ZyXEL Communications VMG8324B10A Wireless N VDSL2 VoIP Combo WAN Gigabit IAD User Manual VMG8324 B10A UserMan 1 2013 12 09

ZyXEL Communications Corporation Wireless N VDSL2 VoIP Combo WAN Gigabit IAD VMG8324 B10A UserMan 1 2013 12 09

Contents

(VMG8324-B10A)UserMan(1) 2013-12-09

Quick Start Guidewww.zyxel.comVMG8 3 2 4 - B1 0 A and VMG8 3 2 4 -B3 0 A SeriesWireless N VDSL2 VoI P Com bo WAN Gigabit I ADVersion 1.00Edit ion 1, 11/ 2013Copyright  ©  2013 ZyXEL Com m unications CorporationUser’s GuideDefa ult  Login Det a ilsLAN I P Address ht tp: / / 192.168.1.1Login adm inPassword 1234
VMG8324-B10A / VMG8324-B30A Series User’s Guide2IMPORTANT!READ CAREFULLY BEFORE USE.KEEP THIS GUIDE FOR FUTURE REFERENCE.Screenshots and graphics in t his book m ay differ slightly from  your product  due t o differences in your product  firm war e or your com put er operat ing syst em . Every effort  has been m ade t o ensure that t he inform at ion in t his m anual is accurat e.Related Documentation• Quick Start Guide The Quick St art  Guide show s how to connect  t he Device and get up and running right  away.
 Contents OverviewVMG8324-B10A / VMG8324-B30A Series User’s Guide 3Contents OverviewUser’s Guide .......................................................................................................................................15Introducing the Device  ............................................................................................................................17The Web Configurator .............................................................................................................................25Quick Start ...............................................................................................................................................33Technical Reference  ..........................................................................................................................35Network Map and Status Screens ...........................................................................................................37Broadband ...............................................................................................................................................43Wireless ..................................................................................................................................................71Home Networking ..................................................................................................................................107Routing ..................................................................................................................................................131Quality of Service (QoS)  .......................................................................................................................139Network Address Translation (NAT) ......................................................................................................157Dynamic DNS Setup  .............................................................................................................................175Interface Group  .....................................................................................................................................179USB Service ..........................................................................................................................................185Power Management  ..............................................................................................................................193Firewall ..................................................................................................................................................197MAC Filter  .............................................................................................................................................205Parental Control  ....................................................................................................................................207Scheduler Rule ...................................................................................................................................... 211Certificates ............................................................................................................................................213VPN .......................................................................................................................................................221Voice .....................................................................................................................................................235Log   .......................................................................................................................................................267Traffic Status   ........................................................................................................................................271 VoIP Status ...........................................................................................................................................275ARP Table  .............................................................................................................................................277Routing Table  ........................................................................................................................................279IGMP/MLD Status   ................................................................................................................................281xDSL Statistics  ......................................................................................................................................2833G Statistics   .........................................................................................................................................287User Account .........................................................................................................................................289Remote Management ............................................................................................................................291TR-069 Client ........................................................................................................................................295TR-064 ..................................................................................................................................................297SNMP ....................................................................................................................................................299Time Settings  ........................................................................................................................................301
Contents OverviewVMG8324-B10A / VMG8324-B30A Series User’s Guide4E-mail Notification  .................................................................................................................................305Logs Setting   .........................................................................................................................................307Firmware Upgrade  ................................................................................................................................ 311Configuration .........................................................................................................................................313Diagnostic .............................................................................................................................................317Troubleshooting ....................................................................................................................................323
  Table of ContentsVMG8324-B10A / VMG8324-B30A Series User’s Guide 5Table of ContentsContents Overview  ..............................................................................................................................3Table of Contents .................................................................................................................................5Part I: User’s Guide ......................................................................................... 15Chapter   1Introducing the Device .......................................................................................................................171.1 Overview  ...........................................................................................................................................171.2 Ways to Manage the Device  .............................................................................................................171.3 Good Habits for Managing the Device  ..............................................................................................171.4 Applications for the Device  ...............................................................................................................181.4.1 Internet Access ........................................................................................................................181.4.2 Device’s USB Support  .............................................................................................................191.5 LEDs (Lights)  ....................................................................................................................................201.6 The RESET Button ............................................................................................................................221.7 Wireless Access ................................................................................................................................221.7.1 Using the Wi-Fi and WPS Buttons ...........................................................................................221.8 Wall-mounting Instructions ................................................................................................................23Chapter   2The Web Configurator ........................................................................................................................252.1 Overview  ...........................................................................................................................................252.1.1 Accessing the Web Configurator  .............................................................................................252.2 Web Configurator Layout  ..................................................................................................................272.2.1 Title Bar  ...................................................................................................................................272.2.2 Main Window  ...........................................................................................................................282.2.3 Navigation Panel  .....................................................................................................................29Chapter   3Quick Start...........................................................................................................................................333.1 Overview  ...........................................................................................................................................333.2 Quick Start Setup  ..............................................................................................................................33Part II: Technical Reference............................................................................ 35
Table of ContentsVMG8324-B10A / VMG8324-B30A Series User’s Guide6Chapter   4Network Map and Status Screens ..................................................................................................... 374.1 Overview  ...........................................................................................................................................374.2 The Network Map Screen  .................................................................................................................374.3 The Status Screen .............................................................................................................................38Chapter   5Broadband...........................................................................................................................................435.1 Overview  ...........................................................................................................................................435.1.1 What You Can Do in this Chapter ............................................................................................435.1.2 What You Need to Know ..........................................................................................................445.1.3 Before You Begin .....................................................................................................................475.2 The Broadband Screen  .....................................................................................................................475.2.1 Add/Edit Internet Connection ...................................................................................................495.3 The 3G Backup Screen .....................................................................................................................575.4 The Advanced Screen .......................................................................................................................615.5 The 802.1x Screen ............................................................................................................................625.5.1 Edit 802.1X Settings  ................................................................................................................635.6 The WAN Status Screen  ...................................................................................................................635.7 Technical Reference ..........................................................................................................................64Chapter   6Wireless ...............................................................................................................................................716.1 Overview  ...........................................................................................................................................716.1.1 What You Can Do in this Chapter ............................................................................................716.1.2 What You Need to Know ..........................................................................................................726.2 The General Screen  .........................................................................................................................726.2.1 No Security  ..............................................................................................................................756.2.2 Basic (WEP Encryption)  ..........................................................................................................756.2.3 Basic (802.1X)  .........................................................................................................................766.2.4 More Secure (WPA(2)-PSK)  ....................................................................................................796.2.5 WPA(2) Authentication .............................................................................................................806.3 The More AP Screen .........................................................................................................................816.3.1 Edit More AP   ..........................................................................................................................836.4 MAC Authentication  ..........................................................................................................................856.5 The WPS Screen  ..............................................................................................................................866.6 The WMM Screen  .............................................................................................................................876.7 The WDS Screen  ..............................................................................................................................886.7.1 WDS Scan  ...............................................................................................................................896.8 The Others Screen ............................................................................................................................906.9 The Channel Status Screen  ..............................................................................................................926.10 Technical Reference ........................................................................................................................926.10.1 Wireless Network Overview ...................................................................................................92
  Table of ContentsVMG8324-B10A / VMG8324-B30A Series User’s Guide 76.10.2 Additional Wireless Terms  .....................................................................................................946.10.3 Wireless Security Overview ...................................................................................................946.10.4 Signal Problems  ....................................................................................................................966.10.5 BSS  .......................................................................................................................................976.10.6 MBSSID .................................................................................................................................976.10.7 Preamble Type  ......................................................................................................................986.10.8 Wireless Distribution System (WDS)  .....................................................................................986.10.9 WiFi Protected Setup (WPS)  .................................................................................................98Chapter   7Home Networking .............................................................................................................................1077.1 Overview  .........................................................................................................................................1077.1.1 What You Can Do in this Chapter ..........................................................................................1077.1.2 What You Need To Know .......................................................................................................1087.1.3 Before You Begin ...................................................................................................................1097.2 The LAN Setup Screen  ...................................................................................................................1097.3 The Static DHCP Screen ................................................................................................................. 1137.4 The UPnP Screen  ........................................................................................................................... 1147.5 Installing UPnP in Windows Example  ............................................................................................. 1157.6 Using UPnP in Windows XP Example  ............................................................................................ 1187.7 The Additional Subnet Screen  ........................................................................................................1247.8 The STB Vendor ID Screen .............................................................................................................1257.9 The 5th Ethernet Port Screen  .........................................................................................................1257.10 The LAN VLAN Screen  .................................................................................................................1267.11 The Wake on LAN Screen .............................................................................................................1277.12 Technical Reference ......................................................................................................................1287.12.1 LANs, WANs and the Device ...............................................................................................1287.12.2 DHCP Setup  ........................................................................................................................1287.12.3 DNS Server Addresses .......................................................................................................1287.12.4 LAN TCP/IP  .........................................................................................................................129Chapter   8Routing ..............................................................................................................................................1318.1 Overview   ........................................................................................................................................1318.2 The Routing Screen  ........................................................................................................................1328.2.1 Add/Edit Static Route .............................................................................................................1338.3 The DNS Route Screen  ..................................................................................................................1348.3.1 The DNS Route Add Screen  .................................................................................................1348.4 The Policy Forwarding Screen ........................................................................................................1358.4.1 Add/Edit Policy Forwarding  ...................................................................................................1368.5 RIP      ..............................................................................................................................................1378.5.1 The RIP Screen  .....................................................................................................................137
Table of ContentsVMG8324-B10A / VMG8324-B30A Series User’s Guide8Chapter   9Quality of Service (QoS)...................................................................................................................1399.1 Overview   ........................................................................................................................................1399.1.1 What You Can Do in this Chapter ..........................................................................................1399.2 What You Need to Know  .................................................................................................................1399.3 The Quality of Service General Screen  ..........................................................................................1419.4 The Queue Setup Screen  ...............................................................................................................1429.4.1 Adding a QoS Queue   ...........................................................................................................1439.5 The Class Setup Screen  .................................................................................................................1449.5.1 Add/Edit QoS Class  ..............................................................................................................1469.6 The QoS Policer Setup Screen  .......................................................................................................1499.6.1 Add/Edit a QoS Policer  .........................................................................................................1509.7 The QoS Monitor Screen   ...............................................................................................................1519.8 Technical Reference ........................................................................................................................152Chapter   10Network Address Translation (NAT)................................................................................................15710.1 Overview  .......................................................................................................................................15710.1.1 What You Can Do in this Chapter ........................................................................................15710.1.2 What You Need To Know .....................................................................................................15710.2 The Port Forwarding Screen   ........................................................................................................15810.2.1 Add/Edit Port Forwarding   ...................................................................................................16010.3 The Applications Screen  ...............................................................................................................16110.3.1 Add New Application  ...........................................................................................................16210.4 The Port Triggering Screen ...........................................................................................................16210.4.1 Add/Edit Port Triggering Rule   .............................................................................................16410.5 The DMZ Screen ...........................................................................................................................16510.6 The ALG Screen  ...........................................................................................................................16610.7 The Address Mapping Screen .......................................................................................................16610.7.1 Add/Edit Address Mapping Rule ..........................................................................................16710.8 The Address Mapping Screen .......................................................................................................16810.9 The Sessions Screen ....................................................................................................................16910.10 Technical Reference ....................................................................................................................16910.10.1 NAT Definitions ..................................................................................................................17010.10.2 What NAT Does .................................................................................................................17110.10.3 How NAT Works  ................................................................................................................17210.10.4 NAT Application  .................................................................................................................173Chapter   11Dynamic DNS Setup .........................................................................................................................17511.1 Overview  .......................................................................................................................................17511.1.1 What You Can Do in this Chapter  ........................................................................................17511.1.2 What You Need To Know  .....................................................................................................176
  Table of ContentsVMG8324-B10A / VMG8324-B30A Series User’s Guide 911.2 The DNS Entry Screen ..................................................................................................................17611.2.1 Add/Edit DNS Entry  .............................................................................................................17711.3 The Dynamic DNS Screen  ............................................................................................................177Chapter   12Interface Group .................................................................................................................................17912.1 Overview  .......................................................................................................................................17912.1.1 What You Can Do in this Chapter ........................................................................................17912.2 The Interface Group Screen ..........................................................................................................17912.2.1 Interface Group Configuration .............................................................................................18012.2.2  Interface Grouping Criteria  .................................................................................................182Chapter   13USB Service ......................................................................................................................................18513.1 Overview  .......................................................................................................................................18513.1.1 What You Can Do in this Chapter ........................................................................................18513.1.2 What You Need To Know .....................................................................................................18513.1.3 Before You Begin .................................................................................................................18713.2 The File Sharing Screen  ...............................................................................................................18813.2.1 The Add New Share Screen ................................................................................................18913.2.2 The Add New User Screen ..................................................................................................19013.3 The Media Server Screen  .............................................................................................................19013.4 Printer Server   ...............................................................................................................................19113.4.1 Before You Begin .................................................................................................................19113.4.2 The Printer Server Screen ...................................................................................................192Chapter   14Power Management ..........................................................................................................................19314.1 Overview  .......................................................................................................................................19314.1.1 What You Can Do in this Chapter ........................................................................................19314.1.2 What You Need To Know .....................................................................................................19314.2 The Power Management Screen  ..................................................................................................19314.3 The Auto Switch Off Screen ..........................................................................................................19414.3.1 The Auto Switch Off Add/Edit Screen ..................................................................................19514.3.2 The Add/Edit Rule Screen ...................................................................................................195Chapter   15Firewall ..............................................................................................................................................19715.1 Overview  .......................................................................................................................................19715.1.1 What You Can Do in this Chapter ........................................................................................19715.1.2 What You Need to Know ......................................................................................................19815.2 The Firewall Screen  ......................................................................................................................19915.3 The Protocol Screen   ....................................................................................................................199
Table of ContentsVMG8324-B10A / VMG8324-B30A Series User’s Guide1015.3.1 Add/Edit a Service   ..............................................................................................................20015.4 The Access Control Screen  ..........................................................................................................20115.4.1 Add/Edit an ACL Rule   ........................................................................................................20215.5 The DoS Screen ............................................................................................................................204Chapter   16MAC Filter..........................................................................................................................................20516.1 Overview   ......................................................................................................................................20516.2 The MAC Filter Screen ..................................................................................................................205Chapter   17Parental Control................................................................................................................................20717.1 Overview  .......................................................................................................................................20717.2 The Parental Control Screen .........................................................................................................20717.2.1 Add/Edit a Parental Control Rule .........................................................................................208Chapter   18Scheduler Rule.................................................................................................................................. 21118.1 Overview  ....................................................................................................................................... 21118.2 The Scheduler Rule Screen  .......................................................................................................... 21118.2.1 Add/Edit a Schedule  ............................................................................................................212Chapter   19Certificates ........................................................................................................................................21319.1 Overview  .......................................................................................................................................21319.1.1 What You Can Do in this Chapter ........................................................................................21319.2 What You Need to Know  ...............................................................................................................21319.3 The Local Certificates Screen .......................................................................................................21319.3.1 Create Certificate Request   .................................................................................................21419.3.2 Load Signed Certificate   ......................................................................................................21519.4 The Trusted CA Screen ................................................................................................................21619.4.1 View Trusted CA Certificate .................................................................................................21819.4.2 Import Trusted CA Certificate  ..............................................................................................219Chapter   20VPN ....................................................................................................................................................22120.1 Overview  .......................................................................................................................................22120.2 The IPSec VPN General Screen ...................................................................................................22120.3 The IPSec VPN Add/Edit Screen ..................................................................................................22220.4 The IPSec VPN Monitor Screen ....................................................................................................22820.5 Technical Reference ......................................................................................................................22820.5.1 IPSec Architecture ...............................................................................................................22820.5.2 Encapsulation  ......................................................................................................................229
  Table of ContentsVMG8324-B10A / VMG8324-B30A Series User’s Guide 1120.5.3  IKE Phases .........................................................................................................................23020.5.4 Negotiation Mode  ................................................................................................................23120.5.5 IPSec and NAT  ....................................................................................................................23220.5.6 VPN, NAT, and NAT Traversal .............................................................................................23220.5.7 ID Type and Content ............................................................................................................23320.5.8 Pre-Shared Key  ...................................................................................................................23420.5.9 Diffie-Hellman (DH) Key Groups ..........................................................................................234Chapter   21Voice ..................................................................................................................................................23521.1 Overview  .......................................................................................................................................23521.1.1 What You Can Do in this Chapter ........................................................................................23521.1.2 What You Need to Know About VoIP ...................................................................................23621.2 Before You Begin  ..........................................................................................................................23621.3 The SIP Account Screen  ..............................................................................................................23621.3.1 The SIP Account Add/Edit Screen  ......................................................................................23721.4 The SIP Service Provider Screen   ................................................................................................24121.4.1 The SIP Service Provider Add/Edit Screen   ........................................................................24221.4.2 Dial Plan Rules  ....................................................................................................................24821.5 The Phone Screen   .......................................................................................................................24921.6 The Call Rule Screen ....................................................................................................................24921.7 The Call History Summary Screen ................................................................................................25021.8 The Call History Outgoing Calls Screen ........................................................................................25121.9 The Call History Incoming Calls Screen ........................................................................................25121.10 Technical Reference ....................................................................................................................25221.10.1 Quality of Service (QoS) ....................................................................................................26021.10.2 Phone Services Overview  .................................................................................................260Chapter   22Log ....................................................................................................................................................26722.1 Overview  .......................................................................................................................................26722.1.1 What You Can Do in this Chapter ........................................................................................26722.1.2 What You Need To Know .....................................................................................................26722.2 The System Log Screen ................................................................................................................26822.3 The Security Log Screen ...............................................................................................................269Chapter   23Traffic Status  ....................................................................................................................................27123.1 Overview  .......................................................................................................................................27123.1.1 What You Can Do in this Chapter ........................................................................................27123.2 The WAN Status Screen  ...............................................................................................................27123.3 The LAN Status Screen .................................................................................................................27323.4 The NAT Status Screen .................................................................................................................274
Table of ContentsVMG8324-B10A / VMG8324-B30A Series User’s Guide12Chapter   24 VoIP Status .......................................................................................................................................27524.1 The VoIP Status Screen  ................................................................................................................275Chapter   25ARP Table ..........................................................................................................................................27725.1 Overview  .......................................................................................................................................27725.1.1 How ARP Works ..................................................................................................................27725.2 ARP Table Screen .........................................................................................................................277Chapter   26Routing Table ....................................................................................................................................27926.1 Overview  .......................................................................................................................................27926.2 The Routing Table Screen .............................................................................................................279Chapter   27IGMP/MLD Status  .............................................................................................................................28127.1 Overview  .......................................................................................................................................28127.2 The IGMP/MLD Group Status Screen ...........................................................................................281Chapter   28xDSL Statistics..................................................................................................................................28328.1 The xDSL Statistics Screen ...........................................................................................................283Chapter   293G Statistics  .....................................................................................................................................28729.1 Overview  .......................................................................................................................................28729.2 The 3G Statistics Screen ...............................................................................................................287Chapter   30User Account ....................................................................................................................................28930.1 Overview   ......................................................................................................................................28930.2 The User Account Screen .............................................................................................................289Chapter   31Remote Management........................................................................................................................29131.1 Overview  .......................................................................................................................................29131.2 The Remote MGMT Screen ..........................................................................................................29131.3 The Trust Domain Screen  .............................................................................................................29231.4 The Add Trust Domain Screen ......................................................................................................293Chapter   32TR-069 Client.....................................................................................................................................295
  Table of ContentsVMG8324-B10A / VMG8324-B30A Series User’s Guide 1332.1 Overview  .......................................................................................................................................29532.2 The TR-069 Client Screen ............................................................................................................295Chapter   33TR-064................................................................................................................................................29733.1 Overview  .......................................................................................................................................29733.2 The TR-064 Screen .......................................................................................................................297Chapter   34SNMP .................................................................................................................................................29934.1 Overview  .......................................................................................................................................29934.2 The SNMP Screen  ........................................................................................................................299Chapter   35Time Settings ....................................................................................................................................30135.1 Overview  .......................................................................................................................................30135.2 The Time Screen  ..........................................................................................................................301Chapter   36E-mail Notification ............................................................................................................................30536.1 Overview     ....................................................................................................................................30536.2 The Email Notification Screen .......................................................................................................30536.2.1 Email Notification Edit   ........................................................................................................306Chapter   37Logs Setting  .....................................................................................................................................30737.1 Overview   ......................................................................................................................................30737.2 The Log Settings Screen ...............................................................................................................30737.2.1 Example E-mail Log  ............................................................................................................308Chapter   38Firmware Upgrade ............................................................................................................................ 31138.1 Overview  ....................................................................................................................................... 31138.2 The Firmware Screen .................................................................................................................... 311Chapter   39Configuration ....................................................................................................................................31339.1 Overview  .......................................................................................................................................31339.2 The Configuration Screen  .............................................................................................................31339.3 The Reboot Screen  .......................................................................................................................315Chapter   40Diagnostic .........................................................................................................................................317
Table of ContentsVMG8324-B10A / VMG8324-B30A Series User’s Guide1440.1 Overview  .......................................................................................................................................31740.1.1 What You Can Do in this Chapter ........................................................................................31740.2 What You Need to Know  ...............................................................................................................31740.3 Ping & TraceRoute & NsLookup  ...................................................................................................31840.4 802.1ag  .........................................................................................................................................31940.5 OAM Ping ......................................................................................................................................320Chapter   41Troubleshooting................................................................................................................................32341.1 Power, Hardware Connections, and LEDs ....................................................................................32341.2 Device Access and Login ..............................................................................................................32441.3 Internet Access  .............................................................................................................................32641.4 Wireless Internet Access ...............................................................................................................32741.5 USB Device Connection ................................................................................................................32841.6 UPnP .............................................................................................................................................328Appendix   A  Customer Support ........................................................................................................329Appendix   B  Setting up Your Computer’s IP Address.......................................................................335Appendix   C  IP Addresses and Subnetting.......................................................................................357Appendix   D  Pop-up Windows, JavaScripts and Java Permissions .................................................365Appendix   E  Wireless LANs..............................................................................................................375Appendix   F  IPv6 ..............................................................................................................................389Appendix   G  Services .......................................................................................................................397Appendix   H  Legal Information .........................................................................................................401Index ..................................................................................................................................................405
15PART IUser’s Guide
16
VMG8324-B10A / VMG8324-B30A Series User’s Guide 17CHAPTER   1Introducing the Device1.1  OverviewThe Device is a wir eless VDSL router and Gigabit  Ethernet gat eway. I t  has a DSL port and a Gigabit Et hernet port  for super- fast  I nternet  access. The Device support s both Packet  Transfer Mode ( PTM)  and Asy nchr onous Transfer Mode ( ATM) . I t  is backward com patible w ith ADSL, ADSL2 and ADSL2+  in case VDSL is not  available.Only use firmware for your Device’s specific model. Refer to the label on the bottom of your Device.The Device has two USB por t s for sharing files via a USB st orage device, sharing a USB print er, or connect ing a 3G dongle for a WAN backup connect ion. • The VMG8324- B10A works over t he analog telephone syst em , POTS (Plain Old Telephone Service) . • The VMG8324- B30A works over I SDN ( I nt egrated Services Digital Net work)  or T- I SDN ( UR- 2) .1.2  Ways to Manage the DeviceUse any of the following m et hods t o m anage t he Device.• Web Configurat or. This is recom m ended for everyday m anagem ent  of t he Device using a ( suppor t ed)  web browser.• TR-069. This is an aut o-configuration server used t o rem ot ely configure your device.1.3  Good Habits for Managing the DeviceDo the following t hings regular ly to m ake the Device m ore secure and to m anage t he Device m ore effect ively.• Change the password. Use a password t hat’s not easy t o guess and that consist s of different  types of charact er s, such as num bers and let t ers.• Writ e down t he passw ord and put  it in a safe place.• Back up t he configuration ( and m ake sure you know how t o rest ore it ) . Rest oring an earlier working configurat ion m ay be useful if t he device becom es unstable or even crashes. I f you forget  your password, you will have t o reset  t he Device t o it s factory default set t ings. I f you backed up an earlier configurat ion file, you would not have t o t ot ally re- configure t he Device. You could sim ply rest ore your last  configurat ion.
Chapter 1 Introducing the DeviceVMG8324-B10A / VMG8324-B30A Series User’s Guide181.4  Applications for the Device Here are som e exam ple uses for which t he Device is w ell suit ed.1.4.1  Internet AccessYour Device provides shar ed I nt ernet access by connect ing the DSL port  t o t he D SL or M OD EM  j ack on a split t er or your t elephone j ack. You can have m ultiple WAN services over one ADSL or VDSL. The Device cannot work in ADSL and VDSL m ode at  the sam e t im e.Not e:  The ADSL and VDSL lines share t he sam e WAN (layer- 2)  int erfaces t hat  you configure in t he Device. Refer to Sect ion 5.2 on page 47 for t he N et w ork  Set t in g >  Br oa dba nd screen.Com put ers can connect t o t he Device’s LAN port s ( or wirelessly).Figure 1   Device’s I nt ernet Access Applicat ion You can also configure I P filt ering on the Device for secure I nt ernet access. When t he I P filter is on, all incom ing t raffic from  the I nt ernet  t o your net work is blocked by default  unless it  is init iated fr om  your net work. This m eans t hat  probes from  t he out side t o your network are not allowed, but you can safely browse the I nt ernet  and download files.ADSL / VDSLWLANPPPoEIPoEBridgingWANADSL    IPoAWANLANLANWLANAAPPPoAIPoEPPPoEBridging
 Chapter 1 Introducing the DeviceVMG8324-B10A / VMG8324-B30A Series User’s Guide 191.4.2  Device’s USB SupportThe USB port  of t he Device is used for  file- sharing, m edia server and print er- sharing.File SharingUse t he built-in USB 2.0 por t  t o share files on a USB m em ory st ick or a USB hard drive ( B) . You can connect  one USB hard drive to the Device at a tim e. Use FTP t o access t he files on the USB device.Figure 2   USB File Sharing Applicat ion Media ServerYou can also use t he Device as a m edia server. This let s anyone on your net work play video, m usic, and phot os from  a USB device ( B)  connect ed t o t he Device’s USB port  ( without having t o copy them  to another com put er) . Figure 3   USB Media Server Application  BABA
Chapter 1 Introducing the DeviceVMG8324-B10A / VMG8324-B30A Series User’s Guide20Printer ServerThe Device allows you t o shar e a USB print er on your LAN. You can do t his by connecting a USB print er t o one of the USB por t s on t he Device and t hen configuring a TCP/ I P port  on t he com put ers connect ed to your net w ork. Figure 4   Sharing a USB Print er1.5  LEDs (Lights)The following graphic displays t he labels of t he LEDs. Figure 5   LEDs on the DeviceNone of t he LEDs are on if the Device is not  receiving power.Table 1   LED Descript ionsLED COLOR STATUS DESCRIPTIONPWR/ SYSGreen On The Device is receiving pow er and ready for use.Blinking The Device is self- t est ing.Red On The Device det ect ed an error  while self- t esting, or t here is a device m alfunct ion.Off The Device is not  receiving power.DSLGreen On The ADSL line is up.Blinking The Device is init ializing the ADSL line.Orange On The VDSL line is up.Blinking The Device is init ializing the VDSL line.Off The DSL line is down.2.4G 5G
 Chapter 1 Introducing the DeviceVMG8324-B10A / VMG8324-B30A Series User’s Guide 21I NTERNETGreen On The Device has an I P connect ion but  no t raffic.Your device has a WAN I P address ( eit her st at ic or assigned by a DHCP server ) , PPP negotiat ion was successfully com plet ed ( if used)  and the DSL connect ion is up.Blinking The Dev ice is sending or receiving I P traffic.Off There is no I nt ernet  connection or the gateway is in bridged m ode.Red On The Device at t em pted t o m ake an I P connect ion but  failed. Possible causes are no r esponse from  a DHCP ser ver, no PPPoE response, PPPoE authenticat ion failed.WANGreen On The Device has a successful 1000 Mbps Ethernet  connect ion on t he WAN. Blinking  The Device is sending or receiving dat a t o/ from  the WAN at  1000 Mbps.Orange On The Device has a successful 10/ 100 Mbps Ether net  connect ion on t he WAN. Blinking The Dev ice is sending or receiving dat a t o/ from  the WAN at  10/ 100 Mbps.Off There is no Ethernet connect ion on t he WAN.LANGreen On The Device has a successful 1000 Mbps Ether net  connect ion with a dev ice on the Local Area Net work ( LAN) . Blinking  The Device is sending or receiving dat a t o/ from  the LAN at  1000 Mbps.Off The Device does not  have an Et hernet  connect ion wit h t he LAN.WiFi 2.4GGreen On The 2.4 GHz wir eless network is act ivated.Blinking The Device is com m unicat ing w it h ot her  wir eless clients.Orange Blinking The Device is set t ing up a WPS connect ion.Off The 2.4 GHz wireless network is not  act ivated.Phone1, Phone2Green On A SI P account  is regist ered for t he phone port .Blinking A t elephone connect ed t o t he phone port  has it s receiver off of the hook or t here is an incom ing call.Orange On A SI P account  is regist ered for t he phone port and there is a voice m essage in t he corr esponding SI P account .Blinking A t elephone connect ed t o t he phone port  has it s receiver off of the hook and there is a voice m essage in t he corresponding SI P account.Off The phone port  does not  have a SI P account  regist ered.USB1Green On The Device recognizes a USB connect ion t hrough t he USB1 slot .Blinking The Device is sending/ r eceiv ing data to / from  t he USB device connected to it .Off The Device does not  det ect a USB connect ion t hrough t he USB1 slot .USB2Green On The Device recognizes a USB connect ion t hrough t he USB2 slot .Blinking The Device is sending/ r eceiv ing data to / from  t he USB device connected to it .Off The Device does not  det ect a USB connect ion t hrough t he USB2 slot .Table 1   LED Descript ions ( cont inued)LED COLOR STATUS DESCRIPTION
Chapter 1 Introducing the DeviceVMG8324-B10A / VMG8324-B30A Series User’s Guide221.6  The RESET ButtonI f you forget your password or cannot  access the Web Configurator, you will need t o use t he RESET but t on at  t he back of t he device t o reload t he factory- default  configuration file. This m eans t hat  you will lose all configurat ions that you had previously and the password will be reset  to “ 1234”. 1Make sure t he PW R/ SYS LED is on ( not  blinking) .2To set  t he device back t o t he fact ory default  sett ings, press t he RESET butt on for t en seconds or unt il the PW R/ SYS LED begins to blink and t hen r elease it . When t he PW R/ SYS LED begins t o blink, t he default s have been restored and t he device rest art s.1.7  Wireless AccessThe Device is a wireless Access Point ( AP) for wireless client s, such as notebook com put ers or PDAs and iPads. I t  allows t hem  t o connect  to the I nt ernet  wit hout  having t o rely on inconvenient  Ethernet  cables.You can configure your w ireless net work in eit her t he built- in Web Configurat or, or using t he WPS but t on.Figure 6   Wireless Access Exam ple1.7.1  Using the Wi-Fi and WPS ButtonsI f t he wir eless net w ork is t urned off, press t he W i- Fi butt on for one second. Once the W iFi 2 .4 G LED t urns green, the w ireless net work is act ive.You can also use t he W PS but ton t o quickly set  up a secure wireless connection between the Device and a WPS- com pat ible client  by adding one device at  a t im e.To activat e WPS:1Make sure t he PW R/ SYS LED is on and not  blinking.2Press t he W PS but ton for five seconds and release it.3Press t he WPS butt on on anot her WPS- enabled device wit hin range of t he Device. The W iFi 2 .4 G LED flashes orange while t he Device sets up a WPS connection w ith t he ot her wireless device.
 Chapter 1 Introducing the DeviceVMG8324-B10A / VMG8324-B30A Series User’s Guide 234Once t he connection is successfully m ade, t he W iFi 2 .4 G LED shines green.To turn off t he wireless net work, press the W i- Fi but t on for one t o five seconds. The W iFi 2 .4 G LED t urns off when t he w ireless net work is off.1.8  Wall-mounting InstructionsDo the follow ing t o hang your Device on a wall.1Locat e a high posit ion on a wall that is free of obst ruct ions. Use a st urdy wall.2Hold the bracket  against t he wall and m ark where t o drill t he holes.3Drill the two screw holes in the wall.Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws.4Align and insert  t he bracket t o the wall- m ount ing not ches on the rear panel of the Device.  5Push t he bracket up t o t ightly att ach it  t o t he Device.
Chapter 1 Introducing the DeviceVMG8324-B10A / VMG8324-B30A Series User’s Guide246Mount  t he Device on the screws w hich are already installed on t he wall. Make sure t hat  t he Device is firm ly at t ached to the screws so it  does not fall off.
VMG8324-B10A / VMG8324-B30A Series User’s Guide 25CHAPTER   2The Web Configurator2.1  OverviewThe w eb configurat or  is an HTML-based m anagem ent int erface that allows easy device set up and m anagem ent via I nternet brow ser. Use I nternet Explorer 6.0 and lat er versions or Mozilla Firefox 3 and lat er versions or Safari 2.0 and lat er versions. The recom m ended screen resolut ion is 1024 by 768 pixels.I n order t o use the web configurat or you need to allow :• Web browser pop- up windows from  your device. Web pop- up blocking is enabled by default in Windows XP SP ( Service Pack)  2.• JavaScript  ( enabled by default ) .• Java perm issions ( enabled by default) .See Appendix D on page 365 if you need t o m ake sure these functions ar e allowed in I nt ernet  Explorer. 2.1.1  Accessing the Web Configurator1Make sure your Device hardware is properly connected ( refer t o t he Quick St art  Guide) .2Launch your web browser. I f t he Device does not  aut om at ically re- direct  you to the login screen, go to ht t p: / / 192.168.1.1.3A password screen displays. To access the adm inist rat ive web configurat or and m anage t he Device, type t he default  usernam e adm in and password 1 2 3 4  in t he passw ord screen and click Login . I f advanced account  security is enabled ( see Section 30.2 on page 289)  t he num ber of dots that appears when you t ype the password changes random ly t o prevent  anyone watching the password field from  knowing t he length of your passw ord. I f you have changed the password, ent er your password and click Login. Figure 7   Passwor d Scr een
Chapter 2 The Web ConfiguratorVMG8324-B10A / VMG8324-B30A Series User’s Guide264The following screen displays if you have not  yet  changed your password. I t is st r ongly recom m ended you change t he default password. Ent er a new password, ret ype it t o confirm  and click Apply;  alt ernat ively click Sk ip  t o proceed to the m ain m enu if you do not want  t o change t he password now.Figure 8   Change Password Screen5The Qu ick  St art  W iz a rd screen appears. You can configure t he Device’s t im e zone, basic I nt ernet access, and wireless sett ings. See Chapt er 3 on page 33 for m ore inform ation.6Aft er you finished or closed t he Quick St a rt  W iza rd screen, t he N et w ork  Map page appears. Figure 9   Network Map 7Click St a t u s to display t he St a t u s screen, where you can view t he Device’s int erface and syst em  inform ation.
 Chapter 2 The Web ConfiguratorVMG8324-B10A / VMG8324-B30A Series User’s Guide 272.2  Web Configurator LayoutFigure 10   Screen LayoutAs illust rat ed above, t he m ain screen is divided into these part s:•A -  t itle bar•B -  m ain window •C -  navigat ion panel2.2.1  Title BarThe t itle bar provides som e icons in the upper right  corner.The icons provide the following functions.BCATable 2   Web Configurat or I cons in t he Tit le BarICON  DESCRIPTIONLanguage:  Select  t he language you prefer.Quick Start :  Click t his icon t o open screens where you can configur e t he Device’s t im e zone I nt ernet  access, and wireless set t ings.Logout :  Click t his icon t o log out of the web configurator.
