ZyXEL Communications MAX208M2W WiMAX Indoor VoIP Wi-Fi IAD User Manual MAX208M2W Users guide

Download:
Mirror Download [FCC.gov]
Document ID	1495224
Application ID	/VwsKaCF9sa8Z9Wn1hbZuA==
Document Description	User Manual Part 2
Short Term Confidential	No
Permanent Confidential	No
Supercede	No
Document Type	User Manual
Display Format	Adobe Acrobat PDF - pdf
Filesize	262.67kB (3283393 bits)
Date Submitted	2011-07-05 00:00:00
Date Available	2011-07-05 00:00:00
Creation Date	2011-07-04 15:55:57
Producing Software	pdfFactory Pro 3.10 (Windows XP Professional Chinese)
Document Lastmod	2011-07-04 15:56:06
Document Title	MAX208M2W_Users guide.pdf
Document Creator	pdfFactory Pro www.ahasoft.com.tw/FinePrint
Document Author:	sam

Chapter 14 Product Specifications
14.1 Wall-Mounting
This section shows you how to mount your MAX208M2W Series on a wall using the
ZyXEL Wall-Mounting kit (not included).
14.1.1 The Wall-Mounting Kit
The wall-mounting kit contains the following parts:
Two Mortar Plugs (M4*L30 mm)
Two Screws (M4*L30 mm)
Wall-Mounting Chassis
If any parts are missing, contact your vendor.
14.1.2 Instructions
To mount the MAX208M2W Series on a wall:
Select a position free of obstructions on a sturdy wall.
Drill two holes in the wall exactly 70 mm apart. The holes should be 6 mm wide
and at least 30 mm deep.
Be careful to avoid damaging pipes or cables located inside the
wall when drilling holes for the screws.
MAX208M2W Series User’s Guide
201
Chapter 14 Product Specifications
Attach the wall mounting chassis with the plugs and screws as shown below:
Connect the MAX208M2W Series to the wall mounting chassis by snapping the
chassis’ two upper chassis hooks into the matching holes on the MAX208M2W
Series:
Do not pinch or server the cable connections between the wallmounting chassis the MAX208M2W Series.
202
MAX208M2W Series User’s Guide
Chapter 14 Product Specifications
Snap the lower chassis hooks into the matching holes on the MAX208M2W Series.
The cable connections should come out either the left or right gaps between the
wall-mounting chassis and the MAX208M2W Series
Once you have snapped the wall-mounting chassis in place, the MAX208M2W
Series is securely fastened to the wall.
MAX208M2W Series User’s Guide
203
Chapter 14 Product Specifications
204
MAX208M2W Series User’s Guide
APPENDIX
WiMAX Security
Wireless security is vital to protect your wireless communications. Without it,
information transmitted over the wireless network would be accessible to any
networking device within range.
User Authentication and Data Encryption
The WiMAX (IEEE 802.16) standard employs user authentication and encryption to
ensure secured communication at all times.
User authentication is the process of confirming a user’s identity and level of
authorization. Data encryption is the process of encoding information so that it
cannot be read by anyone who does not know the code.
WiMAX uses PKMv2 (Privacy Key Management version 2) for authentication, and
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol)
for data encryption.
WiMAX supports EAP (Extensible Authentication Protocol, RFC 2486) which allows
additional authentication methods to be deployed with no changes to the base
station or the mobile or subscriber stations.
PKMv2
PKMv2 is a procedure that allows authentication of a mobile or subscriber station
and negotiation of a public key to encrypt traffic between the MS/SS and the base
station. PKMv2 uses standard EAP methods such as Transport Layer Security
(EAP-TLS) or Tunneled TLS (EAP-TTLS) for secure communication.
In cryptography, a ‘key’ is a piece of information, typically a string of random
numbers and letters, that can be used to ‘lock’ (encrypt) or ‘unlock’ (decrypt) a
message. Public key encryption uses key pairs, which consist of a public (freely
available) key and a private (secret) key. The public key is used for encryption and
the private key is used for decryption. You can decrypt a message only if you have
the private key. Public key certificates (or ‘digital IDs’) allow users to verify each
other’s identity.
MAX208M2W Series User’s Guide
205
Appendix A WiMAX Security
RADIUS
RADIUS is based on a client-server model that supports authentication,
authorization and accounting. The base station is the client and the server is the
RADIUS server. The RADIUS server handles the following tasks:
• Authentication
Determines the identity of the users.
• Authorization
Determines the network services available to authenticated users once they are
connected to the network.
• Accounting
Keeps track of the client’s network activity.
RADIUS is a simple package exchange in which your base station acts as a
message relay between the MS/SS and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the base station
and the RADIUS server for user authentication:
• Access-Request
Sent by an base station requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access.
The base station sends a proper response from the user and then sends another
Access-Request message.
The following types of RADIUS messages are exchanged between the base station
and the RADIUS server for user accounting:
• Accounting-Request
Sent by the base station requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a
shared secret key, which is a password they both know. The key is not sent over
206
MAX208M2W Series User’s Guide
Appendix A WiMAX Security
the network. In addition to the shared key, password information exchanged is
also encrypted to protect the network from unauthorized access.
Diameter
Diameter (RFC 3588) is a type of AAA server that provides several improvements
over RADIUS in efficiency, security, and support for roaming.
Security Association
The set of information about user authentication and data encryption between two
computers is known as a security association (SA). In a WiMAX network, the
process of security association has three stages.
• Authorization request and reply
The MS/SS presents its public certificate to the base station. The base station
verifies the certificate and sends an authentication key (AK) to the MS/SS.
• Key request and reply
The MS/SS requests a transport encryption key (TEK) which the base station
generates and encrypts using the authentication key.
• Encrypted traffic
The MS/SS decrypts the TEK (using the authentication key). Both stations can
now securely encrypt and decrypt the data flow.
CCMP
All traffic in a WiMAX network is encrypted using CCMP (Counter Mode with Cipher
Block Chaining Message Authentication Protocol). CCMP is based on the 128-bit
Advanced Encryption Standard (AES) algorithm.
‘Counter mode’ refers to the encryption of each block of plain text with an
arbitrary number, known as the counter. This number changes each time a block
of plain text is encrypted. Counter mode avoids the security weakness of repeated
identical blocks of encrypted text that makes encrypted data vulnerable to
pattern-spotting.
‘Cipher Block Chaining Message Authentication’ (also known as CBC-MAC) ensures
message integrity by encrypting each block of plain text in such a way that its
encryption is dependent on the block before it. This series of ‘chained’ blocks
creates a message authentication code (MAC or CMAC) that ensures the encrypted
data has not been tampered with.
MAX208M2W Series User’s Guide
207
Appendix A WiMAX Security
Authentication
The MAX208M2W Series supports EAP-TTLS authentication.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for
only the server-side authentications to establish a secure connection (with EAPTLS digital certifications are needed by both the server and the wireless clients for
mutual authentication). Client authentication is then done by sending username
and password through the secure connection, thus client identity is protected. For
client authentication, EAP-TTLS supports EAP methods and legacy authentication
methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
208
MAX208M2W Series User’s Guide
APPENDIX
Setting Up Your Computer’s IP
Address
Note: Your specific ZyXEL device may not support all of the operating systems
described in this appendix. See the product specifications for more information
about which operating systems are supported.
This appendix shows you how to configure the IP settings on your computer in
order for it to be able to communicate with the other devices on your network.
Windows Vista/XP/2000, Mac OS 9/OS X, and all versions of UNIX/LINUX include
the software components you need to use TCP/IP on your computer.
If you manually assign IP information instead of using a dynamic IP, make sure
that your network’s computers have IP addresses that place them in the same
subnet.
In this appendix, you can set up an IP address for:
• Windows XP/NT/2000 on page 210
• Windows Vista on page 213
• Mac OS X: 10.3 and 10.4 on page 217
• Mac OS X: 10.5 on page 221
• Linux: Ubuntu 8 (GNOME) on page 224
• Linux: openSUSE 10.3 (KDE) on page 230
MAX208M2W Series User’s Guide
209
Appendix B Setting Up Your Computer’s IP Address
Windows XP/NT/2000
The following example uses the default Windows XP display theme but can also
apply to Windows 2000 and Windows NT.
