ZyXEL Communications MAX306 2.5GHz MIMO Outdoor CPE User Manual MAX 306HW2 Series UG v1 ed1 2009 06 29
ZyXEL Communications Corporation 2.5GHz MIMO Outdoor CPE MAX 306HW2 Series UG v1 ed1 2009 06 29
Contents
- 1. Manual Part 1
- 2. Manual Part 2
Manual Part 1
| Download: |  |
| Mirror Download [FCC.gov] | |
| Document ID | 1135851 |
| Application ID | u02aaU3gGLzmjm4D4iTmQA== |
| Document Description | Manual Part 1 |
| Short Term Confidential | No |
| Permanent Confidential | No |
| Supercede | No |
| Document Type | User Manual |
| Display Format | Adobe Acrobat PDF - pdf |
| Filesize | 264.63kB (3307930 bits) |
| Date Submitted | 2009-07-08 00:00:00 |
| Date Available | 2009-07-08 00:00:00 |
| Creation Date | 2009-07-07 18:38:16 |
| Producing Software | pdfFactory Pro 3.10 (Windows XP Professional Chinese) |
| Document Lastmod | 2009-07-08 10:30:16 |
| Document Title | MAX-306HW2 Series_UG_v1_ed1_2009-06-29.pdf |
| Document Creator | pdfFactory Pro www.ahasoft.com.tw/FinePrint |
| Document Author: | SAM |
MAX-306HW2 Series
en
tia
Models: MAX-306 ODU (2.5 GHz), MAX-316 ODU (3.5 GHz), MAX-306HW2 IDU
ny
on
fid
WiMAX MIMO Indoor/Outdoor
CPE (2.5GHz & 3.5GHz)
Default Login Details
http://192.168.100.1
User Name:
admin
Password:
1234
om
pa
IP Address:
Firmware
Version 3.6
www.zyxel.com
Edition 2, 05/2009
www.zyxel.com
Copyright © 2009
ZyXEL Communications Corporation
C
om
pa
ny
on
fid
en
tia
About This User's Guide
About This User's Guide
tia
Intended Audience
en
This manual is intended for people who want to configure this product using the
web configurator. You should have at least a basic knowledge of TCP/IP
networking concepts and topology.
Related Documentation
• Quick Start Guide
fid
The Quick Start Guide is designed to help you get up and running right away. It
contains information on setting up your network and configuring for Internet
access.
• Web Configurator Online Help
• Command Reference Guide
on
Embedded web help for descriptions of individual screens and supplementary
information.
• Support Disc
The Command Reference Guide explains how to use the Command-Line
Interface (CLI) and CLI commands to configure the WiMAX Device.
Refer to the included CD for support documents.
ny
• ZyXEL Web Site
Please refer to www.zyxel.com for additional support documentation and
product certifications.
pa
User’s Guide Feedback
om
Help us help you. Send all User’s Guide-related comments, questions or
suggestions for improvement to the following address, or use e-mail instead.
Thank you!
The Technical Writing Team,
ZyXEL Communications Corp.,
6 Innovation Road II,
Science-Based Industrial Park,
Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
User’s Guide
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this User’s Guide.
tia
Document Conventions
en
Warnings tell you about things that could harm you or your
WiMAX Device.
fid
Note: Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
• This product may be referred to as the “WiMAX Device”, the “ZyXEL Device”, the
“device”, the “system” or the “product” in this User’s Guide.
on
• Product labels, screen names, field labels and field choices are all in bold font.
• A key stroke is denoted by square brackets and uppercase text, for example,
[ENTER] means the “enter” or “return” key on your keyboard.
• “Enter” means for you to type one or more characters and then press the
[ENTER] key. “Select” or “choose” means for you to use one of the predefined
choices.
ny
• A right angle bracket ( > ) within a screen name denotes a mouse click. For
example, TOOLS > Logs > Log Settings means you first click Tools in the
navigation panel, then the Logs sub menu and finally the Log Settings tab to
get to that screen.
pa
• Units of measurement may denote the “metric” value or the “scientific” value.
For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may
denote “1000000” or “1048576” and so on.
om
• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other
words”.
User’s Guide
Document Conventions
Icons Used in Figures
Table 1 Common Icons
Internet Cloud
Computer
Notebook
Server
WiMAX Base Station
Telephone
Switch
on
fid
en
Wireless Signal
tia
Figures in this User’s Guide may use the following generic icons. The WiMAX
Device icon is not an exact representation of your WiMAX Device.\
ny
Router
om
pa
Network Cloud
User’s Guide
Safety Warnings
Safety Warnings
tia
For your safety, be sure to read and follow all warning notices and
instructions.
en
• Do NOT use this product near water, for example, in a wet basement or near a
swimming pool.
• Do NOT expose your device to dampness, dust or corrosive liquids.
• Do NOT store things on the device.
fid
• Do NOT install, use, or service this device during a thunderstorm. There is a
remote risk of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
on
• Do NOT open the device or unit. Opening or removing covers can expose you to
dangerous high voltage points or other risks. ONLY qualified service personnel
should service or disassemble this device. Please contact your vendor for further
information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble
over them.
• Always disconnect all cables from this device before servicing or disassembling.
ny
• Use ONLY an appropriate power adaptor or cord for your device. Connect it to
the right supply voltage (for example, 110V AC in North America or 230V AC in
Europe).
• Do NOT remove the plug and connect it to a power outlet by itself; always
attach the plug to the power adaptor first before connecting it to a power outlet.
pa
• Do NOT allow anything to rest on the power adaptor or cord and do NOT place
the product where anyone can walk on the power adaptor or cord.
• Do NOT use the device if the power adaptor or cord is damaged as it might
cause electrocution.
om
• If the power adaptor or cord is damaged, remove it from the device and the
power source.
• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor
to order a new one.Do not use the device outside, and make sure all the
connections are indoors. There is a remote risk of electric shock from lightning.
• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm
your device.Use only No. 26 AWG (American Wire Gauge) or larger
telecommunication line cord.
• Antenna Warning! This device meets ETSI and FCC certification requirements
when using the included antenna(s). Only use the included antenna(s).
• If you wall mount your device, make sure that no electrical lines, gas or water
pipes will be damaged.
User’s Guide
Safety Warnings
• The Power over Ethernet (PoE) device that supplies power must be indoors.
• Do not use the Indoor Unit’s PoE feature to supply power to any other device
other than the Outdoor Unit models specified in this User’s Guide.
tia
• You must maintain a minimum distance of 23 centimeters (9 inches) from the
outdoor unit.
• Do not use any PoE device other than the Indoor Unit model specified in this
User’s Guide to supply power to the Outdoor Unit.
Your product is marked with this symbol, which is known as the WEEE mark.
om
pa
ny
on
fid
en
WEEE stands for Waste Electronics and Electrical Equipment. It means that used
electrical and electronic products should not be mixed with general waste. Used
electrical and electronic equipment should be treated separately.
User’s Guide
C
om
pa
ny
on
fid
en
tia
Safety Warnings
User’s Guide
Contents Overview
Contents Overview
tia
Introduction and Wizards ...................................................................................................... 29
Getting Started ........................................................................................................................... 31
Introducing the Web Configurator .............................................................................................. 37
en
Internet Connection Wizard ....................................................................................................... 47
VoIP Connection Wizard ............................................................................................................ 59
Basic Screens ........................................................................................................................ 65
fid
The Setup Screens .................................................................................................................... 67
Advanced Screens ................................................................................................................. 73
on
The LAN Configuration Screens ................................................................................................ 75
The WAN Configuration Screens ............................................................................................... 89
The Wi-Fi Configuration Screens ............................................................................................ 103
The VPN Transport Screens .....................................................................................................113
The NAT Configuration Screens .............................................................................................. 125
The System Configuration Screens ......................................................................................... 135
Voice Screens ....................................................................................................................... 145
ny
The Service Configuration Screens ......................................................................................... 147
The Phone Screens ................................................................................................................. 165
The Phone Book Screens ........................................................................................................ 175
Tools & Status Screens ....................................................................................................... 181
pa
The Certificates Screens ......................................................................................................... 183
The Firewall Screens ............................................................................................................... 203
Content Filter ........................................................................................................................... 213
The Remote Management Screens ......................................................................................... 217
om
The Logs Screens ................................................................................................................... 227
The UPnP Screen .................................................................................................................... 243
The Status Screen ................................................................................................................... 253
Troubleshooting and Specifications .................................................................................. 265
Troubleshooting ....................................................................................................................... 267
Product Specifications ............................................................................................................. 275
Appendices and Index ......................................................................................................... 277
User’s Guide
C
om
pa
ny
on
fid
en
tia
Contents Overview
10
User’s Guide
Table of Contents
Table of Contents
tia
About This User's Guide .......................................................................................................... 3
Document Conventions............................................................................................................ 4
en
Safety Warnings........................................................................................................................ 6
Contents Overview ................................................................................................................... 9
Table of Contents.................................................................................................................... 11
fid
List of Figures ......................................................................................................................... 19
on
List of Tables........................................................................................................................... 25
Part I: Introduction and Wizards........................................................... 29
Chapter 1
Getting Started ........................................................................................................................ 31
ny
1.1 Overview .............................................................................................................................. 31
1.1.1 Wi-Fi Access Point ..................................................................................................... 32
1.1.2 WiMAX Internet Access ............................................................................................. 32
1.1.3 Make Calls via Internet Telephony Service Provider .................................................. 33
pa
1.2 WiMAX Device Hardware .................................................................................................... 34
1.2.1 LEDs .......................................................................................................................... 34
1.3 Good Habits for Managing the WiMAX Device .................................................................... 35
Chapter 2
Introducing the Web Configurator ........................................................................................ 37
om
2.1 Overview .............................................................................................................................. 37
2.1.1 Accessing the Web Configurator ................................................................................ 37
2.1.2 The Reset Button ....................................................................................................... 40
2.2 The Main Screen ................................................................................................................. 40
Chapter 3
Internet Connection Wizard ................................................................................................... 47
3.1 Overview .............................................................................................................................. 47
3.1.1 Welcome to the ZyXEL Setup Wizard ........................................................................ 47
3.1.2 System Information .................................................................................................... 48
3.1.3 Wireless LAN ............................................................................................................. 49
User’s Guide
11
Table of Contents
3.1.4 Authentication Settings .............................................................................................. 54
3.1.5 IP Address .................................................................................................................. 56
3.1.6 Setup Complete ......................................................................................................... 58
tia
Chapter 4
VoIP Connection Wizard......................................................................................................... 59
4.1 Overview .............................................................................................................................. 59
en
4.2 Welcome to the ZyXEL Setup Wizard ................................................................................. 59
4.2.1 First Voice Account Settings ...................................................................................... 60
4.2.2 Setup Complete ......................................................................................................... 63
fid
Part II: Basic Screens ............................................................................ 65
Chapter 5
The Setup Screens.................................................................................................................. 67
on
5.1 Overview .............................................................................................................................. 67
5.1.1 What You Can Do in This Chapter ............................................................................. 67
5.1.2 What You Need to Know ............................................................................................ 67
5.1.3 Before You Begin ....................................................................................................... 68
5.2 Set IP Address ..................................................................................................................... 68
5.3 DHCP Client ........................................................................................................................ 69
5.4 Time Setting ......................................................................................................................... 70
ny
5.4.1 Pre-Defined NTP Time Servers List ........................................................................... 71
5.4.2 Resetting the Time ..................................................................................................... 72
pa
Part III: Advanced Screens.................................................................... 73
Chapter 6
The LAN Configuration Screens............................................................................................ 75
6.1 Overview .............................................................................................................................. 75
om
6.1.1 What You Can Do in This Chapter ............................................................................. 75
6.1.2 What You Need to Know ............................................................................................ 75
6.2 DHCP Setup ........................................................................................................................ 76
6.3 Static DHCP ......................................................................................................................... 78
6.4 IP Alias ................................................................................................................................ 79
6.5 IP Static Route ..................................................................................................................... 81
6.5.1 IP Static Route Setup ................................................................................................. 82
6.6 Other Settings ...................................................................................................................... 83
6.7 Technical Reference ............................................................................................................ 84
6.7.1 IP Address and Subnet Mask ..................................................................................... 84
12
User’s Guide
Table of Contents
tia
6.7.2 DHCP Setup ............................................................................................................... 85
6.7.3 LAN TCP/IP ................................................................................................................ 85
6.7.4 DNS Server Address .................................................................................................. 86
6.7.5 RIP Setup ................................................................................................................... 86
6.7.6 Multicast ..................................................................................................................... 87
Chapter 7
The WAN Configuration Screens........................................................................................... 89
fid
en
7.1 Overview .............................................................................................................................. 89
7.1.1 What You Can Do in This Chapter ............................................................................. 89
7.1.2 What You Need to Know ............................................................................................ 89
7.2 Internet Connection ............................................................................................................. 93
7.3 WiMAX Configuration .......................................................................................................... 95
7.3.1 Frequency Ranges ..................................................................................................... 97
7.3.2 Configuring Frequency Settings ................................................................................. 97
7.3.3 Using the WiMAX Frequency Screen ......................................................................... 98
on
7.4 Traffic Redirect .................................................................................................................... 99
7.5 Advanced ........................................................................................................................... 101
Chapter 8
The Wi-Fi Configuration Screens ........................................................................................ 103
8.1 Overview ............................................................................................................................ 103
8.1.1 What You Can Do in This Chapter ........................................................................... 103
8.1.2 What You Need to Know .......................................................................................... 103
8.2 General .............................................................................................................................. 104
ny
8.3 MAC Filter .......................................................................................................................... 109
8.4 Advanced ...........................................................................................................................110
pa
Chapter 9
The VPN Transport Screens................................................................................................. 113
9.1 Overview .............................................................................................................................113
9.1.1 What You Can Do in This Chapter ............................................................................114
9.1.2 What You Need to Know ...........................................................................................114
om
9.1.3 Before You Begin ......................................................................................................115
9.2 General ...............................................................................................................................116
9.3 Customer Interface .............................................................................................................116
9.3.1 Multi-Protocol Label Switching ..................................................................................117
9.3.2 Generic Routing Encapsulation .................................................................................117
9.3.3 Customer Interface Options ......................................................................................118
9.3.4 Customer Interface Setup ........................................................................................ 120
9.4 Ethernet Pseudowire ......................................................................................................... 121
9.4.1 Ethernet Pseudowire Setup ..................................................................................... 123
9.5 Statistics ............................................................................................................................ 124
User’s Guide
13
Table of Contents
Chapter 10
The NAT Configuration Screens.......................................................................................... 125
en
tia
10.1 Overview .......................................................................................................................... 125
10.1.1 What You Can Do in This Chapter ......................................................................... 125
10.2 General ............................................................................................................................ 125
10.3 Port Forwarding .............................................................................................................. 126
10.3.1 Port Forwarding Options ........................................................................................ 127
10.3.2 Port Forwarding Rule Setup ................................................................................... 129
10.4 Trigger Port ...................................................................................................................... 130
10.4.1 Trigger Port Forwarding Example .......................................................................... 131
10.5 ALG ................................................................................................................................. 132
fid
Chapter 11
The System Configuration Screens .................................................................................... 135
on
11.1 Overview .......................................................................................................................... 135
11.1.1 What You Can Do in This Chapter ......................................................................... 135
11.1.2 What You Need to Know ........................................................................................ 135
11.2 General ........................................................................................................................... 137
11.3 Dynamic DNS .................................................................................................................. 138
ny
11.4 Firmware .......................................................................................................................... 140
11.4.1 The Firmware Upload Process ............................................................................... 141
11.5 Configuration .................................................................................................................... 142
11.5.1 The Restore Configuration Process ....................................................................... 143
11.6 Restart ............................................................................................................................. 143
11.6.1 The Restart Process ............................................................................................... 144
pa
Part IV: Voice Screens ......................................................................... 145
Chapter 12
The Service Configuration Screens .................................................................................... 147
12.1 Overview .......................................................................................................................... 147
om
12.1.1 What You Can Do in This Chapter ......................................................................... 147
12.1.2 What You Need to Know ........................................................................................ 147
12.1.3 Before you Begin .................................................................................................... 149
12.2 SIP Settings ..................................................................................................................... 149
12.2.1 Advanced SIP Settings .......................................................................................... 151
12.3 QoS ................................................................................................................................. 158
12.4 Technical Reference ........................................................................................................ 159
12.4.1 SIP Call Progression .............................................................................................. 159
12.4.2 SIP Client Server .................................................................................................... 160
12.4.3 SIP User Agent ...................................................................................................... 160
14
User’s Guide
Table of Contents
tia
12.4.4 SIP Proxy Server .................................................................................................... 160
12.4.5 SIP Redirect Server ............................................................................................... 161
12.4.6 NAT and SIP .......................................................................................................... 162
12.4.7 DiffServ .................................................................................................................. 162
12.4.8 DSCP and Per-Hop Behavior ................................................................................. 163
Chapter 13
The Phone Screens............................................................................................................... 165
fid
en
13.1 Overview .......................................................................................................................... 165
13.1.1 What You Can Do in This Chapter ......................................................................... 165
13.1.2 What You Need to Know ........................................................................................ 165
13.2 Analog Phone .................................................................................................................. 166
13.2.1 Advanced Analog Phone Setup ............................................................................. 168
13.3 Common .......................................................................................................................... 169
13.4 Region ............................................................................................................................. 170
13.5 Technical Reference ........................................................................................................ 170
on
13.5.1 The Flash Key ........................................................................................................ 170
13.5.2 Europe Type Supplementary Phone Services ....................................................... 171
13.5.3 USA Type Supplementary Services ....................................................................... 173
Chapter 14
The Phone Book Screens..................................................................................................... 175
14.1 Overview .......................................................................................................................... 175
14.1.1 What You Can Do in This Chapter ......................................................................... 175
14.1.2 What You Need to Know ........................................................................................ 175
ny
14.2 Incoming Call Policy ........................................................................................................ 176
14.3 Speed Dial ....................................................................................................................... 178
pa
Part V: Tools & Status Screens ........................................................... 181
om
Chapter 15
The Certificates Screens ...................................................................................................... 183
15.1 Overview .......................................................................................................................... 183
15.1.1 What You Can Do in This Chapter ......................................................................... 183
15.1.2 What You Need to Know ........................................................................................ 183
15.2 My Certificates ................................................................................................................. 184
15.2.1 My Certificates Create ............................................................................................ 186
15.2.2 My Certificate Edit .................................................................................................. 189
15.2.3 My Certificate Import .............................................................................................. 192
15.3 Trusted CAs ..................................................................................................................... 193
15.3.1 Trusted CA Edit ...................................................................................................... 195
User’s Guide
15
Table of Contents
15.3.2 Trusted CA Import .................................................................................................. 197
15.4 Technical Reference ........................................................................................................ 198
15.4.1 Certificate Authorities ............................................................................................. 198
15.4.2 Verifying a Certificate ............................................................................................. 200
tia
Chapter 16
The Firewall Screens ............................................................................................................ 203
fid
en
16.1 Overview .......................................................................................................................... 203
16.1.1 What You Can Do in This Chapter ......................................................................... 203
16.1.2 What You Need to Know ........................................................................................ 203
16.2 Firewall Setting ................................................................................................................ 204
16.2.1 Firewall Rule Directions ......................................................................................... 204
16.2.2 Triangle Route ........................................................................................................ 205
16.2.3 Firewall Setting Options ......................................................................................... 206
16.3 Service Setting ................................................................................................................ 207
16.4 Technical Reference ........................................................................................................ 208
on
16.4.1 Stateful Inspection Firewall. ................................................................................... 208
16.4.2 Guidelines For Enhancing Security With Your Firewall .......................................... 209
16.4.3 The “Triangle Route” Problem ................................................................................ 209
Chapter 17
Content Filter......................................................................................................................... 213
17.1 Overview .......................................................................................................................... 213
17.1.1 What You Can Do in This Chapter ......................................................................... 213
17.2 Filter ................................................................................................................................. 214
ny
17.3 Schedule .......................................................................................................................... 216
Chapter 18
The Remote Management Screens ..................................................................................... 217
pa
18.1 Overview .......................................................................................................................... 217
18.1.1 What You Can Do in This Chapter ......................................................................... 217
18.1.2 What You Need to Know ........................................................................................ 218
18.2 WWW .............................................................................................................................. 219
om
18.3 Telnet ............................................................................................................................... 220
18.4 FTP .................................................................................................................................. 220
18.5 SNMP .............................................................................................................................. 221
18.5.1 SNMP Traps ........................................................................................................... 222
18.5.2 SNMP Options ....................................................................................................... 223
18.6 DNS ................................................................................................................................. 224
18.7 Security ............................................................................................................................ 225
Chapter 19
The Logs Screens ................................................................................................................. 227
16
User’s Guide
Table of Contents
tia
19.1 Overview .......................................................................................................................... 227
19.1.1 What You Can Do in This Chapter ......................................................................... 227
19.1.2 What You Need to Know ........................................................................................ 227
19.2 View Logs ........................................................................................................................ 229
19.3 Log Settings ..................................................................................................................... 231
19.4 Log Message Descriptions .............................................................................................. 233
Chapter 20
The UPnP Screen .................................................................................................................. 243
fid
en
20.1 Overview .......................................................................................................................... 243
20.1.1 What You Can Do in This Chapter ......................................................................... 243
20.1.2 What You Need to Know ........................................................................................ 243
20.2 UPnP ............................................................................................................................... 244
20.3 Technical Reference ........................................................................................................ 245
20.3.1 Installing UPnP in Windows XP ............................................................................. 245
20.3.2 Web Configurator Easy Access ............................................................................. 249
on
Chapter 21
The Status Screen................................................................................................................. 253
21.1 Overview .......................................................................................................................... 253
21.2 Status Screen .................................................................................................................. 253
21.2.1 Packet Statistics ..................................................................................................... 258
21.2.2 WiMAX Site Information ......................................................................................... 259
21.2.3 DHCP Table ........................................................................................................... 260
21.2.4 VoIP Statistics ........................................................................................................ 261
ny
21.2.5 WiMAX Profile ........................................................................................................ 263
pa
Part VI: Troubleshooting and Specifications .................................... 265
Chapter 22
Troubleshooting.................................................................................................................... 267
om
22.1 Power, Hardware Connections, and LEDs ...................................................................... 267
22.2 WiMAX Device Access and Login ................................................................................... 268
22.3 Internet Access ................................................................................................................ 270
22.4 Phone Calls and VoIP ...................................................................................................... 272
22.5 Reset the WiMAX Device to Its Factory Defaults ............................................................ 273
22.5.1 Pop-up Windows, JavaScripts and Java Permissions ........................................... 273
Chapter 23
Product Specifications ......................................................................................................... 275
User’s Guide
17
Table of Contents
Part VII: Appendices and Index .......................................................... 277
Appendix A WiMAX Security ................................................................................................ 279
Appendix B Setting Up Your Computer’s IP Address ........................................................... 283
tia
Appendix C Wireless LANs .................................................................................................. 311
Appendix D Pop-up Windows, JavaScripts and Java Permissions ...................................... 327
en
Appendix E IP Addresses and Subnetting ........................................................................... 337
Appendix F Importing Certificates ........................................................................................ 349
Appendix G SIP Passthrough............................................................................................... 381
fid
Appendix H Common Services ............................................................................................ 383
Appendix I Legal Information................................................................................................ 387
on
Appendix J Customer Support ............................................................................................. 391
om
pa
ny
Index....................................................................................................................................... 399
18
User’s Guide
List of Figures
List of Figures
en
tia
Figure 1 The IDU/ODU Setup ................................................................................................................. 31
Figure 2 WiFi Access Point .................................................................................................................... 32
Figure 3 WiMAX Device and Base Station ............................................................................................. 32
Figure 4 WiMAX Device’s VoIP Features - Peer-to-Peer Calls .............................................................. 33
Figure 5 WiMAX Device’s VoIP Features - Calls via VoIP Service Provider .......................................... 33
Figure 6 The WiMAX Device’s LEDs ...................................................................................................... 34
on
fid
Figure 7 Main Screen ............................................................................................................................. 43
Figure 8 Select a Mode .......................................................................................................................... 47
Figure 9 Internet Connection Wizard > System Information ................................................................... 48
Figure 10 Internet Connection Wizard > Wireless LAN Screen .............................................................. 49
Figure 11 Internet Connection Wizard > Basic (WEP) Screen ............................................................... 51
Figure 12 Internet Connection Wizard > Extended (WPA-PSK) Screen ................................................ 53
Figure 13 Internet Connection Wizard > Authentication Settings Screen ............................................... 54
Figure 14 Internet Connection Wizard > IP Address .............................................................................. 56
Figure 15 Internet Connection Wizard > IP Address Assignment .......................................................... 57
ny
Figure 16 Select a Mode ........................................................................................................................ 59
Figure 17 VoIP Connection > First Voice Account Settings .................................................................... 60
Figure 18 VoIP Connection > SIP Registration Test ............................................................................... 61
Figure 19 VoIP Connection > SIP Registration Fail ................................................................................ 62
Figure 20 VoIP Connection > Finish ...................................................................................................... 63
Figure 21 SETUP > Set IP Address ....................................................................................................... 68
Figure 22 SETUP > DHCP Client ........................................................................................................... 69
Figure 23 SETUP > Time Setting ........................................................................................................... 70
Figure 24 ADVANCED > LAN Configuration > DHCP Setup ................................................................. 76
pa
Figure 25 ADVANCED > LAN Configuration > Static DHCP .................................................................. 78
Figure 26 ADVANCED > LAN Configuration> IP Alias ........................................................................... 79
om
Figure 27 Advanced> LAN Configuration > IP Static Route ................................................................... 81
Figure 28 Advanced> LAN Configuration > IP Static Route Setup ......................................................... 82
Figure 29 ADVANCED > LAN Configuration > Advanced ...................................................................... 83
Figure 30 WiMax: Mobile Station ............................................................................................................ 90
Figure 31 WiMAX: Multiple Mobile Stations ............................................................................................ 90
Figure 32 Using an AAA Server ............................................................................................................. 91
Figure 33 Traffic Redirect WAN Setup .................................................................................................... 91
Figure 34 Traffic Redirect LAN Setup ..................................................................................................... 92
Figure 35 ADVANCED > WAN Configuration > Internet Connection ..................................................... 93
Figure 36 ADVANCED > WAN Configuration >WiMAX Configuration ................................................ 96
Figure 37 Frequency Ranges ................................................................................................................. 97
Figure 38 Completing the WiMAX Frequency Screen ............................................................................ 99
User’s Guide
19
List of Figures
tia
Figure 39 ADVANCED > WAN Configuration > Traffic Redirect ............................................................. 99
Figure 40 ADVANCED > WAN Configuration > Advanced
.............................................................. 101
Figure 41 ADVANCED > Wi-Fi Configuration > General ...................................................................... 104
Figure 42 ADVANCED > Wi-Fi Configuration > WPA/WPA2 Optionsl .................................................. 106
Figure 43 ADVANCED > Wi-Fi Configuration > WPA-PSK/WPA2-PSK Optionsl ................................. 107
Figure 44 ADVANCED > WAN Configuration >WiMAX Configuration .............................................. 109
Figure 45 ADVANCED > WAN Configuration > Traffic Redirect ............................................................110
fid
en
Figure 46 VPN Transport Example ........................................................................................................113
Figure 47 Identifying Users ....................................................................................................................115
Figure 48 ADVANCED > VPN Transport > General ..............................................................................116
Figure 49 Pseudowire Mapping .............................................................................................................117
Figure 50 VPLS Tunneling .....................................................................................................................118
Figure 51 ADVANCED > VPN Transport > Customer Interface ............................................................118
Figure 52 ADVANCED > VPN Transport > Customer Interface Setup
............................................ 120
Figure 53 Ethernet Pseudowire Settings Example .............................................................................. 121
Figure 54 Advance > VPN Transport > Ethernet Pseudowire .............................................................. 121
ny
on
Figure 55 ADVANCED > VPN Transport > Ethernet Pseudowire Setup ............................................ 123
Figure 56 ADVANCED > VPN Transport > Statistics ............................................................................ 124
Figure 57 ADVANCED > NAT Configuration > General ....................................................................... 125
Figure 58 Multiple Servers Behind NAT Example ................................................................................ 127
Figure 59 ADVANCED > NAT Configuration > Port Forwarding ........................................................... 127
Figure 60 ADVANCED > NAT Configuration > Port Forwarding > Rule Setup ..................................... 129
Figure 61 ADVANCED > NAT Configuration > Trigger Port ................................................................. 130
Figure 62 Trigger Port Forwarding Example ......................................................................................... 131
Figure 63 ADVANCED > NAT Configuration > ALG ............................................................................. 133
Figure 64 ADVANCED > System Configuration > General .................................................................. 137
Figure 65 ADVANCED > System Configuration > Dynamic DNS ......................................................... 139
Figure 66 ADVANCED > System Configuration > Firmware ................................................................ 140
Figure 67 ADVANCED > System Configuration > Configuration .......................................................... 142
pa
Figure 68 ADVANCED > System Configuration > Restart .................................................................... 143
Figure 69 VOICE > Service Configuration > SIP Setting ...................................................................... 149
Figure 70 STUN .................................................................................................................................... 151
Figure 71 VOICE > Service Configuration > SIP Settings > Advanced ................................................ 153
om
Figure 72 VOICE > Service Configuration > QoS ................................................................................ 158
Figure 73 SIP User Agent ..................................................................................................................... 160
Figure 74 SIP Proxy Server .................................................................................................................. 161
Figure 75 SIP Redirect Server .............................................................................................................. 162
Figure 76 DiffServ: Differentiated Service Field .................................................................................... 163
Figure 77 VOICE > Phone > Analog Phone ......................................................................................... 166
Figure 78 VOICE > Phone > Analog Phone > Advanced ..................................................................... 168
Figure 79 VOICE > Phone > Common ................................................................................................. 169
Figure 80 VOICE > Phone > Region .................................................................................................... 170
Figure 81 VOICE > Phone Book > Incoming Call Policy ...................................................................... 176
20
User’s Guide
List of Figures
tia
Figure 82 VOICE > Phone Book > Speed Dial ..................................................................................... 178
Figure 83 TOOLS > Certificates > My Certificates ............................................................................ 184
Figure 84 TOOLS > Certificates > My Certificates > Create ................................................................ 186
Figure 85 TOOLS > Certificates > My Certificates > Edit .................................................................... 189
Figure 86 TOOLS > Certificates > My Certificates > Import ................................................................. 192
Figure 87 TOOLS > Certificates > Trusted CAs ................................................................................... 193
Figure 88 TOOLS > Certificates > Trusted CAs > Edit ...................................................................... 195
fid
en
Figure 89 TOOLS > Certificates > Trusted CAs > Import ..................................................................... 198
Figure 90 Remote Host Certificates ..................................................................................................... 201
Figure 91 Certificate Details ................................................................................................................ 201
Figure 92 Firewall Rule Directions ........................................................................................................ 204
Figure 93 Ideal Firewall Setup .............................................................................................................. 205
Figure 94 TOOLS > Firewall > Firewall Setting .................................................................................... 206
Figure 95 TOOLS > Firewall > Service Setting .................................................................................... 207
Figure 96 “Triangle Route” Problem ..................................................................................................... 210
Figure 97 IP Alias ..................................................................................................................................211
ny
on
Figure 98 TOOLS > Content Filter > Filter ........................................................................................... 214
Figure 99 TOOLS > Content Filter > Schedule .................................................................................... 216
Figure 100 TOOLS > Remote Management > WWW .......................................................................... 219
Figure 101 TOOLS > Remote Management > Telnet ........................................................................... 220
Figure 102 TOOLS > Remote Management > FTP .............................................................................. 220
Figure 103 SNMP Management Model ................................................................................................ 221
Figure 104 TOOLS > Remote Management > SNMP .......................................................................... 223
Figure 105 TOOLS > Remote Management > DNS ............................................................................. 224
Figure 106 TOOLS > Remote Management > Security ....................................................................... 225
Figure 107 TOOLS > Logs > View Logs ............................................................................................... 229
Figure 108 TOOLS > Logs > Log Settings ........................................................................................... 231
Figure 109 TOOLS > UPnP .................................................................................................................. 244
Figure 110 Network Connections ......................................................................................................... 245
pa
Figure 111 Windows Optional Networking Components Wizard .......................................................... 246
Figure 112 Networking Services ........................................................................................................... 246
Figure 113 Network Connections ......................................................................................................... 247
Figure 114 Internet Connection Properties .......................................................................................... 247
om
Figure 115 Internet Connection Properties: Advanced Settings ........................................................... 248
Figure 116 Internet Connection Properties: Advanced Settings: Add .................................................. 248
Figure 117 System Tray Icon ................................................................................................................ 248
Figure 118 Internet Connection Status ................................................................................................. 249
Figure 119 Network Connections ......................................................................................................... 250
Figure 120 Network Connections: My Network Places ........................................................................ 250
Figure 121 Network Connections: My Network Places: Properties: Example ...................................... 251
Figure 122 Status ................................................................................................................................. 253
Figure 123 Packet Statistics ................................................................................................................. 258
Figure 124 WiMAX Site Information .................................................................................................... 259
User’s Guide
21
List of Figures
tia
Figure 125 DHCP Table ........................................................................................................................ 260
Figure 126 VoIP Statistics ..................................................................................................................... 261
