ZyXEL Communications P3202HNBA 802.11N GPON VoIP IAD User Manual ZyBook2

ZyXEL Communications Corporation 802.11N GPON VoIP IAD ZyBook2

Contents

Installation guide 2 of 2

Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 2516Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.Figure 131 Windows Vista: Local Area Connection Properties
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide2527The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.Figure 132 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties8Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically.Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided.Click Advanced.9Click OK to close the Internet Protocol (TCP/IP) Properties window.10 Click OK to close the Local Area Connection Properties window.Verifying Settings1Click Start > All Programs > Accessories > Command Prompt.
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 2532In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information.Windows 7This section shows screens from Windows 7 Enterprise.1Click Start > Control Panel.Figure 133 Windows 7: Start Menu2In the Control Panel, click View network status and tasks under the Network and Internet category.Figure 134 Windows 7: Control Panel
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide2543Click Change adapter settings.Figure 135 Windows 7: Network And Sharing Center4Double click Local Area Connection and then select Properties.Figure 136 Windows 7: Local Area Connection StatusNote: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 2555Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.Figure 137 Windows 7: Local Area Connection Properties
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide2566The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.Figure 138 Windows 7: Internet Protocol Version 4 (TCP/IPv4) Properties7Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically.Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided. Click Advanced if you want to configure advanced settings for IP, DNS and WINS. 8Click OK to close the Internet Protocol (TCP/IP) Properties window.9Click OK to close the Local Area Connection Properties window.Verifying Settings1Click Start > All Programs > Accessories > Command Prompt.2In the Command Prompt window, type "ipconfig" and then press [ENTER].
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 2573The IP settings are displayed as follows.Figure 139 Windows 7: Internet Protocol Version 4 (TCP/IPv4) PropertiesMac OS X: 10.3 and 10.4The screens in this section are from Mac OS X 10.4 but can also apply to 10.3.1Click Apple > System Preferences.Figure 140 Mac OS X 10.4: Apple Menu
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide2582In the System Preferences window, click the Network icon.Figure 141 Mac OS X 10.4: System Preferences3When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure.Figure 142 Mac OS X 10.4: Network Preferences
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 2594For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab.Figure 143 Mac OS X 10.4: Network Preferences > TCP/IP Tab.5For statically assigned settings, do the following:•From the Configure IPv4 list, select Manually.•In the IP Address field, type your IP address.•In the Subnet Mask field, type your subnet mask.
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide260•In the Router field, type the IP address of your device.Figure 144 Mac OS X 10.4: Network Preferences > Ethernet6Click Apply Now and close the window.Verifying SettingsCheck your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab.Figure 145 Mac OS X 10.4: Network Utility
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 261Mac OS X: 10.5 and 10.6The screens in this section are from Mac OS X 10.5 but can also apply to 10.6.1Click Apple > System Preferences.Figure 146 Mac OS X 10.5: Apple Menu2In System Preferences, click the Network icon.Figure 147 Mac OS X 10.5: Systems Preferences
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide2623When the Network preferences pane opens, select Ethernet from the list of available connection types.Figure 148 Mac OS X 10.5: Network Preferences > Ethernet4From the Configure list, select Using DHCP for dynamically assigned settings.5For statically assigned settings, do the following:•From the Configure list, select Manually.•In the IP Address field, enter your IP address.•In the Subnet Mask field, enter your subnet mask.
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 263•In the Router field, enter the IP address of your IAD.Figure 149 Mac OS X 10.5: Network Preferences > Ethernet6Click Apply and close the window.
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide264Verifying SettingsCheck your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab.Figure 150 Mac OS X 10.5: Network UtilityLinux: Ubuntu 8 (GNOME)This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default Ubuntu 8 installation.Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in GNOME:
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 2651Click System > Administration > Network.Figure 151 Ubuntu 8: System > Administration Menu2When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password.Figure 152 Ubuntu 8: Network Settings > Connections
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide2663In the Authenticate window, enter your admin account name and password then click the Authenticate button.Figure 153 Ubuntu 8: Administrator Account Authentication4In the Network Settings window, select the connection that you want to configure, then click Properties.Figure 154 Ubuntu 8: Network Settings > Connections
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 2675The Properties dialog box opens.Figure 155 Ubuntu 8: Network Settings > Properties•In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address.•In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields. 6Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen.