Click Start > Control Panel.
Figure 101 Windows XP: Start Menu
In the Control Panel, click the Network Connections icon.
Figure 102 Windows XP: Control Panel
210
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
Right-click Local Area Connection and then select Properties.
Figure 103 Windows XP: Control Panel > Network Connections > Properties
On the General tab, select Internet Protocol (TCP/IP) and then click
Properties.
Figure 104 Windows XP: Local Area Connection Properties
MAX208M2W Series User’s Guide
211
Appendix B Setting Up Your Computer’s IP Address
The Internet Protocol TCP/IP Properties window opens.
Figure 105 Windows XP: Internet Protocol (TCP/IP) Properties
Select Obtain an IP address automatically if your network administrator or ISP
assigns your IP address dynamically.
Select Use the following IP Address and fill in the IP address, Subnet mask,
and Default gateway fields if you have a static IP address that was assigned to
you by your network administrator or ISP. You may also have to enter a Preferred
DNS server and an Alternate DNS server, if that information was provided.
Click OK to close the Internet Protocol (TCP/IP) Properties window.
Click OK to close the Local Area Connection Properties window.Verifying Settings
Click Start > All Programs > Accessories > Command Prompt.
In the Command Prompt window, type "ipconfig" and then press [ENTER].
You can also go to Start > Control Panel > Network Connections, right-click a
network connection, click Status and then click the Support tab to view your IP
address and connection information.
212
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
Windows Vista
This section shows screens from Windows Vista Professional.
Click Start > Control Panel.
Figure 106 Windows Vista: Start Menu
In the Control Panel, click the Network and Internet icon.
Figure 107 Windows Vista: Control Panel
Click the Network and Sharing Center icon.
Figure 108 Windows Vista: Network And Internet
MAX208M2W Series User’s Guide
213
Appendix B Setting Up Your Computer’s IP Address
Click Manage network connections.
Figure 109 Windows Vista: Network and Sharing Center
Right-click Local Area Connection and then select Properties.
Figure 110 Windows Vista: Network and Sharing Center
Note: During this procedure, click Continue whenever Windows displays a screen
saying that it needs your permission to continue.
214
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Figure 111 Windows Vista: Local Area Connection Properties
MAX208M2W Series User’s Guide
215
Appendix B Setting Up Your Computer’s IP Address
The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.
Figure 112 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties
Select Obtain an IP address automatically if your network administrator or ISP
assigns your IP address dynamically.
Select Use the following IP Address and fill in the IP address, Subnet mask,
and Default gateway fields if you have a static IP address that was assigned to
you by your network administrator or ISP. You may also have to enter a Preferred
DNS server and an Alternate DNS server, if that information was
provided.Click Advanced.
Click OK to close the Internet Protocol (TCP/IP) Properties window.
Click OK to close the Local Area Connection Properties window.Verifying Settings
Click Start > All Programs > Accessories > Command Prompt.
In the Command Prompt window, type "ipconfig" and then press [ENTER].
You can also go to Start > Control Panel > Network Connections, right-click a
network connection, click Status and then click the Support tab to view your IP
address and connection information.
216
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
Mac OS X: 10.3 and 10.4
The screens in this section are from Mac OS X 10.4 but can also apply to 10.3.
Click Apple > System Preferences.
Figure 113 Mac OS X 10.4: Apple Menu
In the System Preferences window, click the Network icon.
Figure 114 Mac OS X 10.4: System Preferences
MAX208M2W Series User’s Guide
217
Appendix B Setting Up Your Computer’s IP Address
When the Network preferences pane opens, select Built-in Ethernet from the
network connection type list, and then click Configure.
Figure 115 Mac OS X 10.4: Network Preferences
For dynamically assigned settings, select Using DHCP from the Configure IPv4
list in the TCP/IP tab.
Figure 116 Mac OS X 10.4: Network Preferences > TCP/IP Tab.
218
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
For statically assigned settings, do the following:
• From the Configure IPv4 list, select Manually.
• In the IP Address field, type your IP address.
• In the Subnet Mask field, type your subnet mask.
• In the Router field, type the IP address of your device.
Figure 117 Mac OS X 10.4: Network Preferences > Ethernet
MAX208M2W Series User’s Guide
219
Appendix B Setting Up Your Computer’s IP Address
Click Apply Now and close the window.Verifying Settings
Check your TCP/IP properties by clicking Applications > Utilities > Network
Utilities, and then selecting the appropriate Network Interface from the Info
tab.
Figure 118 Mac OS X 10.4: Network Utility
220
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
Mac OS X: 10.5
The screens in this section are from Mac OS X 10.5.
Click Apple > System Preferences.
Figure 119 Mac OS X 10.5: Apple Menu
In System Preferences, click the Network icon.
Figure 120 Mac OS X 10.5: Systems Preferences
MAX208M2W Series User’s Guide
221
Appendix B Setting Up Your Computer’s IP Address
When the Network preferences pane opens, select Ethernet from the list of
available connection types.
Figure 121 Mac OS X 10.5: Network Preferences > Ethernet
From the Configure list, select Using DHCP for dynamically assigned settings.
For statically assigned settings, do the following:
• From the Configure list, select Manually.
• In the IP Address field, enter your IP address.
• In the Subnet Mask field, enter your subnet mask.
222
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
• In the Router field, enter the IP address of your MAX208M2W Series.
Figure 122 Mac OS X 10.5: Network Preferences > Ethernet
Click Apply and close the window.
MAX208M2W Series User’s Guide
223
Appendix B Setting Up Your Computer’s IP Address
Verifying Settings
Check your TCP/IP properties by clicking Applications > Utilities > Network
Utilities, and then selecting the appropriate Network interface from the Info
tab.
Figure 123 Mac OS X 10.5: Network Utility
Linux: Ubuntu 8 (GNOME)
This section shows you how to configure your computer’s TCP/IP settings in the
GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution.
The procedure, screens and file locations may vary depending on your specific
distribution, release version, and individual configuration. The following screens
use the default Ubuntu 8 installation.
Note: Make sure you are logged in as the root administrator.
Follow the steps below to configure your computer IP address in GNOME:
224
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
Click System > Administration > Network.
Figure 124 Ubuntu 8: System > Administration Menu
When the Network Settings window opens, click Unlock to open the
Authenticate window. (By default, the Unlock button is greyed out until clicked.)
You cannot make changes to your configuration unless you first enter your admin
password.
Figure 125 Ubuntu 8: Network Settings > Connections
MAX208M2W Series User’s Guide
225
Appendix B Setting Up Your Computer’s IP Address
In the Authenticate window, enter your admin account name and password then
click the Authenticate button.
Figure 126 Ubuntu 8: Administrator Account Authentication
In the Network Settings window, select the connection that you want to
configure, then click Properties.
Figure 127 Ubuntu 8: Network Settings > Connections
226
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
The Properties dialog box opens.
Figure 128 Ubuntu 8: Network Settings > Properties
• In the Configuration list, select Automatic Configuration (DHCP) if you
have a dynamic IP address.
• In the Configuration list, select Static IP address if you have a static IP
address. Fill in the IP address, Subnet mask, and Gateway address fields.
Click OK to save the changes and close the Properties dialog box and return to
the Network Settings screen.
MAX208M2W Series User’s Guide
227
Appendix B Setting Up Your Computer’s IP Address
If you know your DNS server IP address(es), click the DNS tab in the Network
Settings window and then enter the DNS server information in the fields
provided.
Figure 129 Ubuntu 8: Network Settings > DNS
Click the Close button to apply the changes.
Verifying Settings
Check your TCP/IP properties by clicking System > Administration > Network
Tools, and then selecting the appropriate Network device from the Devices
228
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
tab. The Interface Statistics column shows data if your connection is working
properly.
Figure 130 Ubuntu 8: Network Tools
MAX208M2W Series User’s Guide
229
Appendix B Setting Up Your Computer’s IP Address
Linux: openSUSE 10.3 (KDE)
This section shows you how to configure your computer’s TCP/IP settings in the K
Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The
procedure, screens and file locations may vary depending on your specific
distribution, release version, and individual configuration. The following screens
use the default openSUSE 10.3 installation.