Chapter 2 The Web ConfiguratorVMG8324-B10A / VMG8324-B30A Series User’s Guide282.2.2  Main WindowThe m ain window displays inform at ion and configurat ion fields. I t is discussed in t he rest  of this docum ent .Aft er you click St a t u s on t he Connect ion St a t u s page, t he St a t u s screen is displayed. See Chapter 4 on page 38 for m ore inform at ion about  t he St a t us scr een.I f you click V ir t ua l D e v ice  on t he Syst e m  I nfo screen, a visual graphic appears, showing the connect ion st at us of t he Device’s port s. The connect ed port s are in color and disconnect ed port s are gray.Figure 11   Virt ual Device
 Chapter 2 The Web ConfiguratorVMG8324-B10A / VMG8324-B30A Series User’s Guide 292.2.3  Navigation PanelUse t he m enu it em s on the navigat ion panel t o open screens t o configure Device features. The following tables describe each m enu item . Table 3   Navigat ion Panel Sum m aryLINK TAB FUNCTIONConnect ion St atus This screen shows t he net w ork stat us of the Device and com put ers/devices connect ed to it.Net work Set t ingBroadband Br oadband Use t his screen t o view and configure I SP param et ers, WAN I P addr ess assignm ent , and ot her advanced propert ies. You can also add new WAN connections.3G Backup Use t his screen to configur e 3G WAN connect ion.Advanced Use this screen to enable or disable PTM over ADSL, Annex M/ Annex J, and DSL PhyR funct ions.802.1x Use this screen to view and configure the I EEE 802.1x set t ings on t he Device.Wan  St at u s Use t his screen t o view hist orical t raffic t ransm ission stat ist ics of a WAN interface.Wireless General Use this screen to configure t he wireless LAN sett ings and WLAN authenticat ion/ security set t ings. More AP Use t his screen t o configure m ultiple BSSs on t he Device.MAC Aut henticationUse t his screen t o block or allow wireless traffic from  wireless devices of cert ain SSI Ds and MAC addresses t o t he Device.WPS Use this screen to configure and view your WPS ( Wi- Fi Prot ect ed Set up)  settings.WMM Use this screen to enable or disable Wi- Fi Mult iMedia ( WMM) .WDS Use t his screen t o set  up Wireless Dist ribut ion System  ( WDS)  links t o ot her  access point s.Ot hers Use t his screen t o configur e advanced wireless set t ings.Channel St atus Use this screen to scan w ireless LAN channel noises and view t he result s.Hom e NetworkingLAN  Setup Use t his screen to configure LAN TCP/ I P set t ings, and ot her advanced pr opert ies.St atic DHCP  Use t his screen t o assign specific I P addresses t o individual MAC addr esses.UPnP Use t his screen t o t ur n UPnP and UPnP NAT-T on or off.Addit ional SubnetUse t his screen to configur e I P alias and public stat ic I P.STB Vendor I D Use t his screen to have t he Device aut om at ically creat e st at ic DHCP entries for Set  Top Box ( STB)  devices when they request  I P addr esses.5t h Et hernet  portUse t his screen t o configure the role of the W AN  port . I t  can be eit her the Et hernet  WAN or a LAN port .LAN VLAN Use t his screen t o cont rol t he VLAN I D and I EEE 802.1p pr iorit y t ags of t raffic sent  out  t hrough individual LAN ports.Wake on Lan Use this screen to rem ot ely t urn on a device on the net work.
Chapter 2 The Web ConfiguratorVMG8324-B10A / VMG8324-B30A Series User’s Guide30Rou t in g St at ic Rout e Use t his screen to view and set  up st at ic routes on t he Device.DNS Rout e Use t his screen t o forward DNS queries for cert ain dom ain nam es through a specific WAN int erface t o it s DNS server( s).Policy  ForwardingUse t his screen to configur e policy routing on the Dev ice.RI P Use this screen to configure Rout ing I nform at ion Prot ocol to exchange rout ing inform at ion with ot her rout ers.QoS General Use this scr een t o enable QoS and t raffic priorit izing. You can also configure t he QoS rules and actions.Queue Set up Use this screen to configure QoS queues.Class Set up Use t his screen t o define a classifier.Policer  Set u p Use t hese screens t o configure QoS policers.NAT Port  Forwarding Use this scr een t o m ake your local serv ers visible to t he out side world.Applicat ions Use t his screen to configur e servers behind t he Dev ice.Port  Triggering Use t his screen t o change your  Device’s port  triggering sett ings.DMZ Use t his screen t o configur e a default  server which receives packets from  port s that are not  specified in t he Port For w ar ding screen.ALG Use this screen to enable or disable SI P ALG.Address Mapping Use t his scr een t o change your Device’s address m apping set t ings.Sessions Use t his screen t o configure the m axim um  num ber of NAT sessions each client  host  is allowed t o have through t he Device.DNS DNS Ent ry Use t his screen t o view  and configur e DNS routes.Dynam ic DNS Use t his screen t o allow a st at ic hostnam e alias for a dynam ic I P addr ess.I nt er face GroupUse t his screen t o m ap a port  t o a PVC or br idge gr oup.USB Service File Shar ing Use t his screen t o enable file sharing via the Device.Media Server Use t his screen t o use t he Device as a m edia server.Printer Server Use t his screen to enable the print  server on the Dev ice and get the m odel nam e of t he associated print er.Pow er  Managem entPow er  Managem entThis scr een is only available for  super visors. Use t his screen to m anually tur n on/ off specific int erface( s)  and/ or all LEDs im m ediat ely.Aut o Swit ch Off This scr een is only available for  super visors. Use t his screen to configure schedules to have t he Device aut om at ically t urn on/ off specific int er face( s)  and/ or all LEDs.Securit y Set t ingsFir ewall General Use t his screen t o configur e t he securit y level of your firewall.Prot ocol Use t his screen t o add I nt er net  services and configure firewall rules.Access Control Use t his screen t o enable specific t raffic directions for net w ork  services.DoS Use t his screen t o act ivat e prot ect ion against  Denial of Ser vice ( DoS)  at t ack s.MAC Filter Use t his screen t o block or allow t raffic from  devices of cert ain MAC addr esses t o t he Device.Table 3   Navigat ion Panel Sum m ary ( continued)LINK TAB FUNCTION
 Chapter 2 The Web ConfiguratorVMG8324-B10A / VMG8324-B30A Series User’s Guide 31Par ent al Cont rolUse t his screen t o block web sites with t he specific URL.Scheduler RulesUse this screen to configure t he days and t im es when a configured restrict ion (such as parental cont r ol)  is enforced.Cer t i fi cat es Local  Cer t i fi cat es  Use t his screen t o view a sum m ary list  of cert ificat es and m anage certificates and cert ificat ion request s.Trust ed CA Use t his screen t o view and m anage t he list of the t rust ed CAs.I PSec VPN Set up Use t his screen t o add or edit VPN policies.Monit or Use t his screen t o view the st at us of all I PSec VPN t unnels. You can also m anually init iat e a tunnel in t his screen.VoI PSI P SI P Account Use t his screen t o set up infor m at ion about  your SI P account  and configure audio set t ings such as volum e levels for t he phones connect ed t o the ZyXEL Device.SI P Serv ice Provider Use t his screen t o configure y our ZyXEL Device’s Voice over I P set t ings.Phone Use t his screen t o select  your location and a call service m ode.Call Rule Use this screen to configure speed dial for SI P phone num bers that  you call often.Call History Call Hist ory Sum m ar yUse t his screen t o view  a call hist ory list .Call History OutgoingUse t his screen t o view  det ailed inform at ion for each out going call you m ade.Call History I ncom ingUse t his screen t o view  det ailed inform at ion for each incom ing call from  som eone calling you.Line Test This scr een is only available for  supervisors. Use this screen to do various t est s for a phone line.Syst em  Monit orLog Syst em  Log Use this scr een t o view t he stat us of event s t hat  occur red t o t he Device. You can ex port  or e- m ail the logs.Securit y  Log Use t his screen t o view  the login record of t he Dev ice. You can export or e- m ail the logs.Traffic St atus WAN Use t his screen t o view t he st at us of all net work t raffic going through the WAN port of the Device.LAN Use this screen to view the st at us of all net work traffic going t hrough t he LAN ports of t he Device.NAT Use t his screen t o view NAT st at ist ics for connected host s.Vo I P St at u s Use t his screen t o view  VoI P regist rat ion, current call st atust and phone num bers for t he phone port s.ARP Table Use t his screen t o view  the ARP table. I t displays t he I P and MAC addr ess of each DHCP connect ion.Routing Table Use t his screen to view the routing table on the Device.I GMP/ MLD Group St at usUse t his screen t o view  the status of all I GMP settings on the Device.xDSL St at ist ics Use t his screen t o view the Device’s xDSL traffic st at ist ics.3G Stat ist ics  Use t his screen t o look at  3G I nt ernet  connect ion st at us. Maint enanceTable 3   Navigat ion Panel Sum m ary ( continued)LINK TAB FUNCTION
Chapter 2 The Web ConfiguratorVMG8324-B10A / VMG8324-B30A Series User’s Guide32User Account Use t his screen t o change user passwor d on the Device. Rem ot e MGMT Use t his screen t o enable specific t raffic directions for net w ork  services.TR- 069 Client Use t his screen t o configur e the Device t o be m anaged by  an Aut o Configurat ion Ser ver (ACS) .TR- 064 Use t his screen t o enable m anagem ent via TR-064 on the LAN.SNMP Use t his scr een t o configure SNMP (Sim ple Net work  Managem ent  Prot ocol) set t ings. Tim e Use t his screen t o change your Device’s t im e and dat e.Em ail Notificat ionUse t his screen to configur e up t o two m ail servers and sender addr esses on t he Device.Log Set t ing Use t his screen t o change your  Device’s log settings.Firm war e UpgradeUse t his screen t o upload firm ware to your dev ice.Configurat ion Use this screen to back up and rest ore your dev ice’s configurat ion ( set t ings)  or reset  the fact or y default set t ings.Reboot Use t his screen t o reboot t he Device wit hout  t urning t he power off.Diagnostic Ping & Tr a c e r o u t e  &  NslookupUse t his screen t o ident ify problem s wit h t he DSL connection. You can use Ping, TraceRoute, or Nslookup t o help you identify pr oblem s.802.1ag Use t his screen t o configure CFM ( Connect ivit y Fault  Managem ent )  MD ( m aintenance dom ain)  and MA (m aint enance association) , perform  connectivity  t est s and view test  report s.OAM  Ping Use t his screen t o view inform at ion to help you identify  pr oblem s wit h the DSL connect ion.Table 3   Navigat ion Panel Sum m ary ( continued)LINK TAB FUNCTION
VMG8324-B10A / VMG8324-B30A Series User’s Guide 33CHAPTER   3Quick Start3.1  OverviewUse t he Quick St art  screens t o configure the Device’s tim e zone, basic I nt ernet  access, and wireless sett ings.Not e:  See t he technical reference chapt ers (st arting on page 35)  for background inform at ion on the feat ures in t his chapt er.3.2  Quick Start Setup1The Quick St art  Wizard appears aut om at ically aft er login. Or you can click t he Click  St ar t  icon in the top right corner of t he web configurat or t o open the quick st art  screens. Select t he t im e zone of the Device’s location and click N e x t . Figure 12   Tim e Zone
Chapter 3 Quick StartVMG8324-B10A / VMG8324-B30A Series User’s Guide342Ent er your I nt ernet  connect ion inform ation in t his screen. The screen and fields t o ent er m ay vary depending on your current  connect ion t ype. Click N e xt . Click N e x t .Figure 13   I nt ernet  Connect ion3Tur n the wireless LAN on or off. I f you keep it  on, record t he security set t ings so you can configure your wireless client s to connect  t o the Device. Click Save.Figure 14   I nt ernet  Connect ion4Your Device saves your set t ings and at t em pts t o connect  to the I nt ernet .
35PART IITechnical Reference
36
VMG8324-B10A / VMG8324-B30A Series User’s Guide 37CHAPTER   4Network Map and Status Screens4.1  OverviewAft er you log int o t he Web Configurat or, t he Ne t w or k  M a p screen appears. This shows t he network connect ion st at us of t he Device and client s connect ed t o it . You can use t he St a t u s screen t o look at  t he current  stat us of the Device, syst em  resources, and int erfaces ( LAN, WAN, and WLAN) . 4.2  The Network Map ScreenUse t his screen to view t he net work connect ion st at us of the device and its client s. A warning m essage appears if t here is a connection problem . Figure 15   Net work Map:  I con View Mode
Chapter 4 Network Map and Status ScreensVMG8324-B10A / VMG8324-B30A Series User’s Guide38I f you want  t o view inform at ion about  a client , click the client ’s nam e and I nfo. Click t he I P address if y ou want  t o change it .  I f y ou w ant  t o change t he nam e or icon of t he client , click Ch a nge  na m e/icon. I f you prefer to view t he st at us in a list, click List  View  in the Vie w in g m ode  select ion box. You can configure how oft en you want t he Device to updat e t his screen in Refr esh int e rval.Figure 16   Net work Map:  List  View  Mode4.3  The Status Screen Use t his screen to view the st at us of the Device. Click St a t u s t o open t his screen.Figure 17   St at us Screen
 Chapter 4 Network Map and Status ScreensVMG8324-B10A / VMG8324-B30A Series User’s Guide 39Each field is described in the following t able.Table 4   St at us ScreenLABEL DESCRIPTIONRefresh I nt erval Select  how  oft en you want  t he Device t o updat e this screen.Device I nform at ionHost  Nam e This field displays t he Device sy st em  nam e. I t  is used for ident ificat ion. Model Num ber This shows t he m odel num ber of your Device.Firm war e Ve r si onThis is t he curr ent  version of the fir m ware inside the Device. WAN I nfor m at ion (These fields display when you have a WAN connect ion.)WAN Type This field displays t he current WAN connect ion t ype.MAC Address This shows the WAN Et hernet  adapter MAC ( Media Access Cont rol) Addr ess of your Device.I P Address This field displays the cur rent  I P address of the Device in the WAN. Click  Re lea se  t o release your I P address t o 0.0.0.0. I f you want  t o r enew your I P address, click Renew .I P Subnet  Mask This field displays the current subnet  m ask in the WAN.Encapsulat ion This field displays t he current  encapsulation m ethod.LAN I nform at ionI Pv4 Address This is the current  I Pv4 I P address of the Device in t he LAN.  I Pv4 Subnet MaskThis is t he curr ent  subnet m ask in the LAN.DHCP This field displays what  DHCP services t he Device is providing t o t he LAN. Choices are:Ser ve r  - The Device is a DHCP server  in t he LAN. I t  assigns I P addresses t o other com puter s in t he LAN.Re lay -  The Device act s as a surrogat e DHCP server and relays DHCP r equest s and responses bet w een t he r em ot e serv er and t he client s.N on e -  The Dev ice is not providing any DHCP services t o t he LAN.MAC Address This shows t he LAN Ethernet  adapt er MAC (Media Access Cont rol)  Address of your Device.WLAN I nform at ionMAC Address This show s t he w ireless adapt er MAC (Media Access Cont rol)  Address of your Device. St at us This displays whet her WLAN is act ivat ed.SSI D This is t he descr ipt iv e nam e used t o identify t he Device in a wireless LAN. Channel This is t he channel num ber used by t he Device now.Security This displays the type of securit y m ode t he Device is using in t he wireless LAN.802.11 Mode This displays the type of 802.11 m ode t he Device is using in t he wireless LAN.WPS This displays whet her WPS is act ivat ed. SecurityFir ewall This display s the fir ewall’s current securit y level.Syst em  St atusSy st em  Up Tim eThis field displays how long t he Device has been running since it  last  st art ed up. The Device st art s up when you plug it  in, when you rest art  it  ( M a int e nance  >  Reboot ) , or  when you r eset it .Current  Dat e/Tim eThis field displays the current  dat e and t im e in t he Device. You can change this in M ain t e na n ce>  Tim e Se t t ing.Syst em  Resource
Chapter 4 Network Map and Status ScreensVMG8324-B10A / VMG8324-B30A Series User’s Guide40CPU Usage This field displays what  percent age of t he Device’s processing ability is current ly used. When t his percent age is close to 100% , t he Device is running at  full load, and the throughput  is not  going t o im prove anym ore. I f you want som e applications t o have m ore t hroughput , you should t urn off ot her applicat ions ( for  exam ple, using QoS;  see Chapt er 9 on page 139) .Mem ory Usage This field displays what  percent age of t he Device’s m em ory is current ly used. Usually, this percentage should not  increase m uch. I f m em ory usage does get  close t o 100% , t he Device is probably becom ing unst able, and you should rest art  the device. See Sect ion 39.2 on page 313, or t urn off the device (unplug t he pow er)  for  a few seconds.NAT Session UsageThis field displays what  percent age of the Device support ed NAT sessions are cur rent ly being used.I nterface St at usI nt erface This colum n displays each interface t he Device has.St at us This field indicates t he int erface’s use status.For the DSL interface, t his field displays Dow n ( line down) , Up ( line up or connect ed)  and Dr op (dropping a call)  if you're using PPPoE encapsulat ion.For t he Et hernet  WAN and LAN interface, this field display s Up when using the int erface and N oLin k when not  using t he int erface.For t he WLAN int erface, t his field displays t he enabled ( Act iv e ) or disabled ( I n Act iv e)  st ate of the int erface.For t he 3G USB interface, t his field displays Up when using the int erface and N oD ev ice  when no device is det ect ed in any USB slot.Rat e For t he Ethernet WAN and LAN int erface, t his display s t he por t  speed and duplex set t ing.For the DSL interface, it  displays the downst ream  and upst ream  t ransm ission rat e.For the WLAN interface, it  displays t he m ax im um  t ransm ission rate or N / A wit h WLAN disabled.For the 3G USB interface, this field displays Up when a 3G USB device is inst alled in a USB slot and N o De vice  when no device is detected in any USB slot .Regist r at ion St at usAccount This colum n displays each SI P account in t he Dev ice.Act ion I f t he SI P account  is already registered wit h t he SI P server, t he Account  St a t us field display s Regist e r ed.Click Unr egist er t o delet e t he SI P account’s regist rat ion in t he SI P ser ver. This does not  cancel your SI P account , but it  delet es t he m apping between your SI P ident it y and your I P addr ess or dom ain nam e.I f t he SI P account is not  registered wit h t he SI P server, t he Accou nt  Status field display s N ot  Regist e r ed.Click Re gist e r  t o have t he Device at t em pt  t o r egist er the SI P account  with t he SI P server.The but t on is grayed out  if t he SI P account is disabled.Table 4   St at us Screen ( cont inued)LABEL DESCRIPTION
 Chapter 4 Network Map and Status ScreensVMG8324-B10A / VMG8324-B30A Series User’s Guide 41Account   Status This field displays the current  registration status of t he SI P account . You have t o regist er SI P account s wit h a SI P server t o use VoI P.I n a ct ive  -  The SI P account  is not  act ive. You can activate it in VoI P >  SI P >  SI P Accou nt .N ot  Re gist ere d -   The last  t im e t he Device t r ied to register the SI P account  wit h the SI P server, t he at tem pt failed.  Use t he Re gist e r but t on t o r egister t he account again. The Device autom at ically tries to register the SI P account  when you turn on the Device or w hen you act ivat e it.Re gist e red -  The SI P account  is already  regist ered wit h the SI P server. You can use it  to m ake a VoI P call.Service- Pr ov ider This colum n displays the service pr ovider  nam e and SI P num ber for each SI P account .URI This field displays t he account  num ber and service dom ain of the SI P account . You can change t hese in the VoI P >  SI P scr eens.Table 4   St at us Screen ( cont inued)LABEL DESCRIPTION
Chapter 4 Network Map and Status ScreensVMG8324-B10A / VMG8324-B30A Series User’s Guide42
VMG8324-B10A / VMG8324-B30A Series User’s Guide 43CHAPTER   5Broadband5.1  OverviewThis chapt er discusses t he Device’s Br oadba n d screens. Use t hese screens to configure your Device for I nternet  access.A WAN ( Wide Area Net work)  connect ion is an out side connect ion to another  net wor k or t he I nt ernet . I t connects your privat e networks, such as a LAN ( Local Area Network)  and other  net works, so that a com put er in one locat ion can com m unicate with com puters in ot her locat ions.Figure 18   LAN and WAN3G ( t hird generat ion)  st andards for t he sending and receiving of voice, video, and dat a in a m obile environm ent . You can at tach a 3G wireless adapt er t o t he USB port and set t he Device t o use this 3G connect ion as your WAN or a backup w hen t he wired WAN connection fails.Figure 19   3G WAN Connect ion 5.1.1  What You Can Do in this Chapter• Use the Broadband screen t o view, rem ove or add a WAN int erface. You can also configure t he WAN sett ings on t he Device for I nt ernet  access ( Sect ion 5.2 on page 47) .• Use the 3 G Ba ck up screen t o configure 3G WAN connection ( Sect ion 5.3 on page 57) . WAN
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide44• Use the Adva nced screen to enable or disable PTM over ADSL, Annex M/ Annex J, and DSL PhyR functions ( Sect ion 5.4 on page 61) . • Use the 8 0 2 .1 x screen t o view and configure the I EEE 802.1X sett ings on t he Device (Sect ion 5.5 on page 62) . • Use the W an St a t us scr een t o view a WAN int erface’s hist orical t raffic t ransm ission rate. (Sect ion 5.6 on page 63) .5.1.2  What You Need to KnowThe following t erm s and concept s m ay help as you read t his chapt er.Encapsulation MethodEncapsulation is used t o include data from  an upper layer prot ocol into a lower layer prot ocol. To set  up a WAN connect ion to the I nt ernet , you need t o use the sam e encapsulat ion m et hod used by your  I SP ( I nt ernet Service Provider) . I f your I SP offers a dial- up I nternet  connection using PPPoE (PPP over Ethernet) , t hey should also provide a usernam e and password ( and service nam e) for user aut hent icat ion.Table 5   WAN Setup Overview LAYER-2 INTERFACE INTERNET CONNECTIONCONNECTION DSL LINK TYPE MODE ENCAPSULATION CONNECTION SETTINGSADSL/ VDSL over PTMN/ A Rout ing PPPoE PPP inform at ion, I Pv4/ I Pv6 I P addr ess, rout ing feat ure, DNS ser ver, VLAN, QoS, and MTUI PoE I Pv4/ I Pv6 I P addr ess, rout ing feat ure, DNS server, VLAN, QoS, and MTUBridge N/ A VLAN and QoSADSL over ATM EoA Routing PPPoE/ PPP0A ATM PVC configurat ion, PPP inform ation, I Pv 4/ I Pv6 I P address, rout ing featur e, DNS server, VLAN, QoS, and MTUI PoE/ I PoA ATM PVC configurat ion, I Pv4/ I Pv6 I P addr ess, rout ing feat ure, DNS ser ver, VLAN, QoS, and MTUBridge N/ A ATM PVC configurat ion, and QoSEtherWAN N/ A Rout ing PPPoE PPP user  nam e and password, WAN I Pv4/ I Pv6 I P address, routing feat ure, DNS server, VLAN, QoS, and MTUI PoE WAN I Pv4/ I Pv6 I P address, NAT, DNS server  and rout ing feat ureBridge N/ A VLAN and QoS
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 45WAN IP AddressThe WAN I P address is an I P address for t he Device, which m akes it accessible from  an out side net work. I t  is used by t he Device to com m unicat e w ith ot her devices in ot her net works. I t  can be st at ic ( fixed)  or dynam ically assigned by t he I SP each t im e t he Device t ries t o access the I nt ernet .I f your I SP assigns you a static WAN I P address, t hey should also assign you t he subnet m ask and DNS ser ver I P address( es) .ATMAsynchronous Transfer Mode ( ATM)  is a WAN net w orking technology t hat provides high- speed dat a transfer. ATM uses fixed- size packet s of inform at ion called cells. With ATM, a high QoS ( Quality of Service)  can be guarant eed. ATM uses a connect ion- orient ed m odel and est ablishes a virtual circuit ( VC) between Finding Out  MorePTMPacket Transfer Mode (PTM)  is packet- orient ed and supported by t he VDSL2 standard. I n PTM, packet s are encapsulat ed direct ly in the High- level Dat a Link Cont rol ( HDLC)  fram es. I t  is designed to pr ovide a low-overhead, t ransparent way of t ransport ing packet s over DSL links, as an alternat ive t o ATM.3G 3G ( Third Generation)  is a digital, packet- swit ched wireless technology. Bandwidth usage is opt im ized as m ult iple users share the sam e channel and bandwidt h is only allocat ed t o users when t h ey  send dat a. I t  allow s fast  t ransfer  of v oice and non- voice dat a and provides broadband I nt ernet  access t o m obile devices. IPv6 IntroductionI Pv6 ( I nternet Prot ocol version 6) , is designed t o enhance I P address size and features. The increase in I Pv6 address size to 128 bit s ( from  t he 32-bit I Pv4 address)  allows up t o 3.4 x 1038 I P addresses. The Device can use I Pv4/ I Pv6 dual stack to connect  to I Pv4 and I Pv6 networks, and supports I Pv6 rapid deploym ent  ( 6RD) . IPv6 AddressingThe 128-bit I Pv6 address is writt en as eight  16- bit  hexadecim al blocks separat ed by colons ( : ) . This is an exam ple I Pv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.I Pv6 addresses can be abbreviat ed in two ways:• Leading zeros in a block can be om it t ed. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be writ t en as 2001:db8:1a2b:15:0:0:1a2f:0.
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide46• Any num ber of consecutive blocks of zeros can be replaced by a double colon. A double colon can only appear once in an I Pv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be writ t en as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015, 2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.IPv6 Prefix and Prefix LengthSim ilar t o an I Pv4 subnet  m ask, I Pv6 uses an addr ess prefix to represent t he network address. An I Pv6 prefix length specifies how m any m ost significant bits ( st art  from  the left)  in t he address com pose t he net w ork address. The prefix lengt h is writ t en as “ / x”  where x is a num ber. For exam ple, 2001:db8:1a2b:15::1a2f:0/32m eans t hat  t he first  32 bits (2001:db8)  is the subnet  prefix. IPv6 Subnet MaskingBoth an I Pv6 address and I Pv6 subnet  m ask com pose of 128- bit  binary digits, w hich are divided int o eight 16- bit  blocks and writ t en in hexadecim al notat ion. Hexadecim al uses four bits for each charact er ( 1 ~  10, A ~  F). Each block’s 16 bit s are t hen represent ed by four hexadecim al charact ers. For  exam ple, FFFF: FFFF: FFFF: FFFF: FC00: 0000: 0000: 0000.IPv6 Rapid DeploymentUse I Pv6 Rapid Deploym ent ( 6rd)  when t he local network uses I Pv6 and t he I SP has an I Pv4 net work. When t he Device has an I Pv4 WAN address and you set I Pv6 / I Pv 4  M ode  to I Pv4  Only, you can enable 6rd to encapsulate I Pv6 packet s in I Pv4 packet s t o cross t he I SP’s I Pv4 net work. The Device generat es a global I Pv6 prefix from  its I Pv4 WAN address and t unnels I Pv6 traffic t o t he I SP’s Border Relay rout er ( BR in t he figure)  t o connect t o t he nat ive I Pv6 I nternet . The local net work can also use I Pv4 services. The Device uses it ’s configured I Pv4 WAN I P t o rout e I Pv4 traffic t o t he I Pv4 I nt ernet .Figure 20   I Pv6 Rapid Deploym entI SP ( I Pv4)I Pv6 I nternet I Pv4 I Pv6 BRI Pv6 in I Pv4I Pv4 I nternetI Pv4 +LAN-  I Pv6-  I Pv4W AN-  I Pv4-  I Pv6 in I Pv4
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 47Dual Stack Lite   Use Dual St ack Lit e when local network com put ers use I Pv4 and t he I SP has an I Pv6 network. When t he Device has an I Pv6 WAN address and you set I Pv6 / I Pv4  M ode  t o I Pv6  Only, you can enable Dual St ack Lit e t o use I Pv4 com put ers and services. The Device t unnels I Pv4 packet s inside I Pv6 encapsulation packet s t o t he I SP’s Address Fam ily Transit ion Rout er ( AFTR in t he graphic) t o connect t o t he I Pv4 I nt ernet . The local net work can also use I Pv6 services. The Device uses it ’s configured I Pv6 WAN I P t o rout e I Pv6 t raffic t o t he I Pv6 I nt ernet .Figure 21   Dual St ack Lit e5.1.3  Before You BeginYou need t o know your I nt ernet access set t ings such as encapsulation and WAN I P address. Get  t his inform ation from  your  I SP.5.2  The Broadband ScreenUse t his screen to change your Device’s I nt ernet  access set t ings. Click N et w or k  Set t ing >  Broa dband from  t he m enu. The sum m ary t able shows you t he configured WAN services ( connections)  on the Device.Figure 22   Net work Set t ing >  Broadband I SP ( I Pv6) I Pv6 I nternet I Pv6 AFTRI Pv4 in I Pv6I Pv4 I nt ernetI Pv6  I Pv4 +LAN-  I Pv6-  I Pv4W AN-  I Pv6- I Pv4 in I Pv6
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide48The following t able describes t he labels in this screen. Table 6   Network Sett ing >  BroadbandLABEL DESCRIPTIONAdd New  WAN I nterfaceClick t his but t on t o create a new connection.# This is the index num ber of t he ent r y.Nam e This is the service nam e of t he connect ion.Type This shows whet her it is an ATM, Ethernet  or  a PTM connect ion.Mode This shows whet her t he connection is in rout ing or  bridge m ode.Encapsulation This is t he m et hod of encapsulat ion used by t his connect ion. 802.1p This indicat es the 802.1p priority  level assigned to traffic sent t hrough this connect ion. This display s N / A when there is no priorit y  level assigned.802.1q This indicat es the VLAN I D num ber assigned t o t raffic sent through t his connect ion. This display s N / A when there is no VLAN I D num ber assigned.I GMP Prox y This shows whether t he Device act as an I GMP proxy on t his connect ion.NAT This shows whether NAT is act ivat ed or not  for  t his connection. Default  GatewayThis shows whet her t he Device use the WAN interface of t his connect ion as the syst em  default  gateway.I Pv6 This shows whet her  I Pv6 is act ivat ed or not  for t his connect ion. I Pv6 is not  available when the connection uses the bridging service.MLD Proxy This shows whet her Multicast  Listener Discovery ( MLD)  is activat ed or not  for  this connection. MLD is not  available when t he connect ion uses the bridging service.Modify Click the Ed it  icon t o configure t he WAN connect ion.Click the D ele t e  icon to rem ove t he WAN connect ion.
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 495.2.1  Add/Edit Internet ConnectionClick Add N e w  W AN  I nt er fa ce  in t he Broa dband screen or t he Edit  icon next  t o an exist ing WAN int erface t o configure a WAN connection. The screen varies depending on t he int erface type, m ode, encapsulation, and I Pv6/ I Pv4 m ode you select . 5.2.1.1  Routing ModeUse Rou t in g m ode if your  I SP give you one I P address only and you want  m ultiple com put ers t o share an I nt ernet  account. The following exam ple screen displays when you select t he ADSL/ V D SL over  ATM  connect ion type, Ro ut in g m ode, and PPPoE encapsulat ion. The screen varies when you select  ot her interface type, encapsulation, and I Pv6/ I Pv4 m ode.Figure 23   Net work Set t ing >  Broadband >  Add New WAN I nt er face/ Edit  ( Rout ing Mode)The following t able describes t he labels in this screen.Table 7   Network Sett ing >  Broadband >  Add New  WAN I nt erface/ Edit  ( Rout ing Mode)LABEL DESCRIPTIONGeneralAct ive Select  this t o act ivat e t he WAN configurat ion set t ings.Nam e Specify a descript ive nam e for  this connect ion.Type Select  whether it  is an ADSL/ VDSL over PTM, ADSL over ATM connect ion or Et hernet .