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide2687If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided. Figure 156 Ubuntu 8: Network Settings > DNS 8Click the Close button to apply the changes.Verifying SettingsCheck your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 269tab. The Interface Statistics column shows data if your connection is working properly.Figure 157 Ubuntu 8: Network ToolsLinux: openSUSE 10.3 (KDE)This section shows you how to configure your computer’s TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default openSUSE 10.3 installation.Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in the KDE:
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide2701Click K Menu > Computer > Administrator Settings (YaST).Figure 158 openSUSE 10.3: K Menu > Computer Menu2When the Run as Root - KDE su dialog opens, enter the admin password and click OK.Figure 159 openSUSE 10.3: K Menu > Computer Menu
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 2713When the YaST Control Center window opens, select Network Devices and then click the Network Card icon.Figure 160 openSUSE 10.3: YaST Control Center4When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 161 openSUSE 10.3: Network Settings
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide2725When the Network Card Setup window opens, click the Address tabFigure 162 openSUSE 10.3: Network Card Setup6Select Dynamic Address (DHCP) if you have a dynamic IP address.Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields.7Click Next to save the changes and close the Network Card Setup window.
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide 2738If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided.Figure 163 openSUSE 10.3: Network Settings9Click Finish to save your settings and close the window.Verifying SettingsClick the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information.Figure 164 openSUSE 10.3: KNetwork Manager
Appendix B Setting Up Your Computer’s IP AddressIAD User’s Guide274When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly.Figure 165 openSUSE: Connection Status - KNetwork Manager
IAD User’s Guide 275APPENDIX C Pop-up Windows, JavaScriptsand Java PermissionsIn order to use the web configurator you need to allow:• Web browser pop-up windows from your device.• JavaScripts (enabled by default).• Java permissions (enabled by default).Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary.Internet Explorer Pop-up BlockersYou may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address.Disable Pop-up Blockers1In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 166 Pop-up BlockerYou can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab.
Appendix C Pop-up Windows, JavaScripts and Java PermissionsIAD User’s Guide2761In Internet Explorer, select Tools, Internet Options, Privacy.2Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 167 Internet Options: Privacy3Click Apply to save this setting.Enable Pop-up Blockers with ExceptionsAlternatively, if you only want to allow pop-up windows from your device, see the following steps.1In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix C Pop-up Windows, JavaScripts and Java PermissionsIAD User’s Guide 2772Select Settings…to open the Pop-up Blocker Settings screen.Figure 168 Internet Options: Privacy3Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix C Pop-up Windows, JavaScripts and Java PermissionsIAD User’s Guide2784Click Add to move the IP address to the list of Allowed sites.Figure 169 Pop-up Blocker Settings5Click Close to return to the Privacy screen. 6Click Apply to save this setting. JavaScriptsIf pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Appendix C Pop-up Windows, JavaScripts and Java PermissionsIAD User’s Guide 2791In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 170 Internet Options: Security 2Click the Custom Level... button. 3Scroll down to Scripting. 4Under Active scripting make sure that Enable is selected (the default).5Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix C Pop-up Windows, JavaScripts and Java PermissionsIAD User’s Guide2806Click OK to close the window.Figure 171 Security Settings - Java ScriptingJava Permissions1From Internet Explorer, click Tools, Internet Options and then the Security tab. 2Click the Custom Level... button. 3Scroll down to Microsoft VM. 4Under Java permissions make sure that a safety level is selected.
Appendix C Pop-up Windows, JavaScripts and Java PermissionsIAD User’s Guide 2815Click OK to close the window.Figure 172 Security Settings - Java JAVA (Sun)1From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2Make sure that Use Java 2 for <applet> under Java (Sun) is selected.
Appendix C Pop-up Windows, JavaScripts and Java PermissionsIAD User’s Guide2823Click OK to close the window.Figure 173 Java (Sun)Mozilla FirefoxMozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears.Figure 174 Mozilla Firefox: Tools > Options
Appendix C Pop-up Windows, JavaScripts and Java PermissionsIAD User’s Guide 283Click Content.to show the screen below. Select the check boxes as shown in the following screen.Figure 175 Mozilla Firefox Content Security
Appendix C Pop-up Windows, JavaScripts and Java PermissionsIAD User’s Guide284
IAD User’s Guide 285APPENDIX D IP Addresses and SubnettingThis appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.Introduction to IP AddressesOne part of the IP address is the network number, and the other part is the host ID. In the same way that houses on a street share a common street name, the hosts on a network share a common network number. Similarly, as each house has its own house number, each host on the network has its own unique identifying number - the host ID. Routers use the network number to send packets to the correct network, while the host ID determines to which host on the network the packets are delivered.StructureAn IP address is made up of four parts, written in dotted decimal notation (for example, 192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal.