Note: Make sure you are logged in as the root administrator.
Follow the steps below to configure your computer IP address in the KDE:
Click K Menu > Computer > Administrator Settings (YaST).
Figure 131 openSUSE 10.3: K Menu > Computer Menu
230
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
When the Run as Root - KDE su dialog opens, enter the admin password and
click OK.
Figure 132 openSUSE 10.3: K Menu > Computer Menu
When the YaST Control Center window opens, select Network Devices and
then click the Network Card icon.
Figure 133 openSUSE 10.3: YaST Control Center
MAX208M2W Series User’s Guide
231
Appendix B Setting Up Your Computer’s IP Address
When the Network Settings window opens, click the Overview tab, select the
appropriate connection Name from the list, and then click the Configure button.
Figure 134 openSUSE 10.3: Network Settings
232
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
When the Network Card Setup window opens, click the Address tab
Figure 135 openSUSE 10.3: Network Card Setup
Select Dynamic Address (DHCP) if you have a dynamic IP address.
Select Statically assigned IP Address if you have a static IP address. Fill in the
IP address, Subnet mask, and Hostname fields.
Click Next to save the changes and close the Network Card Setup window.
MAX208M2W Series User’s Guide
233
Appendix B Setting Up Your Computer’s IP Address
If you know your DNS server IP address(es), click the Hostname/DNS tab in
Network Settings and then enter the DNS server information in the fields
provided.
Figure 136 openSUSE 10.3: Network Settings
234
Click Finish to save your settings and close the window.
MAX208M2W Series User’s Guide
Appendix B Setting Up Your Computer’s IP Address
Verifying Settings
Click the KNetwork Manager icon on the Task bar to check your TCP/IP
properties. From the Options sub-menu, select Show Connection Information.
Figure 137 openSUSE 10.3: KNetwork Manager
When the Connection Status - KNetwork Manager window opens, click the
Statistics tab to see if your connection is working properly.
Figure 138 openSUSE: Connection Status - KNetwork Manager
MAX208M2W Series User’s Guide
235
Appendix B Setting Up Your Computer’s IP Address
236
MAX208M2W Series User’s Guide
APPENDIX
Pop-up Windows, JavaScript
and Java Permissions
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device.
• JavaScript (enabled by default).
• Java permissions (enabled by default).
Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer
versions may vary.
Internet Explorer Pop-up Blockers
You may have to disable pop-up blocking to log into your device.
Either disable pop-up blocking (enabled by default in Windows XP SP (Service
Pack) 2) or allow pop-up blocking and create an exception for your device’s IP
address.
Disable Pop-up Blockers
In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off
Pop-up Blocker.
Figure 139 Pop-up Blocker
You can also check if pop-up blocking is disabled in the Pop-up Blocker section in
the Privacy tab.
MAX208M2W Series User’s Guide
237
Appendix C Pop-up Windows, JavaScript and Java Permissions
In Internet Explorer, select Tools, Internet Options, Privacy.
Clear the Block pop-ups check box in the Pop-up Blocker section of the screen.
This disables any web pop-up blockers you may have enabled.
Figure 140 Internet Options: Privacy
Click Apply to save this setting.
Enable Pop-up Blockers with Exceptions
Alternatively, if you only want to allow pop-up windows from your device, see the
following steps.
238
In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
MAX208M2W Series User’s Guide
Appendix C Pop-up Windows, JavaScript and Java Permissions
Select Settings
to open the Pop-up Blocker Settings screen.
Figure 141 Internet Options: Privacy
Type the IP address of your device (the web page that you do not want to have
blocked) with the prefix “http://”. For example, http://192.168.167.1.
MAX208M2W Series User’s Guide
239
Appendix C Pop-up Windows, JavaScript and Java Permissions
Click Add to move the IP address to the list of Allowed sites.
Figure 142 Pop-up Blocker Settings
Click Close to return to the Privacy screen.
Click Apply to save this setting.
JavaScript
If pages of the web configurator do not display properly in Internet Explorer, check
that JavaScript is allowed.
240
MAX208M2W Series User’s Guide
Appendix C Pop-up Windows, JavaScript and Java Permissions
In Internet Explorer, click Tools, Internet Options and then the Security tab.
Figure 143 Internet Options: Security
Click the Custom Level... button.
Scroll down to Scripting.
Under Active scripting make sure that Enable is selected (the default).
Under Scripting of Java applets make sure that Enable is selected (the
default).
MAX208M2W Series User’s Guide
241
Appendix C Pop-up Windows, JavaScript and Java Permissions
Click OK to close the window.
Figure 144 Security Settings - Java Scripting
Java Permissions
242
From Internet Explorer, click Tools, Internet Options and then the Security
tab.
Click the Custom Level... button.
Scroll down to Microsoft VM.
Under Java permissions make sure that a safety level is selected.
MAX208M2W Series User’s Guide
Appendix C Pop-up Windows, JavaScript and Java Permissions
Click OK to close the window.
Figure 145 Security Settings - Java
JAVA (Sun)
From Internet Explorer, click Tools, Internet Options and then the Advanced
tab.
Make sure that Use Java 2 for  under Java (Sun) is selected.
MAX208M2W Series User’s Guide
243
Appendix C Pop-up Windows, JavaScript and Java Permissions
Click OK to close the window.
Figure 146 Java (Sun)
Mozilla Firefox
Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary.
You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click
Options in the screen that appears.
Figure 147 Mozilla Firefox: TOOLS > Options
244
MAX208M2W Series User’s Guide
Appendix C Pop-up Windows, JavaScript and Java Permissions
Click Content.to show the screen below. Select the check boxes as shown in the
following screen.
Figure 148 Mozilla Firefox Content Security
MAX208M2W Series User’s Guide
245
Appendix C Pop-up Windows, JavaScript and Java Permissions
246
MAX208M2W Series User’s Guide
APPENDIX
IP Addresses and Subnetting
This appendix introduces IP addresses and subnet masks.
IP addresses identify individual devices on a network. Every networking device
(including computers, servers, routers, printers, etc.) needs an IP address to
communicate across the network. These networking devices are also known as
hosts.
Subnet masks determine the maximum number of possible hosts on a network.
You can also use subnet masks to divide one network into multiple sub-networks.
Introduction to IP Addresses
One part of the IP address is the network number, and the other part is the host
ID. In the same way that houses on a street share a common street name, the
hosts on a network share a common network number. Similarly, as each house
has its own house number, each host on the network has its own unique
identifying number - the host ID. Routers use the network number to send packets
to the correct network, while the host ID determines to which host on the network
the packets are delivered.
Structure
An IP address is made up of four parts, written in dotted decimal notation (for
example, ). Each of these four parts is known as an octet. An octet is an eightdigit binary number (for example 11000000, which is 192 in decimal notation).
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or
0 to 255 in decimal.
MAX208M2W Series User’s Guide
247
Appendix D IP Addresses and Subnetting
The following figure shows an example IP address in which the first three octets
(192.168.1) are the network number, and the fourth octet (16) is the host ID.
Figure 149 Network Number and Host ID
How much of the IP address is the network number and how much is the host ID
varies according to the subnet mask.
Subnet Masks
A subnet mask is used to determine which bits are part of the network number,
and which bits are part of the host ID (using a logical AND operation). The term
“subnet” is short for “sub-network”.
A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the
corresponding bit in the IP address is part of the network number. If a bit in the
subnet mask is “0” then the corresponding bit in the IP address is part of the host
ID.
The following example shows a subnet mask identifying the network number (in
bold text) and host ID of an IP address (192.168.1.2 in decimal).
Table 88 IP Address Network Number and Host ID Example
1ST
OCTET:
2ND
OCTET:
3RD
OCTET:
4TH
OCTET
(192)
(168)
(1)
(2)
IP Address (Binary)
11000000
10101000
00000001
00000010
Subnet Mask (Binary)
11111111
11111111
11111111
00000000
Network Number
11000000
10101000
00000001
Host ID
248
00000010
MAX208M2W Series User’s Guide
Appendix D IP Addresses and Subnetting
By convention, subnet masks always consist of a continuous sequence of ones
beginning from the leftmost bit of the mask, followed by a continuous sequence of
zeros, for a total number of 32 bits.