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide50Mode Select  Rou t in g if your I SP give you one I P address only and you want  m ult iple com puters t o shar e an I nt ernet  account . Encapsulat ion Select  the m ethod of encapsulat ion used by  your I SP from  t he drop- down list box . This option is available only when you select  Ro ut in g  in t he M od e field. The choices depend on the connection t ype you select ed. I f your connect ion t ype is ADSL/VD SL over  PTM , t he choices are PPPoE and I PoE. I f your connect ion t ype is AD SL ove r  ATM , t he choices are PPPoE, PPPoA, I PoE and I PoA. I Pv6/ I Pv4 Mode Select  I Pv4  On ly if you want  t he Device t o run I Pv4 only. Select  I Pv6 / I Pv4  Dua lSt a ck  t o allow t he Dev ice to run I Pv4 and I Pv6 at  t he sam e tim e.Select  I Pv6  Only if you want the Device t o run I Pv6 only.ATM PVC Configuration (These fields appear when t he Type  is set  t o ADSL over  ATM .)VPI   The valid range for  the VPI  is 0 to 255. Ent er the VPI  assigned t o you.VCI   The valid range for  the VCI  is 32 to 65535 (0 to 31 is reserved for  local m anagem ent  of ATM traffic) . Ent er t he VCI assigned to you.DSL Link Type This field is not  edit able. The select ion depends on t he set t ing in t he En ca psu la t io n field.EoA ( Et hernet  over  ATM)  uses an Ethernet  header in t he packet , so t hat you can have m ult iple services/ connect ions over one PVC. You can set  each connect ion to have its own MAC address or all connections share one MAC address but use different  VLAN I Ds for  different services. EoA support s ENET ENCAP (I PoE), PPPoE and RFC1483/ 2684 bridging encapsulation m et hods. PPPoA ( PPP over ATM)  allows j ust one PPPoA connect ion over a PVC.I PoA (I P over ATM) allow s j ust  one RFC 1483 rout ing connection over a PVC.Encapsulat ion ModeSelect  t he m et hod of m ultiplexing used by your I SP from  t he drop- down list  box. Choices are:•LLC/ SN AP- BRI D GI N G: I n LCC encapsulat ion, bridged PDUs are encapsulat ed by ident ifying the t ype of t he br idged m edia in the SNAP header. This is available only when you select  I PoE or PPPoE in t he Sele ct  DSL Lin k  Type  field. •VC/ M UX: I n VC m ultiplex ing, each prot ocol is car ried on a single ATM virtual circuit  ( VC). To transport  m ult iple prot ocols, t he Device needs separat e VCs. There is a binding between a VC and t he t y pe of t he net work pr ot ocol carried on t he VC. This reduces pay load overhead since there is no need t o carry prot ocol inform at ion in each Prot ocol Dat a Unit ( PDU)  payload.•LLC/ EN CAPSU LAT I ON : More t han one prot ocol can be carried over the sam e VC. This is available only when you select  PPPoA in the En ca p su la t ion  field.•LLC/ SN AP- ROUTI N G: I n LCC encapsulation, an I EEE 802.2 Logical Link Cont rol ( LLC)  header is pr efixed to each rout ed PDU t o ident ify the PDUs. The LCC header can be followed by an I EEE 802.1a SubNet w ork  At t achm ent  Point  ( SNAP)  header. This is available only when you select  I PoA in the Enca psu lat ion  field. Service CategorySelect  UBR W it hou t  PCR or UBR W it h  PCR for  applicat ions t hat  are non- t im e sensit ive, such as e- m ail. Select  CBR ( Cont inuous Bit  Rat e)  t o specify fixed ( alway s- on) bandwidth for voice or data traffic. Select  N on  Re a lt im e  VBR ( non real- tim e Variable Bit  Rate)  for connect ions t hat  do not  require closely controlled delay and delay variat ion.Select  Re a ltim e  VBR (real- t im e Variable Bit  Rat e)  for  applications with bursty connect ions t hat  require closely controlled delay and delay variat ion. Peak  Cell Rat e Divide t he DSL line rate ( bps)  by 424 (the size of an ATM cell)  t o find t he Peak Cell Rat e ( PCR). This is the m axim um  rat e at  which the sender can send cells. Type t he PCR here.This field is not available when you select  UBR W it h out  PCR.Table 7   Network Sett ing >  Broadband >  Add New WAN I nt erface/ Edit  ( Rout ing Mode)  ( continued)LABEL DESCRIPTION
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 51Sust ainable Cell RateThe Sust ainable Cell Rate ( SCR)  set s t he av erage cell rate ( long-term )  t hat  can be transm itt ed. Type t he SCR, which m ust  be less t han t he PCR. Not e t hat syst em  default  is 0 cells/ sec. This field is available only when you select Non Re a ltim e V BR or Re a lt im e  VBR.Max im um  Bur st  SizeMaxim um  Burst Size ( MBS)  refers to the m axim um  num ber of cells t hat  can be sent  at  t he peak rat e. Type t he MBS, which is less t han 65535.This field is available only when you select Non Re a ltim e V BR or Re a lt im e  VBR.PPP I nform at ion ( This is available only when you select  PPPoE or PPPoA in t he M ode  field.)PPP User Nam e  Ent er the user  nam e exact ly as your I SP assigned. I f assigned a nam e in t he form  user@dom ain where dom ain ident ifies a service nam e, then ent er  bot h com ponent s exact ly as given.PPP Passwor d Ent er the password associat ed with the user nam e above. Select passw or d unm ask  to show your entered password in plain text .PPP Triger Type Select  when to have t he Device est ablish t he PPP connection.Auto Connect  - select this t o not let  t he connect ion t im e out .Conn ect on  De m and -  select this t o aut om at ically bring up t he connect ion w hen the Device receives packets destined for  t he I nt ernet.M anu a l -  select  this if you want  t o m anually t rigger t he connect ion up.I dle Tim eout This value specifies t he t im e in m inut es that  elapses before t he r out er aut om atically disconnect s from  t he PPPoE server.This field is not  configurable if you select Aut o Conne ct  in t he PPP Trige r Type  field.PPPoE Service Nam e Ent er t he nam e of your PPPoE service here.PPPoE Passt h roug hThis field is available when you select PPPoE encapsulation. I n  addit ion  t o t he Dev ice’s bu ilt- in PPPoE clien t ,  you can enable PPPoE pass t hrough  t o allow up to t en host s on t he LAN t o use PPPoE client  soft ware on t heir com put er s t o connect to t he I SP v ia t he Device. Each host  can have a separat e account  and a public WAN I P address.PPPoE pass through is an alt er nat ive t o NAT for applicat ion where NAT is not  appropr iat e.Disable PPPoE pass thr ough if you do not  need t o allow  host s on t he LAN to use PPPoE client  soft ware on t heir com puters to connect  t o t he I SP.I P Address ( This is available only  when you select  I Pv4  Only or I Pv 6 / I Pv 4  Du a lStack  in t he I Pv 6 / I Pv 4  Mode field.)Obtain an I P Address Aut om at icallyA stat ic I P addr ess is a fixed I P t hat  your I SP gives you. A dynam ic I P address is not  fixed;  t he I SP assigns you a different  one each tim e you connect  t o t he I nternet. Select  t his if you have a dynam ic I P address.DHCP opt ion 60/Ven d o r  I DThis field displays when edit ing an exist ing WAN int erface. Type t he class vender I D you want  t he Device to add in the DHCP Discovery packet s that go to the DHCP server.DHCP opt ion 43 EnableThis field displays when editing an exist ing WAN int erface. Ty pe t he vender  specific inform at ion you want  t he Dev ice to add in t he DHCP Offer packet s. The infor m at ion is used, for exam ple, for configuring an ACS’s ( Auto Configurat ion Server)  URL.St atic I P Address Select  t his option I f t he I SP assigned a fixed I P address. I P Address Ent er t he st at ic I P address provided by  your I SP.Subnet  MaskEnt er t he subnet m ask provided by your I SP.Gat eway I P AddressEnt er t he gat eway I P addr ess provided by your I SP.Table 7   Network Sett ing >  Broadband >  Add New WAN I nt erface/ Edit  ( Rout ing Mode)  ( continued)LABEL DESCRIPTION
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide52Rout ing Feat ure (This is available only when you select  I Pv4  On ly or I Pv6 / I Pv4  Dua lSt a ck  in t he I Pv6 /I Pv4  M ode field.)NAT Enable  Select  t his opt ion t o act ivat e NAT on t his connect ion.I GMP Proxy Enable I nt er net  Group Multicast  Pr ot ocol (I GMP)  is a networ k- layer prot ocol used t o establish m em bership in a Mult icast group -  it is not used to carry user dat a.Select  this opt ion to have the Device act as an I GMP pr oxy on this connect ion. This allow s t he Device t o get  subscr ibing inform ation and m aint ain a j oined m em ber  list  for  each m ulticast gr oup. I t  can r educe m ulticast traffic significant ly.Apply as Default  GatewaySelect  this opt ion t o have t he Device use t he WAN int erface of t his connection as t he syst em  default  gateway.DNS Server ( This is available only when you select  I Pv4  Only or  I Pv6 / I Pv4  Du a lSt a ck in the I Pv6 / I Pv4  Mode field.)DNS Select D yn am ic if you want  t he Device use t he DNS server addresses assigned by your I SP.Select  St a t ic if you want  t he Device use t he DNS ser ver addresses you configure m anually.DNS Server 1 Ent er t he fir st  DNS server addr ess assigned by t he I SP.DNS Server 2 Enter t he second DNS server address assigned by t he I SP.WAN MAC Addr ess Fact or y  Default  Select  Factory Defa ult  t o use t he factory assigned default  MAC address.Clone t he com put er ’s MAC addr ess -  I P AddressSelect t his option and ent er t he I P address of t he com puter on t he LAN whose MAC you are cloning. I t  is advisable to clone t he MAC address from  a com puter on your LAN even if your I SP does not  present ly require MAC address aut hent icat ion. Set  WAN MAC AddressSelect  t his opt ion and ent er the MAC address you want  t o use.Tunnel ( This is available only when you select  I Pv 4  On ly or I Pv6  Only  in t he I Pv6 / I Pv4  Mode field.)The DS- Lite ( Dual St ack Lit e)  fields display when you set the I Pv6 / I Pv4  Mode field t o I Pv6  Only.Enable Dual St ack Lit e t o let  local com puters use I Pv4 t hrough an I SP’s I Pv6 network. See Dual St ack Lite on page 47 for m ore inform at ion.The 6RD ( I Pv6 rapid deploym ent )  fields display when you set the I Pv6 / I Pv4  M ode  field to I Pv4  Only. See I Pv6 Rapid Deploym ent  on page 46 for  m ore inform at ion.Enable DS- Lite This is available only when you select  I Pv6  Only in t he I Pv6 / I Pv4  M ode  field. Select  Enable t o let  local com put er s use I Pv 4 t hrough an I SP’s I Pv6 net work.DS- Lit e Relay Server I PSpecify the t ransition router ’s I Pv6 address.Enable 6RD This is available only when you select  I Pv4  Only in t he I Pv6 / I Pv4  Mode  field. Select   Enable t o t unnel I Pv6 t raffic fr om  t he local net w ork through t he I SP’s I Pv4 net work.6RD Type Select  St a t ic if you have t he I Pv4 address of the relay server, ot herwise select DH CP t o have t he Device det ect it  aut om atically t hrough DHCP.I Pv4 Mask Lengt hEnt er the subnet  m ask num ber ( 1~ 32)  for t he I Pv4 network.6RD Border Relay Server  I PWhen you set  the 6 RD  Type  to St a t ic, specify t he relay server ’s I Pv4 address in this field.6RD I Pv6 Prefix Ent er an I Pv6 prefix for t unneling I Pv6 t raffic t o t he I SP’s border  relay router and connect ing to t he nat ive I Pv6 I nt ernet .I Pv6 Address ( This is available only when you select I Pv6 / I Pv4  Dua lSt a ck  or  I Pv 6  Only in t he I Pv6 / I Pv4  Mode field.)Table 7   Network Sett ing >  Broadband >  Add New WAN I nt erface/ Edit  ( Rout ing Mode)  ( continued)LABEL DESCRIPTION
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 53I Pv6 Addr ess Select  Au t om a t ic if you want  t o have t he Device use t he I Pv6 prefix from  t he connect ed rout er’s Rout er Advert isem ent  ( RA) to generat e an I Pv6 address. • Select Ge t  I Pv6  Address Fr om  D H CPv6  Ser v e r( I A_ N A)  i f  y ou  w a n t  t o  obt ain  an  I Pv 6  addr ess from  a DHCPv6 server. The I P address assigned by a DHCPv6 server has priorit y over t he I P address aut om at ically generat ed by the Dev ice using t he I Pv 6 prefix from  an RA. This opt ion is available only when you choose t o get  your I Pv6 addr ess aut om at ically.• Select Pr efix Delega t ion( I A_ PD)  to use DHCP PD ( Prefix Delegat ion)  which enables the Device t o pass t he I Pv 6 pr efix inform at ion t o its LAN host s. The host s can t hen use the prefix t o generat e t heir I Pv6 addresses.Select  St a t ic if you have a fixed I Pv6 address assigned by your  I SP.Select  N on e  t o not assign any I Pv6 address t o t his WAN connect ion.WAN I Pv6  Address Ent er t he I Pv6 address assigned by your I SP.Prefix Length Ent er t he address prefix lengt h t o specify how m any m ost significant  bit s in  an I Pv6  add r ess com pose t he net w ork address.Next  Hop  Enter t he I P address of t he next- hop gat eway. The gat eway is a rout er or swit ch on t he sam e segm ent  as your Device's inter face( s) . The gateway helps forward packets t o t heir dest inations.I Pv6 Routing Feature ( This is available only when you select I Pv6 / I Pv4  Dua lSt a ck  or I Pv6  Only in t he I Pv6 / I Pv4  M ode field. You can enable I Pv6 routing feat ures in t he follow ing sect ion.)MLD Proxy Enable Select  t h is check box  t o have t h e Dev ice act  as an  MLD pr ox y  on t his connect ion.  This allow s the Device t o get  subscript ion inform ation and m aintain a j oined m em ber list  for each m ulticast gr oup. I t  can r educe m ulticast traffic significant ly.Apply as Default  GatewaySelect  this opt ion t o have t he Device use t he WAN int erface of t his connection as t he syst em  default  gateway.I Pv6 DNS Server Configure the I Pv6 DNS server in t he follow ing sect ion.I Pv6 DNS  Select  Dy nam ic t o have t he Device get the I Pv 6 DNS server  addr esses from  t he I SP aut om at ically.Select  St a t ic t o have t he Device use t he I Pv6 DNS server addresses you configure m anually.I Pv6 DNS Server 1Ent er t he first  I Pv6 DNS server address assigned by t he I SP.I Pv6 DNS Server 2Enter t he second I Pv6 DNS server address assigned by t he I SP.VLAN ( These fields appear when t he Type  is set  t o ADSL/ V D SL ov er PTM .)Active Select  this opt ion to add the VLAN tag (specified below)  t o t he outgoing traffic t hrough t his connect ion .802.1p  I EEE 802.1p defines up to 8 separat e t raffic types by inserting a tag into a MAC-layer fram e that  contains bits t o define class of serv ice. Select  the I EEE 802.1p priority level (from  0 to 7)  to add t o t raffic t hrough t his connect ion. The great er t he num ber, t he higher the priority lev el.802.1q Type the VLAN I D num ber  ( from  1 t o 4094)  for t raffic thr ough this connection.QoSRat e Lim it Ent er the rate lim it  for  the connect ion. This is t he m axim um  t ransm ission rate allowed for traffic on this connection.WAN Out going Default  TagSelect  Ena ble  and ent er a D SCP ( DiffSer v Code Point )  value t o have t he Device add it  in the packet s sent  by t his WAN interface. Table 7   Network Sett ing >  Broadband >  Add New WAN I nt erface/ Edit  ( Rout ing Mode)  ( continued)LABEL DESCRIPTION
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide545.2.1.2  Bridge ModeClick t he Add n e w  W AN  I nt e rfa ce in the N e t w ork  Se t t ing >  Br oadba n d screen or t he Ed it  icon next  t o the connect ion you want  t o configure. Select Br idge  as t he encapsulat ion m ode. The screen varies depending on the int erface type you select. I f you select  ADSL/ V D SL ove r PTM as t he int erface t ype, the following scr een appears.Figure 24   Net work Set t ing >  Broadband >  Add New WAN I nt er face/ Edit  ( Bridge Mode )The following t able describes t he fields in this screen.MTUMTU Size Ent er t he MTU ( Maxim um  Transfer Unit )  size for t his t raffic.Apply Click Apply t o save your changes back to t he Device.Cancel Click Ca nce l t o exit  t his screen w it hout saving.Table 7   Network Sett ing >  Broadband >  Add New WAN I nt erface/ Edit  ( Rout ing Mode)  ( continued)LABEL DESCRIPTIONTable 8   Network Sett ing >  Broadband >  Add New  WAN I nt erface/ Edit  ( Bridge Mode)LABEL DESCRIPTIONGeneralAct ive Select this t o act ivat e t he WAN configuration settings.Nam e Ent er a service nam e of t he connect ion.Ty p e Select AD SL/ VDSL over PTM as t he interface t hat you want  t o configure. The Device uses the VDSL technology for  data t ransm ission over t he DSL port .Mode Select Bridge w hen your I SP provides you m or e than one I P address and you want the connect ed com put ers t o get  individual I P address fr om  I SP’s DHCP ser ver dir ectly. I f you select  Br idge , you cannot  use rout ing funct ions, such as QoS, Firewall, DHCP server and NAT on traffic from  t he select ed LAN port ( s).VLAN This section is available only when you select ADSL/ V D SL ov er PTM in t he Type field.Active Select this t o add the VLAN Tag ( specified below)  t o the outgoing traffic t hrough t his connect ion.
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 55I f you select  ADSL over ATM as t he interface t ype, t he following scr een appears.Figure 25   Net work Set t ing >  Broadband >  Add New WAN I nt erface/ Edit  ( ADSL over ATM- Bridge Mode)The following t able describes t he fields in this screen.802.1p I EEE 802.1p defines up to 8 separat e t raffic types by insert ing a tag into a MAC- layer fram e that  contains bit s t o define class of serv ice. Select  t he I EEE 802.1p priorit y level ( from  0 t o 7)  t o add to t raffic t hrough t his connect ion. The great er the num ber, t he higher the pr iority level.802.1q Type t he VLAN I D num ber ( from  0 t o 4094)  for traffic t hrough t his connect ion.QoSRat e Lim it Enter  the rate lim it for the connection. This is the m axim um  t ransm ission rate allowed for traffic on t his connect ion.Apply Click Apply t o save your  changes.Cancel Click Ca nce l to ex it  t his scr een wit hout sav ing.Table 9   Network Sett ing >  Broadband >  Add New WAN I nt erface/ Edit  ( ADSL over ATM - Bridge Mode)LABEL DESCRIPTIONGeneralAct ive Select this t o act ivat e t he WAN configuration settings.Nam e Ent er a service nam e of t he connect ion.Ty p e Select ADSL ove r ATM as t he int er face for which you want to configure here. The Dev ice uses the ADSL t echnology for dat a transm ission over  the DSL por t .Table 8   Network Sett ing >  Broadband >  Add New WAN I nt erface/ Edit  ( Bridge Mode)  ( cont inued)LABEL DESCRIPTION
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide56Mode Select Bridge w hen your I SP provides you m or e than one I P address and you want the connect ed com put ers t o get  individual I P address fr om  I SP’s DHCP ser ver dir ectly. I f you select  Br idge , you cannot  use rout ing funct ions, such as QoS, Firewall, DHCP server and NAT on traffic from  t he select ed LAN port ( s).ATM PVC Configuration (These fields appear when t he Type  is set  t o ADSL over  ATM .)VPI   The valid range for t he VPI  is 0 to 255. Ent er t he VPI  assigned t o you.VCI   The valid range for t he VCI is 32 to 65535 ( 0 t o 31 is reserved for local m anagem ent of ATM traffic). Ent er t he VCI  assigned t o you.DSL Link Type This field is not  edit able. The select ion depends on t he set t ing in t he En ca psu la t io n field.EoA ( Ethernet over ATM)  uses an Ethernet  header in t he packet , so that  you can have m ultiple serv ices/ connect ions over one PVC. You can set  each connect ion to have its ow n MAC address or all connections share one MAC address but  use different  VLAN I Ds for  different  ser vices. EoA supports ENET ENCAP ( I PoE), PPPoE and RFC1483/ 2684 bridging encapsulation m et hods. PPPoA ( PPP over ATM)  allows j ust  one PPPoA connect ion over a PVC.I PoA ( I P over ATM) allows j ust  one RFC 1483 rout ing connection over  a PVC.Encapsulat ion ModeSelect  the m et hod of m ult iplexing used by your I SP from  t he drop- down list  box. Choices are:•LLC/ SN AP- BRI D GI N G: I n LCC encapsulat ion, bridged PDUs ar e encapsulated by identifying the type of t he bridged m edia in t he SNAP header. This is available only  when you select  I PoE or PPPoE in the Select DSL Link Type field. •VC/ M UX: I n VC m ult iplexing, each pr ot ocol is carried on a single ATM virt ual cir cuit (VC). To t ransport  m ult iple protocols, t he Device needs separat e VCs. There is a binding between a VC and t he t ype of t he net work prot ocol carried on t he VC. This reduces payload overhead since t here is no need t o carry prot ocol inform at ion in each Prot ocol Dat a Unit ( PDU)  payload.•LLC/ EN CAPSU LATI ON : More than one pr ot ocol can be carried over the sam e VC. This is available only when you select PPPoA in the En ca p su la t ion  field.•LLC/ SN AP- ROUTI N G: I n LCC encapsulation, an I EEE 802.2 Logical Link Control ( LLC) header is prefixed t o each r out ed PDU t o ident ify t he PDUs. The LCC header can be followed by an I EEE 802.1a SubNet w ork At t achm ent  Point  ( SNAP)  header. This is available only when you select  I PoA in t he Enca psu lation field. Service CategorySelect  UBR W it h out  PCR or UBR W ith PCR for  applicat ions t hat  are non-tim e sensit ive, such as e- m ail. Select  CBR ( Continuous Bit  Rat e)  t o specify fixed ( always- on)  bandwidt h for voice or data traffic. Select  N on  Re a ltim e V BR ( non r eal- tim e Variable Bit  Rat e)  for connect ions t hat  do not  require closely contr olled delay  and delay variat ion.Select  Rea ltim e VBR ( real- t im e Var iable Bit  Rat e)  for applicat ions with burst y connect ions that  require closely cont rolled delay and delay variation. Peak  Cell Rat e Divide t he DSL line rat e ( bps)  by 424 (the size of an ATM cell)  to find the Peak Cell Rat e ( PCR). This is the m axim um  rat e at  which the sender  can send cells. Type t he PCR her e.This field is not  available when you select  UBR W it h out  PCR.Su st ai nab le  Cel l Rat eThe Sustainable Cell Rate (SCR)  sets t he av erage cell rat e ( long-t erm )  t hat can be transm it t ed. Type t he SCR, which m ust be less t han t he PCR. Note that  system  default  is 0 cells/ sec. This field is available only when you select  N on Rea lt im e VBR or Re a lt im e  VBR.Maxim um  Burst  SizeMaxim um  Burst  Size ( MBS) refers t o t he m axim um  num ber of cells t hat  can be sent at the peak rate. Type t he MBS, which is less t han 65535.This field is available only when you select  N on Rea lt im e VBR or Re a lt im e  VBR.Table 9   Network Sett ing >  Broadband >  Add New WAN I nt erface/ Edit  ( ADSL over ATM - Bridge Mode)  ( continued)LABEL DESCRIPTION
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 575.3  The 3G Backup ScreenThe USB port s ( at the left side panel of the Device)  allow you t o at t ach a 3G dongle to wirelessly connect  to a 3G net work for I nt ernet access. You can have t he Device use t he 3G WAN connect ion as a backup. Disconnect the DSL and Ethernet  WAN ports t o use the 3G dongle as your prim ary WAN connect ion. The Device aut om atically uses a w ired WAN connect ion when available.Not e:  This Device supports connecting one 3G dongle at a tim e.Figure 26   I nt ernet  Access Applicat ion:  3G WAN Use t his screen t o configure your 3G sett ings. Click N e t w or k Se t t ing >  Broadba nd >  3 G Back up.QoSRat e Lim it Enter  the rate lim it for the connection. This is the m axim um  t ransm ission rate allowed for traffic on t his connect ion.Apply Click Apply t o save your  changes.Cancel Click Ca nce l to ex it  t his scr een wit hout sav ing.Table 9   Network Sett ing >  Broadband >  Add New WAN I nt erface/ Edit  ( ADSL over ATM - Bridge Mode)  ( continued)LABEL DESCRIPTION
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide58Not e:  The act ual dat a rate you obtain varies depending t he 3G card you use, t he signal st rengt h t o t he service provider’s base st ation, and so on.Figure 27   Net work Set t ing >  Broadband >  3G Backup The following t able describes t he labels in this screen. Table 10   Net work Sett ing >  Broadband >  3G BackupLABEL DESCRIPTIONGeneral3G Backup Select Enable t o have t he Device use t he 3G connect ion as your WAN or a backup when the wir ed WAN connection fails.Ping Check Select Enable  if you want  the Device t o ping check t he connect ion stat us of your WAN. You can configure t he frequency of t he ping check and num ber of consecut ive failures before triggering 3G backup.Check Cycle  Ent er the fr equency  of the ping check  in t his field.Consecutive PI NG Fail Ent er how  m any consecutive failures are required befor e 3G backup is t riggered.Ping Default GatewaySelect  this to have t he Device ping t he WAN interface’s default  gateway I P address.Ping the Host Select  t his t o have the Device ping t he par t icular host nam e or I P address you t yped in t his field.3G Connection Set t ingsCard descriptionThis field displays the m anufact urer and m odel nam e of your 3G card if you inser t ed one in the Dev ice. Otherwise,  it  display s N / A.
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 59Usernam e Type t he user nam e ( of up t o 64 ASCI I  print able characters)  given to you by your  ser vice pr ovider.Password Type t he password ( of up t o 64 ASCI I  print able charact ers)  associated with the user nam e above.PI N A PI N (Personal I dent ificat ion Num ber )  code is a key t o a 3G card. Wit hout  t he PI N code, you cannot  use t he 3G card.I f your  I SP enabled PI N code aut hent icat ion, ent er the 4- digit  PI N code ( 0000 for exam ple)  pr ovided by your  I SP. I f you ent er the PI N code incorrectly, t he 3G card m ay be blocked by your I SP and y ou cannot use t he account  t o access the I nt ernet .I f your I SP disabled PI N code authenticat ion, leave t his field blank.Dial str ing Ent er t he phone num ber ( dial st ring)  used t o dial up a connection to your service pr ovider ’s base st at ion. Your I SP should provide t he phone num ber.For exam ple, * 99#  is the dial st ring to est ablish a GPRS or 3G connect ion in Taiwan.APN Enter t he APN (Access Point  Nam e) pr ovided by your service provider. Connect ions with different  APNs m ay  provide different  services ( such as I nt ernet  access or MMS ( Mult i- Media Messaging Service) )  and char ge m et hod.You can ent er up t o 32 ASCI I  print able charact er s. Spaces are allowed.Connect ion Select N ailed UP if you do not  want  t he connect ion t o t im e out .Select  on D em a n d if you do not  want  the connection up all t he t im e and specify an idle tim e- out  in t he M a x  I dle Tim eou t  field.Max I dle Tim eout  This value specifies t he t im e in m inut es that  elapses before t he Device aut om atically disconnect s from  the I SP.Obtain an I P Address Aut om at icallySelect  this option if your  I SP did not  assign you a fixed I P addr ess. Use t he following st at ic I P addressSelect  t his option if t he I SP assigned a fixed I P address. I P Address Ent er your WAN I P addr ess in this field if you select ed Use  t h e follow ing st a t ic I P addr e ss. Obtain DNS info dynam ically Select  this t o have t he Device get t he DNS server addresses from  the I SP aut om at ically. Use t he following st at ic DNS I P addressSelect  this to have t he Device use t he DNS server addresses you configure m anually.Prim ary DNS serverEnt er t he fir st  DNS server address assigned by t he I SP.Secondary DNS serverEnt er t he second DNS serv er address assigned by t he I SP.Enable Em ail Notification Select  this to enable the e- m ail not ificat ion funct ion. The Device will e- m ail you a not ificat ion when t he 3G connection is up.Mail Ser ver Select  a m ail server for the e- m ail address specified below. I f you do not  select  a m ail server, e-m ail not ificat ions cannot  be sent via e-m ail. You m ust  have configured a m ail server already in t he Main t e na n ce > Em ail N ot ifica t ion screen.3G backup Send Email Tit leType a t it le t hat  you want  t o be in t he subject  line of the e- m ail notificat ions t hat  t he Device sends.Table 10   Net work Sett ing >  Broadband >  3G Backup ( cont inued)LABEL DESCRIPTION
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide60Send Notification t o Em ailNotificat ions are sent  t o t he e- m ail address specified in t his field. I f t his field is left  blank, not ificat ions cannot  be sent via e- m ail. Advanced Click this to show the advanced 3G backup set t ings.Budget  SetupEnable Budget  ControlSelect  En a ble t o set  a m onthly lim it  for the user account  of t he inst alled 3G card. You can set  a lim it  on t he t ot al traffic and/ or call t im e. The Device t akes t he act ions you specified when a lim it  is exceeded during t he m ont h.Tim e Budget Select  t his and specify the am ount  of t im e ( in hours)  that the 3G connection can be used within one m ont h. I f you change t he value aft er you configure and enable budget control, the Device reset s t he stat ist ics.Dat a Budget  ( Mbyt es)Select  this and specify how m uch downst ream  and/ or upst ream  data ( in Mega by t es)  can be transm itt ed via the 3G connect ion wit hin one m onth.Select  D ow n load/ Uploa d t o set  a lim it on t he t ot al traffic in bot h directions.Select  D ow nload to set a lim it  on t he downst ream  t raffic ( from  t he I SP to t he Device) .Select  Up load to set  a lim it on t he upstream  t raffic (from  t he Device t o the I SP) .I f you change t he value aft er  you configure and enable budget  contr ol, the Device reset s t he st at ist ics.Dat a Budget  ( k Packet s)Select  this and specify how m uch downst ream  and/ or upstream  data (in k Packets)  can be transm itt ed via the 3G connect ion wit hin one m onth.Select  D ow n load/ Uploa d t o set  a lim it on t he t ot al traffic in bot h directions.Select  D ow nload to set a lim it  on t he downst ream  t raffic ( from  t he I SP to t he Device) .Select  Up load to set  a lim it on t he upstream  t raffic (from  t he Device t o the I SP) .I f you change t he value aft er  you configure and enable budget  cont rol, the Device reset s t he st at ist ics.Reset  all budget  counters on Select  the dat e on which t he Device resets t he budget  every m onth. Select last  if you want the Device to reset  the budget  on t he last  day of t he m ont h. Select specific and enter t he num ber of t he date you want  the Device t o reset  t he budget Reset  t im e and dat a budget  countersClick  t his butt on t o reset  t he t im e and dat a budget s im m ediat ely. The count st ar t s over with the 3G connect ion’s full configured m ont hly t im e and dat a budgets. This does not  affect  t he norm al m ont hly budget  rest art ;  so if you configured the t im e and dat a budget count ers t o reset on the second day of t he m ont h and you use t his but t on on the first , t he t im e and data budget  counters w ill st ill reset  on t he second.Actions before over budget Specify t he act ions t he Device t akes befor e t he t im e or data lim it exceeds.Enable %  of tim e budget /dat a budget  ( Mbyt es) / data budget  ( k Packet s)Select  En a ble and ent er a num ber from  1 to 99 in t he percent age fields. I f you change t he value aft er you configure and enable budget  cont rol, the Device reset s t he st at ist ics.Act ions when over budgetSpecify  the act ions the Device takes when the t im e or data lim it  is exceeded. Current  3G connect ion Select  Ke e p t o m aintain an exist ing 3G connect ion or Drop t o disconnect it . Act ionsEnable Em ail Notification Select  this to enable the e- m ail not ificat ion funct ion. The Device will e- m ail you a not ificat ion when t here over budget  occurs.Table 10   Net work Sett ing >  Broadband >  3G Backup ( cont inued)LABEL DESCRIPTION
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 615.4  The Advanced ScreenUse t he Adva nced screen t o enable or disable ADSL over PTM, Annex M, DSL PhyR, and SRA ( Seam less Rat e Adaption)  funct ions. The Device support s the PhyR retransm ission schem e. PhyR is a ret ransm ission schem e designed t o prov ide prot ect ion against noise on t he DSL line. I t  im proves voice, video and data t ransm ission resilience by ut ilizing a retransm ission buffer.Click N et w ork  Se t t ing >  Broa dband >  Adva n ce d t o display t he following screen.Figure 28   Net work Set t ing >  Broadband >  Advanced The following t able describes t he labels in this screen. Mail Ser ver Select  a m ail server for the e- m ail address specified below. I f you do not  select  a m ail server, e-m ail not ificat ions cannot  be sent via e-m ail. You m ust  have configured a m ail server already in t he Main t e na n ce > Em ail N ot ifica t ion screen.Over Budget Em ail Tit leType a t it le t hat  you want  t o be in t he subject  line of the e- m ail notificat ions t hat  t he Device sends.Send Notification t o Em ailNotificat ions are sent  t o t he e- m ail address specified in t his field. I f t his field is left  blank, not ificat ions cannot  be sent via e- m ail. I nt erval Enter t he int erval of how m any m inut es y ou want the Device to e- m ail you.Enable Log Select this to act ivate the logging funct ion at the int erval you set  in this field. Basic Click t his t o hide t he advanced settings of 3G backup.Apply Click Apply t o save your changes back t o t he Device.Cancel Click Ca nce l to ret urn to t he previous configurat ion.Table 10   Net work Sett ing >  Broadband >  3G Backup ( cont inued)LABEL DESCRIPTIONTable 11   Net work Set t ing >  Net work Set t ing >  BroadbandLABEL DESCRIPTIONADSL over PTM Select  Ena ble  t o use ADSL over PTM. Since PTM has less overhead than ATM, som e I SPs use ADSL over  PTM for bet t er  perfor m ance.Annex  M You can enable Ann ex M  for t he Device t o use double upst ream  m ode to increase t he m axim um  upst ream  t ransfer rat e.PhyR US Enable or disable Ph yR US ( upst r eam )  for upst ream  t ransm ission t o the WAN. PhyR US should be enabled if dat a being transm itted upstream  is sensitive to noise. However, enabling PhyR US can decrease t he US line rat e. Enabling or disabling PhyR will require the CPE to ret rain. For PhyR t o function, the DSLAM m ust  also support  PhyR and have it  enabled.
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide625.5  The 802.1x ScreenYou can view and configure t he 802.1X aut hent icat ion set t ings in the 8 0 2 .1 x  screen. Click N e t w ork Se t t ing >  Br oadba nd >  8 0 2 .1 x  t o display t he following screen.Figure 29   Net work Set t ing >  Broadband >  802.1xThe following t able describes t he labels in this screen. PhyR DS Enable or disable PhyR D S ( downst ream )  for downstream  t ransm ission from  the WAN. PhyR DS should be enabled if data being transm itted downstream  is sensit ive t o noise. However, enabling PhyR DS can decrease t he DS line rate. Enabling or  disabling PhyR w ill require the CPE t o ret rain. For PhyR t o function, t he DSLAM m ust  also suppor t  PhyR and have it  enabled.SRA Enable or disable Seam less Rat e Adaption (SRA) . Select  En a ble t o have the Device autom at ically adj ust  t he connection’s dat a rat e accor ding t o line conditions wit hout  int errupting serv ice.Apply Click Apply t o save your changes back t o t he Device.Cancel Click Ca nce l to ret urn to t he previous configurat ion.Table 11   Net work Set t ing >  Net work Set t ing >  Broadband ( cont inued)LABEL DESCRIPTIONTable 12   Net work Sett ing >  Net work Sett ing >  802.1xLABEL DESCRIPTION# This is the index num ber of t he ent r y.St at us  This field displays whet her t he authent icat ion is act ive or not. A yellow  bulb signifies t hat  this aut henticat ion is active. A gray bulb signifies that this aut hent ication is not  active.I nterface This is the interface t hat  uses the aut hent ication. This displays N / A when t here is no int erface assigned.EAP I dent it y This shows t he EAP ident ity of the authent icat ion. This displays N / A when t here is no EAP ident it y  assigned.EAP m et hod This shows t he EAP m et hod used in t he authent icat ion. This displays N / A when t here is no EAP m et hod assigned.Bidir ect ional Au t hen t icat ionThis shows w het her bidirect ional aut hent icat ion is allow ed. Cert ificate This shows t he cert ificate used for t his authent icat ion. This displays N / A when ther e is no cer t ificate assigned.Trust ed CA This shows t he Trust ed CA used for this aut hent ication. This displays N / A when t here is no Trust ed CA assigned.Apply Click Apply t o save your changes back t o t he Device.Cancel Click Ca nce l to ret urn to t he previous configurat ion.
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 635.5.1  Edit 802.1X Settings Use t his scr een t o edit 802.1X aut hentication set tings. Click t he Ed it  icon next  t o t he rule you want to edit . The screen shown next  appears.Figure 30   Net work Set t ing >  Broadband >  802.1x:  EditThe following t able describes t he labels in this screen.  5.6  The WAN Status ScreenClick N et w or k  Set t ing >  Broa dba nd >  W a n  Sta t u s to open this screen. Use this screen t o query and view the hist orical t raffic t ransm ission rat e for a WAN interface in a bar chart. N / A displays if the specified WAN int erface was disconnected at t hat  t im e.Table 13   Net work Sett ing >  Broadband >  802.1x:  EditLABEL DESCRIPTIONAct ive This field allows you t o act ivate/ deact ivat e t he authent icat ion.Select this t o enable t he aut henticat ion. Clear this t o disable this aut hent ication w it hout  having to delete the ent ry.I nterface Select  an int erface to which t he authenticat ion applies.EAP I dentity Ent er t he EAP ident it y of t he aut hent icat ion.EAP m et hod This is t he EAP m et hod used for this authenticat ion.Enable Bidir ect ional Au t hen t icat ionSelect this t o allow bidir ectional authent icat ion.Cert ificate Select the cert ificate you want  t o assign to t he authent icat ion. You need t o im port t he cert ificat e in the Se cu r it y  >  Ce r t if ica t e s >  Loca l Ce r t ifica t e s screen.Trust ed CA Select the Trusted CA you want  t o assign t o t he aut henticat ion. You need to im port  the cert ificat e in the Se cu r it y  >  Ce r t if ica t e s >  Tru st e d CA screen.Apply Click Apply t o save your  changes.Cancel Click Ca ncel t o exit  this screen w ithout  saving.
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide64Figure 31   Net work Sett ing >  Broadband >  Wan St atusThe following t able describes t he labels in this screen.  5.7  Technical ReferenceThe following sect ion cont ains additional t echnical inform ation about  the Device feat ures described in this chapt er.EncapsulationBe sur e t o use t he encapsulat ion  m et hod r equ ir ed by  y ou r  I SP.  Th e Dev ice can  w or k  in  br id g e m ode or rout ing m ode. When t he Device is in rout ing m ode, it support s the following m et hods.IP over Ethernet I P over Ethernet  ( I PoE)  is an alt ernat ive t o PPPoE. I P packets are being delivered across an Et hernet network, without using PPP encapsulation. They are routed between t he Ethernet int erface Table 14   Net work Set t ing >  Broadband >  Wan St atusLABEL DESCRIPTIONI nterface Select a WAN int erface t o see it s hist orical traffic t ransm ission rat e in the chart .Dir ect ion Select  RX or TX t o display received traffic only or t ransm it t ed t raffic only in the chart .Tim e I nt erval Select  the t im e periods t o display in t he chart . Available choices are M in ut e , D a y, and Mon t h.Scan Click  this to updat e t he chart  according t o your  select ed crit er ia.
