ZyXEL Communications P3202HNBA 802.11N GPON VoIP IAD User Manual ZyBook2

ZyXEL Communications Corporation 802.11N GPON VoIP IAD ZyBook2

Contents

Installation guide 2 of 2

Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 251
6Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Figure 131 Windows Vista: Local Area Connection Properties
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
252
7The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.
Figure 132 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties
8Select Obtain an IP address automatically if your network administrator or ISP
assigns your IP address dynamically.
Select Use the following IP Address and fill in the IP address, Subnet mask,
and Default gateway fields if you have a static IP address that was assigned to
you by your network administrator or ISP. You may also have to enter a Preferred
DNS server and an Alternate DNS server, if that information was
provided.Click Advanced.
9Click OK to close the Internet Protocol (TCP/IP) Properties window.
10 Click OK to close the Local Area Connection Properties window.
Verifying Settings
1Click Start > All Programs > Accessories > Command Prompt.
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 253
2In the Command Prompt window, type "ipconfig" and then press [ENTER].
You can also go to Start > Control Panel > Network Connections, right-click a
network connection, click Status and then click the Support tab to view your IP
address and connection information.
Windows 7
This section shows screens from Windows 7 Enterprise.
1Click Start > Control Panel.
Figure 133 Windows 7: Start Menu
2In the Control Panel, click View network status and tasks under the
Network and Internet category.
Figure 134 Windows 7: Control Panel
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
254
3Click Change adapter settings.
Figure 135 Windows 7: Network And Sharing Center
4Double click Local Area Connection and then select Properties.
Figure 136 Windows 7: Local Area Connection Status
Note: During this procedure, click Continue whenever Windows displays a screen
saying that it needs your permission to continue.
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 255
5Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Figure 137 Windows 7: Local Area Connection Properties
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
256
6The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.
Figure 138 Windows 7: Internet Protocol Version 4 (TCP/IPv4) Properties
7Select Obtain an IP address automatically if your network administrator or ISP
assigns your IP address dynamically.
Select Use the following IP Address and fill in the IP address, Subnet mask,
and Default gateway fields if you have a static IP address that was assigned to
you by your network administrator or ISP. You may also have to enter a Preferred
DNS server and an Alternate DNS server, if that information was provided.
Click Advanced if you want to configure advanced settings for IP, DNS and WINS.
8Click OK to close the Internet Protocol (TCP/IP) Properties window.
9Click OK to close the Local Area Connection Properties window.
Verifying Settings
1Click Start > All Programs > Accessories > Command Prompt.
2In the Command Prompt window, type "ipconfig" and then press [ENTER].
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 257
3The IP settings are displayed as follows.
Figure 139 Windows 7: Internet Protocol Version 4 (TCP/IPv4) Properties
Mac OS X: 10.3 and 10.4
The screens in this section are from Mac OS X 10.4 but can also apply to 10.3.
1Click Apple > System Preferences.
Figure 140 Mac OS X 10.4: Apple Menu
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
258
2In the System Preferences window, click the Network icon.
Figure 141 Mac OS X 10.4: System Preferences
3When the Network preferences pane opens, select Built-in Ethernet from the
network connection type list, and then click Configure.
Figure 142 Mac OS X 10.4: Network Preferences
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 259
4For dynamically assigned settings, select Using DHCP from the Configure IPv4
list in the TCP/IP tab.
Figure 143 Mac OS X 10.4: Network Preferences > TCP/IP Tab.
5For statically assigned settings, do the following:
•From the Configure IPv4 list, select Manually.
•In the IP Address field, type your IP address.
•In the Subnet Mask field, type your subnet mask.
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
260
•In the Router field, type the IP address of your device.
Figure 144 Mac OS X 10.4: Network Preferences > Ethernet
6Click Apply Now and close the window.
Verifying Settings
Check your TCP/IP properties by clicking Applications > Utilities > Network
Utilities, and then selecting the appropriate Network Interface from the Info
tab.
Figure 145 Mac OS X 10.4: Network Utility
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 261
Mac OS X: 10.5 and 10.6
The screens in this section are from Mac OS X 10.5 but can also apply to 10.6.
1Click Apple > System Preferences.
Figure 146 Mac OS X 10.5: Apple Menu
2In System Preferences, click the Network icon.
Figure 147 Mac OS X 10.5: Systems Preferences
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
262
3When the Network preferences pane opens, select Ethernet from the list of
available connection types.
Figure 148 Mac OS X 10.5: Network Preferences > Ethernet
4From the Configure list, select Using DHCP for dynamically assigned settings.
5For statically assigned settings, do the following:
•From the Configure list, select Manually.
•In the IP Address field, enter your IP address.
•In the Subnet Mask field, enter your subnet mask.
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 263
•In the Router field, enter the IP address of your IAD.
Figure 149 Mac OS X 10.5: Network Preferences > Ethernet
6Click Apply and close the window.
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
264
Verifying Settings
Check your TCP/IP properties by clicking Applications > Utilities > Network
Utilities, and then selecting the appropriate Network interface from the Info
tab.
Figure 150 Mac OS X 10.5: Network Utility
Linux: Ubuntu 8 (GNOME)
This section shows you how to configure your computer’s TCP/IP settings in the
GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution.
The procedure, screens and file locations may vary depending on your specific
distribution, release version, and individual configuration. The following screens
use the default Ubuntu 8 installation.
Note: Make sure you are logged in as the root administrator.
Follow the steps below to configure your computer IP address in GNOME:
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 265
1Click System > Administration > Network.
Figure 151 Ubuntu 8: System > Administration Menu
2When the Network Settings window opens, click Unlock to open the
Authenticate window. (By default, the Unlock button is greyed out until clicked.)
You cannot make changes to your configuration unless you first enter your admin
password.
Figure 152 Ubuntu 8: Network Settings > Connections
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
266
3In the Authenticate window, enter your admin account name and password then
click the Authenticate button.
Figure 153 Ubuntu 8: Administrator Account Authentication
4In the Network Settings window, select the connection that you want to
configure, then click Properties.
Figure 154 Ubuntu 8: Network Settings > Connections
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 267
5The Properties dialog box opens.
Figure 155 Ubuntu 8: Network Settings > Properties
•In the Configuration list, select Automatic Configuration (DHCP) if you
have a dynamic IP address.
•In the Configuration list, select Static IP address if you have a static IP
address. Fill in the IP address, Subnet mask, and Gateway address fields.
6Click OK to save the changes and close the Properties dialog box and return to
the Network Settings screen.
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
268
7If you know your DNS server IP address(es), click the DNS tab in the Network
Settings window and then enter the DNS server information in the fields
provided.
Figure 156 Ubuntu 8: Network Settings > DNS
8Click the Close button to apply the changes.
Verifying Settings
Check your TCP/IP properties by clicking System > Administration > Network
Tools, and then selecting the appropriate Network device from the Devices
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 269
tab. The Interface Statistics column shows data if your connection is working
properly.
Figure 157 Ubuntu 8: Network Tools
Linux: openSUSE 10.3 (KDE)
This section shows you how to configure your computer’s TCP/IP settings in the K
Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The
procedure, screens and file locations may vary depending on your specific
distribution, release version, and individual configuration. The following screens
use the default openSUSE 10.3 installation.
Note: Make sure you are logged in as the root administrator.
Follow the steps below to configure your computer IP address in the KDE:
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
270
1Click K Menu > Computer > Administrator Settings (YaST).
Figure 158 openSUSE 10.3: K Menu > Computer Menu
2When the Run as Root - KDE su dialog opens, enter the admin password and
click OK.
