79 dBm!LED 1 on: RSSI: -80~-89 dBm!All LED s off: no WiMAX connection
Chapter 11Product SpecificationsMAX208M User s Guide146Antennna !Center Frequency: 2600 MHz!Frequency Range: 2500 MHz~2700 MHz!Bandwidth: 300 MHz!Peak Gain: 6 dBi!H-Plane Average Gain: 3.5 dBi!VSWR: 2!Polarization: Linear, Vertical!H-Plane HPBW: 180°!V-Plane HPBW: 25°!Down tilt: 0°!Impedance: 50!Connector: Big SMA Straight Plus Reverse for RG-178WiMAX complianceFully compliant with IEEE 802.16e Mobile WiMAX corrigendum 1 & 2 and WiMAX Forum Wave 2 System ProfilesOperating Frequency Band2.5GHz~2.7GHzCertification ProfileSupport WF profiles: 1A, 2A, 3A, 5A, 5AL, 5BL (5MHz, 7MHz, 10MHz bandwidth)Maximum nominal Transmission PowerMaximum nominal Tx power at the antenna connector: 26dBm.Transmitter Power ControlTransmit power control by step of 1dB, relative accuracy of +/- 0.5dB (as per IEEE 802.16e-2005, §8.4.12.1).Transmitter spectral flatnessTransmitter spectral flatness as defined in IEEE 802.16e-2005, §8.4.12.2.Transmitter Error Vector Magnitude (EVM)Transmitter relative constellation error (EVM) as defined in IEEE 802.16e-2005, §8.4.12.3.Receiver SNRCompliant to IEEE 802.16e-2005 section §8.4.13.1Receiver SensitivityThe receiver minimum sensitivity level Rss, measured under the conditions defined in IEEE 802.16e-2005.Cumulated Noise Figure and Implementation Loss of the ReceiverLower than 6.4dBReceiver SNRCompliant to IEEE 802.16e-2005 section §8.4.13.1Receiver SensitivityThe receiver minimum sensitivity level Rss, measured under the conditions defined in IEEE 802.16e-2005.Receiver DiversityMaximum Ratio Combining (MRC)FEATURE DESCRIPTION
 Chapter 11Product SpecificationsMAX208M User s Guide 147   Receiver Adjacent Channel RejectionThe receiver adjacent channel rejection measured under the conditions defined in IEEE 802.16e-2005 is at least: 25dB for QPSK ½, 14dB for 16QAM ¾, 7dB for 64QAM ¾.Receiver Non-Adjacent Channel RejectionThe receiver non-adjacent channel rejection measured under the conditions defined in IEEE 802.16e-2005 is at least: 38dB for QPSK ½, 33dB for 16QAM ¾, 26dB for 64QAM ¾.Table 60   Firmware SpecificationsFEATUREDESCRIPTIONWeb-based Configuration and Management ToolAlso known as "the web configurator#, this is a firmware-based management solution for the WiMAX Device. You must connect using a compatible web browser in order to use it.High Speed Wireless Internet AccessThe WiMAX Device is ideal for high-speed wireless Internet browsing. WiMAX (Worldwide Interoperability for Microwave Access) is a wireless networking standard providing high-bandwidth, wide-range secured wireless service. The WiMAX Device is a WiMAX mobile station (MS) compatible with the IEEE 802.16e standard. FirewallThe WiMAX Device is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The WiMAX Device s firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.Content FilteringThe WiMAX Device can block access to web sites containing specified keywords. You can define time periods and days during which content filtering is enabled and include or exclude a range of users on the LAN from content filtering.Network Address Translation (NAT)Network Address Translation (NAT) allows the translation of an Internet protocoladdress used within one network (for example a private IP address used in a local network) to a different IP address known withinanother network (for example a public IP address used on the Internet).Universal Plug and Play (UPnP)Your device and other UPnP enabled devices can use the standard TCP/IP protocol to dynamically join a network, obtain an IP address and convey their capabilities to each other.Dynamic DNS SupportWith Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.FEATURE DESCRIPTION