Figure 127 WiMAX Profile ................................................................................................................... 263
Figure 128 Windows XP: Start Menu .................................................................................................... 284
Figure 129 Windows XP: Control Panel ............................................................................................... 284
Figure 130 Windows XP: Control Panel > Network Connections > Properties .................................... 285
Figure 131 Windows XP: Local Area Connection Properties ............................................................... 285
fid
en
Figure 132 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 286
Figure 133 Windows Vista: Start Menu ................................................................................................. 287
Figure 134 Windows Vista: Control Panel ............................................................................................ 287
Figure 135 Windows Vista: Network And Internet ................................................................................ 287
Figure 136 Windows Vista: Network and Sharing Center ..................................................................... 288
Figure 137 Windows Vista: Network and Sharing Center ..................................................................... 288
Figure 138 Windows Vista: Local Area Connection Properties ............................................................ 289
Figure 139 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties ................................... 290
Figure 140 Mac OS X 10.4: Apple Menu .............................................................................................. 291
ny
on
Figure 141 Mac OS X 10.4: System Preferences ................................................................................. 291
Figure 142 Mac OS X 10.4: Network Preferences ............................................................................... 292
Figure 143 Mac OS X 10.4: Network Preferences > TCP/IP Tab. ........................................................ 292
Figure 144 Mac OS X 10.4: Network Preferences > Ethernet .............................................................. 293
Figure 145 Mac OS X 10.4: Network Utility .......................................................................................... 294
Figure 146 Mac OS X 10.5: Apple Menu .............................................................................................. 295
Figure 147 Mac OS X 10.5: Systems Preferences ............................................................................... 295
Figure 148 Mac OS X 10.5: Network Preferences > Ethernet .............................................................. 296
Figure 149 Mac OS X 10.5: Network Preferences > Ethernet .............................................................. 297
Figure 150 Mac OS X 10.5: Network Utility .......................................................................................... 298
Figure 151 Ubuntu 8: System > Administration Menu .......................................................................... 299
Figure 152 Ubuntu 8: Network Settings > Connections ........................................................................ 299
Figure 153 Ubuntu 8: Administrator Account Authentication ................................................................ 300
pa
Figure 154 Ubuntu 8: Network Settings > Connections ........................................................................ 300
Figure 155 Ubuntu 8: Network Settings > Properties ........................................................................... 301
Figure 156 Ubuntu 8: Network Settings > DNS ................................................................................... 302
Figure 157 Ubuntu 8: Network Tools .................................................................................................... 303
om
Figure 158 openSUSE 10.3: K Menu > Computer Menu ..................................................................... 304
Figure 159 openSUSE 10.3: K Menu > Computer Menu ..................................................................... 305
Figure 160 openSUSE 10.3: YaST Control Center .............................................................................. 305
Figure 161 openSUSE 10.3: Network Settings .................................................................................... 306
Figure 162 openSUSE 10.3: Network Card Setup ............................................................................... 307
Figure 163 openSUSE 10.3: Network Settings .................................................................................... 308
Figure 164 openSUSE 10.3: KNetwork Manager ................................................................................. 309
Figure 165 openSUSE: Connection Status - KNetwork Manager ........................................................ 309
Figure 166 Peer-to-Peer Communication in an Ad-hoc Network ..........................................................311
Figure 167 Basic Service Set ............................................................................................................... 312
22
User’s Guide
List of Figures
tia
Figure 168 Infrastructure WLAN ........................................................................................................... 313
Figure 169 RTS/CTS ........................................................................................................................... 314
Figure 170 WPA(2) with RADIUS Application Example ....................................................................... 323
Figure 171 WPA(2)-PSK Authentication ............................................................................................... 324
Figure 172 Pop-up Blocker ................................................................................................................... 327
Figure 173 Internet Options: Privacy .................................................................................................... 328
Figure 174 Internet Options: Privacy .................................................................................................... 329
fid
en
Figure 175 Pop-up Blocker Settings ..................................................................................................... 330
Figure 176 Internet Options: Security ................................................................................................... 331
Figure 177 Security Settings - Java Scripting ....................................................................................... 332
Figure 178 Security Settings - Java ...................................................................................................... 333
Figure 179 Java (Sun) .......................................................................................................................... 334
Figure 180 Mozilla Firefox: TOOLS > Options ...................................................................................... 334
Figure 181 Mozilla Firefox Content Security ......................................................................................... 335
Figure 182 Network Number and Host ID ............................................................................................ 338
Figure 183 Subnetting Example: Before Subnetting ............................................................................ 341
ny
on
Figure 184 Subnetting Example: After Subnetting ............................................................................... 342
Figure 185 Conflicting Computer IP Addresses Example .................................................................... 347
Figure 186 Conflicting Computer IP Addresses Example .................................................................... 347
Figure 187 Conflicting Computer and Router IP Addresses Example .................................................. 348
Figure 188 Internet Explorer 7: Certification Error ................................................................................ 350
Figure 189 Internet Explorer 7: Certification Error ................................................................................ 350
Figure 190 Internet Explorer 7: Certificate Error ................................................................................... 351
Figure 191 Internet Explorer 7: Certificate ............................................................................................ 351
Figure 192 Internet Explorer 7: Certificate Import Wizard .................................................................... 352
Figure 193 Internet Explorer 7: Certificate Import Wizard .................................................................... 352
Figure 194 Internet Explorer 7: Certificate Import Wizard .................................................................... 353
Figure 195 Internet Explorer 7: Select Certificate Store ....................................................................... 353
Figure 196 Internet Explorer 7: Certificate Import Wizard .................................................................... 354
pa
Figure 197 Internet Explorer 7: Security Warning ................................................................................. 354
Figure 198 Internet Explorer 7: Certificate Import Wizard .................................................................... 355
Figure 199 Internet Explorer 7: Website Identification .......................................................................... 355
Figure 200 Internet Explorer 7: Public Key Certificate File ................................................................... 356
om
Figure 201 Internet Explorer 7: Open File - Security Warning .............................................................. 356
Figure 202 Internet Explorer 7: Tools Menu ......................................................................................... 357
Figure 203 Internet Explorer 7: Internet Options .................................................................................. 357
Figure 204 Internet Explorer 7: Certificates .......................................................................................... 358
Figure 205 Internet Explorer 7: Certificates .......................................................................................... 358
Figure 206 Internet Explorer 7: Root Certificate Store .......................................................................... 358
Figure 207 Firefox 2: Website Certified by an Unknown Authority ....................................................... 360
Figure 208 Firefox 2: Page Info ............................................................................................................ 361
Figure 209 Firefox 2: Tools Menu ......................................................................................................... 362
Figure 210 Firefox 2: Options ............................................................................................................... 362
User’s Guide
23
List of Figures
tia
Figure 211 Firefox 2: Certificate Manager ........................................................................................... 363
Figure 212 Firefox 2: Select File .......................................................................................................... 363
Figure 213 Firefox 2: Tools Menu ......................................................................................................... 364
Figure 214 Firefox 2: Options ............................................................................................................... 364
Figure 215 Firefox 2: Certificate Manager ........................................................................................... 365
Figure 216 Firefox 2: Delete Web Site Certificates .............................................................................. 365
Figure 217 Opera 9: Certificate signer not found ................................................................................. 366
fid
en
Figure 218 Opera 9: Security information ............................................................................................. 367
Figure 219 Opera 9: Tools Menu .......................................................................................................... 368
Figure 220 Opera 9: Preferences ......................................................................................................... 369
Figure 221 Opera 9: Certificate manager ............................................................................................ 370
Figure 222 Opera 9: Import certificate ................................................................................................. 370
Figure 223 Opera 9: Install authority certificate ................................................................................... 371
Figure 224 Opera 9: Install authority certificate ................................................................................... 371
Figure 225 Opera 9: Tools Menu .......................................................................................................... 372
Figure 226 Opera 9: Preferences ......................................................................................................... 372
om
pa
ny
on
Figure 227 Opera 9: Certificate manager ............................................................................................ 373
Figure 228 Konqueror 3.5: Server Authentication ................................................................................ 374
Figure 229 Konqueror 3.5: Server Authentication ................................................................................ 374
Figure 230 Konqueror 3.5: KDE SSL Information ................................................................................ 375
Figure 231 Konqueror 3.5: Public Key Certificate File .......................................................................... 376
Figure 232 Konqueror 3.5: Certificate Import Result ............................................................................ 376
Figure 233 Konqueror 3.5: Kleopatra ................................................................................................... 376
Figure 234 Konqueror 3.5: Settings Menu ............................................................................................ 378
Figure 235 Konqueror 3.5: Configure ................................................................................................... 378
24
User’s Guide
List of Tables
List of Tables
en
tia
Table 1 Common Icons ............................................................................................................................ 5
Table 2 The WiMAX Device ................................................................................................................... 34
Table 3 Main > Icons ............................................................................................................................. 40
Table 4 Main .......................................................................................................................................... 42
Table 5 Main > Icons ............................................................................................................................. 43
Table 6 Main .......................................................................................................................................... 44
on
fid
Table 7 Internet Connection Wizard > System Information ................................................................... 48
Table 8 Internet Connection Wizard > Wireless LAN Screen ................................................................ 49
Table 9 Internet Connection Wizard > Basic (WEP) Screen .................................................................. 52
Table 10 Internet Connection Wizard > Extended (WPA-PSK) Screen ................................................. 53
Table 11 Internet Connection Wizard > Authentication Settings Screen ............................................... 54
Table 12 Internet Connection Wizard > IP Address ............................................................................... 56
Table 13 Internet Connection Wizard > IP Address ............................................................................... 58
Table 14 VoIP Connection > First Voice Account Settings .................................................................... 60
Table 15 SETUP > Set IP Address ........................................................................................................ 69
ny
Table 16 SETUP > Set IP Address ........................................................................................................ 69
Table 17 SETUP > DHCP Client ............................................................................................................ 70
Table 18 Pre-defined NTP Time Servers ............................................................................................... 71
Table 19 ADVANCED > LAN Configuration > DHCP Setup .................................................................. 77
Table 20 ADVANCED > LAN Configuration > Static DHCP ................................................................... 78
Table 21 ADVANCED > LAN Configuration> IP Alias ........................................................................... 79
Table 22 Advanced> LAN Configuration > IP Static Route .................................................................... 81
Table 23 Advanced> LAN Configuration > IP Static Route .................................................................... 81
Table 24 Management > Static Route > IP Static Route > Edit ............................................................. 82
pa
Table 25 ADVANCED > LAN Configuration > Other Settings ................................................................ 83
Table 26 ADVANCED > WAN Configuration > Internet Connection > ISP Parameters for Internet Access
93
Table 27 Radio Frequency Conversion ................................................................................................. 96
om
Table 28 ADVANCED > WAN Configuration >WiMAX Configuration .................................................... 96
Table 29 DL Frequency Example Settings ............................................................................................ 98
Table 30 ADVANCED > WAN Configuration > Traffic Redirect ........................................................... 100
Table 31 ADVANCED > WAN Configuration > Advanced ................................................................... 101
Table 32 ADVANCED > Wi-Fi Configuration > General ...................................................................... 104
Table 33 ADVANCED > Wi-Fi Configuration > General ...................................................................... 107
Table 34 ADVANCED > Wi-Fi Configuration > General ...................................................................... 108
Table 35 ADVANCED > WAN Configuration >WiMAX Configuration .................................................. 109
Table 36 ADVANCED > Wi-Fi Configuration > Advanced ....................................................................110
Table 37 ADVANCED > VPN Transport > General ...............................................................................116
User’s Guide
25
List of Tables
tia
Table 38 Advanced> VPN Transport > Customer Interface ..................................................................119
Table 39 ADVANCED > VPN Transport > Customer Interface .............................................................119
Table 40 ADVANCED > VPN Transport > Customer Interface Setup ................................................. 120
Table 41 Advanced> VPN Transport > Customer Interface ................................................................. 122
Table 42 ADVANCED > VPN Transport > Ethernet Pseudowire ......................................................... 122
Table 43 ADVANCED > VPN Transport > Ethernet Pseudowire Setup ............................................... 123
Table 44 ADVANCED > VPN Transport > Statistics ............................................................................ 124
fid
en
Table 45 ADVANCED > NAT Configuration > General ........................................................................ 126
Table 46 Advanced> VPN Transport > Customer Interface ................................................................. 128
Table 47 ADVANCED > NAT Configuration > Port Forwarding ........................................................... 128
Table 48 ADVANCED > NAT Configuration > Port Forwarding > Rule Setup ..................................... 129
Table 49 ADVANCED > NAT Configuration > Trigger Port .................................................................. 130
Table 50 ADVANCED > NAT Configuration > ALG .............................................................................. 133
Table 51 ADVANCED > System Configuration > General ................................................................... 137
Table 52 ADVANCED > System Configuration > Dynamic DNS ......................................................... 139
Table 53 ADVANCED > System Configuration > Firmware ................................................................. 141
ny
on
Table 54 ADVANCED > System Configuration > Configuration .......................................................... 142
Table 55 ADVANCED > System Configuration > Firmware ................................................................. 143
Table 56 VOICE > Service Configuration > SIP Setting ...................................................................... 150
Table 57 VOICE > Service Configuration > SIP Settings > Advanced ................................................ 153
Table 58 Custom Tones Details ........................................................................................................... 156
Table 59 VOICE > Service Configuration > QoS ................................................................................. 158
Table 60 SIP Call Progression ............................................................................................................. 159
Table 61 VOICE > Phone > Analog Phone .......................................................................................... 167
Table 62 VOICE > Phone > Analog Phone > Advanced ...................................................................... 168
Table 63 VOICE > Phone > Common .................................................................................................. 169
Table 64 VOICE > Phone > Region ..................................................................................................... 170
Table 65 European Type Flash Key Commands ................................................................................. 171
Table 66 USA Type Flash Key Commands ......................................................................................... 173
pa
Table 67 VOICE > Phone Book > Incoming Call Policy ....................................................................... 176
Table 68 Advanced> LAN Configuration > IP Static Route .................................................................. 178
Table 69 VOICE > Phone Book > Speed Dial ...................................................................................... 179
Table 70 TOOLS > Certificates > My Certificates ................................................................................ 184
om
Table 71 TOOLS > Certificates > My Certificates ................................................................................ 184
Table 72 TOOLS > Certificates > My Certificates > Create ................................................................. 187
Table 73 TOOLS > Certificates > My Certificates > Edit ...................................................................... 190
Table 74 TOOLS > Certificates > My Certificates > Import .................................................................. 192
Table 75 TOOLS > Certificates > Trusted CAs .................................................................................... 193
Table 76 TOOLS > Certificates > Trusted CAs .................................................................................... 193
Table 77 TOOLS > Certificates > Trusted CAs > Edit .......................................................................... 195
Table 78 TOOLS > Certificates > Trusted CAs Import ......................................................................... 198
Table 79 TOOLS > Firewall > Firewall Setting ..................................................................................... 206
Table 80 TOOLS > Firewall > Service Setting ..................................................................................... 207
26
User’s Guide
List of Tables
tia
Table 81 TOOLS > Content Filter > Filter ............................................................................................ 215
Table 82 TOOLS > Content Filter > Schedule ..................................................................................... 216
Table 83 Remote Management ........................................................................................................... 217
Table 84 TOOLS > Remote Management > WWW ............................................................................. 219
Table 85 TOOLS > Remote Management > Telnet ............................................................................. 220
Table 86 TOOLS > Remote Management > FTP ................................................................................ 221
Table 87 SNMP Traps .......................................................................................................................... 222
fid
en
Table 88 TOOLS > Remote Management > SNMP ............................................................................. 223
Table 89 TOOLS > Remote Management > DNS ............................................................................... 224
Table 90 TOOLS > Remote Management > Security .......................................................................... 225
Table 91 Syslog Logs .......................................................................................................................... 228
Table 92 RFC-2408 ISAKMP Payload Types ...................................................................................... 228
Table 93 TOOLS > Logs > View Logs ................................................................................................. 229
Table 94 TOOLS > Logs > Log Settings .............................................................................................. 231
Table 95 System Error Logs ................................................................................................................ 233
Table 96 System Maintenance Logs .................................................................................................... 233
ny
on
Table 97 Access Control Logs ............................................................................................................. 234
Table 98 TCP Reset Logs .................................................................................................................... 234
Table 99 Packet Filter Logs ................................................................................................................. 235
Table 100 ICMP Logs .......................................................................................................................... 235
Table 101 PPP Logs ............................................................................................................................ 236
Table 102 UPnP Logs .......................................................................................................................... 236
Table 103 Content Filtering Logs ......................................................................................................... 236
Table 104 Attack Logs ......................................................................................................................... 237
Table 105 Remote Management Logs ................................................................................................. 238
Table 106 ICMP Notes ......................................................................................................................... 239
Table 107 SIP Logs ............................................................................................................................. 240
Table 108 RTP Logs ............................................................................................................................ 240
Table 109 FSM Logs: Caller Side ........................................................................................................ 240
pa
Table 110 FSM Logs: Callee Side ....................................................................................................... 240
Table 111 Lifeline Logs ........................................................................................................................ 241
Table 112 TOOLS > UPnP ................................................................................................................... 245
Table 113 Status .................................................................................................................................. 254
om
Table 114 Packet Statistics .................................................................................................................. 258
Table 115 WiMAX Site Information ...................................................................................................... 259
Table 116 DHCP Table ........................................................................................................................ 260
Table 117 VoIP Statistics ..................................................................................................................... 261
Table 118 The WiMAX Profile Screen ................................................................................................. 263
Table 119 IDU Hardware Specifications .............................................................................................. 275
Table 120 Indoor Wireless LAN Specification ...................................................................................... 275
Table 121 ODU Hardware Specifications ............................................................................................ 276
Table 122 Outdoor Wireless LAN Specification ................................................................................... 276
Table 123 IEEE 802.11g ...................................................................................................................... 316
User’s Guide
27
List of Tables
tia
Table 124 Wireless Security Levels ..................................................................................................... 316
Table 125 Comparison of EAP Authentication Types .......................................................................... 320
Table 126 Wireless Security Relational Matrix .................................................................................... 324
Table 127 IP Address Network Number and Host ID Example ........................................................... 338
Table 128 Subnet Masks ..................................................................................................................... 339
Table 129 Maximum Host Numbers .................................................................................................... 339
Table 130 Alternative Subnet Mask Notation ....................................................................................... 340
om
pa
ny
on
fid
en
Table 131 Subnet 1 .............................................................................................................................. 343
Table 132 Subnet 2 .............................................................................................................................. 343
Table 133 Subnet 3 .............................................................................................................................. 343
Table 134 Subnet 4 .............................................................................................................................. 343
Table 135 Eight Subnets ...................................................................................................................... 344
Table 136 24-bit Network Number Subnet Planning ............................................................................ 344
Table 137 16-bit Network Number Subnet Planning ............................................................................ 345
Table 138 Commonly Used Services ................................................................................................... 383
28
User’s Guide
tia
P ART I
fid
en
Introduction and
Wizards
Introducing the Web Configurator (37)
om
pa
ny
VoIP Connection Wizard (59)
Internet Connection Wizard (47)
on
Getting Started (31)
29
30
om
pa
ny
on
fid
en
tia
CHAPTER
tia
Getting Started
en
1.1 Overview
fid
This product is a WiMAX subscriber station system comprised of an outdoor unit
(ODU) and an indoor unit (IDU). The ODU connects to the WiMAX network while
the IDU is the management point between the WiMAX network (via the ODU) and
your computer/local area network. The IDU can also function as a Wi-Fi access
point to the WiMAX network.
Figure 1 The IDU/ODU Setup
on
Note: This User’s Guide is concerned strictly with the IDU, hereafter referred to as the
“WiMAX Device”. In the following figures both the IDU and ODU may be shown,
but all configuration options are for the IDU alone.
pa
ny
Wi-Fi
om
With this product, you can:
• Connecting wirelessly to the Internet via WiMAX.
• Use a traditional analog telephone to make Internet calls using the WiMAX
Device’s Voice over IP (VoIP) communication capabilities.
• Set up an IEEE 802.11g wireless network (WLAN) using the WiMAX Device as an
access point for the computers on your network.
• Configure firewall, content filtering and other features using the built-in
browser-based Web Configurator.
See Chapter 23 on page 275 for a complete list of features for your model.
User’s Guide
31
Chapter 1 Getting Started
1.1.1 Wi-Fi Access Point
Activate the WiMAX Device’s built-in IEEE 802.11g (also known as ‘Wi-Fi’ or
‘WLAN’) feature to allow it to function as a wireless Access Point (AP).
tia
The illustration below shows a group of notebook computers connecting wirelessly
to the WiMAX Device and then to the Internet through a WiMAX base station (BS).
en
Figure 2 WiFi Access Point
on
WiMAX
fid
Wi-Fi
1.1.2 WiMAX Internet Access
ny
Connect your computer or network directly to the WiMAX Device for WiMAX
Internet access. In a wireless metropolitan area network (MAN), the WiMAX
Device connects to a nearby WiMAX base station (BS) for Internet access.
pa
The following diagram shows a notebook computer equipped with the WiMAX
Device connecting to the Internet through a WiMAX base station (BS).
om
Figure 3 WiMAX Device and Base Station
32
When the firewall is on, all incoming traffic from the Internet to your network is
blocked unless it is initiated from your network.
User’s Guide
Chapter 1 Getting Started
tia
1.1.3 Make Calls via Internet Telephony Service Provider
Use content filtering to block access to web sites with URLs containing keywords
that you specify. You can define time periods and days during which content
filtering is enabled and include or exclude particular computers on your network
from content filtering
en
In a home or small office environment, you can use the WiMAX Device to make
and receive the following types of VoIP telephone calls:
• Peer-to-Peer calls - Use the WiMAX Device to make a call directly to the
recipient’s IP address without using a SIP proxy server.
on
fid
Figure 4 WiMAX Device’s VoIP Features - Peer-to-Peer Calls
ny
• Calls via a VoIP service provider - The WiMAX Device sends your call to a VoIP
service provider’s SIP server which forwards your calls to either VoIP or PSTN
phones.
om
pa
Figure 5 WiMAX Device’s VoIP Features - Calls via VoIP Service Provider
User’s Guide
33
Chapter 1 Getting Started
1.2 WiMAX Device Hardware
Follow the instructions in the Quick Start Guide to make hardware connections.
The following figure shows the LEDs (lights) on the WiMAX Device.
fid
en
Figure 6 The WiMAX Device’s LEDs
tia
1.2.1 LEDs
The following table describes your WiMAX Device’s LEDs (from right to left).
Table 2 The WiMAX Device
STATE
PWR
Off
DESCRIPTION
on
LED
The WiMAX Device is not receiving power.
The WiMAX Device is receiving power but has been
unable to start up correctly or is not receiving
enough power. See the Troubleshooting section for
more information.
Red
Blinking Green
The WiMAX Device is performing a self-test.
ny
The WiMAX Device is receiving power and
functioning correctly.
Off
The LAN is not connected.
Green
The WiMAX Device has a successful Local Area
Network (Ethernet) connection.
Blinking Green
The WiMAX Device is the process of transmitting
and receiving data.
pa
LAN 1~4
Solid Green
om
VoIP 1~2
34
Off
No SIP account is registered, or the WiMAX Device
is not receiving power.
Green
A SIP account is registered.
Blinking Green
A SIP account is registered, and the phone attached
to the LINE port is in use (off the hook).
Orange
A SIP account is registered and has a voice
message on the SIP server.
Blinking Orange
A SIP account is registered and has a voice
message on the SIP server, and the phone attached
to the LINE port is in use (off the hook).
User’s Guide
Chapter 1 Getting Started
Table 2 The WiMAX Device
STATE
DESCRIPTION
PoE
Off
The Power over Ethernet (PoE) link is not
functioning.
Green
The PoE link is functioning correctly
Blinking Green
The WiMAX Device is trasmitting and receiving data
over the PoE link.
Off
The Wi-Fi network is not operational.
Green
The Wi-Fi network is operational.
Blinking Green
The WiMAX Device is sending and receiving data
across the Wi-Fi network.
Green
The WiMAX service set ID is registered and
operational.
Slow Blinking
Green
The WiMAX Device is currently searching for a
channel (approximate blink is speed 1 second per).
Fast Blinking Green
The WiMAX Device is currently the process of
joining a WiMAX network (approximate blink speed
is 0.5 second per).
SIGNAL 1~3
tia
en
fid
LINK
The Signal LEDs display the Received Signal Strength Indication (RSSI) of
the wireless (WiMAX) connection.
No Signal LEDS
Signal 1 On
There is no WiMAX connection.
The signal strength is less than or equal to -90 dBm
The signal strength is less than or equal to -80 dBm
Signal 2 On
on
WLAN
LED
The signal strength is less than or equal to -70 dBm
ny
Signal 3 On
1.3 Good Habits for Managing the WiMAX Device
pa
Do the following things regularly to make the WiMAX Device more secure and to
manage the WiMAX Device more effectively.
• Change your passwords regularly. Use passwords that are not easy to guess
and that consist of different types of characters, such as numbers and letters.
om
• Write down your passwords but be sure to put them in a safe, secure place.
Never store them in proximity to your computer or WiMAX Device.
• Back up the configuration (and make sure you know how to restore it).
Restoring an earlier working configuration may be useful if the WiMAX Device
becomes unstable or even crashes. If you forget your password, you will have to
reset the WiMAX Device to its factory default settings. If you backed up an
earlier configuration file, you would not have to totally re-configure the WiMAX
Device. You could simply restore your last configuration.
User’s Guide
35
C
om
pa
ny
on
fid
en
tia
Chapter 1 Getting Started
36
User’s Guide
CHAPTER
en
tia
Introducing the Web
Configurator
2.1 Overview
on
fid
The web configurator is an HTML-based management interface that allows easy
device set up and management via any web browser that supports: HTML 4.0,
CSS 2.0, and JavaScript 1.5, and higher. The recommended screen resolution for
using the web configurator is 1024 by 768 pixels and 16-bit color, or higher.
In order to use the web configurator you need to allow:
• Web browser pop-up windows from your device. Web pop-up blocking is
enabled by default in many operating systems and web browsers.
• JavaScript (enabled by default in most web browsers).
• Java permissions (enabled by default in most web browsers).
ny
See the Appendix D on page 327 for more information on configuring your web
browser.
pa
2.1.1 Accessing the Web Configurator
Make sure your WiMAX Device hardware is properly connected (refer to the Quick
Start Guide for more information).
Launch your web browser.
Enter "192.168.1.1" as the URL.
om
User’s Guide
37
Chapter 2 Introducing the Web Configurator
A password screen displays. The default password (“1234”) displays in nonreadable characters. If you haven’t changed the password yet, you can just click
Login. Click Cancel to revert to the default password in the password field. If you
have changed the password, enter your password and click Login.
The following screen displays if you have not yet changed your password. It is
highly recommended you change the default password. Enter a new password,
retype it to confirm and click Apply; alternatively click Ignore to proceed to the
main menu if you do not want to change the password now.
om
pa
ny
on
fid
en
tia
38
User’s Guide
Chapter 2 Introducing the Web Configurator
Click Apply in the next screen to create a certificate using your WiMAX Device’s
MAC address which is specific to this device. This certificate is used for
authentication when using a secure HTTPS connection over the Internet.
A screen displays to let you choose whether to go to the wizard or the advanced
screens.
on
fid
en
tia
• Click Go to Wizard setup if you are logging in for the first time or if you
want to make basic changes. The wizard selection screen appears after you
click Apply. See Chapter 3 on page 47 for more information.
• Click Go to Advanced setup if you want to configure features that are not
available in the wizards. The main screen appears after you click Apply.
See Section 3 on page 40 for more information.
om
pa
ny
• Click Exit if you want to log out.
Note: For security reasons, the WiMAX Device automatically logs you out if you do
not use the web configurator for five minutes. If this happens, simply log in
again.
User’s Guide
39
Chapter 2 Introducing the Web Configurator
2.1.2 The Reset Button
tia
If you forget your password or cannot access the web configurator, you will need
to use the Reset button to reload the factory-default configuration file. This
means that you will lose all configurations that you had previously and the
password will be reset to “1234”.
2.1.2.1 Using The Reset Button
Make sure the Power light is on (not blinking).
To set the device back to the factory default settings, press the Reset button for
ten seconds or until the Power light begins to blink and then release it. When the
Power light begins to blink, the defaults have been restored and the device
restarts.
Reconfigure the WiMAX Device following the steps in your Quick Start Guide.
2.2 The Main Screen
on
fid
en
ny
When you first log into the web configurator, the Main screen appears. Here you
can view a concise summary of your WiMAX Device connection status. This is also
the default “home” page for the ZyXEL web configurator and it contains
conveniently-placed shortcuts to all of the other screens.
Note: Some features in the web configurator may not be available depending on your
firmware version and/or configuration.
Table 3 Main > Icons
om
pa
ICON
40
DESCRIPTION
MAIN
Click to return to the Main screen.
SETUP
Click to go the Setup screen, where you can configure LAN,
DHCP and WAN settings.
ADVANCED
Click to go to the Advanced screen, where you can configure
features like Port Forwarding and Triggering, SNTP and so on.
User’s Guide
Chapter 2 Introducing the Web Configurator
Table 3 Main > Icons (continued)
ICON
DESCRIPTION
tia
Click to go to the Voice screen, where you can configure your
voice service and phone settings.
VOICE
TOOLS
Click to go the Tools screen, where you can configure your
firewall, QoS, and content filter, among other things.
en
STATUS
Click to go to the Status screen, where you can view status and
statistical information for all connections and interfaces.
Strength Indicator
on
Disconnected - Zero bars
Poor reception - One bar
Good reception - Two bars
Excellent reception - Three bars
om
pa
ny
•
•
•
•
fid
Displays a visual representation of the quality of your WiMAX
connection.
User’s Guide
41
Chapter 2 Introducing the Web Configurator
The following table describes the labels in this screen.
Table 4 Main
DESCRIPTION
Help
Click to open the web configurator’s online help.
Wizard
Click to run the Internet Connection and VoIP Connection Setup
Wizard. All of the settings that you can configure in this wizard
are also available in these web configurator screens.
Logout
Click to log out of the web configurator.
tia
LABEL
This field indicates the current status of your WiMAX connection.
•
•
•
Connected - Indicates that the WiMAX Device is connected
to the WiMAX network. Use the Strength Indicator icon to
determine the quality of your network connection.
Disconnected - Indicates that the WiMAX Device is not
connected to the WiMAX network.
DL_SYN - Indicates a download synchronization is in
progress. This means the firmware is checking with the
server for any updates or settings alterations.
This field indicates the version number of the WiMAX Device’s
firmware. The version number takes the form of:
Version(Build),release status (candidate) | Version Release
Date.
Software Version
fid
Status messages are as follows:
on
WiMAX Connection
Status
en
Note: This does not log you off the WiMAX network, it simply
logs you out of the WiMAX Device’s browser-based
configuration interface.
ny
For example: V3.60(BCC.0)c4 | 07/08/2008 indicates that the
firmware is 3.60, build BCC.0, candidate4, released on July 08,
2008.
This field indicates the exact date and time the current firmware
was compiled.
System Uptime
This field indicates how long the WiMAX Device has been on.
This resets every time you shut the device down or restart it.
pa
Version Date
This field indicates how long the WiMAX Device has been
connected to the WiMAX network. This resets every time you
disconnect from the WiMAX network, shut the device down, or
restart it.
Voice 1
This field indicates the number and receiver status of the first
voice account.
om
WiMAX Uptime
42
User’s Guide
Chapter 2 Introducing the Web Configurator
on
fid
en
tia
Figure 7 Main Screen
Table 5 Main > Icons
The following table describes the icons in this screen.
DESCRIPTION
ICON
MAIN
ny
Click to return to the Main screen.
om
pa
SETUP
User’s Guide
Click to go the Setup screen, where you can configure LAN and
DHCP settings.
ADVANCED
Click to go to the Advanced screen, where you can configure
features like Port Forwarding and Triggering, SNTP and so on.
VOICE
Click to go to the Voice screen, where you can configure your
voice service and phone settings.
TOOLS
Click to go the Tools screen, where you can configure your
firewall, QoS, and content filter, among other things.
43
Chapter 2 Introducing the Web Configurator
Table 5 Main > Icons (continued)
DESCRIPTION
ICON
tia
Click to go to the Status screen, where you can view status and
statistical information for all connections and interfaces.
STATUS
Strength Indicator
•
•
•
•
Disconnected - Zero bars
Poor reception - One bar
Good reception - Two bars
Excellent reception - Three bars
Table 6 Main
LABEL
DESCRIPTION
fid
The following table describes the labels in this screen.
en
Displays a visual representation of the quality of your WiMAX
connection.
Click to open the web configurator’s online help.
Wizard
Click to run the Internet Connection and VoIP Connection Setup
Wizard. All of the settings that you can configure in this wizard
are also available in these web configurator screens.
Logout
Click to log out of the web configurator.
on
Help
Note: This does not log you off the WiMAX network, it simply
logs you out of the WiMAX Device’s browser-based
configuration interface.
This field indicates the current status of your WiMAX connection.
ny
WiMAX Connection
Status
Status messages are as follows:
pa
•
om
Software Version
44
•
•
Connected - Indicates that the WiMAX Device is connected
to the WiMAX network. Use the Strength Indicator icon to
determine the quality of your network connection.
Disconnected - Indicates that the WiMAX Device is not
connected to the WiMAX network.
DL_SYN - Indicates a download synchronization is in
progress. This means the firmware is checking with the
server for any updates or settings alterations.
This field indicates the version number of the WiMAX Device’s
firmware. The version number takes the form of: Version(Build),
release status (candidate) | Version Release Date.
For example: V3.60(BCC.0)c4 | 07/08/2009 indicates that the
firmware is 3.60, build BCC.0, candidate 4, released on July 08,
2009.
Version Date
This field indicates the exact date and time the current firmware
was compiled.
System Uptime
This field indicates how long the WiMAX Device has been on.
This resets every time you shut the device down or restart it.
User’s Guide
Chapter 2 Introducing the Web Configurator
Table 6 Main (continued)
DESCRIPTION
WiMAX Uptime
This field indicates how long the WiMAX Device has been
connected to the WiMAX network. This resets every time you
disconnect from the WiMAX network, shut the device down, or
restart it.
Voice 1
This field indicates the number and receiver status of the first
voice account.
Voice 2
This field indicates the number and receiver status of the second
voice account.
om
pa
ny
on
fid
en
tia
LABEL
User’s Guide
45
C
om
pa
ny
on
fid
en
tia
Chapter 2 Introducing the Web Configurator
46
User’s Guide
CHAPTER
tia
Internet Connection Wizard
en
3.1 Overview
fid
This chapter provides information on the Internet Connection Wizard screens. The
wizard guides you through several steps in which you can configure your most
basic (and essential) Internet settings.
on
Note: Screens are presented here in order of appearance as you work through the
Internet Connection Wizard. To get to any particular screen, you must first
navigate through the ones that came before it.
3.1.1 Welcome to the ZyXEL Setup Wizard
om
pa
ny
Figure 8 Select a Mode
This is the welcome screen for the ZyXEL Setup Wizard. You can choose to either
configure your Internet connection or your VoIP connection.
Select Internet Connection Wizard to begin.
User’s Guide
47
Chapter 3 Internet Connection Wizard
3.1.2 System Information
on
fid
en
Figure 9 Internet Connection Wizard > System Information
tia
This Internet Connection Wizard screen allows you to configure your WiMAX
Device’s system information. The settings here correspond to the ADVANCED >
System Configuration > General screen (Section 11.2 on page 137).
ny
The following table describes the labels in this screen.
Table 7 Internet Connection Wizard > System Information
LABEL
System Name is a unique name to identify the WiMAX Device in an
Ethernet network. Enter a descriptive name. This name can be up to 30
alphanumeric characters long. Spaces are not allowed, but dashes "-" and
underscores "_" are accepted.
pa
System
Name
DESCRIPTION
om
Domain
Name
Type the domain name (if you know it) here. If you leave this field blank,
the ISP may assign a domain name via DHCP. The domain name entered
by you is given priority over the ISP assigned domain name.
Click to display the previous screen.
Next
Click to proceed to the next screen.
Exit
Click to close the wizard without saving.
Back
48
User’s Guide
Chapter 3 Internet Connection Wizard
3.1.3 Wireless LAN
tia
This Internet Connection Wizard screen follows the System Information screen
and allows you to configure your wireless network’s security settings. The settings
here correspond to the Advanced > WiFi Configuration > General screen,
Security sub-section (Section 8.2 on page 104).
Note: The Security option you select here determines which screen comes next.
on
fid
en
Figure 10 Internet Connection Wizard > Wireless LAN Screen
The following table describes the labels in this screen.
LABEL
Table 8 Internet Connection Wizard > Wireless LAN Screen
DESCRIPTION
Name (SSID)
This is the name you assign to your network and the name
that appears in a wireless client’s network selection options.
ny
Note: “SSID” means Service Set IDentifier and is the
technical term for a wireless network name.
This is the radio channel on which the device broadcasts. If
there are other networks in range, select a channel number
than is not already in use in order to minimize possible
cross-channel interferrence.
om
pa
Channel Selection
User’s Guide
49
Chapter 3 Internet Connection Wizard
Table 8 Internet Connection Wizard > Wireless LAN Screen (continued)
DESCRIPTION
Security
Select an encryption method for your network. This is to
discourage people from accessing your network without
authorization. Choose an encryption method compatible with
all of your anticipated network clients.
tia
LABEL
Security Options are:
•
•
on
fid
•
None - It is not recommended that you use this setting.
With no security, anyone who has a wireless device can
connect to your network.
Basic (WEP) - This is a basic form of encryption. It is
not recommended that you use it as it can be by-passed
quite easily. However, because it is one of the original
wireless encryption methods, it is the most compatible
with older wireless devices. Select this option if you
require the widest range of compatibility.
Extend (WPA-PSK with customized key) - This
provides both improved data encryption and user
authentication. Using PSK, both the WiMAX Device and
the connecting client share a common password in order
to validate the connection. This type of encryption, while
robust, is not as strong as WPA2-PSK. Use this type of
security of you do not use a RADIUS server to
authenticate user credentials.
Extend (WPA2-PSK with customize key) - This is a
newer, more robust version of the WPA encryption
standard. It offers slightly better security. Use this option
if you do not have RADIUS server on your network to
verify user credentials.
en
•
The option you select here changes the configuration options
on this screen accordingly. For details on the specific
security options, see subsequent tables.
Next
Click to proceed to the next screen.
Click to close the wizard without saving.
om
pa
Exit
Click to display the previous screen.
ny
Back
50
User’s Guide
Chapter 3 Internet Connection Wizard
3.1.3.1 Wireless LAN - Basic (WEP)
om
pa
ny
on
fid
en
Figure 11 Internet Connection Wizard > Basic (WEP) Screen
tia
This screen appears as a result of selecting Basic WEP as your Security option in
the previous screen. It allows you to configure WEP encryption for your wireless
network. The settings here correspond to the Advanced > WiFi Configuration
> General screen, Security sub-section with the Basic (WEP) option selected
(Section 8.2 on page 104.)
User’s Guide
51
Chapter 3 Internet Connection Wizard
The following table describes the labels in this screen.
Table 9 Internet Connection Wizard > Basic (WEP) Screen
DESCRIPTION
Passphrase
Enter a password in this field if you want to have the WiMAX
Device create a unique Hex-based key for you. After
entering your password, click the Generate button. The
Hex-based key appears in the field below.
tia
LABEL
Select the encryption strength for your WEP-enabled
network.
•
64-Bit WEP - This is the older of the two available
encryption algorithms. The key is smaller and requires
less computational resources to cipher/decipher. For all
intents and purposes, this is irrelevent for modern
computers and wireless devices. Unfortunately, this level
of security is rudimentary, at best, and easily broken.
You should only use in circumstances where backwards
compatibility with older devices is a significant issue.
128-Bit WEP - This represents a higher standard of
security for WEP encryption. Keys are larger, require
slightly more computational resources, and are more
difficult to crack. If backwards compatibility for older
wireless devices is a non-issue, use this level of
encryption for more robust security.
fid
•
on
WEP Encryption
en
Note: If you Generate a passphrase, the length of the
key created is determined by the option you select
in the WEP encryption field.
ny
Note: Of all the encryption types available for wireless
networks, WEP is the weakest and easiest to bypass. It is recommended that you use WPA or
WPA2 whenever possible.
om
pa
ASCII / Hex
52
If you choose not to have the WiMAX Device automatically
create an encryption key, you can manually enter one here
either in ASCII or in Hex.
If you choose to allow the WiMAX Device to automatically
create an encryption key for you using the Passphrase field
and its corresponding Generate key, then the new key
appears in this field.
Remember to record the password and distribute it to your
wireless clients accordingly (and securely).
Note: For 64-bit encryption: Enter 5 ASCII characters or
10 hexadecimal characters (“0-9”, “A-F”).
Note: For 128-bit encryption: Enter 13 ASCII characters
or 26 hexadecimal characters (“0-9”, “A-F”).
Back
Click to display the previous screen.
Next
Click to proceed to the next screen.
Exit
Click to close the wizard without saving.
User’s Guide
Chapter 3 Internet Connection Wizard
3.1.3.2 Wireless LAN -Extended (WPA-PSK / WPA2-PSK)
tia
This screen appears as a result of selecting either WPA-PSK or WPA2-PSK as
your Security option in the previous screen. It allows you to configure WPA-PSK /
WPA2-PSK encryption for your wireless network. The settings here correspond to
the Advanced > WiFi Configuration > General screen, Security sub-section
with the Extend option selected (Section 8.2 on page 104.)
en
Note: Both WPA-PSK and WPA2-PSK configuration options use this screen, with only
minimal variation.
on
fid
Figure 12 Internet Connection Wizard > Extended (WPA-PSK) Screen
The following table describes the labels in this screen.
Table 10 Internet Connection Wizard > Extended (WPA-PSK) Screen
om
pa
Pre-shared Key
User’s Guide
DESCRIPTION
ny
LABEL
This is a secret password that both the WiMAX Device and
the wireless client must have in common in order for the
wireless client to use the network.
As the device administrator, you can generate this key how
you see fit so long as it consists of a minimum of 8
alphanumeric letters and number. However, keep in mind
that the more complex the key, the more difficult it is to
break. The best keys consist of both letters and numbers.
Note: This key is used by all wireless clients on your
network to authenticate their connections, so be
sure to distribute it accordingly (and securely).
Back
Click to display the previous screen.
Next
Click to proceed to the next screen.
Exit
Click to close the wizard without saving.
53
Chapter 3 Internet Connection Wizard
3.1.4 Authentication Settings
tia
This Internet Connection Wizard screen follows the Wireless LAN security setup
screens and allows you to configure your Internet access settings. The settings
here correspond to the ADVANCED > WAN Configuration > Internet
Connection screen (Section 7.2 on page 93).
on
fid
en
Figure 13 Internet Connection Wizard > Authentication Settings Screen
ny
The following table describes the labels in this screen.
Table 11 Internet Connection Wizard > Authentication Settings Screen
LABEL
DESCRIPTION
Authentication
om
pa
User
54
Enter the username associated with your Internet access
account. You can enter up to 61 printable ASCII characters.
Password
Enter the password associated with your Internet access
account. You can enter up to 47 printable ASCII characters.