Appendix D IP Addresses and SubnettingIAD User’s Guide286The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID.Figure 176 Network Number and Host IDHow much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet MasksA subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “sub-network”.A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID. The following example shows a subnet mask identifying the network number (in bold text) and host ID of an IP address (192.168.1.2 in decimal).Table 81 IP Address Network Number and Host ID Example1ST OCTET:(192)2ND OCTET:(168)3RD OCTET:(1)4TH OCTET(2)IP Address (Binary) 11000000 10101000 00000001 00000010Subnet Mask (Binary) 11111111 11111111 11111111 00000000Network Number 11000000 10101000 00000001Host ID 00000010
Appendix D IP Addresses and SubnettingIAD User’s Guide 287By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes.Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Network SizeThe size of the network number determines the maximum number of possible hosts you can have on your network. The larger the number of network number bits, the smaller the number of remaining host ID bits. An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network (192.168.1.255 with a 24-bit subnet mask, for example).As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows:Table 82 Subnet MasksBINARYDECIMAL1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET8-bit mask 11111111 00000000 00000000 00000000 255.0.0.016-bit mask 11111111 11111111 00000000 00000000 255.255.0.024-bit mask 11111111 11111111 11111111 00000000 255.255.255.029-bit mask 11111111 11111111 11111111 11111000 255.255.255.248Table 83 Maximum Host NumbersSUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS8 bits 255.0.0.0 24 bits 224 – 2 1677721416 bits 255.255.0.0 16 bits 216 – 2 6553424 bits 255.255.255.0 8 bits 28 – 2 25429 bits 255.255.255.248 3 bits 23 – 2 6
Appendix D IP Addresses and SubnettingIAD User’s Guide288NotationSince the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. SubnettingYou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 – 2 or 254 possible hosts.Table 84 Alternative Subnet Mask NotationSUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL)255.255.255.0 /24 0000 0000 0255.255.255.128 /25 1000 0000 128255.255.255.192 /26 1100 0000 192255.255.255.224 /27 1110 0000 224255.255.255.240 /28 1111 0000 240255.255.255.248 /29 1111 1000 248255.255.255.252 /30 1111 1100 252
Appendix D IP Addresses and SubnettingIAD User’s Guide 289The following figure shows the company network before subnetting. Figure 177 Subnetting Example: Before SubnettingYou can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 178 Subnetting Example: After Subnetting
Appendix D IP Addresses and SubnettingIAD User’s Guide290In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126. Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.Example: Four Subnets The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 85 Subnet 1IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address (Decimal) 192.168.1. 0IP Address (Binary) 11000000.10101000.00000001. 00000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62Table 86 Subnet 2IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 64IP Address (Binary) 11000000.10101000.00000001. 01000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126
Appendix D IP Addresses and SubnettingIAD User’s Guide 291Example: Eight SubnetsSimilarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.Table 87 Subnet 3IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 128IP Address (Binary) 11000000.10101000.00000001. 10000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129Broadcast Address: 192.168.1.191 Highest Host ID: 192.168.1.190Table 88 Subnet 4IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 192IP Address (Binary) 11000000.10101000.00000001. 11000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254Table 89 Eight SubnetsSUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS1 0 1 30 31232 33 62 63364 65 94 95496 97 126 1275128 129 158 1596160 161 190 1917192 193 222 2238224 225 254 255
Appendix D IP Addresses and SubnettingIAD User’s Guide292Subnet PlanningThe following table is a summary for subnet planning on a network with a 24-bit network number.The following table is a summary for subnet planning on a network with a 16-bit network number. Configuring IP AddressesWhere you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP Table 90 24-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.255.128 (/25) 21262255.255.255.192 (/26) 4623255.255.255.224 (/27) 8304255.255.255.240 (/28) 16 145255.255.255.248 (/29) 32 66255.255.255.252 (/30) 64 27255.255.255.254 (/31) 128 1Table 91 16-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.128.0 (/17) 2327662255.255.192.0 (/18) 4163823255.255.224.0 (/19) 881904255.255.240.0 (/20) 16 40945255.255.248.0 (/21) 32 20466255.255.252.0 (/22) 64 10227255.255.254.0 (/23) 128 5108255.255.255.0 (/24) 256 2549255.255.255.128 (/25) 512 12610 255.255.255.192 (/26) 1024 6211 255.255.255.224 (/27) 2048 3012 255.255.255.240 (/28) 4096 1413 255.255.255.248 (/29) 8192 614 255.255.255.252 (/30) 16384 215 255.255.255.254 (/31) 32768 1
Appendix D IP Addresses and SubnettingIAD User’s Guide 293addresses, follow their instructions in selecting the IP addresses and the subnet mask.If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the IAD. Once you have decided on the network number, pick an IP address for your IAD that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.The subnet mask specifies the network number portion of an IP address. Your IAD will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the IAD unless you are instructed to do otherwise.Private IP AddressesEvery machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:• 10.0.0.0 — 10.255.255.255• 172.16.0.0 — 172.31.255.255• 192.168.0.0 — 192.168.255.255You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.