Chapter 11Product SpecificationsMAX208M User s Guide148  DHCPDHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. Your device has built-in DHCP server capability enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients. Your device can also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real DHCP server to the clients.IP AliasIP alias allows you to partition a physical network into logical networks over the same Ethernet interface. Your device supports three logical LAN interfaces via its single physical Ethernet interface with the your device itself as the gateway for each LAN network.Time and DateGet the current time and date from an external server when you turn on your WiMAX Device. You can also set the time manually.LoggingUse the WiMAX Device s logging feature to view connection history, surveillance logs, and error messages.Table 61   Standards Supported STANDARD DESCRIPTIONRFC 768User Datagram ProtocolRFC 791Internet Protocol v4RFC 792Internet Control Message ProtocolRFC 792Transmission Control ProtocolRFC 826Address Resolution ProtocolRFC 854Telnet ProtocolRFC 1349Type of Service ProtocolRFC 1706DNS NSAP Resource RecordsRFC 1889Real-time Transport Protocol (RTP)RFC 1890Real-time Transport Control Protocol (RTCP)RFC 2030Simple Network Time ProtocolRFC 2104HMAC: Keyed-Hashing for Message AuthenticationRFC 2131Dynamic Host Configuration ProtocolRFC 2401Security Architecture for the Internet ProtocolRFC 2409Internet Key ExchangeRFC 2475Architecture for Differentiated Services (Diffserv)RFC 2617Hypertext Transfer Protocol (HTTP) Authentication: Basic and Digest Access Authentication RFC 2782A DNS RR for specifying the location of services (DNS SRV)Table 60   Firmware Specifications (continued)FEATUREDESCRIPTION
 Chapter 11Product SpecificationsMAX208M User s Guide 149RFC 2833Real-time Transport Protocol Payload for DTMF Digits, Telephony Tones and Telephony SignalsRFC 3550RTP - A Real Time Protocol for Real-Time Applications RFC 3581An Extension to the Session Initiation Protocol (SIP) for Symmetric Response RoutingRFC 3611RTP Control Protocol Extended Reports (RTCP XR)-XRRFC 3715IP Sec/NAT CompatibilityIEEE 802.310BASE5 10 Mbit/s (1.25 MB/s)IEEE 802.3u100BASE-TX, 100BASE-T4, 100BASE-FX Fast Ethernet at 100 Mbit/s (12.5 MB/s) with auto-negotiationTable 61   Standards Supported  (continued)STANDARD DESCRIPTION
Chapter 11Product SpecificationsMAX208M User s Guide150
MAX208M User s Guide 151APPENDIX  A WiMAX SecurityWireless security is vital to protect your wireless communications. Without it, information transmitted over the wireless network would be accessible to any networking device within range.User Authentication and Data EncryptionThe WiMAX (IEEE 802.16) standard employs user authentication and encryption to ensure secured communication at all times.User authentication is the process of confirming a user s identity and level of authorization. Data encryption is the process of encoding information so that it cannot be read by anyone who does not know the code. WiMAX uses PKMv2 (Privacy Key Management version 2) for authentication, and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol) for data encryption. WiMAX supports EAP (Extensible Authentication Protocol, RFC 2486) which allows additional authentication methods to be deployed with no changes to the base station or the mobile or subscriber stations.PKMv2PKMv2 is a procedure that allows authentication of a mobile or subscriber station and negotiation of a public key to encrypt traffic between the MS/SS and the base station. PKMv2 uses standard EAP methods such as Transport Layer Security (EAP-TLS) or Tunneled TLS (EAP-TTLS) for secure communication. In cryptography, a %key  is a piece of information, typically a string of random numbers and letters, that can be used to %lock  (encrypt) or %unlock  (decrypt) a message. Public key encryption uses key pairs, which consist of a public (freely available) key and a private (secret) key. The public key is used for encryption and the private key is used for decryption. You can decrypt a message only if you have the private key. Public key certificates (or %digital IDs ) allow users to verify each other s identity.