Figure 159 openSUSE 10.3: K Menu > Computer Menu
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 271
3When the YaST Control Center window opens, select Network Devices and
then click the Network Card icon.
Figure 160 openSUSE 10.3: YaST Control Center
4When the Network Settings window opens, click the Overview tab, select the
appropriate connection Name from the list, and then click the Configure button.
Figure 161 openSUSE 10.3: Network Settings
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
272
5When the Network Card Setup window opens, click the Address tab
Figure 162 openSUSE 10.3: Network Card Setup
6Select Dynamic Address (DHCP) if you have a dynamic IP address.
Select Statically assigned IP Address if you have a static IP address. Fill in the
IP address, Subnet mask, and Hostname fields.
7Click Next to save the changes and close the Network Card Setup window.
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide 273
8If you know your DNS server IP address(es), click the Hostname/DNS tab in
Network Settings and then enter the DNS server information in the fields
provided.
Figure 163 openSUSE 10.3: Network Settings
9Click Finish to save your settings and close the window.
Verifying Settings
Click the KNetwork Manager icon on the Task bar to check your TCP/IP
properties. From the Options sub-menu, select Show Connection Information.
Figure 164 openSUSE 10.3: KNetwork Manager
Appendix B Setting Up Your Computer’s IP Address
IAD User’s Guide
274
When the Connection Status - KNetwork Manager window opens, click the
Statistics tab to see if your connection is working properly.
Figure 165 openSUSE: Connection Status - KNetwork Manager
IAD User’s Guide 275
APPENDIX C
Pop-up Windows, JavaScripts
and Java Permissions
In order to use the web configurator you need to allow:
Web browser pop-up windows from your device.
JavaScripts (enabled by default).
Java permissions (enabled by default).
Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer
versions may vary.
Internet Explorer Pop-up Blockers
You may have to disable pop-up blocking to log into your device.
Either disable pop-up blocking (enabled by default in Windows XP SP (Service
Pack) 2) or allow pop-up blocking and create an exception for your device’s IP
address.
Disable Pop-up Blockers
1In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off
Pop-up Blocker.
Figure 166 Pop-up Blocker
You can also check if pop-up blocking is disabled in the Pop-up Blocker section in
the Privacy tab.
Appendix C Pop-up Windows, JavaScripts and Java Permissions
IAD User’s Guide
276
1In Internet Explorer, select Tools, Internet Options, Privacy.
2Clear the Block pop-ups check box in the Pop-up Blocker section of the screen.
This disables any web pop-up blockers you may have enabled.
Figure 167 Internet Options: Privacy
3Click Apply to save this setting.
Enable Pop-up Blockers with Exceptions
Alternatively, if you only want to allow pop-up windows from your device, see the
following steps.
1In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix C Pop-up Windows, JavaScripts and Java Permissions
IAD User’s Guide 277
2Select Settings…to open the Pop-up Blocker Settings screen.
Figure 168 Internet Options: Privacy
3Type the IP address of your device (the web page that you do not want to have
blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix C Pop-up Windows, JavaScripts and Java Permissions
IAD User’s Guide
278
4Click Add to move the IP address to the list of Allowed sites.
Figure 169 Pop-up Blocker Settings
5Click Close to return to the Privacy screen.
6Click Apply to save this setting.
JavaScripts
If pages of the web configurator do not display properly in Internet Explorer, check
that JavaScripts are allowed.
Appendix C Pop-up Windows, JavaScripts and Java Permissions
IAD User’s Guide 279
1In Internet Explorer, click Tools, Internet Options and then the Security tab.
Figure 170 Internet Options: Security
2Click the Custom Level... button.
3Scroll down to Scripting.
4Under Active scripting make sure that Enable is selected (the default).
5Under Scripting of Java applets make sure that Enable is selected (the
default).
Appendix C Pop-up Windows, JavaScripts and Java Permissions
IAD User’s Guide
280
6Click OK to close the window.
Figure 171 Security Settings - Java Scripting
Java Permissions
1From Internet Explorer, click Tools, Internet Options and then the Security
tab.
2Click the Custom Level... button.
3Scroll down to Microsoft VM.
4Under Java permissions make sure that a safety level is selected.
Appendix C Pop-up Windows, JavaScripts and Java Permissions
IAD User’s Guide 281
5Click OK to close the window.
Figure 172 Security Settings - Java
JAVA (Sun)
1From Internet Explorer, click Tools, Internet Options and then the Advanced
tab.
2Make sure that Use Java 2 for <applet> under Java (Sun) is selected.
Appendix C Pop-up Windows, JavaScripts and Java Permissions
IAD User’s Guide
282
3Click OK to close the window.
Figure 173 Java (Sun)
Mozilla Firefox
Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary.
You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then
click Options in the screen that appears.
Figure 174 Mozilla Firefox: Tools > Options
Appendix C Pop-up Windows, JavaScripts and Java Permissions
IAD User’s Guide 283
Click Content.to show the screen below. Select the check boxes as shown in the
following screen.
Figure 175 Mozilla Firefox Content Security
Appendix C Pop-up Windows, JavaScripts and Java Permissions
IAD User’s Guide
284
IAD User’s Guide 285
APPENDIX D
IP Addresses and Subnetting
This appendix introduces IP addresses and subnet masks.
IP addresses identify individual devices on a network. Every networking device
(including computers, servers, routers, printers, etc.) needs an IP address to
communicate across the network. These networking devices are also known as
hosts.
Subnet masks determine the maximum number of possible hosts on a network.
You can also use subnet masks to divide one network into multiple sub-networks.
Introduction to IP Addresses
One part of the IP address is the network number, and the other part is the host
ID. In the same way that houses on a street share a common street name, the
hosts on a network share a common network number. Similarly, as each house
has its own house number, each host on the network has its own unique
identifying number - the host ID. Routers use the network number to send packets
to the correct network, while the host ID determines to which host on the network
the packets are delivered.
Structure
An IP address is made up of four parts, written in dotted decimal notation (for
example, 192.168.1.1). Each of these four parts is known as an octet. An octet is
an eight-digit binary number (for example 11000000, which is 192 in decimal
notation).
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or
0 to 255 in decimal.
Appendix D IP Addresses and Subnetting
IAD User’s Guide
286
The following figure shows an example IP address in which the first three octets
(192.168.1) are the network number, and the fourth octet (16) is the host ID.
Figure 176 Network Number and Host ID
How much of the IP address is the network number and how much is the host ID
varies according to the subnet mask.
Subnet Masks
A subnet mask is used to determine which bits are part of the network number,
and which bits are part of the host ID (using a logical AND operation). The term
“subnet” is short for “sub-network.
A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the
corresponding bit in the IP address is part of the network number. If a bit in the
subnet mask is “0” then the corresponding bit in the IP address is part of the host
ID.
The following example shows a subnet mask identifying the network number (in
bold text) and host ID of an IP address (192.168.1.2 in decimal).
Table 81 IP Address Network Number and Host ID Example
1ST
OCTET:
(192)
2ND
OCTET:
(168)
3RD
OCTET:
(1)
4TH
OCTET
(2)
IP Address (Binary) 11000000 10101000 00000001 00000010
Subnet Mask (Binary) 11111111 11111111 11111111 00000000
Network Number 11000000 10101000 00000001
Host ID 00000010
Appendix D IP Addresses and Subnetting
IAD User’s Guide 287
By convention, subnet masks always consist of a continuous sequence of ones
beginning from the leftmost bit of the mask, followed by a continuous sequence of
zeros, for a total number of 32 bits.
Subnet masks can be referred to by the size of the network number part (the bits
with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the
mask are ones and the remaining 24 bits are zeroes.