Appendix D IP Addresses and SubnettingIAD User’s Guide294IP Address ConflictsEach device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources. The devices may also be unreachable through the network. Conflicting Computer IP Addresses ExampleMore than one device can not use the same IP address. In the following example computer A has a static (or fixed) IP address that is the same as the IP address that a DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address automatically. Figure 179 Conflicting Computer IP Addresses ExampleConflicting Router IP Addresses ExampleSince a router connects different networks, it must have interfaces using different network numbers. For example, if a router is set between a LAN and the Internet (WAN), the router’s LAN and WAN addresses must be on different subnets. In the
Appendix D IP Addresses and SubnettingIAD User’s Guide 295following example, the LAN and WAN are on the same subnet. The LAN computers cannot access the Internet because the router cannot route between networks.Figure 180 Conflicting Router IP Addresses ExampleConflicting Computer and Router IP Addresses ExampleMore than one device can not use the same IP address. In the following example, the computer and the router’s LAN port both use 192.168.1.1 as the IP address. The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router’s LAN port. Figure 181 Conflicting Computer and Router IP Addresses Example
Appendix D IP Addresses and SubnettingIAD User’s Guide296
IAD User’s Guide 297APPENDIX E Wireless LANsNote: Your specific IAD may not support all of the wireless security types described in this appendix. See the product specifications for more information about which wireless security types are supported.Wireless LAN TopologiesThis section discusses ad-hoc and infrastructure wireless LAN topologies.Ad-hoc Wireless LAN ConfigurationThe simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an example of notebook computers using wireless adapters to form an ad-hoc wireless LAN. Figure 182 Peer-to-Peer Communication in an Ad-hoc NetworkBSSA Basic Service Set (BSS) exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point (AP).
Appendix E Wireless LANsIAD User’s Guide298Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other.Figure 183 Basic Service SetESSAn Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix E Wireless LANsIAD User’s Guide 299An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate.Figure 184 Infrastructure WLANChannelA channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should be on a channel at least five channels away from a channel that an adjacent AP is using. For example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11.RTS/CTSA hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a
Appendix E Wireless LANsIAD User’s Guide300hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 185 RTS/CTSWhen station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked.When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for permission to send it. The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify them to defer their transmission. It also reserves and confirms with the requesting station the time frame for the requested transmission.Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS (Request To Send)/CTS (Clear to Send) handshake. You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the "cost" of resending large frames is more than the extra network overhead involved in the RTS (Request To Send)/CTS (Clear to Send) handshake. If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy.