Appendix AWiMAX SecurityMAX208M User s Guide152RADIUSRADIUS is based on a client-server model that supports authentication, authorization and accounting. The base station is the client and the server is the RADIUS server. The RADIUS server handles the following tasks:!Authentication Determines the identity of the users.!AuthorizationDetermines the network services available to authenticated users once they are connected to the network.!AccountingKeeps track of the client s network activity. RADIUS is a simple package exchange in which your base station acts as a message relay between the MS/SS and the network RADIUS server. Types of RADIUS MessagesThe following types of RADIUS messages are exchanged between the base station and the RADIUS server for user authentication:!Access-RequestSent by an base station requesting authentication.!Access-RejectSent by a RADIUS server rejecting access.!Access-AcceptSent by a RADIUS server allowing access. !Access-ChallengeSent by a RADIUS server requesting more information in order to allow access. The base station sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the base station and the RADIUS server for user accounting:!Accounting-RequestSent by the base station requesting accounting.!Accounting-ResponseSent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password they both know. The key is not sent over
 Appendix AWiMAX SecurityMAX208M User s Guide 153the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. DiameterDiameter (RFC 3588) is a type of AAA server that provides several improvements over RADIUS in efficiency, security, and support for roaming. Security AssociationThe set of information about user authentication and data encryption between two computers is known as a security association (SA). In a WiMAX network, the process of security association has three stages.!Authorization request and replyThe MS/SS presents its public certificate to the base station. The base station verifies the certificate and sends an authentication key (AK) to the MS/SS.!Key request and replyThe MS/SS requests a transport encryption key (TEK) which the base station generates and encrypts using the authentication key. !Encrypted trafficThe MS/SS decrypts the TEK (using the authentication key). Both stations can now securely encrypt and decrypt the data flow.CCMPAll traffic in a WiMAX network is encrypted using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol). CCMP is based on the 128-bit Advanced Encryption Standard (AES) algorithm. %Counter mode  refers to the encryption of each block of plain text with an arbitrary number, known as the counter. This number changes each time a block of plain text is encrypted. Counter mode avoids the security weakness of repeated identical blocks of encrypted text that makes encrypted data vulnerable to pattern-spotting.%Cipher Block Chaining Message Authentication  (also known as CBC-MAC) ensures message integrity by encrypting each block of plain text in such a way that its encryption is dependent on the block before it. This series of %chained  blocks creates a message authentication code (MAC or CMAC) that ensures the encrypted data has not been tampered with.
Appendix AWiMAX SecurityMAX208M User s Guide154Authentication The WiMAX Device supports EAP-TTLS authentication.EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection (with EAP-TLS digital certifications are needed by both the server and the wireless clients for mutual authentication). Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
MAX208M User s Guide 155APPENDIX  B Setting Up Your Computer!s IPAddressNote: Your specific ZyXEL device may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported.This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network. Windows Vista/XP/2000, Mac OS 9/OS X, and all versions of UNIX/LINUX include the software components you need to use TCP/IP on your computer. If you manually assign IP information instead of using a dynamic IP, make sure that your network s computers have IP addresses that place them in the same subnet.In this appendix, you can set up an IP address for:!Windows XP/NT/2000 on page156!Windows Vista on page159!Mac OS X: 10.3 and 10.4 on page163!Mac OS X: 10.5 on page167!Linux: Ubuntu 8 (GNOME) on page 170!Linux: openSUSE 10.3 (KDE) on page176
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide156Windows XP/NT/2000The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT.1Click Start > Control Panel.Figure 71   Windows XP: Start Menu2In the Control Panel, click the Network Connections icon.Figure 72   Windows XP: Control Panel
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 1573Right-click Local Area Connection and then select Properties.Figure 73   Windows XP: Control Panel > Network Connections > Properties4On the General tab, select Internet Protocol (TCP/IP) and then click Properties.Figure 74   Windows XP: Local Area Connection Properties
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide1585The Internet Protocol TCP/IP Properties window opens.Figure 75   Windows XP: Internet Protocol (TCP/IP) Properties6Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically.Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided.7Click OK to close the Internet Protocol (TCP/IP) Properties window.Click OK to close the Local Area Connection Properties window.Verifying Settings1Click Start > All Programs > Accessories > Command Prompt.2In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information.
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 159Windows VistaThis section shows screens from Windows Vista Professional.1Click Start > Control Panel.Figure 76   Windows Vista: Start Menu2In the Control Panel, click the Network and Internet icon.Figure 77   Windows Vista: Control Panel3Click the Network and Sharing Center icon.Figure 78   Windows Vista: Network And Internet
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide1604Click Manage network connections.Figure 79   Windows Vista: Network and Sharing Center5Right-click Local Area Connection and then select Properties.Figure 80   Windows Vista: Network and Sharing CenterNote: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 1616Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.Figure 81   Windows Vista: Local Area Connection Properties
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide1627The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.Figure 82   Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties8Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically.Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided.Click Advanced.9Click OK to close the Internet Protocol (TCP/IP) Properties window.Click OK to close the Local Area Connection Properties window.Verifying Settings1Click Start > All Programs > Accessories > Command Prompt.2In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information.