Subnet masks are expressed in dotted decimal notation just like IP addresses. The
following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit
and 29-bit subnet masks.
Network Size
The size of the network number determines the maximum number of possible
hosts you can have on your network. The larger the number of network number
bits, the smaller the number of remaining host ID bits.
An IP address with host IDs of all zeros is the IP address of the network
(192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host
IDs of all ones is the broadcast address for that network (192.168.1.255 with a
24-bit subnet mask, for example).
As these two IP addresses cannot be used for individual hosts, calculate the
maximum number of possible hosts in a network as follows:
Table 82 Subnet Masks
BINARY
DECIMAL
1ST
OCTET 2ND
OCTET 3RD
OCTET 4TH
OCTET
8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0
16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0
24-bit mask 11111111 11111111 11111111 00000000 255.255.255.0
29-bit mask 11111111 11111111 11111111 11111000 255.255.255.248
Table 83 Maximum Host Numbers
SUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF
HOSTS
8 bits 255.0.0.0 24 bits 224 – 2 16777214
16 bits 255.255.0.0 16 bits 216 – 2 65534
24 bits 255.255.255.0 8 bits 28 – 2 254
29 bits 255.255.255.248 3 bits 23 – 2 6
Appendix D IP Addresses and Subnetting
IAD User’s Guide
288
Notation
Since the mask is always a continuous number of ones beginning from the left,
followed by a continuous number of zeros for the remainder of the 32 bit mask,
you can simply specify the number of ones instead of writing the value of each
octet. This is usually specified by writing a “/” followed by the number of bits in
the mask after the address.
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask
255.255.255.128.
The following table shows some possible subnet masks using both notations.
Subnetting
You can use subnetting to divide one network into multiple sub-networks. In the
following example a network administrator creates two sub-networks to isolate a
group of servers from the rest of the company network for security reasons.
In this example, the company network address is 192.168.1.0. The first three
octets of the address (192.168.1) are the network number, and the remaining
octet is the host ID, allowing a maximum of 28 – 2 or 254 possible hosts.
Table 84 Alternative Subnet Mask Notation
SUBNET MASK ALTERNATIVE
NOTATION LAST OCTET
(BINARY) LAST OCTET
(DECIMAL)
255.255.255.0 /24 0000 0000 0
255.255.255.128 /25 1000 0000 128
255.255.255.192 /26 1100 0000 192
255.255.255.224 /27 1110 0000 224
255.255.255.240 /28 1111 0000 240
255.255.255.248 /29 1111 1000 248
255.255.255.252 /30 1111 1100 252
Appendix D IP Addresses and Subnetting
IAD User’s Guide 289
The following figure shows the company network before subnetting.
Figure 177 Subnetting Example: Before Subnetting
You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into
two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or
/25).
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two
subnets; 192.168.1.0 /25 and 192.168.1.128 /25.
The following figure shows the company network after subnetting. There are now
two sub-networks, A and B.
Figure 178 Subnetting Example: After Subnetting
Appendix D IP Addresses and Subnetting
IAD User’s Guide
290
In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of
27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself,
all ones is the subnet’s broadcast address).
192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127
with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP
address that can be assigned to an actual host for subnet A is 192.168.1.1 and
the highest is 192.168.1.126.
Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.
Example: Four Subnets
The previous example illustrated using a 25-bit subnet mask to divide a 24-bit
address into two subnets. Similarly, to divide a 24-bit address into four subnets,
you need to “borrow” two host ID bits to give four possible combinations (00, 01,
10 and 11). The subnet mask is 26 bits
(11111111.11111111.11111111.11000000) or 255.255.255.192.
Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a
host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast
address).
Table 85 Subnet 1
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address (Decimal) 192.168.1. 0
IP Address (Binary) 11000000.10101000.00000001. 00000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.0 Lowest Host ID: 192.168.1.1
Broadcast Address:
192.168.1.63 Highest Host ID: 192.168.1.62
Table 86 Subnet 2
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 64
IP Address (Binary) 11000000.10101000.00000001. 01000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.64 Lowest Host ID: 192.168.1.65
Broadcast Address:
192.168.1.127 Highest Host ID: 192.168.1.126
Appendix D IP Addresses and Subnetting
IAD User’s Guide 291
Example: Eight Subnets
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100,
101, 110 and 111).
The following table shows IP address last octet values for each subnet.
Table 87 Subnet 3
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 128
IP Address (Binary) 11000000.10101000.00000001. 10000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:
192.168.1.128 Lowest Host ID: 192.168.1.129
Broadcast Address:
192.168.1.191 Highest Host ID: 192.168.1.190
Table 88 Subnet 4
IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT
VALUE
IP Address 192.168.1. 192
IP Address (Binary) 11000000.10101000.00000001
. 11000000
Subnet Mask (Binary) 11111111.11111111.11111111
. 11000000
Subnet Address:
192.168.1.192 Lowest Host ID: 192.168.1.193
Broadcast Address:
192.168.1.255 Highest Host ID: 192.168.1.254
Table 89 Eight Subnets
SUBNET SUBNET
ADDRESS FIRST ADDRESS LAST
ADDRESS BROADCAST
ADDRESS
1 0 1 30 31
232 33 62 63
364 65 94 95
496 97 126 127
5128 129 158 159
6160 161 190 191
7192 193 222 223
8224 225 254 255
Appendix D IP Addresses and Subnetting
IAD User’s Guide
292
Subnet Planning
The following table is a summary for subnet planning on a network with a 24-bit
network number.
The following table is a summary for subnet planning on a network with a 16-bit
network number.
Configuring IP Addresses
Where you obtain your network number depends on your particular situation. If
the ISP or your network administrator assigns you a block of registered IP
Table 90 24-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER
SUBNET
1255.255.255.128 (/25) 2126
2255.255.255.192 (/26) 462
3255.255.255.224 (/27) 830
4255.255.255.240 (/28) 16 14
5255.255.255.248 (/29) 32 6
6255.255.255.252 (/30) 64 2
7255.255.255.254 (/31) 128 1
Table 91 16-bit Network Number Subnet Planning
NO. “BORROWED”
HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER
SUBNET
1255.255.128.0 (/17) 232766
2255.255.192.0 (/18) 416382
3255.255.224.0 (/19) 88190
4255.255.240.0 (/20) 16 4094
5255.255.248.0 (/21) 32 2046
6255.255.252.0 (/22) 64 1022
7255.255.254.0 (/23) 128 510
8255.255.255.0 (/24) 256 254
9255.255.255.128 (/25) 512 126
10 255.255.255.192 (/26) 1024 62
11 255.255.255.224 (/27) 2048 30
12 255.255.255.240 (/28) 4096 14
13 255.255.255.248 (/29) 8192 6
14 255.255.255.252 (/30) 16384 2
15 255.255.255.254 (/31) 32768 1
Appendix D IP Addresses and Subnetting
IAD User’s Guide 293
addresses, follow their instructions in selecting the IP addresses and the subnet
mask.
If the ISP did not explicitly give you an IP network number, then most likely you
have a single user account and the ISP will assign you a dynamic IP address when
the connection is established. If this is the case, it is recommended that you select
a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned
Number Authority (IANA) reserved this block of addresses specifically for private
use; please do not use any other number unless you are told otherwise. You must
also enable Network Address Translation (NAT) on the IAD.
Once you have decided on the network number, pick an IP address for your IAD
that is easy to remember (for instance, 192.168.1.1) but make sure that no other
device on your network is using that IP address.