Subnet masks can be referred to by the size of the network number part (the bits
with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the
mask are ones and the remaining 24 bits are zeroes.
Subnet masks are expressed in dotted decimal notation just like IP addresses. The
following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit
and 29-bit subnet masks.
Table 89 Subnet Masks
BINARY
DECIMAL
1ST
OCTET
2ND
OCTET
3RD
OCTET
4TH
OCTET
8-bit mask
11111111
00000000
00000000
00000000
255.0.0.0
16-bit
mask
11111111
11111111
00000000
00000000
255.255.0.0
24-bit
mask
11111111
11111111
11111111
00000000
255.255.255.0
29-bit
mask
11111111
11111111
11111111
11111000
255.255.255.24
Network Size
The size of the network number determines the maximum number of possible
hosts you can have on your network. The larger the number of network number
bits, the smaller the number of remaining host ID bits.
An IP address with host IDs of all zeros is the IP address of the network
(192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host
IDs of all ones is the broadcast address for that network (192.168.1.255 with a
24-bit subnet mask, for example).
As these two IP addresses cannot be used for individual hosts, calculate the
maximum number of possible hosts in a network as follows:
Table 90 Maximum Host Numbers
MAXIMUM NUMBER OF
HOSTS
SUBNET MASK
HOST ID SIZE
8 bits
24 bits
224 – 2
16777214
16 bits
216
65534
24 bits 255.255.255.0
8 bits
28
29 bits 255.255.255.2
48
3 bits
23 – 2
255.0.0.0
16 bits 255.255.0.0
MAX208M2W Series User’s Guide
–2
–2
254
249
Appendix D IP Addresses and Subnetting
Notation
Since the mask is always a continuous number of ones beginning from the left,
followed by a continuous number of zeros for the remainder of the 32 bit mask,
you can simply specify the number of ones instead of writing the value of each
octet. This is usually specified by writing a “/” followed by the number of bits in
the mask after the address.
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask
255.255.255.128.
The following table shows some possible subnet masks using both notations.
Table 91 Alternative Subnet Mask Notation
SUBNET
MASK
ALTERNATIVE LAST OCTET
NOTATION
(BINARY)
LAST OCTET
(DECIMAL)
255.255.255.0
/24
0000 0000
255.255.255.12 /25
1000 0000
128
255.255.255.19 /26
1100 0000
192
255.255.255.22 /27
1110 0000
224
255.255.255.24 /28
1111 0000
240
255.255.255.24 /29
1111 1000
248
255.255.255.25 /30
1111 1100
252
Subnetting
You can use subnetting to divide one network into multiple sub-networks. In the
following example a network administrator creates two sub-networks to isolate a
group of servers from the rest of the company network for security reasons.
In this example, the company network address is 192.168.1.0. The first three
octets of the address (192.168.1) are the network number, and the remaining
octet is the host ID, allowing a maximum of 28 – 2 or 254 possible hosts.
250
MAX208M2W Series User’s Guide
Appendix D IP Addresses and Subnetting
The following figure shows the company network before subnetting.
Figure 150 Subnetting Example: Before Subnetting
You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into
two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or
/25).
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two
subnets; 192.168.1.0 /25 and 192.168.1.128 /25.
MAX208M2W Series User’s Guide
251
Appendix D IP Addresses and Subnetting
The following figure shows the company network after subnetting. There are now
two sub-networks, A and B.
Figure 151 Subnetting Example: After Subnetting
In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of
27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself,
all ones is the subnet’s broadcast address).
192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127
with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP
address that can be assigned to an actual host for subnet A is 192.168.1.1 and
the highest is 192.168.1.126.
Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.
Example: Four Subnets
The previous example illustrated using a 25-bit subnet mask to divide a 24-bit
address into two subnets. Similarly, to divide a 24-bit address into four subnets,
you need to “borrow” two host ID bits to give four possible combinations (00, 01,
10 and 11). The subnet mask is 26 bits
(11111111.11111111.11111111.11000000) or 255.255.255.192.
252
MAX208M2W Series User’s Guide
Appendix D IP Addresses and Subnetting
Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a
host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast
address).
Table 92 Subnet 1
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
IP Address (Decimal)
192.168.1.
IP Address (Binary)
11000000.10101000.00000001.
00000000
Subnet Mask (Binary)
11111111.11111111.11111111.
11000000
Subnet Address:
192.168.1.0
Lowest Host ID: 192.168.1.1
Broadcast Address:
192.168.1.63
Highest Host ID: 192.168.1.62
Table 93 Subnet 2
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
IP Address
192.168.1.
64
IP Address (Binary)
11000000.10101000.00000001.
01000000
Subnet Mask (Binary)
11111111.11111111.11111111.
11000000
Subnet Address:
192.168.1.64
Lowest Host ID: 192.168.1.65
Broadcast Address:
192.168.1.127
Highest Host ID: 192.168.1.126
Table 94 Subnet 3
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
IP Address
192.168.1.
128
IP Address (Binary)
11000000.10101000.00000001.
10000000
Subnet Mask (Binary)
11111111.11111111.11111111.
11000000
Subnet Address:
192.168.1.128
Lowest Host ID: 192.168.1.129
Broadcast Address:
192.168.1.191
Highest Host ID: 192.168.1.190
Table 95 Subnet 4
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
IP Address
192.168.1.
192
IP Address (Binary)
11000000.10101000.00000001
11000000
Subnet Mask (Binary)
11111111.11111111.11111111
11000000
MAX208M2W Series User’s Guide
253
Appendix D IP Addresses and Subnetting
Table 95 Subnet 4 (continued)
LAST OCTET BIT
VALUE
IP/SUBNET MASK
NETWORK NUMBER
Subnet Address:
192.168.1.192
Lowest Host ID: 192.168.1.193
Broadcast Address:
192.168.1.255
Highest Host ID: 192.168.1.254
Example: Eight Subnets
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100,
101, 110 and 111).
The following table shows IP address last octet values for each subnet.
Table 96 Eight Subnets
SUBNET
SUBNET
ADDRESS
FIRST ADDRESS LAST
ADDRESS
BROADCAST
ADDRESS
30
31
32
33
62
63
64
65
94
95
96
97
126
127
128
129
158
159
160
161
190
191
192
193
222
223
224
225
254
255
Subnet Planning
The following table is a summary for subnet planning on a network with a 24-bit
network number.
Table 97 24-bit Network Number Subnet Planning
254
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. HOSTS PER
NO. SUBNETS SUBNET
255.255.255.128 (/25)
126
255.255.255.192 (/26)
62
255.255.255.224 (/27)
30
255.255.255.240 (/28)
16
14
255.255.255.248 (/29)
32
255.255.255.252 (/30)
64
255.255.255.254 (/31)
128
MAX208M2W Series User’s Guide
Appendix D IP Addresses and Subnetting
The following table is a summary for subnet planning on a network with a 16-bit
network number.
Table 98 16-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS NO. HOSTS PER
SUBNET
255.255.128.0 (/17)
32766
255.255.192.0 (/18)
16382
255.255.224.0 (/19)
8190
255.255.240.0 (/20)
16
4094
255.255.248.0 (/21)
32
2046
255.255.252.0 (/22)
64
1022
255.255.254.0 (/23)
128
510
255.255.255.0 (/24)
256
254
255.255.255.128 (/25)
512
126
10
255.255.255.192 (/26)
1024
62
11
255.255.255.224 (/27)
2048
30
12
255.255.255.240 (/28)
4096
14
13
255.255.255.248 (/29)
8192
14
255.255.255.252 (/30)
16384
15
255.255.255.254 (/31)
32768
Configuring IP Addresses
Where you obtain your network number depends on your particular situation. If
the ISP or your network administrator assigns you a block of registered IP
addresses, follow their instructions in selecting the IP addresses and the subnet
mask.