Anonymous Identity
Enter the anonymous identity provided by your Internet
Service Provider. Anonymous identity (also known as outer
identity) is used with EAP-TTLS encryption. The anonymous
identity is used to route your authentication request to the
correct authentication server, and does not reveal your real
user name. Your real user name and password are encrypted
in the TLS tunnel, and only the anonymous identity can be
seen.
Leave this field blank if your ISP did not give you an
anonymous identity to use.
User’s Guide
Chapter 3 Internet Connection Wizard
Table 11 Internet Connection Wizard > Authentication Settings Screen (continued)
DESCRIPTION
This field displays the Privacy Key Management version
number. PKM provides security between the WiMAX Device
and the base station. At the time of writing, the WiMAX
Device supports PKMv2 only. See the WiMAX security
appendix for more information.
Authentication
This field displays the user authentication method.
Authentication is the process of confirming the identity of a
mobile station (by means of a username and password, for
example).
en
tia
PKM
LABEL
Check with your service provider if you are unsure of the
correct setting for your account.
Choose from the following user authentication methods:
TTLS (Tunnelled Transport Layer Security)
TLS (Transport Layer Security)
fid
•
•
This field displays the type of secondary authentication
method. Once a secure EAP-TTLS connection is established,
the inner EAP is the protocol used to exchange security
information between the mobile station, the base station and
the AAA server to authenticate the mobile station. See the
WiMAX security appendix for more details. The WiMAX
Device supports the following inner authentication types:
TTLS Inner EAP
on
Note: Not all WiMAX Devices support TLS
authentication. Check with your service provider
for details.
CHAP (Challenge Handshake Authentication Protocol)
MSCHAP (Microsoft CHAP)
MSCHAPV2 (Microsoft CHAP version 2)
PAP (Password Authentication Protocol)
ny
•
•
•
•
pa
Certificate
This is the security certificate the WiMAX Device uses to
authenticate the AAA server. Use the TOOLS > Certificates
> Trusted CA screen to import certificates to the WiMAX
Device.
Click to display the previous screen.
Next
Click to proceed to the next screen.
Exit
Click to close the wizard without saving.
om
Back
User’s Guide
55
Chapter 3 Internet Connection Wizard
tia
This Internet Connection Wizard screen follows the Authentication Settings
screen and allows you to configure the method with which your WiMAX Device
acquires its IP address. The settings here correspond to the SETUP > Set IP
Address screen (Section 5.2 on page 68).
3.1.5 IP Address
pa
ny
on
fid
Figure 14 Internet Connection Wizard > IP Address
en
A fixed (static) IP address is one that your ISP gives you. Your WiMAX Device uses
that IP address every time you connect to the Internet. On the other hand, an
automatic (dynamic) IP address is variable in that the ISP assigns you a different
one each time you connect to the Internet.
The following table describes the labels in this screen.
Table 12 Internet Connection Wizard > IP Address
om
LABEL
DESCRIPTION
IP Address
56
My computer or device
gets its IP address
automatically from the
network (Default)
Select this if you have a dynamic IP address. A dynamic IP
address is not fixed; the ISP assigns you a different one
each time you connect to the Internet.
Note: Selecting this option takes you to the Setup
Complete screen.
User’s Guide
Chapter 3 Internet Connection Wizard
Table 12 Internet Connection Wizard > IP Address (continued)
DESCRIPTION
Use Fixed IP Address
Select this option to enter static IP address or a fixed IP that
your ISP gives you.
tia
Note: Selecting this option takes you to the IP Address
Assignment screen.
LABEL
Click to display the previous screen.
Next
Click to proceed to the next screen.
Exit
Click to close the wizard screen without saving.
en
Back
3.1.5.1 IP Address Assignment
fid
This screen appears as a result of selecting the Used Fixed IP Address option in
the previous screen. It allows you to configure your static WAN and DNS IP
Addresses. Use the information given to you by your Internet Service Provider.
on
The settings for WAN IP Address Assignment correspond to the Advanced >
WAN Configuration > Internet Connection screen (Section 7.2 on page 93).
The settings for DNS Server Address Assignment correspond to the Advanced
> LAN Configuration > DHCP Setup screen, DNS Server sub-section.
om
pa
ny
Figure 15 Internet Connection Wizard > IP Address Assignment
User’s Guide
57
Chapter 3 Internet Connection Wizard
The following table describes the labels in this screen.
Table 13 Internet Connection Wizard > IP Address
LABEL
DESCRIPTION
WAN IP Address Assignment
Enter your ISP-assigned IP Address here.
My WAN IP Subnet
Mask
Enter a subnet mask in dotted decimal notation.
Gateway IP Address
Specify a gateway IP address (supplied by your ISP).
tia
My WAN IP Address
en
Refer to the appendices to calculate a subnet mask if you are
implementing subnetting.
DNS Server Address Assignment
Specify the IP addresses of a maximum of three DNS servers
that the network can use. The WiMAX Device provides these
IP addresses to DHCP clients.
fid
First, Second and Third
DNS Server
If you enter nothing in these fields, no DNS service will be
provided by the WiMAX Device.
Click to display the previous screen.
Next
Click to proceed to the next screen.
Exit
Click to close the wizard screen without saving.
on
Back
3.1.6 Setup Complete
Click Close to complete and save the Internet Connection Wizard settings.
ny
Launch your web browser and navigate to www.zyxel.com. If if everything was
configured properly, the web page should display. You can now surf the Internet!
Refer to the rest of this guide for more detailed information on the complete range
of WiMAX Device features available in the more advanced web configurator.
om
pa
Note: If you cannot access the Internet, open the web configurator again to confirm
that the Internet settings you configured in the wizard setup are correct.
58
User’s Guide
CHAPTER
tia
VoIP Connection Wizard
en
4.1 Overview
fid
This chapter provides information on the VoIP Connection Wizard screens. The
wizard guides you through several steps in which you can configure the minimum
required settings for placing phone calls over the Internet. You can configure the
WiMAX Device to use up to two SIP-based VoIP accounts.
on
Note: Screens are presented here in order of appearance as you work through either
the VoIP Connection Wizard. To get to any particular screen, you must first
navigate through the ones that came before it.
4.2 Welcome to the ZyXEL Setup Wizard
ny
This is the welcome screen for the ZyXEL Setup Wizard. You can choose to either
configure your Internet connection or your VoIP connection.
om
pa
Figure 16 Select a Mode
Select VoIP Connection Wizard to begin.
User’s Guide
59
Chapter 4 VoIP Connection Wizard
4.2.1 First Voice Account Settings
on
fid
en
Figure 17 VoIP Connection > First Voice Account Settings
tia
This VoIP Connection Wizard screen allows you to configure your voice account.
The settings here correspond to the VOICE > Service Configuration > SIP
Setting screen (see Section 12.2 on page 149 for more information).
ny
The following table describes the labels in this screen
Table 14 VoIP Connection > First Voice Account Settings
LABEL
pa
SIP Number
om
SIP Server Address
60
DESCRIPTION
Enter your SIP number in this field (use the number or text that
comes before the @ symbol in a SIP account like 1234@VoIPprovider.com). You can use up to 127 ASCII characters.
Type the IP address or domain name of the SIP server in this
field. It doesn’t matter whether the SIP server is a proxy,
redirect or register server. You can use up to 95 ASCII
characters.
SIP Service Domain
Enter the SIP service domain name in this field (the domain
name that comes after the @ symbol in a SIP account like
1234@VoIP-provider.com). You can use up to 127 ASCII
Extended set characters.
User Name
This is the user name for registering this SIP account with the
SIP register server. Type the user name exactly as it was given
to you. You can use up to 95 ASCII characters.
Password
Type the password associated with the user name above. You
can use up to 95 ASCII Extended set characters.
User’s Guide
Chapter 4 VoIP Connection Wizard
Table 14 VoIP Connection > First Voice Account Settings (continued)
DESCRIPTION
Configure the second
voice account
Select this check box if you have a second SIP account that
you want to use. You will need to configure the same fields as
displayed on this screen for the second SIP account.
Back
Click to return to the previous screen.
Apply
Click to complete the wizard setup and save your configuration.
Exit
Click to close the wizard without saving your settings.
tia
LABEL
ny
on
fid
Figure 18 VoIP Connection > SIP Registration Test
en
After you enter your voice account settings and click Next, the WiMAX Device
attempts to register your SIP account with the SIP server.
om
pa
This screen displays if SIP account registration fails. Check your WiMAX
connection using the WiMAX Link and Strength Indicator LEDs on the front of
the WiMAX Device, then wait a few seconds and click Register Again. If your
User’s Guide
61
Chapter 4 VoIP Connection Wizard
Internet connection was already working, you can click Back and try re-entering
your SIP account settings.
om
pa
ny
on
fid
en
tia
Figure 19 VoIP Connection > SIP Registration Fail
62
User’s Guide
Chapter 4 VoIP Connection Wizard
4.2.2 Setup Complete
Click Close to complete and save the VoIP Connection settings.
on
fid
en
tia
Figure 20 VoIP Connection > Finish
om
pa
ny
This screen displays if your SIP account registration was successful.
User’s Guide
63
C
om
pa
ny
on
fid
en
tia
Chapter 4 VoIP Connection Wizard
64
User’s Guide
en
Basic Screens
tia
P ART II
fid
The Main Screen (40)
om
pa
ny
on
The Setup Screens (67)
65
66
om
pa
ny
on
fid
en
tia
CHAPTER
5.1 Overview
en
tia
The Setup Screens
Use these screens to configure or view LAN, DHCP Client and WAN settings.
fid
5.1.1 What You Can Do in This Chapter
• The Set IP Address screen (Section 5.2 on page 68) lets you configure the
WiMAX Device’s IP address and subnet mask.
on
• The DHCP Client screen (Section 5.3 on page 69) lets you view a list of all
connected DHCP clients.
• The Time Setting screen (Section 5.4 on page 70) lets you configure your
WiMAX Device’s time and date keeping settings.
5.1.2 What You Need to Know
LAN
ny
The following terms and concepts may help as you read through this chapter.
pa
A Local Area Network, or a shared communication system to which many
computers are attached. A LAN, as its name implies, is limited to a local area such
as a home or office environment. LANs have different topologies, the most
common being the linear bus and the star configuration.
om
IP Address
IP addresses identify individual devices on a network. Every networking device
(including computers, servers, routers, printers, etc.) needs an IP address to
communicate across the network. These networking devices are also known as
hosts.
Subnet Mask
The subnet mask specifies the network number portion of an IP address. Your
device will compute the subnet mask automatically based on the IP Address that
User’s Guide
67
Chapter 5 The Setup Screens
you entered. You do not need to change the computer subnet mask unless you are
instructed to do so.
Daytime
en
tia
A network protocol used by devices for debugging and time measurement. A
computer can use this protocol to set its internal clock but only if it knows in which
order the year, month, and day are returned by the server. Not all servers use the
same format.
Time
fid
A network protocol for retrieving the current time from a server. The computer
issuing the command compares the time on its clock to the information returned
by the server, adjusts itself automatically for time zone differences, then
calculates the difference and corrects itself if there has been any temporal drift.
on
NTP
NTP stands for Network Time Protocol. It is employed by devices connected to the
Internet in order to obtain a precise time setting from an official time server.
These time servers are accurate to within 200 microseconds.
5.1.3 Before You Begin
ny
• Make sure that you have made all the appropriate hardware connections to the
WiMAX Device, as described in the Quick Start Guide.
pa
• Make sure that you have logged in to the web configurator at least one time and
changed your password from the default, as described in the Quick Start Guide.
5.2 Set IP Address
om
Click the SETUP icon in the navigation bar to set up the WiMAX Device’s IP
address and subnet mask. This screen displays this screen by default. If you are in
any other sub-screen you can simply choose Set IP Address from the navigation
menu on the left to open it again.
Figure 21 SETUP > Set IP Address
68
User’s Guide
Chapter 5 The Setup Screens
The following table describes the labels in this screen.
Table 15 SETUP > Set IP Address
DESCRIPTION
IP Address
Enter the IP address of the WiMAX Device on the LAN.
LABEL
en
tia
Note: This field is the IP address you use to access the
WiMAX Device on the LAN. If the web configurator is
running on a computer on the LAN, you lose access to
it as soon as you change this field and click Apply.
You can access the web configurator again by typing
the new IP address in the browser.
Enter the subnet mask of the LAN.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
fid
IP Subnet Mask
on
5.3 DHCP Client
Click SETUP > DHCP Client to view a list of all connected DHCP clients. DHCP
clients are those devices connected to the WiMAX Device, either directly with
Ethernet cables or over a Wi-Fi network, and which have and IP address assigned
to them by an associated DHCP server.
pa
ny
Figure 22 SETUP > DHCP Client
The following table describes the labels in this screen.
Table 16 SETUP > Set IP Address
DESCRIPTION
This is the number of the item in this list.
IP Address
This indicates the IP address of the connected DHCP client
device.
Host Name
This indicates the name of the connected DHCP client device.
MAC Address
Indicates the MAC address of the connected DHCP client.
Reserve
Indicates whether the IP address of the connected client is
reserved for that client or not.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
om
LABEL
User’s Guide
69
Chapter 5 The Setup Screens
5.4 Time Setting
Click SETUP > Time Setting to set the date, time, and time zone for the WiMAX
Device.
on
fid
en
tia
Figure 23 SETUP > Time Setting
ny
The following table describes the labels in this screen.
Table 17 SETUP > DHCP Client
LABEL
DESCRIPTION
pa
Current Time and Date
Current Time
Displays the current time according to the WiMAX Device.
Current Date
Displays the current time according to the WiMAX Device.
Time and Date Setup
om
Manual
Select this if you want to specify the current date and time in the
fields below.
New Time
Enter the new time in this field, and click Apply.
New Date
Enter the new date in this field, and click Apply.
Select this if you want to use a time server to update the current
date and time in the WiMAX Device.
Get from Time Server
70
User’s Guide
Chapter 5 The Setup Screens
Table 17 SETUP > DHCP Client (continued)
DESCRIPTION
Time Protocol
Select the time service protocol that your time server
uses.Check with your ISP or network administrator, or use trialand-error to find a protocol that works.
tia
Daytime (RFC 867) - This format is day/month/year/time
zone.
LABEL
Time (RFC 868) - This format displays a 4-byte integer giving
the total number of seconds since 1970/1/1 at 0:0:0.
Time Server
Address
en
NTP (RFC 1305) - This format is similar to Time (RFC 868).
Enter the IP address or URL of your time server. Check with your
ISP or network administrator if you are unsure of this
information.
Time Zone Setup
Select the time zone at your location.
Daylight Savings
Select this if your location uses daylight savings time. Daylight
savings is a period from late spring to early fall when many
places set their clocks ahead of normal local time by one hour to
give more daytime light in the evening.
on
fid
Time Zone
Start Date
Enter which hour on which day of which week of which month
daylight-savings time starts.
End Date
Enter which hour on the which day of which week of which
month daylight-savings time ends.
Click to save your changes.
Reset
Click to restore your previously saved settings.
Apply
ny
5.4.1 Pre-Defined NTP Time Servers List
pa
The WiMAX Device uses a pre-defined list of NTP time servers if you do not specify
a time server or it cannot synchronize with the time server you specified. It can
use this list regardless of the time protocol you select.
om
When the WiMAX Device uses the list, it randomly selects one server and tries to
synchronize with it. If the synchronization fails, then it goes through the rest of
the list in order until either it is successful or all the pre-defined NTP time servers
have been tried.
Table 18 Pre-defined NTP Time Servers
ntp1.cs.wisc.edu
ntp1.gbg.netnod.se
ntp2.cs.wisc.edu
tock.usno.navy.mil
ntp3.cs.wisc.edu
ntp.cs.strath.ac.uk
ntp1.sp.se
User’s Guide
71
Chapter 5 The Setup Screens
Table 18 Pre-defined NTP Time Servers (continued)
time1.stupi.se
tick.stdtime.gov.tw
tock.stdtime.gov.tw
tia
time.stdtime.gov.tw
5.4.2 Resetting the Time
en
The WiMAX Device automatically resets the time in the following circumstances:
• When the device starts up, such as when you press the Power button.
• When you click Apply in the SETUP > Time Setting screen.
om
pa
ny
on
fid
• Once every 24-hours after starting up.
72
User’s Guide
tia
P ART III
en
Advanced Screens
fid
The LAN Configuration Screens (75)
The WAN Configuration Screens (89)
The NAT Configuration Screens (125)
on
The VPN Transport Screens (113)
om
pa
ny
The System Configuration Screens (135)
73
74
om
pa
ny
on
fid
en
tia
CHAPTER
tia
The LAN Configuration Screens
en
6.1 Overview
fid
Use the ADVANCED > LAN Configuration screens to set up the WiMAX Device
on the LAN. You can configure its IP address and subnet mask, DHCP services,
and other subnets. You can also control how the WiMAX Device sends routing
information using RIP.
on
A Local Area Network (LAN) is a shared communication system to which many
computers are attached. A LAN is usually a computer network limited to the
immediate area, such as the same building or floor of a building.
6.1.1 What You Can Do in This Chapter
• The DHCP Setup screen (Section 6.2 on page 76) lets you enable, disable, and
configure the DHCP server in the WiMAX Device.
ny
• The Static DHCP screen (Section 6.3 on page 78) lets you assign specific IP
addresses to specific computers on the LAN.
• The IP Alias screen (Section 6.4 on page 79) lets you add subnets on the LAN
port. You can also control what routing information is sent and received by each
subnet.
pa
• The IP Static Route screen (Section 6.5 on page 81) lets you examine the
static routes configured in the WiMAX Device.
om
• The Other Settings screen (Section 6.6 on page 83) lets you control the
routing information that is sent and received by each subnet assign specific IP
addresses to specific computers on the LAN.
6.1.2 What You Need to Know
The following terms and concepts may help as you read through this chapter.
IP Address
IP addresses identify individual devices on a network. Every networking device
(including computers, servers, routers, printers, etc.) needs an IP address to
User’s Guide
75
Chapter 6 The LAN Configuration Screens
communicate across the network. These networking devices are also known as
hosts.
Subnet Masks
tia
Subnet masks determine the maximum number of possible hosts on a network.
You can also use subnet masks to divide one network into multiple sub-networks.
DNS
fid
en
DNS (Domain Name System) is for mapping a domain name to its corresponding
IP address and vice versa. The DNS server is extremely important because
without it, you must know the IP address of a networking device before you can
access it.
DHCP
on
A DHCP (Dynamic Host Configuration Protocol) server can assign a device an IP
address, subnet mask, DNS and other routing information when it’s turned on.
6.2 DHCP Setup
Click ADVANCED > LAN Configuration > DHCP Setup to enable, disable, and
configure the DHCP server in the WiMAX Device.
om
pa
ny
Figure 24 ADVANCED > LAN Configuration > DHCP Setup
76
User’s Guide
Chapter 6 The LAN Configuration Screens
The following table describes the labels in this screen.
Table 19 ADVANCED > LAN Configuration > DHCP Setup
LABEL
DESCRIPTION
DHCP Setup
Select this if you want the WiMAX Device to be the DHCP server on the
LAN. As a DHCP server, the WiMAX Device assigns IP addresses to
DHCP clients on the LAN and provides the subnet mask and DNS server
information.
IP Pool Starting
Address
Enter the IP address from which the WiMAX Device begins allocating IP
addresses, if you have not specified an IP address for the computers on
your network in ADVANCED > LAN Configuration > Static DHCP.
Pool Size
Enter the number of IP addresses to allocate. This number must be at
least one and is limited by a subnet mask of 255.255.255.0 (regardless
of the subnet the WiMAX Device is in). For example, if the IP Pool
Start Address is 10.10.10.10, the WiMAX Device can allocate up to
10.10.10.254, or 245 IP addresses.
fid
en
tia
Enable DHCP
Server
DNS Server
Specify the IP addresses of a maximum of three DNS servers that the
network can use. The WiMAX Device provides these IP addresses to
DHCP clients. You can specify these IP addresses two ways.
on
First, Second
and Third DNS
Server
From ISP - provide the DNS servers provided by the ISP on the WAN
port.
User Defined - enter a static IP address.
DNS Relay - this setting will relay DNS information from the DNS
server obtained by the WiMAX Device.
None - no DNS service will be provided by the WiMAX Device.
Click to restore your previously saved settings.
om
pa
Reset
Click to save your changes.
ny
Apply
User’s Guide
77
Chapter 6 The LAN Configuration Screens
6.3 Static DHCP
Click ADVANCED > LAN Configuration > Static DHCP to assign specific IP
addresses to specific computers on the LAN.
on
fid
en
Figure 25 ADVANCED > LAN Configuration > Static DHCP
tia
Note: This screen has no effect if the DHCP server is not enabled. You can enable it
in ADVANCED > LAN Configuration > DHCP Setup.
ny
The following table describes the labels in this screen.
Table 20 ADVANCED > LAN Configuration > Static DHCP
LABEL
DESCRIPTION
The number of the item in this list.
Enter the MAC address of the computer to which you want the WiMAX
Device to assign the same IP address.
IP Address
Enter the IP address you want the WiMAX Device to assign to the
computer.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
om
pa
MAC Address
78
User’s Guide
Chapter 6 The LAN Configuration Screens
tia
Click ADVANCED > LAN Configuration > IP Alias to add subnets on the LAN
port. You can also control what routing information is sent and received by each
subnet.
6.4 IP Alias
ny
on
fid
en
Figure 26 ADVANCED > LAN Configuration> IP Alias
The following table describes the labels in this screen.
pa
Table 21 ADVANCED > LAN Configuration> IP Alias
DESCRIPTION
IP Alias 1
Select this to add the specified subnet to the LAN port.
om
LABEL
IP Address
Enter the IP address of the WiMAX Device on the subnet.
IP Subnet
Mask
Enter the subnet mask of the subnet.
RIP
Direction
Use this field to control how much routing information the WiMAX
Device sends and receives on the subnet.
•
•
•
•
User’s Guide
None - The WiMAX Device does not send or receive routing
information on the subnet.
Both - The WiMAX Device sends and receives routing information on
the subnet.
In Only - The WiMAX Device only receives routing information on
the subnet.
Out Only - The WiMAX Device only sends routing information on the
subnet.
79
Chapter 6 The LAN Configuration Screens
Table 21 ADVANCED > LAN Configuration> IP Alias (continued)
DESCRIPTION
Select which version of RIP the WiMAX Device uses when it sends or
receives information on the subnet.
•
•
•
IP Alias 2
RIP-1 - The WiMAX Device uses RIPv1 to exchange routing
information.
RIP-2B - The WiMAX Device broadcasts RIPv2 to exchange routing
information.
RIP-2M - The WiMAX Device multicasts RIPv2 to exchange routing
information.
RIP Version
en
Select this to add the specified subnet to the LAN port.
tia
LABEL
Enter the IP address of the WiMAX Device on the subnet.
IP Subnet
Mask
Enter the subnet mask of the subnet.
RIP
Direction
Use this field to control how much routing information the WiMAX
Device sends and receives on the subnet.
•
•
•
Select which version of RIP the WiMAX Device uses when it sends or
receives information on the subnet.
•
•
Apply
Click to save your changes.
Click to restore your previously saved settings.
om
pa
Reset
RIP-1 - The WiMAX Device uses RIPv1 to exchange routing
information.
RIP-2B - The WiMAX Device broadcasts RIPv2 to exchange routing
information.
RIP-2M - The WiMAX Device multicasts RIPv2 to exchange routing
information.
ny
•
RIP Version
None - The WiMAX Device does not send or receive routing
information on the subnet.
Both - The WiMAX Device sends and receives routing information on
the subnet.
In Only - The WiMAX Device only receives routing information on
the subnet.
Out Only - The WiMAX Device only sends routing information on the
subnet.
on
•
fid
IP Address
80
User’s Guide
Chapter 6 The LAN Configuration Screens
6.5 IP Static Route
on
fid
en
Figure 27 Advanced> LAN Configuration > IP Static Route
tia
Note: The first static route is the default route and cannot be modified or deleted.
Click ADVANCED > LAN Configuration > IP Static Route to look at the static
routes configured in the WiMAX Device.
The following table describes the icons in this screen.
Table 22 Advanced> LAN Configuration > IP Static Route
DESCRIPTION
ICON
Edit
Click to edit this item.
Delete
ny
Click to delete this item.
The following table describes the labels in this screen.
pa
Table 23 Advanced> LAN Configuration > IP Static Route
DESCRIPTION
The number of the item in this list.
Name
This field displays the name that describes the static route.
Active
This field shows whether this static route is active (Yes) or not (No).
Destination
This field displays the destination IP address(es) that this static route
affects.
Gateway
This field displays the IP address of the gateway to which the WiMAX
Device should send packets for the specified Destination. The gateway
is a router or a switch on the same network segment as the device's
LAN or WAN port. The gateway helps forward packets to their
destinations.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
om
LABEL
User’s Guide
81
Chapter 6 The LAN Configuration Screens
6.5.1 IP Static Route Setup
Click an Edit icon in ADVANCED > LAN Configuration > IP Static Route to
edit a static route in the WiMAX Device.
on
fid
en
tia
Figure 28 Advanced> LAN Configuration > IP Static Route Setup
The following table describes the labels in this screen.
Table 24 Management > Static Route > IP Static Route > Edit
DESCRIPTION
Route Name
Enter the name of the static route.
Active
Select this if you want the static route to be used. Clear this if you do
not want the static route to be used.
Select this if you do not want the WiMAX Device to tell other routers
about this static route. For example, you might select this if the static
route is in your LAN. Clear this if you want the WiMAX Device to tell
other routers about this static route.
pa
Private
ny
LABEL
Enter one of the destination IP addresses that this static route affects.
IP Subnet Mask
Enter the subnet mask that defines the range of destination IP
addresses that this static route affects. If this static route affects only
one IP address, enter 255.255.255.255.
om
Destination IP
Address
82
Gateway IP
Address
Enter the IP address of the gateway to which the WiMAX Device should
send packets for the specified Destination. The gateway is a router or
a switch on the same network segment as the device's LAN or WAN
port. The gateway helps forward packets to their destinations.
Metric
Usually, you should keep the default value. This field is related to RIP.
The metric represents the "cost of transmission". A router determines
the best route for transmission by choosing a path with the lowest
"cost". The smaller the metric, the lower the "cost". RIP uses hop count
as the measurement of cost, where 1 is for a directly-connected
network. The metric must be 1-15; if you use a value higher than 15,
the routers assume the link is down.
User’s Guide
Chapter 6 The LAN Configuration Screens
Table 24 Management > Static Route > IP Static Route > Edit (continued)
DESCRIPTION
Apply
Click to save your changes.
Cancel
Click to return to the previous screen without saving your changes.
tia
LABEL
6.6 Other Settings
on
fid
Figure 29 ADVANCED > LAN Configuration > Advanced
en
Click ADVANCED > LAN Configuration > Other Settings to set the RIP and
Multicast options.
The following table describes the labels in this screen.
Table 25 ADVANCED > LAN Configuration > Other Settings
DESCRIPTION
ny
LABEL
RIP & Multicast Setup
RIP Direction
Use this field to control how much routing information the WiMAX
Device sends and receives on the subnet.
pa
•
•
om
•
RIP Version
•
Select which version of RIP the WiMAX Device uses when it sends or
receives information on the subnet.
•
•
•
User’s Guide
None - The WiMAX Device does not send or receive routing
information on the subnet.
Both - The WiMAX Device sends and receives routing information on
the subnet.
In Only - The WiMAX Device only receives routing information on
the subnet.
Out Only - The WiMAX Device only sends routing information on the
subnet.
RIP-1 - The WiMAX Device uses RIPv1 to exchange routing
information.
RIP-2B - The WiMAX Device broadcasts RIPv2 to exchange routing
information.
RIP-2M - The WiMAX Device multicasts RIPv2 to exchange routing
information.
83
Chapter 6 The LAN Configuration Screens
Table 25 ADVANCED > LAN Configuration > Other Settings (continued)
LABEL
DESCRIPTION
Multicast
You do not have to enable multicasting to use RIP-2M. (See RIP
Version.)
None - The WiMAX Device does not support multicasting.
IGMP-v1 - The WiMAX Device supports IGMP version 1.
IGMP-v2 - The WiMAX Device supports IGMP version 2.
en
•
•
•
tia
Select which version of IGMP the WiMAX Device uses to support
multicasting on the LAN. Multicasting sends packets to some computers
on the LAN and is an alternative to unicasting (sending packets to one
computer) and broadcasting (sending packets to every computer).
fid
Multicasting can improve overall network performance. However, it
requires extra processing and generates more network traffic. In
addition, other computers on the LAN have to support the same version
of IGMP.
Click to save your changes.
Reset
Click to restore your previously saved settings.
on
Apply
6.7 Technical Reference
The following section contains additional technical information about the WiMAX
Device features described in this chapter.
ny
6.7.1 IP Address and Subnet Mask
Similar to the way houses on a street share a common street name, computers on
a LAN share one common network number.
pa
Where you obtain your network number depends on your particular situation. If
the ISP or your network administrator assigns you a block of registered IP
addresses, follow their instructions in selecting the IP addresses and the subnet
mask.
om
If the ISP did not explicitly give you an IP network number, then most likely you
have a single user account and the ISP will assign you a dynamic IP address when
the connection is established. If this is the case, it is recommended that you select
a network number from 192.168.0.0 to 192.168.255.0 and you must enable the
Network Address Translation (NAT) feature of the WiMAX Device. The Internet
Assigned Number Authority (IANA) reserved this block of addresses specifically for
private use; please do not use any other number unless you are told otherwise.
Let's say you select 192.168.1.0 as the network number; which covers 254
individual addresses, from 192.168.100.1 to 192.168.1.254 (zero and 255 are
reserved). In other words, the first three numbers specify the network number
while the last number identifies an individual computer on that network.
84
User’s Guide
Chapter 6 The LAN Configuration Screens
tia
The subnet mask specifies the network number portion of an IP address. Your
WiMAX Device will compute the subnet mask automatically based on the IP
address that you entered. You don't need to change the subnet mask computed
by the WiMAX Device unless you are instructed to do otherwise.
Once you have decided on the network number, pick an IP address that is easy to
remember, for instance, 192.168.100.1, for your WiMAX Device, but make sure
that no other device on your network is using that IP address.
en
6.7.2 DHCP Setup
fid
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows
individual clients to obtain TCP/IP configuration at start-up from a server. You can
configure the WiMAX Device as a DHCP server or disable it. When configured as a
server, the WiMAX Device provides the TCP/IP configuration for the clients. If
DHCP service is disabled, you must have another DHCP server on your LAN, or
else each computer must be manually configured.
on
The WiMAX Device is pre-configured with a pool of IP addresses for the DHCP
clients (DHCP Pool). See the product specifications in the appendices. Do not
assign static IP addresses from the DHCP pool to your LAN computers.
ny
6.7.3 LAN TCP/IP
These parameters should work for the majority of installations. If your ISP gives
you explicit DNS server address(es), see Section 6.3 on page 78.
The WiMAX Device has built-in DHCP server capability that assigns IP addresses
and DNS servers to systems that support DHCP client capability.
pa
The LAN parameters of the WiMAX Device are preset in the factory with the
following values:
• IP address of 192.168.100.1 with subnet mask of 255.255.255.0 (24 bits)
om
• DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.
These parameters should work for the majority of installations. If your ISP gives
you explicit DNS server address(es), see Section 6.3 on page 78.
User’s Guide
85
Chapter 6 The LAN Configuration Screens
6.7.4 DNS Server Address
tia
DNS (Domain Name System) is for mapping a domain name to its corresponding
IP address and vice versa. The DNS server is extremely important because
without it, you must know the IP address of a machine before you can access it.
The DNS server addresses that you enter in the DHCP setup are passed to the
client machines along with the assigned IP address and subnet mask.
en
There are two ways that an ISP disseminates the DNS server addresses. The first
is for an ISP to tell a customer the DNS server addresses, usually in the form of an
information sheet, when s/he signs up. If your ISP gives you the DNS server
addresses, enter them in the DNS Server fields in DHCP Setup, otherwise, leave
them blank.
on
fid
Some ISPs choose to pass the DNS servers using the DNS server extensions of
PPP IPCP (IP Control Protocol) after the connection is up. If your ISP did not give
you explicit DNS servers, chances are the DNS servers are conveyed through IPCP
negotiation. The WiMAX Device supports the IPCP DNS server extensions through
the DNS proxy feature.
If the Primary and Secondary DNS Server fields in the LAN Setup screen are
not specified, for instance, left as 0.0.0.0, the WiMAX Device tells the DHCP clients
that it itself is the DNS server. When a computer sends a DNS query to the WiMAX
Device, the WiMAX Device forwards the query to the real DNS server learned
through IPCP and relays the response back to the computer.
pa
ny
Please note that DNS proxy works only when the ISP uses the IPCP DNS server
extensions. It does not mean you can leave the DNS servers out of the DHCP
setup under all circumstances. If your ISP gives you explicit DNS servers, make
sure that you enter their IP addresses in the LAN Setup screen. This way, the
WiMAX Device can pass the DNS servers to the computers and the computers can
query the DNS server directly without the WiMAX Device’s intervention.
6.7.5 RIP Setup
om
RIP (Routing Information Protocol) allows a router to exchange routing
information with other routers. The RIP Direction field controls the sending and
receiving of RIP packets. When set to:
• Both - the WiMAX Device will broadcast its routing table periodically and
incorporate the RIP information that it receives.
86
• In Only - the WiMAX Device will not send any RIP packets but will accept all RIP
packets received.
• Out Only - the WiMAX Device will send out RIP packets but will not accept any
RIP packets received.
User’s Guide
Chapter 6 The LAN Configuration Screens
• None - the WiMAX Device will not send any RIP packets and will ignore any RIP
packets received.
tia
The Version field controls the format and the broadcasting method of the RIP
packets that the WiMAX Device sends (it recognizes both formats when receiving).
RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is
probably adequate for most networks, unless you have an unusual network
topology.
en
Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference
being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting.
6.7.6 Multicast
fid
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1
sender - 1 recipient) or Broadcast (1 sender - everybody on the network).
Multicast delivers IP packets to a group of hosts on the network - not everybody
and not just 1.
pa
ny
on
IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to
establish membership in a Multicast group - it is not used to carry user data. IGMP
version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP
version 1 is still in wide use. If you would like to read more detailed information
about interoperability between IGMP version 2 and version 1, please see sections
4 and 5 of RFC 2236. The class D IP address is used to identify host groups and
can be in the range 224.0.0.0 to 239.255.255.255. The address 224.0.0.0 is not
assigned to any group and is used by IP multicast computers. The address
224.0.0.1 is used for query messages and is assigned to the permanent group of
all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order
to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers
group.
om
The WiMAX Device supports both IGMP version 1 (IGMP-v1) and IGMP version 2
(IGMP-v2). At start up, the WiMAX Device queries all directly connected networks
to gather group membership. After that, the WiMAX Device periodically updates
this information. IP multicasting can be enabled/disabled on the WiMAX Device
LAN and/or WAN interfaces in the web configurator (LAN; WAN). Select None to
disable IP multicasting on these interfaces.
User’s Guide
87
C
om
pa
ny
on
fid
en
tia
Chapter 6 The LAN Configuration Screens
88
User’s Guide
CHAPTER
tia
The WAN Configuration Screens
en
7.1 Overview
fid
Use the ADVANCED > WAN Configuration screens to set up your WiMAX
Device’s Wide Area Network (WAN) or Internet features.
on
A Wide Area Network (or WAN) links geographically dispersed locations to other
networks or the Internet. A WAN configuration can include switched and
permanent telephone circuits, terrestrial radio systems and satellite systems.
7.1.1 What You Can Do in This Chapter
• The Internet Connection screen (Section 7.2 on page 93) lets you set up your
WiMAX Device’s Internet settings.
• The WiMAX Configuration screen (Section 7.3 on page 95) lets set up the
frequencies used by your WiMAX Device.
ny
• The Traffic Redirect screen (Section 7.4 on page 99) lets change your WiMAX
Device’s traffic redirect settings.
• The Advanced screen (Section 7.5 on page 101) lets configure your DNS
server, RIP, Multicast and Windows Networking settings.
pa
7.1.2 What You Need to Know
The following terms and concepts may help as you read through this chapter.
om
WiMAX
WiMAX (Worldwide Interoperability for Microwave Access) is the IEEE 802.16
wireless networking standard, which provides high-bandwidth, wide-range
wireless service across wireless Metropolitan Area Networks (MANs). ZyXEL is a
member of the WiMAX Forum, the industry group dedicated to promoting and
certifying interoperability of wireless broadband products.
In a wireless MAN, a wireless-equipped computer is known either as a mobile
station (MS) or a subscriber station (SS). Mobile stations use the IEEE 802.16e
standard and are able to maintain connectivity while switching their connection
User’s Guide
89
Chapter 7 The WAN Configuration Screens
from one base station to another base station (handover) while subscriber
stations use other standards that do not have this capability (IEEE 802.16-2004,
for example). The following figure shows an MS-equipped notebook computer
MS1 moving from base station BS1’s coverage area and connecting to BS2.
fid
en
tia
Figure 30 WiMax: Mobile Station
on
WiMAX technology uses radio signals (around 2 to 10 GHz) to connect subscriber
stations and mobile stations to local base stations. Numerous subscriber stations
and mobile stations connect to the network through a single base station (BS), as
in the following figure.
ny
Figure 31 WiMAX: Multiple Mobile Stations
pa
A base station's coverage area can extend over many hundreds of meters, even
under poor conditions. A base station provides network access to subscriber
stations and mobile stations, and communicates with other base stations.
om
The radio frequency and bandwidth of the link between the WiMAX Device and the
base station are controlled by the base station. The WiMAX Device follows the
base station’s configuration.
90
User’s Guide
Chapter 7 The WAN Configuration Screens
Authentication
tia
The following figure shows a base station using an AAA server to authenticate
mobile station MS, allowing it to access the Internet.