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 163Mac OS X: 10.3 and 10.4The screens in this section are from Mac OS X 10.4 but can also apply to 10.3.1Click Apple > System Preferences.Figure 83   Mac OS X 10.4: Apple Menu2In the System Preferences window, click the Network icon.Figure 84   Mac OS X 10.4: System Preferences
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide1643When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure.Figure 85   Mac OS X 10.4: Network Preferences4For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab.Figure 86   Mac OS X 10.4: Network Preferences > TCP/IP Tab.
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 1655For statically assigned settings, do the following:!From the Configure IPv4 list, select Manually.!In the IP Address field, type your IP address.!In the Subnet Mask field, type your subnet mask.!In the Router field, type the IP address of your device.Figure 87   Mac OS X 10.4: Network Preferences > Ethernet
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide166Click Apply Now and close the window.Verifying SettingsCheck your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab.Figure 88   Mac OS X 10.4: Network Utility
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 167Mac OS X: 10.5The screens in this section are from Mac OS X 10.5.1Click Apple > System Preferences.Figure 89   Mac OS X 10.5: Apple Menu2In System Preferences, click the Network icon.Figure 90   Mac OS X 10.5: Systems Preferences
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide1683When the Network preferences pane opens, select Ethernet from the list of available connection types.Figure 91   Mac OS X 10.5: Network Preferences > Ethernet4From the Configure list, select Using DHCP for dynamically assigned settings.5For statically assigned settings, do the following:!From the Configure list, select Manually.!In the IP Address field, enter your IP address.!In the Subnet Mask field, enter your subnet mask.
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 169!In the Router field, enter the IP address of your WiMAX Device.Figure 92   Mac OS X 10.5: Network Preferences > Ethernet6Click Apply and close the window.
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide170Verifying SettingsCheck your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab.Figure 93   Mac OS X 10.5: Network UtilityLinux: Ubuntu 8 (GNOME)This section shows you how to configure your computer s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default Ubuntu 8 installation.Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in GNOME:
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 1711Click System > Administration > Network.Figure 94   Ubuntu 8: System > Administration Menu2When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password.Figure 95   Ubuntu 8: Network Settings > Connections
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide1723In the Authenticate window, enter your admin account name and password then click the Authenticate button.Figure 96   Ubuntu 8: Administrator Account Authentication4In the Network Settings window, select the connection that you want to configure, then click Properties.Figure 97   Ubuntu 8: Network Settings > Connections
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 1735The Properties dialog box opens.Figure 98   Ubuntu 8: Network Settings > Properties!In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address.!In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields. 6Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen.
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide1747If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided. Figure 99   Ubuntu 8: Network Settings > DNS  8Click the Close button to apply the changes.Verifying SettingsCheck your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 175tab.  The Interface Statistics column shows data if your connection is working properly.Figure 100   Ubuntu 8: Network Tools
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide176Linux: openSUSE 10.3 (KDE)This section shows you how to configure your computer s TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default openSUSE 10.3 installation.Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in the KDE:1Click K Menu > Computer > Administrator Settings (YaST).Figure 101   openSUSE 10.3: K Menu > Computer Menu
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 1772When the Run as Root - KDE su dialog opens, enter the admin password and click OK.Figure 102   openSUSE 10.3: K Menu > Computer Menu3When the YaST Control Center window opens, select Network Devices and then click the Network Card icon.Figure 103   openSUSE 10.3: YaST Control Center
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide1784When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 104   openSUSE 10.3: Network Settings
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 1795When the Network Card Setup window opens, click the Address tabFigure 105   openSUSE 10.3: Network Card Setup6Select Dynamic Address (DHCP) if you have a dynamic IP address.Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields.7Click Next to save the changes and close the Network Card Setup window.
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide1808If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided.Figure 106   openSUSE 10.3: Network Settings9Click Finish to save your settings and close the window.
 Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide 181Verifying SettingsClick the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information.Figure 107   openSUSE 10.3: KNetwork ManagerWhen the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly.Figure 108   openSUSE: Connection Status - KNetwork Manager
Appendix BSetting Up Your Computer s IP AddressMAX208M User s Guide182
MAX208M User s Guide 183APPENDIX  C Pop-up Windows, JavaScriptand Java PermissionsIn order to use the web configurator you need to allow:!Web browser pop-up windows from your device.!JavaScript (enabled by default).!Java permissions (enabled by default).Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary.Internet Explorer Pop-up BlockersYou may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device s IP address.Disable Pop-up Blockers1In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 109   Pop-up BlockerYou can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab.
Appendix CPop-up Windows, JavaScript and Java PermissionsMAX208M User s Guide1841In Internet Explorer, select Tools, Internet Options, Privacy.2Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 110   Internet Options: Privacy3Click Apply to save this setting.Enable Pop-up Blockers with ExceptionsAlternatively, if you only want to allow pop-up windows from your device, see the following steps.1In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
 Appendix CPop-up Windows, JavaScript and Java PermissionsMAX208M User s Guide 1852Select Settings to open the Pop-up Blocker Settings screen.Figure 111   Internet Options: Privacy3Type the IP address of your device (the web page that you do not want to have blocked) with the prefix "http://#. For example, http://192.168.167.1.
Appendix CPop-up Windows, JavaScript and Java PermissionsMAX208M User s Guide1864Click Add to move the IP address to the list of Allowed sites.Figure 112   Pop-up Blocker Settings5Click Close to return to the Privacy screen. 6Click Apply to save this setting. JavaScriptIf pages of the web configurator do not display properly in Internet Explorer, check that JavaScript is allowed.
 Appendix CPop-up Windows, JavaScript and Java PermissionsMAX208M User s Guide 1871In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 113   Internet Options: Security 2Click the Custom Level... button. 3Scroll down to Scripting. 4Under Active scripting make sure that Enable is selected (the default).5Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix CPop-up Windows, JavaScript and Java PermissionsMAX208M User s Guide1886Click OK to close the window.Figure 114   Security Settings - Java ScriptingJava Permissions1From Internet Explorer, click Tools, Internet Options and then the Security tab. 2Click the Custom Level... button. 3Scroll down to Microsoft VM. 4Under Java permissions make sure that a safety level is selected.
 Appendix CPop-up Windows, JavaScript and Java PermissionsMAX208M User s Guide 1895Click OK to close the window.Figure 115   Security Settings - Java JAVA (Sun)1From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2Make sure that Use Java 2 for <applet> under Java (Sun) is selected.
Appendix CPop-up Windows, JavaScript and Java PermissionsMAX208M User s Guide1903Click OK to close the window.Figure 116   Java (Sun)Mozilla FirefoxMozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears.Figure 117   Mozilla Firefox: TOOLS > Options
 Appendix CPop-up Windows, JavaScript and Java PermissionsMAX208M User s Guide 191Click Content.to show the screen below. Select the check boxes as shown in the following screen.Figure 118   Mozilla Firefox Content Security
Appendix CPop-up Windows, JavaScript and Java PermissionsMAX208M User s Guide192
MAX208M User s Guide 193APPENDIX  D IP Addresses and SubnettingThis appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.Introduction to IP AddressesOne part of the IP address is the network number, and the other part is the host ID. In the same way that houses on a street share a common street name, the hosts on a network share a common network number. Similarly, as each house has its own house number, each host on the network has its own unique identifying number - the host ID. Routers use the network number to send packets to the correct network, while the host ID determines to which host on the network the packets are delivered.StructureAn IP address is made up of four parts, written in dotted decimal notation (for example, ). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal.