If the ISP did not explicitly give you an IP network number, then most likely you
have a single user account and the ISP will assign you a dynamic IP address when
the connection is established. If this is the case, it is recommended that you select
a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned
Number Authority (IANA) reserved this block of addresses specifically for private
use; please do not use any other number unless you are told otherwise. You must
also enable Network Address Translation (NAT) on the MAX208M2W Series.
Once you have decided on the network number, pick an IP address for your
MAX208M2W Series that is easy to remember (for instance, 192.168.1.1) but
make sure that no other device on your network is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your
MAX208M2W Series will compute the subnet mask automatically based on the IP
MAX208M2W Series User’s Guide
255
Appendix D IP Addresses and Subnetting
address that you entered. You don't need to change the subnet mask computed by
the MAX208M2W Series unless you are instructed to do otherwise.
Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are
isolated from the Internet (running only between two branch offices, for example)
you can assign any IP addresses to the hosts without problems. However, the
Internet Assigned Numbers Authority (IANA) has reserved the following three
blocks of IP addresses specifically for private networks:
• 10.0.0.0
• 172.16.0.0
— 10.255.255.255
— 172.31.255.255
• 192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP, or it can be assigned
from a private network. If you belong to a small organization and your Internet
access is through an ISP, the ISP can provide you with the Internet addresses for
your local networks. On the other hand, if you are part of a much larger
organization, you should consult your network administrator for the appropriate IP
addresses.
Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address assignment,
please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466,
Guidelines for Management of IP Address Space.
IP Address Conflicts
Each device on a network must have a unique IP address. Devices with duplicate
IP addresses on the same network will not be able to access the Internet or other
resources. The devices may also be unreachable through the network.
Conflicting Computer IP Addresses Example
More than one device can not use the same IP address. In the following example
computer A has a static (or fixed) IP address that is the same as the IP address
that a DHCP server assigns to computer B which is a DHCP client. Neither can
access the Internet. This problem can be solved by assigning a different static IP
256
MAX208M2W Series User’s Guide
Appendix D IP Addresses and Subnetting
address to computer A or setting computer A to obtain an IP address
automatically.
Figure 152 Conflicting Computer IP Addresses Example
Conflicting Router IP Addresses Example
Since a router connects different networks, it must have interfaces using different
network numbers. For example, if a router is set between a LAN and the Internet
(WAN), the router’s LAN and WAN addresses must be on different subnets. In the
following example, the LAN and WAN are on the same subnet. The LAN computers
cannot access the Internet because the router cannot route between networks.
Figure 153 Conflicting Computer IP Addresses Example
Conflicting Computer and Router IP Addresses Example
More than one device can not use the same IP address. In the following example,
the computer and the router’s LAN port both use 192.168.1.1 as the IP address.
MAX208M2W Series User’s Guide
257
Appendix D IP Addresses and Subnetting
The computer cannot access the Internet. This problem can be solved by
assigning a different IP address to the computer or the router’s LAN port.
Figure 154 Conflicting Computer and Router IP Addresses Example
258
MAX208M2W Series User’s Guide
APPENDIX
Importing Certificates
This appendix shows you how to import public key certificates into your web
browser.
Public key certificates are used by web browsers to ensure that a secure web site
is legitimate. When a certificate authority such as VeriSign, Comodo, or Network
Solutions, to name a few, receives a certificate request from a website operator,
they confirm that the web domain and contact information in the request match
those on public record with a domain name registrar. If they match, then the
certificate is issued to the website operator, who then places it on the site to be
issued to all visiting web browsers to let them know that the site is legitimate.
Many ZyXEL products, such as the NSA-2401, issue their own public key
certificates. These can be used by web browsers on a LAN or WAN to verify that
they are in fact connecting to the legitimate device and not one masquerading as
it. However, because the certificates were not issued by one of the several
organizations officially recognized by the most common web browsers, you will
need to import the ZyXEL-created certificate into your web browser and flag that
certificate as a trusted authority.
Note: You can see if you are browsing on a secure website if the URL in your web
browser’s address bar begins with https:// or there is a sealed padlock
icon (
) somewhere in the main browser window (not all browsers show the
padlock in the same location.)
In this appendix, you can import a public key certificate for:
• Internet Explorer on page 260
• Firefox on page 270
• Opera on page 276
• Konqueror on page 284
MAX208M2W Series User’s Guide
259
Appendix E Importing Certificates
Internet Explorer
The following example uses Microsoft Internet Explorer 7 on Windows XP
Professional; however, they can also apply to Internet Explorer on Windows Vista.
If your device’s web configurator is set to use SSL certification, then the first time
you browse to it you are presented with a certification error.
Figure 155 Internet Explorer 7: Certification Error
Click Continue to this website (not recommended).
Figure 156 Internet Explorer 7: Certification Error
260
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
In the Address Bar, click Certificate Error > View certificates.
Figure 157 Internet Explorer 7: Certificate Error
In the Certificate dialog box, click Install Certificate.
Figure 158 Internet Explorer 7: Certificate
MAX208M2W Series User’s Guide
261
Appendix E Importing Certificates
In the Certificate Import Wizard, click Next.
Figure 159 Internet Explorer 7: Certificate Import Wizard
If you want Internet Explorer to Automatically select certificate store based
on the type of certificate, click Next again and then go to step 9.
Figure 160 Internet Explorer 7: Certificate Import Wizard
262
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
Otherwise, select Place all certificates in the following store and then click
Browse.
Figure 161 Internet Explorer 7: Certificate Import Wizard
In the Select Certificate Store dialog box, choose a location in which to save the
certificate and then click OK.
Figure 162 Internet Explorer 7: Select Certificate Store
MAX208M2W Series User’s Guide
263
Appendix E Importing Certificates
In the Completing the Certificate Import Wizard screen, click Finish.
Figure 163 Internet Explorer 7: Certificate Import Wizard
10 If you are presented with another Security Warning, click Yes.
Figure 164 Internet Explorer 7: Security Warning
264
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
11 Finally, click OK when presented with the successful certificate installation
message.
Figure 165 Internet Explorer 7: Certificate Import Wizard
12 The next time you start Internet Explorer and go to a ZyXEL web configurator
page, a sealed padlock icon appears in the address bar. Click it to view the page’s
Website Identification information.
Figure 166 Internet Explorer 7: Website Identification
MAX208M2W Series User’s Guide
265
Appendix E Importing Certificates
Installing a Stand-Alone Certificate File in Internet Explorer
Rather than browsing to a ZyXEL web configurator and installing a public key
certificate when prompted, you can install a stand-alone certificate file if one has
been issued to you.
Double-click the public key certificate file.
Figure 167 Internet Explorer 7: Public Key Certificate File
In the security warning dialog box, click Open.
Figure 168 Internet Explorer 7: Open File - Security Warning
266
Refer to steps 4-12 in the Internet Explorer procedure beginning on page 260 to
complete the installation process.
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
Removing a Certificate in Internet Explorer
This section shows you how to remove a public key certificate in Internet Explorer
7.
Open Internet Explorer and click TOOLS > Internet Options.
Figure 169 Internet Explorer 7: Tools Menu
In the Internet Options dialog box, click Content > Certificates.
Figure 170 Internet Explorer 7: Internet Options
MAX208M2W Series User’s Guide
267
Appendix E Importing Certificates
In the Certificates dialog box, click the Trusted Root Certificates Authorities
tab, select the certificate that you want to delete, and then click Remove.
Figure 171 Internet Explorer 7: Certificates
In the Certificates confirmation, click Yes.
Figure 172 Internet Explorer 7: Certificates
In the Root Certificate Store dialog box, click Yes.
Figure 173 Internet Explorer 7: Root Certificate Store
268
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
The next time you go to the web site that issued the public key certificate you just
removed, a certification error appears.
MAX208M2W Series User’s Guide
269
Appendix E Importing Certificates
Firefox
The following example uses Mozilla Firefox 2 on Windows XP Professional;
however, the screens can also apply to Firefox 2 on all platforms.
If your device’s web configurator is set to use SSL certification, then the first time
you browse to it you are presented with a certification error.