When authenticating a user, the base station uses a third-party RADIUS or
Diameter server known as an AAA (Authentication, Authorization and Accounting)
server to authenticate the mobile or subscriber stations.
on
fid
en
Figure 32 Using an AAA Server
Traffic Redirect
In this figure, the dashed arrow shows the PKM (Privacy Key Management)
secured connection between the mobile station and the base station, and the solid
arrow shows the EAP secured connection between the mobile station, the base
station and the AAA server. See the WiMAX security appendix for more details.
pa
ny
Traffic redirect forwards WAN traffic to a backup gateway when the WiMAX Device
cannot connect to the Internet through its normal gateway. Connect the backup
gateway on the WAN so that the WiMAX Device still provides firewall protection for
the LAN.
om
Figure 33 Traffic Redirect WAN Setup
IP alias allows you to avoid triangle route security issues when the backup
gateway is connected to the LAN or DMZ. Use IP alias to configure the LAN into
User’s Guide
91
Chapter 7 The WAN Configuration Screens
tia
two or three logical networks with the WiMAX Device itself as the gateway for each
LAN network. Put the protected LAN in one subnet (Subnet 1 in the following
figure) and the backup gateway in another subnet (Subnet 2). Configure a LAN to
LAN/WiMAX Device firewall rule that forwards packets from the protected LAN
(Subnet 1) to the backup gateway (Subnet 2).
om
pa
ny
on
fid
en
Figure 34 Traffic Redirect LAN Setup
92
User’s Guide
Chapter 7 The WAN Configuration Screens
7.2 Internet Connection
pa
ny
on
fid
en
Figure 35 ADVANCED > WAN Configuration > Internet Connection
tia
Note: Not all WiMAX Device models have all the fields shown here.
Click ADVANCED > WAN Configuration to set up your WiMAX Device’s Internet
settings.
The following table describes the labels in this screen.
Table 26 ADVANCED > WAN Configuration > Internet Connection > ISP
Parameters for Internet Access
om
LABEL
DESCRIPTION
ISP Parameters for Internet Access
User’s Guide
User
Use this field to enter the username associated with your Internet
access account. You can enter up to 61 printable ASCII characters.
Password
Use this field to enter the password associated with your Internet
access account. You can enter up to 47 printable ASCII characters.
93
Chapter 7 The WAN Configuration Screens
DESCRIPTION
Anonymous
Identity
Enter the anonymous identity provided by your Internet Service
Provider. Anonymous identity (also known as outer identity) is used
with EAP-TTLS encryption. The anonymous identity is used to route
your authentication request to the correct authentication server,
and does not reveal your real user name. Your real user name and
password are encrypted in the TLS tunnel, and only the anonymous
identity can be seen.
tia
LABEL
Table 26 ADVANCED > WAN Configuration > Internet Connection > ISP
Parameters for Internet Access (continued)
en
Leave this field blank if your ISP did not give you an anonymous
identity to use.
This field displays the Privacy Key Management version number.
PKM provides security between the WiMAX Device and the base
station. At the time of writing, the WiMAX Device supports PKMv2
only. See the WiMAX security appendix for more information.
Authentication
This field displays the user authentication method. Authentication is
the process of confirming the identity of a mobile station (by means
of a username and password, for example).
fid
PKM
on
Check with your service provider if you are unsure of the correct
setting for your account.
Choose from the following user authentication methods:
TTLS (Tunnelled Transport Layer Security)
TLS (Transport Layer Security)
•
•
Note: Not all WiMAX Devices support TLS authentication.
Check with your service provider for details.
This field displays the type of secondary authentication method.
Once a secure EAP-TTLS connection is established, the inner EAP is
the protocol used to exchange security information between the
mobile station, the base station and the AAA server to authenticate
the mobile station. See the WiMAX security appendix for more
details.
ny
TTLS Inner EAP
pa
This field is available only when TTLS is selected in the
Authentication field.
•
•
•
•
CHAP (Challenge Handshake Authentication Protocol)
MSCHAP (Microsoft CHAP)
MSCHAPV2 (Microsoft CHAP version 2)
PAP (Password Authentication Protocol)
om
The WiMAX Device supports the following inner authentication
types:
94
User’s Guide
Chapter 7 The WAN Configuration Screens
LABEL
DESCRIPTION
Auth Mode
Select the authentication mode from the drop-down list box.
tia
This field is not available in all WiMAX Devices. Check with your
service provider for details.
Table 26 ADVANCED > WAN Configuration > Internet Connection > ISP
Parameters for Internet Access (continued)
•
•
•
Certificate
User Only
Device Only with Cert
Certs and User Authentication
en
The WiMAX Device supports the following authentication modes:
This is the security certificate the WiMAX Device uses to
authenticate the AAA server. Use the TOOLS > > Trusted CAs
screen to import certificates to the WiMAX Device.
fid
WAN IP Address Assignment
Select this if you have a dynamic IP address. A dynamic IP address
is not fixed; the ISP assigns you a different one each time you
connect to the Internet.
Use Fixed IP
Address
A static IP address is a fixed IP that your ISP gives you.
IP Address
Enter your ISP-assigned IP Address here.
IP Subnet Mask
Enter a subnet mask in dotted decimal notation.
on
Get
automatically
from ISP
(Default)
Refer to the appendices to calculate a subnet mask if you are
implementing subnetting.
Specify a gateway IP address (supplied by your ISP).
Apply
Click to save your changes.
Click to restore your previously saved settings.
pa
Reset
ny
Gateway IP
Address
7.3 WiMAX Configuration
om
Click ADVANCED > WAN Configuration > WiMAX Configuration to set up the
frequencies used by your WiMAX Device.
In a WiMAX network, a mobile or subscriber station must use a radio frequency
supported by the base station to communicate. When the WiMAX Device looks for
a connection to a base station, it can search a range of frequencies.
User’s Guide
95
Chapter 7 The WAN Configuration Screens
Radio frequency is measured in Hertz (Hz).
Table 27 Radio Frequency Conversion
1 kHz = 1000 Hz
1 MHz = 1000 kHz (1000000 Hz)
ny
on
fid
en
Figure 36 ADVANCED > WAN Configuration >WiMAX Configuration
tia
1 GHz = 1000 MHz (1000000 kHz)
pa
The following table describes the labels in this screen.
Table 28 ADVANCED > WAN Configuration >WiMAX Configuration
DESCRIPTION
DL Frequency /
Bandwidth [1~19]
These fields show the downlink frequency settings in kilohertz (kHz).
Enter values in these fields to have the WiMAX Device scan these
frequencies for available channels in ascending numerical order.
om
LABEL
96
Note: The Bandwidth field is not user-configurable; when the
WiMAX Device finds a WiMAX connection, its frequency is
displayed in this field.
Contact your service provider for details of supported frequencies.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
User’s Guide
Chapter 7 The WAN Configuration Screens
7.3.1 Frequency Ranges
The following figure shows the WiMAX Device searching a range of frequencies to
find a connection to a base station.
fid
en
tia
Figure 37 Frequency Ranges
In this figure, A is the WiMAX frequency range. “WiMAX frequency range” refers to
the entire range of frequencies the WiMAX Device is capable of using to transmit
and receive (see the Product Specifications appendix for details).
on
In the figure, B shows the operator frequency range. This is the range of
frequencies within the WiMAX frequency range supported by your operator
(service provider).
The operator range is subdivided into bandwidth steps. In the figure, each C is a
bandwidth step.
The arrow D shows the WiMAX Device searching for a connection.
ny
Have the WiMAX Device search only certain frequencies by configuring the
downlink frequencies. Your operator can give you information on the supported
frequencies.
om
pa
The downlink frequencies are points of the frequency range your WiMAX Device
searches for an available connection. Use the Site Survey screen to set these
bands. You can set the downlink frequencies anywhere within the WiMAX
frequency range. In this example, the downlink frequencies have been set to
search all of the operator range for a connection.
7.3.2 Configuring Frequency Settings
You need to set the WiMAX Device to scan one or more specific radio frequencies
to find an available connection to a WiMAX base station.
Use the WiMAX Frequency screen to define the radio frequencies to be searched
for available wireless connections. See Section 7.3.3 on page 98 for an example of
using the WiMAX Frequency screen.
User’s Guide
97
Chapter 7 The WAN Configuration Screens
Note: It may take several minutes for the WiMAX Device to find a connection.
• The WiMAX Device searches the DL Frequency settings in ascending numerical
order, from [1] to [19].
tia
Note: The Bandwidth field is not user-configurable; when the WiMAX Device finds a
WiMAX connection, its frequency is displayed in this field.
• If you enter a 0 in a DL Frequency field, the WiMAX Device immediately moves
on to the next DL Frequency field.
en
• When the WiMAX Device connects to a base station, the values in this screen
are automatically set to the base station’s frequency. The next time the WiMAX
Device searches for a connection, it searches only this frequency. If you want
the WiMAX Device to search other frequencies, enter them in the DL
Frequency fields.
Table 29 DL Frequency Example Settings
fid
The following table describes some examples of DL Frequency settings.
EXAMPLE 2
Bandwidth:
2500000
2500000
DL Frequency
[1]:
2550000
DL Frequency [2]
DL Frequency
[3]:
DL Frequency
[4]:
on
EXAMPLE 1
2600000
ny
The WiMAX Device
searches at 2500000
kHz, and then searches
at 2550000 kHz if it has
not found a connection.
pa
2550000
The WiMAX Device
searches at 2500000
and then at 2550000
it has not found an
available connection.
still does not find an
available connection,
searches at 2600000
kHz
kHz if
If it
it
kHz.
om
7.3.3 Using the WiMAX Frequency Screen
In this example, your Internet service provider has given you a list of supported
frequencies: 2.51, 2.525, 2.6, and 2.625.
98
In the DL Frequency [1] field, enter 2510000 (2510000 kilohertz (kHz) is equal
to 2.51 gigahertz).
In the DL Frequency [2] field, enter 2525000.
In the DL Frequency [3] field, enter 2600000.
User’s Guide
Chapter 7 The WAN Configuration Screens
In the DL Frequency [4] field, enter 2625000.
Leave the rest of the DL Frequency fields at zero. The screen appears as follows.
on
fid
en
tia
Figure 38 Completing the WiMAX Frequency Screen
Click Apply. The WiMAX Device stores your settings.
ny
When the WiMAX Device searches for available frequencies, it scans all
frequencies from DL Frequency [1] to DL Frequency [4]. When it finds an
available connection, the fields in this screen will be automatically set to use that
frequency.
7.4 Traffic Redirect
pa
Click ADVANCED > WAN Configuration > Traffic Redirect to change your
WiMAX Device’s traffic redirect settings.
om
Figure 39 ADVANCED > WAN Configuration > Traffic Redirect
User’s Guide
99
Chapter 7 The WAN Configuration Screens
The following table describes the labels in this screen.
DESCRIPTION
Active
Select this check box to have the WiMAX Device use traffic redirect if
the normal WAN connection goes down.
tia
LABEL
Table 30 ADVANCED > WAN Configuration > Traffic Redirect
Note: If you activate traffic redirect, you must configure the Check
WAN IP Address field.
Type the IP address of your backup gateway in dotted decimal notation.
The WiMAX Device automatically forwards traffic to this IP address if the
WiMAX Device's Internet connection terminates.
Check WAN IP
Address
Configure this field to test your WiMAX Device's WAN accessibility. Type
the IP address of a reliable nearby computer (for example, your ISP's
DNS server address).
fid
en
Backup
Gateway IP
Address
Note: If you activate either traffic redirect or dial backup, you must
configure an IP address here.
on
When using a WAN backup connection, the WiMAX Device periodically
pings the addresses configured here and uses the other WAN backup
connection (if configured) if there is no response.
Type the number of times (2 recommended) that your WiMAX Device
may ping the IP addresses configured in the Check WAN IP Address
field without getting a response before switching to a WAN backup
connection (or a different WAN backup connection).
Period (sec)
The WiMAX Device tests a WAN connection by periodically sending a
ping to either the default gateway or the address in the Check WAN IP
Address field.
Fail Tolerance
ny
Type a number of seconds (5 to 300) to set the time interval between
checks. Allow more time if your destination IP address handles lots of
traffic.
Type the number of seconds (1 to 10) for your WiMAX Device to wait for
a response to the ping before considering the check to have failed. This
setting must be less than the Period. Use a higher value in this field if
your network is busy or congested.
pa
Timeout (sec)
Click to save your changes.
Reset
Click to restore your previously saved settings.
om
Apply
100
User’s Guide
Chapter 7 The WAN Configuration Screens
7.5 Advanced
tia
ny
on
fid
en
Figure 40 ADVANCED > WAN Configuration > Advanced
Click ADVANCED > WAN Configuration > Advanced to configure your DNS
server, RIP, Multicast and Windows Networking settings.
The following table describes the labels in this screen.
Table 31 ADVANCED > WAN Configuration > Advanced
pa
LABEL
DESCRIPTION
DNS Servers
om
First, Second and
Third DNS Server
Select Obtained from ISP if your ISP dynamically assigns DNS
server information (and the WiMAX Device's WAN IP address). Use
the drop-down list box to select a DNS server IP address that the
ISP assigns in the field to the right.
Select UserDefined if you have the IP address of a DNS server.
Enter the DNS server's IP address in the field to the right. If you
chose UserDefined, but leave the IP address set to 0.0.0.0,
UserDefined changes to None after you click Apply. If you set a
second choice to UserDefined, and enter the same IP address, the
second UserDefined changes to None after you click Apply.
Select None if you do not want to configure DNS servers. You must
have another DHCP server on your LAN, or else the computers
must have their DNS server addresses manually configured. If you
do not configure a DNS server, you must know the IP address of a
computer in order to access it.
User’s Guide
101
Chapter 7 The WAN Configuration Screens
Table 31 ADVANCED > WAN Configuration > Advanced (continued)
LABEL
DESCRIPTION
RIP & Multicast Setup
Select the RIP direction from None, Both, In Only and Out Only.
RIP Version
Select the RIP version from RIP-1, RIP-2B and RIP-2M.
Multicast
IGMP (Internet Group Multicast Protocol) is a network-layer
protocol used to establish membership in a multicast group. The
WiMAX Device supports both IGMP version 1 (IGMP-v1) and
IGMP-v2. Select None to disable it.
tia
en
Windows Networking (NetBIOS over TCP/IP)
Select this check box to forward NetBIOS packets from the LAN to
the WAN and from the WAN to the LAN. If your firewall is enabled
with the default policy set to block WAN to LAN traffic, you also
need to enable the default WAN to LAN firewall rule that forwards
NetBIOS traffic.
fid
Allow between LAN
and WAN
RIP Direction
Clear this check box to block all NetBIOS packets going from the
LAN to the WAN and from the WAN to the LAN.
Select this option to allow NetBIOS packets to initiate calls.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
om
pa
ny
on
Allow Trigger Dial
102
User’s Guide
CHAPTER
tia
The Wi-Fi Configuration Screens
en
8.1 Overview
fid
Use the ADVANCED > Wi-Fi Configuration screens to set up your WiMAX
Device’s Wi-Fi network features.
8.1.1 What You Can Do in This Chapter
on
• The General screen (Section 8.2 on page 104) allows you to set up your WiMAX
Device’s basic Wi-Fi settings and security.
• The MAC Filter screen (Section 8.3 on page 109) allows you to create a list of
computer MAC addresses that you can allow or deny on your network.
• The Advanced screen (Section 8.4 on page 110) allows you to adjust your
advanced Wi-Fi network settings.
8.1.2 What You Need to Know
ny
The following terms and concepts may help as you read through this chapter.
MAC Address
om
pa
On a local area network (LAN) or other network, the MAC address is a computer's
unique hardware number. (On an Ethernet LAN, it's the same as your Ethernet
address). The MAC layer frames data for transmission over the network, then
passes the frame to the physical layer interface where it is transmitted as a
stream of bits.
MAC Filtering
Media Access Control filtering filters incoming frames based on MAC (Media Access
Control) address(es) that you specify.
RTS/CTS
Request to Send / Clear to Send is a mechanism for reducing interference (or
collisions) on a network by delaying other data in the pipeline. The network device
User’s Guide
103
Chapter 8 The Wi-Fi Configuration Screens
using RTS/CTS initiates the delay as soon as a data frame over a specified size
enters the network. The length of the delay is specified in the RTS/CTS
configuration parameters.
Fragmentation
en
tia
On a wireless network, fragmentation refers to the mechanism used to ensue data
integrity during transmission. If a network experiences an inordinate amount of
interference (or collisions), then artificially fragmenting the data moving across it
can reduce this risk.
fid
8.2 General
Click ADVANCED > Wi-Fi Configuration. This screen allows you to set up your
WiMAX Device’s basic wireless settings and security.
on
Note: The security options in this screen change according to the Security Mode
option that you select.
om
pa
ny
Figure 41 ADVANCED > Wi-Fi Configuration > General
The following table describes the labels in this screen.
Table 32 ADVANCED > Wi-Fi Configuration > General
104
LABEL
DESCRIPTION
Wireless Setup
Enable Wireless
LAN
Select this turn to have the WiMAX Device broadcast an IEEE
802.11b/g Wi-Fi signal.
User’s Guide
Chapter 8 The Wi-Fi Configuration Screens
DESCRIPTION
Name (SSID)
Enter the SSID name that the wireless network signal will be listed
as on compatible Wi-Fi clients.
Hide SSID
Select this option to mask your Wi-Fi network signal. While this may
“hide” it from casual scanning programs and devices, it cannot truly
hide it from dedicated signal sniffers.
tia
LABEL
Table 32 ADVANCED > Wi-Fi Configuration > General (continued)
If you know the SSID, however, you can still connect to it when
prompted to enter an SSID either by your operating system’s
connection mechanism or the Wi-Fi software you use.
Select a channel on which to broadcast your Wi-Fi network signal.
Ideally, you should choose a channel that is currently not in use by
other devices within range of this one.
en
Channel
Selection
Security
Select a security encryption protocol to protect your Wi-Fi network
from unwanted visitors. The options are:
Security Options are:
ny
•
on
•
No Security - It is not recommended that you use this setting.
With no security, anyone who has a Wi-Fi device can connect to
your network.
Static WEP - This is a basic form of encryption. It is not
recommended that you use it as it can be by-passed quite easily.
However, because it is one of the original Wi-Fi encryption
methods, it is the most compatible with older devices. Select this
option if you require maximum compatibility.
WPA-PSK - This provides both improved data encryption and
user authentication. Using PSK, both the WiMAX Device and the
connecting client share a common password in order to validate
the connection. This type of encryption, while robust, is not as
strong as WPA, WPA2 or even WPA2-PSK. Use this type of
security of you do not use a RADIUS server to authenticate user
credentials.
WPA - This is a security subset of WPA2. It requires the
presence of a RADIUS server on your network in order to validate
user credentials. This encryption standard is slightly older than
WPA2 and therefore is more compatible with older devices.
WPA2-PSK - This is a newer, more robust version of the WPA
encryption standard. It offers slightly better security, although
the use of PSK makes it less robust than it could be. Use this
option if you do not have RADIUS server on your network to
verify user credentials.
WPA2 - This is currently the most robust form of encryption for
wireless networks. It requires a RADIUS server to authenticate
user credentials and is a full implementation the security
protocol. Use this security option for maximum protection of your
network. However, it is the least backwards compatible with
older devices.
•
fid
Security Mode
•
pa
•
om
•
User’s Guide
The option you select here changes the configuration options on this
screen accordingly. For details on the specific security options, see
subsequent tables.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
105
Chapter 8 The Wi-Fi Configuration Screens
The subsequent screens describe the individual Security Mode options.
om
pa
ny
on
fid
en
tia
Figure 42 ADVANCED > Wi-Fi Configuration > WPA/WPA2 Optionsl
106
User’s Guide
Chapter 8 The Wi-Fi Configuration Screens
The following table describes the Security Mode options for both WPA and WPA2.
DESCRIPTION
Security Mode
Select WPA or WPA2 to display the following Wi-Fi network security
options.
WPA Compatible
Select this option to ensure backwards compatibility with the WPA
encryption protocol while in WPA2 mode, thus allowing both WPA
and WPA2 clients to connect simultaneously.
tia
LABEL
Table 33 ADVANCED > Wi-Fi Configuration > General
en
Note: This option does not appear in WPA mode. It only
appears in WPA2 mode.
Set the time (in seconds) that the WiMAX Device waits before
requiring a connected client to reauthenticate their session.
Idle Timeout
Set the time (in seconds) the WiMAX Device waits before
disconnecting an idle client. If a client becomes active before the
idle count is up, the count resets.
Group Key
Update Timer
Set the time (in seconds) that WiMAX Device updates the encryption
key used for all connected clients on the Wi-Fi network.
Authentication
Server
This is a server used to securely check one’s login credentials, such
as a RADIUS server.
on
IP Address
fid
ReAuthentication
Time
Enter the IP address of the authentication server.
Enter the port number of the authentication server.
Shared
Secret
Enter the password for the authentication server.
Active
This is a server that measures the duration of all active connections,
usually for accounting purposes, such as an ISP that charges users
per minute online rather than a flat fee per month.
Select this option to have the WiMAX Device use an accounting
server in tandem with the authentication server.
ny
Accounting
Server
Port Number
Enter the IP address of the accounting server.
Port Number
Enter the port number of the accounting server.
Shared
Secret
Enter the password for the accounting server.
pa
IP Address
om
Figure 43 ADVANCED > Wi-Fi Configuration > WPA-PSK/WPA2-PSK Optionsl
User’s Guide
107
Chapter 8 The Wi-Fi Configuration Screens
The following table describes the Security Mode options for both WPA-PSK and
WPA2-PSK.
DESCRIPTION
Security Mode
Select WPA-PSK or WPA2-PSK to display the following Wi-Fi
network security options.
WPA Compatible
Select this option to ensure backwards compatibility with the WPAPSK encryption protocol while in WPA2-PSK mode, thus allowing
both WPA and WPA2 clients to connect simultaneously.
en
tia
LABEL
Table 34 ADVANCED > Wi-Fi Configuration > General
Note: This option does not appear in WPA-PSK mode. It only
appears in WPA2-PSK mode.
Enter the password that wireless clients will have to match in order
to make a secure Wi-Fi network connection with this device.
ReAuthentication
Time
Set the time (in seconds) that the WiMAX Device waits before
requiring a connected client to reauthenticate their session.
Idle Timeout
Set the time (in seconds) the WiMAX Device waits before
disconnecting an idle client. If a client becomes active before the
idle count is up, the count resets.
Group Key
Update Timer
Set the time (in seconds) that WiMAX Device updates the encryption
key used for all connected clients on the wireless network.
om
pa
ny
on
fid
Pre-Shared Key
108
User’s Guide
Chapter 8 The Wi-Fi Configuration Screens
8.3 MAC Filter
on
fid
en
Figure 44 ADVANCED > WAN Configuration >WiMAX Configuration
tia
Note: If you do not want to enable this feature, enter 00:00:00:00:00:00 in the MAC
address fields. (This is the default setting.)
Click ADVANCED > Wi-Fi Configuration > MAC Filter. This screen allows you
to create a list of MAC addresses that you will allow or deny on your network.
The following table describes the labels in this screen.
Table 35 ADVANCED > WAN Configuration >WiMAX Configuration
Active
DESCRIPTION
ny
LABEL
pa
Filter Action
Select this option to enable MAC address filtering on your WiMAX
Device. When active, only clients whose MAC addresses match those
you enter on this list are filtered.
Select the the type of filter you want to employ:
•
•
Allow - Select this option to allow connections only to the MAC
addresses on the list.
Deny - Select this option to disallow connection only to the MAC
addresses on this list.
The number of the item in the list.
MAC Address
Enter the MAC address to filter. MAC addresses are always written as
8 hexidecimal pairs separated by colons.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
om
Set
User’s Guide
109
Chapter 8 The Wi-Fi Configuration Screens
8.4 Advanced
on
fid
en
Figure 45 ADVANCED > WAN Configuration > Traffic Redirect
tia
Note: For more information on RTS/CTS and Fragmentation Thresholds, see
Appendix C on page 313.
Click ADVANCED > Wi-Fi Configuration > Advanced. This screen allows to
adjust your advanced Wi-Fi network settings.
The following table describes the labels in this screen.
Table 36 ADVANCED > Wi-Fi Configuration > Advanced
DESCRIPTION
RTS/CTS
Threshold
Enter a value between 256 and 2346 if you want to use the RTS
(Request to Send) / CTS (Clear to Send) mechanism to reduce potential
packet collisions.
LABEL
ny
If you notice that your Wi-Fi clients are suffering from data loss or slow
data packet transmission/reception, use this feature.
Note: Setting the value to 2346 effectively turns this off.
Enter a value between 256 and 2346 if you want to use the
Fragmentation Threshold mechanism. This reduces packet loss resulting
from signal interference (such as from other nearby wireless
transmitters) by pre-emptively and logically fragmenting data packets
and reassemblnig them at their destination.
As with the RTS/CTS Threshold mechanism, using this feature can
improve network performance if you are detecting an abnormal number
of packet collisions.
Note: Setting the value to 2346 effectively turns this off.
om
pa
Fragmentation
Threshold
110
User’s Guide
Chapter 8 The Wi-Fi Configuration Screens
Table 36 ADVANCED > Wi-Fi Configuration > Advanced (continued)
LABEL
DESCRIPTION
802.11 Mode
Select the Wi-Fi protocol to use while broadcasting.
802.11b - This protocol is one of the older ones and is not nearly as
robust as later versions (b, g, n). In many countries, it shares the
same frequency range (2.4 GHz) as other devices, like cordless
phones, Bluetooth devices, and microwave ovens, and so may be
prone to interference from them. This protocol has an approximate
maximum data throughput of: 11 Mbit/s (average is about 4.5 Mbit/
s in a typical networking environment). Select this mode if all your
clients are using ‘b’ and if you have moderate to low bandwidth
requirements.
802.11g - This protocol is newer and marginally more robust than
its predecessor. Like the ‘b’ protocol, it, too, tends to overlap
frequencies with other kinds of devices (2.4 GHz) and is similarly
prone to interference from them. However, differences in how it
operates give it much higher bandwidth capabilities and ouptut
power. This protocol has an approximate maximum data throughput
of: 54 Mbit/s (average is about 19 Mbit/s in a typical networking
environment.) Select this mode if your clients are using ‘g’ or a mix
of ‘g’ and ‘b’ and if you have moderate to high bandwidth
requirements.
802.11b/g - This is a hybrid protocol that incorporates all the
advantages of the individual protocols with few, if any, of their
drawbacks. More importantly, it does not suffer from interference
from other devices in its frequencey range. Select this method if you
have clients who are using either ‘b’, ‘g’, or both.
en
on
•
fid
•
tia
•
Click to save your changes.
Reset
Click to restore your previously saved settings.
om
pa
ny
Apply
User’s Guide
111
C
om
pa
ny
on
fid
en
tia
Chapter 8 The Wi-Fi Configuration Screens
112
User’s Guide
CHAPTER
tia
The VPN Transport Screens
en
9.1 Overview
fid
This chapter describes the ADVANCED > VPN Transport screens, where you can
configure the WiMAX Device to allow traffic from multiple users to pass through
the WiMAX network to the service provider’s router. Each user has his own
personal connection to the service provider, even though there is only a single
WiMAX connection. This allows the service provider to identify which user traffic
comes from.
on
VPN stands for “Virtual Private Network”. There are many types of VPN; the type
used by the WiMAX Device is known as Virtual Private LAN Service, or VPLS.
Note: Unlike some other types of VPN (such as IPSec VPNs) VPLS VPNs do not use
authentication or encryption to secure the data they carry.
ny
The following figure shows two users (A and B), connecting to the WiMAX Device
(Z) through a switch (S). Each user has his own connection over the WiMAX
network to the service provider’s router (R).
Figure 46 VPN Transport Example
pa
om
WiMAX
Note: The services available may vary, depending upon the service provider.
User’s Guide
113
Chapter 9 The VPN Transport Screens
9.1.1 What You Can Do in This Chapter
tia
• The Customer Interface screen (Section 9.3 on page 116) lets you specify
which users can use which WiMAX network links.
• The General screen (Section 9.2 on page 116) lets you turn VPN transport on
or off, and to set the VPN transport endpoint (your service provider’s router).
• The Ethernet Pseudowire screen (Section 9.4 on page 121) lets you configure
the links over the WiMAX network between the WiMAX Device and the service
provider’s router.
en
• The Statistics screen (Section 9.5 on page 124) lets you view performance
information about the VPN transport connections.
9.1.2 What You Need to Know
fid
The following terms and concepts may help as you read through this chapter.
Identifying Users
on
For the WiMAX Device’s VPN Transport feature to work, it must be able to identify
users on the LAN. It does this by examining VLAN (Virtual Local Area Network)
tags.
om
pa
ny
These tags must be added to the data packets by a switch on the LAN. In the
following example, two users (A and B) are connected to a switch (C). A and B
are connected to different ports on the switch (port 1 and port 2). A and B send
untagged packets to the switch. The switch adds tags to packets depending on the
physical port on which they arrive. Packets arriving on port 1 are given a VLAN ID
(VLAN IDentifier) of 1, and packets arriving on port 2 are given a VLAN ID of 2.
114
User’s Guide
Chapter 9 The VPN Transport Screens
When the packets reach the WiMAX Device (D), their source is identified by
examining their VLAN tags.
Figure 47 Identifying Users
VLAN 1
VLAN 2
PORT 1
9.1.3 Before You Begin
on
fid
PORT 2
en
tia
PORT 1
PORT 2
Before you start configuring your WiMAX Device to use VPN transport, ensure that
you have the following from the service provider:
• The IP address or domain name of the service provider’s edge router.
ny
• Virtual circuit (VC) labels for each Ethernet Pseudowire you want to create.
om
pa
• Also make sure that you know the VLAN IDs (Virtual LAN IDentifiers) of the
VLANs on your LAN.
User’s Guide
115
Chapter 9 The VPN Transport Screens
9.2 General
Click ADVANCED > VPN Transport to turn VPN transport on or off and to set the
VPN transport endpoint (your service provider’s router).
fid
en
tia
Figure 48 ADVANCED > VPN Transport > General
The following table describes the labels in this screen.
LABEL
DESCRIPTION
on
Table 37 ADVANCED > VPN Transport > General
L2/L3 VPN Transport General Setup
Select this to turn the VPN transport feature on. Deselect it to turn the
VPN transport feature off.
Remote GRE
Tunnel End
Enter the domain name or IP address of your service provider’s router.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
ny
Transport L2/L3
VPN...
pa
9.3 Customer Interface
om
Customer interfaces connect data coming from your computers to Ethernet
pseudowires, according to the data’s VLAN (Virtual Local Area Network)
information. One customer interface is for traffic that has no tag; this is the
default interface (rule 0) which cannot be deleted in the GUI. All other customer
interfaces are identified by their VLAN ID.
Once the WiMAX Device has examined a frame’s VLAN tag, it is able to assign the
frame to a specified path. This is done using a customer interface. The customer
116
User’s Guide
Chapter 9 The VPN Transport Screens
interface is simply a set of information that takes frames from a VLAN and put
them on an Ethernet pseudowire, and vice versa.
tia
In this example, the WiMAX Device takes frames tagged with two different VLAN
IDs (10 and 20) and using the customer interfaces, assigns them to specific
pseudowires (PW1 and PW2).
PW1
PW2
PW1
10
20
fid
VLAN 10
VLAN 20
en
Figure 49 Pseudowire Mapping
WiMAX
on
PW2
The WiMAX Device has a default customer interface configured for frames that
arrive at the WiMAX Device without VLAN tags.
9.3.1 Multi-Protocol Label Switching
pa
ny
The WiMAX Device uses MPLS VPNs to create virtual private LANs. MPLS stands for
Multi-Protocol Label Switching, and is a packet-switching technology that allows
packets with different VLAN tags to be transported on different paths (known as
LSPs, or Label Switched Paths). Each packet is identified by its VLAN tag and sent
to a specific LSP for transport over the WiMAX network.
om
Each LSP has a defined start-point and end-point. Since MPLS creates monodirectional paths (traffic flows in only one direction), each Ethernet pseudowire
uses two LSPs so that traffic can flow both ways. One LSP carries upstream traffic,
and the other carries downstream traffic.
9.3.2 Generic Routing Encapsulation
In order to transport the VPLS traffic over the WiMAX network, the WiMAX Device
uses the Generic Routing Encapsulation (GRE) protocol. Like MPLS, GRE is a
tunneling protocol that has specified endpoints. The GRE tunnel is bi-directional,
and transports both LSPs. The GRE tunnel runs across the WiMAX network
between the WiMAX Device and your service provider’s router.
User’s Guide
117
Chapter 9 The VPN Transport Screens
It is necessary to encapsulate the Ethernet pseudowire since the WiMAX
connection is IP-only. MPLS information is carried in a packet’s Ethernet header
and, without encapsulation, would be stripped from the packet prior to the
packet’s transmission over the WiMAX link.
tia
The following figure shows the VPLS connection between your WiMAX Device (A)
and your service provider’s router (B), consisting of GRE-encapsulated Ethernet
pseudowire traffic.
GRE
TUNNEL
fid
ETHERNET PSEUDOWIRES
en
Figure 50 VPLS Tunneling
on
WiMAX CONNECTION
9.3.3 Customer Interface Options
Click ADVANCED > VPN Transport > Customer Interface to configure the
VPNs used by the WiMAX Device.
ny
Note: You cannot delete the Untagged entry. It is required for the WiMAX Device to
function properly.
om
pa
Figure 51 ADVANCED > VPN Transport > Customer Interface
118
User’s Guide
Chapter 9 The VPN Transport Screens
The following table describes the icons in this screen.
Table 38 Advanced> VPN Transport > Customer Interface
ICON
DESCRIPTION
Edit
tia
Click to edit this item.
Delete
The following table describes the labels in this screen.
en
Click to delete this item.
Table 39 ADVANCED > VPN Transport > Customer Interface
DESCRIPTION
The number of the item in this list.
Active
This icon is green if the associated interface is enabled. The icon is grey
if the associated interface is disabled. Enable or disable an interface by
clicking its Edit icon and selecting or deselecting Active and clicking
Apply in the screen that displays.
fid
LABEL
on
Interface
This displays either Tagged or Untagged. A tagged interface controls
traffic with a specific IEEE 802.1Q VLAN tag, whereas an untagged
interface controls traffic that does not have a VLAN tag. There can be
only one untagged interface.
VLAN ID
For a tagged interface, this displays the IEEE 802.1Q VLAN ID number.
For the untagged interface, -1 displays.
Mode
This displays either B (bridging) or R (routing). Only the default
interface, interface 0, can be a routing interface.
Associated
Ethernet
Pseudowire
(Ingress,
Egress)
This displays the number of the Ethernet pseudowire that this interface
uses, as well as the ingress and egress MPLS (Multi-Protocol Label
Switching) VC (Virtual Circuit) label numbers.
DSCP
This displays the DiffServ Control Point value you previously entered in
binary. This determines the pseudowire’s priority on the network. The
DSCP value is displayed in binary notation and has six bits.
pa
ny
Type
om
Interface
Description
Click the Edit icon to set up a new interface or alter the configuration of
an existing interface.
Click the Delete icon to remove an existing interface.
Action
This displays the information you previously entered describing the
interface. For the default interface, interface 0, the description reads
“for routing / NAT”.
User’s Guide
119
Chapter 9 The VPN Transport Screens
9.3.4 Customer Interface Setup
on
fid
en
Figure 52 ADVANCED > VPN Transport > Customer Interface Setup
tia
Customer interfaces map traffic onto specific Ethernet pseudowires for transport
over the WiMAX network. There is also a default customer interface for routing
traffic that does not possess a VLAN tag.
Click the Edit icon in the ADVANCED > VPN Transport > Customer Interface
screen to open the Customer Interface Setup.
The following table describes the labels in this screen.
LABEL
Active
ny
Table 40 ADVANCED > VPN Transport > Customer Interface Setup
DESCRIPTION
Select to make this customer interface active. Deselect it to make
the customer interface inactive.
om
pa
Customer Interface
120
Type
A customer interface can be tagged (controlling traffic that has a
specific VLAN ID) or untagged (controlling traffic without a specific
VLAN ID). There can be only one untagged interface.
VLAN ID
Enter the Virtual Local Area Network Identifier number (1 ~ 4094)
for this interface. This VLAN ID must not be used by any other
customer interface.
For the untagged interface, -1 displays.
Mode
This displays Bridging or Routing. A tagged interface can operate
in bridging mode only.
Associated
Ethernet
Pseudowire
Select the Ethernet pseudowire this interface should use for
communications over the WiMAX network. You should configure the
pseudowire (in the ADVANCED > VPN Transport > Ethernet
Pseudowire screen) before you select it.
User’s Guide
Chapter 9 The VPN Transport Screens
Table 40 ADVANCED > VPN Transport > Customer Interface Setup (continued)
DESCRIPTION
DSCP
If you wish to prioritize an interface, enter a DiffServ Code Point
value of six bits in binary notation. The higher the value, the higher
the interface’s priority on the WiMAX Device’s WiMAX link.
Interface
Description
Enter a brief (up to 31 characters) name or description for this
interface.
Apply
Click to save your changes.
Cancel
Click to return to the previous screen without saving your changes.
en
tia
LABEL
9.4 Ethernet Pseudowire
fid
Because VPLS mimics a simple wired Ethernet connection to your service
provider’s router, the connection between the WiMAX Device and the peer device
is known as an “Ethernet pseudowire” or “PW”.
on
The Ethernet pseudowires use MPLS (MultiProtocol Label Switching) virtual circuit
labels to define the connection. In any such pseudowire, the ingress label on one
device must be the same as the egress label on the peer device, as shown in the
following figure. A is your WiMAX Device and B is your service provider’s router.
Figure 53 Ethernet Pseudowire Settings Example
PSEUDOWIRE
TO X
pa
ny
TO Y
INGRESS LABEL:
EGRESS LABEL:
INGRESS LABEL:
EGRESS LABEL:
om
Click ADVANCED > VPN Transport > Ethernet Pseudowire to configure the
WiMAX Device’s Ethernet pseudowires.
Figure 54 Advance > VPN Transport > Ethernet Pseudowire
User’s Guide
121
Chapter 9 The VPN Transport Screens
The following table describes the icons in this screen.
Table 41 Advanced> VPN Transport > Customer Interface
ICON
DESCRIPTION
Edit
tia
Click to edit this item.
Delete
The following table describes the labels in this screen.
en
Click to delete this item.
Table 42 ADVANCED > VPN Transport > Ethernet Pseudowire
DESCRIPTION
The number of the item in this list.