Appendix E Wireless LANsIAD User’s Guide 301Fragmentation ThresholdA Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames.A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.Preamble TypePreamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet.Short preamble increases performance as less time sending preamble means more time for sending data. All IEEE 802.11 compliant wireless adapters support long preamble, but not all support short preamble. Use long preamble if you are unsure what preamble mode other wireless devices on the network support, and to provide more reliable communications in busy wireless networks. Use short preamble if you are sure all wireless devices on the network support it, and to provide more efficient communications.Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it, otherwise the IAD uses long preamble.Note: The wireless devices MUST use the same preamble mode in order to communicate.IEEE 802.11g Wireless LANIEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has
Appendix E Wireless LANsIAD User’s Guide302several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows:Wireless Security OverviewWireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network.Wireless security methods available on the IAD are data encryption, wireless client authentication, restricting access by device MAC address and hiding the IAD identity.The following figure shows the relative effectiveness of these wireless security methods available on your IAD.Note: You must enable the same wireless security settings on the IAD and on all wireless clients that you want to associate with it. IEEE 802.1xIn June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional Table 92 IEEE 802.11gDATA RATE (MBPS) MODULATION1 DBPSK (Differential Binary Phase Shift Keyed)2 DQPSK (Differential Quadrature Phase Shift Keying)5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) Table 93 Wireless Security LevelsSECURITY LEVEL SECURITY TYPELeast Secure Most SecureUnique SSID (Default)Unique SSID with Hide SSID EnabledMAC Address FilteringWEP EncryptionIEEE802.1x EAP with RADIUS Server AuthenticationWi-Fi Protected Access (WPA)WPA2
Appendix E Wireless LANsIAD User’s Guide 303accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are:• User based identification that allows for roaming.• Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients. RADIUSRADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks:• Authentication Determines the identity of the users.• AuthorizationDetermines the network services available to authenticated users once they are connected to the network.•AccountingKeeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS MessagesThe following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication:• Access-RequestSent by an access point requesting authentication.• Access-RejectSent by a RADIUS server rejecting access.• Access-AcceptSent by a RADIUS server allowing access. • Access-ChallengeSent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message.
Appendix E Wireless LANsIAD User’s Guide304The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting:•Accounting-RequestSent by the access point requesting accounting.• Accounting-ResponseSent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. .For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.EAP-MD5 (Message-Digest Algorithm 5)MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5
Appendix E Wireless LANsIAD User’s Guide 305authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption. EAP-TLS (Transport Layer Security)With EAP-TLS, digital certifications are needed by both the server and the wireless clients for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco.LEAPLEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. Dynamic WEP Key ExchangeThe AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled.
Appendix E Wireless LANsIAD User’s Guide306Note: EAP-MD5 cannot be used with Dynamic WEP Key ExchangeFor added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.WPA and WPA2Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication.If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not.Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2.Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA2 also uses TKIP when Table 94 Comparison of EAP Authentication TypesEAP-MD5 EAP-TLS EAP-TTLS PEAP LEAPMutual Authentication No Yes Yes Yes YesCertificate – Client No Yes Optional Optional NoCertificate – Server No Yes Yes Yes NoDynamic Key Exchange No Yes Yes Yes YesCredential Integrity None Strong Strong Strong ModerateDeployment Difficulty Easy Hard Moderate Moderate ModerateClient Identity Protection No No Yes Yes No
Appendix E Wireless LANsIAD User’s Guide 307required for compatibility reasons, but offers stronger encryption than TKIP with Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP).TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all happens in the background automatically.The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped. By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi network than WEP and difficult for an intruder to break into the network. The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of WEP)User Authentication WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a network. Other WPA2 authentication features that are different from WPA include key caching and pre-
Appendix E Wireless LANsIAD User’s Guide308authentication. These two features are optional and may not be supported in all wireless devices.Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again.Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it.Wireless Client WPA SupplicantsA wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. WPA(2) with RADIUS Application ExampleTo set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system.1The AP passes the wireless client's authentication request to the RADIUS server.2The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly.3A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client.
Appendix E Wireless LANsIAD User’s Guide 3094The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys. The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.Figure 186 WPA(2) with RADIUS Application ExampleWPA(2)-PSK Application ExampleA WPA(2)-PSK application looks as follows.1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols).2The AP checks each wireless client's password and allows it to join the network only if the password matches.3The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID.