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 65and t he WAN int erface and t hen form at t ed so t hat  t hey can be under st ood in a bridged environm ent . For inst ance, it encapsulat es rout ed Ethernet  fram es into bridged Ethernet  cells. PPP over ATM (PPPoA)PPPoA st ands for Point  t o Point Protocol over ATM Adapt at ion Layer 5 ( AAL5) . A PPPoA connect ion functions like a dial- up I nt ernet  connect ion. The Device encapsulates t he PPP session based on RFC1483 and sends it t hrough an ATM PVC ( Perm anent  Vir t ual Circuit )  t o t he I nt ernet Service Provider’s ( I SP)  DSLAM (digit al access m ult iplexer) . Please r efer t o RFC 2364 for m ore inform at ion on PPPoA. Refer t o RFC 1661 for m ore inform ation on PPP.PPP over Ethernet (PPPoE)Point- t o- Point  Prot ocol over Ethernet  ( PPPoE) provides access cont rol and billing functionality in a m anner sim ilar t o dial- up services using PPP. PPPoE is an I ETF st andard ( RFC 2516)  specifying how a personal com put er ( PC) int eract s wit h a broadband m odem  ( DSL, cable, w ireless, etc.)  connect ion. For t he service provider, PPPoE offers an access and aut hent icat ion m et hod t hat  works with exist ing access cont rol system s ( for exam ple RADI US) .One of t he benefits of PPPoE is t he abilit y to let  you access one of m ult iple net work services, a function known as dynam ic service select ion. This enables t he service prov ider to easily create and offer new I P ser vices for individuals.Operationally, PPPoE saves significant  effort  for both you and t he I SP or carrier, as it requires no specific configurat ion of the broadband m odem  at  the cust om er site.By im plem ent ing PPPoE direct ly on the Device ( rather t han individual com puters) , the com put ers on the LAN do not  need PPPoE software inst alled, since the Device does t hat  part  of t he task. Furtherm ore, with NAT, all of t he LANs’ com put ers will have access.RFC 1483RFC 1483 describes t w o m et hods for Mult iprotocol Encapsulat ion over  ATM Adapt at ion Layer 5 ( AAL5). The first m et hod allows m ult iplexing of m ultiple protocols over a single ATM virt ual circuit ( LLC- based m ult iplexing) and t he second m et hod assum es t hat  each protocol is car ried over a separat e ATM virtual cir cuit ( VC-based m ult iplexing). Please refer  t o RFC 1483 for m ore det ailed inform at ion.MultiplexingThere are two convent ions t o ident ify what  protocols t he virtual circuit  ( VC) is carrying. Be sure t o use t he m ult iplexing m et hod required by your I SP.VC- based MultiplexingI n t his case, by prior m utual agreem ent , each prot ocol is assigned t o a specific virt ual circuit ;  for exam ple, VC1 carries I P, et c. VC-based m ultiplexing m ay be dom inant  in environm ents where dynam ic creat ion of large num bers of ATM VCs is fast  and econom ical.LLC- based Mult iplexing
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide66I n t his case one VC carries m ultiple protocols with prot ocol ident ifying inform ation being cont ained in each packet header. Despit e t he ext ra bandwidth and processing overhead, t his m ethod m ay be advantageous if it  is not  pract ical t o have a separate VC for each carried protocol, for exam ple, if charging heavily depends on the num ber of sim ultaneous VCs.Traffic ShapingTraffic Shaping is an agreem ent  bet w een t he carrier and t he subscriber t o regulate t he average rat e and fluct uations of dat a t ransm ission over an ATM net work. This agr eem ent  helps elim inat e congestion, which is im port ant for transm ission of real tim e dat a such as audio and video connect ions.Peak Cell Rate ( PCR) is t he m axim um  rat e at  which t he sender  can send cells. This param eter m ay be lower ( but not higher)  t han t he m axim um  line speed. 1 ATM cell is 53 bytes ( 424 bit s) , so a m axim um  speed of 832Kbps gives a m axim um  PCR of 1962 cells/ sec. This rate is not  guarant eed because it  is dependent  on t he line speed.Sust ained Cell Rat e ( SCR)  is t he m ean cell rat e of each burst y t raffic source. I t  specifies the m axim um  average rat e at  which cells can be sent over t he virt ual connect ion. SCR m ay not  be great er t han the PCR.Maxim um  Burst  Size ( MBS)  is t he m axim um  num ber of cells t hat  can be sent at  t he PCR. Aft er MBS is reached, cell rates fall below SCR unt il cell rat e averages to the SCR again. At  t his t im e, m ore cells ( up t o t he MBS)  can be sent  at  t he PCR again.I f t he PCR, SCR or MBS is set t o the default  of "0" , t he syst em  will assign a m axim um  value t hat  corr elat es t o your upst ream  line rate. The following figure illust rat es t he relationship between PCR, SCR and MBS. Figure 32   Exam ple of Traffic ShapingATM Traffic ClassesThese are the basic ATM t raffic classes defined by t he ATM Forum  Traffic Managem ent 4.0 Specificat ion. Const ant  Bit  Rat e (CBR)Const ant  Bit  Rat e ( CBR) provides fixed bandwidt h t hat is always available even if no dat a is being sent. CBR t raffic is generally t im e- sensitive ( doesn't  t olerate delay) . CBR is used for connections
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 67that cont inuously r equire a specific am ount  of bandwidt h. A PCR is specified and if t raffic exceeds this rat e, cells m ay be dropped. Exam ples of connect ions t hat need CBR would be high- resolut ion video and voice.Variable Bit Rat e ( VBR) The Variable Bit  Rat e (VBR) ATM t raffic class is used wit h bursty connect ions. Connections t hat  use the Variable Bit Rat e ( VBR) traffic class can be grouped into real tim e ( VBR- RT)  or non-real t im e ( VBR- nRT)  connect ions. The VBR- RT ( real- t im e Variable Bit  Rat e) t ype is used with bursty connect ions t hat require closely cont rolled delay and delay variat ion. I t  also provides a fixed am ount  of bandwidth ( a PCR is specified)  but is only available when dat a is being sent . An exam ple of an VBR- RT connect ion would be video conferencing. Video conferencing requires real-t im e dat a transfers and t he bandwidt h requirem ent varies in proport ion to the video im age's changing dynam ics. The VBR- nRT ( non real-t im e Variable Bit Rat e)  type is used with bursty connect ions t hat do not  require closely controlled delay and delay variat ion. I t is com m only used for  " burst y" t raffic t ypical on LANs. PCR and MBS define t he burst levels, SCR defines the m inim um  level. An exam ple of an VBR- nRT connect ion would be non-t im e sensit ive data file t ransfers.Unspecified Bit  Rat e ( UBR)The Unspecified Bit Rat e ( UBR) ATM t raffic class is for bursty dat a t ransfers. However, UBR doesn't  guarant ee any bandwidth and only deliver s t raffic w hen t he net work has spare bandwidth. An exam ple applicat ion is background file transfer.IP Address AssignmentA st atic I P is a fixed I P t hat  your I SP gives you. A dynam ic I P is not  fixed;  t he I SP assigns you a different  one each t im e. The Single User Account feature can be enabled or disabled if you have eit her  a dynam ic or st at ic I P. However t he encapsulat ion m et hod assigned influences your choices for I P address and default gateway.Introduction to VLANs A Virt ual Local Area Network ( VLAN)  allows a physical network t o be part it ioned int o m ultiple logical net works. Devices on a logical net work belong to one gr oup.  A device can belong t o m ore t han one group. Wit h VLAN, a device cannot  direct ly t alk t o or hear from  devices t hat  are not  in the sam e group( s) ;  t he t raffic m ust  first go t hrough a router.I n Multi-Tenant  Unit ( MTU) applications, VLAN is vit al in providing isolation and security am ong t he subscribers. When properly configured, VLAN prevents one subscriber from  accessing the net w ork resources of another on t he sam e LAN, t hus a user w ill not see t he print ers and hard disks of another user in t he sam e building. VLAN also increases net work perform ance by lim it ing broadcast s t o a sm aller and m ore m anageable logical broadcast  dom ain. I n t raditional swit ched environm ents, all broadcast  packets go t o each and every individual port . With VLAN, all broadcast s ar e confined t o a specific broadcast  dom ain.
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide68Introduction to IEEE 802.1Q Tagged VLAN A tagged VLAN uses an explicit  t ag ( VLAN I D)  in the MAC header to identify the VLAN m em bership of a fram e across bridges -  t hey ar e not  confined t o t he switch on which t hey were created. The VLANs can be creat ed st at ically by hand or dynam ically t hrough GVRP. The VLAN I D associat es a fram e wit h a specific VLAN and provides t he inform at ion t hat  switches need to process the fram e across t he net work. A t agged fram e is four  byt es longer t han an unt agged fram e and cont ains t wo byt es of TPI D ( Tag Prot ocol I dent ifier) , residing wit hin the type/ lengt h field of t he Ethernet  fram e)  and t wo byt es of TCI  ( Tag Control I nform ation) , st art s aft er t he source address field of t he Ethernet  fram e) . The CFI  ( Canonical Form at I ndicat or)  is a single-bit flag, always set  t o zero for Ethernet  sw itches. I f a fram e received at  an Ether net port  has a CFI  set to 1, t hen t hat fram e should not be forwarded as it  is t o an unt agged por t . The r em aining twelve bit s define t he VLAN I D, giving a possible m axim um  num ber of 4,096 VLANs. Not e that user priorit y and VLAN I D are independent  of each ot her. A fram e wit h VI D (VLAN I dent ifier)  of null (0)  is called a priority fram e, m eaning t hat only t he priorit y  level is significant and the default  VI D of t he ingress port  is given as t he VI D of t he fram e. Of the 4096 possible VI Ds, a VI D of 0 is used to identify priorit y fram es and value 4095 ( FFF) is reserved, so t he m axim um  possible VLAN configurat ions are 4,094. MulticastI P packet s are t ransm it t ed in either one of two ways - Unicast  ( 1 sender - 1 recipient)  or  Broadcast  ( 1 sender -  everybody on t he net work) . Multicast  delivers I P packet s t o a group of host s on t he net work -  not everybody and not j ust 1. I nt ernet  Group Mult icast  Prot ocol ( I GMP)  is a net w ork- layer  protocol used t o est ablish m em bership in a Mult icast  group -  it  is not  used t o carry user dat a. I GMP version 2 ( RFC 2236)  is an im provem ent over version 1 ( RFC 1112)  but I GMP version 1 is st ill in wide use. I f you would like t o read m ore det ailed inform at ion about  interoperability bet w een I GMP ver sion 2 and version 1, please see sect ions 4 and 5 of RFC 2236. The class D I P address is used t o identify host  groups and can be in the range 224.0.0.0 to 239.255.255.255. The address 224.0.0.0 is not  assigned t o any group and is used by I P m ult icast  com put ers. The address 224.0.0.1 is used for query m essages and is assigned t o t he perm anent  group of all I P host s ( including gat eways) . All host s m ust  j oin the 224.0.0.1 group in order t o part icipat e in I GMP. The address 224.0.0.2 is assigned t o t he m ult icast  rout ers group. At  st art  up, t he Device queries all direct ly connected net works t o gat her group m em bership. Aft er that, the Device periodically updat es t his inform at ion.DNS Server Address AssignmentUse Dom ain Nam e Syst em  (DNS)  to m ap a dom ain nam e t o its corr esponding I P address and vice versa, for inst ance, t he I P address of www.zyxel.com  is 204.217.0.2. The DNS server  is ext rem ely im portant because without it , you m ust  know the I P addr ess of a com put er before you can access it . The Device can get  the DNS server addresses in t he following ways.TPI D 2 Byt esUser Priority 3 Bit sCFI1 BitVLAN I D12 Bit s
 Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide 691The I SP tells you the DNS server addresses, usually in t he form  of an inform ation sheet, when you sign up. I f your I SP gives you DNS server addresses, m anually enter t hem  in the DNS server fields.2I f your I SP dynam ically assigns t he DNS server I P addresses ( along with t he Device’s WAN I P address) , set  t he DNS server  fields t o get  t he DNS server address from  t he I SP.IPv6 AddressingThe 128-bit I Pv6 address is writt en as eight  16- bit  hexadecim al blocks separat ed by colons ( : ) . This is an exam ple I Pv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.I Pv6 addresses can be abbreviat ed in two ways:• Leading zeros in a block can be om itt ed. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be writ t en as 2001:db8:1a2b:15:0:0:1a2f:0. • Any num ber of consecut ive blocks of zeros can be replaced by a double colon. A double colon can only appear once in an I Pv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be wr itt en as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015, 2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.IPv6 Prefix and Prefix LengthSim ilar t o an I Pv4 subnet  m ask, I Pv6 uses an addr ess prefix to represent t he network address. An I Pv6 prefix length specifies how m any m ost significant bits ( st art  from  the left)  in t he address com pose t he net w ork address. The prefix lengt h is writ t en as “ / x”  where x is a num ber. For exam ple, 2001:db8:1a2b:15::1a2f:0/32m eans t hat  t he first  32 bits (2001:db8)  is the subnet  prefix.
Chapter 5 BroadbandVMG8324-B10A / VMG8324-B30A Series User’s Guide70
VMG8324-B10A / VMG8324-B30A Series User’s Guide 71CHAPTER   6Wireless6.1  Overview This chapt er describes t he Device’s N e t w or k Se t t ing >  W ire le ss scr eens. Use these screens t o set up your Device’s wireless connect ion.6.1.1  What You Can Do in this ChapterThis sect ion describes t he Device’s W ir e less screens. Use t hese screens t o set  up your  Device’s wireless connection.• Use the Ge n e r a l screen to enable t he Wireless LAN, enter t he SSI D and select  t he wireless security m ode (Sect ion 6.2 on page 72) .• Use the M ore  AP screen t o set  up m ult iple wireless net works on your Device (Sect ion 6.3 on page 81) .• Use the M AC Aut hent icat ion screen t o allow or deny wireless clients based on t heir MAC addresses from  connect ing t o t he Device ( Sect ion 6.4 on page 85) .• Use the W PS screen t o enable or disable WPS, view or generate a security PI N (Personal I dent ificat ion Num ber )  ( Sect ion 6.5 on page 86) .• Use the W M M  screen to enable Wi- Fi MultiMedia ( WMM)  t o ensure qualit y of service in wireless net works for m ult im edia applicat ions (Sect ion 6.6 on page 87) . • Use the W D S screen to set  up a Wireless Dist ribut ion Syst em , in which t he Device act s as a bridge wit h other ZyXEL access point s (Sect ion 6.7 on page 88) .• Use the Ot hers screen to configure wireless advanced feat ures, such as t he RTS/ CTS Threshold (Sect ion 6.8 on page 90) .• Use the Cha nnel Sta t us screen to scan wireless LAN channel noises and view t he result s (Sect ion 6.9 on page 92) .
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide726.1.2  What You Need to KnowWireless Basics“ Wireless”  is essent ially radio com m unication. I n t he sam e way that walkie- t alkie radios send and receive inform ation over t he airwaves, w ireless net working devices exchange inform at ion w ith one another. A w ireless net working device is j ust  like a radio that let s your com put er exchange inform ation with radios att ached t o ot her com put ers. Like walkie-t alkies, m ost  wireless networking devices operat e at  radio frequency bands t hat are open t o t he public and do not  require a license t o use. However, w ireless net working is different  from  t hat of m ost  t radit ional radio com m unicat ions in that t here a num ber of wireless net working st andards available with different m ethods of dat a encrypt ion.Finding Out MoreSee Sect ion 6.10 on page 92 for advanced t echnical inform ation on wir eless net w orks.6.2  The General Screen Use t his screen to enable t he Wireless LAN, ent er t he SSI D and select t he wir eless security m ode.Note:  I f you are configur ing the Device from  a com put er connect ed to t he wireless LAN and you change t he Device’s SSI D, channel or security set t ings, you will lose your wireless connect ion when you press Apply to confirm . You m ust  then change t he wireless sett ings of your com put er t o m atch t he Device’s new sett ings.
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 73Click N e t w o rk  Set t ing >  W ir e less t o open the Ge ne r a l screen.Figure 33   Net work Set t ing >  Wireless >  General
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide74The following t able describes t he general wir eless LAN labels in t his screen.Table 15   Net work Sett ing >  Wireless >  GeneralLABEL DESCRIPTIONWireless Netw ork Set upWireless You can Ena ble  or D isa ble  the wireless LAN in this field.Band This show s t he w ir eless band w hich t his radio pr ofile is using. 2 .4 GH z is t he frequency used by  I EEE 802.11b/ g/ n wireless client s.Channel  Use Au t o to have t he Device autom at ically det erm ine a channel t o use.  m ore. ../ less Click m or e ... t o show m ore inform at ion. Click le ss t o hide t hem .Bandwidt h Select  w het her t he Device uses a wir eless channel widt h of 2 0 M H z  or 4 0 M Hz.A standard 20MHz channel offers transfer speeds of up t o 150Mbps whereas a 40MHz channel uses two st andard channels and offers speeds of up t o 300 Mbps.40MHz ( channel bonding or dual channel)  bonds t wo adj acent  radio channels t o incr ease t hroughput . The wireless client s m ust  also support  40 MHz. I t  is oft en bet t er t o use the 20 MHz set t ing in a locat ion where t he environm ent hinders t he wireless signal. Select  2 0 M H z  if you want  to lessen radio interference with other wireless devices in your neighborhood or the wireless client s do not  support channel bonding.Cont rol SidebandThis is available for som e regions when you select  a specific channel and set the Bandwidt h field t o 4 0 M Hz . Set  whether t he cont r ol channel ( set  in the Ch a nne l field)  should be in t he Low e r  or Uppe r  range of channel bands.Passphrase Ty p eI f you set  securit y for  the wir eless LAN and have the Device generat e a passw ord, the set t ing in this field determ ines how the Device generat es the password.Select  N one  t o set  t he Device’s password generat ion to not  be based on a passphrase. Select  Fixe d to use a 16 charact er passphrase for generat ing a passwor d.Select  Va r ia ble  t o use a 16 to 63 charact er passphrase for  generating a password.Passphrase Key For a fixed type passphrase ent er  16 alphanum eric characters ( 0- 9, A-Z, w it h no spaces) .  I t  m ust cont ain bot h let t ers and num bers and is case- sensit ive.For a variable t ype passphrase ent er 16 to 63 alphanum er ic charact ers ( 0- 9, A-Z, wit h no spaces) . I t  m ust cont ain both let t ers and num bers and is case- sensitive.Wireless Netw ork Set t ingsWireless Net work  Nam e ( SSI D)The SSI D ( Service Set  I Dent it y)  identifies t he service set  wit h which a wireless device is associat ed. Wireless devices associat ing t o t he access point  ( AP)  m ust  have t he sam e SSI D. Ent er a descr ipt ive nam e (up to 32 English keyboard charact ers)  for  the wir eless LAN. Max client s Specify t he m axim um  num ber of client s t hat  can connect to this net work at t he sam e t im e.Hide SSI D Select  t his check box t o hide t he SSI D in t he out going beacon fram e so a st at ion cannot  obt ain the SSI D t hr ough scanning using a site survey t ool.Enhanced Mult icast Forwarding Select this check box  t o allow t he Device t o convert  wireless m ult icast  traffic int o wireless unicast  t raffic.Maxim um  Upst ream  Bandwidt hSpecify the m axim um  rat e for upst ream  wireless t raffic to t he WAN from  this WLAN in kilobit s per second ( Kbps).Maxim um  Dow nst ream  Bandwidt hSpecify the m axim um  rat e for dow nst r eam  wireless traffic t o t his WLAN from  t he WAN in kilobit s per second ( Kbps) .BSSI D This shows the MAC address of t he wireless int erface on t he Dev ice when wireless LAN is enabled.Security Level
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 756.2.1  No SecuritySelect  N o Se curity t o allow wireless st at ions to com m unicat e with t he access points wit hout  any dat a encrypt ion or authentication.Note:  I f you do not  enable any w ireless securit y on your Dev ice, your net w ork is accessible t o any wireless networking device t hat  is within range.Figure 34   Wireless >  General:  No Securit yThe following t able describes t he labels in this screen.6.2.2  Basic (WEP Encryption)WEP encrypt ion scram bles t he data t ransm it t ed between the wireless st at ions and the access point s ( AP)  to keep net work com m unications privat e. Bot h t he wireless st ations and the access point s m ust  use the sam e WEP key.Not e:  WEP is ext rem ely insecure. I t s encryption can be broken by an at tacker, using widely-available soft ware. I t  is strongly recom m ended that you use a m ore effective securit y m echanism . Use the strongest  securit y m echanism  t hat all the wireless devices in your netw ork support . For exam ple, use WPA-PSK or WPA2- PSK if all your wireless devices support it , or use WPA or WPA2 if your wireless devices support it and you have a RADI US server. I f your wireless devices support nothing st ronger t han WEP, use t he highest  encrypt ion level available.Your Device allows you t o configure up t o four 64- bit  or 128- bit WEP keys but  only one key can be enabled at any one t im e.Security  Mode Select  Ba sic ( W EP, 8 0 2 .1 X)  or M or e  Se cur e  ( W PA( 2 ) - PSK, W PA( 2 ) )  t o add security  on this wir eless net w ork. The wireless client s which want  t o associat e t o t his net work m ust  have sam e wireless securit y set t ings as the Device. When y ou select  t o use a security, addit ional opt ions appears in t his screen. Or you can select  N o Securit y t o allow any client  t o associate this net work wit hout  any dat a encryption or aut hent icat ion.See t he follow ing sect ions for m ore details about  t his field.Apply Click Apply t o save y our changes.Cancel Click Ca ncel t o rest ore your previously saved set t ings.Table 15   Net work Sett ing >  Wireless >  General ( continued)LABEL DESCRIPTIONTable 16   Wireless >  General:  No Securit yLABEL DESCRIPTIONSecurity Level Choose N o Secu rit y t o allow all wir eless connect ions wit hout  data encrypt ion or au then t icat ion .
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide76I n order to configure and enable WEP encryption, click N e t w or k  Se t t in g >  W ir e le ss t o display t he Gene r al screen, t hen select  Ba sic as the security level.Figure 35   Wireless >  General:  Basic (WEP)  The following t able describes t he labels in this screen. 6.2.3  Basic (802.1X)Use t his scr een t o configure 802.1X encrypt ion and aut hent icat ion. Configure your RADI US server inform ation and WEP encrypt ion set t ings. Use t his security m et hod if your wireless usernam es and passwords are configur ed on a RADI US server.Table 17   Wireless >  General:  Basic ( WEP)LABEL DESCRIPTIONSecurity Level Select  Ba sic to enable WEP dat a encryption.Generat e password autom at ically Select this opt ion t o have t he Dev ice autom at ically generat e a passw ord. The password field will not  be configurable when you select  t his opt ion.Passw ord 1 ~ 4 The password ( WEP keys)  ar e used to encrypt  dat a. Both the Device and the wireless st ations m ust  use t he sam e passw ord ( WEP key) for dat a t ransm ission.I f you chose 6 4 - bit  WEP, t hen ent er  any 5 ASCII  characters or 10 hexadecim al characters ( "0-9", " A- F").I f you chose 1 2 8 - bit  WEP, t hen enter 13 ASCII  character s or  26 hexadecim al charact ers ( "0-9", " A-F"). You m ust  configure at  least one password, only one password can be act ivat ed at  any one tim e. m ore. ../ less Click m ore ... t o show m or e fields in this section. Click less t o hide t hem .WEP Encry ption Select 6 4 - b it s or 1 2 8 - b it s.This dictat es t he length of the security key t hat  the net w ork is going t o use.
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 77I n order to configure and enable WEP encryption, click N e t w or k  Se t t in g >  W ir e le ss t o display t he Gene r al screen, t hen select  Ba sic as the security level and 8 0 2 .1 X as the Security Mode .Figure 36   Wireless >  General:  Basic (802.1X)  The following t able describes t he labels in this screen.Table 18   Wireless >  General:  Basic ( 802.1X)LABEL DESCRIPTIONSecurity Level Select  Ba sic and 8 0 2 .1 X t o enable 802.1X data encr ypt ion.Generat e password autom at ically Select this opt ion t o have t he Dev ice autom at ically generat e a passw ord. The password field will not  be configurable when you select  t his opt ion.Passw ord 1 ~ 4 The password (WEP key)  is used to encrypt data. Both t he Device and t he w ireless st at ions m ust  use t he sam e password (WEP key )  for dat a t ransm ission.I f you chose 6 4 - bit  WEP, t hen ent er  any 5 ASCII  characters or 10 hexadecim al characters ( "0-9", " A- F").I f you chose 1 2 8 - bit  WEP, t hen enter 13 ASCII  character s or  26 hexadecim al charact ers ( "0-9", " A-F"). You m ust  configure at  least one password, only one password can be act ivat ed at  any one tim e. m ore. ../ less Click m ore ... t o show m or e fields in this section. Click less t o hide t hem .WEP Encry ption Select 6 4 - b it s or 1 2 8 - b it s.This dictat es t he length of the security key t hat  the net w ork is going t o use.I P Address Enter t he I P address of an external RADI US server in dotted decim al notation.
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide78Port  Num ber The default port  of a RADI US server for authent icat ion is 1812. You need not  change t his value unless your net work adm inist rator instruct s you t o do so.Shared Secret Specify a password ( up to 32 alphanum eric charact ers)  as the key to be shared bet ween t he ext ernal RADI US server and t he Device. This key is not  sent  over the networ k. This key m ust be t he sam e on t he ext er nal RADI US ser ver and t he Device.Table 18   Wireless >  General:  Basic ( 802.1X)  ( cont inued)LABEL DESCRIPTION
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 796.2.4  More Secure (WPA(2)-PSK)The WPA- PSK security m ode provides bot h im proved data encryption and user aut hent icat ion over WEP. Using a Pre- Shared Key ( PSK), bot h t he Device and t he connecting client share a com m on password in order to validate t he connect ion. This t ype of encryption, while r obust , is not  as st rong as WPA,  WPA2  or  ev en  WPA2 - PSK. Th e WPA2 - PSK secur it y  m ode is a n ew er,  m or e r obust  ver sion  of  the WPA encryption st andard. I t offers slightly bett er security, alt hough the use of PSK m akes it  less robust  than it  could be. Click N et w ork  Se t t ing >  W ireless t o display t he Ge ne r a l screen. Select  M or e Secure as t he security level. Then select W PA- PSK or W PA2 - PSK from  t he Se cu r ity M ode list .Figure 37   Wireless >  General:  More Secure:  WPA( 2) - PSKThe following t able describes t he labels in this screen.Table 19   Wireless >  General:  Mor e Secure:  WPA( 2) - PSKLABEL DESCRIPTIONSecurity Level Select  M ore Secu r e to enable WPA( 2) - PSK data encrypt ion.Security  Mode Select  W PA- PSK or W PA2 - PSK from  t he drop- down list  box.Generat e password autom at ically Select  t his option t o have t he Device autom at ically generate a password. The passwor d field will not be configurable when you select  this opt ion.Passw ord  The encryption m echanism s used for WPA( 2)  and WPA( 2)- PSK are t he sam e. The only differ ence bet ween t he two is t hat  WPA( 2) - PSK uses a sim ple com m on passwor d, instead of user- specific credent ials.I f you did not  select  Gene rat e passw or d a ut om a t ically, you can m anually type a pre-shared key from  8 t o 64 case- sensit ive keyboard charact ers.m ore. ../ less Click m ore ... t o show  m ore fields in t his sect ion. Click le ss t o hide t hem .WPA-PSK Com pat ibleThis field appears when you choose W PA- PSK2  as the Secu rit y  Mode .Check this field to allow wireless devices using W PA- PSK securit y m ode t o connect  t o your Device. The Device support s WPA- PSK and WPA2- PSK sim ultaneously.
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide806.2.5  WPA(2) AuthenticationThe WPA2 securit y m ode is current ly the m ost  robust  form  of encrypt ion for wireless net works. I t  requires a RADI US server t o aut hent icat e user credent ials and is a full im plem ent at ion t he securit y protocol. Use t his securit y opt ion for m axim um  prot ection of your net w ork. However, it is t he least  backwards com pat ible with older devices.The WPA securit y  m ode is a securit y  subset  of WPA2. I t requires the presence of a RADI US server on your net work in order t o validat e user credentials. This encrypt ion standard is slight ly older t han WPA2 and t herefore is m ore com pat ible wit h older devices.Click N et w ork  Se t t ing >  W ireless t o display t he Ge ne r a l screen. Select  M or e Secure as t he security level. Then select W PA or  W PA2  from  the Secur it y Mode list.Figure 38   Wireless >  General:  More Secure:  WPA( 2)The following t able describes t he labels in this screen.Encrypt ion Select  t he encrypt ion type ( TKI P, AES or TKI P+ AES)  for dat a encryption.Select  TKI P if your wireless clients can all use TKI P.Select  AES if your wireless client s can all use AES.Select  TKI P+ AES t o allow the wireless clients t o use either TKI P or AES.Group Key Update Tim erThe Gr oup Key Upda t e  Tim er is t he rate at  which t he RADI US server sends a new group key out  t o all client s. Table 19   Wireless >  General:  More Secure:  WPA( 2) - PSK ( continued)LABEL DESCRIPTIONTable 20   Wireless >  General:  Mor e Secure:  WPA( 2)LABEL DESCRIPTIONSecurity Level Select  Mor e  Secu r e  t o enable WPA( 2) - PSK data encrypt ion.Security  Mode Choose W PA or W PA2  from  t he drop- dow n list  box.
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 816.3  The More AP ScreenThis screen allows you t o enable and configur e m ult iple Basic Service Sets ( BSSs) on t he Device.Click N et w or k  Set t ing >  W ireless >  M or e AP. The following screen displays.Figure 39   Net work Set t ing >  Wireless >  More APAut henticat ion ServerI P Address Enter t he I P address of t he external aut hent icat ion server in dot t ed decim al not ation.Por t  Nu m berEnt er t he port num ber of t he ext ernal aut hentication server. The default  port  num ber is 1 8 1 2 . You need not  change this value unless your net work adm inistrat or  inst ruct s you t o do so with addit ional inform at ion. Shared SecretEnt er a passw ord ( up t o 31 alphanum eric charact ers)  as the key t o be shared bet w een t he ext ernal authent icat ion server and t he Device.The key m ust  be t he sam e on t he ext ernal aut hent ication server and your  Device. The key is not  sent  over t he network. m ore. ../ less Click m or e... t o show m ore fields in t his sect ion. Click less t o hide t hem .WPA Com pat ibleThis field is only available for WPA2. Select this if you want  t he Dev ice t o support WPA and WPA2 sim ult aneously.Encrypt ion Select  t he encrypt ion t ype ( TKI P, AES or  TKI P+ AES)  for data encryption.Select TKI P if your wireless client s can all use TKI P.Select AES if your wir eless client s can all use AES.Select TKI P+ AES t o allow t he w ireless client s to use eit her TKI P or  AES.WPA2 Pre-Au t hen t icat ionThis field is available only when you select  W PA2 .Pre-aut hent icat ion enables fast  roam ing by allowing t he wireless client  ( already connect ing to an AP)  t o perform  I EEE 802.1x  aut hentication wit h another  AP before connect ing t o it. Select Ena ble d t o t urn on preauthentication in WAP2. Ot her wise, select Disa bled.Net work Re-aut h I ntervalSpecify how oft en wir eless st ations have t o resend usernam es and passwor ds in order t o st ay connect ed.I f w ireless st at ion aut hent icat ion is done using a RADI US server, t he reaut hent ication t im er on t he RADI US server  has priority.Group Key Update Tim erThe Group Ke y  U pda t e  Tim e r is t he rat e at  which t he RADI US server  sends a new group key out  t o all client s. Table 20   Wireless >  General:  Mor e Secure:  WPA(2)  ( cont inued)LABEL DESCRIPTION
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide82The following t able describes t he labels in this screen.Table 21   Net work Set t ing >  Wireless >  More APLABEL DESCRIPTION# This is the index num ber of the ent ry. St atus This field indicat es whether t his SSI D is act ive. A yellow bulb signifies t hat t his SSI D is active. A gray bulb signifies t hat t his SSI D is not  act ive.SSI D An SSI D profile is t he set  of param et er s relat ing to one of t he Device’s BSSs. The SSI D ( Service Set  I Dent ifier)  ident ifies the Serv ice Set  wit h which a wireless device is associat ed. This field displays the nam e of t he wireless profile on t he net work . When a wireless client  scans for an AP to associate wit h, this is t he nam e t hat is broadcast and seen in t he wireless client  ut ilit y.Securit y This field indicat es t he secur it y m ode of t he SSI D profile.Guest WLAN This displays if t he guest  WLAN funct ion has been enabled for t his WLAN.I f H om e  Gue st  displays, client s can connect  t o each other dir ectly.I f Extern a l Gu est  displays, client s are blocked from  connecting to each ot her  directly.N / A displays if guest  WLAN is disabled.Modify Click the Edit  icon t o configure t he SSI D profile.
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 836.3.1  Edit More AP Use t his screen t o edit an SSI D profile. Click t he Edit  icon next  t o an SSI D in t he M or e  AP screen. The following screen displays.Figure 40   Net work Set t ing >  Wireless >  More AP >  EditThe following t able describes t he fields in this screen.Table 22   Net work Sett ing >  Wireless >  More AP >  EditLABEL DESCRIPTIONWireless Netw ork Set upWireless You can En a ble or Disa ble  t he wireless LAN in t his field.Passphrase Ty p ePassphrase type cannot  be changed. The default  is N on e.Wireless Netw ork Set t ings
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide84Wireless Net work  Nam e ( SSI D)The SSI D (Ser vice Set  I Dent it y)  identifies t he service set  with which a wireless device is associat ed. Wir eless devices associat ing t o t he access point (AP)  m ust  hav e t he sam e SSI D. Ent er a descriptive nam e (up t o 32 English keyboar d characters)  for t he w ireless LAN. Max client s Specify t he m axim um  num ber of clients t hat can connect  t o t his net w ork at  t he sam e t im e.Hide SSI D Select  t his check box t o hide the SSI D in the outgoing beacon fram e so a station cannot obtain the SSI D through scanning using a sit e survey t ool.Enhanced Mult icast Forwarding Select  t his check box to allow  the Dev ice t o convert  wireless m ult icast traffic int o wireless unicast  t raffic.Guest WLAN Select  t his to cr eat e Guest WLANs for hom e and external clients. Select the WLAN type in the Acce ss Sce na r io field.Access ScenarioI f you select  H om e  Gu e st , client s can connect  t o each ot her direct ly.I f you select  Ex t e r nal Guest , client s are blocked from  connect ing t o each ot her directly.Maxim um  Upst ream  Bandwidt hSpecify  the m ax im um  rat e for upst ream  wireless traffic t o t he WAN from  t his WLAN in kilobit s per second ( Kbps).Maxim um  Dow nst ream  Bandwidt hSpecify  the m ax im um  rat e for dow nst r eam  wireless traffic t o t his WLAN from  t he WAN in kilobit s per second ( Kbps).BSSI D This shows t he MAC address of t he wireless interface on t he Dev ice when wireless LAN is enabled.E- m ail not ificat ion when the wireless guest  visitEnable Em ail NotificationSelect  t his t o have t he Dev ice e- m ail you a not ificat ion when a w ireless client is connected to t he wireless net work.Mail Ser ver Select  a m ail server for the e-m ail address specified below. I f you do not  select  a m ail ser ver, e- m ail notificat ions cannot  be sent  via e- m ail. You m ust  have configur ed a m ail server  already in t he Maint ena n ce > Em ail N ot ifica t ion screen.Em ail Tit le Type a tit le t hat  you want  t o be in the subj ect  line of t he e-m ail not ifications t hat  t he Device sends.Send Notification t o Em ailNotificat ions are sent  t o t he e- m ail address specified in t his field. I f t his field is left  blank, notificat ions cannot be sent  via e-m ail. Security LevelSecurity  Mode Select  Basic ( W EP, 8 0 2 .1 X )  or More  Se cur e  ( W PA( 2 ) - PSK, W PA( 2 ) )  t o add securit y on t his wireless net w ork. The wireless client s which want to associate t o t his net work m ust  have sam e wireless security set t ings as the Device. Aft er you select  t o use a security, additional options appears in t his screen.  Or you can select N o Securit y t o allow any client  t o associat e t his netw or k wit hout any data encr ypt ion or  aut hent ication.See Sect ion 6.2.1 on page 75 for m ore det ails about  t his field.Apply Click Apply t o save your changes.Cancel Click Ca ncel t o exit  t his screen wit hout  saving.Table 22   Net work Sett ing >  Wireless >  More AP >  Edit ( cont inued)LABEL DESCRIPTION
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 856.4  MAC Authentication This screen allows you t o configure the ZyXEL Device t o give exclusive access to specific devices ( Allow )  or exclude specific devices from  accessing the ZyXEL Device ( Deny) . Every Ethernet  device has a unique MAC ( Media Access Control)  address. The MAC address is assigned at  t he fact ory and consist s of six pairs of hexadecim al charact ers, for exam ple, 00: A0: C5: 00: 00: 02. You need t o know the MAC addresses of the devices to configure this screen.Use t his screen t o view your Device’s MAC filt er set t ings and add new  MAC filt er rules. Click N e t w ork Se t t ing >  W ir e less >  M AC Aut he n t ica t ion . The screen appears as shown.Figure 41   Wireless >  MAC AuthenticationThe following t able describes t he labels in this screen.Table 23   Wireless >  MAC Aut hent icat ionLABEL DESCRIPTIONSSI D Select  the SSI D for which you want  t o configure MAC filter set t ings.MAC Restrict Mode Define t he filter action for  t he list  of MAC addresses in the MAC Addr ess table. Select  Disa ble t o turn off MAC filtering.Select  De n y t o block access t o t he Dev ice. MAC addresses not  list ed will be allow ed to access t he Device. Select  Allow  t o perm it  access t o t he Device. MAC addresses not  listed will be denied access to the Device. Add new MAC addressClick t his if you want to add a new  MAC address ent ry  to t he MAC filter list below.Ent er t he MAC addresses of t he w ireless devices t hat  are allowed or denied access to t he Device in t hese address fields. Ent er the MAC addr esses in a valid MAC address form at , t hat is, six hexadecim al character pairs, for ex am ple, 12: 34: 56: 78: 9a: bc.#This is t he index num ber of t he ent ry.MAC Address This is t he MAC addresses of t he wireless devices that  are allowed or denied access to t he Device.Delet e Click t he D e le t e  icon t o delet e t he entry.Apply Click Apply  to save your changes.Cancel Click Ca n cel t o exit  this screen wit hout  saving.