The subnet mask specifies the network number portion of an IP address. Your IAD
will compute the subnet mask automatically based on the IP address that you
entered. You don't need to change the subnet mask computed by the IAD unless
you are instructed to do otherwise.
Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are
isolated from the Internet (running only between two branch offices, for example)
you can assign any IP addresses to the hosts without problems. However, the
Internet Assigned Numbers Authority (IANA) has reserved the following three
blocks of IP addresses specifically for private networks:
10.0.0.0 — 10.255.255.255
172.16.0.0 — 172.31.255.255
192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP, or it can be assigned
from a private network. If you belong to a small organization and your Internet
access is through an ISP, the ISP can provide you with the Internet addresses for
your local networks. On the other hand, if you are part of a much larger
organization, you should consult your network administrator for the appropriate IP
addresses.
Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address assignment,
please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466,
Guidelines for Management of IP Address Space.
Appendix D IP Addresses and Subnetting
IAD User’s Guide
294
IP Address Conflicts
Each device on a network must have a unique IP address. Devices with duplicate
IP addresses on the same network will not be able to access the Internet or other
resources. The devices may also be unreachable through the network.
Conflicting Computer IP Addresses Example
More than one device can not use the same IP address. In the following example
computer A has a static (or fixed) IP address that is the same as the IP address
that a DHCP server assigns to computer B which is a DHCP client. Neither can
access the Internet. This problem can be solved by assigning a different static IP
address to computer A or setting computer A to obtain an IP address
automatically.
Figure 179 Conflicting Computer IP Addresses Example
Conflicting Router IP Addresses Example
Since a router connects different networks, it must have interfaces using different
network numbers. For example, if a router is set between a LAN and the Internet
(WAN), the router’s LAN and WAN addresses must be on different subnets. In the
Appendix D IP Addresses and Subnetting
IAD User’s Guide 295
following example, the LAN and WAN are on the same subnet. The LAN computers
cannot access the Internet because the router cannot route between networks.
Figure 180 Conflicting Router IP Addresses Example
Conflicting Computer and Router IP Addresses Example
More than one device can not use the same IP address. In the following example,
the computer and the router’s LAN port both use 192.168.1.1 as the IP address.
The computer cannot access the Internet. This problem can be solved by
assigning a different IP address to the computer or the routers LAN port.
Figure 181 Conflicting Computer and Router IP Addresses Example
Appendix D IP Addresses and Subnetting
IAD User’s Guide
296
IAD User’s Guide 297
APPENDIX E
Wireless LANs
Note: Your specific IAD may not support all of the wireless security types described in
this appendix. See the product specifications for more information about which
wireless security types are supported.
Wireless LAN Topologies
This section discusses ad-hoc and infrastructure wireless LAN topologies.
Ad-hoc Wireless LAN Configuration
The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects
a set of computers with wireless adapters (A, B, C). Any time two or more wireless
adapters are within range of each other, they can set up an independent network,
which is commonly referred to as an ad-hoc network or Independent Basic Service
Set (IBSS). The following diagram shows an example of notebook computers
using wireless adapters to form an ad-hoc wireless LAN.
Figure 182 Peer-to-Peer Communication in an Ad-hoc Network
BSS
A Basic Service Set (BSS) exists when all communications between wireless
clients or between a wireless client and a wired network client go through one
access point (AP).
Appendix E Wireless LANs
IAD User’s Guide
298
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is
enabled, wireless client A and B can access the wired network and communicate
with each other. When Intra-BSS is disabled, wireless client A and B can still
access the wired network but cannot communicate with each other.
Figure 183 Basic Service Set
ESS
An Extended Service Set (ESS) consists of a series of overlapping BSSs, each
containing an access point, with each access point connected together by a wired
network. This wired connection between APs is called a Distribution System (DS).
This type of wireless LAN topology is called an Infrastructure WLAN. The Access
Points not only provide communication with the wired network but also mediate
wireless network traffic in the immediate neighborhood.
Appendix E Wireless LANs
IAD User’s Guide 299
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and
their associated wireless clients within the same ESS must have the same ESSID
in order to communicate.
Figure 184 Infrastructure WLAN
Channel
A channel is the radio frequency(ies) used by wireless devices to transmit and
receive data. Channels available depend on your geographical area. You may have
a choice of channels (for your region) so you should use a channel different from
an adjacent AP (access point) to reduce interference. Interference occurs when
radio signals from different access points overlap causing interference and
degrading performance.
Adjacent channels partially overlap however. To avoid interference due to overlap,
your AP should be on a channel at least five channels away from a channel that an
adjacent AP is using. For example, if your region has 11 channels and an adjacent
AP is using channel 1, then you need to select a channel between 6 or 11.
RTS/CTS
A hidden node occurs when two stations are within range of the same access
point, but are not within range of each other. The following figure illustrates a
Appendix E Wireless LANs
IAD User’s Guide
300
hidden node. Both stations (STA) are within range of the access point (AP) or
wireless gateway, but out-of-range of each other, so they cannot "hear" each
other, that is they do not know if the channel is currently being used. Therefore,
they are considered hidden from each other.
Figure 185 RTS/CTS
When station A sends data to the AP, it might not know that the station B is
already using the channel. If these two stations send data at the same time,
collisions may occur when both sets of data arrive at the AP at the same time,
resulting in a loss of messages for both stations.
RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS
defines the biggest size data frame you can send before an RTS (Request To
Send)/CTS (Clear to Send) handshake is invoked.
When a data frame exceeds the RTS/CTS value you set (between 0 to 2432
bytes), the station that wants to transmit this frame must first send an RTS
(Request To Send) message to the AP for permission to send it. The AP then
responds with a CTS (Clear to Send) message to all other stations within its range
to notify them to defer their transmission. It also reserves and confirms with the
requesting station the time frame for the requested transmission.
Stations can send frames smaller than the specified RTS/CTS directly to the AP
without the RTS (Request To Send)/CTS (Clear to Send) handshake.
You should only configure RTS/CTS if the possibility of hidden nodes exists on
your network and the "cost" of resending large frames is more than the extra
network overhead involved in the RTS (Request To Send)/CTS (Clear to Send)
handshake.
If the RTS/CTS value is greater than the Fragmentation Threshold value (see
next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never
occur as data frames will be fragmented before they reach RTS/CTS size.
Note: Enabling the RTS Threshold causes redundant network overhead that could
negatively affect the throughput performance instead of providing a remedy.
Appendix E Wireless LANs
IAD User’s Guide 301
Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size (between 256
and 2432 bytes) that can be sent in the wireless network before the AP will
fragment the packet into smaller data frames.
A large Fragmentation Threshold is recommended for networks not prone to
interference while you should set a smaller threshold for busy networks or
networks that are prone to interference.
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see
previously) you set then the RTS (Request To Send)/CTS (Clear to Send)
handshake will never occur as data frames will be fragmented before they reach
RTS/CTS size.
Preamble Type
Preamble is used to signal that data is coming to the receiver. Short and long refer
to the length of the synchronization field in a packet.
Short preamble increases performance as less time sending preamble means
more time for sending data. All IEEE 802.11 compliant wireless adapters support
long preamble, but not all support short preamble.
Use long preamble if you are unsure what preamble mode other wireless devices
on the network support, and to provide more reliable communications in busy
wireless networks.
Use short preamble if you are sure all wireless devices on the network support it,
and to provide more efficient communications.
Use the dynamic setting to automatically use short preamble when all wireless
devices on the network support it, otherwise the IAD uses long preamble.
Note: The wireless devices MUST use the same preamble mode in order to
communicate.