Appendix E Wireless LANsIAD User’s Guide3104The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them.Figure 187 WPA(2)-PSK AuthenticationSecurity Parameters SummaryRefer to this table to see what other security parameters you should configure for each authentication method or key management protocol type. MAC address filters are not dependent on how you configure these security features.Table 95 Wireless Security Relational MatrixAUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOLENCRYPTION METHOD ENTER MANUAL KEY IEEE 802.1XOpen None No DisableEnable without Dynamic WEP KeyOpen WEP No Enable with Dynamic WEP KeyYes Enable without Dynamic WEP KeyYes DisableShared WEP No Enable with Dynamic WEP KeyYes Enable without Dynamic WEP KeyYes DisableWPA TKIP/AES No EnableWPA-PSK TKIP/AES Yes DisableWPA2 TKIP/AES No EnableWPA2-PSK TKIP/AES Yes Disable
Appendix E Wireless LANsIAD User’s Guide 311Antenna OverviewAn antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna CharacteristicsFrequencyAn antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.11a) is needed to communicate efficiently in a wireless LANRadiation PatternA radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area. Antenna GainAntenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width. Higher antenna gain improves the range of the signal for better communications. For an indoor site, each 1 dB increase in antenna gain results in a range increase of approximately 2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a range increase of approximately 5%. Actual results may vary depending on the network environment. Antenna gain is sometimes specified in dBi, which is how much the antenna increases the signal power compared to using an isotropic antenna. An isotropic antenna is a theoretical perfect antenna that sends out radio signals equally well in all directions. dBi represents the true gain that the antenna provides. Types of Antennas for WLANThere are two types of antennas used for wireless LAN applications.
Appendix E Wireless LANsIAD User’s Guide312• Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points. • Directional antennas concentrate the RF signal in a beam, like a flashlight does with the light from its bulb. The angle of the beam determines the width of the coverage pattern. Angles typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications.Positioning AntennasIn general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area.
IAD User’s Guide 313APPENDIX F Common ServicesThe following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.•Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.•Port(s): This value depends on the Protocol. Please refer to RFC 1700 for further information about port numbers.•If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.•If the Protocol is USER, this is the IP protocol number.•Description: This is a brief explanation of the applications that use this service or the situations in which this service is used.Table 96 Commonly Used ServicesNAME PROTOCOL PORT(S) DESCRIPTIONAH (IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service.AIM/New-ICQ TCP 5190 AOL’s Internet Messenger service. It is also used as a listening port by ICQ.AUTH TCP 113 Authentication protocol used by some servers.BGP TCP 179 Border Gateway Protocol.BOOTP_CLIENT UDP 68 DHCP Client.BOOTP_SERVER UDP 67 DHCP Server.CU-SEEME TCPUDP764824032A popular videoconferencing solution from White Pines Software.DNS TCP/UDP 53 Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers.
Appendix F Common ServicesIAD User’s Guide314ESP (IPSEC_TUNNEL) User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service.FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.FTP TCPTCP2021File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail.H.323 TCP 1720 NetMeeting uses this protocol.HTTP TCP 80 Hyper Text Transfer Protocol - a client/server protocol for the world wide web.HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce.ICMP User-Defined 1Internet Control Message Protocol is often used for diagnostic or routing purposes.ICQ UDP 4000 This is a popular Internet chat program.IGMP (MULTICAST) User-Defined 2Internet Group Management Protocol is used when sending packets to a specific group of hosts.IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management.IRC TCP/UDP 6667 This is another popular Internet chat program.MSN Messenger TCP 1863 Microsoft Networks’ messenger service uses this protocol. NEW-ICQ TCP 5190 An Internet chat program.NEWS TCP 144 A protocol for news groups.NFS UDP 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments.NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.PING User-Defined 1Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other).Table 96 Commonly Used Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