Active
This icon is green if the associated pseudowire is enabled. The
icon is grey if the associated pseudowire is disabled. Enable or
disable a pseudowire by clicking its Edit icon.
fid
LABEL
on
MPLS VC Label
Ingress
This is the MPLS virtual circuit label number for traffic coming
from the peer device.
Egress
This is the MPLS virtual circuit label number for traffic going to the
peer device.
This displays the information you previously entered describing
the pseudowire.
Action
Click the Edit icon to set up an Ethernet pseudowire or alter the
configuration of an existing Ethernet pseudowire.
Pseudowire
Description
om
pa
ny
Click the Delete icon to remove an existing Ethernet pseudowire.
122
User’s Guide
Chapter 9 The VPN Transport Screens
9.4.1 Ethernet Pseudowire Setup
tia
Click a pseudowire entry’s Edit icon in the ADVANCED > VPN Transport >
Ethernet Pseudowire screen to set up or modify an Ethernet pseudowire’s
configuration.
fid
en
Figure 55 ADVANCED > VPN Transport > Ethernet Pseudowire Setup
on
The following table describes the labels in this screen.
Table 43 ADVANCED > VPN Transport > Ethernet Pseudowire Setup
DESCRIPTION
Active
Select this to enable the pseudowire. Deselect it to disable the
pseudowire.
MPLS VC Label
pa
Egress
Enter the VC ingress label number for this pseudowire. This must
be the egress label number of the peer device. This should not
be the ingress label number of any other Ethernet pseudowire
configured on the WiMAX Device.
ny
Ingress
LABEL
Enter the egress label number for this pseudowire. This must be
the ingress label of the peer device. This should not be the
egress label number of any other Ethernet pseudowire
configured on the WiMAX Device.
Enter a brief (up to 31 characters) description for this
pseudowire.
Apply
Click to save your changes.
om
Pseudowire
Description
Click to return to the previous screen without saving your
changes.
Cancel
User’s Guide
123
Chapter 9 The VPN Transport Screens
tia
Click ADVANCED > VPN Transport > Statistics to view details and
performance information of each active customer interface and its associated
Ethernet pseudowire.
fid
en
Figure 56 ADVANCED > VPN Transport > Statistics
The following table describes the labels in this screen.
9.5 Statistics
Table 44 ADVANCED > VPN Transport > Statistics
DESCRIPTION
The number of the item in this list.
Active
This icon is green if the associated interface is enabled. The icon is
grey if the associated interface is disabled. Enable or disable an
interface by clicking its Edit icon.
Total Packets
This displays the number of packets received (Receive) and sent
(Transmit) on the customer interface since the interface was
activated, or the Clear button pressed.
Total Bytes
This displays the number of bytes received (Receive) and sent
(Transmit) on the customer interface since the interface was
activated, or the Clear button pressed.
ny
on
LABEL
This is the brief name or description of the customer interface
configured in the ADVANCED > VPN Transport > Customer
Interface Setup screen.
om
pa
Interface Description
124
User’s Guide
CHAPTER
10
tia
The NAT Configuration Screens
en
10.1 Overview
fid
Use these screens to configure port forwarding and trigger ports for the WiMAX
Device. You can also enable and disable SIP, FTP, and H.323 ALG.
on
Network Address Translation (NAT) maps a host’s IP address within one network
to a different IP address in another network. For example, you can use a NAT
router to map one IP address from your ISP to multiple private IP addresses for
the devices in your home network.
10.1.1 What You Can Do in This Chapter
• The General screen (Section 10.2 on page 125) lets you enable or disable NAT
and to allocate memory for NAT and firewall rules.
• The Port Forwarding screen (Section 10.3 on page 126) lets you look at the
current port-forwarding rules in the WiMAX Device, and to enable, disable,
activate, and deactivate each one.
ny
• The Trigger Port screen (Section 10.4 on page 130) lets you maintain trigger
port forwarding rules for the WiMAX Device.
pa
• The ALG screen (Section 10.5 on page 132) lets you enable and disable SIP
(VoIP), FTP (file transfer), and H.323 (audio-visual) ALG in the WiMAX Device.
om
10.2 General
Click ADVANCED > NAT Configuration > General to enable or disable NAT and
to allocate memory for NAT and firewall rules.
Figure 57 ADVANCED > NAT Configuration > General
User’s Guide
125
Chapter 10 The NAT Configuration Screens
The following table describes the labels in this screen.
Table 45 ADVANCED > NAT Configuration > General
DESCRIPTION
Enable Network
Address Translation
Select this if you want to use port forwarding, trigger ports, or any
of the ALG.
Max NAT/Firewall
Session Per User
When computers use peer to peer applications, such as file
sharing applications, they may use a large number of NAT
sessions. If you do not limit the number of NAT sessions a single
tia
LABEL
en
client can establish, this can result in all of the available NAT
sessions being used. In this case, no additional NAT sessions can
be established, and users may not be able to access the Internet.
Each NAT session establishes a corresponding firewall session. Use
this field to limit the number of NAT/firewall sessions each client
computer can establish through the WiMAX Device.
on
fid
If your network has a small number of clients using peer to peer
applications, you can raise this number to ensure that their
performance is not degraded by the number of NAT sessions they
can establish. If your network has a large number of users using
peer to peer applications, you can lower this number to ensure no
single client is using all of the available NAT sessions.
Click to save your changes.
Cancel
Click to return to the previous screen without saving your
changes.
Apply
ny
10.3 Port Forwarding
A NAT server set is a list of inside (behind NAT on the LAN) servers, for example,
web or FTP, that you can make accessible to the outside world even though NAT
makes your whole inside network appear as a single machine to the outside world.
om
pa
Use the ADVANCED > NAT Configuration > Port Forwarding screen to
forward incoming service requests to the server(s) on your local network. You
may enter a single port number or a range of port numbers to be forwarded, and
the local IP address of the desired server. The port number identifies a service; for
example, web service is on port 80 and FTP on port 21. In some cases, such as for
unknown services or where one server can support more than one service (for
example both FTP and web service), it might be better to specify a range of port
numbers.
126
In addition to the servers for specified services, NAT supports a default server. A
service request that does not have a server explicitly designated for it is
forwarded to the default server. If the default is not defined, the service request is
simply discarded.
User’s Guide
Chapter 10 The NAT Configuration Screens
tia
For example, let's say you want to assign ports 21-25 to one FTP, Telnet and
SMTP server (A in the example), port 80 to another (B in the example) and assign
a default server IP address of 192.168.1.35 to a third (C in the example). You
assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT
network appears as a single host on the Internet.
on
10.3.1 Port Forwarding Options
fid
en
Figure 58 Multiple Servers Behind NAT Example
Click ADVANCED > NAT Configuration > Port Forwarding to look at the
current port-forwarding rules in the WiMAX Device, and to enable, disable,
activate, and deactivate each one. You can also set up a default server to handle
ports not covered by rules.
om
pa
ny
Figure 59 ADVANCED > NAT Configuration > Port Forwarding
User’s Guide
127
Chapter 10 The NAT Configuration Screens
The following table describes the icons in this screen.
Table 46 Advanced> VPN Transport > Customer Interface
ICON
DESCRIPTION
Edit
tia
Click to edit this item.
Delete
The following table describes the labels in this screen.
en
Click to delete this item.
Table 47 ADVANCED > NAT Configuration > Port Forwarding
LABEL
DESCRIPTION
Default Server
fid
Default Server Setup
Enter the IP address of the server to which the WiMAX Device should
forward packets for ports that are not specified in the Port Forwarding
section below or in the TOOLS > Remote MGMT screens. Enter
0.0.0.0 if you want the WiMAX Device to discard these packets instead.
on
Port Forwarding
The number of the item in this list.
Active
Select this to enable this rule. Clear this to disable this rule.
Name
This field displays the name of the rule. It does not have to be unique.
Start Port
This field displays the beginning of the range of port numbers
forwarded by this rule.
End Port
This field displays the end of the range of port numbers forwarded by
this rule. If it is the same as the Start Port, only one port number is
forwarded.
This field displays the IP address of the server to which packet for the
selected port(s) are forwarded.
Click the Edit icon to set up a port forwarding rule or alter the
configuration of an existing port forwarding rule.
pa
Action
ny
Server IP
Address
Click the Delete icon to remove an existing port forwarding rule.
Click to save your changes.
Reset
Click to restore your previously saved settings.
om
Apply
128
User’s Guide
Chapter 10 The NAT Configuration Screens
10.3.2 Port Forwarding Rule Setup
Click a port forwarding rule’s Edit icon in the ADVANCED > NAT Configuration
> Port Forwarding screen to activate, deactivate, or edit it.
fid
en
tia
Figure 60 ADVANCED > NAT Configuration > Port Forwarding > Rule Setup
on
The following table describes the labels in this screen.
Table 48 ADVANCED > NAT Configuration > Port Forwarding > Rule Setup
DESCRIPTION
Active
Select this to enable this rule. Clear this to disable this rule.
Service Name
Enter a name to identify this rule. You can use 1 - 31 printable ASCII
characters, or you can leave this field blank. It does not have to be a
unique name.
Start Port
Enter the port number or range of port numbers you want to forward to
the specified server.
ny
End Port
LABEL
To forward one port number, enter the port number in the Start Port
and End Port fields.
To forward a range of ports,
pa
•
•
enter the port number at the beginning of the range in the Start
Port field
enter the port number at the end of the range in the End Port field.
Enter the IP address of the server to which to forward packets for the
selected port number(s). This server is usually on the LAN.
Apply
Click to save your changes.
Cancel
Click to return to the previous screen without saving your changes.
om
Server IP
Address
User’s Guide
129
Chapter 10 The NAT Configuration Screens
10.4 Trigger Port
en
tia
Some services use a dedicated range of ports on the client side and a dedicated
range of ports on the server side. With regular port forwarding you set a
forwarding port in NAT to forward a service (coming in from the server on the
WAN) to the IP address of a computer on the client side (LAN). The problem is
that port forwarding only forwards a service to a single LAN IP address. In order to
use the same service on a different LAN computer, you have to manually replace
the LAN computer's IP address in the forwarding port with another LAN
computer's IP address,
on
fid
Trigger port forwarding solves this problem by allowing computers on the LAN to
dynamically take turns using the service. The WiMAX Device records the IP
address of a LAN computer that sends traffic to the WAN to request a service with
a specific port number and protocol (a "trigger" port). When the WiMAX Device's
WAN port receives a response with a specific port number and protocol
("incoming" port), the WiMAX Device forwards the traffic to the LAN IP address of
the computer that sent the request. After that computer’s connection for that
service closes, another computer on the LAN can use the service in the same
manner. This way you do not need to configure a new IP address each time you
want a different LAN computer to use the application.
Click ADVANCED > NAT Configuration > Trigger Port to maintain trigger port
forwarding rules for the WiMAX Device.
pa
ny
Figure 61 ADVANCED > NAT Configuration > Trigger Port
om
The following table describes the labels in this screen.
Table 49 ADVANCED > NAT Configuration > Trigger Port
130
LABEL
DESCRIPTION
The number of the item in this list.
Name
Enter a name to identify this rule. You can use 1 - 15 printable ASCII
characters, or you can leave this field blank. It does not have to be a
unique name.
Incoming
User’s Guide
Chapter 10 The NAT Configuration Screens
Table 49 ADVANCED > NAT Configuration > Trigger Port (continued)
DESCRIPTION
Start Port
End Port
Enter the incoming port number or range of port numbers you want to
forward to the IP address the WiMAX Device records.
tia
To forward one port number, enter the port number in the Start Port
and End Port fields.
To forward a range of ports,
•
enter the port number at the beginning of the range in the Start
Port field
enter the port number at the end of the range in the End Port field.
en
•
LABEL
If you want to delete this rule, enter zero in the Start Port and End
Port fields.
Trigger
Enter the outgoing port number or range of port numbers that makes
the WiMAX Device record the source IP address and assign it to the
selected incoming port number(s).
fid
Start Port
End Port
on
To select one port number, enter the port number in the Start Port and
End Port fields.
To select a range of ports,
•
•
enter the port number at the beginning of the range in the Start
Port field
enter the port number at the end of the range in the End Port field.
If you want to delete this rule, enter zero in the Start Port and End
Port fields.
Click to save your changes.
Cancel
Click to return to the previous screen without saving your changes.
ny
Apply
10.4.1 Trigger Port Forwarding Example
pa
The following is an example of trigger port forwarding. In this example, J is Jane’s
computer and S is the Real Audio server.
om
Figure 62 Trigger Port Forwarding Example
User’s Guide
131
Chapter 10 The NAT Configuration Screens
Jane requests a file from the Real Audio server (port 7070).
Port 7070 is a “trigger” port and causes the WiMAX Device to record Jane’s
computer IP address. The WiMAX Device associates Jane's computer IP address
with the "incoming" port range of 6970-7170.
The Real Audio server responds using a port number ranging between 6970-7170.
The WiMAX Device forwards the traffic to Jane’s computer IP address.
Only Jane can connect to the Real Audio server until the connection is closed or
times out. The WiMAX Device times out in three minutes with UDP (User
Datagram Protocol), or two hours with TCP/IP (Transfer Control Protocol/Internet
Protocol).
fid
Two points to remember about trigger ports:
en
tia
Trigger events only happen on data that is coming from inside the WiMAX Device
and going to the outside.
If an application needs a continuous data stream, that port (range) will be tied up
so that another computer on the LAN can’t trigger it.
on
10.5 ALG
ny
Some applications, such as SIP, cannot operate through NAT (are NAT unfriendly) because they embed IP addresses and port numbers in their packets’
data payload.
pa
Some NAT routers may include a SIP Application Layer Gateway (ALG). An
Application Layer Gateway (ALG) manages a specific protocol (such as SIP, H.323
or FTP) at the application layer.
om
A SIP ALG allows SIP calls to pass through NAT by examining and translating IP
addresses embedded in the data stream.
132
User’s Guide
Chapter 10 The NAT Configuration Screens
Click ADVANCED > NAT Configuration > ALG to enable and disable SIP (VoIP),
FTP (file transfer), and H.323 (audio-visual) ALG in the WiMAX Device.
The following table describes the labels in this screen.
Table 50 ADVANCED > NAT Configuration > ALG
en
tia
Figure 63 ADVANCED > NAT Configuration > ALG
DESCRIPTION
Enable SIP ALG
Select this to make sure SIP (VoIP) works correctly with portforwarding and port-triggering rules.
Enable FTP ALG
Select this to make sure FTP (file transfer) works correctly with portforwarding and port-triggering rules.
Enable H.323
ALG
Select this to make sure H.323 (audio-visual programs, such as
NetMeeting) works correctly with port-forwarding and port-triggering
rules.
Apply
Click to save your changes.
Cancel
Click to return to the previous screen without saving your changes.
om
pa
ny
on
fid
LABEL
User’s Guide
133
C
om
pa
ny
on
fid
en
tia
Chapter 10 The NAT Configuration Screens
134
User’s Guide
CHAPTER
11
en
tia
The System Configuration
Screens
11.1 Overview
on
fid
Click ADVANCED > System Configuration to set up general system settings,
change the system mode, change the password, configure the DDNS server
settings, and set the current date and time.
11.1.1 What You Can Do in This Chapter
• The General screen (Section 11.2 on page 137) lets you change the WiMAX
Device’s mode, set up its system name, domain name, idle timeout, and
administrator password.
• The Dynamic DNS screen (Section 11.3 on page 138) lets you set up the
WiMAX Device as a dynamic DNS client.
ny
• The Firmware screen (Section 11.4 on page 140) lets you upload new firmware
to the WiMAX Device.
• The Configuration screen (Section 11.5 on page 142) lets you back up or
restore the configuration of the WiMAX Device.
pa
• The Restart screen (Section 11.6 on page 143) lets you restart your WiMAX
Device from within the web configurator.
11.1.2 What You Need to Know
om
The following terms and concepts may help as you read through this chapter.
System Name
The System Name is often used for identification purposes. Because some ISPs
check this name you should enter your computer's "Computer Name".
• In Windows 2000: Click Start > Settings > Control Panel and then doubleclick the System icon. Select the Network Identification tab and then click
the Properties button. Note the entry for the Computer Name field and enter
it as the System Name.
User’s Guide
135
Chapter 11 The System Configuration Screens
• In Windows XP: Click Start > My Computer > View system information and
then click the Computer Name tab. Note the entry in the Full computer
name field and enter it as the WiMAX Device System Name.
Domain Name
en
tia
The Domain Name entry is what is propagated to the DHCP clients on the LAN. If
you leave this blank, the domain name obtained by DHCP from the ISP is used.
While you must enter the host name (System Name) on each individual computer,
the domain name can be assigned from the WiMAX Device via DHCP.
DNS Server Address Assignment
fid
Use DNS (Domain Name System) to map a domain name to its corresponding IP
address and vice versa, for instance, the IP address of www.zyxel.com is
204.217.0.2. The DNS server is extremely important because without it, you must
know the IP address of a computer before you can access it.
on
The WiMAX Device can get the DNS server addresses in the following ways:
The ISP tells you the DNS server addresses, usually in the form of an information
sheet, when you sign up. If your ISP gives you DNS server addresses, enter them
in the DNS Server fields in the SYSTEM General screen.
If the ISP did not give you DNS server information, leave the DNS Server fields in
the SYSTEM General screen set to 0.0.0.0 for the ISP to dynamically assign the
DNS server IP addresses.
om
pa
ny
136
User’s Guide
Chapter 11 The System Configuration Screens
11.2 General
tia
on
fid
en
Figure 64 ADVANCED > System Configuration > General
Click ADVANCED > System Configuration > General to change the WiMAX
Device’s mode, set up its system name, domain name, idle timeout, and
administrator password.
The following table describes the labels in this screen.
Table 51 ADVANCED > System Configuration > General
DESCRIPTION
ny
LABEL
System Setup
Enter your computer's "Computer Name". This is for identification
purposes, but some ISPs also check this field. This name can be up to
30 alphanumeric characters long. Spaces are not allowed, but dashes “” and underscores "_" are accepted.
pa
System Name
Enter the domain name entry that is propagated to DHCP clients on the
LAN. If you leave this blank, the domain name obtained from the ISP is
used. Use up to 38 alphanumeric characters. Spaces are not allowed,
but dashes “-” and periods "." are accepted.
Administrator
Inactivity Timer
Enter the number of minutes a management session can be left idle
before the session times out. After it times out, you have to log in
again. A value of "0" means a management session never times out, no
matter how long it has been left idle. This is not recommended. Long
idle timeouts may have security risks. The default is five minutes.
om
Domain Name
Password Setup
User’s Guide
Old Password
Enter the current password you use to access the WiMAX Device.
New Password
Enter the new password for the WiMAX Device. You can use up to 30
characters. As you type the password, the screen displays an asterisk
(*) for each character you type.
137
Chapter 11 The System Configuration Screens
DESCRIPTION
Retype to
Confirm
Enter the new password again.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
en
11.3 Dynamic DNS
tia
LABEL
Table 51 ADVANCED > System Configuration > General (continued)
on
fid
Dynamic DNS allows you to update your current dynamic IP address with one or
many dynamic DNS services so that anyone can contact you (in NetMeeting, CUSeeMe, etc.). You can also access your FTP server or Web site on your own
computer using a domain name (for instance myhost.dhs.org, where myhost is a
name of your choice) that will never change instead of using an IP address that
changes each time you reconnect. Your friends or relatives will always be able to
call you even if they don't know your IP address.
First of all, you need to have registered a dynamic DNS account with
www.dyndns.org. This is for people with a dynamic IP from their ISP or DHCP
server that would still like to have a domain name. The Dynamic DNS service
provider will give you a password or key.
ny
Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be
aliased to the same IP address as yourhost.dyndns.org. This feature is useful if
you want to be able to use, for example, www.yourhost.dyndns.org and still reach
your hostname.
om
pa
Note: If you have a private WAN IP address, then you cannot use Dynamic DNS.
138
User’s Guide
Chapter 11 The System Configuration Screens
Click ADVANCED > System Configuration > Dynamic DNS to set up the
WiMAX Device as a dynamic DNS client.
on
fid
en
tia
Figure 65 ADVANCED > System Configuration > Dynamic DNS
ny
The following table describes the labels in this screen.
Table 52 ADVANCED > System Configuration > Dynamic DNS
LABEL
DESCRIPTION
Dynamic DNS Setup
Select this to use dynamic DNS.
Service
Provider
Select the name of your Dynamic DNS service provider.
Dynamic DNS
Type
Select the type of service that you are registered for from your Dynamic
DNS service provider.
Host Name
Enter the host name. You can specify up to two host names, separated
by a comma (",").
User Name
Enter your user name.
Password
Enter the password assigned to you.
Enable Wildcard
Option
Select this to enable the DynDNS Wildcard feature.
om
pa
Enable Dynamic
DNS
User’s Guide
139
Chapter 11 The System Configuration Screens
Table 52 ADVANCED > System Configuration > Dynamic DNS (continued)
DESCRIPTION
Enable offline
option
This field is available when CustomDNS is selected in the DDNS Type
field. Select this if your Dynamic DNS service provider redirects traffic
to a URL that you can specify while you are off line. Check with your
Dynamic DNS service provider.
LABEL
tia
IP Address Update Policy
Select this if you want the WiMAX Device to update the domain name
with the WAN port's IP address.
Dynamic DNS
server auto
detect IP
address
Select this if you want the DDNS server to update the IP address of the
host name(s) automatically. Select this option when there are one or
more NAT routers between the WiMAX Device and the DDNS server.
en
Use WAN IP
Address
fid
Note: The DDNS server may not be able to detect the proper IP
address if there is an HTTP proxy server between the
WiMAX Device and the DDNS server.
Select this if you want to use the specified IP address with the host
name(s). Then, specify the IP address. Use this option if you have a
static IP address.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
11.4 Firmware
on
Use specified IP
address
ny
Click ADVANCED > System Configuration > Firmware to upload new
firmware to the WiMAX Device. Firmware files usually use the system model name
with a "*.bin" extension, such as "WiMAX Device.bin". The upload process uses
HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a
successful upload, the system will reboot.
pa
Contact your service provider for information on available firmware upgrades.
Note: Only use firmware for your WiMAX Device’s specific model.
om
Figure 66 ADVANCED > System Configuration > Firmware
140
User’s Guide
Chapter 11 The System Configuration Screens
The following table describes the labels in this screen.
DESCRIPTION
File Path
Enter the location of the *.bin file you want to upload, or click
Browse... to find it. You must decompress compressed (.zip) files
before you can upload them.
tia
LABEL
Table 53 ADVANCED > System Configuration > Firmware
Click this to find the *.bin file you want to upload.
Upload
Click this to begin uploading the selected file. This may take up to two
minutes.
en
Browse...
Note: Do not turn off the device while firmware upload is in
progress!
fid
11.4.1 The Firmware Upload Process
on
When the WiMAX Device uploads new firmware, the process usually takes about
two minutes. The device also automatically restarts in this time. This causes a
temporary network disconnect.
Note: Do not turn off the device while firmware upload is in progress!
After two minutes, log in again, and check your new firmware version in the
Status screen. You might have to open a new browser window to log in.
If the upload is not successful, you will be notified by error message.
om
pa
ny
Click Return to go back to the Firmware screen.
User’s Guide
141
Chapter 11 The System Configuration Screens
on
fid
en
Figure 67 ADVANCED > System Configuration > Configuration
tia
Click ADVANCED > System Configuration > Configuration to back up or
restore the configuration of the WiMAX Device. You can also use this screen to
reset the WiMAX Device to the factory default settings.
11.5 Configuration
The following table describes the labels in this screen.
Table 54 ADVANCED > System Configuration > Configuration
DESCRIPTION
ny
LABEL
Backup Configuration
Click this to save the WiMAX Device’s current configuration to a file on
your computer. Once your device is configured and functioning
properly, it is highly recommended that you back up your configuration
file before making configuration changes. The backup configuration file
is useful if you need to return to your previous settings.
pa
Backup
Restore Configuration
Enter the location of the file you want to upload, or click Browse... to
find it.
Browse
Click this to find the file you want to upload.
Upload
Click this to restore the selected configuration file.
om
File Path
142
Note: Do not turn off the device while configuration file upload is in
progress.
Back to Factory Defaults
Reset
Click this to clear all user-entered configuration information and return
the WiMAX Device to its factory defaults. There is no warning screen.
User’s Guide
Chapter 11 The System Configuration Screens
11.5.1 The Restore Configuration Process
tia
Note: Do not turn off the device while configuration file upload is in progress.
When the WiMAX Device restores a configuration file, the device automatically
restarts. This causes a temporary network disconnect.
fid
You might have to open a new browser to log in again.
en
If the WiMAX Device’s IP address is different in the configuration file you selected,
you may need to change the IP address of your computer to be in the same
subnet as that of the default management IP address (192.168.5.1). See the
Quick Start Guide or the appendices for details on how to set up your computer’s
IP address.
If the upload was not successful, you are notified by Configuration Upload
Error message:
on
Click Return to go back to the Configuration screen.
11.6 Restart
Click ADVANCED > System Configuration > Restart to reboot the WiMAX
Device without turning the power off.
ny
Note: Restarting the WiMAX Device does not affect its configuration.
pa
Figure 68 ADVANCED > System Configuration > Restart
The following table describes the labels in this screen.
om
Table 55 ADVANCED > System Configuration > Firmware
User’s Guide
LABEL
DESCRIPTION
Restart
Click this button to have the device perform a software restart. The
Power LED blinks as it restarts and the shines steadily if the restart is
successful.
Note: Wait one minute before logging back into the WiMAX Device
after a restart.
143
Chapter 11 The System Configuration Screens
11.6.1 The Restart Process
om
pa
ny
on
fid
en
tia
When you click Restart, the the process usually takes about two minutes. Once
the restart is complete you can log in again.
144
User’s Guide
tia
en
Voice Screens
P ART IV
fid
The Service Configuration Screens (147)
The Phone Screens (165)
om
pa
ny
on
The Phone Book Screens (175)
145
146
om
pa
ny
on
fid
en
tia
CHAPTER
12
en
tia
The Service Configuration
Screens
12.1 Overview
fid
The VOICE > Service Configuration screens allow you to set up your voice
accounts and configure your QoS settings.
on
VoIP (Voice over IP) is the sending of voice signals over the Internet Protocol. This
allows you to make phone calls and send faxes over the Internet at a fraction of
the cost of using the traditional circuit-switched telephone network. You can also
use servers to run telephone service applications like PBX services and voice mail.
Internet Telephony Service Provider (ITSP) companies provide VoIP service. A
company could alternatively set up an IP-PBX and provide it’s own VoIP service.
ny
Circuit-switched telephone networks require 64 kilobits per second (kbps) in each
direction to handle a telephone call. VoIP can use advanced voice coding
techniques with compression to reduce the required bandwidth.
12.1.1 What You Can Do in This Chapter
pa
• The SIP Settings screen (Section 12.2 on page 149) lets you setup and
maintain your SIP account(s) in the WiMAX Device.
• The Advanced SIP Settings screen (Section 12.2.1 on page 151) lets you set
up and maintain advanced settings for each SIP account
om
• The QoS screen (Section 12.3 on page 158) lets you set up and maintain ToS
and VLAN settings for the WiMAX Device.
12.1.2 What You Need to Know
The following terms and concepts may help as you read through this chapter.
SIP
The Session Initiation Protocol (SIP) is an application-layer control (signaling)
protocol that handles the setting up, altering and tearing down of voice and
User’s Guide
147
Chapter 12 The Service Configuration Screens
multimedia sessions over the Internet. SIP signaling is separate from the media
for which it handles sessions. The media that is exchanged during the session can
use a different path from that of the signaling. SIP handles telephone calls and can
interface with traditional circuit-switched telephone networks.
tia
SIP Identities
en
A SIP account uses an identity (sometimes referred to as a SIP address). A
complete SIP identity is called a SIP URI (Uniform Resource Identifier). A SIP
account's URI identifies the SIP account in a way similar to the way an e-mail
address identifies an e-mail account. The format of a SIP identity is SIPNumber@SIP-Service-Domain.
fid
SIP Number
on
The SIP number is the part of the SIP URI that comes before the “@” symbol. A
SIP number can use letters like in an e-mail address (johndoe@your-ITSP.com for
example) or numbers like a telephone number (1122334455@VoIP-provider.com
for example).
SIP Service Domain
ny
The SIP service domain of the VoIP service provider (the company that lets you
make phone calls over the Internet) is the domain name in a SIP URI. For
example, if the SIP address is 1122334455@VoIP-provider.com, then “VoIPprovider.com” is the SIP service domain.
SIP Register Server
pa
A SIP register server maintains a database of SIP identity-to-IP address (or
domain name) mapping. The register server checks your user name and password
when you register.
RTP
om
When you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is
used to handle voice data transfer. See RFC 1889 for details on RTP.
Use NAT
148
If you know the NAT router’s public IP address and SIP port number, you can use
the Use NAT feature to manually configure the WiMAX Device to use a them in the
SIP messages. This eliminates the need for STUN or a SIP ALG. You must also
configure the NAT router to forward traffic with this port number to the WiMAX
Device.
User’s Guide
Chapter 12 The Service Configuration Screens
• Ensure that you have all of your voice account information on hand. If not,
contact your voice account service provider to find out which settings in this
chapter you should configure in order to use your telephone with the WiMAX
Device.
en
tia
• Connect your WiMAX Device to the Internet, as described in the Quick Start
Guide. If you have not already done so, then you will not be able to test your
VoIP settings.
12.1.3 Before you Begin
12.2 SIP Settings
fid
Click VOICE > Service Configuration > SIP Setting to setup and maintain
your SIP account(s) in the WiMAX Device. Your VoIP or Internet service provider
should provide you with your account information. You can also enable and disable
each SIP account.
om
pa
ny
on
Figure 69 VOICE > Service Configuration > SIP Setting
User’s Guide
149
Chapter 12 The Service Configuration Screens
The following table describes the labels in this screen.
Table 56 VOICE > Service Configuration > SIP Setting
DESCRIPTION
SIP Account
Select the SIP account you want to see in this screen. If you change this
field, the screen automatically refreshes.
LABEL
Active SIP
Account
tia
SIP Settings
Select this if you want the WiMAX Device to use this account. Clear it if
you do not want the WiMAX Device to use this account.
Enter your SIP number. In the full SIP URI, this is the part before the @
symbol. You can use up to 127 printable ASCII characters.
SIP Local
Port
Enter the WiMAX Device’s listening port number, if your VoIP service
provider gave you one. Otherwise, keep the default value.
SIP Server
Address
Enter the IP address or domain name of the SIP server provided by
your VoIP service provider. You can use up to 95 printable ASCII
characters. It does not matter whether the SIP server is a proxy,
redirect or register server.
SIP Server
Port
Enter the SIP server’s listening port number, if your VoIP service
provider gave you one. Otherwise, keep the default value.
REGISTER
Server
Address
Enter the IP address or domain name of the SIP register server, if your
VoIP service provider gave you one. Otherwise, enter the same address
you entered in the SIP Server Address field. You can use up to 95
printable ASCII characters.
REGISTER
Server Port
Enter the SIP register server’s listening port number, if your VoIP
service provider gave you one. Otherwise, enter the same port number
you entered in the SIP Server Port field.
SIP Service
Domain
Enter the SIP service domain name. In the full SIP URI, this is the part
after the @ symbol. You can use up to 127 printable ASCII Extended
set characters.
Send Caller ID
Select this if you want to send identification when you make VoIP phone
calls. Clear this if you do not want to send identification.
ny
on
fid
en
Number
Authentication
Enter the user name for registering this SIP account, exactly as it was
given to you. You can use up to 95 printable ASCII characters.
pa
User Name
Enter the user name for registering this SIP account, exactly as it was
given to you. You can use up to 95 printable ASCII Extended set
characters.
Apply
Click to save your changes.
om
Password
Click to restore your previously saved settings.
Advanced
Click this to edit the advanced settings for this SIP account. The
Advanced SIP Settings screen appears.
Reset
150
User’s Guide
Chapter 12 The Service Configuration Screens
12.2.1 Advanced SIP Settings
This section describes the features of the Advanced SIP settings screen.
tia
12.2.1.1 STUN
fid
The following figure shows how STUN works.
en
STUN (Simple Traversal of User Datagram Protocol (UDP) through Network
Address Translators) allows the WiMAX Device to find the presence and types of
NAT routers and/or firewalls between it and the public Internet. STUN also allows
the WiMAX Device to find the public IP address that NAT assigned, so the WiMAX
Device can embed it in the SIP data stream. STUN does not work with symmetric
NAT routers or firewalls. See RFC 3489 for details on STUN.
The WiMAX Device (A) sends SIP packets to the STUN server (B).
The STUN server (B) finds the public IP address and port number that the NAT
router used on the WiMAX Device’s SIP packets and sends them to the WiMAX
Device.
The WiMAX Device uses the public IP address and port number in the SIP packets
that it sends to the SIP server (C).
pa
ny
Figure 70 STUN
on
NAT
12.2.1.2 Outbound Proxy
om
Your VoIP service provider may host a SIP outbound proxy server to handle all of
the WiMAX Device’s VoIP traffic. This allows the WiMAX Device to work with any
type of NAT router and eliminates the need for STUN or a SIP ALG. Turn off a SIP
ALG on a NAT router in front of the WiMAX Device to keep it from re-translating
the IP address (since this is already handled by the outbound proxy server).
User’s Guide
151
Chapter 12 The Service Configuration Screens
12.2.1.3 Voice Coding
A codec (coder/decoder) codes analog voice signals into digital signals and
decodes the digital signals back into voice signals. The WiMAX Device supports the
following codecs.
en
tia
• G.711 is a Pulse Code Modulation (PCM) waveform codec. PCM measures
analog signal amplitudes at regular time intervals (sampling) and converts them
into digital bits (quantization). Quantization “reads” the analog signal and then
“writes” it to the nearest digital value. For this reason, a digital sample is usually
slightly different from its analog original (this difference is known as
“quantization noise”). G.711 provides excellent sound quality but requires
64kbps of bandwidth.
fid
• G.723 is an Adaptive Differential Pulse Code Modulation (ADPCM) waveform
codec. Differential (or Delta) PCM is similar to PCM, but encodes the audio signal
based on the difference between one sample and a prediction based on previous
samples, rather than encoding the sample’s actual quantized value. Many
thousands of samples are taken each second, and the differences between
consecutive samples are usually quite small, so this saves space and reduces
the bandwidth necessary.
ny
on
However, DPCM produces a high quality signal (high signal-to-noise ratio or
SNR) for high difference signals (where the actual signal is very different from
what was predicted) but a poor quality signal (low SNR) for low difference
signals (where the actual signal is very similar to what was predicted). This is
because the level of quantization noise is the same at all signal levels. Adaptive
DPCM solves this problem by adapting the difference signal’s level of
quantization according to the audio signal’s strength. A low difference signal is
given a higher quantization level, increasing its signal-to-noise ratio. This
provides a similar sound quality at all signal levels. G.723 provides high quality
sound and requires 20 or 40 kbps.
pa
• G.729 is an Analysis-by-Synthesis (AbS) hybrid waveform codec. It uses a filter
based on information about how the human vocal tract produces sounds. The
codec analyzes the incoming voice signal and attempts to synthesize it using its
list of voice elements. It tests the synthesized signal against the original and, if
it is acceptable, transmits details of the voice elements it used to make the
synthesis. Because the codec at the receiving end has the same list, it can
exactly recreate the synthesized audio signal.G.729 provides good sound quality
and reduces the required bandwidth to 8kbps.
om
12.2.1.4 MWI (Message Waiting Indication)
Enable Message Waiting Indication (MWI) enables your phone to give you a
message–waiting (beeping) dial tone when you have one or more voice messages.
Your VoIP service provider must have a messaging system that sends messagewaiting-status SIP packets as defined in RFC 3842.
152
User’s Guide
Chapter 12 The Service Configuration Screens
12.2.1.5 Advanced SIP Settings Options
Click Advanced in VOICE > Service Configuration > SIP Settings to set up
and maintain advanced settings for each SIP account.
pa
ny
on
fid
en
tia
Figure 71 VOICE > Service Configuration > SIP Settings > Advanced
The following table describes the labels in this screen.
om
Table 57 VOICE > Service Configuration > SIP Settings > Advanced
LABEL
DESCRIPTION
SIP Server Settings
URL Type
User’s Guide
Select whether or not to include the SIP service domain name when the
WiMAX Device sends the SIP number.
•
•
SIP - include the SIP service domain name
TEL - do not include the SIP service domain name
153
Chapter 12 The Service Configuration Screens
Table 57 VOICE > Service Configuration > SIP Settings > Advanced (continued)
DESCRIPTION
Expiration
Duration
Enter the number of seconds your SIP account is registered with the
SIP register server before it is deleted. The WiMAX Device automatically
tries to re-register your SIP account when one-half of this time has
passed. (The SIP register server might have a different expiration.)
Register Resend timer
Enter the number of seconds the WiMAX Device waits before it tries
again to register the SIP account, if the first try failed or if there is no
response.
Session Expires
Enter the number of seconds the conversation can last before the call is
automatically disconnected. Usually, when one-half of this time has
passed, the WiMAX Device or the other party updates this timer to
prevent this from happening.
Min-SE
Enter the minimum number of seconds the WiMAX Device accepts for a
session expiration time when it receives a request to start a SIP
session. If the request has a shorter time, the WiMAX Device rejects it.
fid
en
tia
LABEL
RTP Port Range
Start Port
Enter the listening port number(s) for RTP traffic, if your VoIP service
provider gave you this information. Otherwise, keep the default values.
End Port
on
To enter one port number, enter the port number in the Start Port and
End Port fields.
To enter a range of ports:
•
Voice Compression
Select the type of voice coder/decoder (codec) that you want the
WiMAX Device to use.
ny
Primary,
Secondary, and
Third
Compression
Type the port number at the beginning of the range in the Start
Port field
Type the port number at the end of the range in the End Port field.
•
G.711 provides high voice quality but requires more bandwidth (64
kbps).
pa
•
•
•
•
G.711A is typically used in Europe.
G.711u is typically used in North America and Japan.
G.723 provides good voice quality, and requires 20 or 40 kbps.
G.729 requires only 8 kbps.
om
The WiMAX Device must use the same codec as the peer. When two SIP
devices start a SIP session, they must agree on a codec.