Select Accept this certificate permanently and click OK.
Figure 174 Firefox 2: Website Certified by an Unknown Authority
270
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
The certificate is stored and you can now connect securely to the web configurator.
A sealed padlock appears in the address bar, which you can click to open the Page
Info > Security window to view the web page’s security information.
Figure 175 Firefox 2: Page Info
MAX208M2W Series User’s Guide
271
Appendix E Importing Certificates
Installing a Stand-Alone Certificate File in Firefox
Rather than browsing to a ZyXEL web configurator and installing a public key
certificate when prompted, you can install a stand-alone certificate file if one has
been issued to you.
Open Firefox and click TOOLS > Options.
Figure 176 Firefox 2: Tools Menu
In the Options dialog box, click ADVANCED > Encryption > View Certificates.
Figure 177 Firefox 2: Options
272
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
In the Certificate Manager dialog box, click Web Sites > Import.
Figure 178
Use the Select File dialog box to locate the certificate and then click Open.
Figure 179
Firefox 2: Certificate Manager
Firefox 2: Select File
The next time you visit the web site, click the padlock in the address bar to open
the Page Info > Security window to see the web page’s security information.
MAX208M2W Series User’s Guide
273
Appendix E Importing Certificates
Removing a Certificate in Firefox
This section shows you how to remove a public key certificate in Firefox 2.
Open Firefox and click TOOLS > Options.
Figure 180 Firefox 2: Tools Menu
In the Options dialog box, click ADVANCED > Encryption > View Certificates.
Figure 181 Firefox 2: Options
274
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
In the Certificate Manager dialog box, select the Web Sites tab, select the
certificate that you want to remove, and then click Delete.
Figure 182
Firefox 2: Certificate Manager
In the Delete Web Site Certificates dialog box, click OK.
Figure 183 Firefox 2: Delete Web Site Certificates
The next time you go to the web site that issued the public key certificate you just
removed, a certification error appears.
MAX208M2W Series User’s Guide
275
Appendix E Importing Certificates
Opera
The following example uses Opera 9 on Windows XP Professional; however, the
screens can apply to Opera 9 on all platforms.
If your device’s web configurator is set to use SSL certification, then the first time
you browse to it you are presented with a certification error.
Click Install to accept the certificate.
Figure 184 Opera 9: Certificate signer not found
276
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
The next time you visit the web site, click the padlock in the address bar to open
the Security information window to view the web page’s security details.
Figure 185 Opera 9: Security information
MAX208M2W Series User’s Guide
277
Appendix E Importing Certificates
Installing a Stand-Alone Certificate File in Opera
Rather than browsing to a ZyXEL web configurator and installing a public key
certificate when prompted, you can install a stand-alone certificate file if one has
been issued to you.
Open Opera and click TOOLS > Preferences.
Figure 186 Opera 9: Tools Menu
278
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
In Preferences, click ADVANCED > Security > Manage certificates.
Figure 187 Opera 9: Preferences
MAX208M2W Series User’s Guide
279
Appendix E Importing Certificates
In the Certificates Manager, click Authorities > Import.
Figure 188
Use the Import certificate dialog box to locate the certificate and then click
Open.
Figure 189
280
Opera 9: Certificate manager
Opera 9: Import certificate
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
In the Install authority certificate dialog box, click Install.
Figure 190
Next, click OK.
Figure 191
Opera 9: Install authority certificate
Opera 9: Install authority certificate
The next time you visit the web site, click the padlock in the address bar to open
the Security information window to view the web page’s security details.
MAX208M2W Series User’s Guide
281
Appendix E Importing Certificates
Removing a Certificate in Opera
This section shows you how to remove a public key certificate in Opera 9.
Open Opera and click TOOLS > Preferences.
Figure 192 Opera 9: Tools Menu
In Preferences, ADVANCED > Security > Manage certificates.
Figure 193 Opera 9: Preferences
282
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
In the Certificates manager, select the Authorities tab, select the certificate
that you want to remove, and then click Delete.
Figure 194
Opera 9: Certificate manager
The next time you go to the web site that issued the public key certificate you just
removed, a certification error appears.
Note: There is no confirmation when you delete a certificate authority, so be
absolutely certain that you want to go through with it before clicking the button.
MAX208M2W Series User’s Guide
283
Appendix E Importing Certificates
Konqueror
The following example uses Konqueror 3.5 on openSUSE 10.3, however the
screens apply to Konqueror 3.5 on all Linux KDE distributions.
If your device’s web configurator is set to use SSL certification, then the first time
you browse to it you are presented with a certification error.
Click Continue.
Figure 195 Konqueror 3.5: Server Authentication
Click Forever when prompted to accept the certificate.
Figure 196 Konqueror 3.5: Server Authentication
284
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
Click the padlock in the address bar to open the KDE SSL Information window
and view the web page’s security details.
Figure 197 Konqueror 3.5: KDE SSL Information
MAX208M2W Series User’s Guide
285
Appendix E Importing Certificates
Installing a Stand-Alone Certificate File in Konqueror
Rather than browsing to a ZyXEL web configurator and installing a public key
certificate when prompted, you can install a stand-alone certificate file if one has
been issued to you.
Double-click the public key certificate file.
Figure 198 Konqueror 3.5: Public Key Certificate File
In the Certificate Import Result - Kleopatra dialog box, click OK.
Figure 199 Konqueror 3.5: Certificate Import Result
The public key certificate appears in the KDE certificate manager, Kleopatra.
Figure 200 Konqueror 3.5: Kleopatra
286
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
The next time you visit the web site, click the padlock in the address bar to open
the KDE SSL Information window to view the web page’s security details.
MAX208M2W Series User’s Guide
287
Appendix E Importing Certificates
Removing a Certificate in Konqueror
This section shows you how to remove a public key certificate in Konqueror 3.5.
Open Konqueror and click Settings > Configure Konqueror.
Figure 201 Konqueror 3.5: Settings Menu
In the Configure dialog box, select Crypto.
On the Peer SSL Certificates tab, select the certificate you want to delete and
then click Remove.
Figure 202 Konqueror 3.5: Configure
288
The next time you go to the web site that issued the public key certificate you just
removed, a certification error appears.
MAX208M2W Series User’s Guide
Appendix E Importing Certificates
Note: There is no confirmation when you remove a certificate authority, so be
absolutely certain you want to go through with it before clicking the button.
MAX208M2W Series User’s Guide
289
Appendix E Importing Certificates
290
MAX208M2W Series User’s Guide
APPENDIX
Common Services
The following table lists some commonly-used services and their associated
protocols and port numbers. For a comprehensive list of port numbers, ICMP type/
code numbers and services, visit the IANA (Internet Assigned Number Authority)
web site.
• Name: This is a short, descriptive name for the service. You can use this one or
create a different one, if you like.
• Protocol: This is the type of IP protocol used by the service. If this is TCP/
UDP, then the service uses the same port number with TCP and UDP. If this is
USER-DEFINED, the Port(s) is the IP protocol number, not the port number.
• Port(s): This value depends on the Protocol. Please refer to RFC 1700 for
further information about port numbers.
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.
• If the Protocol is USER, this is the IP protocol number.
• Description: This is a brief explanation of the applications that use this service
or the situations in which this service is used.
Table 99 Commonly Used Services
NAME
PROTOCOL
PORT(S)
DESCRIPTION
AH
(IPSEC_TUNNEL)
User-Defined
51
The IPSEC AH (Authentication
Header) tunneling protocol uses this
service.
AIM/New-ICQ
TCP
5190
AOL’s Internet Messenger service. It
is also used as a listening port by
ICQ.
AUTH
TCP
113
Authentication protocol used by some
servers.
BGP
TCP
179
Border Gateway Protocol.
BOOTP_CLIENT
UDP
68
DHCP Client.
BOOTP_SERVER
UDP
67
DHCP Server.
CU-SEEME
TCP
7648
UDP
24032
A popular videoconferencing solution
from White Pines Software.
TCP/UDP
53
DNS
MAX208M2W Series User’s Guide
Domain Name Server, a service that
matches web names (for example
www.zyxel.com) to IP numbers.