Appendix DIP Addresses and SubnettingMAX208M User s Guide194The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID.Figure 119   Network Number and Host IDHow much of the IP address is the network number and how much is the host ID varies according to the subnet mask.  Subnet MasksA subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term "subnet# is short for "sub-network#.A subnet mask has 32 bits. If a bit in the subnet mask is a "1# then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is "0# then the corresponding bit in the IP address is part of the host ID. The following example shows a subnet mask identifying the network number (in bold text) and host ID of an IP address (192.168.1.2 in decimal).Table 62   IP Address Network Number and Host ID Example1ST OCTET:(192)2ND OCTET:(168)3RD OCTET:(1)4TH OCTET(2)IP Address (Binary)11000000101010000000000100000010Subnet Mask (Binary) 111111111111111111111111 00000000Network Number 110000001010100000000001Host ID00000010
 Appendix DIP Addresses and SubnettingMAX208M User s Guide 195By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.Subnet masks can be referred to by the size of the network number part (the bits with a "1# value). For example, an "8-bit mask# means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes.Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Network SizeThe size of the network number determines the maximum number of possible hosts you can have on your network. The larger the number of network number bits, the smaller the number of remaining host ID bits. An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network  (192.168.1.255 with a 24-bit subnet mask, for example).As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows:Table 63   Subnet MasksBINARYDECIMAL1ST OCTET2ND OCTET3RD OCTET4TH OCTET8-bit mask 11111111 00000000 00000000 00000000 255.0.0.016-bit mask11111111 11111111 00000000 00000000 255.255.0.024-bit mask11111111 11111111 11111111 00000000 255.255.255.029-bit mask11111111 11111111 11111111 11111000 255.255.255.248Table 64   Maximum Host NumbersSUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS8 bits255.0.0.024 bits224 $ 21677721416 bits255.255.0.016 bits216 $ 26553424 bits255.255.255.08 bits28 $ 225429 bits255.255.255.2483 bits23 $ 26
Appendix DIP Addresses and SubnettingMAX208M User s Guide196NotationSince the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a "/# followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. SubnettingYou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 $ 2 or 254 possible hosts.Table 65   Alternative Subnet Mask NotationSUBNET MASKALTERNATIVE NOTATIONLAST OCTET (BINARY)LAST OCTET (DECIMAL)255.255.255.0 /24 0000 0000 0255.255.255.128/25 1000 0000 128255.255.255.192/26 1100 0000 192255.255.255.224/27 1110 0000 224255.255.255.240/28 1111 0000 240255.255.255.248/29 1111 1000 248255.255.255.252/30 1111 1100 252
 Appendix DIP Addresses and SubnettingMAX208M User s Guide 197The following figure shows the company network before subnetting.  Figure 120   Subnetting Example: Before SubnettingYou can "borrow# one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).The "borrowed# host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25.
Appendix DIP Addresses and SubnettingMAX208M User s Guide198The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 121   Subnetting Example: After SubnettingIn a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 $ 2 or 126 possible hosts (a host ID of all zeroes is the subnet s address itself, all ones is the subnet s broadcast address).192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126. Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.Example: Four Subnets The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to "borrow# two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.
 Appendix DIP Addresses and SubnettingMAX208M User s Guide 199Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet s broadcast address). Table 66   Subnet 1IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address (Decimal) 192.168.1. 0IP Address (Binary) 11000000.10101000.00000001. 00000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.0Lowest Host ID: 192.168.1.1Broadcast Address: 192.168.1.63Highest Host ID: 192.168.1.62Table 67   Subnet 2IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 64IP Address (Binary) 11000000.10101000.00000001. 01000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.64Lowest Host ID: 192.168.1.65Broadcast Address: 192.168.1.127Highest Host ID: 192.168.1.126Table 68   Subnet 3IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 128IP Address (Binary) 11000000.10101000.00000001. 10000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.128Lowest Host ID: 192.168.1.129Broadcast Address: 192.168.1.191Highest Host ID: 192.168.1.190Table 69   Subnet 4IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 192IP Address (Binary) 11000000.10101000.00000001. 11000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Appendix DIP Addresses and SubnettingMAX208M User s Guide200Example: Eight SubnetsSimilarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.Subnet PlanningThe following table is a summary for subnet planning on a network with a 24-bit network number.Subnet Address: 192.168.1.192Lowest Host ID: 192.168.1.193Broadcast Address: 192.168.1.255Highest Host ID: 192.168.1.254Table 69   Subnet 4 (continued)IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUETable 70   Eight SubnetsSUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESSBROADCAST ADDRESS1 0 1 30 31232 33 62 63364 65 94 95496 97 126 1275 128 129 158 1596 160 161 190 1917 192 193 222 2238 224 225 254 255Table 71   24-bit Network Number Subnet PlanningNO. #BORROWED$ HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.255.128 (/25) 2 1262255.255.255.192 (/26) 4 623 255.255.255.224 (/27) 8 304 255.255.255.240 (/28) 16 145 255.255.255.248 (/29) 32 66 255.255.255.252 (/30) 64 27 255.255.255.254 (/31) 128 1

Navigation menu