DTMF Mode
For more on voice compression, see Voice Coding on page 152
Control how the WiMAX Device handles the tones that your telephone
makes when you push its buttons. You should use the same mode your
VoIP service provider uses.
•
•
•
RFC 2833 - send the DTMF tones in RTP packets
PCM - send the DTMF tones in the voice data stream. This method
works best when you are using a codec that does not use
compression (like G.711). Codecs that use compression (like G.729)
can distort the tones.
SIP INFO - send the DTMF tones in SIP messages
STUN
154
User’s Guide
Chapter 12 The Service Configuration Screens
Table 57 VOICE > Service Configuration > SIP Settings > Advanced (continued)
LABEL
DESCRIPTION
Active
Select this if all of the following conditions are satisfied.
•
•
•
There is a NAT router between the WiMAX Device and the SIP
server.
The NAT router is not a SIP ALG.
Your VoIP service provider gave you an IP address or domain name
for a STUN server.
Otherwise, clear this field.
tia
•
Enter the IP address or domain name of the STUN server provided by
your VoIP service provider.
Server Port
Enter the STUN server’s listening port, if your VoIP service provider
gave you one. Otherwise, keep the default value.
en
Server Address
Use NAT
Select this if you want the WiMAX Device to send SIP traffic to a specific
NAT router. You must also configure the NAT router to forward traffic
with the specified port to the WiMAX Device. This eliminates the need
for STUN or a SIP ALG.
Server Address
Enter the public IP address or domain name of the NAT router.
Server Port
Enter the port number that your SIP sessions use with the public IP
address of the NAT router.
on
fid
Active
Outbound Proxy
Select this if your VoIP service provider has a SIP outbound server to
handle voice calls. This allows the WiMAX Device to work with any type
of NAT router and eliminates the need for STUN or a SIP ALG. Turn off
any SIP ALG on a NAT router in front of the WiMAX Device to keep it
from re-translating the IP address (since this is already handled by the
outbound proxy server).
Server Address
Enter the IP address or domain name of the SIP outbound proxy server.
Server Port
Enter the SIP outbound proxy server’s listening port, if your VoIP
service provider gave you one. Otherwise, keep the default value.
ny
Active
NAT Keep Alive
Select this to stop NAT routers between the WiMAX Device and SIP
server (a SIP proxy server or outbound proxy server) from dropping the
SIP session. The WiMAX Device does this by sending SIP notify
messages to the SIP server based on the specified interval.
pa
Active
om
Keep Alive with
SIP Proxy
Select this if the SIP server is a SIP proxy server.
Keep Alive with Select this if the SIP server is an outbound proxy server. You must
Outbound Proxy enable Outbound Proxy to use this.
Keep Alive
Interval
Enter how often (in seconds) the WiMAX Device should send SIP notify
messages to the SIP server.
MWI (Message Waiting Indication)
Enable
User’s Guide
Select this if you want to hear a waiting (beeping) dial tone on your
phone when you have at least one voice message. Your VoIP service
provider must support this feature.
155
Chapter 12 The Service Configuration Screens
Table 57 VOICE > Service Configuration > SIP Settings > Advanced (continued)
DESCRIPTION
Expiration Time
Keep the default value, unless your VoIP service provider tells you to
change it. Enter the number of seconds the SIP server should provide
the message waiting service each time the WiMAX Device subscribes to
the service. Before this time passes, the WiMAX Device automatically
subscribes again.
tia
LABEL
Fax Option
Select this if the WiMAX Device should use G.711 to send fax messages.
The peer devices must also use G.711.
T.38 Fax Relay
Select this if the WiMAX Device should send fax messages as UDP or
TCP/IP packets through IP networks. This provides better quality, but it
may have inter-operability problems. The peer devices must also use
T.38.
en
G.711 Fax
Passthrough
Call Forward
Select which call forwarding table you want the WiMAX Device to use for
incoming calls. You set up these tables in VOICE > Phone Book >
Incoming Call Policy.
fid
Call Forward
Table
Caller Ringing
Check this box if you want people to hear a customized recording when
they call you.
Caller Ringing
Tone
Select the tone you want people to hear when they call you. See
Custom Tones (IVR) on page 156 for information on how to record
these tones.
on
Enable
On Hold
Check this box if you want people to hear a customized recording when
you put them on hold.
On Hold Tone
Select the tone you want people to hear when you put them on hold.
See Custom Tones (IVR) on page 156 for information on how to record
these tones.
Back
Click this to return to the SIP Settings screen without saving your
changes.
Click to save your changes.
pa
Apply
ny
Enable
Reset
Click to restore your previously saved settings.
12.2.1.6 Custom Tones (IVR)
om
IVR (Interactive Voice Response) is a feature that allows you to use your
telephone to interact with the WiMAX Device. The WiMAX Device allows you to
record custom tones for the Caller Ringing Tone and On Hold Tone functions.
The same recordings apply to both the caller ringing and on hold tones.
Table 58 Custom Tones Details
156
LABEL
DESCRIPTION
Total Time for All Tones
128 seconds for all custom tones combined
User’s Guide
Chapter 12 The Service Configuration Screens
Table 58 Custom Tones Details
DESCRIPTION
Maximum Time per
Individual Tone
20 seconds
Total Number of Tones
Recordable
LABEL
tia
You can record up to eight different custom tones but the total
time must be 128 seconds or less.
en
Use the following steps if you would like to create new tones or change your
tones:
Pick up the phone and press **** on your phone’s keypad and wait for the
message that says you are in the configuration menu.
Press a number from 1101~1108 on your phone followed by the # key.
Play your desired music or voice recording into the receiver’s mouthpiece. Press
the # key.
You can continue to add, listen to, or delete tones, or you can hang up the
receiver when you are done.
on
fid
Do the following to listen to a custom tone:
Pick up the phone and press **** on your phone’s keypad and wait for the
message that says you are in the configuration menu.
Press a number from 1201~1208 followed by the # key to listen to the tone.
You can continue to add, listen to, or delete tones, or you can hang up the
receiver when you are done.
pa
ny
Do the following to delete a custom tone:
Pick up the phone and press **** on your phone’s keypad and wait for the
message that says you are in the configuration menu.
om
Press a number from 1301~1308 followed by the # key to delete the tone of your
choice. Press 14 followed by the # key if you wish to clear all your custom tones.
You can continue to add, listen to, or delete tones, or you can hang up the
receiver when you are done.
User’s Guide
157
Chapter 12 The Service Configuration Screens
12.3 QoS
tia
Network traffic can be classified by setting the ToS (Type Of Service) values at the
data source (for example, at the WiMAX Device) so a server can decide the best
method of delivery, that is the least cost, fastest route and so on.
en
Virtual Local Area Network (VLAN) allows a physical network to be partitioned into
multiple logical networks. Only stations within the same group can communicate
with each other.
fid
Your WiMAX Device can add IEEE 802.1Q VLAN ID tags to voice frames that it
sends to the network. This allows the WiMAX Device to communicate with a SIP
server that is a member of the same VLAN group. Some ISPs use the VLAN tag to
identify voice traffic and give it priority over other traffic.
on
Click VOICE > Service Configuration > QoS to set up and maintain ToS and
VLAN settings for the WiMAX Device. QoS (Quality of Service) refers to both a
network's ability to deliver data with minimum delay and the networking methods
used to provide bandwidth for real-time multimedia applications.
pa
ny
Figure 72 VOICE > Service Configuration > QoS
The following table describes the labels in this screen.
om
Table 59 VOICE > Service Configuration > QoS
LABEL
DESCRIPTION
TDS
158
SIP TOS Priority
Setting
Enter the priority for SIP voice transmissions. The WiMAX Device
creates Type of Service priority tags with this priority to voice traffic
that it transmits.
RTP TOS
Priority Setting
Enter the priority for RTP voice transmissions. The WiMAX Device
creates Type of Service priority tags with this priority to RTP traffic that
it transmits.
VLAN Tagging
User’s Guide
Chapter 12 The Service Configuration Screens
DESCRIPTION
Voice VLAN ID
Select this if the WiMAX Device has to be a member of a VLAN to
communicate with the SIP server. Ask your network administrator, if
you are not sure. Enter the VLAN ID provided by your network
administrator in the field on the right. Your LAN and gateway must be
configured to use VLAN tags.
Otherwise, clear this field.
Click to save your changes.
Reset
Click to restore your previously saved settings.
en
Apply
tia
LABEL
Table 59 VOICE > Service Configuration > QoS
fid
12.4 Technical Reference
12.4.1 SIP Call Progression
on
The following section contains additional technical information about the WiMAX
Device features described in this chapter.
The following figure displays the basic steps in the setup and tear down of a SIP
call. A calls B.
Table 60 SIP Call Progression
4. ACK
ny
1. INVITE
2. Ringing
3. OK
pa
5.Dialogue (voice
traffic)
6. BYE
om
7. OK
A sends a SIP INVITE request to B. This message is an invitation for B to
participate in a SIP telephone call.
B sends a response indicating that the telephone is ringing.
B sends an OK response after the call is answered.
A then sends an ACK message to acknowledge that B has answered the call.
Now A and B exchange voice media (talk).
User’s Guide
159
Chapter 12 The Service Configuration Screens
After talking, A hangs up and sends a BYE request.
B replies with an OK response confirming receipt of the BYE request and the call is
terminated.
tia
12.4.2 SIP Client Server
en
SIP is a client-server protocol. A SIP client is an application program or device that
sends SIP requests. A SIP server responds to the SIP requests.
fid
When you use SIP to make a VoIP call, it originates at a client and terminates at a
server. A SIP client could be a computer or a SIP phone. One device can act as
both a SIP client and a SIP server.
12.4.3 SIP User Agent
ny
Figure 73 SIP User Agent
on
A SIP user agent can make and receive VoIP telephone calls. This means that SIP
can be used for peer-to-peer communications even though it is a client-server
protocol. In the following figure, either A or B can act as a SIP user agent client to
initiate a call. A and B can also both act as a SIP user agent to receive the call.
12.4.4 SIP Proxy Server
pa
A SIP proxy server receives requests from clients and forwards them to another
server.
om
In the following example, you want to use client device A to call someone who is
using client device C.
The client device (A in the figure) sends a call invitation to the SIP proxy server
(B).
160
User’s Guide
Chapter 12 The Service Configuration Screens
The SIP proxy server forwards the call invitation to C.
tia
Figure 74 SIP Proxy Server
fid
en
12.4.5 SIP Redirect Server
on
A SIP redirect server accepts SIP requests, translates the destination address to
an IP address and sends the translated IP address back to the device that sent the
request. Then the client device that originally sent the request can send requests
to the IP address that it received back from the redirect server. Redirect servers
do not initiate SIP requests.
ny
In the following example, you want to use client device A to call someone who is
using client device C.
Client device A sends a call invitation for C to the SIP redirect server (B).
The SIP redirect server sends the invitation back to A with C’s IP address (or
domain name).
om
pa
User’s Guide
161
Chapter 12 The Service Configuration Screens
Client device A then sends the call invitation to client device C.
Figure 75 SIP Redirect Server
on
12.4.6 NAT and SIP
fid
en
tia
ny
The WiMAX Device must register its public IP address with a SIP register server. If
there is a NAT router between the WiMAX Device and the SIP register server, the
WiMAX Device probably has a private IP address. The WiMAX Device lists its IP
address in the SIP message that it sends to the SIP register server. NAT does not
translate this IP address in the SIP message. The SIP register server gets the
WiMAX Device’s IP address from inside the SIP message and maps it to your SIP
identity. If the WiMAX Device has a private IP address listed in the SIP message,
the SIP server cannot map it to your SIP identity. See Chapter 10 The NAT
Configuration Screens for more information.
pa
Use a SIP ALG (Application Layer Gateway), Use NAT, STUN, or outbound proxy to
allow the WiMAX Device to list its public IP address in the SIP messages.
12.4.7 DiffServ
om
DiffServ is a class of service (CoS) model that marks packets so that they receive
specific per-hop treatment at DiffServ-compliant network devices along the route
based on the application types and traffic flow. Packets are marked with DiffServ
Code Points (DSCPs) indicating the level of service desired. This allows the
intermediary DiffServ-compliant network devices to handle the packets differently
depending on the code points without the need to negotiate paths or remember
state information for every flow. In addition, applications do not have to request a
particular service or give advanced notice of where the traffic is going.
162
User’s Guide
Chapter 12 The Service Configuration Screens
12.4.8 DSCP and Per-Hop Behavior
tia
DiffServ defines a new DS (Differentiated Services) field to replace the Type of
Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and
a 6-bit DSCP field which can define up to 64 service levels. The following figure
illustrates the DS field.
DSCP
Unused
(6-bit)
(2-bit)
en
Figure 76 DiffServ: Differentiated Service Field
fid
DSCP is backward compatible with the three precedence bits in the ToS octet so
that non-DiffServ compliant, ToS-enabled network device will not conflict with the
DSCP mapping.
om
pa
ny
on
The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior),
that each packet gets across the DiffServ network. Based on the marking rule,
different kinds of traffic can be marked for different priorities of forwarding.
Resources can then be allocated according to the DSCP values and the configured
policies.
User’s Guide
163
C
om
pa
ny
on
fid
en
tia
Chapter 12 The Service Configuration Screens
164
User’s Guide
CHAPTER
13
tia
The Phone Screens
en
13.1 Overview
fid
Use the VOICE > Phone screens to configure the volume, echo cancellation, VAD
settings and custom tones for the phone port on the WiMAX Device. You can also
select which SIP account to use for making outgoing calls.
13.1.1 What You Can Do in This Chapter
on
• The Analog Phone screen (Section 13.2 on page 166) lets you control which
SIP accounts each phone uses.
• The Common screen (Section 13.3 on page 169) lets you activate and
deactivate immediate dialing.
• The Region screen (Section 13.4 on page 170) lets you maintain settings that
often depend on the region of the world in which the WiMAX Device is located.
ny
13.1.2 What You Need to Know
The following terms and concepts may help as you read through this chapter.
pa
Voice Activity Detection/Silence Suppression/Comfort Noise
Voice Activity Detection (VAD) detects whether or not speech is present. This lets
the WiMAX Device reduce the bandwidth that a call uses by not transmitting
“silent packets” when you are not speaking.
om
When using VAD, the WiMAX Device generates comfort noise when the other party
is not speaking. The comfort noise lets you know that the line is still connected as
total silence could easily be mistaken for a lost connection.
Echo Cancellation
G.168 is an ITU-T standard for eliminating the echo caused by the sound of your
voice reverberating in the telephone receiver while you talk.
User’s Guide
165
Chapter 13 The Phone Screens
Supplementary Phone Services Overview
Supplementary services such as call hold, call waiting, call transfer, etc. are
generally available from your VoIP service provider. The WiMAX Device supports
the following services:
tia
• Call Hold
• Call Waiting
• Making a Second Call
en
• Call Transfer
• Call Forwarding
• Three-Way Conference
fid
• Internal Calls
• Caller ID
• CLIP (Calling Line Identification Presentation)
on
• CLIR (Calling Line Identification Restriction)
Note: To take full advantage of the supplementary phone services available though
the WiMAX Device's phone port, you may need to subscribe to the services
from your VoIP service provider.
13.2 Analog Phone
ny
Click VOICE > Phone > Analog Phone to control which SIP accounts each
phone uses.
om
pa
Figure 77 VOICE > Phone > Analog Phone
166
User’s Guide
Chapter 13 The Phone Screens
The following table describes the labels in this screen.
Table 61 VOICE > Phone > Analog Phone
DESCRIPTION
Phone Port
Settings
Select the phone port you want to see in this screen. If you change this
field, the screen automatically refreshes.
LABEL
tia
Outgoing Call Use
Select this if you want this phone port to use the SIP1 account when it
makes calls. If you select both SIP accounts, the WiMAX Device tries to
use SIP2 first.
SIP2
Select this if you want this phone port to use the SIP2 account when it
makes calls. If you select both SIP accounts, the WiMAX Device tries to
use SIP2 first.
en
SIP1
Incoming Call apply to
Select this if you want to receive phone calls for the SIP1 account on
this phone port. If you select more than one source for incoming calls,
there is no way to distinguish between them when you receive phone
calls.
SIP2
Select this if you want to receive phone calls for the SIP2 account on
this phone port. If you select more than one source for incoming calls,
there is no way to distinguish between them when you receive phone
calls.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
on
fid
SIP1
om
pa
ny
Advanced Setup Click this to edit the advanced settings for this phone port. The
Advanced Analog Phone Setup screen appears.
User’s Guide
167
Chapter 13 The Phone Screens
13.2.1 Advanced Analog Phone Setup
Click the Advanced button in VOICE > Phone > Analog Phone to edit
advanced settings for each phone port.
on
fid
en
tia
Figure 78 VOICE > Phone > Analog Phone > Advanced
The following table describes the labels in this screen.
Table 62 VOICE > Phone > Analog Phone > Advanced
LABEL
DESCRIPTION
Speaking
Volume
Enter the loudness that the WiMAX Device uses for speech that it sends
to the peer device. -1 is the quietest, and 1 is the loudest.
Enter the loudness that the WiMAX Device uses for speech that it
receives from the peer device. -1 is the quietest, and 1 is the loudest.
pa
Listening
Volume
ny
Voice Volume Control
Echo Cancellation
G.168 Active
Select this if you want to eliminate the echo caused by the sound of
your voice reverberating in the telephone receiver while you talk.
om
Dialing Interval Select
Dialing Interval
Select
VAD Support
Enter the number of seconds the WiMAX Device should wait after you
stop dialing numbers before it makes the phone call. The value depends
on how quickly you dial phone numbers.
If you select Active Immediate Dial in VOICE > Phone > Common,
you can press the pound key (#) to tell the WiMAX Device to make the
phone call immediately, regardless of this setting.
Select this if the WiMAX Device should stop transmitting when you are
not speaking. This reduces the bandwidth the WiMAX Device uses.
Note: The G.711 codec does not support this feature.
168
User’s Guide
Chapter 13 The Phone Screens
Table 62 VOICE > Phone > Analog Phone > Advanced
DESCRIPTION
Back
Click this to return to the Analog Phone screen without saving your
changes.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
tia
en
13.3 Common
LABEL
Click VOICE > Phone > Common to activate and deactivate immediate dialing.
on
fid
Figure 79 VOICE > Phone > Common
The following table describes the labels in this screen.
Table 63 VOICE > Phone > Common
DESCRIPTION
Active
Immediate Dial
Select this if you want to use the pound key (#) to tell the WiMAX
Device to make the phone call immediately, instead of waiting the
number of seconds you selected in the Dialing Interval Select in
VOICE > Phone > Analog Phone.
LABEL
Apply
Click to save your changes.
Click to restore your previously saved settings.
om
pa
Reset
ny
If you select this, dial the phone number, and then press the pound key
if you do not want to wait. The WiMAX Device makes the call
immediately.
User’s Guide
169
Chapter 13 The Phone Screens
13.4 Region
Click VOICE > Phone > Region to maintain settings that often depend on the
region of the world in which the WiMAX Device is located.
Table 64 VOICE > Phone > Region
fid
The following table describes the labels in this screen.
en
tia
Figure 80 VOICE > Phone > Region
DESCRIPTION
Region Settings
Select the place in which the WiMAX Device is located. Do not select
Default.
Call Service
Mode
Select the mode for supplementary phone services (call hold, call
waiting, call transfer and three-way conference calls) that your VoIP
service provider supports.
•
Europe Type - use supplementary phone services in European
mode
USA Type - use supplementary phone services American mode
•
on
LABEL
You might have to subscribe to these services to use them. Contact
your VoIP service provider.
Reset
Click to save your changes.
ny
Apply
Click to restore your previously saved settings.
pa
13.5 Technical Reference
om
The following section contains additional technical information about the WiMAX
Device features described in this chapter.
13.5.1 The Flash Key
170
Flashing means to press the hook for a short period of time (a few hundred
milliseconds) before releasing it. On newer telephones, there should be a "flash"
key (button) that generates the signal electronically. If the flash key is not
available, you can tap (press and immediately release) the hook by hand to
achieve the same effect. However, using the flash key is preferred since the
timing is much more precise. The WiMAX Device may interpret manual tapping as
hanging up if the duration is too long
User’s Guide
Chapter 13 The Phone Screens
You can invoke all the supplementary services by using the flash key.
13.5.2 Europe Type Supplementary Phone Services
tia
This section describes how to use supplementary phone services with the Europe
Type Call Service Mode. Commands for supplementary services are listed in the
table below.
Table 65 European Type Flash Key Commands
en
After pressing the flash key, if you do not issue the sub-command before the
default sub-command timeout (2 seconds) expires or issue an invalid subcommand, the current operation will be aborted.
DESCRIPTION
Flash
Put a current call on hold to place a second call.
fid
SUBCOMMAND COMMAND
Switch back to the call (if there is no second call).
Drop the call presently on hold or reject an incoming call
which is waiting for answer.
Flash
Disconnect the current phone connection and answer the
incoming call or resume with caller presently on hold.
Flash
1. Switch back and forth between two calls.
on
Flash
2. Put a current call on hold to answer an incoming call.
3. Separate the current three-way conference call into
two individual calls (one is on-line, the other is on hold).
Flash
Create three-way conference connection.
ny
Flash
*98#
Transfer the call to another phone.
European Call Hold allows you to put a call (A) on hold by pressing the flash key.
pa
If you have another call, press the flash key and then “2” to switch back and forth
between caller A and B by putting either one on hold.
om
Press the flash key and then “0” to disconnect the call presently on hold and keep
the current call on line.
Press the flash key and then “1” to disconnect the current call and resume the call
on hold.
If you hang up the phone but a caller is still on hold, there will be a remind ring.
European Call Waiting allows you to place a call on hold while you answer another
incoming call on the same telephone (directory) number.
If there is a second call to a telephone number, you will hear a call waiting tone.
Take one of the following actions.
User’s Guide
171
Chapter 13 The Phone Screens
• Reject the second call.
Press the flash key and then press “0”.
Either press the flash key and press “1”, or just hang up the phone and then
answer the phone after it rings.
tia
• Put the first call on hold and answer the second call.
• Disconnect the first call and answer the second call.
Press the flash key and then “2”.
en
European Call Transfer allows you to transfer an incoming call (that you have
answered) to another phone. To do so:
Press the flash key to put the caller on hold.
When you hear the dial tone, dial “*98#” followed by the number to which you
want to transfer the call. to operate the Intercom.
After you hear the ring signal or the second party answers it, hang up the phone.
fid
on
European Three-Way Conference allows you to make three-way conference calls.
To do so:
When you are on the phone talking to someone, place the flash key to put the
caller on hold and get a dial tone.
Dial a phone number directly to make another call.
When the second call is answered, press the flash key and press “3” to create a
three-way conversation.
Hang up the phone to drop the connection.
pa
ny
If you want to separate the activated three-way conference into two individual
connections (one is on-line, the other is on hold), press the flash key and press
“2”.
om
172
User’s Guide
Chapter 13 The Phone Screens
13.5.3 USA Type Supplementary Services
tia
This section describes how to use supplementary phone services with the USA
Type Call Service Mode. Commands for supplementary services are listed in the
table below.
After pressing the flash key, if you do not issue the sub-command before the
default sub-command timeout (2 seconds) expires or issue an invalid subcommand, the current operation will be aborted.
SUBCOMMAND COMMAND
DESCRIPTION
Put a current call on hold to place a second call. After the
second call is successful, press the flash key again to
have a three-way conference call.
fid
Flash
en
Table 66 USA Type Flash Key Commands
Put a current call on hold to answer an incoming call.
Flash
*98#
Transfer the call to another phone.
on
USA Call Hold allows you to put a call (A) on hold by pressing the flash key.
If you have another call, press the flash key to switch back and forth between
caller A and B by putting either one on hold.
If you hang up the phone but a caller is still on hold, there will be a remind ring.
ny
USA Call Waiting allows you to place a call on hold while you answer another
incoming call on the same telephone (directory) number.
If there is a second call to your telephone number, you will hear a call waiting
tone.
pa
Press the flash key to put the first call on hold and answer the second call.
om
USA Call Transfer allows you to transfer an incoming call (that you have
answered) to another phone. To do so:
Press the flash key to put the caller on hold.
When you hear the dial tone, dial “*98#” followed by the number to which you
want to transfer the call. to operate the Intercom.
After you hear the ring signal or the second party answers it, hang up the phone.
User’s Guide
173
Chapter 13 The Phone Screens
USA Three-Way Conference allows you to make three-way conference calls. To
do so:
When you are making a call, press the flash key to put the call on hold and get a
dial tone.
Dial a phone number to make a second call.
When the second call is answered, press the flash key to create a three-way
conversation.
If you want to separate the three-way conference into two individual calls (one
call is online, the other is on hold), press the flash key. The first call is online and
the second call is on hold. Pressing the flash key again will recreate the three-way
conversation. The next time you press the flash key, the second call is online and
the first call is on hold.
Hang up the phone to drop the connection.
om
pa
ny
on
fid
en
tia
174
User’s Guide
CHAPTER
14
tia
The Phone Book Screens
en
14.1 Overview
fid
The VOICE > Phone Book screens allow you to configure the WiMAX Device’s
phone book for making VoIP calls.
14.1.1 What You Can Do in This Chapter
on
• The Incoming Call Policy screen (Section 14.2 on page 176) lets you maintain
rules for handling incoming calls. You can block, redirect, or accept them.
• The Speed Dial screen (Section 14.3 on page 178) lets you add, edit, or
remove speed-dial entries.
14.1.2 What You Need to Know
The following terms and concepts may help as you read through this chapter.
ny
Speed Dial and Peer-to-Peer Calling
pa
Speed dial provides shortcuts for dialing frequently used (VoIP) phone numbers. It
is also required if you want to make peer-to-peer calls.
om
In peer-to-peer calls, you call another VoIP device directly without going through
a SIP server. In the WiMAX Device, you must set up a speed dial entry in the
phone book in order to do this. Select Non-Proxy (Use IP or URL) in the Type
column and enter the callee’s IP address or domain name. The WiMAX Device
sends SIP INVITE requests to the peer VoIP device when you use the speed dial
entry.
You do not need to configure a SIP account in order to make a peer-to-peer VoIP
call.
User’s Guide
175
Chapter 14 The Phone Book Screens
14.2 Incoming Call Policy
Click VOICE > Phone Book > Incoming Call Policy to maintain rules for
handling incoming calls. You can block, redirect, or accept them.
pa
ny
on
fid
en
tia
Figure 81 VOICE > Phone Book > Incoming Call Policy
The following table describes the labels in this screen.
Table 67 VOICE > Phone Book > Incoming Call Policy
DESCRIPTION
Table Number
Select the call-forwarding table you want to see in this screen. If you
change this field, the screen automatically refreshes.
om
LABEL
Forward to Number Setup
176
Unconditional
Forward to
Number
Select this if you want the WiMAX Device to forward all incoming calls to
the specified phone number, regardless of other rules in the Forward
to Number section. Specify the phone number in the field on the right.
Busy Forward
to Number
Select this if you want the WiMAX Device to forward incoming calls to
the specified phone number if the phone port is busy. Specify the phone
number in the field on the right. If you have call waiting, the incoming
call is forwarded to the specified phone number if you reject or ignore
the second incoming call.
User’s Guide
Chapter 14 The Phone Book Screens
Table 67 VOICE > Phone Book > Incoming Call Policy
DESCRIPTION
No Answer
Forward to
Number
Select this if you want the WiMAX Device to forward incoming calls to
the specified phone number if the call is unanswered. (See No Answer
Waiting Time.) Specify the phone number in the field on the right.
No Answer
Waiting Time
This field is used by the No Answer Forward to Number feature and
No Answer conditions below.
tia
LABEL
Enter the number of seconds the WiMAX Device should wait for you to
answer an incoming call before it considers the call is unanswered.
en
Advanced Setup
The number of the item in this list.
Activate
Select this to enable this rule. Clear this to disable this rule.
Incoming Call
Number
Enter the phone number to which this rule applies.
Forward to
Number
Enter the phone number to which you want to forward incoming calls
from the Incoming Call Number. You may leave this field blank,
depending on the Condition.
Condition
Select the situations in which you want to forward incoming calls from
the Incoming Call Number, or select an alternative action.
•
•
•
Apply
Click to save your changes.
Click to restore your previously saved settings.
pa
Reset
ny
•
Unconditional - The WiMAX Device immediately forwards any calls
from the Incoming Call Number to the Forward to Number.
Busy - The WiMAX Device forwards any calls from the Incoming
Call Number to the Forward to Number when your SIP account
already has a call connected.
No Answer - The WiMAX Device forwards any calls from the
Incoming Call Number to the Forward to Number when the call
is unanswered. (See No Answer Waiting Time.)
Block - The WiMAX Device rejects calls from the Incoming Call
Number.
Accept - The WiMAX Device allows calls from the Incoming Call
Number. You might create a rule with this condition if you do not
want incoming calls from someone to be forwarded by rules in the
Forward to Number section.
•
on
fid
om
Note: The WiMAX Device checks the Advanced rules first before checking the
Forward to Number rules. All rules are checked in order from top to bottom.
User’s Guide
177
Chapter 14 The Phone Book Screens
14.3 Speed Dial
Click VOICE > Phone Book > Speed Dial to add, edit, or remove speed-dial
entries.
tia
You must create speed-dial entries if you want to make peer-to-peer calls or call
SIP numbers that use letters. You can also create speed-dial entries for
frequently-used SIP phone numbers.
pa
ny
on
fid
en
Figure 82 VOICE > Phone Book > Speed Dial
The following table describes the icons in this screen.
Table 68 Advanced> LAN Configuration > IP Static Route
DESCRIPTION
Delete
Click to delete this item.
om
ICON
178
User’s Guide
Chapter 14 The Phone Book Screens
The following table describes the labels in this screen.
Table 69 VOICE > Phone Book > Speed Dial
DESCRIPTION
Speed Dial
Select the speed-dial number you want to use for this phone number.
Number
Enter the SIP number you want the WiMAX Device to call when you dial
the speed-dial number.
Name
Enter a name to identify the party you call when you dial the speed-dial
number. You can use up to 127 printable ASCII characters.
Type
Select Use Proxy if you want to use one of your SIP accounts to call
this phone number.
en
tia
LABEL
Select Non-Proxy (Use IP or URL) if you want to use a different SIP
server or if you want to make a peer-to-peer call. In this case, enter the
IP address or domain name of the SIP server or the other party in the
field below.
Click to add the new number to the list below.
This is a list of speed dial numbers.
Number
This is the SIP number the WiMAX Device calls when you use this speed
dial number.
Name
This is the name of the party associated with this speed-dial number.
Type
This indicates whether this speed dial number uses a proxy or not when
placing a call to the phone number associated with it.
Destination
This indicates if the speed-dial entry uses one of your SIP accounts or
uses the IP address or domain name of the SIP server.
Action
Click the Delete icon to erase this speed-dial entry.
Apply
Click to save your changes.
Clear
Click to clear all fields on the screen and begin anew.
om
pa
ny
on
fid
Add
User’s Guide
179
C
om
pa
ny
on
fid
en
tia
Chapter 14 The Phone Book Screens
180
User’s Guide
fid
en
Tools & Status
Screens
tia
P ART V
on
The Certificates Screens (183)
The Firewall Screens (203)
Content Filter (213)
The Remote Management Screens (217)
ny
The Logs Screens (227)
The UPnP Screen (243)
om
pa
The Status Screen (253)
181
182
om
pa
ny
on
fid
en
tia
CHAPTER
15
tia
The Certificates Screens
en
15.1 Overview
fid
Use the TOOLS > Certificates screens to manage public key certificates on the
WiMAX Device.
on
The WiMAX Device can use public key certificates (also sometimes called “digital
IDs”) to authenticate users. Certificates are based on public-private key pairs. A
certificate contains the certificate owner’s identity and public key. Certificates
provide a way to exchange public keys for use in authentication.
ny
Public key certificates are used by web browsers to ensure that a secure web site
is legitimate. When a certificate authority such as VeriSign, Comodo, or Network
Solutions (to name a few) receives a certificate request from a website operator,
they confirm that the web domain and contact information in the request match
those on public record with a domain name registrar. If they match, then the
certificate is issued to the website operator, who then places it on his site to be
issued to all visiting web browsers to let them know that the site is legitimate.
15.1.1 What You Can Do in This Chapter
pa
• The My Certificates screen (Section 15.2 on page 184) lets you generate and
export self-signed certificates or certification requests and import the WiMAX
Device’s CA-signed certificates.
om
• The Trusted CAs screen (Section 15.3 on page 193) lets you display a
summary list of certificates of the certification authorities that you have set the
WiMAX Device to accept as trusted.
15.1.2 What You Need to Know
The following terms and concepts may help as you read through this chapter.
Certificate Authorities
A Certification Authority (CA) issues certificates and guarantees the identity of
each certificate owner. There are commercial certification authorities like
CyberTrust or VeriSign and government certification authorities. You can use the
User’s Guide
183
Chapter 15 The Certificates Screens
WiMAX Device to generate certification requests that contain identifying
information and public keys and then send the certification requests to a
certification authority.
tia
15.2 My Certificates
on
fid
Figure 83 TOOLS > Certificates > My Certificates
en
Click TOOLS > Certificates > My Certificates to generate and export selfsigned certificates or certification requests and import the WiMAX Device’s CAsigned certificates.
The following table describes the icons in this screen.
Table 70 TOOLS > Certificates > My Certificates
DESCRIPTION
ny
ICON
Edit
om
pa
Click to edit this item.
Import
Click to import an item.
Delete
Click to delete this item.
The following table describes the labels in this screen.
Table 71 TOOLS > Certificates > My Certificates
184
LABEL
DESCRIPTION
PKI Storage
Space in Use
This bar displays the percentage of the WiMAX Device’s PKI storage
space that is currently in use. When the storage space is almost full,
you should consider deleting expired or unnecessary certificates before
adding more certificates.
The number of the item in this list.
User’s Guide
Chapter 15 The Certificates Screens
Table 71 TOOLS > Certificates > My Certificates (continued)
DESCRIPTION
Name
This field displays the name used to identify this certificate. It is
recommended that you give each certificate a unique name.
Type
This field displays what kind of certificate this is.
LABEL
tia
REQ represents a certification request and is not yet a valid certificate.
Send a certification request to a certification authority, which then
issues a certificate. Use the My Certificate Import screen to import
the certificate and replace the request.
en
SELF represents a self-signed certificate.
*SELF represents the default self-signed certificate which signs the
imported remote host certificates.
CERT represents a certificate issued by a certification authority.
This field displays identifying information about the certificate’s owner,
such as CN (Common Name), OU (Organizational Unit or department),
O (Organization or company) and C (Country). It is recommended that
each certificate have unique subject information.
Issuer
This field displays identifying information about the certificate’s issuing
certification authority, such as a common name, organizational unit or
department, organization or company and country. With self-signed
certificates, this is the same information as in the Subject field.
Valid From
This field displays the date that the certificate becomes applicable.
Valid To
This field displays the date that the certificate expires. The text displays
in red and includes an Expired! message if the certificate has expired.
Action
Click the Edit icon to open a screen with an in-depth list of information
about the certificate.
on
fid
Subject
ny
Click the Export icon to save a copy of the certificate without its private
key. Browse to the location you want to use and click Save.
Click the Delete icon to remove a certificate. A window displays asking
you to confirm that you want to delete the certificate. Subsequent
certificates move up by one when you take this action.
pa
The WiMAX Device keeps all of your certificates unless you specifically
delete them. Uploading new firmware or default configuration file does
not delete your certificates.
om
You cannot delete certificates that any of the WiMAX Device’s features
are configured to use.
Click to a certificate into the WiMAX Device.
Create
Click to go to the screen where you can have the WiMAX Device
generate a certificate or a certification request.
Refresh
Click to display the current validity status of the certificates.
Import
User’s Guide
185
Chapter 15 The Certificates Screens
15.2.1 My Certificates Create
om
pa
ny
on
fid
en
Figure 84 TOOLS > Certificates > My Certificates > Create
tia
Click TOOLS > Certificates > My Certificates and then the Create icon to open
the My Certificates Create screen. Use this screen to have the WiMAX Device
create a self-signed certificate, enroll a certificate with a certification authority or
generate a certification request.
186
User’s Guide
Chapter 15 The Certificates Screens
The following table describes the labels in this screen.
DESCRIPTION
Certificate Name
Type a name to identify this certificate. You can use up to 31
alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Subject
Information
Use these fields to record information that identifies the owner of
the certificate. You do not have to fill in every field, although the
Common Name is mandatory. The certification authority may add
fields (such as a serial number) to the subject information when it
issues a certificate. It is recommended that each certificate have
unique subject information.
Common Name
Select a radio button to identify the certificate’s owner by IP
address, domain name or e-mail address. Type the IP address (in
dotted decimal notation), domain name or e-mail address in the
field provided. The domain name or e-mail address is for
identification purposes only and can be any string.
fid
en
tia
LABEL
Table 72 TOOLS > Certificates > My Certificates > Create
A domain name can be up to 255 characters. You can use
alphanumeric characters, the hyphen and periods.
on
An e-mail address can be up to 63 characters. You can use
alphanumeric characters, the hyphen, the @ symbol, periods and
the underscore.
Organizational Unit Identify the organizational unit or department to which the
certificate owner belongs. You can use up to 63 characters. You can
use alphanumeric characters, the hyphen and the underscore.
Identify the company or group to which the certificate owner
belongs. You can use up to 63 characters. You can use alphanumeric
characters, the hyphen and the underscore.
Country
Identify the state in which the certificate owner is located. You can
use up to 31 characters. You can use alphanumeric characters, the
hyphen and the underscore.
ny
Organization
Key Length
Select a number from the drop-down list box to determine how
many bits the key should use (512 to 2048). The longer the key, the
more secure it is. A longer key also uses more PKI storage space.
pa
Enrollment Options These radio buttons deal with how and when the certificate is to be
generated.
om
Create a selfsigned certificate
Create a
certification
request and save it
locally for later
manual enrollment
User’s Guide
Select Create a self-signed certificate to have the WiMAX Device
generate the certificate and act as the Certification Authority (CA)
itself. This way you do not need to apply to a certification authority
for certificates.
Select Create a certification request and save it locally for
later manual enrollment to have the WiMAX Device generate and
store a request for a certificate. Use the My Certificate Details
screen to view the certification request and copy it to send to the
certification authority.