Appendix F Common ServicesIAD User’s Guide 315PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel.PPTP_TUNNEL (GRE) User-Defined 47 PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel.RCMD TCP 512 Remote Command Service.REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web.REXEC TCP 514 Remote Execution Daemon.RLOGIN TCP 513 Remote Login.RTELNET TCP 107 Remote Telnet.RTSP TCP/UDP 554 The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP TCP 115 Simple File Transfer Protocol.SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.SNMP TCP/UDP 161 Simple Network Management Program.SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).SQL-NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers.SSH TCP/UDP 22 Secure Shell Remote Login Program.STRM WORKS UDP 1558 Stream Works Protocol.SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server.TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System).TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.Table 96 Commonly Used Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
Appendix F Common ServicesIAD User’s Guide316TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).VDOLIVE TCP 7000 Another videoconferencing solution.Table 96 Commonly Used Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
IAD User’s Guide 317APPENDIX G Legal InformationCopyrightCopyright © 2009 by ZyXEL Communications Corporation.The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.Published by ZyXEL Communications Corporation. All rights reserved.DisclaimersZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.Your use of the IAD is subject to the terms and conditions of any related service providers. TrademarksZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.CertificationsFederal Communications Commission (FCC) Interference StatementThe device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
Appendix G Legal InformationIAD User’s Guide318• This device may not cause harmful interference.• This device must accept any interference received, including interference that may cause undesired operations.This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:1Reorient or relocate the receiving antenna.2Increase the separation between the equipment and the receiver.3Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.4Consult the dealer or an experienced radio/TV technician for help.FCC Radiation Exposure Statement• This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. • For operation within 5.15 ~ 5.25GHz frequency range, it is restricted to indoor environment. • IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to channels 1 through 11. • To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons. 注意 !依據 低功率電波輻射性電機管理辦法第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。
Appendix G Legal InformationIAD User’s Guide 319第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 在 5250MHz~5350MHz 頻帶內操作之無線資訊傳輸設備,限於室內使用。本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。 減少電磁波影響,請妥適使用。Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.This device has been designed for the WLAN 2.4 GHz and 5 GHz networks throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003.Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.CLASS 1 LASER PRODUCT APPAREIL A LASER DE CLASS 1 PRODUCT COMPLIES WITH 21 CFR 1040.10 AND 1040.11. PRODUIT CONFORME SELON 21 CFR 1040.10 ET 1040.11. Viewing Certifications1Go to http://www.zyxel.com.2Select your product on the ZyXEL home page to go to that product's page.3Select the certification you wish to view from this page.ZyXEL Limited WarrantyZyXEL warrants to the original end user (purchaser) that this product is free from any defects in material or workmanship for a specific period (the Warranty Period) from the date of purchase. The Warranty Period varies by region. Check with your vendor and/or the authorized ZyXEL local distributor for details about the Warranty Period of this product. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship
Appendix G Legal InformationIAD User’s Guide320and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.NoteRepair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http://www.zyxel.com/web/support_warranty_info.php.RegistrationRegister your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com.
IndexIAD User’s Guide 321IndexAAdvanced Encryption StandardSee AES.AES 307ALG 111alternative subnet mask notation 288antennadirectional 312gain 311omni-directional 312AP (access point) 299Application Layer Gateway 111applicationsInternet access 22attack alert 152auto dial 232auto firmware upgrade 130auto provisioning 130auto-provisioning 130Bbackup 221bandwidth management 163Basic Service Set, See BSS 297blinking LEDs 26BSS 297CCA 305call forwarding 233call hold 132, 134call park and pickup 232call return 232call service mode 131, 133call transfer 133, 134call waiting 132, 134, 233caller ID 233Certificate AuthoritySee CA.certifications 317notices 319viewing 319channel 299interference 299channel ID 73codecs 234comfort noise generation 233configuration 59Configure QoS 163copyright 317CoS 177CoS technologies 164country code 232CTS (Clear to Send) 300custom portscreating/editing 150customized services 149Ddefault 222default LAN IP address 29Denial of Service. See DoS.DHCP 59, 60, 65, 179DHCP client 65DHCP client list 65diagnostic 223DiffServ (Differentiated Services) 177DiffServ marking rule 177disclaimer 317DnD 232DNS 60, 191