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide866.5  The WPS ScreenUse t his screen to configure WiFi Protect ed Set up ( WPS)  on your Device.WPS allows you to quickly set  up a wireless network wit h st rong securit y, without  having t o configure security set t ings m anually. Set  up each WPS connect ion between two devices. Both devices m ust support  WPS. See Sect ion 6.10.9.3 on page 101 for m ore inform at ion about  WPS.Not e:  The Device applies the security set t ings of t he SSI D1  profile ( see Section 6.2 on page 72) . I f you want  to use t he WPS feat ure, m ake sure you have set  t he securit y m ode of SSI D1  t o W PA2 - PSK or N o Secur it y.Click N e t w ork  Se t t ing >  W ireless >  W PS. The following scr een displays. Select  Ena ble and click Apply t o activat e the WPS funct ion. Then you can configure the WPS set t ings in t his screen. Figure 42   Net work Set t ing >  Wireless >  WPSThe following t able describes t he labels in this screen.Table 24   Net work Sett ing >  Wireless >  WPSLABEL DESCRIPTIONWPS Select Enable  t o activat e WPS on t he Device.Met hod 1 Use this sect ion to set  up a WPS wireless net w ork using Push But ton Configurat ion ( PBC).Connect Click t his button t o add anot her WPS- enabled wireless device ( wit hin wireless range of t he Device)  t o your wireless net work. This but t on m ay eit her be a physical but t on on t he out side of device, or a m enu button sim ilar t o t he Conne ct  but t on on this screen.Note: You must press the other wireless device’s WPS button within two minutes of pressing this button.Met hod 2 Use t his sect ion to set  up a WPS wireless net w ork by entering the PI N of the client  int o t he Device.
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 876.6  The WMM ScreenUse t his scr een t o enable Wi- Fi Mult iMedia ( WMM)  and WMM Power Save in wireless net works for m ultim edia applicat ions.Click N et w or k  Set t ing >  W ireless >  W MM . The following screen displays.Figure 43   Net work Set t ing >  Wireless >  WMMThe following t able describes t he labels in this screen.Regist er Enter t he PI N of the device t hat  you are setting up a WPS connection w it h and click Re gist e r t o authent icat e and add the w ireless device t o your wireless net w ork.You can find t he PI N eit her on the out side of t he device, or by checking t he device’s set t ings.Note: You must also activate WPS on that device within two minutes to have it present its PIN to the Device.Met hod 3 Use this sect ion to set  up a WPS wireless net work  by entering t he PI N of t he Device int o t he client.Release Configurat ionThe default  WPS st at us is configured.Click t his but t on t o rem ove all configur ed wireless and wir eless security  set t ings for WPS connect ions on t he Device.Generat e New PI N Nu m berThe PI N ( Personal I dent ificat ion Num ber )  of the Device is shown here.  Ent er this PI N in the configurat ion ut ilit y  of t he device you want to connect  t o using WPS.The PI N is not  necessar y when you use WPS push- but t on m ethod.Click the Gen era t e N e w  PI N  N um be r  but t on to have t he Device create a new PI N. Apply Click Apply t o save your  changes.Cancel Click Cance l to rest or e your pr eviously saved set t ings.Table 24   Net work Sett ing >  Wireless >  WPS ( continued)LABEL DESCRIPTIONTable 25   Net work Sett ing >  Wireless >  WMMLABEL DESCRIPTIONWMM Select On  t o have t he Device aut om at ically give a ser vice a priority  level according to t he ToS value in t he I P header of pack et s it  sends. WMM QoS ( Wifi MultiMedia Qualit y of Serv ice)  gives high pr iorit y  to voice and video, which m akes t hem  run m ore sm oot hly.WMM Aut om at ic Pow er  Save DeliverySelect this opt ion to ext end the bat t ery life of your m obile devices ( especially useful for sm all devices t hat  are r unning m ultim edia applications) . The Device goes to sleep m ode t o sav e power when it  is not t ransm itting dat a. The AP buffers the packet s sent t o t he Device unt il t he Device "wakes up". The Device wakes up periodically t o check for incom ing data.Note: Note: This works only if the wireless device to which the Device is connected also supports this feature.
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide886.7  The WDS ScreenAn AP using t he Wireless Dist ribut ion Syst em  ( WDS)  can function as a wireless net work bridge allowing you t o wirelessly connect t wo wir ed network segm ent s. The W DS screen allows you t o configure the Device t o connect t o t w o or m ore APs wirelessly when WDS is enabled. Use t his screen to set up your  WDS ( Wireless Dist ribution System ) links bet ween t he Device and ot her wireless APs. You need to know the MAC address of t he peer  device. Once the security sett ings of peer sides m at ch one anot her, t he connect ion bet ween devices is m ade. Note:  WDS security is independent  of t he securit y set t ings between t he Device and any wireless client s.Not e:  At t he t im e of writ ing, WDS is com pat ible with ot her ZyXEL APs only. Not all m odels support WDS links. Check your other AP’s docum ent ation.Click N et w or k  Set t ing >  W ireless >  W DS. The following screen displays.Figure 44   Net work Set t ing >  Wireless >  WDSApply Click Apply t o save your  changes.Cancel Click Ca n cel t o restore your prev iously saved sett ings.Table 25   Net work Set t ing >  Wireless >  WMM ( cont inued)LABEL DESCRIPTION
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 89The following t able describes t he labels in this screen.6.7.1  WDS ScanYou can click t he Sca n  icon in W ireless >  W DS t o have t he Device aut om atically search and display t he available APs wit hin range. Select  an AP and click  Apply t o have the Device est ablish a wireless link with t he selected wireless device. Figure 45   WDS:  ScanTable 26   Net work Sett ing >  Wireless >  WDSLABEL DESCRIPTIONWireless Bridge SetupAP Mode Select  t he operating m ode for your Dev ice.•Acce ss Poin t   -  The Dev ice funct ions as a bridge and access point sim ultaneously. •W ir e less Br idge  -  The Device act s as a wireless net w ork bridge and est ablishes wireless links with ot her APs. I n t his m ode, client s cannot  connect to t he Device wirelessly.Bridge Rest rict This field is available only when you set operat ing m ode t o Acce ss Poin t .Select Ena bled to t urn on WDS and ent er t he peer device’s MAC address m anually in the table below. Select  D isable t o t ur n off WDS.Rem ote Bridge MAC AddressYou can ent er t he MAC address of t he peer device by clicking the Edit  icon under M odify. # This is the index num ber of t he entry.MAC Address This shows the MAC address of t he peer device. You can connect  t o up t o 4 peer  devices.Modify Click t he Edit icon and type the MAC address of the peer  device in a valid MAC address form at  ( six hexadecim al charact er pair s, for  exam ple 12: 34: 56: 78: 9a: bc).Click the D e let e icon t o rem ove this ent r y.Scan Click t he Sca n  icon t o search and display  the available APs wit hin range.Apply Click Apply t o save your  changes.Cancel Click Ca n cel t o restore your prev iously saved sett ings.
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide90The following t able describes t he labels in this screen.6.8  The Others ScreenUse t his screen t o configure advanced wireless set t ings. Click N e t w or k Se t t ing >  W ireless >  Ot h er s. The screen appears as shown.See Sect ion 6.10.2 on page 94 for detailed definit ions of t he term s listed in t his scr een.Figure 46   Net work Set t ing >  Wireless >  Ot hersThe following t able describes t he labels in this screen. Table 27   WDS:  ScanLABEL DESCRIPTIONWireless Bridge Scan SetupRefresh Click Refr esh  t o updat e t he t able. # This is t he index  num ber of the ent ry.SSI D This shows t he SSI D of t he available wir eless dev ice wit hin range.BSSI D This show s t he MAC address of t he available wireless device wit hin range.Apply Click Apply t o save your  changes.Cancel Click Cancel t o r est ore your previously saved set t ings.Table 28   Net work Set t ing >  Wireless >  Other sLABEL DESCRIPTIONRTS/ CTS ThresholdDat a wit h it s fram e size larger t han t his value will perform  t he RTS ( Request  To Send) / CTS ( Clear To Send)  handshake. Enter a value bet ween 0 and 2347. Fragm ent ation ThresholdThis is the m ax im um  data fragm ent  size that can be sent. Enter a value bet ween 256 and 2346. Aut o Channel Tim erI f you set t he channel to Au t o in the N e t w ork Set t ing >  W irele ss >  Ge n e r a l screen, specify the int erval in m inutes for how  oft en t he Device scans for t he best  channel. Enter 0 to disable the periodical scan.
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 91Output  Power Set  t he output  pow er of t he Device.  I f t her e is a high densit y of APs in an area, decrease the output  power to reduce int er ference with ot her APs. Select  one of t he follow ing:  2 0 % , 4 0 % , 6 0 % , 8 0 %  or 1 0 0 % . Beacon I nt erval When a wirelessly net worked dev ice sends a beacon, it  includes w it h it  a beacon int erval. This specifies the tim e period before t he device sends t he beacon again.The interval t ells receiv ing devices on t he net work how long t hey can w ait in low pow er m ode befor e waking up t o handle t he beacon. This value can be set from  50m s to 1000m s. A high value helps save current  consum ption of t he access point .DTI M I n t er val Delivery Traffic I ndication Message ( DTI M) is t he t im e period after which broadcast  and m ulticast  packet s are t ransm it t ed t o m obile clients in t he Power Saving m ode. A high DTI M value can cause clients t o lose connect iv it y wit h t he net work. This value can be set  from  1 to 255.802.11 Mode Select  8 0 2 .1 1 b Only t o allow only  I EEE 802.11b com pliant  WLAN devices t o associat e w it h the Dev ice.Select  8 0 2 .1 1 g Only t o allow only I EEE 802.11g com pliant  WLAN devices t o associat e wit h the Dev ice.Select  8 0 2 .1 1 n Only to allow only I EEE 802.11n com pliant  WLAN devices t o associat e w it h the Dev ice.Select  8 0 2 .1 1 b/ g M ix ed t o allow  eit her  I EEE 802.11b or I EEE 802.11g com pliant  WLAN devices t o associat e w it h t he Device.  The t ransm ission rat e of y our Device m ight  be reduced.Select  8 0 2 .1 1 b/ g/ n M ixed to allow I EEE 802.11b, I EEE 802.11g or I EEE802.11n com pliant  WLAN devices to associat e wit h the Device. The t ransm ission rate of your Dev ice m ight be reduced.802.11 Prot ect ionEnabling t his feat ure can help pr event collisions in m ixed-m ode networks ( net w or ks with both I EEE 802.11b and I EEE 802.11g t raffic) .Select  Aut o t o have t he w ireless devices t ransm it data aft er a RTS/ CTS handshake. This helps im prove I EEE 802.11g perform ance.Select  Off t o disable 802.11 prot ect ion. The transm ission rate of your Device m ight  be reduced in a m ixed- m ode net work .This field displays Off and is not  configurable when you set  8 0 2 .1 1  M ode  t o 8 0 2 .1 1 b Only.Pr eam ble Select  a pream ble t ype fr om  t he drop-down list box. Choices ar e Lon g or Sh or t . See Sect ion 6.10.7 on page 98 for  m ore inform at ion.This field is configurable only when you set  802.11 Mode t o 8 0 2 .1 1 b.Apply Click Apply t o save your changes.Cancel Click Cancel t o rest ore your previously saved set t ings.Table 28   Net work Set t ing >  Wireless >  Other s ( cont inued)LABEL DESCRIPTION
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide926.9  The Channel Status ScreenUse t he Cha nnel Sta t us screen to scan wireless LAN channel noises and view the results. Click N e t w ork Se t t ing >  W ire le ss >  Channel St a t us. The screen appears as shown. Click Sca n t o scan the w ireless LAN channels. You can view t he results in the Ch a nnel Sca n Result  sect ion.Figure 47   Net work Sett ing >  Wireless >  Channel St atus6.10  Technical ReferenceThis sect ion discusses wireless LANs in dept h. For m ore inform at ion, see Appendix E on page 375.6.10.1  Wireless Network OverviewWireless net works consist  of wireless clients, access point s and bridges. • A wireless client is a radio connect ed to a user ’s com put er. • An access point  is a radio wit h a wired connect ion to a net work, which can connect wit h num erous w ireless client s and let t hem  access t he net w ork. • A bridge is a radio t hat  relays com m unicat ions bet ween access point s and wireless client s, extending a net w ork’s range. Tradit ionally, a wireless network operat es in one of two ways.
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 93• An “ infrast ruct ure”  type of net work has one or m ore access points and one or m ore w ireless clients. The wireless client s connect t o the access point s.• An “ ad-hoc”  t ype of net work is one in which there is no access point. Wireless client s connect  t o one another in order  t o exchange inform ation.The following figure provides an exam ple of a wir eless net w ork.Figure 48   Exam ple of a Wireless NetworkThe wireless network is t he part in t he blue circle. I n t his wireless network, devices A and B use t he access point  (AP) t o int eract  wit h t he ot her  devices ( such as the print er)  or with t he I nt er net. Your Device is t he AP.Every wireless net work m ust  follow these basic guidelines.• Every device in the sam e wireless net work m ust  use t he sam e SSI D.The SSI D is t he nam e of t he wir eless net w ork. I t  st ands for Service Set  I Dent ifier.• I f t w o wireless networks overlap, t hey should use a different  channel.Like radio st at ions or t elevision channels, each wireless network uses a specific channel, or frequency, to send and receive inform at ion.• Every device in the sam e wireless net work m ust  use securit y com pat ible wit h the AP.Securit y st ops unaut hor ized devices from  using the wireless net work. I t can also protect  t he inform ation t hat is sent  in t he wireless net work.Radio ChannelsI n t he radio spectrum , t here are cert ain frequency bands allocat ed for unlicensed, civilian use. For the purposes of w ireless networking, t hese bands are divided into num erous channels. This allows a
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide94variety of networks t o exist  in the sam e place wit hout int erfering wit h one anot her. When you create a net work, you m ust  select  a channel t o use. Since t he available unlicensed spect rum  varies fr om  one country t o another, t he num ber of available channels also varies. 6.10.2  Additional Wireless TermsThe following t able describes som e wireless net w ork t erm s and acronym s used in the Device’s Web Configurat or.6.10.3  Wireless Security OverviewBy t heir  nat ure, radio com m unicat ions are sim ple to int ercept. For wireless dat a net w orks, t his m eans t hat  anyone wit hin range of a wireless net wor k wit hout securit y  can not  only read t he dat a passing over t he airwaves, but  also j oin the net w ork. Once an unauthorized person has access t o the net w ork, he or she can steal inform at ion or int roduce m alware ( m alicious soft ware) int ended t o com prom ise the net work. For these reasons, a variet y of security syst em s have been developed to ensure t hat  only aut horized people can use a w ireless data net work, or underst and t he dat a carried on it .These securit y st andards do two things. First , t hey authenticate. This m eans t hat only people presenting t he right credent ials (often a usernam e and password, or  a “ key”  phrase)  can access the net work. Second, t hey encrypt. This m eans t hat  the inform ation sent over t he air  is encoded. Only people with t he code key can underst and t he infor m at ion, and only people w ho have been aut hent icat ed are given t he code key.These securit y st andards vary in effect iveness. Som e can be broken, such as t he old Wired Equivalent Protocol ( WEP). Using WEP is bett er t han using no securit y at  all, but  it  will not  keep a det erm ined at t acker  out . Ot her securit y  st andards are secure in t hem selves but  can be broken if a user does not  use t hem  properly. For exam ple, the WPA- PSK security st andard is very secure if you use a long key which is difficult for an at tacker’s software t o guess -  for exam ple, a t went y- let ter  long string of apparent ly random  num bers and lett er s -  but  it is not very secure if you use a short  key which is very easy to guess -  for exam ple, a three- lett er word from  t he dict ionary.Table 29   Addit ional Wireless Term sTERM DESCRIPTIONRTS/ CTS Threshold I n a wireless net work which covers a large area, wireless devices are som et im es not  aware of each ot her ’s presence. This m ay cause t hem  to send inform ation to the AP at  t he sam e t im e and result  in inform ation colliding and not  getting through.By set ting this value lower t han t he default  value, t he wireless devices m ust  som etim es get perm ission t o send inform at ion to the Device. The lower  the value, the m ore often the devices m ust  get per m ission.I f t his value is greater than t he fragm entat ion t hreshold value (see below), then wireless devices never  have t o get  perm ission t o send inform at ion t o t he Device.Pream ble A pream ble affect s t he t im ing in your wireless net work. There are t w o pream ble m odes:  long and short. I f a device uses a different  pream ble m ode t han the Device does, it cannot  com m unicat e wit h the Device.Aut hent ication The process of verifying whether a wireless device is allowed t o use t he wireless net work.Fragm ent ation ThresholdA sm all fragm entat ion thr eshold is recom m ended for busy net works, while a larger threshold provides fast er perform ance if t he net work is not  ver y busy.
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 95Because of t he dam age t hat  can be done by a m alicious att acker, it ’s not  j ust  people who have sensitive inform ation on t heir network who should use security. Everybody w ho uses any wireless net work should ensure t hat  effective securit y is in place.A good way to com e up w ith effect ive security keys, passwords and so on is t o use obscure inform ation t hat  you personally will easily rem em ber, and to ent er it  in a way t hat appears random  and does not  include real words. For exam ple, if your m ot her  owns a 1970 Dodge Challenger and her favorit e m ovie is Vanishing Point ( which you know was m ade in 1971)  you could use “ 70dodchal71vanpoi”  as your securit y key.The following sections introduce different t ypes of wireless securit y you can set up in t he wireless net work.6.10.3.1  SSIDNorm ally, t he Device act s like a beacon and regularly broadcast s t he SSI D in the area. You can hide the SSI D inst ead, in which case t he Device does not  broadcast  t he SSI D. I n addit ion, you should change t he default  SSI D to som et hing t hat is difficult  t o guess.This t y pe of security is fairly weak, however, because ther e are ways for unaut hor ized wireless devices t o get  the SSI D. I n addit ion, unauthorized w ireless devices can still see t he inform at ion t hat is sent  in the wireless net work.6.10.3.2  MAC Address FilterEvery device t hat  can use a wir eless net work has a unique identificat ion num ber, called a MAC address.1 A MAC address is usually writt en using t welve hexadecim al charact ers2;  for exam ple, 00A0C5000002 or 00: A0: C5: 00: 00: 02. To get  t he MAC address for each device in t he wireless net work, see the device’s User’s Guide or other  docum ent at ion.You can use t he MAC addr ess filt er t o tell t he Device w hich devices are allow ed or not  allowed t o use t he wireless net work. I f a device is allowed t o use t he wireless net work, it  st ill has t o have the corr ect  inform ation ( SSI D, channel, and security). I f a device is not allowed t o use t he w ireless net work, it  does not  m at t er if it has t he correct  inform at ion.This t y pe of security does not prot ect  t he inform at ion that is sent  in t he wireless net work. Furtherm ore, t here are ways for unaut horized wireless devices t o get  t he MAC address of an aut horized device. Then, t hey can use t hat MAC address t o use t he wireless net work.6.10.3.3  User AuthenticationAut hent icat ion is the process of verifying whet her a wireless device is allowed to use t he wireless net work. You can m ake every user log in t o the w ireless net work before using it . However, every device in t he wireless network has t o support  I EEE 802.1x t o do t his.For  wireless net works, you can store the user nam es and passw ords for each user in a RADI US server. This is a server used in businesses m ore t han in hom es. I f you do not have a RADI US server, you cannot  set  up user nam es and passwords for your users.Unauthorized wireless devices can st ill see the inform at ion t hat  is sent  in the wireless network, even if t hey cannot  use the wireless net work. Furtherm ore, there are ways for unaut horized 1. Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses.2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide96wireless users t o get a valid user nam e and password. Then, t hey can use that user nam e and password t o use the wireless net work.6.10.3.4  EncryptionWireless net works can use encryption t o prot ect t he inform ation t hat  is sent  in t he wireless net work. Encrypt ion is like a secret code. I f you do not  know t he secret  code, you cannot  underst and the m essage.The t ypes of encryption you can choose depend on the type of aut hent ication. ( See Sect ion 6.10.3.3 on page 95 for inform at ion about  this.)For  exam ple, if the wireless network has a RADI US server, you can choose W PA or W PA2 . I f users do not  log in t o t he wir eless net work, you can choose no encr yption, Sta t ic W EP, W PA- PSK, or W PA2 - PSK.Usually, you should set  up t he st rongest  encryption t hat  every device in t he w ireless net work supports. For exam ple, suppose you have a wireless net work with t he Device and you do not have a RADI US server. Therefore, t here is no aut hent ication. Suppose t he wireless network has t wo devices. Device A only support s WEP, and device B support s WEP and WPA. Ther efore, you should set up St a t ic W EP in t he wireless net work.Not e:  I t is recom m ended that  wireless net works use W PA- PSK, W PA, or st ronger encrypt ion. The ot her types of encrypt ion are bet t er than none at  all, but it is st ill possible for unaut horized wireless devices t o figure out the original inform ation pret t y quickly.When you select  W PA2  or W PA2 - PSK in your Device, you can also select  an option (W PA com pat ible )  t o support  WPA as well. I n t his case, if som e of t he devices support  WPA and som e support WPA2, you should set  up W PA2 - PSK or W PA2  ( depending on the t ype of w ireless net work login)  and select  the W PA com pa t ible opt ion in t he Device.Many t ypes of encrypt ion use a key t o prot ect  the inform at ion in t he wireless net work. The longer the key, t he st ronger the encrypt ion. Every device in t he wireless net work m ust have t he sam e key.6.10.4  Signal ProblemsBecause wireless networks are radio networks, t heir  signals are subj ect  t o lim it at ions of dist ance, int erference and absorpt ion.Problem s with dist ance occur when t he two radios are t oo far apart . Problem s w ith int erference occur w hen ot her radio waves interrupt  t he dat a signal. I nt erference m ay com e from  other radio transm issions, such as m ilitary or air t raffic cont rol com m unicat ions, or from  m achines that are Table 30   Types of Encr ypt ion for Each Type of Aut henticationNO AUTHENTICATION RADIUS SERVERW ea k est No Secur it y WPASt at ic WEPWPA- PSKSt r on g est WPA2 - PSK WPA2
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 97coincident al em it t ers such as elect ric m ot ors or m icrowaves. Problem s wit h absorption occur when physical obj ect s ( such as thick walls)  are bet ween t he two radios, m uffling t he signal.6.10.5  BSSA Basic Service Set  ( BSS)  exist s when all com m unicat ions bet ween wireless st at ions or bet ween a wireless st ation and a wired net work client  go t hrough one access point  ( AP) . I nt ra- BSS t raffic is t raffic bet ween wireless st at ions in t he BSS. When I nt ra- BSS t raffic blocking is disabled, wireless stat ion A and B can access t he wired network and com m unicat e wit h each ot her. When I nt ra-BSS t raffic blocking is enabled, wireless st at ion A and B can st ill access the wired net work but cannot  com m unicate with each ot her.Figure 49   Basic Service set6.10.6  MBSSIDTradit ionally, you need t o use different APs to configure different Basic Service Set s ( BSSs) . As w ell as t he cost  of buying extra APs, there is also the possibility of channel interference. The Device’s MBSSI D ( Mult iple Basic Service Set I Dentifier)  funct ion allows you to use one access point  t o provide several BSSs sim ult aneously. You can then assign varying QoS priorit ies and/ or securit y m odes t o different SSI Ds.Wireless devices can use different BSSI Ds t o associat e with t he sam e AP.6.10.6.1  Notes on Multiple BSSs• A m axim um  of eight BSSs are allowed on one AP sim ultaneously.
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide98• You m ust  use different  keys for  different  BSSs. I f t wo wireless devices have different  BSSI Ds ( t hey are in different  BSSs), but have t he sam e keys, t hey m ay hear each ot her ’s com m unicat ions ( but not com m unicate with each ot her) .• MBSSI D should not replace but rat her  be used in conj unction w ith 802.1x security.6.10.7  Preamble TypePream ble is used t o signal t hat data is com ing t o t he receiver. Short  and long refer t o the lengt h of the synchronizat ion field in a packet.Short pream ble increases perform ance as less tim e sending pream ble m eans m ore t im e for sending dat a. All I EEE 802.11 com pliant  wireless adapters support  long pream ble, but  not all support  short  pream ble. Use long pream ble if you are unsure what pream ble m ode other  wireless devices on t he net work support, and t o provide m ore reliable com m unicat ions in busy wireless net works. Use short  pream ble if you are sure all wireless devices on t he net work support  it , and to provide m ore efficient  com m unicat ions.Use t he dynam ic set t ing to aut om at ically use shor t  pream ble when all wireless devices on t he net work support  it , ot herwise t he Device uses long pream ble.Note:  The w ireless devices MUST use the sam e pream ble m ode in order t o com m unicate.6.10.8  Wireless Distribution System (WDS)The Device can act as a wireless net work bridge and est ablish WDS ( Wireless Dist ribut ion Syst em )  links w ith other APs. You need to know the MAC addresses of the APs you want  to link t o. Once t he security set t ings of peer sides m at ch one another, t he connect ion bet ween devices is m ade.At  t he t im e of writ ing, WDS security is com pat ible with other ZyXEL access point s only. Refer to your ot her access point ’s docum ent at ion for details.The following figure illust rat es how WDS link works bet w een APs. Not ebook com put er A is a wireless client  connecting to access point  AP 1 . AP 1  has no wired I nternet connect ion, but  it  can establish a WDS link with access point AP 2 , which has a w ired I nt ernet  connect ion. When AP 1  has a WDS link wit h AP 2 , t he not ebook com puter can access the I nt ernet  t hrough AP 2 .Figure 50   WDS Link Exam ple6.10.9  WiFi Protected Setup (WPS)Your Device support s WiFi Prot ected Set up ( WPS) , w hich is an easy way t o set up a secure wireless net work. WPS is an indust ry st andard specification, defined by the WiFi Alliance.WDSAP 2AP 1A
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 99WPS allows you to quickly set  up a wireless network wit h st rong securit y, without  having t o configure security set t ings m anually. Each WPS connection w orks bet w een t w o devices. Both devices m ust support  WPS ( check each device’s docum ent at ion t o m ake sure) . Depending on t he devices you have, you can either press a but t on ( on t he device it self, or in it s configurat ion ut ility)  or ent er a PI N ( a unique Personal I dentificat ion Num ber that allows one device to aut hent icat e t he ot her)  in each of the two devices. When WPS is act ivat ed on a device, it  has t wo m inutes t o find anot her device that also has WPS activat ed. Then, t he t wo devices connect and set up a secure network by them selves.6.10.9.1  Push Button ConfigurationWPS Push But t on Configurat ion ( PBC) is initiat ed by pressing a butt on on each WPS- enabled device, and allowing them  t o connect  aut om at ically. You do not  need to ent er any inform at ion. Not  every WPS- enabled device has a physical WPS butt on. Som e m ay have a WPS PBC but ton in their configuration utilities inst ead of or in addit ion to the physical but t on.Take the following st eps to set  up WPS using t he but t on.1Ensure t hat  t he two devices you want t o set  up are within wireless range of one anot her. 2Look for a WPS butt on on each device. I f the device does not have one, log into it s configurat ion ut ility and locat e t he but ton ( see the device’s User’s Guide for  how t o do t his -  for the Device, see Sect ion 6.6 on page 87) .3Press t he but t on on one of the devices (it doesn’t m at t er which) . For t he Device you m ust  press t he WPS but t on for m ore than t hree seconds.4Within two m inutes, press t he but t on on the ot her device. The registrar sends t he net work nam e ( SSI D)  and securit y key t hrough an secure connection to t he enrollee.I f you need t o m ake sure that WPS worked, check t he list of associated wireless clients in the AP’s configurat ion ut ilit y. I f you see t he wireless client in t he list , WPS was successful.6.10.9.2  PIN ConfigurationEach WPS- enabled device has it s own PI N ( Personal I dent ification Num ber ) . This m ay eit her be st at ic ( it  cannot  be changed)  or dynam ic ( in som e devices you can generat e a new PI N by clicking on a but t on in the configurat ion int er face) . Use t he PI N m et hod inst ead of t he push- but t on configurat ion ( PBC) m ethod if you want t o ensure that t he connection is established between the devices you specify, not  j ust t he first  t wo devices to activat e WPS in range of each ot her. However, you need to log into the configurat ion int erfaces of bot h devices t o use the PI N m et hod.When you use t he PI N m et hod, you m ust  enter t he PI N from  one device ( usually the wireless client )  int o the second device ( usually the Access Point or w ireless rout er) . Then, when WPS is act ivat ed on t he first device, it presents it s PI N t o the second device. I f t he PI N m at ches, one device sends the net work and security inform at ion to the ot her, allowing it  t o j oin t he net w ork.Take the following st eps t o set  up a WPS connection between an access point or wireless rout er ( referred t o here as t he AP)  and a client device using t he PI N m et hod.
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide1001Ensure WPS is enabled on bot h devices.2Access t he WPS sect ion of t he AP’s configurat ion int erface. See t he device’s User ’s Guide for how t o do t his. 3Look for t he client ’s WPS PI N;  it will be displayed either on t he device, or in the WPS sect ion of t he client ’s configuration int erface (see t he device’s User’s Guide for how to find the WPS PI N -  for  t he Device, see Sect ion 6.5 on page 86) .4Ent er t he client ’s PI N in t he AP’s configurat ion int erface.5I f t he client  device’s configurat ion interface has an area for entering another device’s PI N, you can eit her  ent er t he client ’s PI N in t he AP, or ent er the AP’s PI N in t he client -  it does not  m att er which. 6St art  WPS on both devices wit hin two m inut es. 7Use t he configurat ion ut ilit y to act ivat e WPS, not t he push- butt on on t he device it self.8On a com put er connect ed t o t he wireless client, try to connect  t o the I nt ernet. I f you can connect , WPS was successful.I f you cannot  connect, check the list  of associated wireless client s in t he AP’s configuration utility. I f you see t he wireless client in t he list, WPS was successful.
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 101The following figure show s a WPS- enabled wireless client ( inst alled in a notebook com put er)  connect ing t o t he WPS- enabled AP via the PI N m ethod.Figure 51   Exam ple WPS Process:  PI N Met hod6.10.9.3  How WPS WorksWhen t wo WPS- enabled devices connect , each device m ust  assum e a specific role. One device act s as t he registrar ( t he device t hat supplies network and securit y  set tings)  and the ot her device act s as the enrollee ( t he device t hat  receives net work and securit y set t ings. The registrar creat es a secure EAP ( Ext ensible Aut hent icat ion Prot ocol)  tunnel and sends the net work nam e (SSI D) and the WPA-PSK or WPA2- PSK pr e- shared key t o t he enr ollee. Whet her WPA-PSK or WPA2- PSK is used depends on the st andards support ed by t he devices. I f t he registrar is already part  of a net work, it  sends t he exist ing inform ation. I f not , it generat es t he SSI D and WPA( 2) - PSK random ly.ENROLLEESECURE EAP TUNNELSSIDWPA(2)-PSKWITHIN 2 MINUTESCOMMUNICATIONThis device’s WPSEnter WPS PIN  WPSfrom other device: WPS PIN: 123456WPSSTARTWPSSTARTREGISTRAR
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide102The following figure shows a WPS- enabled client  ( installed in a notebook com put er)  connect ing t o a WPS- enabled access point .Figure 52   How WPS worksThe roles of regist rar and enrollee last  only as long as t he WPS set up pr ocess is act ive (t wo m inutes) . The next  t im e you use WPS, a different device can be t he regist rar if necessary.The WPS connect ion process is like a handshake;  only t wo devices part icipate in each WPS transact ion. I f you want  t o add m ore devices you should repeat t he process wit h one of t he exist ing net worked devices and t he new device.Not e that t he access point ( AP) is not  always t he regist rar, and t he wireless client  is not always t he enrollee. All WPS- cert ified APs can be a regist rar, and so can som e WPS- enabled wireless client s.By default, a WPS devices is “ unconfigured”. This m eans t hat  it is not  part  of an exist ing net work and can act as eit her enrollee or regist rar ( if it support s bot h funct ions) . I f t he registrar is unconfigured, t he security set t ings it  t ransm its to the enrollee are random ly- generated. Once a WPS- enabled device has connected t o another  device using WPS, it becom es “ configured”. A configured wireless client  can st ill act  as enrollee or regist rar in subsequent WPS connections, but a configured access point  can no longer act  as enrollee. I t  will be t he regist rar in all subsequent  WPS connect ions in which it  is involved. I f you want a configur ed AP to act as an enrollee, you m ust  reset it  t o it s factory default s.6.10.9.4  Example WPS Network SetupThis sect ion shows how security set t ings are dist ributed in an exam ple WPS set up.The following figure shows an exam ple net work. I n step 1, bot h AP1  and Clie n t  1  are unconfigured. When WPS is activat ed on both, they perform  t he handshake. I n t his exam ple, AP1  SECURE TUNNELSECURITY INFOWITHIN 2 MINUTESCOMMUNICATIONACTIVATEWPSACTIVATEWPSWPS HANDSHAKEREGISTRARENROLLEE
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 103is t he registrar, and Clie nt  1  is t he enrollee. The regist rar random ly generates t he securit y inform ation t o set  up t he net work, since it  is unconfigured and has no exist ing inform ation.Figure 53   WPS:  Exam ple Net work St ep 1I n st ep 2 , you add anot her wireless client t o the net w ork. You know t hat  Clie n t  1  supports regist rar  m ode, but  it is bet t er t o use AP1  for  t he WPS handshake wit h t he new client  since you m ust connect  t o t he access point  anyway in order t o use t he network. I n t his case, AP1  m ust  be t he registrar, since it  is configured (it already has secur ity inform ation for the net w ork) . AP1  supplies the existing security inform ation t o Client  2 .Figure 54   WPS:  Exam ple Net work St ep 2REGISTRARENROLLEESECURITY INFOCLIENT 1 AP1REGISTRARCLIENT 1 AP1ENROLLEECLIENT 2EXISTING CONNECTIONSECURITY INFO
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide104I n st ep 3, you add anot her access point  ( AP2 )  t o your net w ork. AP2  is out  of range of AP1 , so you cannot  use AP1  for t he WPS handshake wit h t he new access point . However, you know t hat Client  2 supports the registrar funct ion, so you use it t o perform  the WPS handshake inst ead.Figure 55   WPS:  Exam ple Net work St ep 36.10.9.5  Limitations of WPSWPS has som e lim itations of w hich you should be aware. • WPS works in I nfrastructure net works only ( where an AP and a w ireless client  com m unicate) . I t  does not  work in Ad- Hoc net w orks ( wher e there is no AP) .• When you use WPS, it works bet ween two devices only. You cannot  enr oll m ult iple devices sim ult aneously, you m ust  enroll one aft er t he ot her. For  instance, if you have t wo enrollees and one regist rar you m ust set  up t he first  enrollee ( by pressing the WPS butt on on t he regist rar and t he first  enrollee, for exam ple) , t hen check that it successfully enrolled, t hen set  up t he second device in t he sam e way.• WPS works only with ot her WPS- enabled devices. However, you can still add non-WPS devices t o a network you already set  up using WPS. WPS works by autom at ically issuing a random ly- generat ed WPA- PSK or WPA2- PSK pre- shared key from  t he registrar device to t he enrollee devices. Whet her t he network uses WPA-PSK or WPA2- PSK depends on the device. You can check the configurat ion interface of t he regist rar device t o discover t he key t he net work is using ( if the device supports t his feat ure) . Then, you can ent er t he key int o t he non-WPS device and j oin t he net work as nor m al ( t he non-WPS device m ust also support  WPA- PSK or WPA2- PSK) .CLIENT 1 AP1REGISTRARCLIENT 2EXISTING CONNECTIONSECURITY INFOENROLLEEAP2EXISTING CONNECTION
 Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide 105• When you use the PBC m et hod, t here is a short period ( from  the m om ent  you press t he but t on on one device t o the m om ent  you press t he but t on on t he other device)  w hen any WPS- enabled device could j oin t he net work. This is because t he regist rar has no way of identifying t he “ correct ”  enrollee, and cannot  differentiat e between your enrollee and a rogue device. This is a possible way for a hacker t o gain access t o a network.You can easily check t o see if t his has happened. WPS works between only t wo devices sim ult aneously, so if anot her device has enrolled your  device will be unable t o enroll, and will not  have access t o t he net w ork. I f t his happens, open the access point ’s configuration int erface and look at  t he list  of associat ed clients ( usually displayed by MAC address) . I t  does not  m att er if t he access point  is t he WPS regist rar, t he enrollee, or was not involved in the WPS handshake;  a rogue device m ust st ill associate with t he access point  to gain access to the net work. Check t he MAC addresses of your wireless client s ( usually printed on a label on the bot t om  of the device) . I f there is an unknown MAC address you can rem ove it  or reset  t he AP.