IEEE 802.11g Wireless LAN
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an
IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point
(and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has
Appendix E Wireless LANs
IAD User’s Guide
302
several intermediate rate steps between the maximum and minimum data rates.
The IEEE 802.11g data rate and modulation are as follows:
Wireless Security Overview
Wireless security is vital to your network to protect wireless communication
between wireless clients, access points and the wired network.
Wireless security methods available on the IAD are data encryption, wireless client
authentication, restricting access by device MAC address and hiding the IAD
identity.
The following figure shows the relative effectiveness of these wireless security
methods available on your IAD.
Note: You must enable the same wireless security settings on the IAD and on all
wireless clients that you want to associate with it.
IEEE 802.1x
In June 2001, the IEEE 802.1x standard was designed to extend the features of
IEEE 802.11 to support extended authentication as well as providing additional
Table 92 IEEE 802.11g
DATA RATE
(MBPS) MODULATION
1 DBPSK (Differential Binary Phase Shift Keyed)
2 DQPSK (Differential Quadrature Phase Shift Keying)
5.5 / 11 CCK (Complementary Code Keying)
6/9/12/18/24/36/
48/54 OFDM (Orthogonal Frequency Division Multiplexing)
Table 93 Wireless Security Levels
SECURITY
LEVEL SECURITY TYPE
Least
Secure
Most Secure
Unique SSID (Default)
Unique SSID with Hide SSID Enabled
MAC Address Filtering
WEP Encryption
IEEE802.1x EAP with RADIUS Server
Authentication
Wi-Fi Protected Access (WPA)
WPA2
Appendix E Wireless LANs
IAD User’s Guide 303
accounting and control features. It is supported by Windows XP and a number of
network devices. Some advantages of IEEE 802.1x are:
User based identification that allows for roaming.
Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138,
2139) for centralized user profile and accounting management on a network
RADIUS server.
Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows
additional authentication methods to be deployed with no changes to the access
point or the wireless clients.
RADIUS
RADIUS is based on a client-server model that supports authentication,
authorization and accounting. The access point is the client and the server is the
RADIUS server. The RADIUS server handles the following tasks:
Authentication
Determines the identity of the users.
• Authorization
Determines the network services available to authenticated users once they are
connected to the network.
•Accounting
Keeps track of the client’s network activity.
RADIUS is a simple package exchange in which your AP acts as a message relay
between the wireless client and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point
and the RADIUS server for user authentication:
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access.
The access point sends a proper response from the user and then sends another
Access-Request message.
Appendix E Wireless LANs
IAD User’s Guide
304
The following types of RADIUS messages are exchanged between the access point
and the RADIUS server for user accounting:
•Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a
shared secret key, which is a password, they both know. The key is not sent over
the network. In addition to the shared key, password information exchanged is
also encrypted to protect the network from unauthorized access.
Types of EAP Authentication
This section discusses some popular authentication types: EAP-MD5, EAP-TLS,
EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all
authentication types.
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on
top of the IEEE 802.1x transport mechanism in order to support multiple types of
user authentication. By using EAP to interact with an EAP-compatible RADIUS
server, an access point helps a wireless station and a RADIUS server perform
authentication.
The type of authentication you use depends on the RADIUS server and an
intermediary AP(s) that supports IEEE 802.1x. .
For EAP-TLS authentication type, you must first have a wired connection to the
network and obtain the certificate(s) from a certificate authority (CA). A certificate
(also called digital IDs) can be used to authenticate users and a CA issues
certificates and guarantees the identity of each certificate owner.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The
authentication server sends a challenge to the wireless client. The wireless client
‘proves’ that it knows the password by encrypting the password with the challenge
and sends back the information. Password is not sent in plain text.
However, MD5 authentication has some weaknesses. Since the authentication
server needs to get the plaintext passwords, the passwords must be stored. Thus
someone other than the authentication server may access the password file. In
addition, it is possible to impersonate an authentication server as MD5
authentication method does not perform mutual authentication. Finally, MD5
Appendix E Wireless LANs
IAD User’s Guide 305
authentication method does not support data encryption with dynamic session
key. You must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless
clients for mutual authentication. The server presents a certificate to the client.
After validating the identity of the server, the client sends a different certificate to
the server. The exchange of certificates is done in the open before a secured
tunnel is created. This makes user identity vulnerable to passive attacks. A digital
certificate is an electronic ID card that authenticates the sender’s identity.
However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle
certificates, which imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for
only the server-side authentications to establish a secure connection. Client
authentication is then done by sending username and password through the
secure connection, thus client identity is protected. For client authentication, EAP-
TTLS supports EAP methods and legacy authentication methods such as PAP,
CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure
connection, then use simple username and password methods through the
secured connection to authenticate the clients, thus hiding client identity.
However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2
and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is
implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of
IEEE 802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key
expires when the wireless connection times out, disconnects or reauthentication
times out. A new WEP key is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key
in the wireless security configuration screen. You may still configure and store
keys, but they will not be used while dynamic WEP is enabled.
Appendix E Wireless LANs
IAD User’s Guide
306
Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and
PEAP) use dynamic keys for data encryption. They are often deployed in corporate
environments, but for public deployment, a simple user name and password pair
is more practical. The following table is a comparison of the features of
authentication types.
WPA and WPA2
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2
(IEEE 802.11i) is a wireless security standard that defines stronger encryption,
authentication and key management than WPA.
Key differences between WPA or WPA2 and WEP are improved data encryption and
user authentication.
If both an AP and the wireless clients support WPA2 and you have an external
RADIUS server, use WPA2 for stronger data encryption. If you don't have an
external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that
only requires a single (identical) password entered into each access point, wireless
gateway and wireless client. As long as the passwords match, a wireless client will
be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK
depending on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2.
WEP is less secure than WPA or WPA2.
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP),
Message Integrity Check (MIC) and IEEE 802.1x. WPA2 also uses TKIP when
Table 94 Comparison of EAP Authentication Types
EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP
Mutual Authentication No Yes Yes Yes Yes
Certificate – Client No Yes Optional Optional No
Certificate – Server No Yes Yes Yes No
Dynamic Key Exchange No Yes Yes Yes Yes
Credential Integrity None Strong Strong Strong Moderate
Deployment Difficulty Easy Hard Moderate Moderate Moderate
Client Identity
Protection No No Yes Yes No
Appendix E Wireless LANs
IAD User’s Guide 307
required for compatibility reasons, but offers stronger encryption than TKIP with
Advanced Encryption Standard (AES) in the Counter mode with Cipher block
chaining Message authentication code Protocol (CCMP).
TKIP uses 128-bit keys that are dynamically generated and distributed by the
authentication server. AES (Advanced Encryption Standard) is a block cipher that
uses a 256-bit mathematical algorithm called Rijndael. They both include a per-
packet key mixing function, a Message Integrity Check (MIC) named Michael, an
extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same
encryption key is never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that
then sets up a key hierarchy and management system, using the PMK to
dynamically generate unique data encryption keys to encrypt every data packet
that is wirelessly communicated between the AP and the wireless clients. This all
happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from
capturing data packets, altering them and resending them. The MIC provides a
strong mathematical function in which the receiver and the transmitter each
compute and then compare the MIC. If they do not match, it is assumed that the
data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating
an integrity checking mechanism (MIC), with TKIP and AES it is more difficult to
decrypt data on a Wi-Fi network than WEP and difficult for an intruder to break
into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The
only difference between the two is that WPA(2)-PSK uses a simple common
password, instead of user-specific credentials. The common-password approach
makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s
still an improvement over WEP as it employs a consistent, single, alphanumeric
password to derive a PMK which is used to generate unique temporal encryption
keys. This prevent all wireless devices sharing the same encryption keys. (a
weakness of WEP)
User Authentication
WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to
authenticate wireless clients using an external RADIUS database. WPA2 reduces
the number of key exchange messages from six to four (CCMP 4-way handshake)
and shortens the time required to connect to a network. Other WPA2
authentication features that are different from WPA include key caching and pre-
Appendix E Wireless LANs
IAD User’s Guide
308
authentication. These two features are optional and may not be supported in all
wireless devices.