Copy the certification request from the My Certificate Details
screen and then send it to the certification authority.
187
Chapter 15 The Certificates Screens
DESCRIPTION
Create a
certification
request and enroll
for a certificate
immediately online
Select Create a certification request and enroll for a
certificate immediately online to have the WiMAX Device
generate a request for a certificate and apply to a certification
authority for a certificate.
tia
LABEL
Table 72 TOOLS > Certificates > My Certificates > Create
You must have the certification authority’s certificate already
imported in the Trusted CAs screen.
This field applies when you select Create a certification request
and enroll for a certificate immediately online. Select the
certification authority’s enrollment protocol from the drop-down list
box.
fid
Enrollment
Protocol
en
When you select this option, you must select the certification
authority’s enrollment protocol and the certification authority’s
certificate from the drop-down list boxes and enter the certification
authority’s server address. You also need to fill in the Reference
Number and Key if the certification authority requires them.
Simple Certificate Enrollment Protocol (SCEP) is a TCP-based
enrollment protocol that was developed by VeriSign and Cisco.
This field applies when you select Create a certification request
and enroll for a certificate immediately online. Enter the IP
address (or URL) of the certification authority server.
CA Server Address
on
Certificate Management Protocol (CMP) is a TCP-based
enrollment protocol that was developed by the Public Key
Infrastructure X.509 working group of the Internet Engineering Task
Force (IETF) and is specified in RFC 2510.
For a URL, you can use up to 511 of the following characters. a-zAZ0-9'()+,/:.=?;!*#@$_%This field applies when you select Create a certification request
and enroll for a certificate immediately online. Select the
certification authority’s certificate from the CA Certificate dropdown list box.
pa
ny
CA Certificate
om
Request
Authentication
188
You must have the certification authority’s certificate already
imported in the Trusted CAs screen. Click Trusted CAs to go to
the Trusted CAs screen where you can view (and manage) the
WiMAX Device's list of certificates of trusted certification authorities.
When you select Create a certification request and enroll for a
certificate immediately online, the certification authority may
want you to include a reference number and key to identify you
when you send a certification request.
Fill in both the Reference Number and the Key fields if your
certification authority uses CMP enrollment protocol. Just the Key
field displays if your certification authority uses the SCEP enrollment
protocol.
For the reference number, use 0 to 99999999.
For the key, use up to 31 of the following characters. a-zA-Z09;|`~!@#$%^&*()_+\{}':,./<>=-
User’s Guide
Chapter 15 The Certificates Screens
LABEL
DESCRIPTION
Apply
Click to save your changes.
Cancel
Click to return to the previous screen without saving your changes.
en
tia
If you configured the My Certificate Create screen to have the WiMAX Device
enroll a certificate and the certificate enrollment is not successful, you see a
screen with a Return button that takes you back to the My Certificate Create
screen. Click Return and check your information in the My Certificate Create
screen. Make sure that the certification authority information is correct and that
your Internet connection is working properly if you want the WiMAX Device to
enroll a certificate online.
Table 72 TOOLS > Certificates > My Certificates > Create
fid
15.2.2 My Certificate Edit
on
Click TOOLS > Certificates > My Certificates and then the Edit icon to view indepth certificate information and change the certificate’s name.
om
pa
ny
Figure 85 TOOLS > Certificates > My Certificates > Edit
User’s Guide
189
Chapter 15 The Certificates Screens
The following table describes the labels in this screen.
Table 73 TOOLS > Certificates > My Certificates > Edit
DESCRIPTION
Name
This field displays the identifying name of this certificate. You can use
up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Property
Select Default self-signed certificate which signs the imported
remote host certificates to use this certificate to sign the remote
host certificates you upload in the TOOLS > Certificates > Trusted
CAs screen.
Certification Path
This field displays for a certificate, not a certification request.
en
tia
LABEL
Click the Refresh button to have this read-only text box display the
hierarchy of certification authorities that validate the certificate (and
the certificate itself).
Refresh
on
fid
If the issuing certification authority is one that you have imported as
a trusted certification authority, it may be the only certification
authority in the list (along with the certificate itself). If the certificate
is a self-signed certificate, the certificate itself is the only one in the
list. The WiMAX Device does not trust the certificate and displays “Not
trusted” in this field if any certificate on the path has expired or been
revoked.
Click to display the certification path.
Certification Information
This field displays general information about the certificate. CA-signed
means that a Certification Authority signed the certificate. Self-signed
means that the certificate’s owner signed the certificate (not a
certification authority). “X.509” means that this certificate was
created and signed according to the ITU-T X.509 recommendation
that defines the formats for public-key certificates.
Version
This field displays the X.509 version number. “
ny
Type
This field displays the certificate’s identification number given by the
certification authority or generated by the WiMAX Device.
Subject
This field displays information that identifies the owner of the
certificate, such as Common Name (CN), Organizational Unit (OU),
Organization (O) and Country (C).
pa
Serial Number
om
Issuer
190
This field displays identifying information about the certificate’s
issuing certification authority, such as Common Name, Organizational
Unit, Organization and Country.
With self-signed certificates, this is the same as the Subject Name
field.
“none” displays for a certification request.
Signature
Algorithm
This field displays the type of algorithm that was used to sign the
certificate. The WiMAX Device uses rsa-pkcs1-sha1 (RSA publicprivate key encryption algorithm and the SHA1 hash algorithm).
Some certification authorities may use rsa-pkcs1-md5 (RSA publicprivate key encryption algorithm and the MD5 hash algorithm).
Valid From
This field displays the date that the certificate becomes applicable.
“none” displays for a certification request.
User’s Guide
Chapter 15 The Certificates Screens
Table 73 TOOLS > Certificates > My Certificates > Edit
DESCRIPTION
Valid To
This field displays the date that the certificate expires. The text
displays in red and includes an Expired! message if the certificate has
expired. “none” displays for a certification request.
Key Algorithm
This field displays the type of algorithm that was used to generate the
certificate’s key pair (the WiMAX Device uses RSA encryption) and the
length of the key set in bits (1024 bits for example).
Subject
Alternative Name
This field displays the certificate owner‘s IP address (IP), domain
name (DNS) or e-mail address (EMAIL).
Key Usage
This field displays for what functions the certificate’s key can be used.
For example, “DigitalSignature” means that the key can be used to
sign certificates and “KeyEncipherment” means that the key can be
used to encrypt text.
Basic Constraint
This field displays general information about the certificate. For
example, Subject Type=CA means that this is a certification
authority’s certificate and “Path Length Constraint=1” means that
there can only be one certification authority in the certificate’s path.
This field does not display for a certification request.
MD5 Fingerprint
This is the certificate’s message digest that the WiMAX Device
calculated using the MD5 algorithm.
SHA1 Fingerprint
This is the certificate’s message digest that the WiMAX Device
calculated using the SHA1 algorithm.
Certificate in PEM
(Base-64)
Encoded Format
This read-only text box displays the certificate or certification request
in Privacy Enhanced Mail (PEM) format. PEM uses lowercase letters,
uppercase letters and numerals to convert the binary certificate into a
printable form.
on
fid
en
tia
LABEL
pa
ny
You can copy and paste a certification request into a certification
authority’s web page, an e-mail that you send to the certification
authority or a text editor and save the file on a management
computer for later manual enrollment.
You can copy and paste a certificate into an e-mail to send to friends
or colleagues or you can copy and paste a certificate into a text editor
and save the file on a management computer for later distribution
(via floppy disk for example).
Click to save your changes.
Cancel
Click to return to the previous screen without saving your changes.
om
Apply
User’s Guide
191
Chapter 15 The Certificates Screens
15.2.3 My Certificate Import
on
fid
en
Figure 86 TOOLS > Certificates > My Certificates > Import
tia
Click TOOLS > Certificates > My Certificates > Import to import a certificate
that matches a corresponding certification request that was generated by the
WiMAX Device. You must remove any spaces from the certificate’s filename before
you can import it.
The following table describes the labels in this screen.
Table 74 TOOLS > Certificates > My Certificates > Import
LABEL
DESCRIPTION
File Path
Type in the location of the file you want to upload in this field or click Browse
to find it.
Browse
Apply
Click to find the certificate file you want to upload.
Click to save your changes.
Click to return to the previous screen without saving your changes.
om
pa
Cancel
ny
You cannot import a certificate with the same name as a certificate that is
already in the WiMAX Device.
192
User’s Guide
Chapter 15 The Certificates Screens
15.3 Trusted CAs
tia
Click TOOLS > Certificates > Trusted CAs to display a summary list of
certificates of the certification authorities that you have set the WiMAX Device to
accept as trusted. The WiMAX Device accepts any valid certificate signed by a
certification authority on this list as being trustworthy; thus you do not need to
import any certificate that is signed by one of these certification authorities.
on
fid
en
Figure 87 TOOLS > Certificates > Trusted CAs
The following table describes the icons in this screen.
Table 75 TOOLS > Certificates > Trusted CAs
DESCRIPTION
ICON
Edit
Click to edit this item.
ny
Export
Click to export an item.
Delete
pa
Click to delete this item.
The following table describes the labels in this screen.
Table 76 TOOLS > Certificates > Trusted CAs
om
LABEL
User’s Guide
DESCRIPTION
PKI Storage
Space in Use
This bar displays the percentage of the WiMAX Device’s PKI storage
space that is currently in use. When the storage space is almost full,
you should consider deleting expired or unnecessary certificates before
adding more certificates.
The number of the item in this list.
Name
This field displays the name used to identify this certificate.
Subject
This field displays identifying information about the certificate’s owner,
such as CN (Common Name), OU (Organizational Unit or department),
O (Organization or company) and C (Country). It is recommended that
each certificate have unique subject information.
193
Chapter 15 The Certificates Screens
Table 76 TOOLS > Certificates > Trusted CAs (continued)
DESCRIPTION
Issuer
This field displays identifying information about the certificate’s issuing
certification authority, such as a common name, organizational unit or
department, organization or company and country. With self-signed
certificates, this is the same information as in the Subject field.
Valid From
This field displays the date that the certificate becomes applicable. The
text displays in red and includes a Not Yet Valid! message if the
certificate has not yet become applicable.
Valid To
This field displays the date that the certificate expires. The text displays
in red and includes an Expiring! or Expired! message if the certificate is
about to expire or has already expired.
CRL Issuer
This field displays Yes if the certification authority issues CRL
(Certificate Revocation Lists) for the certificates that it has issued and
you have selected the Check incoming certificates issued by this
CA against a CRL check box in the certificate’s details screen to have
the WiMAX Device check the CRL before trusting any certificates issued
by the certification authority. Otherwise the field displays No.
Action
Click the Edit icon to open a screen with an in-depth list of information
about the certificate.
fid
en
tia
LABEL
on
Use the Export icon to save the certificate to a computer. Click the icon
and then Save in the File Download screen. The Save As screen
opens, browse to the location that you want to use and click Save.
Click the Delete icon to remove the certificate. A window displays
asking you to confirm that you want to delete the certificate. Note that
subsequent certificates move up by one when you take this action.
Click Import to open a screen where you can save the certificate of a
certification authority that you trust, from your computer to the WiMAX
Device.
Refresh
Click this button to display the current validity status of the certificates.
om
pa
ny
Import
194
User’s Guide
Chapter 15 The Certificates Screens
15.3.1 Trusted CA Edit
tia
Click TOOLS > Certificates > Trusted CAs and then click the Edit icon to open
the Trusted CAs screen to view in-depth certificate information and change the
certificate’s name.
pa
ny
on
fid
en
Figure 88 TOOLS > Certificates > Trusted CAs > Edit
The following table describes the labels in this screen.
om
Table 77 TOOLS > Certificates > Trusted CAs > Edit
User’s Guide
LABEL
DESCRIPTION
Name
This field displays the identifying name of this certificate. You can use
up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters.
Property
Select Default self-signed certificate which signs the imported
remote host certificates to use this certificate to sign the remote
host certificates you upload in the TOOLS > Certificates > Trusted
CAs screen.
195
Chapter 15 The Certificates Screens
LABEL
DESCRIPTION
Certification Path
This field displays for a certificate, not a certification request.
tia
Click the Refresh button to have this read-only text box display the
hierarchy of certification authorities that validate the certificate (and
the certificate itself).
Table 77 TOOLS > Certificates > Trusted CAs > Edit (continued)
Refresh
en
If the issuing certification authority is one that you have imported as
a trusted certification authority, it may be the only certification
authority in the list (along with the certificate itself). If the certificate
is a self-signed certificate, the certificate itself is the only one in the
list. The WiMAX Device does not trust the certificate and displays “Not
trusted” in this field if any certificate on the path has expired or been
revoked.
Click Refresh to display the certification path.
fid
Certification Information
This field displays general information about the certificate. CA-signed
means that a Certification Authority signed the certificate. Self-signed
means that the certificate’s owner signed the certificate (not a
certification authority). “X.509” means that this certificate was
created and signed according to the ITU-T X.509 recommendation
that defines the formats for public-key certificates.
Version
This field displays the X.509 version number. “
Serial Number
This field displays the certificate’s identification number given by the
certification authority or generated by the WiMAX Device.
Subject
This field displays information that identifies the owner of the
certificate, such as Common Name (CN), Organizational Unit (OU),
Organization (O) and Country (C).
Issuer
This field displays identifying information about the certificate’s
issuing certification authority, such as Common Name, Organizational
Unit, Organization and Country.
ny
on
Type
pa
With self-signed certificates, this is the same as the Subject Name
field.
om
Signature
Algorithm
196
“none” displays for a certification request.
This field displays the type of algorithm that was used to sign the
certificate. The WiMAX Device uses rsa-pkcs1-sha1 (RSA publicprivate key encryption algorithm and the SHA1 hash algorithm).
Some certification authorities may use rsa-pkcs1-md5 (RSA publicprivate key encryption algorithm and the MD5 hash algorithm).
Valid From
This field displays the date that the certificate becomes applicable.
“none” displays for a certification request.
Valid To
This field displays the date that the certificate expires. The text
displays in red and includes an Expired! message if the certificate has
expired. “none” displays for a certification request.
Key Algorithm
This field displays the type of algorithm that was used to generate the
certificate’s key pair (the WiMAX Device uses RSA encryption) and the
length of the key set in bits (1024 bits for example).
Subject
Alternative Name
This field displays the certificate owner‘s IP address (IP), domain
name (DNS) or e-mail address (EMAIL).
User’s Guide
Chapter 15 The Certificates Screens
Table 77 TOOLS > Certificates > Trusted CAs > Edit (continued)
DESCRIPTION
Key Usage
This field displays for what functions the certificate’s key can be used.
For example, “DigitalSignature” means that the key can be used to
sign certificates and “KeyEncipherment” means that the key can be
used to encrypt text.
Basic Constraint
This field displays general information about the certificate. For
example, Subject Type=CA means that this is a certification
authority’s certificate and “Path Length Constraint=1” means that
there can only be one certification authority in the certificate’s path.
This field does not display for a certification request.
MD5 Fingerprint
This is the certificate’s message digest that the WiMAX Device
calculated using the MD5 algorithm.
SHA1 Fingerprint
This is the certificate’s message digest that the WiMAX Device
calculated using the SHA1 algorithm.
Certificate in PEM
(Base-64)
Encoded Format
This read-only text box displays the certificate or certification request
in Privacy Enhanced Mail (PEM) format. PEM uses lowercase letters,
uppercase letters and numerals to convert the binary certificate into a
printable form.
fid
en
tia
LABEL
on
You can copy and paste a certification request into a certification
authority’s web page, an e-mail that you send to the certification
authority or a text editor and save the file on a management
computer for later manual enrollment.
You can copy and paste a certificate into an e-mail to send to friends
or colleagues or you can copy and paste a certificate into a text editor
and save the file on a management computer for later distribution
(via floppy disk for example).
Click to save your changes.
Cancel
Click to return to the previous screen without saving your changes.
ny
Apply
15.3.2 Trusted CA Import
om
pa
Click TOOLS > Certificates > Trusted CAs and then click Import to open the
Trusted CA Import screen. Follow the instructions in this screen to save a
trusted certification authority’s certificate from a computer to the WiMAX Device.
The WiMAX Device trusts any valid certificate signed by any of the imported
trusted CA certificates.
User’s Guide
197
Chapter 15 The Certificates Screens
Note: You must remove any spaces from the certificate’s filename before you can
import the certificate.
fid
en
tia
Figure 89 TOOLS > Certificates > Trusted CAs > Import
The following table describes the labels in this screen.
on
Table 78 TOOLS > Certificates > Trusted CAs Import
LABEL
DESCRIPTION
File Path
Type in the location of the file you want to upload in this field or click Browse
to find it.
Click to find the certificate file you want to upload.
Apply
Click to save your changes.
Cancel
Click to return to the previous screen without saving your changes.
ny
Choose...
15.4 Technical Reference
pa
The following section contains additional technical information about the WiMAX
Device features described in this chapter.
om
15.4.1 Certificate Authorities
When using public-key cryptology for authentication, each host has two keys. One
key is public and can be made openly available. The other key is private and must
be kept secure.
198
These keys work like a handwritten signature (in fact, certificates are often
referred to as “digital signatures”). Only you can write your signature exactly as it
ought to look. When people know what your signature ought to look like, they can
verify whether something was signed by you, or by someone else. In the same
way, your private key “writes” your digital signature and your public key allows
User’s Guide
Chapter 15 The Certificates Screens
people to verify whether data was signed by you, or by someone else. This
process works as follows.
Tim wants to send a message to Jenny. He needs her to be sure that it comes
from him, and that the message content has not been altered by anyone else
along the way. Tim generates a public key pair (one public key and one private
key).
Tim keeps the private key and makes the public key openly available. This means
that anyone who receives a message seeming to come from Tim can read it and
verify whether it is really from him or not.
Tim uses his private key to sign the message and sends it to Jenny.
Jenny receives the message and uses Tim’s public key to verify it. Jenny knows
that the message is from Tim, and she knows that although other people may
have been able to read the message, no-one can have altered it (because they
cannot re-sign the message with Tim’s private key).
Additionally, Jenny uses her own private key to sign a message and Tim uses
Jenny’s public key to verify the message.
on
fid
en
tia
ny
The WiMAX Device uses certificates based on public-key cryptology to
authenticate users attempting to establish a connection, not to encrypt the data
that you send after establishing a connection. The method used to secure the data
that you send through an established connection depends on the type of
connection. For example, a VPN tunnel might use the triple DES encryption
algorithm.
The certification authority uses its private key to sign certificates. Anyone can
then use the certification authority’s public key to verify the certificates.
pa
A certification path is the hierarchy of certification authority certificates that
validate a certificate. The WiMAX Device does not trust a certificate if any
certificate on its path has expired or been revoked.
om
Certification authorities maintain directory servers with databases of valid and
revoked certificates. A directory of certificates that have been revoked before the
scheduled expiration is called a CRL (Certificate Revocation List). The WiMAX
Device can check a peer’s certificate against a directory server’s list of revoked
certificates. The framework of servers, software, procedures and policies that
handles keys is called PKI (public-key infrastructure).
15.4.1.1 Advantages of Certificates
Certificates offer the following benefits.
User’s Guide
199
Chapter 15 The Certificates Screens
• The WiMAX Device only has to store the certificates of the certification
authorities that you decide to trust, no matter how many devices you need to
authenticate.
• Key distribution is simple and very secure since you can freely distribute public
keys and you never need to transmit private keys.
tia
15.4.1.2 Self-signed Certificates
en
You can have the WiMAX Device act as a certification authority and sign its own
certificates.
15.4.1.3 Factory Default Certificate
fid
The WiMAX Device generates its own unique self-signed certificate when you first
turn it on. This certificate is referred to in the GUI as the factory default
certificate.
15.4.1.4 Certificate File Formats
on
Any certificate that you want to import has to be in one of these file formats:
• Binary X.509: This is an ITU-T recommendation that defines the formats for
X.509 certificates.
• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses
lowercase letters, uppercase letters and numerals to convert a binary X.509
certificate into a printable form.
ny
• Binary PKCS#7: This is a standard that defines the general syntax for data
(including digital signatures) that may be encrypted. A PKCS #7 file is used to
transfer a public key certificate. The private key is not included. The WiMAX
Device currently allows the importation of a PKS#7 file that contains a single
certificate.
pa
• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses
lowercase letters, uppercase letters and numerals to convert a binary PKCS#7
certificate into a printable form.
om
Note: Be careful to not convert a binary file to text during the transfer process. It is
easy for this to occur since many programs use text files by default.
15.4.2 Verifying a Certificate
200
Before you import a certificate into the WiMAX Device, you should verify that you
have the correct certificate. This is especially true of trusted certificates since the
WiMAX Device also trusts any valid certificate signed by any of the imported
trusted certificates.
User’s Guide
Chapter 15 The Certificates Screens
15.4.2.1 Checking the Fingerprint of a Certificate on Your Computer
tia
A certificate’s fingerprints are message digests calculated using the MD5 or SHA1
algorithms. The following procedure describes how to check a certificate’s
fingerprint to verify that you have the actual certificate.
Browse to where you have the certificate saved on your computer.
Make sure that the certificate has a “.cer” or “.crt” file name extension. (On some
Linux distributions, the file extension may be “.der”.)
en
Double-click the certificate’s icon to open the Certificate window. Click the
Details tab and scroll down to the Thumbprint Algorithm and Thumbprint
fields.
om
pa
ny
Figure 91 Certificate Details
on
fid
Figure 90 Remote Host Certificates
Use a secure method to verify that the certificate owner has the same information
in the Thumbprint Algorithm and Thumbprint fields. The secure method may
very based on your situation. Possible examples would be over the telephone or
through an HTTPS connection.
User’s Guide
201
C
om
pa
ny
on
fid
en
tia
Chapter 15 The Certificates Screens
202
User’s Guide
CHAPTER
16
tia
The Firewall Screens
en
16.1 Overview
fid
Use the TOOLS > Firewall screens to manage WiMAX Device’s firewall security
measures.
on
Originally, the term firewall referred to a construction technique designed to
prevent the spread of fire from one room to another. The networking term
"firewall" is a system or group of systems that enforces an access-control policy
between two networks. It may also be defined as a mechanism used to protect a
trusted network from an untrusted network. Of course, firewalls cannot solve
every security problem.
ny
A firewall is one of the mechanisms used to establish a network security perimeter
in support of a network security policy. It should never be the only mechanism or
method employed. For a firewall to guard effectively, you must design and deploy
it appropriately. This requires integrating the firewall into a broad informationsecurity policy. In addition, specific policies must be implemented within the
firewall itself.
16.1.1 What You Can Do in This Chapter
pa
• The Firewall Setting screen (Section 16.2 on page 204) lets you configure the
basic settings for your firewall.
om
• The Service Setting screen (Section 16.3 on page 207) lets you enable service
blocking, set up the date and time service blocking is effective, and to maintain
the list of services you want to block.
16.1.2 What You Need to Know
The following terms and concepts may help as you read through this chapter.
About the WiMAX Device Firewall
The WiMAX Device firewall is a stateful inspection firewall and is designed to
protect against Denial of Service attacks when activated. The WiMAX Device's
purpose is to allow a private Local Area Network (LAN) to be securely connected to
User’s Guide
203
Chapter 16 The Firewall Screens
tia
The WiMAX Device is installed between the LAN and a WiMAX base station
connecting to the Internet. This allows it to act as a secure gateway for all data
passing between the Internet and the LAN.
the Internet. The WiMAX Device can be used to prevent theft, destruction and
modification of data, as well as log events, which may be important to the security
of your network.
fid
en
The WiMAX Device has one Ethernet (LAN) port. The LAN (Local Area Network)
port attaches to a network of computers, which needs security from the outside
world. These computers will have access to Internet services such as e-mail, FTP
and the World Wide Web. However, “inbound access” is not allowed (by default)
unless the remote host is authorized to use a specific service.
16.2 Firewall Setting
on
This section describes firewalls and the built-in WiMAX Device’s firewall features.
16.2.1 Firewall Rule Directions
pa
ny
Figure 92 Firewall Rule Directions
om
LAN-to-WAN rules are local network to Internet firewall rules. The default is to
forward all traffic from your local network to the Internet.
You can block certain LAN-to-WAN traffic in the Services screen (click the
Services tab). All services displayed in the Blocked Services list box are LANto-WAN firewall rules that block those services originating from the LAN.
204
Blocked LAN-to-WAN packets are considered alerts. Alerts are “higher priority
logs” that include system errors, attacks and attempted access to blocked web
sites. Alerts appear in red in the View Log screen. You may choose to have alerts
e-mailed immediately in the Log Settings screen.
User’s Guide
Chapter 16 The Firewall Screens
LAN-to-LAN/WiMAX Device means the LAN to the WiMAX Device LAN interface.
This is always allowed, as this is how you manage the WiMAX Device from your
local computer.
tia
WAN-to-LAN rules are Internet to your local network firewall rules. The default is
to block all traffic from the Internet to your local network.
How can you forward certain WAN to LAN traffic? You may allow traffic originating
from the WAN to be forwarded to the LAN by:
en
• Configuring NAT port forwarding rules.
fid
• Configuring WAN or LAN & WAN access for services in the Remote MGMT
screens or SMT menus. When you allow remote management from the WAN,
you are actually configuring WAN-to-WAN/WiMAX Device firewall rules. WAN-toWAN/WiMAX Device firewall rules are Internet to the WiMAX Device WAN
interface firewall rules. The default is to block all such traffic. When you decide
what WAN-to-LAN packets to log, you are in fact deciding what WAN-to-LAN
and WAN-to-WAN/WiMAX Device packets to log.
on
Forwarded WAN-to-LAN packets are not considered alerts.
16.2.2 Triangle Route
ny
When the firewall is on, your WiMAX Device acts as a secure gateway between
your LAN and the Internet. In an ideal network topology, all incoming and
outgoing network traffic passes through the WiMAX Device to protect your LAN
against attacks.
om
pa
Figure 93 Ideal Firewall Setup
User’s Guide
205
Chapter 16 The Firewall Screens
16.2.3 Firewall Setting Options
Click TOOLS > Firewall > Firewall Setting to configure the basic settings for
your firewall.
on
fid
en
tia
Figure 94 TOOLS > Firewall > Firewall Setting
The following table describes the labels in this screen.
Table 79 TOOLS > Firewall > Firewall Setting
DESCRIPTION
Enable Firewall
Select this to activate the firewall. The WiMAX Device controls access
and protects against Denial of Service (DoS) attacks when the firewall
is activated.
Bypass Triangle
Route
Select this if you want to let some traffic from the WAN go directly to a
computer in the LAN without passing through the WiMAX Device.
Max NAT/
Firewall Session
Per User
Select the maximum number of NAT rules and firewall rules the WiMAX
Device enforces at one time. The WiMAX Device automatically allocates
memory for the maximum number of rules, regardless of whether or
not there is a rule to enforce. This is the same number you enter in
Network > NAT > General.
pa
ny
LABEL
Packet Direction
om
Log
206
Select the situations in which you want to create log entries for firewall
events.
No Log - do not create any log entries
Log Blocked - (LAN to WAN only) create log entries when packets are
blocked
Log Forwarded - (WAN to LAN only) create log entries when packets
are forwarded
Log All - create log entries for every packet
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
User’s Guide
Chapter 16 The Firewall Screens
16.3 Service Setting
tia
Click TOOLS > Firewall > Service Setting to enable service blocking, set up the
date and time service blocking is effective, and to maintain the list of services you
want to block.
pa
ny
on
fid
en
Figure 95 TOOLS > Firewall > Service Setting
The following table describes the labels in this screen.
Table 80 TOOLS > Firewall > Service Setting
om
LABEL
DESCRIPTION
Service Setup
Enable Services
Blocking
Select this to activate service blocking. The Schedule to Block section
controls what days and what times service blocking is actually effective,
however.
Available
Services
This is a list of pre-defined services (destination ports) you may prohibit
your LAN computers from using. Select the port you want to block, and
click Add to add the port to the Blocked Services field.
A custom port is a service that is not available in the pre-defined
Available Services list. You must define it using the Type and Port
Number fields.
User’s Guide
207
Chapter 16 The Firewall Screens
LABEL
DESCRIPTION
Blocked
Services
This is a list of services (ports) that are inaccessible to computers on
your LAN when service blocking is effective. To remove a service from
this list, select the service, and click Delete.
Table 80 TOOLS > Firewall > Service Setting (continued)
Select TCP or UDP, based on which one the custom port uses.
Enter the range of port numbers that defines the service. For example,
suppose you want to define the Gnutella service. Select TCP type and
enter a port range of 6345-6349.
Add
Click this to add the selected service in Available Services to the
Blocked Services list.
Delete
Select a service in the Blocked Services, and click this to remove the
service from the list.
Clear All
Click this to remove all the services in the Blocked Services list.
en
tia
Type
Port Number
fid
Schedule to Block
Select which days of the week you want the service blocking to be
effective.
Time of Day to
Block
Select what time each day you want service blocking to be effective.
Enter times in 24-hour format; for example, 3:00pm should be entered
as 15:00.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
on
Day to Block
16.4 Technical Reference
ny
The following section contains additional technical information about the WiMAX
Device features described in this chapter.
pa
16.4.1 Stateful Inspection Firewall.
om
Stateful inspection firewalls restrict access by screening data packets against
defined access rules. They make access control decisions based on IP address and
protocol. They also "inspect" the session data to assure the integrity of the
connection and to adapt to dynamic protocols. These firewalls generally provide
the best speed and transparency; however, they may lack the granular application
level access control or caching that some proxies support. Firewalls, of one type or
another, have become an integral part of standard security solutions for
enterprises.
208
User’s Guide
Chapter 16 The Firewall Screens
16.4.2 Guidelines For Enhancing Security With Your Firewall
Change the default password via web configurator.
Think about access control before you connect to the network in any way.
Limit who can access your router.
Don't enable any local service (such as telnet or FTP) that you don't use. Any
enabled service could present a potential security risk. A determined hacker might
be able to find creative ways to misuse the enabled services to access the firewall
or the network.
For local services that are enabled, protect against misuse. Protect by configuring
the services to communicate only with specific peers, and protect by configuring
rules to block packets for the services at specific interfaces.
Protect against IP spoofing by making sure the firewall is active.
Keep the firewall in a secured (locked) room.
on
fid
en
tia
16.4.3 The “Triangle Route” Problem
ny
A traffic route is a path for sending or receiving data packets between two
Ethernet devices. You may have more than one connection to the Internet
(through one or more ISPs). If an alternate gateway is on the LAN (and its IP
address is in the same subnet as the WiMAX Device’s LAN IP address), the
“triangle route” (also called asymmetrical route) problem may occur. The steps
below describe the “triangle route” problem.
A computer on the LAN initiates a connection by sending out a SYN packet to a
receiving server on the WAN.
The WiMAX Device reroutes the SYN packet through Gateway A on the LAN to the
WAN.
om
pa
The reply from the WAN goes directly to the computer on the LAN without going
through the WiMAX Device.
User’s Guide
209
Chapter 16 The Firewall Screens
As a result, the WiMAX Device resets the connection, as the connection has not
been acknowledged.
fid
16.4.3.1 Solving the “Triangle Route” Problem
en
tia
Figure 96 “Triangle Route” Problem
on
If you have the WiMAX Device allow triangle route sessions, traffic from the WAN
can go directly to a LAN computer without passing through the WiMAX Device and
its firewall protection.
Another solution is to use IP alias. IP alias allows you to partition your network
into logical sections over the same Ethernet interface. Your WiMAX Device
supports up to three logical LAN interfaces with the WiMAX Device being the
gateway for each logical network.
A computer on the LAN initiates a connection by sending a SYN packet to a
receiving server on the WAN.
pa
ny
It’s like having multiple LAN networks that actually use the same physical cables
and ports. By putting your LAN and Gateway A in different subnets, all returning
network traffic must pass through the WiMAX Device to your LAN. The following
steps describe such a scenario.
The WiMAX Device reroutes the packet to Gateway A, which is in Subnet 2.
The reply from the WAN goes to the WiMAX Device.
om
210
User’s Guide
Chapter 16 The Firewall Screens
The WiMAX Device then sends it to the computer on the LAN in Subnet 1.
om
pa
ny
on
fid
en
tia
Figure 97 IP Alias
User’s Guide
211
C
om
pa
ny
on
fid
en
tia
Chapter 16 The Firewall Screens
212
User’s Guide
CHAPTER
17
tia
Content Filter
en
17.1 Overview
fid
Use the TOOLS > Content Filter screens to create and enforce policies that
restrict access to the Internet based on content
on
Internet content filtering allows you to create and enforce Internet access policies
tailored to their needs. Content filtering is the ability to block certain web features
or specific URL keywords. The WiMAX Device can block web features such as
ActiveX controls, Java applets, cookies and disable web proxies. The WiMAX
Device also allows you to define time periods and days during which the WiMAX
Device performs content filtering.
17.1.1 What You Can Do in This Chapter
• The Filter screen (Section 17.2 on page 214) lets you set up a trusted IP
address, which web features are restricted, and which keywords are blocked
when content filtering is effective.
om
pa
ny
• The Schedule screen (Section 17.3 on page 216) lets you schedule content
filtering.
User’s Guide
213
Chapter 17 Content Filter
17.2 Filter
tia
Click TOOLS > Content Filter > Filter to set up a trusted IP address, which web
features are restricted, and which keywords are blocked when content filtering is
effective.
om
pa
ny
on
fid
en
Figure 98 TOOLS > Content Filter > Filter
214
User’s Guide
Chapter 17 Content Filter
The following table describes the labels in this screen.
Table 81 TOOLS > Content Filter > Filter
LABEL
DESCRIPTION
Trusted IP Setup
You can allow a specific computer to access all Internet resources
without the restrictions you set in these screens. Enter the IP address of
the trusted computer.
Restrict Web
Features
Select the web features you want to disable. If a user downloads a page
with a restricted feature, that part of the web page appears blank or
grayed out.
en
tia
Trusted
Computer IP
Address
ActiveX - This is a tool for building dynamic and active Web pages and
distributed object applications. When you visit an ActiveX Web site,
ActiveX controls are downloaded to your browser, where they remain in
case you visit the site again.
fid
Java - This is used to build downloadable Web components or Internet
and intranet business applications of all kinds.
Cookies - This is used by Web servers to track usage and to provide
service based on ID.
on
Web Proxy - This is a server that acts as an intermediary between a
user and the Internet to provide security, administrative control, and
caching service. When a proxy server is located on the WAN, it is
possible for LAN users to avoid content filtering restrictions.
Keyword Blocking
Select this if you want the WiMAX Device to block Web sites based on
words in the web site address. For example, if you block the keyword
bad, http://www.website.com/bad.html is blocked.
Keyword
Type a keyword you want to block in this field. You can use up to 64
printable ASCII characters. There is no wildcard character, however.
Add
ny
Enable URL
Keyword
Blocking
This field displays the keywords that are blocked when Enable URL
Keyword Blocking is selected. To delete a keyword, select it, click
Delete, and click Apply.
pa
Keyword List
Click this to add the specified Keyword to the Keyword List. You can
enter up to 64 keywords.
Click Delete to remove the selected keyword in the Keyword List. The
keyword disappears after you click Apply.
Clear All
Click this button to remove all of the keywords in the Keyword List.
Denied Access
Message
Enter the message that is displayed when the WiMAX Device’s content
filter feature blocks access to a web site.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
om
Delete
User’s Guide
215
Chapter 17 Content Filter
17.3 Schedule
Click TOOLS > Content Filter > Schedule to schedule content filtering.
fid
en
tia
Figure 99 TOOLS > Content Filter > Schedule
on
The following table describes the labels in this screen.
Table 82 TOOLS > Content Filter > Schedule
DESCRIPTION
Day to Block
Select which days of the week you want content filtering to be effective.
Time of Day to
Block
Select what time each day you want content filtering to be effective.
Enter times in 24-hour format; for example, 3:00pm should be entered
as 15:00.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
om
pa
ny
LABEL
216
User’s Guide
CHAPTER
18
en
tia
The Remote Management
Screens
18.1 Overview
fid
Use the TOOLS > Remote Management screens to control which computers can
use which services to access the WiMAX Device on each interface.
on
Remote management allows you to determine which services/protocols can access
which WiMAX Device interface (if any) from which computers.
You may manage your WiMAX Device from a remote location via:
Table 83 Remote Management
Internet (WAN only)
•
LAN only
•
ALL (LAN and WAN)
•
Neither (Disable).
•
ny
To disable remote management of a service, select Disable in the corresponding
Server Access field.
pa
You may only have one remote management session running at a time. The
WiMAX Device automatically disconnects a remote management session of lower
priority when another remote management session of higher priority starts. The
priorities for the different types of remote management sessions are as follows:
Telnet or HTTP.
om
18.1.1 What You Can Do in This Chapter
• The WWW screen (Section 18.2 on page 219) lets you control HTTP access to
your WiMAX Device.
• The Telnet screen (Section 18.3 on page 220) lets you control Telnet access to
your WiMAX Device.
• The FTP screen (Section 18.4 on page 220) lets you control FTP access to your
WiMAX Device.
• The SNMP screen (Section 18.5 on page 221) lets you control SNMP access to
your WiMAX Device.
User’s Guide
217
Chapter 18 The Remote Management Screens
• The DNS screen (Section 18.6 on page 224) lets you control DNS access to your
WiMAX Device.
tia
• The Security screen (Section 18.7 on page 225) lets you control how your
WiMAX Device responds to other types of requests.
• The Security screen (Section 18.7 on page 225) lets you control how your
WiMAX Device responds to other types of requests.
18.1.2 What You Need to Know
en
The following terms and concepts may help as you read through this chapter.
Remote Management Limitations
fid
Remote management over LAN or WAN will not work when:
A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet,
FTP or Web service.
You have disabled that service in one of the remote management screens.
The IP address in the Secured Client IP field does not match the client IP
address. If it does not match, the WiMAX Device will disconnect the session
immediately.
There is already another remote management session with an equal or higher
priority running. You may only have one remote management session running at
one time.
ny
on
Remote Management and NAT
pa
When NAT is enabled:
• Use the WiMAX Device’s WAN IP address when configuring from the WAN.
• Use the WiMAX Device’s LAN IP address when configuring from the LAN.
om
System Timeout
218
There is a default system management idle timeout of five minutes (three
hundred seconds). The WiMAX Device automatically logs you out if the
management session remains idle for longer than this timeout period. The
management session does not time out when a statistics screen is polling. You can
change the timeout period in the Maintenance > System > General screen.