291
Appendix F Common Services
Table 99 Commonly Used Services (continued)
292
NAME
PROTOCOL
PORT(S)
DESCRIPTION
ESP
(IPSEC_TUNNEL)
User-Defined
50
The IPSEC ESP (Encapsulation
Security Protocol) tunneling protocol
uses this service.
FINGER
TCP
79
Finger is a UNIX or Internet related
command that can be used to find out
if a user is logged on.
FTP
TCP
20
TCP
21
File Transfer Program, a program to
enable fast transfer of files, including
large files that may not be possible by
e-mail.
H.323
TCP
1720
NetMeeting uses this protocol.
HTTP
TCP
80
Hyper Text Transfer Protocol - a
client/server protocol for the world
wide web.
HTTPS
TCP
443
HTTPS is a secured http session often
used in e-commerce.
ICMP
User-Defined
Internet Control Message Protocol is
often used for diagnostic or routing
purposes.
ICQ
UDP
4000
This is a popular Internet chat
program.
IGMP
(MULTICAST)
User-Defined
Internet Group Management Protocol
is used when sending packets to a
specific group of hosts.
IKE
UDP
500
The Internet Key Exchange algorithm
is used for key distribution and
management.
IRC
TCP/UDP
6667
This is another popular Internet chat
program.
MSN Messenger
TCP
1863
Microsoft Networks’ messenger
service uses this protocol.
NEW-ICQ
TCP
5190
An Internet chat program.
NEWS
TCP
144
A protocol for news groups.
NFS
UDP
2049
Network File System - NFS is a client/
server distributed file service that
provides transparent file sharing for
network environments.
NNTP
TCP
119
Network News Transport Protocol is
the delivery mechanism for the
USENET newsgroup service.
PING
User-Defined
Packet INternet Groper is a protocol
that sends out ICMP echo requests to
test whether or not a remote host is
reachable.
POP3
TCP
110
Post Office Protocol version 3 lets a
client computer get e-mail from a
POP3 server through a temporary
connection (TCP/IP or other).
MAX208M2W Series User’s Guide
Appendix F Common Services
Table 99 Commonly Used Services (continued)
NAME
PROTOCOL
PORT(S)
DESCRIPTION
PPTP
TCP
1723
Point-to-Point Tunneling Protocol
enables secure transfer of data over
public networks. This is the control
channel.
PPTP_TUNNEL
(GRE)
User-Defined
47
PPTP (Point-to-Point Tunneling
Protocol) enables secure transfer of
data over public networks. This is the
data channel.
RCMD
TCP
512
Remote Command Service.
REAL_AUDIO
TCP
7070
A streaming audio service that
enables real time sound over the web.
REXEC
TCP
514
Remote Execution Daemon.
RLOGIN
TCP
513
Remote Login.
RTELNET
TCP
107
Remote Telnet.
RTSP
TCP/UDP
554
The Real Time Streaming (media
control) Protocol (RTSP) is a remote
control for multimedia on the
Internet.
SFTP
TCP
115
Simple File Transfer Protocol.
SMTP
TCP
25
Simple Mail Transfer Protocol is the
message-exchange standard for the
Internet. SMTP enables you to move
messages from one e-mail server to
another.
SNMP
TCP/UDP
161
Simple Network Management
Program.
SNMP-TRAPS
TCP/UDP
162
Traps for use with the SNMP
(RFC:1215).
SQL-NET
TCP
1521
Structured Query Language is an
interface to access data on many
different types of database systems,
including mainframes, midrange
systems, UNIX systems and network
servers.
SSH
TCP/UDP
22
Secure Shell Remote Login Program.
STRM WORKS
UDP
1558
Stream Works Protocol.
SYSLOG
UDP
514
Syslog allows you to send system logs
to a UNIX server.
TACACS
UDP
49
Login Host Protocol used for (Terminal
Access Controller Access Control
System).
TELNET
TCP
23
Telnet is the login and terminal
emulation protocol common on the
Internet and in UNIX environments. It
operates over TCP/IP networks. Its
primary function is to allow users to
log into remote host systems.
MAX208M2W Series User’s Guide
293
Appendix F Common Services
Table 99 Commonly Used Services (continued)
294
NAME
PROTOCOL
PORT(S)
DESCRIPTION
TFTP
UDP
69
Trivial File Transfer Protocol is an
Internet file transfer protocol similar
to FTP, but uses the UDP (User
Datagram Protocol) rather than TCP
(Transmission Control Protocol).
VDOLIVE
TCP
7000
Another videoconferencing solution.
MAX208M2W Series User’s Guide
APPENDIX
Legal Information
Copyright
Copyright © 2011 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole,
transcribed, stored in a retrieval system, translated into any language, or
transmitted in any form or by any means, electronic, mechanical, magnetic,
optical, chemical, photocopying, manual, or otherwise, without the prior written
permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimers
ZyXEL does not assume any liability arising out of the application or use of any
products, or software described herein. Neither does it convey any license under
its patent rights nor the patent rights of others. ZyXEL further reserves the right
to make changes in any products described herein without notice. This publication
is subject to change without notice.
Your use of the MAX208M2W Series is subject to the terms and conditions of any
related service providers.
Do not use the MAX208M2W Series for illegal purposes. Illegal downloading or
sharing of files can result in severe civil and criminal penalties. You are subject to
the restrictions of copyright laws and any other applicable laws, and will bear the
consequences of any infringements thereof. ZyXEL bears NO responsibility or
liability for your use of the download service feature.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only
and may be properties of their respective owners.
MAX208M2W Series User’s Guide
295
Appendix G Legal Information
Certifications
Federal Communications Commission (FCC) Interference Statement
This equipmentThe
has device
been tested
and found
to comply
limits
for a Class
B digitalto
device,
complies
with Part
15 of with
FCC the
rules.
Operation
is subject
the pursuant to Part
15 of the FCC Rules.
These
are designed to provide reasonable protection against harmful interference in
following
twolimits
conditions:
a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not
installed and usedThis
in accordance
with the
instructions,
may
harmful interference to radio communications.
device complies
with
part 15 of
thecause
FCC Rules.
However, there is no guarantee that interference will not occur in a particular installation. If this equipment does
Operation is subject to the condition that this device does not cause harmful
cause harmful interference to radio or television reception, which can be determined by turning the equipment
interference.
off and on, the user is encouraged to try to correct the interference by one of the following measures:
This device has been tested and found to comply with the limits for a Class B
- Reorient or relocate the receiving antenna.
digital device pursuant to Part 15 of the FCC Rules. These limits are designed to
- Increase the separation between the equipment and receiver.
provide reasonable protection against harmful interference in a residential
- Connect the equipment into an outlet on a circuit different from that
installation.
This device generates, uses, and can radiate radio frequency energy,
to which the receiver
is connected.
and
if
not
installed
andradio/TV
used intechnician
accordance
- Consult the dealer or an experienced
for with
help.the instructions, may cause
harmful interference to radio communications. However, there is no guarantee
that changes
interference
will not occur
a particular
installation.
FCC Caution: Any
or modifications
notinexpressly
approved
by the party responsible for compliance
could void the user's authority to operate this equipment.
If this device does cause harmful interference to radio/television reception, which
can be determined by turning the device off and on, the user is encouraged to try
This device complies
with Part
15 of the FCCbyRules.
Operation
subject
to themeasures:
following two conditions: (1) This
to correct
the interference
one or
more ofisthe
following
device may not cause harmful interference, and (2) this device must accept any interference received, including
interference that may cause undesired operation.
Reorient or relocate the receiving antenna.
IMPORTANT NOTE:
2 Increase
the separation between the equipment and the receiver.
Radiation Exposure
Statement:
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This
3 Connect
the equipment
intowith
an minimum
outlet on distance
a circuit20cm
different
fromthe
that
to which
thebody.
equipment should
be installed
and operated
between
radiator
& your
receiver is connected.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement
This transmitter must not be co-located or operating in conjunction with any
other antenna or transmitter.
To comply with FCC RF exposure compliance requirements, a separation
distance of at least 20 cm must be maintained between the antenna of this
device and all persons.