Key caching allows a wireless client to store the PMK it derived through a
successful authentication with an AP. The wireless client uses the PMK when it tries
to connect to the same AP and does not need to go with the authentication
process again.
Pre-authentication enables fast roaming by allowing the wireless client (already
connecting to an AP) to perform IEEE 802.1x authentication with another AP
before connecting to it.
Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system
instructing the wireless client how to use WPA. At the time of writing, the most
widely available supplicant is the WPA patch for Windows XP, Funk Software's
Odyssey client.
The Windows XP patch is a free download that adds WPA capability to Windows
XP's built-in "Zero Configuration" wireless client. However, you must run Windows
XP to use it.
WPA(2) with RADIUS Application Example
To set up WPA(2), you need the IP address of the RADIUS server, its port number
(default is 1812), and the RADIUS shared secret. A WPA(2) application example
with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is
the distribution system.
1The AP passes the wireless client's authentication request to the RADIUS server.
2The RADIUS server then checks the user's identification against its database and
grants or denies network access accordingly.
3A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by
the RADIUS server and the client.
Appendix E Wireless LANs
IAD User’s Guide 309
4The RADIUS server distributes the PMK to the AP. The AP then sets up a key
hierarchy and management system, using the PMK to dynamically generate
unique data encryption keys. The keys are used to encrypt every data packet that
is wirelessly communicated between the AP and the wireless clients.
Figure 186 WPA(2) with RADIUS Application Example
WPA(2)-PSK Application Example
A WPA(2)-PSK application looks as follows.
1First enter identical passwords into the AP and all wireless clients. The Pre-Shared
Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal
characters (including spaces and symbols).
2The AP checks each wireless client's password and allows it to join the network
only if the password matches.
3The AP and wireless clients generate a common PMK (Pairwise Master Key). The
key itself is not sent over the network, but is derived from the PSK and the SSID.
Appendix E Wireless LANs
IAD User’s Guide
310
4The AP and wireless clients use the TKIP or AES encryption process, the PMK and
information exchanged in a handshake to create temporal encryption keys. They
use these keys to encrypt data exchanged between them.
Figure 187 WPA(2)-PSK Authentication
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for
each authentication method or key management protocol type. MAC address
filters are not dependent on how you configure these security features.
Table 95 Wireless Security Relational Matrix
AUTHENTICATION
METHOD/ KEY
MANAGEMENT
PROTOCOL
ENCRYPTIO
N METHOD ENTER
MANUAL KEY IEEE 802.1X
Open None No Disable
Enable without Dynamic WEP
Key
Open WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP
Key
Yes Disable
Shared WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP
Key
Yes Disable
WPA TKIP/AES No Enable
WPA-PSK TKIP/AES Yes Disable
WPA2 TKIP/AES No Enable
WPA2-PSK TKIP/AES Yes Disable
Appendix E Wireless LANs
IAD User’s Guide 311
Antenna Overview
An antenna couples RF signals onto air. A transmitter within a wireless device
sends an RF signal to the antenna, which propagates the signal through the air.
The antenna also operates in reverse by capturing RF signals from the air.
Positioning the antennas properly increases the range and coverage area of a
wireless LAN.
Antenna Characteristics
Frequency
An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz
(IEEE 802.11a) is needed to communicate efficiently in a wireless LAN
Radiation Pattern
A radiation pattern is a diagram that allows you to visualize the shape of the
antenna’s coverage area.
Antenna Gain
Antenna gain, measured in dB (decibel), is the increase in coverage within the RF
beam width. Higher antenna gain improves the range of the signal for better
communications.
For an indoor site, each 1 dB increase in antenna gain results in a range increase
of approximately 2.5%. For an unobstructed outdoor site, each 1dB increase in
gain results in a range increase of approximately 5%. Actual results may vary
depending on the network environment.
Antenna gain is sometimes specified in dBi, which is how much the antenna
increases the signal power compared to using an isotropic antenna. An isotropic
antenna is a theoretical perfect antenna that sends out radio signals equally well
in all directions. dBi represents the true gain that the antenna provides.
Types of Antennas for WLAN
There are two types of antennas used for wireless LAN applications.
Appendix E Wireless LANs
IAD User’s Guide
312
Omni-directional antennas send the RF signal out in all directions on a horizontal
plane. The coverage area is torus-shaped (like a donut) which makes these
antennas ideal for a room environment. With a wide coverage area, it is possible
to make circular overlapping coverage areas with multiple access points.
Directional antennas concentrate the RF signal in a beam, like a flashlight does
with the light from its bulb. The angle of the beam determines the width of the
coverage pattern. Angles typically range from 20 degrees (very directional) to
120 degrees (less directional). Directional antennas are ideal for hallways and
outdoor point-to-point applications.
Positioning Antennas
In general, antennas should be mounted as high as practically possible and free of
obstructions. In point-to–point application, position both antennas at the same
height and in a direct line of sight to each other to attain the best performance.
For omni-directional antennas mounted on a table, desk, and so on, point the
antenna up. For omni-directional antennas mounted on a wall or ceiling, point the
antenna down. For a single AP application, place omni-directional antennas as
close to the center of the coverage area as possible.
For directional antennas, point the antenna in the direction of the desired
coverage area.
IAD User’s Guide 313
APPENDIX F
Common Services
The following table lists some commonly-used services and their associated
protocols and port numbers. For a comprehensive list of port numbers, ICMP type/
code numbers and services, visit the IANA (Internet Assigned Number Authority)
web site.
Name: This is a short, descriptive name for the service. You can use this one or
create a different one, if you like.
Protocol: This is the type of IP protocol used by the service. If this is TCP/
UDP, then the service uses the same port number with TCP and UDP. If this is
USER-DEFINED, the Port(s) is the IP protocol number, not the port number.
Port(s): This value depends on the Protocol. Please refer to RFC 1700 for
further information about port numbers.
•If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.
•If the Protocol is USER, this is the IP protocol number.
Description: This is a brief explanation of the applications that use this service
or the situations in which this service is used.
Table 96 Commonly Used Services
NAME PROTOCOL PORT(S) DESCRIPTION
AH
(IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication
Header) tunneling protocol uses this
service.
AIM/New-ICQ TCP 5190 AOLs Internet Messenger service. It
is also used as a listening port by
ICQ.
AUTH TCP 113 Authentication protocol used by some
servers.
BGP TCP 179 Border Gateway Protocol.
BOOTP_CLIENT UDP 68 DHCP Client.
BOOTP_SERVER UDP 67 DHCP Server.
CU-SEEME TCP
UDP
7648
24032
A popular videoconferencing solution
from White Pines Software.
DNS TCP/UDP 53 Domain Name Server, a service that
matches web names (for example
www.zyxel.com) to IP numbers.
Appendix F Common Services
IAD User’s Guide
314
ESP
(IPSEC_TUNNEL) User-Defined 50 The IPSEC ESP (Encapsulation
Security Protocol) tunneling protocol
uses this service.
FINGER TCP 79 Finger is a UNIX or Internet related
command that can be used to find out
if a user is logged on.