User’s Guide
Chapter 18 The Remote Management Screens
fid
18.2 WWW
en
Note: SNMP is only available if TCP/IP is configured.
tia
Simple Network Management Protocol (SNMP) is a protocol used for exchanging
management information between network devices. SNMP is a member of the
TCP/IP protocol suite. Your WiMAX Device supports SNMP agent functionality,
which allows a manager station to manage and monitor the WiMAX Device
through the network. The WiMAX Device supports SNMP version one (SNMPv1)
and version two (SNMPv2). The next figure illustrates an SNMP management
operation.
SNMP
on
Click TOOLS > Remote Management > WWW to control HTTP access to your
WiMAX Device.
ny
Figure 100 TOOLS > Remote Management > WWW
pa
The following table describes the labels in this screen.
Table 84 TOOLS > Remote Management > WWW
DESCRIPTION
Server Port
Enter the port number this service can use to access the WiMAX Device.
The computer must use the same port number.
om
LABEL
User’s Guide
Server Access
Select the interface(s) through which a computer may access the
WiMAX Device using this service.
Secured Client
IP Address
Select All to allow any computer to access the WiMAX Device using this
service.
Select Selected to only allow the computer with the IP address that
you specify to access the WiMAX Device using this service.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
219
Chapter 18 The Remote Management Screens
18.3 Telnet
Click TOOLS > Remote Management > Telnet to control Telnet access to your
WiMAX Device.
en
fid
The following table describes the labels in this screen.
tia
Figure 101 TOOLS > Remote Management > Telnet
Table 85 TOOLS > Remote Management > Telnet
DESCRIPTION
Server Port
Enter the port number this service can use to access the WiMAX Device.
The computer must use the same port number.
Server Access
Select the interface(s) through which a computer may access the
WiMAX Device using this service.
Secured Client
IP Address
Select All to allow any computer to access the WiMAX Device using this
service.
on
LABEL
Select Selected to only allow the computer with the IP address that
you specify to access the WiMAX Device using this service.
Reset
Click to restore your previously saved settings.
pa
18.4 FTP
Click to save your changes.
ny
Apply
om
Click TOOLS > Remote Management > FTP to control FTP access to your
WiMAX Device.
Figure 102 TOOLS > Remote Management > FTP
220
User’s Guide
Chapter 18 The Remote Management Screens
The following table describes the labels in this screen.
Table 86 TOOLS > Remote Management > FTP
DESCRIPTION
Server Port
Enter the port number this service can use to access the WiMAX Device.
The computer must use the same port number.
Server Access
Select the interface(s) through which a computer may access the
WiMAX Device using this service.
Secured Client
IP Address
Select All to allow any computer to access the WiMAX Device using this
service.
tia
LABEL
en
Select Selected to only allow the computer with the IP address that
you specify to access the WiMAX Device using this service.
Click to save your changes.
Reset
Click to restore your previously saved settings.
fid
Apply
on
18.5 SNMP
An SNMP managed network consists of two main types of component: agents and
a manager.
om
pa
ny
Figure 103 SNMP Management Model
An agent is a management software module that resides in a managed device (the
WiMAX Device). An agent translates the local management information from the
managed device into a form compatible with SNMP. The manager is the console
through which network administrators perform network management functions. It
executes applications that control and monitor managed devices.
User’s Guide
221
Chapter 18 The Remote Management Screens
tia
The managed devices contain object variables/managed objects that define each
piece of information to be collected about a device. Examples of variables include
such as number of packets received, node port status etc. A Management
Information Base (MIB) is a collection of managed objects. SNMP allows a
manager and agents to communicate for the purpose of accessing these objects.
The WiMAX Device supports MIB II that is defined in RFC-1213 and RFC-1215. The
focus of the MIBs is to let administrators collect statistical data and monitor status
and performance.
en
SNMP itself is a simple request/response protocol based on the manager/agent
model. The manager issues a request and the agent returns responses using the
following protocol operations:
• Get - Allows the manager to retrieve an object variable from the agent.
fid
• GetNext - Allows the manager to retrieve the next object variable from a table
or list within an agent. In SNMPv1, when a manager wants to retrieve all
elements of a table from an agent, it initiates a Get operation, followed by a
series of GetNext operations.
on
• Set - Allows the manager to set values for object variables within an agent.
• Trap - Used by the agent to inform the manager of some events.
18.5.1 SNMP Traps
The WiMAX Device sends traps to the SNMP manager when any of the following
events occurs:
ny
Table 87 SNMP Traps
TRAP NAME
DESCRIPTION
coldStart (defined in RFC1215)
A trap is sent after booting (power on).
warmStart (defined in RFC1215)
A trap is sent after booting (software reboot).
authenticationFailure (defined
in RFC-1215)
A trap is sent to the manager when receiving
any SNMP get or set requirements with the
wrong community (password).
whyReboot (defined in
ZYXEL-MIB)
A trap is sent with the reason of restart before
rebooting when the system is going to restart
(warm start).
6a
For intentional reboot:
A trap is sent with the message "System reboot
by user!" if reboot is done intentionally, (for
example, download new files, CI command "sys
reboot", etc.).
6b
For fatal error:
A trap is sent with the message of the fatal
code if the system reboots because of fatal
errors.
TRAP #
om
pa
222
User’s Guide
Chapter 18 The Remote Management Screens
18.5.2 SNMP Options
Click TOOLS > Remote Management > SNMP to control SNMP access to your
WiMAX Device.
on
fid
en
tia
Figure 104 TOOLS > Remote Management > SNMP
The following table describes the labels in this screen.
Table 88 TOOLS > Remote Management > SNMP
DESCRIPTION
ny
LABEL
SNMP Configuration
pa
Get Community
Enter the Get Community, which is the password for the incoming
Get and GetNext requests from the management station. The default
is public and allows all requests.
Enter the Set community, which is the password for incoming Set
requests from the management station. The default is public and
allows all requests.
Trap Community
Enter the trap community, which is the password sent with each trap
to the SNMP manager. The default is public and allows all requests.
om
Set Community
Trap Destination
Enter the IP address of the station to send your SNMP traps to.
SNMP
User’s Guide
Port
You may change the server port number for a service if needed,
however you must use the same port number in order to use that
service for remote management.
Access Status
Select the interface(s) through which a computer may access the
WiMAX Device using this service.
223
Chapter 18 The Remote Management Screens
LABEL
DESCRIPTION
Secured Client IP
A secured client is a “trusted” computer that is allowed to
communicate with the WiMAX Device using this service.
tia
Select All to allow any computer to access the WiMAX Device using
this service.
Table 88 TOOLS > Remote Management > SNMP (continued)
Choose Selected to just allow the computer with the IP address that
you specify to access the WiMAX Device using this service.
Click to save your changes.
Reset
Click to restore your previously saved settings.
en
Apply
fid
18.6 DNS
on
Click TOOLS > Remote Management > DNS to control DNS access to your
WiMAX Device.
ny
Figure 105 TOOLS > Remote Management > DNS
The following table describes the labels in this screen.
Table 89 TOOLS > Remote Management > DNS
DESCRIPTION
pa
LABEL
This field is read-only. This field displays the port number this service
uses to access the WiMAX Device. The computer must use the same
port number.
Server Access
Select the interface(s) through which a computer may access the
WiMAX Device using this service.
om
Server Port
Secured Client
IP Address
224
Select All to allow any computer to access the WiMAX Device using this
service.
Select Selected to only allow the computer with the IP address that
you specify to access the WiMAX Device using this service.
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
User’s Guide
Chapter 18 The Remote Management Screens
18.7 Security
Click TOOLS > Remote Management > Security to control how your WiMAX
Device responds to other types of requests.
en
fid
The following table describes the labels in this screen.
tia
Figure 106 TOOLS > Remote Management > Security
Table 90 TOOLS > Remote Management > Security
DESCRIPTION
Respond to Ping
on
Select the interface(s) on which the WiMAX Device should respond to
incoming ping requests.
•
•
Select this to prevent outsiders from discovering your WiMAX Device by
sending requests to unsupported port numbers. If an outside user
attempts to probe an unsupported port on your WiMAX Device, an ICMP
response packet is automatically returned. This allows the outside user
to know the WiMAX Device exists. Your WiMAX Device supports antiprobing, which prevents the ICMP response packet from being sent.
This keeps outsiders from discovering your WiMAX Device when
unsupported ports are probed.
pa
ny
Do not respond
to requests for
unauthorized
services
Disable - the WiMAX Device does not respond to any ping requests.
LAN - the WiMAX Device only responds to ping requests received
from the LAN.
WAN - the WiMAX Device only responds to ping requests received
from the WAN.
LAN & WAN - the WiMAX Device responds to ping requests received
from the LAN or the WAN.
•
•
on
LABEL
If you clear this, your WiMAX Device replies with an ICMP Port
Unreachable packet for a port probe on unused UDP ports and with a
TCP Reset packet for a port probe on unused TCP ports.
Click to save your changes.
Reset
Click to restore your previously saved settings.
om
Apply
User’s Guide
225
C
om
pa
ny
on
fid
en
tia
Chapter 18 The Remote Management Screens
226
User’s Guide
CHAPTER
19
tia
The Logs Screens
en
19.1 Overview
fid
Use the TOOLS > Logs screens to look at log entries and alerts and to configure
the WiMAX Device’s log and alert settings.
For a list of log messages, see Section 19.4 on page 233.
on
19.1.1 What You Can Do in This Chapter
• The View Logs screen (Section 19.2 on page 229) lets you look at log entries
and alerts.
• The Log Settings screen (Section 19.3 on page 231) lets you configure where
the WiMAX Device sends logs and alerts, the schedule for sending logs, and
which logs and alerts are sent or recorded.
ny
19.1.2 What You Need to Know
The following terms and concepts may help as you read through this chapter.
Alerts
pa
An alert is a type of log that warrants more serious attention. Some categories
such as System Errors consist of both logs and alerts.
om
Syslog Logs
There are two types of syslog: event logs and traffic logs.
The device generates an event log when a system event occurs, for example,
when a user logs in or the device is under attack. The device generates a traffic
log when a "session" is terminated.
A traffic log summarizes the session's type, when it started and stopped the
amount of traffic that was sent and received and so on. An external log analyzer
User’s Guide
227
Chapter 19 The Logs Screens
can reconstruct and analyze the traffic flowing through the device after collecting
the traffic logs.
Table 91 Syslog Logs
DESCRIPTION
Event Log: Mon dd hr:mm:ss
hostname src=""
dst=""
msg="" note=""
devID=""
cat=""
This message is sent by the system ("RAS" displays
as the system name if you haven’t configured one)
when the router generates a syslog. The facility is
defined in the Log Settings screen. The severity is
the log’s syslog class. The definition of messages
and notes are defined in the various log charts
throughout this appendix. The “devID” is the MAC
address of the router’s LAN port. The “cat” is the
same as the category in the router’s logs.
Traffic Log: Mon dd hr:mm:ss
hostname src=""
dst=""
msg="Traffic Log"
note="Traffic Log" devID="" cat="Traffic Log"
duration=seconds
sent=sentBytes
rcvd=receiveBytes
dir=""
protoID=IPProtocolID
proto="serviceName"
trans="IPSec/Normal"
This message is sent by the device when the
connection (session) is closed. The facility is defined
in the Log Settings screen. The severity is the traffic
log type. The message and note always display
"Traffic Log". The "proto" field lists the service
name. The "dir" field lists the incoming and
outgoing interfaces ("LAN:LAN", "LAN:WAN",
"LAN:DEV" for example).
on
fid
en
tia
LOG MESSAGE
ny
The following table shows RFC-2408 ISAKMP payload types that the log displays.
Please refer to the RFC for detailed information on each type.
Table 92 RFC-2408 ISAKMP Payload Types
LOG DISPLAY
PAYLOAD TYPE
SA
Security Association
pa
PROP
Transform
KE
Key Exchange
ID
Identification
CER
Certificate
CER_REQ
Certificate Request
HASH
Hash
SIG
Signature
NONCE
Nonce
NOTFY
Notification
DEL
Delete
VID
Vendor ID
om
228
Proposal
TRANS
User’s Guide
Chapter 19 The Logs Screens
19.2 View Logs
Click TOOLS > Logs > View Log to look at log entries and alerts. Alerts are
written in red.
ny
on
fid
en
tia
Figure 107 TOOLS > Logs > View Logs
pa
Click a column header to sort log entries in descending (later-to-earlier) order.
Click again to sort in ascending order. The small triangle next to a column header
indicates how the table is currently sorted (pointing downward is descending;
pointing upward is ascending).
om
The following table describes the labels in this screen.
Table 93 TOOLS > Logs > View Logs
User’s Guide
LABEL
DESCRIPTION
Display
Select a category whose log entries you want to view. To view all logs,
select All Logs. The list of categories depends on what log categories
are selected in the Log Settings page.
Email Log Now
Click this to send the log screen to the e-mail address specified in the
Log Settings page.
Refresh
Click to renew the log screen.
Clear Log
Click to clear all the log entries, regardless of what is shown on the log
screen.
229
Chapter 19 The Logs Screens
DESCRIPTION
The number of the item in this list.
Time
This field displays the time the log entry was recorded.
Message
This field displays the reason for the log entry. See Section 19.4 on
page 233.
Source
This field displays the source IP address and the port number of the
incoming packet. In many cases, some or all of this information may
not be available.
Destination
This field lists the destination IP address and the port number of the
incoming packet. In many cases, some or all of this information may
not be available.
Note
This field displays additional information about the log entry.
om
pa
ny
on
fid
en
tia
LABEL
Table 93 TOOLS > Logs > View Logs (continued)
230
User’s Guide
Chapter 19 The Logs Screens
19.3 Log Settings
tia
Click TOOLS > Logs > Log Settings to configure where the WiMAX Device sends
logs and alerts, the schedule for sending logs, and which logs and alerts are sent
or recorded.
om
pa
ny
on
fid
en
Figure 108 TOOLS > Logs > Log Settings
The following table describes the labels in this screen.
Table 94 TOOLS > Logs > Log Settings
LABEL
DESCRIPTION
E-mail Log Settings
User’s Guide
Mail Server
Enter the server name or the IP address of the mail server the WiMAX
Device should use to e-mail logs and alerts. Leave this field blank if you
do not want to send logs or alerts by e-mail.
Mail Subject
Enter the subject line used in e-mail messages the WiMAX Device
sends.
231
Chapter 19 The Logs Screens
Table 94 TOOLS > Logs > Log Settings
DESCRIPTION
Send Log to
Enter the e-mail address to which log entries are sent by e-mail. Leave
this field blank if you do not want to send logs by e-mail.
Send Alerts to
Enter the e-mail address to which alerts are sent by e-mail. Leave this
field blank if you do not want to send alerts by e-mail.
Log Schedule
Select the frequency with which the WiMAX Device should send log
messages by e-mail.
tia
Daily
Weekly
Hourly
When Log is Full
None.
en
•
•
•
•
•
LABEL
This field is only available when you select Weekly in the Log
Schedule field.
on
Day for Sending
Log
fid
If the Weekly or the Daily option is selected, specify a time of day
when the E-mail should be sent. If the Weekly option is selected, then
also specify which day of the week the E-mail should be sent. If the
When Log is Full option is selected, an alert is sent when the log fills
up. If you select None, no log messages are sent.
Select which day of the week to send the logs.
Time for
Sending Log
This field is only available when you select Daily or Weekly in the Log
Schedule field.
Clear log after
sending mail
Enter the time of day in 24-hour format (for example 23:00 equals
11:00 pm) to send the logs.
Select this to clear all logs and alert messages after logs are sent by email.
Active
ny
Syslog Logging
Select this to enable syslog logging.
Enter the server name or IP address of the syslog server that logs the
selected categories of logs.
Log Facility
Select a location. The log facility allows you to log the messages in
different files in the syslog server. See the documentation of your
syslog for more details.
pa
Syslog Server
IP Address
Active Log and Alert
om
Log
Select the categories of logs that you want to record.
Select the categories of alerts that you want the WiMAX Device to send
immediately.
Apply
Click to save your changes.
Cancel
Click to return to the previous screen without saving your changes.
Send
immediate alert
232
User’s Guide
Chapter 19 The Logs Screens
19.4 Log Message Descriptions
The following tables provide descriptions of example log messages.
Table 95 System Error Logs
DESCRIPTION
WAN connection is down.
The WAN connection is down. You cannot access the
network through this interface.
%s exceeds the max.
number of session per
host!
This attempt to create a NAT session exceeds the
maximum number of NAT session table entries allowed to
be created per host.
en
tia
LOG MESSAGE
DESCRIPTION
Time calibration is
successful
The device has adjusted its time based on information
from the time server.
Time calibration failed
The device failed to get information from the time
server.
DHCP client IP expired
DHCP server assigns %s
ny
Successful WEB login
A DHCP client got a new IP address from the DHCP
server.
A DHCP client's IP address has expired.
The DHCP server assigned an IP address to a client.
Someone has logged on to the device's web
configurator interface.
Someone has failed to log on to the device's web
configurator interface.
TELNET Login Successfully
Someone has logged on to the router via telnet.
TELNET Login Fail
Someone has failed to log on to the router via telnet.
Successful FTP login
Someone has logged on to the device via ftp.
FTP login failed
Someone has failed to log on to the device via ftp.
NAT Session Table is Full!
The maximum number of NAT session table entries
has been exceeded and the table is full.
pa
WEB login failed
om
The WAN interface got a new IP address from the
DHCP or PPPoE server.
DHCP client gets %s
on
LOG MESSAGE
WAN interface gets IP: %s
User’s Guide
fid
Table 96 System Maintenance Logs
Time initialized by Daytime
Server
The device got the time and date from the Daytime
server.
Time initialized by Time
server
The device got the time and date from the time
server.
Time initialized by NTP
server
The device got the time and date from the NTP
server.
Connect to Daytime server
fail
The device was not able to connect to the Daytime
server.
Connect to Time server fail
The device was not able to connect to the Time
server.
233
Chapter 19 The Logs Screens
Table 96 System Maintenance Logs (continued)
DESCRIPTION
Connect to NTP server fail
The device was not able to connect to the NTP server.
Too large ICMP packet has
been dropped
The device dropped an ICMP packet that was too
large.
Configuration Change: PC =
0x%x, Task ID = 0x%x
The device is saving configuration changes.
Table 97 Access Control Logs
en
tia
LOG MESSAGE
DESCRIPTION
Firewall default policy: [ TCP |
UDP | IGMP | ESP | GRE | OSPF ]
Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access
matched the default policy and was blocked or
forwarded according to the default policy’s
setting.
Firewall rule [NOT] match:[ TCP
| UDP | IGMP | ESP | GRE | OSPF
] ,
Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access
matched (or did not match) a configured firewall
rule (denoted by its number) and was blocked or
forwarded according to the rule.
on
fid
LOG MESSAGE
The firewall allowed a triangle route session to
pass through.
Packet without a NAT table entry
blocked: [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]
The router blocked a packet that didn't have a
corresponding NAT table entry.
Router sent blocked web site
message: TCP
The router sent a message to notify a user that
the router blocked access to a web site that the
user requested.
Triangle route packet forwarded:
[ TCP | UDP | IGMP | ESP | GRE |
OSPF ]
The device blocked a session because the host's
connections exceeded the maximum sessions per
host.
Firewall allowed a packet that
matched a NAT session: [ TCP |
UDP ]
A packet from the WAN (TCP or UDP) matched a
cone NAT session and the device forwarded it to
the LAN.
pa
ny
Exceed maximum sessions per host
(%d).
om
Table 98 TCP Reset Logs
234
LOG MESSAGE
DESCRIPTION
Under SYN flood attack,
sent TCP RST
The router sent a TCP reset packet when a host was
under a SYN flood attack (the TCP incomplete count is per
destination host.)
Exceed TCP MAX
incomplete, sent TCP RST
The router sent a TCP reset packet when the number of
TCP incomplete connections exceeded the user configured
threshold. (the TCP incomplete count is per destination
host.)
Peer TCP state out of
order, sent TCP RST
The router sent a TCP reset packet when a TCP
connection state was out of order.Note: The firewall
refers to RFC793 Figure 6 to check the TCP state.
User’s Guide
Chapter 19 The Logs Screens
Table 98 TCP Reset Logs (continued)
LOG MESSAGE
DESCRIPTION
Firewall session time
out, sent TCP RST
The router sent a TCP reset packet when a dynamic
firewall session timed out.
tia
ICMP idle timeout: 3 minutes
The default timeout values are as follows:
UDP idle timeout: 3 minutes
en
TCP connection (three way handshaking) timeout: 270
seconds
TCP FIN-wait timeout: 2 MSL (Maximum Segment
Lifetime set in the TCP header).
TCP idle (established) timeout (s): 150 minutes
fid
TCP reset timeout: 10 seconds
The router sent a TCP reset packet when the number of
incomplete connections (TCP and UDP) exceeded the
user-configured threshold. (Incomplete count is for all
TCP and UDP connections through the firewall.)Note:
When the number of incomplete connections (TCP + UDP)
> “Maximum Incomplete High”, the router sends TCP RST
packets for TCP connections and destroys TOS (firewall
dynamic sessions) until incomplete connections <
“Maximum Incomplete Low”.
Access block, sent TCP
RST
The router sends a TCP RST packet and generates this log
if you turn on the firewall TCP reset mechanism (via CI
command: sys firewall tcprst).
ny
on
Exceed MAX incomplete,
sent TCP RST
Table 99 Packet Filter Logs
DESCRIPTION
[ TCP | UDP | ICMP | IGMP |
Generic ] packet filter
matched (set: %d, rule: %d)
Attempted access matched a configured filter rule
(denoted by its set and rule number) and was blocked
or forwarded according to the rule.
pa
LOG MESSAGE
For type and code details, see Table 106 on page 239.
om
Table 100 ICMP Logs
User’s Guide
LOG MESSAGE
DESCRIPTION
Firewall default policy: ICMP
, ,
ICMP access matched the default policy and was
blocked or forwarded according to the user's
setting.
Firewall rule [NOT] match: ICMP
, ,
,
ICMP access matched (or didn’t match) a firewall
rule (denoted by its number) and was blocked or
forwarded according to the rule.
Triangle route packet forwarded:
ICMP
The firewall allowed a triangle route session to
pass through.
235
Chapter 19 The Logs Screens
DESCRIPTION
Packet without a NAT table entry
blocked: ICMP
The router blocked a packet that didn’t have a
corresponding NAT table entry.
Unsupported/out-of-order ICMP:
ICMP
The firewall does not support this kind of ICMP
packets or the ICMP packets are out of order.
Router reply ICMP packet: ICMP
The router sent an ICMP reply packet to the
sender.
en
tia
LOG MESSAGE
Table 100 ICMP Logs (continued)
Table 101 PPP Logs
DESCRIPTION
ppp:LCP Starting
The PPP connection’s Link Control Protocol stage has started.
ppp:LCP Opening
The PPP connection’s Link Control Protocol stage is opening.
ppp:CHAP Opening
The PPP connection’s Challenge Handshake Authentication Protocol
stage is opening.
ppp:IPCP
Starting
The PPP connection’s Internet Protocol Control Protocol stage is
starting.
ppp:IPCP Opening
The PPP connection’s Internet Protocol Control Protocol stage is
opening.
ppp:LCP Closing
The PPP connection’s Link Control Protocol stage is closing.
ppp:IPCP Closing
The PPP connection’s Internet Protocol Control Protocol stage is
closing.
on
fid
LOG MESSAGE
ny
Table 102 UPnP Logs
DESCRIPTION
UPnP pass through Firewall
UPnP packets can pass through the firewall.
pa
LOG MESSAGE
Table 103 Content Filtering Logs
DESCRIPTION
%s: Keyword blocking
The content of a requested web page matched a user defined
keyword.
om
LOG MESSAGE
%s: Not in trusted web
list
The web site is not in a trusted domain, and the router blocks
all traffic except trusted domain sites.
%s: Forbidden Web site The web site is in the forbidden web site list.
236
%s: Contains ActiveX
The web site contains ActiveX.
%s: Contains Java
applet
The web site contains a Java applet.
%s: Contains cookie
The web site contains a cookie.
%s: Proxy mode
detected
The router detected proxy mode in the packet.
User’s Guide
Chapter 19 The Logs Screens
LOG MESSAGE
DESCRIPTION
%s: Trusted Web site
The web site is in a trusted domain.
%s
When the content filter is not on according to the time
schedule:
Table 103 Content Filtering Logs (continued)
The external content filtering server did not respond within
the timeout period.
DNS resolving
failed
The WiMAX Device cannot get the IP address of the external
content filtering via DNS query.
Creating socket
failed
The WiMAX Device cannot issue a query because TCP/UDP
socket creation failed, port:port number.
Connecting to
content filter
server fail
The connection to the external content filtering server failed.
License key is
invalid
The external content filtering license key is invalid.
on
For type and code details, see Table 106 on page 239.
fid
en
tia
Waiting content
filter server
timeout
Table 104 Attack Logs
LOG MESSAGE
DESCRIPTION
attack [ TCP | UDP | IGMP
| ESP | GRE | OSPF ]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF
attack.
The firewall detected an ICMP attack.
attack ICMP (type:%d,
code:%d)
land [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF
land attack.
The firewall detected an ICMP land attack.
ip spoofing - WAN [ TCP |
UDP | IGMP | ESP | GRE |
OSPF ]
The firewall detected an IP spoofing attack on the WAN
port.
pa
ny
land ICMP (type:%d,
code:%d)
The firewall detected an ICMP IP spoofing attack on the
WAN port.
icmp echo : ICMP
(type:%d, code:%d)
The firewall detected an ICMP echo attack.
syn flood TCP
The firewall detected a TCP syn flood attack.
ports scan TCP
The firewall detected a TCP port scan attack.
teardrop TCP
The firewall detected a TCP teardrop attack.
teardrop UDP
The firewall detected an UDP teardrop attack.
teardrop ICMP (type:%d,
code:%d)
The firewall detected an ICMP teardrop attack.
illegal command TCP
The firewall detected a TCP illegal command attack.
NetBIOS TCP
The firewall detected a TCP NetBIOS attack.
om
ip spoofing - WAN ICMP
(type:%d, code:%d)
User’s Guide
237
Chapter 19 The Logs Screens
DESCRIPTION
ip spoofing - no routing
entry [ TCP | UDP | IGMP
| ESP | GRE | OSPF ]
The firewall classified a packet with no source routing
entry as an IP spoofing attack.
ip spoofing - no routing
entry ICMP (type:%d,
code:%d)
The firewall classified an ICMP packet with no source
routing entry as an IP spoofing attack.
vulnerability ICMP
(type:%d, code:%d)
The firewall detected an ICMP vulnerability attack.
traceroute ICMP (type:%d,
code:%d)
The firewall detected an ICMP traceroute attack.
ports scan UDP
The firewall detected a UDP port scan attack.
Firewall sent TCP packet
in response to DoS attack
TCP
The firewall sent TCP packet in response to a DoS attack
ICMP Source Quench ICMP
The firewall detected an ICMP Source Quench attack.
ICMP Time Exceed ICMP
The firewall detected an ICMP Time Exceed attack.
ICMP Destination
Unreachable ICMP
The firewall detected an ICMP Destination Unreachable
attack.
ping of death. ICMP
The firewall detected an ICMP ping of death attack.
smurf ICMP
The firewall detected an ICMP smurf attack.
on
fid
en
tia
LOG MESSAGE
Table 104 Attack Logs (continued)
Table 105 Remote Management Logs
LOG MESSAGE
Remote Management: TELNET
denied
Attempted use of TELNET service was blocked
according to remote management settings.
Remote Management: HTTP or
UPnP denied
Attempted use of HTTP or UPnP service was blocked
according to remote management settings.
Remote Management: WWW denied
Attempted use of WWW service was blocked
according to remote management settings.
Remote Management: HTTPS
denied
Attempted use of HTTPS service was blocked
according to remote management settings.
pa
ny
Attempted use of FTP service was blocked according
to remote management settings.
om
238
DESCRIPTION
Remote Management: FTP denied
Remote Management: SSH denied
Attempted use of SSH service was blocked
according to remote management settings.
Remote Management: ICMP Ping
response denied
Attempted use of ICMP service was blocked
according to remote management settings.
Remote Management: DNS denied
Attempted use of DNS service was blocked
according to remote management settings.
User’s Guide
Chapter 19 The Logs Screens
Table 106 ICMP Notes
CODE
Destination Unreachable
Net unreachable
Host unreachable
Protocol unreachable
Port unreachable
A packet that needed fragmentation was dropped because it was set
to Don't Fragment (DF)
Source route failed
Redirect
Redirect datagrams for the Network
Redirect datagrams for the Host
Redirect datagrams for the Type of Service and Network
Redirect datagrams for the Type of Service and Host
Echo
Echo message
ny
Time Exceeded
Time to live exceeded in transit
Fragment reassembly time exceeded
pa
Parameter Problem
13
14
om
A gateway may discard internet datagrams if it does not have the
buffer space needed to queue the datagrams for output to the next
network on the route to the destination network.
on
fid
Source Quench
en
12
Echo reply message
tia
Echo Reply
11
DESCRIPTION
TYPE
Pointer indicates the error
Timestamp
Timestamp request message
Timestamp Reply
Timestamp reply message
Information Request
15
Information request message
Information Reply
16
Information reply message
User’s Guide
239
Chapter 19 The Logs Screens
DESCRIPTION
SIP Registration Success
by SIP:SIP Phone Number
The listed SIP account was successfully registered with a
SIP register server.
SIP Registration Fail by
SIP:SIP Phone Number
An attempt to register the listed SIP account with a SIP
register server was not successful.
SIP UnRegistration
Success by SIP:SIP Phone
Number
The listed SIP account’s registration was deleted from
the SIP register server.
SIP UnRegistration Fail
by SIP:SIP Phone Number
An attempt to delete the listed SIP account’s registration
from the SIP register server failed.
Table 108 RTP Logs
fid
en
tia
LOG MESSAGE
Table 107 SIP Logs
DESCRIPTION
Error, RTP init fail
The initialization of an RTP session failed.
Error, Call fail: RTP
connect fail
A VoIP phone call failed because the RTP session could
not be established.
Error, RTP connection
cannot close
The termination of an RTP session failed.
on
LOG MESSAGE
Table 109 FSM Logs: Caller Side
LOG MESSAGE
DESCRIPTION
Someone used a phone connected to the listed phone
port to initiate a VoIP call to the listed destination.
VoIP Call Established
Ph[Phone Port] ->
Outgoing Call Number
Someone used a phone connected to the listed phone
port to make a VoIP call to the listed destination.
VoIP Call End Phone[Phone
Port]
A VoIP phone call made from a phone connected to the
listed phone port has terminated.
om
pa
ny
VoIP Call Start Ph[Phone
Port Number] <- Outgoing
Call Number
Table 110 FSM Logs: Callee Side
240
LOG MESSAGE
DESCRIPTION
VoIP Call Start from
SIP[SIP Port Number]
A VoIP phone call came to the WiMAX Device from the listed
SIP number.
User’s Guide
Chapter 19 The Logs Screens
Table 110 FSM Logs: Callee Side (continued)
DESCRIPTION
VoIP Call Established
Ph[Phone Port] UPnP screen to enable the WiMAX Device’s UPnP feature.
on
fid
Universal Plug and Play (UPnP) is a distributed, open networking standard that
uses TCP/IP for simple peer-to-peer network connectivity between devices. A
UPnP device can dynamically join a network, obtain an IP address, convey its
capabilities and learn about other devices on the network. In turn, a device can
leave a network smoothly and automatically when it is no longer in use.
20.1.1 What You Can Do in This Chapter
The UPnP screen (Section 20.2 on page 244) lets you enable the UPnP feature in
your WiMAX Device.
ny
20.1.2 What You Need to Know
The following terms and concepts may help as you read through this chapter.
pa
How do I know if I'm using UPnP?
om
UPnP hardware is identified as an icon in the Network Connections folder
(Windows XP). Each UPnP compatible device installed on your network will appear
as a separate icon. Selecting the icon of a UPnP device will allow you to access the
information and properties of that device.
NAT Traversal
UPnP NAT traversal automates the process of allowing an application to operate
through NAT. UPnP network devices can automatically configure network
addressing, announce their presence in the network to other UPnP devices and
enable exchange of simple product and service descriptions. NAT traversal allows
the following:
• Dynamic port mapping
User’s Guide
243
Chapter 20 The UPnP Screen
• Learning public IP addresses
• Assigning lease times to mappings
Cautions with UPnP
tia
See Chapter 10 on page 125 for further information about NAT.
Windows Messenger is an example of an application that supports NAT traversal
and UPnP.
fid
en
The automated nature of NAT traversal applications in establishing their own
services and opening firewall ports may present network security issues. Network
information and configuration may also be obtained and modified by users in
some network environments.
All UPnP-enabled devices may communicate freely with each other without
additional configuration. Disable UPnP if this is not your intention.
on
UPnP and ZyXEL
ZyXEL has received UPnP certification from the official UPnP Forum (http://
www.upnp.org). ZyXEL's UPnP implementation supports IGD 1.0 (Internet
Gateway Device).
ny
The WiMAX Device only sends UPnP multicasts to the LAN.
20.2 UPnP
pa
Click TOOLS > UPnP to enable UPnP in your WiMAX Device.
om
Figure 109 TOOLS > UPnP
244
User’s Guide
Chapter 20 The UPnP Screen
The following table describes the labels in this screen.
Table 112 TOOLS > UPnP
DESCRIPTION
Device Name
This field identifies your device in UPnP applications.
Enable the
Universal Plug
and Play (UPnP)
Feature
Select this to activate UPnP. Be aware that anyone could use a UPnP
application to open the web configurator's login screen without entering
the WiMAX Device's IP address. You still have to enter the password,
however.
Allow users to
make
configuration
changes
through UPnP
Select this to allow UPnP-enabled applications to automatically
configure the WiMAX Device so that they can communicate through the
WiMAX Device. For example, using NAT traversal, UPnP applications
automatically reserve a NAT forwarding port in order to communicate
with another UPnP enabled device; this eliminates the need to manually
configure port forwarding for the UPnP enabled application.
Allow UPnP to
pass through
Firewall
Select this to allow traffic from UPnP-enabled applications to bypass the
firewall. Clear this if you want the firewall to check UPnP application
packets (for example, MSN packets).
Apply
Click to save your changes.
Reset
Click to restore your previously saved settings.
on
fid
en
tia
LABEL
20.3 Technical Reference
ny
The following section contains additional technical information about the WiMAX
Device features described in this chapter.
20.3.1 Installing UPnP in Windows XP
pa
Follow the steps below to install the UPnP in Windows XP.
Click Start > Control Panel.
Double-click Network Connections.
In the Network Connections window, click Advanced in the main menu and
select Optional Networking Components ….
om
Figure 110 Network Connections
User’s Guide
245
Chapter 20 The UPnP Screen
The Windows Optional Networking Components Wizard window displays.
Select Networking Service in the Components selection box and click Details.
In the Networking Services window, select the Universal Plug and Play check
box.
on
fid
en
tia
Figure 111 Windows Optional Networking Components Wizard
om
pa
ny
Figure 112 Networking Services
Click OK to go back to the Windows Optional Networking Component Wizard
window and click Next.
20.3.1.1 Auto-discover Your UPnP-enabled Network Device in
Windows XP
246
This section shows you how to use the UPnP feature in Windows XP. You must
already have UPnP installed in Windows XP and UPnP activated on the WiMAX
Device.
User’s Guide
Chapter 20 The UPnP Screen
Make sure the computer is connected to a LAN port of the WiMAX Device. Turn on
your computer and the WiMAX Device.
Click Start and Control Panel. Double-click Network Connections. An icon
displays under Internet Gateway.
Right-click the icon and select Properties.
tia
In the Internet Connection Properties window, click Settings to see the port
mappings there were automatically created.
on
fid
en
Figure 113 Network Connections
om
pa
ny
Figure 114 Internet Connection Properties
User’s Guide
247
Chapter 20 The UPnP Screen
You may edit or delete the port mappings or click Add to manually add port
mappings.
on
fid
en
tia
Figure 115 Internet Connection Properties: Advanced Settings
pa
ny
Figure 116 Internet Connection Properties: Advanced Settings: Add
When the UPnP-enabled device is disconnected from your computer, all port
mappings will be deleted automatically.
om
Select Show icon in notification area when connected option and click OK.
An icon displays in the system tray.
Figure 117 System Tray Icon
248
User’s Guide
Chapter 20 The UPnP Screen
Double-click on the icon to display your current Internet connection status.
fid
en
tia
Figure 118 Internet Connection Status
on
20.3.2 Web Configurator Easy Access
With UPnP, you can access the web-based configurator on the WiMAX Device
without finding out the IP address of the WiMAX Device first. This becomes helpful
if you do not know the IP address of the WiMAX Device.
Follow the steps below to access the web configurator:
Click Start and then Control Panel.
Double-click Network Connections.
om
pa
ny
User’s Guide
249
Chapter 20 The UPnP Screen
Select My Network Places under Other Places.
on
fid
en
tia
Figure 119 Network Connections
An icon with the description for each UPnP-enabled device displays under Local
Network.
Right-click on the icon for your WiMAX Device and select Invoke. The web
configurator login screen displays.
om
pa
ny
Figure 120 Network Connections: My Network Places
250
User’s Guide
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : No Encryption : Standard V2.3 (128-bit) User Access : Print, Copy, Extract, Print high-res XMP Toolkit : 3.1-701 Create Date : 2009:07:07 18:38:16+08:00 Creator Tool : pdfFactory Pro www.ahasoft.com.tw/FinePrint Modify Date : 2009:07:08 10:30:16+08:00 Metadata Date : 2009:07:08 10:30:16+08:00 Format : application/pdf Creator : SAM Title : MAX-306HW2 Series_UG_v1_ed1_2009-06-29.pdf Producer : pdfFactory Pro 3.10 (Windows XP Professional Chinese) Document ID : uuid:73209ba7-a37a-46da-86a8-d04d7b7617be Instance ID : uuid:b47023e0-a2db-47ea-a001-0ab1ef1dbd06 Has XFA : No Page Count : 250 Author : SAMEXIF Metadata provided by EXIF.tools