Chapter 6 WirelessVMG8324-B10A / VMG8324-B30A Series User’s Guide106
VMG8324-B10A / VMG8324-B30A Series User’s Guide 107CHAPTER   7Home Networking7.1  OverviewA Local Area Net work ( LAN) is a shared com m unication syst em  t o which m any net working devices are connect ed. I t is usually locat ed in one im m ediate area such as a building or floor of a building.Use t he LAN screens t o help you configure a LAN DHCP server and m anage I P addresses.7.1.1  What You Can Do in this Chapter• Use the LAN  Se t u p screen t o set t he LAN I P address, subnet  m ask, and DHCP set t ings of your Device ( Sect ion 7.2 on page 109) .• Use the Sta t ic DHCP screen to assign I P addresses on t he LAN t o specific individual com puters based on t heir MAC Addresses ( Sect ion 7.3 on page 113) . • Use the UPnP screen to enable UPnP and UPnP NAT t raversal on t he Device (Sect ion 7.4 on page 114) .• Use the Addit ional Subn e t  screen t o configure I P alias and public st at ic I P (Section 7.5 on page 115) .• Use the STB Ve n dor I D screen to have t he Device aut om at ically creat e st atic DHCP entries for Set Top Box ( STB)  devices when they request  I P addresses (Sect ion 7.8 on page 125)• Use the 5 t h Et hernet  Port  screen t o configure t he W AN  port as t he Ethernet  WAN port  or a LAN port  ( Section 7.10 on page 126) .• Use the LAN  VLAN  screen to cont r ol t he VLAN I D and I EEE 802.1p priorit y t ags of t raffic sent  out  through individual LAN port s ( Section 7.10 on page 126) .• Use the W ak e on La n  screen t o r em ot ely t urn on a device on t he net work. ( Sect ion 7.10 on page 126) .DSLLAN
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide1087.1.2  What You Need To Know7.1.2.1  About LANIP AddressI P addresses identify individual devices on a net work. Ever y net working device (including com put ers, servers, routers, print ers, etc.)  needs an I P address t o com m unicat e across t he net work. These net working devices ar e also known as host s.Subnet MaskSubnet m asks det erm ine t he m axim um  num ber of possible host s on a network. You can also use subnet  m asks t o divide one network into m ultiple sub- net works.DHCPA DHCP ( Dynam ic Host Configuration Protocol)  server can assign your Device an I P address, subnet  m ask, DNS and ot her routing inform at ion when it 's turned on.DNSDNS (Dom ain Nam e Syst em )  is for m apping a dom ain nam e to it s corresponding I P address and vice versa. The DNS server is ext rem ely im port ant because wit hout  it , you m ust  know the I P address of a net w orking device before you can access it.RADVD (Router Advertisement Daemon)When an I Pv6 host  sends a Router Solicitat ion ( RS) request  to discover t he available rout ers, RADVD wit h Rout er Advert isem ent  ( RA)  m essages in response to the request . I t  specifies t he m inim um  and m axim um  intervals of RA broadcast s. RA m essages cont aining the address prefix. I Pv6 host s can be generated wit h the I Pv6 prefix an I Pv6 address.7.1.2.2  About UPnPIdentifying UPnP DevicesUPnP hardware is ident ified as an icon in t he Net work Connect ions folder ( Windows XP) . Each UPnP com pat ible device installed on your net work will appear as a separat e icon. Selecting t he icon of a UPnP device will allow  you to access the inform at ion and properties of t hat  device. NAT TraversalUPnP NAT t raversal aut om at es the process of allowing an application t o operat e t hrough NAT. UPnP net work devices can aut om at ically configure net work addressing, announce their presence in the net work t o other UPnP devices and enable exchange of sim ple product  and ser vice descript ions. NAT t raversal allows t he following:• Dynam ic port  m apping• Learning public I P addresses
 Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide 109• Assigning lease t im es to m appingsWindows Messenger is an exam ple of an applicat ion that support s NAT t raversal and UPnP. See t he Chapter 10 on page 157 for m ore inform at ion on NAT.Cautions with UPnPThe aut om at ed nature of NAT t raversal applicat ions in est ablishing their own services and opening firewall port s m ay present network security issues. Net w ork inform ation and configurat ion m ay also be obt ained and m odified by users in som e net work environm ents. When a UPnP device j oins a net work, it  announces its presence wit h a m ult icast  m essage. For security reasons, t he Device allows m ulticast  m essages on the LAN only.All UPnP-enabled devices m ay com m unicate freely wit h each ot her wit hout addit ional configurat ion. Disable UPnP if t his is not  your intention. UPnP and ZyXELZyXEL has achieved UPnP cer t ificat ion from  t he Universal Plug and Play Forum  UPnP™ I m plem enters Corp. (UI C). ZyXEL's UPnP im plem ent at ion support s I nternet  Gat eway Device ( I GD) 1.0. See Sect ion 7.5 on page 115 for exam ples of inst alling and using UPnP.Finding Out MoreSee Sect ion 7.12 on page 128 for t echnical background inform ation on LANs.7.1.3  Before You BeginFind out t he MAC addresses of your network devices if you intend t o add them  t o t he DHCP Client  List  screen.7.2  The LAN Setup ScreenUse t his screen t o set t he Local Area Net w ork I P address and subnet  m ask of your Device. Click N e t w ork Se t t ing >  Hom e  N e t w or king to open the LAN  Set u p screen. Follow t hese st eps to configure your LAN sett ings.1Ent er an I P address into the I P Address field. The I P address m ust  be in dot ted decim al notat ion. This will becom e t he I P address of your Device.2Ent er t he I P subnet m ask int o t he I P Subn e t  M ask  field. Unless inst ruct ed otherwise it  is best  t o leave t his alone, t he configurat or will aut om at ically com put e a subnet  m ask based upon t he I P address you ent ered.
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide1103Click Apply t o save your sett ings.Figure 56   Net work Set t ing >  Hom e Net w orking >  LAN Set upThe following t able describes t he fields in t his screen.  Table 31   Net work Sett ing >  Hom e Net w orking >  LAN Set upLABEL DESCRIPTIONI nterface GroupGroup Nam e Select  t he int erface group nam e for which you want  t o configure LAN set t ings. See Chapter 12 on page 179 for how t o create a new int erface group.LAN I P Set upI Pv4  Addr ess Ent er t he LAN I Pv4 I P addr ess you w ant  t o assig n  t o y our  Dev i ce in  dot t ed decim al not at ion, for exam ple, 192.168.1.1 ( fact ory default ) . Subnet  Mask/Prefix Lengt h Type t he subnet  m ask of your net work in dot t ed decim al notat ion, for exam ple 255.255.255.0 ( fact ory default ) . Your Device aut om at ically com putes t he subnet  m ask based on t he I P Address you ent er, so do not  change this field unless you are instruct ed to do so.I GMP SnoopingSt at us Select  t he En able I GM P Snooping checkbox t o allow s t he Device to passively learn m ult icast  group.I GMP Mode Select St a ndard Mode t o have t he Device forwar d m ulticast packet s t o a port  t hat  j oins the m ulticast  group and broadcast  unknown m ult icast packets from  t he WAN to all LAN ports.Select  Block ing M ode  t o have t he Device block all unknown m ulticast packet s from  t he WAN.DHCP Server St ateDHCP Select Enable  t o have the Device act as a DHCP server or DHCP relay agent. Select  D isa ble  t o stop the DHCP server on t he Device. Select  D HCP Re lay to have t he Device forward DHCP request t o the DHCP server. DHCP Relay Ser ver AddressThis field is only available when you select  DHCP Relay in the D H CP field.
 Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide 111I Pv4 Addr ess Ent er t he I Pv4 I P addr ess of t he act ual rem ote DHCP server in t his field.I P Addressing Va lu e sThis field is only available when you select  En a ble in t he D H CP field. Beginning I P AddressThis field specifies t he first  of t he cont iguous addresses in t he I P address pool.Ending I P AddressThis field specifies the last  of t he contiguous addresses in t he I P address pool.Aut o reserve I P for t he sam e hostSelect  Enable t o have t he Device r ecor d DHCP I P addresses wit h the MAC addr esses t he I P addr esses ar e assigned t o. The Device assigns t he sam e I P address to t he sam e MAC addr ess when the host requests an I P address again t hrough DHCP.DHCP Server Lease Tim eThis is the per iod of t im e DHCP- assigned addresses is used. DHCP aut om at ically assigns I P addr esses to client s when t hey log in. DHCP cent ralizes I P address m anagem ent on cent ral com put ers t hat  r un t he DHCP ser ver  program . DHCP leases addresses, for a period of tim e, which m eans t hat  past addr esses are “ recycled”  and m ade available for futur e reassignm ent  to other syst em s.This field is only available when you select  En a ble in t he D H CP field. Days/ Hours/Minut esEnt er t he lease t im e of t he DHCP server.DNS Values This field is only available when you select  Enable in the DH CP field. DNS Select  t he t ype of service t hat you are registered for from  your Dynam ic DNS service provider. Select  D ynam ic if you have t he Dynam ic DNS service. Select  St a t ic if you have the St at ic DNS service. DNS Server 1DNS Server 2Ent er t he first  and second DNS ( Dom ain Nam e Syst em )  server I P address t he Device passes to t he DHCP client s. LAN I Pv6 Mode SetupI Pv6 State Select  Ena ble to act ivat e the I Pv6 m ode and configur e I Pv6 settings on t he Device.LAN I Pv6 Address Set upDelegat e prefix from  WANSelect  t his opt ion to aut om at ically obtain an I Pv6 net work pr efix from  the service pr ovider or an uplink rout er.St atic Select  this opt ion t o configure a fixed I Pv6 address for the Device’s LAN I Pv 6 address.ULA Pseudo-Random  Global I D A unique local addr ess ( ULA)  is a unique I Pv6 address for use in privat e net works but  not rout able in t he global I Pv6 I nternet . Select  this t o have t he Dev ice autom at ically generate a globally unique address for  the LAN I Pv6 address. The address form at  is like fdxx : x xxx: xxxx: xxxx: : / 64.ULA I Pv6 Address Set upI Pv6 Address  I f you select  st atic I Pv6 address, ent er t he I Pv6 address prefix t hat  t he Device uses for t he LAN I Pv6 address.Prefix Lengt h  I f you select  st at ic I Pv6 address, ent er the I Pv6 prefix lengt h that the Dev ice uses t o generat e t he LAN I Pv6 address.An I Pv6 prefix lengt h specifies how m any m ost significant  bit s (st art ing from  t he left )  in t he addr ess com pose the net work address. This field displays t he bit num ber of the I Pv6 subnet m ask.Table 31   Net work Sett ing >  Hom e Net working >  LAN Set up ( cont inued)LABEL DESCRIPTION
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide112MLD Snooping Mult icast  List ener Discov ery  ( MLD)  allows an I Pv6 swit ch or rout er t o discover the presence of MLD host s who wish t o receive m ulticast  packets and t he I P addresses of m ult icast  groups the host s want  to join on it s net work. Select Ena ble  MLD  Snoopin g t o activat e MLD Snooping on t he Device. This allows the Device t o check MLD packet s passing t hr ough it and learn t he m ult icast gr oup m em bership. I t  helps reduce m ulticast  t raffic.MLD Mode  Select St a ndard Mode  to have t he Device forward I Pv6 m ulticast  packet s t o a port  t hat  joins t he I Pv6 m ulticast group and broadcast  unknown I Pv6 m ulticast packets from  t he WAN to all LAN port s.Select  Block ing M ode  t o have t he Device block all unknown I Pv6 m ulticast  packet s fr om  the WAN.LAN I Pv6 Address Assign Set upSelect  how you want  t o obt ain an I Pv6 address:  •St a t e le ss:  The Device uses I Pv6 st at eless aut oconfigurat ion. RADVD ( Rout er Advert isem ent  Daem on)  is enabled to have the Device send I Pv6 prefix inform at ion in rout er advertisem ent s periodically and in response t o rout er solicit ations. DHCPv6 server is disabled.•St a t e fu l:  The Dev ice uses I Pv6 stat eful aut oconfigurat ion. The DHCPv6 server is enabled t o have the Device act  as a DHCPv6 ser ver and pass I Pv6 addresses t o DHCPv6 client s.•St a t e less a nd Stat eful:  The Dev ice uses bot h I Pv6 stat eless and st ateful aut oconfigurat ion. The LAN I Pv6 client s can obt ain I Pv6 addresses eit her through rout er advert isem ent s or t hrough DHCPv6.•LAN I Pv6 DNS Assign SetupSelect  how t he Dev ice provide DNS ser ver and dom ain nam e inform ation t o t he client s:  •From  Rou t e r  Adve rt isem e nt :  The Device provides DNS inform at ion through rout er advert isem ent s.•From  DH CPv6  Se r v er:  The Device prov ides DNS inform at ion thr ough DHCPv6.•Fr o m  RA &  D H CPv 6  Se r v e r :  The Dev ice prov ides DNS inform at ion t hr ough bot h rout er advert isem ent s and DHCPv6.DHCPv6 ConfigurationDHCPv6 St at e  This show s the st at us of t he DHCPv6. I Pv6 Rout er Adv ert isem ent  St at eRADVD State  This show s whet her RADVD is enabled or not .I Pv6 DNS ValuesI Pv6 DNS Server 1- 3Select  Fr om  I SP if your I SP dynam ically assigns I Pv6 DNS ser ver inform at ion.Select  Use r- D e fine d if you have t he I Pv6 address of a DNS server. Ent er t he DNS server I Pv6 addresses t he Device passes t o t he DHCP clients.Select  N on e if you do not want  t o configure I Pv6 DNS servers.DNS Query ScenarioSelect  how t he Device handles client s’ DNS inform ation requests.•I Pv4 / I Pv6  DN S Ser ve r:  The Device forwards t he requests t o bot h the I Pv4 and I Pv6 DNS servers and sends client s t he first  DNS infor m ation it  receives.•I Pv6  DNS Se r ver  On ly:  The Device forwards the request s to the I Pv6 DNS server and sends client s t he DNS inform at ion it  receives. •I Pv4  DNS Se r ver  On ly:  The Device forwards the request s to the I Pv4 DNS server and sends client s t he DNS infor m at ion it  receives.•I Pv6  DN S Serv er First :  The Device forwar ds t he requests t o t he I Pv6 DNS server first  and then the I Pv4 DNS server. Then it sends client s the first  DNS infor m at ion it receives.•I Pv4  DN S Serv er First :  The Device forwar ds t he requests t o t he I Pv4 DNS server first  and then the I Pv6 DNS server. Then it sends client s the first  DNS infor m at ion it receives.Apply Click Apply t o save your changes.Cancel Click Ca ncel t o restore your previously saved set t ings.Table 31   Net work Sett ing >  Hom e Net working >  LAN Set up ( cont inued)LABEL DESCRIPTION
 Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide 1137.3  The Static DHCP ScreenThis t able allows you to assign I P addresses on t he LAN t o specific individual com put er s based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control)  address. The MAC address is assigned at  t he fact ory and consist s of six pair s of hexadecim al charact ers, for exam ple, 00: A0: C5: 00: 00: 02.Use t his screen t o change your Device’s st at ic DHCP set t ings. Click N et w ork  Set t ing >  Hom e  N e t w o rk in g >  St at ic DHCP t o open the following screen.Figure 57   Net work Set t ing >  Hom e Net w orking >  St at ic DHCP The following t able describes t he labels in this screen.I f you click Add new  st a t ic le ase  in the Sta t ic DHCP screen or t he Edit  icon next t o a static DHCP ent ry, t he follow ing screen displays.Figure 58   St at ic DHCP:  Add/ EditTable 32   Net work Sett ing >  Hom e Networking >  Stat ic DHCPLABEL DESCRIPTIONAdd new stat ic leaseClick this to add a new st atic DHCP ent ry. # This is the index num ber of the ent r y.St atus This field displays whether t he client  is connect ed to t he Device.MAC Address The MAC ( Media Access Cont rol) or Ethernet address on a LAN ( Local Area Net work)  is unique t o your com puter (six  pairs of hex adecim al not ation).A net work interface card such as an Ethernet adapter  has a hardwired address t hat  is assigned at  t he fact ory. This address follows an indust ry  st andard t hat  ensures no ot her adapter has a sim ilar address.I P Address This field displays the I P address relative to the #  field listed above.Modify Click t he Edit icon to have t he I P address field edit able and change it .Click the D ele t e  icon t o delet e a stat ic DHCP ent ry. A window displays asking you t o confirm  t hat you want  to delet e the selected ent ry.
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide114The following t able describes t he labels in this screen.7.4  The UPnP ScreenUniversal Plug and Play ( UPnP)  is a distribut ed, open net w orking standard that uses TCP/ I P for  sim ple peer-t o- peer net w ork connect ivity between devices. A UPnP device can dynam ically j oin a net work, obt ain an I P address, convey it s capabilit ies and learn about  ot her devices on t he net w ork. I n t urn, a device can leave a net work sm oothly and aut om at ically when it  is no longer in use.See page 108 for m ore inform ation on UPnP.Use t he following screen t o configure t he UPnP sett ings on your Device. Click N et w ork  Set t ing >  Hom e  N e t w orking >  UPn P t o display the screen shown next .Figure 59   Net work Set t ing >  Hom e Net w orking >  UPnPTable 33   St atic DHCP:  Add/ EditLABEL DESCRIPTIONAct iv e Select  t his t o act ivat e t he connect ion bet ween t he client  and the Device.Group Nam e Select  the interface group nam e for which you w ant  t o configur e st at ic DHCP settings. See Chapt er 12 on page 179 for how  t o creat e a new  int erface group.Select  Device  I nfo Select a device or com puter fr om  the drop-down list  or select Manu a l I n pu t  t o m anually enter a device’s MAC address and I P address in t he following fields.MAC Address I f you select  M a n ua l I npu t , ent er  the MAC address of a com puter on your LAN.I P Address I f you select  M a nua l I npu t , enter t he I P address that  you want  to assign to the com put er  on your LAN w it h the MAC address t hat you will also specify.Apply Click Apply t o save your changes.Cancel Click Ca ncel t o exit  this screen wit hout saving.
 Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide 115The following t able describes t he labels in this screen.7.5  Installing UPnP in Windows ExampleThis sect ion shows how t o inst all UPnP in Windows Me and Windows XP. Installing UPnP in Windows MeFollow t he steps below t o install t he UPnP in Windows Me. 1Click St a rt  and Cont rol Pa n e l. Double- click Add/ Re m ove Progra m s.Table 34   Net work Sett ing >  Hom e Net working >  UPnPLABEL DESCRIPTIONUPnP Select  Ena ble  t o act ivate UPnP. Be aware t hat  anyone could use a UPnP applicat ion to open the web configurator's login screen w it hout  ent ering t he Device's I P address (alt hough you m ust  st ill ent er  the password t o access t he web configurator) .UPnP NAT-T Select  En a ble t o allow UPnP- enabled applicat ions to aut om at ically configure t he Device so that  t hey can com m unicat e t hrough t he Device by using NAT t raversal. UPnP applicat ions aut om at ically reser ve a NAT forwarding port  in order t o com m unicate wit h another UPnP enabled device;  t his elim inat es t he need t o m anually configure port  forwarding for t he UPnP enabled applicat ion. The table below displays the NAT port forwarding rules added autom at ically by  UPnP NAT-T.# This is t he index num ber of the UPnP NAT-T connect ion.Descript ion This is t he description of t he UPnP NAT-T connect ion.I P Address This is the I P addr ess of t he ot her connect ed UPnP enabled device.Ext ernal Port This is t he ext ernal port num ber t hat ident ifies t he service.I nternal Port This is t he int ernal port num ber t hat  ident ifies t he service.Apply Click Apply to save your changes.Cancel Click Ca nce l to exit t his screen without  saving.
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide1162Click on the W indow s Set up tab and select  Com m u nica t ion  in t he Com ponent s select ion box. Click D e t a ils. Add/Remove Programs: Windows Setup: Communication 3I n t he Com m unicat ions window, select  t he Unive rsa l Plug and Pla y check box in t he Com p on e nt s select ion box. Add/Remove Programs: Windows Setup: Communication: Components
 Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide 1174Click OK to go back to the Add/ Rem ove  Program s Pr oper t ies window and click N e x t. 5Rest art  t he com put er when prom pt ed. Installing UPnP in Windows XPFollow t he steps below t o inst all the UPnP in Windows XP.1Click St a r t  and Con t r ol Pa n e l. 2Double-click N et w or k  Connect ions.3I n t he N e t w or k  Con n e ct ions window, click Advanced in t he m ain m enu and select Opt ion a l N e t w orking Com pone n t s …. Network Co nnections4The W indow s Opt ional N e t w or k ing Com ponent s W iza r d window displays. Select  N et w or k ing Se r v ice  in the Com pone n t s selection box and click D et a ils. Windows Optional Networking Components Wizard
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide1185I n t he N e t w or k ing Ser vices window, select  t he Univ e r sal Plug a n d Pla y check box. Networking Services6Click OK to go back t o t he W indow s Opt ion a l N e t w or k ing Com pon e nt  W iza rd window and click N e x t . 7.6  Using UPnP in Windows XP ExampleThis sect ion shows you how t o use t he UPnP feat ure in Windows XP. You m ust  already have UPnP inst alled in Windows XP and UPnP activat ed on the Device.Make sure t he com puter is connected t o a LAN port  of the Device. Turn on your com puter and the Device. Auto-discover Your UPnP-enabled Network Device1Click St a r t  and Con t r ol Pa n e l. Double- click N et w ork  Con ne ct ions. An icon displays under I nt ernet  Gat eway.
 Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide 1192Right- click t he icon and select  Pr op er t ie s. Network Co nnections3I n t he I nt er ne t  Conne ct ion Prope rt ies window, click Set t ings to see the port  m appings t here were aut om at ically creat ed. Internet Connec tion Properties
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide1204You m ay edit or delet e t he port  m appings or click Add t o m anually add port  m appings. Internet Connection Properties: Advanced SettingsInternet Connec tion Properties: Ad vanced Settings: Add5When t he UPnP- enabled device is disconnected from  your com put er, all port  m appings will be deleted autom at ically.6Select  Show  icon in not ifica t ion ar e a  w he n con n e ct e d opt ion and click OK. An icon displays in the syst em  tray. System Tray Icon
 Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide 1217Double-click on t he icon t o display your current  I nt er net connection st atus.Internet Conn ection StatusWeb Configurator Easy AccessWith UPnP, you can access the web-based configurator on t he Device without finding out  t he I P address of t he Device first . This com es helpful if you do not  know the I P address of t he Device.Follow t he st eps below t o access t he web configurat or.1Click St a r t  and t hen Cont r ol Panel. 2Double-click N et w or k  Connect ions.
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide1223Select  My N e t w or k Places under  Ot h e r  Pla ce s. Network Co nnections4An icon with the description for each UPnP- enabled device displays under Local N e t w or k . 5Right- click on t he icon for your Device and select  I n vo k e. The web configurat or login screen displays. Network Co nnections: My Netw ork Places
 Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide 1236Right- click on t he icon for your Device and select  Pr ope r t ie s. A propert ies window displays with basic inform ation about  t he Device. Network Co nnections: My Netw ork Places: Proper ties: Example
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide1247.7  The Additional Subnet ScreenUse t he Addit iona l Su bnet  screen t o configure I P alias and public st at ic I P. I P alias allows you to partition a physical network into different logical networks over t he sam e Et hernet  inter face. The Device support s m ult iple logical LAN int erfaces via it s physical Ethernet  int erface w ith the Device it self as t he gat eway for t he LAN net w ork. When you use I P alias, you can also configure firewall rules t o cont rol access to the LAN's logical network ( subnet) .I f your I SP provides t he Public LAN service, t he Device m ay use an LAN I P address t hat  can be accessed from  t he WAN. Click N et w ork  Se t t ing >  H om e  Ne t w ork in g >  Addit iona l Su bnet  t o display t he screen shown next .Figure 60   Net work Set t ing >  Hom e Net w orking >  Addit ional SubnetThe following t able describes t he labels in this screen.Table 35   Net work Sett ing >  Hom e Net w orking >  Addit ional SubnetLABEL DESCRIPTIONI P Alias Set upGroup Nam e Select the int erface group nam e for which you want  t o configure the I P alias settings. See Chapt er 12 on page 179 for how t o create a new interface group.Act iv e Select  t he checkbox t o configure a LAN net work for the Device.I P Address Ent er the I P address of your Device in dotted decim al not at ion. I P Subnet Mask  Your Device will aut om at ically calculat e t he subnet m ask based on t he I P address that  you assign. Unless you ar e im plem ent ing subnetting, use the subnet  m ask com puted by t he Device.Public LANActive Select  t he checkbox t o enable t he Public LAN feat ure. Your  I SP m ust  suppor t  Public LAN and St at ic I P. I P Address Enter  t he public I P address provided by your I SP.I P Subnet  Mask  Enter  t he public I P subnet m ask prov ided by your I SP.
 Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide 1257.8  The STB Vendor ID ScreenSet Top Box ( STB)  devices wit h dynam ic I P addresses som et im es don’t renew t heir I P addresses befor e the lease tim e expir es. This could lead t o I P address conflict s if t he STB continues t o use an I P address t hat  gets assigned to another device. Use t his screen t o list t he Vendor I Ds of connect ed STBs to have t he Device aut om at ically creat e st atic DHCP ent ries for t hem  when they request  I P addresses.Click N et w ork  Se t t ing >  H om e N e t w or k ing >  STB V e n dor  I D t o open t his screen. Figure 61   Net work Set t ing >  Hom e Net w orking >  STB Vendor I DThe following t able describes t he labels in this screen.7.9  The 5th Ethernet Port ScreenI f you use a DSL connection, you can configur e your Ethernet WAN port  as an ext ra LAN por t . This Gigabit  Ethernet  port  provides fast er  t ransm ission speeds. Click N e t w or k Se t t ing >  H om e N e t w o rk in g >  5 t h  Et h e r net  Por t  t o open t his screen.Offer Public I P by  DHCPSelect the checkbox t o enable t he Device t o provide public I P addresses by  DHCP server.Enable ARP Prox ySelect  the checkbox t o enable the ARP ( Address Resolut ion Pr ot ocol)  proxy.Apply Click Apply t o save your  changes.Cancel Click Ca ncel t o exit  this screen w it hout  saving.Table 35   Net work Sett ing >  Hom e Net w orking >  Addit ional Subnet  ( cont inued)LABEL DESCRIPTIONTable 36   Net work Sett ing >  Hom e Net working >  STB Vendor I DLABEL DESCRIPTIONVen dor  I D 1  ~  5Enter t he STB’s vendor I D.Apply Click Apply to save your changes.Cancel Click Ca nce l to exit t his screen without  saving.
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide126Not e:  The Device needs t o rest art to m ake the role change take effect .Figure 62   Net work Set t ing >  Hom e Net w orking >  5t h Ethernet  Port The following t able describes t he labels in this screen.7.10  The LAN VLAN ScreenClick N et w ork  Set t ing >  H om e  N e t w or k ing >  LAN  VLAN  t o open this screen. Use t his screen to cont rol t he VLAN I D and I EEE 802.1p prior ity t ags of t raffic sent  out t hrough individual LAN port s. Figure 63   Net work Set t ing >  Hom e Net w orking >  LAN VLANTable 37   Net work Set t ing >  Hom e Net working >  5t h Ethernet  PortLABEL DESCRIPTIONSt ate Select Enable to use t he Ether net WAN port  as a LAN port on the Device. Apply Click Apply to save your changes.Cancel Click Ca nce l to exit t his screen without  saving.
 Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide 127The following t able describes t he labels in this screen.7.11  The Wake on LAN ScreenUse t his screen to turn on a device on t he LAN net work. To use t his feature, t he rem ot e device m ust  also support  Wake On LAN.You need t o know t he MAC address of t he LAN device. I t  m ay be on a label on t he device or in its docum ent at ion.Click N et w ork  Se t t ing >  H om e N e t w or k ing >  W ak e  on  La n  to open this screen.  Figure 64   Net work Set t ing >  Hom e Net w orking >  Wake on LanThe following t able describes t he labels in this screen.Table 38   Net work Sett ing >  Hom e Net w orking >  LAN VLANLABEL DESCRIPTIONLan Port These represent the Device’s LAN ports.Tag Operat ion Select  what you want  the Device t o do t o t he I EEE 802.1q VLAN I D and priorit y tags of downstream  t raffic before sending it out t hrough this LAN port.•Unch a nge  -  Don’t  do anyt hing t o t he t raffic’s VLAN I D and priorit y tags.•Add  -  Add VLAN I D and priority  tags t o unt agged traffic.•Re m ove -  Delet e one t ag from  t agged traffic. I f the fram e has double t ags, t his rem oves the outer t ag. This does not  affect untagged t raffic.•Re m a r k  -  Change t he value of t he outer VLAN I D and priorit y tags.802.1P Mark Use t his opt ion to set  what t o do for t he I EEE 802.1p priorit y t ags when you add or rem ark the tags for a LAN port ’s downst ream  t raffic. Eit her select  Unch a nge  to not m odify t he traffic’s priorit y t ags or select  an priorit y  fr om  0 t o 7 t o use. The larger the num ber, t he higher the priority.VLAN I D I f you will add or rem ark  tags for this LAN port ’s downst ream  traffic, specify the VLAN I D (from  0 to 4094)  t o use here.Apply Click Apply to save your changes.Cancel Click Ca nce l to exit t his screen without  saving.Table 39   Net work Sett ing >  Hom e Net w orking >  Wake on LanLABEL DESCRIPTIONWak e b y  AddressSelect  M anua l and enter  t he I P addr ess or  MAC addr ess of t he device t o t urn it  on rem otely. The drop- down list  also list s the I P addr esses t hat  can be found in the Device’s ARP table. Select  an I P address and it  will t hen autom at ically updat e t he I P address and MAC address in t he following fields.I P Address Enter the I Pv4 I P address of the device t o t urn it  on.MAC Address Ent er  the MAC address of the dev ice t o t urn it on. A MAC address consists of six hexadecim al charact er pairs.Wake up Click this to send a wak e up packet t o wake up t he specified device.
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide1287.12  Technical ReferenceThis sect ion provides som e t echnical background inform ation about  the topics covered in t his chapt er.7.12.1  LANs, WANs and the DeviceThe act ual physical connection determ ines whet her the Device ports are LAN or WAN port s. There are t wo separate I P networks, one inside t he LAN net work and t he ot her out side the WAN net work as shown next .Figure 65   LAN and WAN I P Addresses7.12.2  DHCP SetupDHCP ( Dynam ic Host  Configuration Prot ocol, RFC 2131 and RFC 2132)  allows individual clients t o obt ain TCP/ I P configurat ion at  st art- up fr om  a server. You can configure t he Device as a DHCP server or disable it . When configured as a server, the Device provides the TCP/ I P configurat ion for the clients. I f you t ur n DHCP service off, you m ust  have anot her DHCP server  on your LAN, or else the com put er m ust  be m anually configured. IP Pool SetupThe Device is pr e- configur ed w it h a pool of I P addresses for t he DHCP clients ( DHCP Pool) . See t he product specificat ions in the appendices. Do not  assign stat ic I P addresses from  the DHCP pool t o your LAN com put ers.7.12.3  DNS Server Addresses DNS (Dom ain Nam e System )  m aps a dom ain nam e to it s corresponding I P addr ess and vice versa. The DNS server is ext rem ely im port ant because wit hout  it , you m ust  know t he I P address of a com put er before you can access it . The DNS server addresses you ent er when you set  up DHCP are passed to t he client m achines along wit h the assigned I P address and subnet  m ask.There are two ways t hat an I SP dissem inat es the DNS ser ver addresses. • The I SP tells you t he DNS server addresses, usually in t he form  of an inform ation sheet, when you sign up. I f your I SP gives you DNS server addresses, ent er them  in t he D N S Se r ve r  fields in the DHCP Set u p screen.WANLAN
 Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide 129• Som e I SPs choose to dissem inat e the DNS server addresses using the DNS server extensions of I PCP ( I P Cont r ol Protocol)  after t he connect ion is up. I f your I SP did not  give you explicit  DNS servers, chances are t he DNS servers are conveyed t hrough I PCP negot iat ion. The Device supports t he I PCP DNS server ext ensions t hrough the DNS proxy feat ure.Please not e that  DNS proxy works only when t he I SP uses t he I PCP DNS server extensions. I t  does not  m ean you can leave t he DNS servers out of the DHCP setup under all circum st ances. I f your I SP gives you ex plicit  DNS ser vers, m ake sure that you enter t heir I P addresses in the DH CP Se t u p screen.7.12.4  LAN TCP/IP The Device has built- in DHCP server capability t hat  assigns I P addresses and DNS servers t o system s t hat  support  DHCP client  capabilit y.IP Address and Subnet MaskSim ilar t o t he way houses on a st reet  share a com m on street  nam e, so t oo do com put ers on a LAN share one com m on net work num ber.Wher e you obt ain your net work num ber depends on your part icular situat ion. I f t he I SP or your net work adm inist rat or assigns you a block of regist ered I P addresses, follow t heir instructions in select ing t he I P addresses and t he subnet m ask.I f t he I SP did not  explicit ly give you an I P net work num ber, t hen m ost  likely you have a single user account  and the I SP will assign you a dynam ic I P address when t he connect ion is established. I f this is t he case, it  is recom m ended t hat you select  a net work num ber from  192.168.0.0 t o 192.168.255.0 and you m ust  enable t he Network Address Translat ion (NAT)  feature of t he Device. The I nt ernet Assigned Num ber  Aut hority ( I ANA)  reserved t his block of addr esses specifically for privat e use;  please do not  use any ot her num ber unless you are t old otherwise. Let 's say you select  192.168.1.0 as t he net work num ber;  which covers 254 individual addresses, from  192.168.1.1 t o 192.168.1.254 ( zero and 255 are reserved) . I n ot her words, t he first  t hree num bers specify t he net work num ber  while the last  num ber ident ifies an individual com put er on t hat  net work.Once you have decided on t he net work num ber, pick an I P address t hat  is easy t o rem em ber, for inst ance, 192.168.1.1, for your Device, but  m ake sur e that no ot her device on your  net work is using t hat  I P address.The subnet m ask specifies the net work num ber port ion of an I P address. Your Device will com put e the subnet m ask autom at ically based on t he I P address t hat  you entered. You don't need to change the subnet m ask com put ed by t he Device unless you are inst ructed t o do ot herwise.Private IP AddressesEvery m achine on t he I nt ernet  m ust  have a unique address. I f your net works are isolat ed from  the I nt ernet , for exam ple, only bet ween your two branch offices, you can assign any I P addresses t o the host s wit hout problem s. However, t he I nt er net Assigned Num bers Aut hority ( I ANA)  has reserved t he following t hr ee blocks of I P addresses specifically for privat e networks:• 10.0.0.0     — 10.255.255.255• 172.16.0.0   — 172.31.255.255• 192.168.0.0 — 192.168.255.255
Chapter 7 Home NetworkingVMG8324-B10A / VMG8324-B30A Series User’s Guide130You can obt ain your I P address from  t he I ANA, from  an I SP or it can be assigned from  a privat e net work. I f you belong t o a sm all organizat ion and your I nternet access is t hrough an I SP, t he I SP can provide you wit h t he I nt ernet addresses for your local net works. On t he other hand, if you are part of a m uch larger organizat ion, you should consult  your net work adm inist rat or for t he appropriate I P addresses.Not e:  Regardless of your part icular situat ion, do not  create an arbit rary I P address;  always follow t he guidelines above. For m ore inform at ion on address assignm ent , please refer t o RFC 1597, “Address Allocat ion for Privat e I nternets”  and RFC 1466, “ Guidelines for Managem ent  of I P Address Space”.