FTP TCP
TCP
20
21
File Transfer Program, a program to
enable fast transfer of files, including
large files that may not be possible by
e-mail.
H.323 TCP 1720 NetMeeting uses this protocol.
HTTP TCP 80 Hyper Text Transfer Protocol - a
client/server protocol for the world
wide web.
HTTPS TCP 443 HTTPS is a secured http session often
used in e-commerce.
ICMP User-Defined 1Internet Control Message Protocol is
often used for diagnostic or routing
purposes.
ICQ UDP 4000 This is a popular Internet chat
program.
IGMP
(MULTICAST) User-Defined 2Internet Group Management Protocol
is used when sending packets to a
specific group of hosts.
IKE UDP 500 The Internet Key Exchange algorithm
is used for key distribution and
management.
IRC TCP/UDP 6667 This is another popular Internet chat
program.
MSN Messenger TCP 1863 Microsoft Networks’ messenger
service uses this protocol.
NEW-ICQ TCP 5190 An Internet chat program.
NEWS TCP 144 A protocol for news groups.
NFS UDP 2049 Network File System - NFS is a client/
server distributed file service that
provides transparent file sharing for
network environments.
NNTP TCP 119 Network News Transport Protocol is
the delivery mechanism for the
USENET newsgroup service.
PING User-Defined 1Packet INternet Groper is a protocol
that sends out ICMP echo requests to
test whether or not a remote host is
reachable.
POP3 TCP 110 Post Office Protocol version 3 lets a
client computer get e-mail from a
POP3 server through a temporary
connection (TCP/IP or other).
Table 96 Commonly Used Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
Appendix F Common Services
IAD User’s Guide 315
PPTP TCP 1723 Point-to-Point Tunneling Protocol
enables secure transfer of data over
public networks. This is the control
channel.
PPTP_TUNNEL
(GRE) User-Defined 47 PPTP (Point-to-Point Tunneling
Protocol) enables secure transfer of
data over public networks. This is the
data channel.
RCMD TCP 512 Remote Command Service.
REAL_AUDIO TCP 7070 A streaming audio service that
enables real time sound over the web.
REXEC TCP 514 Remote Execution Daemon.
RLOGIN TCP 513 Remote Login.
RTELNET TCP 107 Remote Telnet.
RTSP TCP/UDP 554 The Real Time Streaming (media
control) Protocol (RTSP) is a remote
control for multimedia on the
Internet.
SFTP TCP 115 Simple File Transfer Protocol.
SMTP TCP 25 Simple Mail Transfer Protocol is the
message-exchange standard for the
Internet. SMTP enables you to move
messages from one e-mail server to
another.
SNMP TCP/UDP 161 Simple Network Management
Program.
SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP
(RFC:1215).
SQL-NET TCP 1521 Structured Query Language is an
interface to access data on many
different types of database systems,
including mainframes, midrange
systems, UNIX systems and network
servers.
SSH TCP/UDP 22 Secure Shell Remote Login Program.
STRM WORKS UDP 1558 Stream Works Protocol.
SYSLOG UDP 514 Syslog allows you to send system logs
to a UNIX server.
TACACS UDP 49 Login Host Protocol used for (Terminal
Access Controller Access Control
System).
TELNET TCP 23 Telnet is the login and terminal
emulation protocol common on the
Internet and in UNIX environments. It
operates over TCP/IP networks. Its
primary function is to allow users to
log into remote host systems.
Table 96 Commonly Used Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
Appendix F Common Services
IAD User’s Guide
316
TFTP UDP 69 Trivial File Transfer Protocol is an
Internet file transfer protocol similar
to FTP, but uses the UDP (User
Datagram Protocol) rather than TCP
(Transmission Control Protocol).
VDOLIVE TCP 7000 Another videoconferencing solution.
Table 96 Commonly Used Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
IAD User’s Guide 317
APPENDIX G
Legal Information
Copyright
Copyright © 2009 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole,
transcribed, stored in a retrieval system, translated into any language, or
transmitted in any form or by any means, electronic, mechanical, magnetic,
optical, chemical, photocopying, manual, or otherwise, without the prior written
permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimers
ZyXEL does not assume any liability arising out of the application or use of any
products, or software described herein. Neither does it convey any license under
its patent rights nor the patent rights of others. ZyXEL further reserves the right
to make changes in any products described herein without notice. This publication
is subject to change without notice.
Your use of the IAD is subject to the terms and conditions of any related service
providers.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Certifications
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the
following two conditions:
Appendix G Legal Information
IAD User’s Guide
318
This device may not cause harmful interference.
This device must accept any interference received, including interference that
may cause undesired operations.
This device has been tested and found to comply with the limits for a Class B
digital device pursuant to Part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a residential
installation. This device generates, uses, and can radiate radio frequency energy,
and if not installed and used in accordance with the instructions, may cause
harmful interference to radio communications. However, there is no guarantee
that interference will not occur in a particular installation.
If this device does cause harmful interference to radio/television reception, which
can be determined by turning the device off and on, the user is encouraged to try
to correct the interference by one or more of the following measures:
1Reorient or relocate the receiving antenna.
2Increase the separation between the equipment and the receiver.
3Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.
4Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement
This transmitter must not be co-located or operating in conjunction with any
other antenna or transmitter.
For operation within 5.15 ~ 5.25GHz frequency range, it is restricted to indoor
environment.
IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-
limited to channels 1 through 11.
To comply with FCC RF exposure compliance requirements, a separation
distance of at least 20 cm must be maintained between the antenna of this
device and all persons.
注意 !
依據 低功率電波輻射性電機管理辦法
第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用
者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。
Appendix G Legal Information
IAD User’s Guide 319
第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現
有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。
前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍
受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
在 5250MHz~5350MHz 頻帶內操作之無線資訊傳輸設備,限於室內使用
本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。
減少電磁波影響,請妥適使用。
Notices
Changes or modifications not expressly approved by the party responsible for
compliance could void the user's authority to operate the equipment.
This device has been designed for the WLAN 2.4 GHz and 5 GHz networks
throughout the EC region and Switzerland, with restrictions in France.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du
Canada.
CLASS 1 LASER PRODUCT
APPAREIL A LASER DE CLASS 1
PRODUCT COMPLIES WITH 21 CFR 1040.10 AND 1040.11.
PRODUIT CONFORME SELON 21 CFR 1040.10 ET 1040.11.
Viewing Certifications
1Go to http://www.zyxel.com.
2Select your product on the ZyXEL home page to go to that product's page.
3Select the certification you wish to view from this page.
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from
any defects in material or workmanship for a specific period (the Warranty Period)
from the date of purchase. The Warranty Period varies by region. Check with your
vendor and/or the authorized ZyXEL local distributor for details about the
Warranty Period of this product. During the warranty period, and upon proof of
purchase, should the product have indications of failure due to faulty workmanship
Appendix G Legal Information
IAD User’s Guide
320
and/or materials, ZyXEL will, at its discretion, repair or replace the defective
products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper
operating condition. Any replacement will consist of a new or re-manufactured
functionally equivalent product of equal or higher value, and will be solely at the
discretion of ZyXEL. This warranty shall not apply if the product has been
modified, misused, tampered with, damaged by an act of God, or subjected to
abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of
the purchaser. This warranty is in lieu of all other warranties, express or implied,
including any implied warranty of merchantability or fitness for a particular use or
purpose. ZyXEL shall in no event be held liable for indirect or consequential
damages of any kind to the purchaser.
To obtain the services of this warranty, contact your vendor. You may also refer to
the warranty policy for the region in which you bought the device at http://
www.zyxel.com/web/support_warranty_info.php.