296
MAX208M2W Series User s Guide
Appendix G Legal Information
Notices
Changes or modifications not expressly approved by the party responsible for
compliance could void the user's authority to operate the equipment.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du
Canada.
Viewing Certifications
Go to http://www.zyxel.com.
Select your product on the ZyXEL home page to go to that product's page.
Select the certification you wish to view from this page.
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from
any defects in materials or workmanship for a period of up to two years from the
date of purchase. During the warranty period, and upon proof of purchase, should
the product have indications of failure due to faulty workmanship and/or
materials, ZyXEL will, at its discretion, repair or replace the defective products or
components without charge for either parts or labor, and to whatever extent it
shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally
equivalent product of equal or higher value, and will be solely at the discretion of
ZyXEL. This warranty shall not apply if the product has been modified, misused,
tampered with, damaged by an act of God, or subjected to abnormal working
conditions.
MAX208M2W Series User’s Guide
297
Appendix G Legal Information
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of
the purchaser. This warranty is in lieu of all other warranties, express or implied,
including any implied warranty of merchantability or fitness for a particular use or
purpose. ZyXEL shall in no event be held liable for indirect or consequential
damages of any kind to the purchaser.
To obtain the services of this warranty, contact your vendor. You may also refer to
the warranty policy for the region in which you bought the device at http://
www.zyxel.com/web/support_warranty_info.php.
Registration
Register your product online to receive e-mail notices of firmware upgrades and
information at www.zyxel.com.
298
MAX208M2W Series User’s Guide
Index
Index
CBC-MAC 207
CCMP 205, 207
AAA 70
cell 69
AbS 134
certificates 205
CA 71
formats 72
verification 207
accounting server
see AAA
ACK message 155
activity 70
Advanced Encryption Standard
see AES
AES 207
ALG 92
alternative subnet mask notation 250
analysis-by-synthesis 134
Application Layer Gateway
see ALG
authentication 70, 205
inner 208
key
server 70
types 208
authorization 205
request and reply 207
server 70
auto-discovery
UPnP 118
certification
notices 297
viewing 297
Certification Authority, see CA
chaining 207
chaining message authentication
see CCMP
circuit-switched telephone networks 133
Class of Service (CoS) 134
client-server
protocol 155
SIP 155
CMAC
see MAC
codec 133
comfort noise 157
copyright 295
CoS 134
counter mode
see CCMP
coverage area 69
base station
see BS
BS 69–70
links 70
BYE request 155
CA 71, 72
MAX208M2W Series User’s Guide
cryptography 205
data 205–207
decryption 205
encryption 205
flow 207
DHCP 89
server 89
diameter 70
299
Index
Differentiated Services
see DiffServ
DiffServ 134
DiffServ Code Point (DSCP) 134
marking rule 138
hybrid waveform codec 134
digital ID 72, 205
DS field 137
DSCP
see DiffServ
IANA 256
DTMF 143
dual-tone multi-frequency
see DTMF
Dynamic Host Configuration Protocol
see DHCP
identity 70, 205
idle timeout 162
IEEE 802.16 69, 205
IEEE 802.16e 69
IGD 1.0 93
inner authentication 208
EAP 70
EAP (Extensible Authentication Protocol) 72
EAP-TLS 72
EAP-TTLS 72
echo cancellation 157
encryption 205–207
traffic 207
Ethernet
encapsulation 91
Extensible Authorization Protocol
see EAP
FCC interference statement 296
Internet
access 70
gateway device 93
Internet Assigned Numbers Authority
see IANA 256
Internet Telephony Service Provider
see ITSP
interoperability 69
IP-PBX 133
ITSP 133
ITU-T 157
key 205
request and reply 207
firewall 127
FTP 161
restrictions 161
MAC 207
MAN 69
Management Information Base (MIB) 164
G.168 157
G.711 134
G.729 134
300
Message Authentication Code
see MAC
message integrity 207
Metropolitan Area Network
see MAN
microwave 69, 70
MAX208M2W Series User’s Guide
Index
mobile station
see MS
MS 70
multimedia 135
SIP 140
public certificate 207
public key 205
pulse code modulation 134
push button 104
NAT 255
and remote management 162
server sets 91
traversal 93
QoS 134
quality of service
NAT routers 141
network
activity 70
services 70
network address translators 141
OK response 155
outbound proxy 142
SIP 142
outbound proxy server 142
RADIUS 70, 72, 206
Message Types 206
Messages 206
Shared Secret Key 206
Real-time Transport Protocol
see RTP
register server
SIP 140
registration
product 298
related documentation 3
remote management and NAT 162
remote management limitations 161
required bandwidth 134
pattern-spotting 207
RFC 1889 135
PBX services 133
RFC 3489 141
PCM 134
RTP 135
peer-to-peer calls 142
per-hop behavior 137
PHB (per-hop behavior) 138
phone
services 143
PKMv2 70, 205, 208
plain text encryption 207
Privacy Key Management
see PKM
safety warnings 7
secure communication 205
secure connection 70
security 205
private key 205
security association 207
see SA
product registration 298
see QoS
proxy server
server, outbound proxy 142
MAX208M2W Series User’s Guide
301
Index
services 70
TLS 205
Session Initiation Protocol
see SIP
ToS 134
silence suppression 157
transport encryption key
see TEK
silent packets 157
SIP 134
account 140
ACK message 155
ALG 92, 142
Application Layer Gateway, see ALG
BYE request 155
call progression 154
client 155
client server 155
identities 140
INVITE request 155
number 140
OK response 155
proxy server 140
register server 140
servers 155
service domain 140
URI 140
user agent 140
SIP outbound proxy 142
SNMP 162
manager 164
sound quality 134
SS 69, 70
STUN 141, 142
subnet 247
mask 248
subnetting 250
subscriber station
see SS
supplementary phone services 143
syntax conventions 5
system timeout 162
tampering
TCP/IP configuration 89
Touch Tone® 143
transport layer security
see TLS
trigger port forwarding
process 113
TTLS 205, 208
tunneled TLS
see TTLS
Type of Service 134
unauthorized device 205
uniform resource identifier 140
Universal Plug and Play
see UPnP
UPnP 92
application 93
auto-discovery 118
security issues 93
Windows XP 116
use NAT 141
user agent, SIP 140
user authentication 205
VAD 157
verification 207
voice
activity detection 157
coding 133
mail 133
Voice over IP
see VoIP
VoIP 133
TEK 207
TFTP restrictions 161
302
MAX208M2W Series User’s Guide
Index
waveform codec 134
WiFi Protected Setup, see WPS
WiMAX 69–70
security 207
WiMAX Forum 69
Wireless Interoperability for Microwave Access
see WiMAX
wireless LAN
WPS 104
adding stations 104
push button 104
Wireless Metropolitan Area Network
see MAN
wireless network
access 69
standard 69
wireless security 205
wizard setup 31
WPS 104
adding stations 104
push button 104
MAX208M2W Series User’s Guide
303
Index
304
MAX208M2W Series User’s Guide
Source Exif Data: 
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.6
Linearized                      : Yes
Encryption                      : Standard V2.3 (128-bit)
User Access                     : Print, Copy, Extract
XMP Toolkit                     : 3.1-701
Modify Date                     : 2011:07:04 15:56:06+08:00
Create Date                     : 2011:07:04 15:55:57+08:00
Metadata Date                   : 2011:07:04 15:56:06+08:00
Creator Tool                    : pdfFactory Pro www.ahasoft.com.tw/FinePrint
Format                          : application/pdf
Title                           : MAX208M2W_Users guide.pdf
Creator                         : sam
Document ID                     : uuid:a6d2c126-f9be-4917-a895-a4a364f75a17
Instance ID                     : uuid:33efc576-7ed4-4a89-8d57-765dad5f2ea1
Producer                        : pdfFactory Pro 3.10 (Windows XP Professional Chinese)
Has XFA                         : No
Page Count                      : 104
Author                          : sam

EXIF Metadata provided by EXIF.tools
FCC ID Filing: I88MAX208M2W

				
				

							
		
		

			
Navigation menu