IndexIAD User’s Guide322do not disturb 232domain name systemsee DNSDoS 138, 153DS field 177DS See Differentiated ServicesDSCP 177DTMF detection and generation 234dynamic DNS 179Dynamic Host Configuration Protocol. See DHCP.dynamic jitter buffer 233dynamic WEP key exchange 305DYNDNS wildcard 179EEAP Authentication 304echo cancellation 234encapsulation 55PPP over Ethernet 55encryption 306WEP 77ESS 298Europe type call service mode 131Extended Service Set IDentification 74Extended Service Set, See ESS 298FFCC interference statement 317Firewall 154firewalladdress type 148creating/editing rules 146custom ports 149DoS 153Dos threshold 152enabling 143maximum incomplete high 153maximum incomplete low 153one minute high 153one minute low 152rule security considerations 154stateful inspection 137TCP maximum incomplete 153three-way handshake 151firmwareupload 220upload error 220firmware upgrade 130flash key 131flashing 131fragmentation threshold 301FTP 104, 187GG.168 234G.711 234G.726 234G.729 234general setup 211Hhidden node 299host 212HTTP (Hypertext Transfer Protocol) 220HTTP pincode 130humidity 231IIANA 61, 293IANA (Internet Assigned Number Authority) 149IBSS 297IEEE 802.11g 301IGMP 62, 63Independent Basic Service SetSee IBSS 297initialization vector (IV) 307install UPnP 199Windows Me 199
IndexIAD User’s Guide 323Windows XP 201Internet access 22Internet Assigned Numbers AuthoritySee IANA 293IP address 61, 104, 105, 130IP address assignment 56IP pool 64IP pool setup 60Jjitter buffer 233Kkey combinations 135keypad 135LLAN setup 55, 59LAN TCP/IP 60log out 30log out (automatic) 30logs 215MMAC address filter action 81MAC filter 80, 81Management Information Base (MIB) 189managing the devicegood habits 21maximum incomplete high 153maximum incomplete low 153Message Integrity Check (MIC) 306multicast 62multimedia 117multiple SIP accounts 233multiple voice channels 233NNAT 61, 104, 105, 293address mapping rule 110application 114definitions 112how it works 113mapping types 114what it does 112NAT (Network Address Translation) 101NAT traversal 197non-proxy calls 126Oone minute high 153one minute low 152operation humidity 231operation temperature 231PPairwise Master Key (PMK) 307, 309park 232peer-to-peer calls 23, 126PHB (Per-Hop Behavior) 177phone bookspeed dial 126phone config 232phone functions 135pickup 232pincode 130point-to-point calls 234ports 26power adaptor 234power specifications 231PPPoE 55benefits 55PPPoE (Point-to-Point Protocol over Ethernet) 55
IndexIAD User’s Guide324preamble mode 301product registration 320PSK 307QQoS 176marking 164tagging 164versus CoS 164QoS class configuration 166Quality of Service (QoS) 163quick dialing 234Quick Start Guide 29RRADIUS 303message types 303messages 303shared secret key 304region 232registrationproduct 320related documentation 3remote managementhow SSH works 194SSH 193SSH implementation 195Telnet 186remote management and NAT 185remote management limitations 184REN 233resetting your device 25restore 221RFC 1631 101RFC 1889 234RFC 1890 234RFC 2131. See DHCP.RFC 2132. See DHCPRFC 2327 234RFC 3261 234Ringer Equivalence Number 233RIP 62direction 62Routing Information Protocolsee RIPversion 62router features 22RTCP 234RTP 234RTS (Request To Send) 300threshold 299, 300Ssafety warnings 7SDP 234server 115, 213Service Set 74service type 150Session Description Protocol 234Session Initiating Protocol 234Session Initiation Protocol 117setup 130silence suppression 233SIP 117SIP account 117SIP accounts 233SIP ALG 111SIP Application Layer Gateway 111SIP identities 117SIP number 118SIP service domain 118SIP URI 117SIP version 2 234SNMP 188manager 189MIBs 190speed dial 126, 129SSH 193how SSH works 194implementation 195stateful inspection firewall 137static route 159
IndexIAD User’s Guide 325status indicators 26storage humidity 231storage temperature 231SUA 102SUA (Single User Account) 102SUA vs NAT 102subnet 285subnet mask 61, 148, 286subnetting 288supplementary services 131syntax conventions 5syslog 143system name 212system timeout 185TTCP maximum incomplete 152, 153Telnet 186temperature 231Temporal Key Integrity Protocol (TKIP) 306three-way conference 133, 135trademarks 317Triangle 155Triangle Route Solutions 156UUniform Resource Identifier 117Universal Plug and Play 197application 198UPnP 197forum 198security issues 198USA type call service mode 133VVAD 233voice activity detection 233
IndexIAD User’s Guide326voice channels 233VoIP 117peer-to-peer calls 126VoIP features 23VoIP standards compliance 233WWAN (Wide Area Network) 55warranty 319note 320Web 185Web Configurator 29, 155WEP encryption 78Wi-Fi Protected Access 306wireless client WPA supplicants 308wireless security 302wireless station list 49WLANinterference 299security parameters 310WLAN button 24WPA 306key caching 308pre-authentication 308user authentication 307vs WPA-PSK 307wireless client supplicant 308with RADIUS application example 308WPA2 306user authentication 307vs WPA2-PSK 307wireless client supplicant 308with RADIUS application example 308WPA2-Pre-Shared Key 306WPA2-PSK 306, 307application example 309WPA-PSK 306, 307application example 309

Navigation menu