Registration
Register your product online to receive e-mail notices of firmware upgrades and
information at www.zyxel.com.
Index
IAD User’s Guide 321
Index
A
Advanced Encryption Standard
See AES.
AES 307
ALG 111
alternative subnet mask notation 288
antenna
directional 312
gain 311
omni-directional 312
AP (access point) 299
Application Layer Gateway 111
applications
Internet access 22
attack alert 152
auto dial 232
auto firmware upgrade 130
auto provisioning 130
auto-provisioning 130
B
backup 221
bandwidth management 163
Basic Service Set, See BSS 297
blinking LEDs 26
BSS 297
C
CA 305
call forwarding 233
call hold 132, 134
call park and pickup 232
call return 232
call service mode 131, 133
call transfer 133, 134
call waiting 132, 134, 233
caller ID 233
Certificate Authority
See CA.
certifications 317
notices 319
viewing 319
channel 299
interference 299
channel ID 73
codecs 234
comfort noise generation 233
configuration 59
Configure QoS 163
copyright 317
CoS 177
CoS technologies 164
country code 232
CTS (Clear to Send) 300
custom ports
creating/editing 150
customized services 149
D
default 222
default LAN IP address 29
Denial of Service. See DoS.
DHCP 59, 60, 65, 179
DHCP client 65
DHCP client list 65
diagnostic 223
DiffServ (Differentiated Services) 177
DiffServ marking rule 177
disclaimer 317
DnD 232
DNS 60, 191
Index
IAD User’s Guide
322
do not disturb 232
domain name system
see DNS
DoS 138, 153
DS field 177
DS See Differentiated Services
DSCP 177
DTMF detection and generation 234
dynamic DNS 179
Dynamic Host Configuration Protocol. See
DHCP.
dynamic jitter buffer 233
dynamic WEP key exchange 305
DYNDNS wildcard 179
E
EAP Authentication 304
echo cancellation 234
encapsulation 55
PPP over Ethernet 55
encryption 306
WEP 77
ESS 298
Europe type call service mode 131
Extended Service Set IDentification 74
Extended Service Set, See ESS 298
F
FCC interference statement 317
Firewall 154
firewall
address type 148
creating/editing rules 146
custom ports 149
DoS 153
Dos threshold 152
enabling 143
maximum incomplete high 153
maximum incomplete low 153
one minute high 153
one minute low 152
rule security considerations 154
stateful inspection 137
TCP maximum incomplete 153
three-way handshake 151
firmware
upload 220
upload error 220
firmware upgrade 130
flash key 131
flashing 131
fragmentation threshold 301
FTP 104, 187
G
G.168 234
G.711 234
G.726 234
G.729 234
general setup 211
H
hidden node 299
host 212
HTTP (Hypertext Transfer Protocol) 220
HTTP pincode 130
humidity 231
I
IANA 61, 293
IANA (Internet Assigned Number Authority) 149
IBSS 297
IEEE 802.11g 301
IGMP 62, 63
Independent Basic Service Set
See IBSS 297
initialization vector (IV) 307
install UPnP 199
Windows Me 199
Index
IAD User’s Guide 323
Windows XP 201
Internet access 22
Internet Assigned Numbers Authority
See IANA 293
IP address 61, 104, 105, 130
IP address assignment 56
IP pool 64
IP pool setup 60
J
jitter buffer 233
K
key combinations 135
keypad 135
L
LAN setup 55, 59
LAN TCP/IP 60
log out 30
log out (automatic) 30
logs 215
M
MAC address filter action 81
MAC filter 80, 81
Management Information Base (MIB) 189
managing the device
good habits 21
maximum incomplete high 153
maximum incomplete low 153
Message Integrity Check (MIC) 306
multicast 62
multimedia 117
multiple SIP accounts 233
multiple voice channels 233
N
NAT 61, 104, 105, 293
address mapping rule 110
application 114
definitions 112
how it works 113
mapping types 114
what it does 112
NAT (Network Address Translation) 101
NAT traversal 197
non-proxy calls 126
O
one minute high 153
one minute low 152
operation humidity 231
operation temperature 231
P
Pairwise Master Key (PMK) 307, 309
park 232
peer-to-peer calls 23, 126
PHB (Per-Hop Behavior) 177
phone book
speed dial 126
phone config 232
phone functions 135
pickup 232
pincode 130
point-to-point calls 234
ports 26
power adaptor 234
power specifications 231
PPPoE 55
benefits 55
PPPoE (Point-to-Point Protocol over Ethernet) 55
Index
IAD User’s Guide
324
preamble mode 301
product registration 320
PSK 307
Q
QoS 176
marking 164
tagging 164
versus CoS 164
QoS class configuration 166
Quality of Service (QoS) 163
quick dialing 234
Quick Start Guide 29
R
RADIUS 303
message types 303
messages 303
shared secret key 304
region 232
registration
product 320
related documentation 3
remote management
how SSH works 194
SSH 193
SSH implementation 195
Telnet 186
remote management and NAT 185
remote management limitations 184
REN 233
resetting your device 25
restore 221
RFC 1631 101
RFC 1889 234
RFC 1890 234
RFC 2131. See DHCP.
RFC 2132. See DHCP
RFC 2327 234
RFC 3261 234
Ringer Equivalence Number 233
RIP 62
direction 62
Routing Information Protocol
see RIP
version 62
router features 22
RTCP 234
RTP 234
RTS (Request To Send) 300
threshold 299, 300
S
safety warnings 7
SDP 234
server 115, 213
Service Set 74
service type 150
Session Description Protocol 234
Session Initiating Protocol 234
Session Initiation Protocol 117
setup 130
silence suppression 233
SIP 117
SIP account 117
SIP accounts 233
SIP ALG 111
SIP Application Layer Gateway 111
SIP identities 117
SIP number 118
SIP service domain 118
SIP URI 117
SIP version 2 234
SNMP 188
manager 189
MIBs 190
speed dial 126, 129
SSH 193
how SSH works 194
implementation 195
stateful inspection firewall 137
static route 159
Index
IAD User’s Guide 325
status indicators 26
storage humidity 231
storage temperature 231
SUA 102
SUA (Single User Account) 102
SUA vs NAT 102
subnet 285
subnet mask 61, 148, 286
subnetting 288
supplementary services 131
syntax conventions 5
syslog 143
system name 212
system timeout 185
T
TCP maximum incomplete 152, 153
Telnet 186
temperature 231
Temporal Key Integrity Protocol (TKIP) 306
three-way conference 133, 135
trademarks 317
Triangle 155
Triangle Route Solutions 156
U
Uniform Resource Identifier 117
Universal Plug and Play 197
application 198
UPnP 197
forum 198
security issues 198
USA type call service mode 133
V
VAD 233
voice activity detection 233
Index
IAD User’s Guide
326
voice channels 233
VoIP 117
peer-to-peer calls 126
VoIP features 23
VoIP standards compliance 233
W
WAN (Wide Area Network) 55
warranty 319
note 320
Web 185
Web Configurator 29, 155
WEP encryption 78
Wi-Fi Protected Access 306
wireless client WPA supplicants 308
wireless security 302
wireless station list 49
WLAN
interference 299
security parameters 310
WLAN button 24
WPA 306
key caching 308
pre-authentication 308
user authentication 307
vs WPA-PSK 307
wireless client supplicant 308
with RADIUS application example 308
WPA2 306
user authentication 307
vs WPA2-PSK 307
wireless client supplicant 308
with RADIUS application example 308
WPA2-Pre-Shared Key 306
WPA2-PSK 306, 307
application example 309
WPA-PSK 306, 307
application example 309

Navigation menu