VMG8324-B10A / VMG8324-B30A Series User’s Guide 131CHAPTER   8Routing8.1  Overview The Device usually uses t he default  gat eway t o rout e out bound t raffic from  com puters on t he LAN to the I nt ernet . To have the Device send dat a t o devices not reachable t hrough t he default gat eway, use stat ic routes.For  exam ple, t he next  figure shows a com puter ( A)  connected t o the Device’s LAN int erface. The Device rout es m ost t raffic from  A to the I nt ernet  t hrough t he Device’s default  gateway ( R1 ) . You create one st atic route t o connect  t o services offered by your I SP behind rout er R2 . You creat e another static route t o com m unicat e wit h a separate net work behind a rout er R3  connect ed t o the LAN.   Figure 66   Exam ple of Rout ing TopologyWANR1R2AR3LAN
Chapter 8 RoutingVMG8324-B10A / VMG8324-B30A Series User’s Guide1328.2  The Routing ScreenUse t his scr een t o view and configure the st at ic route rules on the Device. Click N e t w or k Se t t ing >  Routing >  St a t ic Route  t o open t he following screen.Figure 67   Net work Sett ing >  Rout ing >  Stat ic Rout eThe following t able describes t he labels in this screen. Table 40   Net work Sett ing >  Rout ing >  Stat ic Rout eLABEL DESCRIPTIONAdd new stat ic rout eClick t his to configure a new st at ic route.#This is t he index num ber of the ent ry.St atus This field display s whether t he static rout e is active or  not . A yellow bulb signifies t hat  t his rout e is active. A gray bulb signifies t hat  this rout e is not act ive.Nam e This is the nam e t hat  describes or ident ifies t his route. Dest ination I P This param et er specifies t he I P network address of t he final destinat ion. Routing is always based on net work num ber. Subnet  Mask This param et er  specifies t he I P net work subnet  m ask of t he final destinat ion.Gateway This is the I P addr ess of t he gat eway. The gat eway is a rout er or swit ch on t he sam e networ k segm ent  as the device's LAN or WAN port. The gateway helps forward packet s to their  dest inat ions.I nterface This is t he WAN inter face used for t his st atic rout e.Modify Click t he Ed it  icon to edit  the st at ic rout e on the Device.Click the De let e  icon t o rem ove a st at ic route fr om  the Device. A window displays asking you to confirm  t hat you w ant  t o delet e t he rout e.
 Chapter 8 RoutingVMG8324-B10A / VMG8324-B30A Series User’s Guide 1338.2.1  Add/Edit Static Route Use t his screen t o add or edit  a st at ic route. Click Add ne w  st a t ic r out e in t he Rou t in g screen or the Ed it  icon next  to the st at ic rout e you want  to edit . The screen shown next  appears.Figure 68   Rout ing:  Add/ EditThe following t able describes t he labels in this screen. Table 41   Rout ing:  Add/ EditLABEL DESCRIPTIONAct ive This field allows you t o act ivate/ deact ivat e t his stat ic route.Select this t o enable t he st at ic route. Clear t his t o disable this st atic route without  having t o delet e the ent ry.Rout e Nam e Enter a descript ive nam e for t he st at ic route.I P Type Select  whet her your  I P type is I Pv4  or  I Pv6 . Dest ination I P AddressEnter t he I Pv4 or I Pv6 net work address of t he final destinat ion. I P Subnet  Mask  I f you are using I Pv4 and need t o specify  a rout e t o a single host, use a subnet  m ask of 255.255.255.255 in t he subnet  m ask field t o force t he net work num ber to be identical to the host  I D. Ent er  the I P subnet  m ask her e.Use Gat eway I P Address The gateway is a router or swit ch on the sam e net work segm ent  as t he device's LAN or WAN port . The gat eway helps forward packets t o t heir destinat ions.I f you want  t o use t he gat eway I P address, select Ena ble.Gateway I P AddressEnt er t he I P address of the gateway. Use I nt er face Select  t he WAN int erface you want  t o use for this st at ic route.Apply Click Apply t o save your  changes.Cancel Click Ca ncel t o exit  this screen w ithout  saving.
Chapter 8 RoutingVMG8324-B10A / VMG8324-B30A Series User’s Guide1348.3  The DNS Route ScreenUse t his screen t o view and configure DNS r outes on t he Device. Click Ne t w or k  Set t in g >  Rout ing >  D N S Rout e  t o open t he following screen.Figure 69   Net work Set t ing >  Rout ing >  DNS Rout eThe following t able describes t he labels in this screen. 8.3.1  The DNS Route Add ScreenYou can m anually add t he Device’s DNS rout e ent ry. Click Add new  DN S Rout e in the N e t w ork  Set t ing >  Rout ing >  DN S Route screen. The screen shown next  appears.Figure 70   DNS Route AddTable 42   Net work Sett ing >  Rout ing >  DNS Rout eLABEL DESCRIPTIONAdd new DNS Rout eClick t his t o add a new DNS rout e.#This is t he index num ber of a DNS route.Dom ain Nam e This is the host  nam e or  dom ain nam e of the DNS route entry.I nterface This is the WAN connect ion through w hich t he Device forwards DNS request s for this dom ain nam e.Subnet  Mask This is t he subnet  m ask of t he DNS rout e ent ry. Modify Click the Ed it  icon to m odify  the DNS route.Click t he D e le t e  icon t o delete t he DNS rout e.
 Chapter 8 RoutingVMG8324-B10A / VMG8324-B30A Series User’s Guide 135The following t able describes t he labels in this screen. 8.4  The Policy Forwarding ScreenTradit ionally, routing is based on t he dest inat ion addr ess only and t he Device t akes the shortest  pat h to forward a packet. Policy forwarding allows t he Device t o override t he default rout ing behavior and alter t he packet  forwarding based on the policy defined by the net w ork adm inist rator. Policy-based rout ing is applied t o out going packets, prior t o the norm al routing.You can use source- based policy forwarding to direct  t raffic from  different  users t hrough different  connect ions or distribute t raffic am ong m ultiple paths for load sharing.The Policy For w arding screen let you view and configure rout ing policies on t he Device. Click N e t w ork Se t t ing >  Rout in g >  Policy For w a rding to open the follow ing screen.Figure 71   Net work Sett ing >  Rout ing >  Policy ForwardingThe following t able describes t he labels in this screen. Table 43   DNS Rout e AddLABEL DESCRIPTIONDom ain Nam e Ent er the dom ain nam e of t he DNS route entry.I nterface Select the WAN connect ion through which the Device forwards DNS request s for t his dom ain nam e.Subnet  Mask Ent er t he subnet  m ask of t he DNS route ent ry.OK Click this to save your changes.Cancel Click t his to exit  t his screen wit hout  saving any  changes.Table 44   Net work Set t ing >  Rout ing > Policy ForwardingLABEL DESCRIPTIONAdd new Policy  Forward RuleClick t his t o creat e a new policy forwarding rule.#This is t he index num ber of t he entry.Policy Nam e This is the nam e of t he rule.Source I P This is the source I P address.Source Subnet  Maskhis is the source subnet  m ask address.Prot ocol This is the transport layer protocol.Source Port This is t he source port  num ber.
Chapter 8 RoutingVMG8324-B10A / VMG8324-B30A Series User’s Guide1368.4.1  Add/Edit Policy Forwarding Click Add ne w  Policy For w ar d Ru le  in the Policy For w arding screen or click t he Edit  icon next  to a policy. Use t his screen to configure t he required inform at ion for a policy rout e.Figure 72   Policy For warding:  Add/ Edit  The following t able describes t he labels in this screen. WAN This is the WAN int erface t hrough which the traffic is routed. Modify Click the Ed it  icon t o edit  t his policy.Click t he D e le t e  icon t o rem ove a policy from  t he Dev ice. A window displays asking you t o confir m  t hat  you want t o delete t he policy. Table 44   Net work Set t ing >  Rout ing > Policy Forwarding ( continued)LABEL DESCRIPTIONTable 45   Policy Forwarding:  Add/ EditLABEL DESCRIPTIONPolicy Nam e Ent er a descriptive nam e of up to 8 print able English keyboard charact ers, not  including spaces.Source I P  Ent er t he source I P address.Source Subnet  MaskEnter the source subnet m ask address. Prot ocol Select the transport layer prot ocol ( TCP or UD P) . Source Port   Ent er t he source port num ber. Source MAC  Ent er t he source MAC address. WAN Select  a WAN int erface t hrough which t he t raffic is sent . You m ust  have t he WAN int erface( s)  already configured in t he Broa dband screens. Apply Click Apply t o save your  changes.Cancel Click Ca ncel t o exit  this screen w ithout  saving.
 Chapter 8 RoutingVMG8324-B10A / VMG8324-B30A Series User’s Guide 1378.5  RIP    Rout ing I nform ation Protocol ( RI P, RFC 1058 and RFC 1389)  allows a device to exchange rout ing inform at ion wit h other routers.8.5.1  The RIP ScreenClick N et w or k  Se t t ing >  Rout ing >   RI P to open t he RI P screen. Figure 73   RI P The following t able describes t he labels in this screen. Table 46   RI PLABEL DESCRIPTION#This is t he index of t he interface in which t he RI P set ting is used. I nterface This is t he nam e of t he int erface in which t he RI P setting is used. Ve r sio n The RIP version contr ols t he form at and the br oadcasting m et hod of t he RIP packet s that t he Device sends ( it  recognizes bot h form ats when receiving) . RI P version 1  is univer sally support ed but RI P version 2 carries m ore inform at ion. RIP version 1  is pr obably adequate for m ost net works, unless you have an unusual net work topology. Operation Select  Passive  t o have t he Device update the rout ing t able based on the RIP packets received from  neighbors but  not advert ise it s rout e inform at ion to ot her rout ers in this interface.Select  Act iv e to have the Dev ice adver t ise it s route inform ation and also listen for rout ing updat es from  neighboring rout er s.Enabled Select the check box to act ivat e t he set t ings.Apply Click Apply t o save your changes back t o t he Dev ice.
Chapter 8 RoutingVMG8324-B10A / VMG8324-B30A Series User’s Guide138
VMG8324-B10A / VMG8324-B30A Series User’s Guide 139CHAPTER   9Quality of Service (QoS)9.1  Overview Quality of Service (QoS)  refer s t o bot h a net work’s ability to deliver dat a wit h m inim um  delay, and the net working m et hods used t o control t he use of bandwidt h. Wit hout  QoS, all traffic dat a is equally likely t o be dropped when t he network is congest ed. This can cause a reduct ion in net w ork perform ance and m ake t he network inadequat e for  t im e- critical applicat ion such as video- on-dem and.Configure QoS on t he Device to group and prioritize applicat ion t raffic and fine-t une net work perform ance. Set t ing up QoS involves t hese st eps:1Configure classifiers t o sort  traffic int o different  flows. 2Assign priority and define act ions t o be perform ed for a classified traffic flow. The Device assigns each packet a priority and t hen queues t he packet accordingly. Packet s assigned a high priority are processed m ore quickly t han t hose with low priorit y if t here is congest ion, allowing t im e- sensit ive applicat ions t o flow m ore sm oot hly. Tim e- sensit ive applicat ions include both those that require a low level of lat ency ( delay)  and a low level of j it t er ( variat ions in delay)  such as Voice over I P ( VoI P) or I nt ernet gam ing, and those for which j itt er alone is a problem  such as I nt ernet  radio or st ream ing video.This chapt er contains inform at ion about  configuring QoS and editing classifiers.9.1.1  What You Can Do in this Chapter• The Genera l screen lets you enable or disable QoS and set t he upst ream  bandwidt h ( Sect ion 9.3 on page 141) .• The Qu e u e  Se t up screen let s you configure QoS queue assignm ent  (Sect ion 9.4 on page 142) .• The Cla ss Se t u p scr een lets you add, edit or delet e QoS classifiers (Sect ion 9.5 on page 144) .• The Policer  Se t u p screen lets you add, edit  or delet e QoS policers (Section 9.5 on page 144) .9.2  What You Need to KnowThe following t erm s and concept s m ay help as you read through t his chapt er.QoS versus CosQoS is used to prioritize source-t o- dest ination t raffic flows. All packet s in t he sam e flow are given the sam e priorit y. CoS ( class of service)  is a way of m anaging traffic in a network by grouping
Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide140sim ilar  t ypes of t raffic together and t r eating each type as a class. You can use CoS t o give different priorities t o different packet t ypes. CoS t echnologies include I EEE 802.1p layer 2 t agging and DiffServ ( Differ entiat ed Services or DS) . I EEE 802.1p t agging m akes use of t hree bit s in the packet  header, while DiffServ is a new protocol and defines a new DS field, which replaces t he eight- bit  ToS ( Type of Service)  field in t he I P header. Tagging and MarkingI n a QoS class, you can configure whet her t o add or change t he DSCP ( DiffServ Code Point)  value, I EEE 802.1p priorit y level and VLAN I D num ber in a m atched packet. When t he packet passes through a com pat ible net work, t he net working device, such as a backbone swit ch, can provide specific t reat m ent  or service based on t he t ag or m arker.Traffic ShapingBursty t raffic m ay cause net work congest ion. Traffic shaping regulates packets t o be t ransm itt ed wit h  a pr e- conf igur ed dat a t ransm ission rat e using bu ffer s ( or  queu es) .  Your  Dev ice u ses t he Token Bucket  algorit hm  to allow a cer t ain am ount  of large bur st s while keeping a lim it  at the average rat e. Traffic PolicingTraffic policing is t he lim it ing of the input  or out put t ransm ission rate of a class of traffic on t he basis of user- defined crit eria. Traffic policing m ethods m easure t raffic flows against  user- defined criteria and ident ify it  as eit her conform ing, exceeding or violat ing t he crit er ia.The Device support s t hree incom ing t raffic m et ering algorithm s:  Token Bucket  Filt er ( TBF), Single Rate Two Color Maker ( srTCM) , and Two Rat e Two Color Marker ( t rTCM) . You can specify act ions TrafficTim eTraffic RateTr a f f i cTim eTraffic Rate( Before Traffic Shaping) ( After Traffic Shaping)TrafficTim eTraffic RateTr a f f i cTim eTraffic Rate( Before Traffic Policing) ( After Traffic Policing)
 Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide 141which are perform ed on t he colored packets. See Sect ion 9.8 on page 152 for m ore inform ation on each m etering algorit hm .9.3  The Quality of Service General Screen Click N et w ork  Set t in g >  QoS >  Ge n e ra l t o open the screen as shown next . Use t his scr een t o enable or disable QoS and set  the upstream  bandwidth. See Sect ion 9.1 on page 139 for m ore inform at ion.Figure 74   Net work Set t ings >  QoS >  General The following t able describes t he labels in this screen. Table 47   Net work Set ting >  QoS >  GeneralLABEL DESCRIPTIONQoS Select  t he En a ble  check box t o t ur n on QoS to im prove your net w ork perfor m ance. WAN Managed Upst ream  Bandwidt h Enter t he am ount  of upst ream  bandw idt h for t he WAN int erfaces t hat  you want  t o allocate using QoS. The recom m endat ion is t o set  this speed t o m atch t he int erfaces’ act ual t ransm ission speed. For  exam ple, set the WAN int erfaces’ speed to 100000 kbps if your I nt ernet connect ion has an upst ream  t ransm ission speed of 100 Mbps.        You can set  t his num ber higher  t han t he interfaces’ act ual t ransm ission speed. The Device uses up t o 95%  of the DSL por t ’s actual upst ream  t ransm ission speed even if y ou set  t his num ber  higher t han t he DSL por t ’s actual t ransm ission speed.You can also set  t his num ber lower t han t he interfaces’ act ual transm ission speed. This will cause the Device to not  use som e of t he int erfaces’ available bandwidt h.I f you leave t his field blank, the Device aut om at ically set s this num ber  to be 95%  of t he WAN int erfaces’ act ual upst ream  t ransm ission speed.
Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide1429.4  The Queue Setup ScreenClick N et w ork  Se t t ing >  QoS >  Queue Set u p to open t he screen as shown next . Use t his scr een t o configure QoS queue assignm ent . Figure 75   Net work Set t ing >  QoS >  Queue Set up LAN Managed Dow nst ream  Bandwidt h Enter t he am ount  of downst ream  bandwidt h for t he LAN interfaces ( including WLAN)  t hat you want  t o allocat e using QoS. The recom m endat ion is to set this speed to m atch the WAN int erfaces’ actual t ransm ission speed. For  exam ple, set the LAN m anaged downstream  bandwidt h to 100000 kbps if you use a 100 Mbps wired Ethernet  WAN connect ion.        You can also set  t his num ber lower than t he WAN interfaces’ act ual t ransm ission speed. This will cause t he Device t o not use som e of t he interfaces’ available bandw idt h.I f you leave this field blank, the Device autom at ically set s t his t o t he LAN int erfaces’ m axim um  supported connection speed.Upst ream  traffic priority Assigned bySelect how t he Device assigns priorit ies t o various upst ream  t raffic flow s.•N one : Disables aut o priority m apping and has t he Device put  packet s int o t he queues accor ding to your classificat ion rules. Traffic which does not  m at ch any of t he classification rules is m apped into t he default  queue with t he lowest  priority.•Et h ern e t  Pr ior it y: Aut om at ically assign priorit y  based on t he I EEE 802.1p priorit y level.•I P Pre ce de n ce : Aut om at ically assign priorit y based on the first  three bit s of the TOS field in t he I P header.•Pa ck e t  Len gt h : Aut om at ically  assign pr iority  based on t he packet  size. Sm aller packets get higher pr iorit y since control, signaling, VoI P, internet  gam ing, or ot her real-tim e packets are usually sm all while larger packets are usually best  effort data packet s like file t ransfers.Apply Click Apply t o save your changes.Cancel Click Ca nce l t o rest ore your previously saved set t ings.Table 47   Net work Set ting >  QoS >  General ( cont inued)  (continued)LABEL DESCRIPTION
 Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide 143The following t able describes t he labels in this screen. 9.4.1  Adding a QoS Queue Click Add ne w  Queue or  t he edit  icon in the Qu e ue Se t up screen to configure a queue. Figure 76   Queue Set up:  Add The following t able describes t he labels in this screen.  Table 48   Net work Set t ing >  QoS >  Queue Set upLABEL DESCRIPTIONAdd new Queue Click  this button to creat e a new  queue ent ry.#This is t he index num ber of the ent ry.St atus This field displays whether t he queue is act ive or not . A yellow  bulb signifies that this queue is act ive. A gray bulb signifies that  t his queue is not  act ive.Nam e This shows t he descr ipt ive nam e of t his queue.I nterface This shows the nam e of t he Dev ice’s int erface t hrough which t raffic in t his queue passes.Priority This show s t he priorit y of this queue.Weig h t This shows t he weight  of t his queue.Buffer Managem ent  This shows the queue m anagem ent  algorit hm  used for t his queue.Queue m anagem ent  algorit hm s det erm ine how t he Dev ice should handle packet s when it  receives too m any ( net work congestion) . Rat e Lim it This shows the m axim um  t ransm ission rate allowed for t raffic on t his queue.Modify Click t he Ed it  icon t o edit  t he queue.Click the De let e  icon t o delete an ex ist ing queue. Not e t hat  subsequent  rules m ove up by one when you take this act ion.Table 49   Queue Setup:  AddLABEL DESCRIPTIONAct ive Select  t o enable or disable t his queue.Nam e Ent er the descript ive nam e of t his queue.I nterface Select  t he int erface to which this queue is applied.This field is read- only if you ar e edit ing t he queue.
Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide1449.5  The Class Setup Screen Use t his screen to add, edit  or delet e QoS classifiers. A classifier groups t raffic into dat a flows according t o specific crit eria such as t he source address, destinat ion address, source port num ber, dest inat ion port  num ber or incom ing interface. For exam ple, you can configure a classifier to select  traffic from  the sam e prot ocol port ( such as Telnet )  to form  a flow.You can give different  priorit ies to traffic t hat  t he Device forwar ds out t hrough t he WAN int er face. Give high priority t o voice and video to m ake t hem  run m ore sm oot hly. Sim ilarly, give low priorit y to m any large file downloads so t hat  they do not  reduce the qualit y of ot her applicat ions. Click N et w ork  Se t t ing >  QoS >  Cla ss Se t up to open the following screen.Figure 77   Net work Set t ing >  QoS >  Class Setup The following t able describes t he labels in this screen.  Priority Select the priority level ( from  1 t o 7) of this queue.The sm aller  t he num ber, t he higher the priorit y  level. Traffic assigned t o higher  priorit y queues gets through fast er while t raffic in lower priority queues is dropped if the networ k is congest ed.Weig h t Select  t he weight ( from  1 to 8)  of t his queue. I f t wo queues have t he sam e priorit y level, t he Device div ides t he bandwidth across the queues according t o t heir w eights. Queues wit h larger weights get m ore bandwidt h t han queues wit h sm aller w eights.Buffer Managem entThis field displays Drop Ta il ( DT) . Dr op Ta il ( D T)  is a sim ple queue m anagem ent algorit hm  t hat  allows t he Dev ice buffer  t o accept  as m any packets as it  can unt il it  is full. Once t he buffer is full, new packets t hat  arrive are dropped until t here is space in the buffer again ( packet s are t ransm it t ed out of it ) . Rat e Lim it Specify t he m axim um  t ransm ission rat e ( in Kbps)  allow ed for t raffic on this queue.OK Click OK t o save your changes.Cancel Click Ca nce l to exit t his screen without  saving.Table 49   Queue Setup:  Add ( cont inued)LABEL DESCRIPTIONTable 50   Net work Sett ing >  QoS >  Class Set upLABEL DESCRIPTIONAdd new Classifier Click this t o create a new classifier.#This is t he index  num ber of t he entry.St atus This field display s whet her  t h e classif ier  is act ive or not . A y ellow  bulb sign ifies t h at  t his classifier is act iv e. A gray bulb signifies that  t his classifier  is not  act iv e.Class Nam e This is t he nam e of t he classifier.Classification CriteriaThis show s crit er ia specified in t his classifier, for exam ple t he int erface from  which traffic of t his class should com e and t he source MAC address of t raffic that  m at ches this classifier.
 Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide 145DSCP Mark This is t he DSCP num ber added t o t raffic of t his classifier.802.1P Mark This is the I EEE 802.1p priorit y level assigned t o t raffic of this classifier.VLAN I D Tag This is t he VLAN I D num ber assigned to traffic of t his classifier.To  Q u e u e This is t he nam e of t he queue in which t raffic of this classifier is put .Modify Click t he Ed it  icon t o edit the classifier.Click the D ele t e icon t o delete an exist ing classifier. Note t hat subsequent  rules m ove up by one w hen you t ake this act ion.Table 50   Net work Set t ing >  QoS >  Class Set up ( cont inued)LABEL DESCRIPTION
Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide1469.5.1  Add/Edit QoS Class Click Add ne w  Classifie r  in the Cla ss Se t u p screen or t he Edit icon next  t o a classifier t o open the following screen. Figure 78   Class Set up:  Add/ Edit
 Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide 147The following t able describes t he labels in this screen.  Table 51   Class Set up:  Add/ EditLABEL DESCRIPTIONAct ive Select  t his to enable t his classifier.Class Nam e Ent er a descriptive nam e of up to 15 print able English keyboard charact ers, not including spaces.Classification OrderSelect  an exist ing num ber for where you want  t o put this classifier t o m ove t he classifier t o the num ber you select ed after clicking Apply.Select  La st  t o put  t his rule in the back of t he classifier list .From  I nt erface  I f you want  t o classify t he t raffic by an ingress int erface, select  an interface from  t he From  I n t e rfa ce  drop- down list  box. Ether  Type Select  a predefined applicat ion t o configure a class for t he m at ched traffic.I f you select  I P, you also need t o configure source or dest ination MAC address, I P address, DHCP options, DSCP value or t he prot ocol t ype.I f you select  8 0 2 .1 Q, you can configure an 802.1p pr ior it y level.SourceAddress Select  the check box and ent er the source I P address in dot t ed decim al notat ion. A blank source I P address m eans any source I P address. Subnet  Netm askEnter t he source subnet  m ask.Por t  Range If you select TCP or UD P in t he I P Prot ocol field, select  the check box and ent er  t he port  num ber( s)  of t he source. MAC Select the check box and ent er t he source MAC address of t he packet.MAC Mask Type the m ask for t he specified MAC address t o det er m ine which bit s a packet ’s MAC addr ess should m at ch. Ent er “ f ”  for  each bit of t he specified source MAC address t hat  t he t raffic’s MAC addr ess should m at ch. Ent er “ 0”  for the bit ( s)  of the m at ched t raffic’s MAC address, which can be of any hexadecim al charact er(s) . For  exam ple, if you set t he MAC address to 00: 13: 49: 00: 00: 00 and the m ask to ff: ff: ff: 00: 00: 00, a packet wit h a MAC address of 00: 13: 49: 12: 34: 56 m at ches t his criteria.Exclude Select this opt ion to exclude the packets t hat m at ch t he specified criteria from  t his classifier.Dest inationAddress Select  the check box and ent er the source I P address in dot t ed decim al notat ion. A blank source I P address m eans any source I P address. Subnet  Netm askEnter t he source subnet  m ask.Por t  Range If you select TCP or UD P in t he I P Prot ocol field, select  the check box and ent er  t he port  num ber( s)  of t he source. MAC Select the check box and ent er t he source MAC address of t he packet.MAC Mask Type the m ask for t he specified MAC address t o det er m ine which bit s a packet ’s MAC addr ess should m at ch. Ent er “ f ”  for  each bit of t he specified source MAC address t hat  t he t raffic’s MAC addr ess should m at ch. Ent er “ 0”  for the bit ( s)  of the m at ched t raffic’s MAC address, which can be of any hexadecim al charact er(s) . For  exam ple, if you set t he MAC address to 00: 13: 49: 00: 00: 00 and the m ask to ff: ff: ff: 00: 00: 00, a packet wit h a MAC address of 00: 13: 49: 12: 34: 56 m at ches t his criteria.Exclude Select this opt ion to exclude the packets t hat m at ch t he specified criteria from  t his classifier.Ot hers
Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide148Service This field is available only when you select  I P in the Et h er Type field.This field sim plifies classifier configurat ion by allowing you to select a predefined applicat ion. When you select  a predefined applicat ion, you do not configure the rest  of t he filt er fields.I P Prot ocol This field is available only when you select  I P in t he Et he r  Ty pe  field.Select  this opt ion and select  the pr ot ocol (service type)  from  TCP, UDP, I CM P or I GM P. I f you select  Use r def ine d, ent er t he protocol ( service t ype)  num ber. DHCP This field is available only when you select  I P in t he Et h er Type field.Select  t his option and select  a DHCP option. I f you select  Ve ndor Cla ss I D ( D H CP Opt ion  6 0 ) , ent er the Vendor Class I dentifier ( Opt ion 60)  of t he m atched t raffic, such as t he t ype of t he hardware or firm ware.I f you select  Use r Cla ss I D ( DH CP Opt ion 7 7 ) , ent er a string t hat  identifies t he user ’s cat egory or applicat ion ty pe in the m at ched DHCP packet s.Pack et  LengthThis field is available only when you select  I P in the Et her Type  field.Select  this opt ion and ent er  the m inim um  and m axim um  packet lengt h ( from  46 t o 1500)  in the fields provided.DSCP This field is available only  when you select  I P in the Et her Type  field.Select  t his option and specify a DSCP (DiffServ Code Point )  num ber bet ween 0 and 63 in t he field provided.802.1P This field is available only when you select  8 0 2 .1 Q in the Et h er Type field.Select  t his option and select  a priorit y level (bet w een 0 and 7)  from  the dr op- down list box."0" is t he lowest  priorit y level and "7"  is t he highest .VLAN I D This field is available only w hen you select  8 0 2 .1 Q in the Et h er Type field.Select  t his opt ion and specify a VLAN I D num ber. TCP ACK This field is available only when you select  I P in t he Et he r  Ty pe  field.I f you select t his option, t he m at ched TCP packet s m ust cont ain t he ACK (Ack nowledge)  flag.Exclude Select this opt ion to exclude the packets t hat m at ch t he specified criteria from  t his classifier.DSCP Mark This field is available only when you select  I P in the Et her Type  field.I f you select  M ark , ent er a DSCP value w it h which t he Device replaces t he DSCP field in t he pack et s.I f you select  Uncha nge, the Device keep t he DSCP field in t he packet s.802.1P Mark Select a pr ior it y level with which the Device replaces t he I EEE 802.1p prior it y field in t he pack et s.I f you select  Uncha nge, the Device keep t he 802.1p pr iorit y field in the packet s.VLAN I D I f you select Re m a rk, ent er a VLAN I D num ber w it h which t he Device replaces t he VLAN I D of t he fram es.I f you select  Re m ove,  the Dev ice deletes t he VLAN I D of t he fram es before forwarding them  out .I f you select  Add, the Device t reat all m atched t raffic unt agged and add a second VLAN I D.I f you select  Uncha nge, t he Device keep t he VLAN I D in t he packet s.Forward t o I nterfaceSelect  a WAN int erface t hrough which traffic of t his class will be forwarded out. I f you select  Unch a nge , t he Device forward traffic of t his class according to the default  routing t able.Table 51   Class Set up:  Add/ Edit  ( cont inued)LABEL DESCRIPTION
 Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide 1499.6  The QoS Policer Setup ScreenUse t his scr een t o configure QoS policers t hat  allow you to lim it  t he t ransm ission rate of incom ing traffic. Click N et w ork Set t ing >  QoS >  Policer Se t up. The screen appear s as show n. Figure 79   Net work Set t ing >  QoS >  Policer Set up The following t able describes t he labels in this screen.  To Queue I ndex Select a queue t hat applies to t his class.You should have configured a queue in t he Que ue  Se t up screen already.Apply Click Apply t o save your  changes.Cancel Click Ca ncel t o exit  t his screen wit hout  saving.Table 51   Class Set up:  Add/ Edit  ( cont inued)LABEL DESCRIPTIONTable 52   Net work Set ting >  QoS >  Policer Set upLABEL DESCRIPTIONAdd new Policer Click  this t o create a new entry.#This is t he index num ber of t he entry.St atus This field display s whether t he policer is act ive or not . A yellow  bulb signifies t hat  t his policer is active. A gray bulb signifies that this policer is not  active.Nam e This field displays t he descript ive nam e of t his policer.Regulat ed ClassesThis field display s t he nam e of a QoS classifierMet er Type This field displays t he t ype of QoS m etering algorit hm  used in t his policer.Rule These are t he rat es and burst  sizes against  which t he policer checks t he t raffic of t he m em ber QoS classes.Act ion This shows t he how  t he policer  has t he Device treat differ ent  types of traffic belonging t o the policer’s m em ber QoS classes.Modify Click t he Ed it  icon to edit  t he policer.Click the D ele t e icon to delet e an exist ing policer. Not e t hat  subsequent rules m ove up by one when you t ake this action.
Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide1509.6.1  Add/Edit a QoS Policer Click Add new  Policer  in t he Police r  Se t u p screen or the Ed it  icon next  to a policer t o show the following screen. Figure 80   Policer Setup:  Add/ Edit  The following t able describes t he labels in this screen. Table 53   Policer Set up:  Add/ EditLABEL DESCRIPTIONAct ive Select the check box to act ivat e t his policer.Nam e Ent er the descript ive nam e of t his policer.Met er Type This show s t he t raffic m etering algorit hm  used in this policer.The Sim ple  Toke n Buck et  alg or it h m  u ses t ok en s in  a bu ck et  t o cont r ol w h en t r affic can b e transm itt ed. Each token represent s one byt e. The algorithm  allows bursts of up t o b by t es which is also t he bucket  size.The Single Ra t e Thre e Color Mark e r ( srTCM) is based on t he t oken bucket  filt er  and ident ifies packets by com paring them  t o t he Com m it t ed I nform at ion Rat e ( CI R), t he Com m it t ed Burst  Size ( CBS)  and the Excess Burst  Size ( EBS) .The Tw o Ra t e Th ree Color  Mark e r  ( t rTCM)  is based on t he t oken bucket  filt er and identifies packet s by com paring t hem  to the Com m itted I nfor m ation Rat e ( CI R)  and t he Peak I nform at ion Rate ( PI R).Com m it ted Rat eSpecify t he com m itt ed rat e. When the incom ing t raffic rat e of the m em ber QoS classes is less than t he com m it t ed rat e, t he device applies t he conform ing act ion t o t he t raffic.Com m it ted Burst SizeSpecify the com m it t ed bur st  size for  packet  burst s. This m ust be equal t o or less t han the peak burst  size (two rat e t hree color)  or excess burst  size ( single rate t hree color )  if it  is also configured.This is t he m axim um  size of t he ( first )  t oken bucket  in a t raffic m et ering algorithm .Conform ing Act ionSpecify what  t he Device does for packet s wit hin the com m it t ed rate and burst  size ( green-m arked packet s) .  •Pa ss: Send t he packet s wit hout m odificat ion.•DSCP Mar k : Change the DSCP m ark value of the packet s. Ent er the DSCP m ark value t o use.  Non-Conform ing Act ionSpecify what  the Device does for packet s that  exceed the excess burst  size or peak rat e and bur st  size ( red-m ar ked packets) . •Dr op: Discar d t he packets.•DSCP Mar k : Change the DSCP m ark value of the packet s. Ent er the DSCP m ark value t o use. The packet s m ay be dropped if t here is congest ion on t he net work.
 Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide 1519.7  The QoS Monitor Screen This screen is available only when you set a rat e lim it  for a WAN queue in t he Qu e u e  Se t up screen and t he WAN int erface is connect ed. Use t his scr een to m onit or t he t raffic st atist ics for both t he WAN and LAN int erfaces. To view t he Device’s QoS packet stat ist ics, click N e t w or k  Se t t ing >  QoS > M onit or. The screen appears as shown. Figure 81   Net work Set t ing >  QoS >  Monit or The following t able describes t he labels in this screen.  Available ClassSelected Class Select  a QoS classifier t o apply this QoS policer t o t raffic t hat  m at ches the QoS classifier.Highlight  a QoS classifier in the Availa ble Cla ss box and use the > b u t t on  t o m ove it  t o t h e Select ed Cla ss box.To rem ove a QoS classifier  from  t he Select ed Cla ss box, select it  and use the < but t on.Apply Click Apply to save your changes.Cancel Click Cance l t o exit  t his screen wit hout saving.Table 53   Policer Set up:  Add/ EditLABEL DESCRIPTIONTable 54   Net work Sett ing >  QoS >  Monit orLABEL DESCRIPTIONRefresh I nt erval Ent er how oft en you want  t he Device t o updat e t his screen. Select  No Refresh to st op refreshing st at ist ics.I nterface Monitor# This is t he index num ber of t he entry.Nam e This shows t he nam e of t he interface on t he Device. Pass Rat e This shows how  m any  packet s forwarded t o t his int erface are transm itted successfully.Drop Rat e This shows how m any packet s for warded t o t his int erface are dropped.Queue Monit or# This is t he index num ber of t he entry.
Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide1529.8  Technical ReferenceThe following sect ion cont ains additional t echnical inform ation about  the Device feat ures described in this chapt er.IEEE 802.1Q TagThe I EEE 802.1Q st andard defines an explicit  VLAN t ag in t he MAC header to identify the VLAN m em bership of a fram e across bridges. A VLAN t ag includes t he 12-bit VLAN I D and 3- bit  user priority. The VLAN I D associat es a fram e wit h a specific VLAN and provides the inform at ion t hat  devices need t o process t he fram e across t he net work. I EEE 802.1p specifies t he user priorit y field and defines up t o eight  separate t raffic t ypes. The following table describes t he t raffic types defined in t he I EEE 802.1d st andard ( which incorporat es the 802.1p).  DiffServ QoS is used to prioritize source-t o- dest ination traffic flows. All packets in t he flow are given t he sam e priorit y. You can use CoS ( class of service)  t o give different priorities to differ ent packet types.DiffServ ( Differentiat ed Services)  is a class of ser vice ( CoS)  m odel t hat  m arks packet s so t hat  t hey receive specific per- hop t reat m ent at DiffServ- com pliant  net w ork devices along t he rout e based on the applicat ion types and traffic flow. Packet s are m arked with DiffServ Code Point s ( DSCPs)  Nam e This shows t he nam e of t he queue. Pass Rat e This shows how  m any pack et s assigned t o t his queue ar e t ransm it t ed successfully.Drop Rat e This shows how m any  packets assigned to this queue are dropped.Table 54   Net work Sett ing >  QoS >  Monit or ( continued)LABEL DESCRIPTIONTable 55   I EEE 802.1p Pr iority Level and Traffic TypePRIORITY LEVEL TRAFFIC TYPELevel 7 Typically used for network contr ol t raffic such as router configuration m essages.Level 6 Typically used for voice traffic t hat is especially sensit ive t o j it t er  ( j it t er is the variat ions in delay) .Level 5 Typically used for video t hat  consum es high bandwidt h and is sensitive to j it t er.Level 4 Typically used for cont rolled load, lat ency- sensit ive t raffic such as SNA ( Syst em s Networ k Archit ect ure) transact ions.Level 3 Typically used for “ excellent  effort ”  or bet t er than best  effort  and would include im port ant business traffic that can t olerate som e delay.Level 2 This is for “ spare bandwidt h”. Level 1 This is typically used for non- crit ical “ background” traffic such as bulk t ransfers that  are allowed but that should not  affect other applicat ions and users. Level 0 Typically used for best - effort traffic.
 Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide 153indicat ing t he level of service desired. This allows the int erm ediary DiffServ- com pliant  net work devices to handle t he packet s different ly depending on t he code points wit hout t he need t o negotiate paths or rem em ber stat e inform at ion for every flow. I n addit ion, applications do not  have to request a particular service or give advanced notice of w here the traffic is going. DSCP and Per-Hop Behavior DiffServ defines a new Differentiat ed Services ( DS)  field t o replace the Type of Service ( TOS)  field in t he I P header. The DS field cont ains a 2- bit  unused field and a 6- bit DSCP field which can define up t o 64 ser vice levels. The following figure illust rat es t he DS field. DSCP is backward com pat ible wit h t he t hree precedence bits in t he ToS oct et  so t hat  non- DiffServ com pliant, ToS- enabled net work device will not  conflict  wit h t he DSCP m apping.The DSCP value det erm ines t he forwarding behavior, the PHB ( Per- Hop Behavior), t hat  each packet  get s across the DiffServ network. Based on t he m arking rule, different kinds of t raffic can be m arked for different  kinds of forwarding. Resources can t hen be allocated according t o the DSCP values and the configured policies.IP PrecedenceSim ilar t o I EEE 802.1p priorit ization at layer- 2, you can use I P precedence to prioritize packets in a layer- 3 net work. I P precedence uses t hree bit s of t he eight- bit ToS (Type of Service)  field in t he I P header. There are eight  classes of services ( ranging fr om  zero t o seven)  in I P precedence. Zero is the lowest  priority level and seven is t he highest . Automatic Priority Queue AssignmentI f you enable QoS on t he Device, the Device can aut om at ically base on t he I EEE 802.1p priorit y level, I P precedence and/ or packet  lengt h t o assign priorit y to t raffic which does not  m at ch a class. The following t able shows you t he internal layer- 2 and layer- 3 QoS m apping on t he Device. On the Device, t raffic assigned t o higher priority queues get s t hrough fast er while traffic in lower index queues is dropped if the net work is congest ed.DSCP ( 6 bit s) Unused ( 2 bit s)Table 56   I nt ernal Layer2 and Layer3 QoS MappingPRIORITY QUEUELAYER 2 LAYER 3IEEE 802.1P USER PRIORITY (ETHERNET PRIORITY)TOS (IP PRECEDENCE) DSCP IP PACKET LENGTH (BYTE)0 1 0 000000122 0 0 000000 > 11003 3 1 001110001100001010001000250~ 1100
Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide154Token BucketThe t oken bucket  algorithm  uses t okens in a bucket  t o cont rol when t raffic can be transm it ted. The bucket  st ores t okens, each of w hich represent s one byt e. The algorit hm  allows burst s of up t o b byt es which is also the bucket  size, so t he bucket  can hold up t o b t okens. Tokens are generat ed and added into t he bucket  at a const ant rate. The following shows how t okens work with packets:• A packet can be t ransm it t ed if t he num ber of t okens in t he bucket is equal to or great er t han t he size of the packet  ( in byt es) . • Aft er a packet  is t ransm it ted, a num ber of tokens corresponding t o t he packet  size is rem oved from  t he bucket . • I f t here are no t okens in t he bucket , the Device st ops transm it ting unt il enough t okens are generat ed. • I f not enough t okens are available, t he Device t reat s the packet  in either one of t he following ways:I n t raffic shaping:• Holds it in t he queue unt il enough t okens are available in t he bucket.I n t raffic policing:• Drops it.• Transm it s it  but  adds a DSCP m ar k. The Device m ay drop these m arked packet s if the net w ork is overloaded.4 4 2 0101100101000100100100005 5 3 011110011100011010011000< 2506 6 4 1001101001001000101000005 1011101010007 7 6 1100001110007Table 56   I nt ernal Layer2 and Layer3 QoS MappingPRIORITY QUEUELAYER 2 LAYER 3IEEE 802.1P USER PRIORITY (ETHERNET PRIORITY)TOS (IP PRECEDENCE) DSCP IP PACKET LENGTH (BYTE)
 Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide 155Configure the bucket  size to be equal to or less t han the am ount  of t he bandw idth t hat  t he int erface can support . I t  does not  help if you set  it t o a bucket  size over t he int erface’s capabilit y. The sm aller the bucket  size, t he lower t he data transm ission rat e and that  m ay cause out going packet s t o be dropped. A larger t ransm ission rate r equires a big bucket size. For exam ple, use a bucket size of 10 kbyt es t o get  the transm ission rat e up to 10 Mbps.Single Rate Three Color Marker The Single Rate Three Color Marker ( srTCM, defined in RFC 2697)  is a t ype of t raffic policing that identifies packets by com paring them  t o one user- defined rate, t he Com m it t ed I nform ation Rat e ( CI R), and t wo burst  sizes:  t he Com m it t ed Burst Size ( CBS)  and Excess Burst Size ( EBS) .The srTCM evaluat es incom ing packets and m arks t hem  wit h one of t hree colors which refer to packet  loss priority levels. High packet  loss priority level is referred t o as red, m edium  is referred to as yellow and low is referr ed to as green. The srTCM is based on t he t oken bucket filt er and has two token buckets ( CBS and EBS). Tokens are generat ed and added int o t he bucket  at a const ant rate, called Com m itt ed I nform at ion Rat e ( CI R). When t he first bucket ( CBS)  is full, new t okens overflow into the second bucket  (EBS) .All packet s are evaluated against  t he CBS. I f a packet  does not  exceed the CBS it is m arked green. Ot herwise it  is evaluat ed against  t he EBS. I f it  is below t he EBS then it  is m arked yellow. I f it  exceeds t he EBS then it  is m arked red.The following shows how tokens wor k wit h incom ing packet s in srTCM:• A packet  arr ives. The packet  is m arked green and can be transm it t ed if t he num ber of tokens in the CBS bucket is equal to or great er than t he size of t he packet  ( in byt es).• Aft er a packet  is t ransm it ted, a num ber of tokens corresponding t o t he packet  size is rem oved from  t he CBS bucket . • I f t here are not  enough tokens in t he CBS bucket , t he Device checks t he EBS bucket . The packet  is m arked yellow if there are sufficient  t okens in the EBS bucket. Ot herwise, t he packet  is m arked red. No t okens are rem oved if the packet  is dropped.Two Rate Three Color Marker The Two Rat e Thr ee Color Marker ( t rTCM, defined in RFC 2698)  is a type of traffic policing t hat identifies packets by com paring them  t o t wo user- defined rat es:  t he Com m it t ed I nform at ion Rate ( CI R) and t he Peak I nform ation Rat e ( PI R) . The CIR specifies t he average rate at which packet s are adm itt ed to the net w ork. The PI R is great er  t han or equal t o the CI R. CI R and PI R values are based on t he guaranteed and m axim um  bandwidt h respect ively as negot iat ed bet w een a service provider and client .The t rTCM evaluat es incom ing packets and m arks t hem  wit h one of t hree colors which refer to packet  loss priority levels. High packet  loss priority level is referred t o as red, m edium  is referred to as yellow and low is referr ed to as green. The t rTCM is based on t he t oken bucket  filt er and has t wo token bucket s ( Com m itt ed Burst Size ( CBS) and Peak Burst  Size ( PBS) ) . Tokens are generat ed and added into the two bucket s at  t he CI R and PI R respect ively.
Chapter 9 Quality of Service (QoS)VMG8324-B10A / VMG8324-B30A Series User’s Guide156All packet s ar e evaluat ed against  t he PI R. I f a packet  exceeds t he PI R it  is m arked red. Ot herwise it is evaluated against t he CI R. I f it  exceeds t he CIR then it  is m arked yellow. Finally, if it  is below  t he CIR then it  is m arked green.The following shows how tokens wor k wit h incom ing packet s in trTCM:• A packet  ar r iv es. I f t h e n u m ber  of t okens in t he PBS bucket  is less t han t he size of t he packet  ( in byt es) , t he packet is m arked red and m ay be dropped regardless of t he CBS bucket . No tokens are rem oved if t he packet is dropped.• I f t he PBS bucket  has enough t okens, t he Device checks t he CBS bucket . The packet is m arked green and can be t ransm itt ed if t he num ber of tokens in t he CBS bucket  is equal to or great er than the size of t he packet  (in byt es) . Ot herwise, t he packet  is m arked yellow.
VMG8324-B10A / VMG8324-B30A Series User’s Guide 157CHAPTER   10Network Address Translation (NAT)10.1  OverviewThis chapt er discusses how to configure NAT on t he Device. NAT ( Net work Address Translation -  NAT, RFC 1631)  is t he t ranslation of t he I P address of a host  in a packet , for exam ple, t he sour ce address of an out going packet , used wit hin one net work to a different  I P address known wit hin another network.10.1.1  What You Can Do in this Chapter• Use the Port  For w arding screen t o configure forward incom ing service requests t o t he server( s)  on your local network ( Sect ion 10.2 on page 158) . • Use the Ap plica t ion s scr een t o forward incom ing service requests to the server(s)  on your local net work ( Sect ion 10.3 on page 161) .• Use the Port  Trigge r ing screen t o add and configure the Device’s t rigger port  sett ings ( Sect ion 10.4 on page 162) .• Use the D M Z screen to configure a default  server (Section 10.5 on page 165) .• Use the ALG screen to enable and disable t he NAT and SI P (VoI P)  ALG in the Device (Sect ion 10.6 on page 166) .• Use the Address M apping screen to configure the Device's addr ess m apping set t ings ( Sect ion 10.7 on page 166) . • Use the Sessions screen to configure the Device's m axim um  num ber of NAT sessions (Sect ion 10.7 on page 166) . 10.1.2  What You Need To KnowInside/OutsideI nside/ outside denot es where a host  is locat ed relat ive t o t he Device, for exam ple, t he com put ers of your subscribers are the inside host s, while t he web servers on t he I nt ernet  are t he out side host s. Global/LocalGlobal/ local denot es t he I P address of a host  in a packet as t he packet t raverses a rout er, for exam ple, t he local address refers t o the I P address of a host when the packet  is in t he local net work, while t he global address refers to the I P address of t he host  when t he sam e packet is traveling in t he WAN side.
Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide158NATI n t he sim plest  form , NAT changes t he source I P address in a packet received from  a subscriber ( t he inside local addr ess)  t o another ( t he inside global address) before forwarding t he packet  t o t he WAN side. When the response com es back, NAT translates t he dest inat ion addr ess ( t he inside global address)  back t o t he inside local addr ess before forwarding it  to the original inside host .Port ForwardingA port  forwarding set is a list  of inside ( behind NAT on the LAN)  servers, for exam ple, web or FTP, that you can m ake visible t o t he out side wor ld even though NAT m akes your whole inside network appear  as a single com put er t o t he out side world.Finding Out MoreSee Sect ion 10.10 on page 169 for advanced technical inform ation on NAT.10.2  The Port Forwarding Screen Use t he Por t  For w a rding screen t o forward incom ing service r equest s to the server( s)  on your local net work.You m ay ent er a single port  num ber or a range of port  num bers t o be forwarded, and the local I P address of t he desired ser ver. The port  num ber ident ifies a service;  for exam ple, web service is on port  80 and FTP on port  21. I n som e cases, such as for unknown services or where one server can support m ore t han one service ( for exam ple bot h FTP and web service) , it  m ight be bet t er t o specify a range of port  num bers. You can allocate a ser ver I P address t hat cor responds t o a port  or a range of port s.The m ost  oft en used port  num bers and services are shown in Appendix G on page 397. Please refer to RFC 1700 for fur t her inform ation about  port num bers. Not e:  Many residential broadband I SP account s do not  allow you t o run any server processes ( such as a Web or FTP server)  from  your locat ion. Your I SP m ay periodically check for servers and m ay suspend your account  if it  discovers any act ive services at your  location. I f you are unsure, refer to your I SP.Configuring Servers Behind Port Forwarding (Example)Let 's say you want  to assign port s 21- 25 to one FTP, Telnet  and SMTP server (A in t he exam ple) , port  80 t o anot her ( B in the exam ple)  and assign a default  server I P address of 192.168.1.35 t o a
 Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide 159third (C in t he exam ple) . You assign the LAN I P addresses and t he I SP assigns the WAN I P address. The NAT network appears as a single host  on t he I nt ernet .Figure 82   Mult iple Servers Behind NAT Exam pleClick N et w ork  Sett ing >  N AT >  Port  Forw arding t o open t he following screen.See Appendix G on page 397 for  port  num bers com m only used for part icular services. Figure 83   Net work Set t ing >  NAT >  Port  ForwardingThe following t able describes t he fields in t his screen. Table 57   Net work Set t ing >  NAT >  Port  ForwardingLABEL DESCRIPTIONAdd new rule Click t his t o add a new rule.#This is t he index num ber of t he entry.St atus This field displays whether t he NAT rule is act ive or not. A yellow bulb signifies that this rule is active. A gray bulb signifies that  t his rule is not act ive.Service Nam e This shows t he service’s nam e.WAN I nt erface This show s t he WAN int erface t hrough which t he service is for war ded.WAN I P This field display s t he incom ing packet ’s dest inat ion I P address.Server I P AddressThis is t he server ’s I P address.St art  Port   This is t he first  ext ernal port num ber t hat ident ifies a service.End Port  This is t he last  exter nal por t  num ber that identifies a service.Tr an sl a t i on  St art  Port  This is t he first  int ernal port num ber t hat  ident ifies a service.Tr a n s l a t i o n  En d  Port  This is t he last  int ernal port num ber t hat  ident ifies a service.A=192.168.1.33D=192.168.1.36C=192.168.1.3B=192.168.1.34WANLAN192.168.1.1 IP Address assigned by ISP
Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide16010.2.1  Add/Edit Port Forwarding Click Add ne w  rule in the Port For w ar ding screen or click the Ed it  icon next t o an existing rule to open the following screen.Figure 84   Port Forwarding:  Add/ Edit The following t able describes t he labels in this screen. Prot ocol This shows t he I P protocol support ed by t his virt ual server, whet her it is TCP, UD P, or TCP/UDP.Modify Click the Ed it  icon t o edit  t his rule.Click t he D e le t e  icon t o delete an exist ing rule. Table 57   Net work Sett ing >  NAT >  Port Forwarding ( continued)LABEL DESCRIPTIONTable 58   Port  Forwar ding:  Add/ EditLABEL DESCRIPTIONAct ive Clear t he check box t o disable t he rule. Select  t he check box t o enable it .Service Nam e Enter a nam e t o identify this rule using keyboard characters ( A-Z, a-z, 1- 2 and so on). WAN I nt erface Select  t he WAN int erface t hrough which t he serv ice is forwarded.You m ust have already configured a WAN connect ion wit h NAT enabled.WAN I P Ent er  the WAN I P address for which t he incom ing service is dest ined. I f t he packet ’s dest ination I P address doesn’t  m atch t he one specified here, the port  forwarding rule will not  be applied.St art  Port Ent er the original dest inat ion port  for t he packet s.To forward only one port , ent er  the por t num ber again in t he En d Port  field. To forward a series of port s, enter t he st art port  num ber here and t he end port  num ber in the End Port  field.
 Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide 16110.3  The Applications ScreenThis screen provides a sum m ary of all NAT applications and t heir configurat ion. I n addition, this screen allows you t o creat e new applicat ions and/ or rem ove existing ones.To access t his screen, click N e t w or k Se t t ing >  N AT >  Applica t ion s. The following screen appears.Figure 85   Net work Set t ing >  NAT >  ApplicationsThe following t able describes t he labels in this screen. End Port  Enter t he last port  of t he original dest ination port  range. To forward only one port , ent er  the port  num ber in t he St a rt  Port  field above and t hen enter it  again in this field. To forward a ser ies of port s, ent er t he last  port  num ber in a ser ies t hat  begins w it h t he por t  num ber in the St a rt  Por t  field above.Tr an sl a t i on  St art  PortThis show s the por t  num ber to which you want t he Dev ice t o t ranslat e t he incom ing port. For a range of port s, ent er t he fir st  num ber of the range t o w hich you want  t he incom ing port s translat ed.Tr a n s l a t i o n  En d  Port  This shows t he last port  of t he t ranslated port range.Server I P AddressEnt er t he inside I P address of the virt ual server here.Prot ocol Select the pr ot ocol support ed by this virtual ser ver. Choices are TCP, UD P, or TCP/ UDP.OK Click OK to save your changes.Cancel Click Ca nce l t o exit  t his screen w it hout saving.Table 58   Port  Forwar ding:  Add/ Edit ( cont inued)LABEL DESCRIPTIONTable 59   Net work Sett ing >  NAT >  Applicat ionsLABEL DESCRIPTIONAdd new applicat ionClick t his t o add a new NAT applicat ion rule.Applicat ion ForwardedThis field shows t he t ype of application t hat  t he service for wards.WAN I nt erface This field shows the WAN interface through which the service is forwarded.Server I P AddressThis field displays the dest ination I P address for t he service.Modify Click t he D e let e  icon t o delet e t he rule.
Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide16210.3.1  Add New ApplicationThis screen lets you creat e new NAT applicat ion rules. Click Add new  a pplica t ion in the Applica t ions screen to open the following screen.Figure 86   Applicat ions:  Add The following t able describes t he labels in this screen. 10.4  The Port Triggering ScreenSom e services use a dedicat ed range of port s on the client  side and a dedicat ed range of port s on the server side. Wit h regular port forwarding you set a forwarding port  in NAT t o forward a service ( com ing in from  the server on the WAN)  t o t he I P address of a com put er on the client  side ( LAN) . The problem  is t hat  port forwarding only forwards a service t o a single LAN I P address. I n order t o use t he sam e service on a different  LAN com put er, you have t o m anually replace the LAN com put er's I P address in the forwarding port with anot her LAN com put er's I P address. Trigger port  forwarding solves this problem  by allowing com put ers on t he LAN t o dynam ically take turns using the service. The Device records the I P address of a LAN com put er  t hat sends traffic t o the WAN to request a ser vice with a specific port  num ber and prot ocol ( a "trigger" port ) . When t he Device's WAN port  receives a response wit h a specific port num ber and protocol ( "open" por t ) , t he Device forwar ds t he t raffic t o t he LAN I P address of the com put er t hat sent t he request . After t hat  com put er’s connection for t hat  service closes, anot her com puter on t he LAN can use the service in the sam e m anner. This way you do not need to configur e a new I P address each tim e you want  a different LAN com put er t o use the applicat ion.Table 60   Applications:  AddLABEL DESCRIPTIONWAN I nt erface Select  t he WAN int erface t hat you want to apply this NAT rule t o.Server I P AddressEnt er t he inside I P address of the applicat ion here.Applicat ion CategorySelect  t he category of the applicat ion from  the dr op- down list  box.Applicat ion ForwardedSelect  a service from  the drop- down list  box and the Device aut om at ically configures t he pr ot ocol, st art , end, and m ap port num ber t hat  define t he ser vice.View Rule Click t his t o display t he configurat ion of t he serv ice t hat  you have chosen in Applica t ion Fow ar de d.OK Click OK to save your changes.Cancel Click Ca nce l t o exit  t his screen w it hout saving.
 Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide 163For exam ple:Figure 87   Trigger Port Forwarding Process:  Exam ple1Jane request s a file from  t he Real Audio server ( port  7070) .2Port 7070 is a “ t rigger ”  port and causes the Device t o record Jane’s com puter I P address. The Device associat es Jane's com put er I P address wit h t he " open"  port  range of 6970- 7170.3The Real Audio server responds using a port  num ber ranging between 6970- 7170.4The Device forwards t he traffic t o Jane’s com puter I P address. 5Only Jane can connect  t o t he Real Audio server until t he connect ion is closed or tim es out. The Device tim es out in t hree m inutes with UDP (User Datagram  Prot ocol)  or t wo hours wit h TCP/ I P ( Transfer Cont rol Prot ocol/ I nternet  Protocol) . Click N e t w or k Se t t ing >  N AT >  Por t  Trigge r ing to open the following screen. Use t his screen t o view your Device’s t rigger port set t ings.Figure 88   Net work Set t ing >  NAT >  Port Triggering The following t able describes t he labels in this screen. Table 61   Net work Sett ing >  NAT >  Port  TriggeringLABEL DESCRIPTIONAdd new rule Click t his t o creat e a new rule.#This is t he index num ber of t he entry.St atus This field display s whet her t he port  t rigger ing rule is act ive or not .  A yellow bulb signifies that  this rule is active. A gray  bulb signifies t hat  t his r ule is not active.Service Nam e This field displays the nam e of t he ser vice used by t his rule.WAN I nt erface This field shows the WAN interface through which the service is forwarded.Trigger St art  PortThe t rigger port  is a port  ( or a range of port s)  that  causes ( or triggers)  t he Device to record t he I P address of the LAN com put er that  sent the traffic t o a server  on t he WAN.This is t he first  port num ber t hat  ident ifies a serv ice.Trigger End PortThis is t he last  por t  num ber t hat  ident ifies a service.Trigger Prot o. This is t he t r igger t ransport  layer prot ocol.
Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide16410.4.1  Add/Edit Port Triggering Rule This screen lets you creat e new por t  t riggering rules. Click Add new  rule in t he Por t  Triggering screen or click a rule’s Ed it  icon t o open t he following screen.Figure 89   Port Triggering:  Add/ Edit  The following t able describes t he labels in this screen. Open St art Port The open port  is a port  ( or a range of port s)  t hat  a server on the WAN uses when it  sends out  a part icular ser vice. The Device forwards t he traffic w it h t his port  ( or  range of port s)  to the client  com put er on t he LAN t hat  request ed the service. This is t he first  port num ber t hat  ident ifies a serv ice.Open End Port This is t he last  port num ber t hat  ident ifies a service.Open Proto. This is t he open t ranspor t  layer prot ocol.Modify Click t he Ed it  icon t o edit  this rule.Click the D ele t e icon t o delete an existing rule. Table 61   Net work Sett ing >  NAT >  Port  Triggering ( cont inued)LABEL DESCRIPTIONTable 62   Port  Triggering:  Configuration Add/ EditLABEL DESCRIPTIONAct ive Select  the check box t o enable t his rule.Service Nam e Enter a nam e t o identify this rule using keyboard characters ( A-Z, a-z, 1- 2 and so on). WAN I nt erface Select  a WAN int erface for which you want to configure port  t riggering rules.Trigger St art  PortThe t rigger port  is a port  ( or a range of port s)  that  causes ( or triggers)  t he Device to record t he I P address of the LAN com put er that  sent the traffic t o a server  on t he WAN.Type a port num ber or  t he st art ing port  num ber  in a range of port  num bers.Trigger End Port  Type a port num ber or  the ending port num ber in a range of port num bers.Trigger Prot ocol Select  t he transport layer protocol from  TCP, UDP, or  TCP/ UDP.
 Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide 16510.5  The DMZ ScreenI n addit ion to the servers for specified services, NAT support s a default  server I P address. A default  server receives packet s from  port s t hat  are not specified in t he N AT Port  For w ar ding Set u p screen.Figure 90   Net work Set t ing >  NAT >  DMZ The following t able describes t he fields in t his screen. Open St art Port The open port  is a port  ( or a range of port s)  t hat  a server on the WAN uses when it  sends out  a part icular ser vice. The Device forwards t he traffic w it h t his port  ( or  range of port s)  to the client  com put er on t he LAN t hat  request ed the service. Type a port num ber or  t he st art ing port  num ber  in a range of port  num bers.Open End Port   Type a port  num ber or the ending port num ber in a range of port  num bers.Open Protocol Select  the transport  layer prot ocol from  TCP, UDP, or  TCP/ UDP.OK Click OK to save your changes.Cancel Click Ca nce l t o exit  t his screen w it hout saving.Table 62   Port  Triggering:  Configuration Add/ Edit ( cont inued)LABEL DESCRIPTIONTable 63   Net work Sett ing >  NAT >  DMZLABEL DESCRIPTIONDefault  Server AddressEnt er t he I P address of the default  server which receives packet s from  port s that are not specified in t he N AT Port  For w ardin g screen. Note: If you do not assign a Default Server Address, the Device discards all packets received for ports that are not specified in the NAT Port Forwarding screen.Apply Click Apply t o save your changes.Cancel Click Ca n cel t o rest ore your pr eviously saved set t ings.
Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide16610.6  The ALG ScreenSom e NAT router s m ay include a SI P Applicat ion Layer Gat eway ( ALG). A SI P ALG allow s SI P calls to pass t hrough NAT by exam ining and translat ing I P addresses em bedded in t he data st ream . When t he Device regist ers wit h t he SI P register server, t he SI P ALG t ranslates t he Device’s privat e I P address inside t he SI P data st r eam  t o a public I P address. You do not  need to use STUN or an out bound proxy if your Device is behind a SI P ALG.Use t his screen to enable and disable t he NAT and SI P (VoI P)  ALG in t he Device. To access t his screen, click N et w ork  Set t ing >  N AT >  ALG.Figure 91   Net work Set t ing >  NAT >  ALGThe following t able describes t he fields in this screen.10.7  The Address Mapping ScreenOrdering your rules is im port ant  because t he Device applies t he rules in t he order t hat  you specify. When a rule m atches the current  packet , the Device t akes t he corresponding act ion and the rem aining rules are ignored. Click N et w ork  Sett ing >  N AT >  Addr ess M a pping t o display t he following screen. Figure 92   Net work Set t ing >  NAT >  Address MappingTable 64   Net work Sett ing >  NAT >  ALGLABEL DESCRIPTIONNAT ALG Enable t his t o m ake sure applicat ions such as FTP and file t ransfer in I M applicat ions work correct ly wit h port- for warding and address- m apping rules.SI P ALG Enable this to m ake sure SI P ( VoI P)  works correct ly wit h port- forwarding and address-m apping rules.RTSP ALG Enable t his t o have t he Device det ect  RTSP t raffic and help build RTSP sessions t hrough its NAT. The Real Tim e Stream ing ( m edia cont rol)  Prot ocol (RTSP)  is a rem ote cont rol for m ult im edia on t he I nt ernet .Apply Click Ap ply t o save your changes.Cancel Click Cance l t o rest or e your previously  saved settings.
 Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide 167The following t able describes t he fields in this screen.10.7.1  Add/Edit Address Mapping RuleTo add or  edit  an addr ess m apping rule, click Add new  rule or the rule’s edit  icon in the Addre ss Ma ppin g screen t o display t he screen shown next. Figure 93   Address Mapping:  Add/ EditTable 65   Net wor k Sett ing >  NAT >  Address MappingLABEL DESCRIPTIONAdd new rule Click this t o creat e a new rule.Set This is the index num ber of t he address m apping set .Local Start  I P This is t he st art ing I nside Local I P Address ( I LA) .Local End I P This is t he ending I nside Local I P Address ( I LA) . I f t he rule is for  all local I P addr esses, t hen this field displays 0.0.0.0 as t he Local Start  I P address and 255.255.255.255 as t he Local End I P addr ess. This field is blank for  On e - t o - On e m apping t ypes.Global St art I P This is t he st arting I nside Global I P Addr ess ( I GA) . Ent er 0.0.0.0 her e if you have a dynam ic I P addr ess from  your I SP. You can only do this for the M an y- t o- On e m apping type. Global End I P This is the ending I nside Global I P Address ( I GA) . This field is blank for On e - t o- One  and Many- t o- One  m apping t ypes.Type This is t he address m apping type.One - to- On e:  This m ode m aps one local I P address to one global I P address. Note t hat  port num bers do not  change for t he One- t o-one NAT m apping t ype.M a ny - t o- O ne :  This m ode m aps m ultiple local I P addresses t o one global I P addr ess. This is equivalent  t o SUA (i.e., PAT, port  address t ranslat ion) , t he Device's Single User Account feat ure t hat  prev ious routers support ed only. M a ny - t o- M a n y:  This m ode m aps m ult iple local I P addresses t o shared global I P addresses.Modify Click t he Edit icon t o go to t he screen w here you can edit  t he address m apping rule.Click the D ele t e icon to delet e an exist ing address m apping rule. Note that  subsequent  addr ess m apping rules m ove up by one w hen you t ake t his act ion.
Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide168The following t able describes t he fields in this screen.10.8  The Address Mapping ScreenOrdering your rules is im port ant  because t he Device applies t he rules in t he order t hat  you specify. When a rule m atches the current  packet , the Device t akes t he corresponding act ion and the rem aining rules are ignored. Click N et w ork  Sett ing >  N AT >  Addr ess M a pping t o display t he following screen. Figure 94   Net work Set t ing >  NAT >  Address MappingThe following t able describes t he fields in this screen.Table 66   Address Mapping:  Add/ EditLABEL DESCRIPTIONType Choose t he I P/ port m apping type from  one of t he following.One - to- On e:  This m ode m aps one local I P address to one global I P address. Note t hat  port num bers do not  change for t he One- t o-one NAT m apping t ype.M a ny - t o- O ne :  This m ode m aps m ultiple local I P addresses t o one global I P addr ess. This is equivalent  t o SUA (i.e., PAT, port  address t ranslat ion) , t he Device's Single User Account feat ure t hat  prev ious routers support ed only. M a ny - t o- M a n y:  This m ode m aps m ult iple local I P addresses t o shared global I P addresses.Local Start  I P Enter t he st arting I nside Local I P Addr ess (I LA) .Local End I P Enter the ending I nside Local I P Address (I LA) . I f the rule is for all local I P addresses, t hen this field displays 0.0.0.0 as t he Local Start  I P address and 255.255.255.255 as t he Local End I P addr ess. This field is blank for  On e - t o - On e m apping t ypes.Global St art  I P Enter t he st ar ting I nside Global I P Address ( I GA) . Ent er 0.0.0.0 here if you have a dynam ic I P addr ess from  your I SP. You can only do this for the M an y- t o- On e m apping type. Global End I P Ent er the ending I nside Global I P Address ( I GA) . This field is blank for One - t o- On e and Many- t o- One  m apping t ypes.Set Select the num ber of the m apping set  for which you want  t o configur e.OK Click OK t o save your changes.Cancel Click Ca ncel t o exit  t his screen wit hout  saving.Table 67   Net wor k Sett ing >  NAT >  Address MappingLABEL DESCRIPTIONAdd new rule Click this t o creat e a new rule.Set This is the index num ber of t he address m apping set .Local Start  I P This is t he st art ing I nside Local I P Address ( I LA) .Local End I P This is t he ending I nside Local I P Address ( I LA) . I f t he rule is for  all local I P addr esses, t hen this field displays 0.0.0.0 as t he Local Start  I P address and 255.255.255.255 as t he Local End I P addr ess. This field is blank for  On e - t o - On e m apping t ypes.
 Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide 16910.9  The Sessions ScreenUse t his screen to lim it t he num ber of concurrent  NAT sessions a client can use. Click N e t w ork  Set t ing >  N AT >  Session s to display t he following screen. Figure 95   Net work Set t ing >  NAT >  SessionsThe following t able describes t he fields in this screen.10.10  Technical ReferenceThis part  cont ains m ore inform at ion regarding NAT.Global St art I P This is t he st arting I nside Global I P Addr ess ( I GA) . Ent er 0.0.0.0 her e if you have a dynam ic I P addr ess from  your I SP. You can only do this for the M an y- t o- On e m apping type. Global End I P This is the ending I nside Global I P Address ( I GA) . This field is blank for On e - t o- One  and Many- t o- One  m apping t ypes.Type This is t he address m apping type.One - to- On e:  This m ode m aps one local I P address to one global I P address. Note t hat  port num bers do not  change for t he One- t o-one NAT m apping t ype.M a ny - t o- O ne :  This m ode m aps m ultiple local I P addresses t o one global I P addr ess. This is equivalent  t o SUA (i.e., PAT, port  address t ranslat ion) , t he Device's Single User Account feat ure t hat  prev ious routers support ed only. M a ny - t o- M a n y:  This m ode m aps m ult iple local I P addresses t o shared global I P addresses.Modify Click t he Edit icon t o go to t he screen w here you can edit  t he address m apping rule.Click the D ele t e icon to delet e an exist ing address m apping rule. Note that  subsequent  addr ess m apping rules m ove up by one w hen you t ake t his act ion.Table 67   Net work Sett ing >  NAT >  Address Mapping ( continued)LABEL DESCRIPTIONTable 68   Net work Sett ing >  NAT >  SessionsLABEL DESCRIPTIONWAX NAT Session Per HostUse t his field t o set  a lim it to the num ber of concurrent  NAT sessions each client host  can have.I f only a few clients use peer t o peer applicat ions, you can raise t his num ber t o im prove their perform ance. Wit h heavy peer- t o- peer  applicat ion use, lower  t his num ber t o ensure no single client  uses t oo m any  of t he available NAT sessions.Apply Click this t o save your changes on t his screen.Cancel Click t his to exit t his screen w it hout  saving any changes.
Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide17010.10.1  NAT DefinitionsI nside/ outside denot es where a host  is locat ed relat ive t o t he Device, for exam ple, t he com put ers of your subscribers are the inside host s, while t he web servers on t he I nt ernet  are t he out side host s. Global/ local denot es t he I P address of a host  in a packet as t he packet t raverses a rout er, for exam ple, t he local address refers t o the I P address of a host when the packet  is in t he local net work, while t he global address refers to the I P address of t he host  when t he sam e packet is traveling in t he WAN side.
 Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide 171Not e that inside/ out side refers t o the location of a host , while global/ local refers t o t he I P address of a host  used in a packet . Thus, an inside local address ( I LA)  is t he I P address of an inside host  in a packet when t he packet  is still in t he local net work, while an inside global address ( I GA)  is the I P address of t he sam e inside host  w hen t he packet is on t he WAN side. The following table sum m arizes t his inform at ion.NAT never changes the I P addr ess ( eit her local or global) of an out side host .10.10.2  What NAT DoesI n t he sim plest  form , NAT changes t he source I P address in a packet received from  a subscriber ( t he inside local addr ess)  t o another ( t he inside global address) before forwarding t he packet  t o t he WAN side. When the response com es back, NAT translates t he dest inat ion addr ess ( t he inside global address)  back t o t he inside local addr ess before forwarding it  t o t he original inside host . Note that t he I P address ( eit her local or global)  of an outside host  is never changed.The global I P addresses for the inside hosts can be eit her stat ic or dynam ically assigned by t he I SP. I n addit ion, you can designate servers, for exam ple, a web ser ver and a telnet  server, on your local net work and m ake t hem  accessible t o t he out side world. I f you do not  define any server s ( for Many-to-One and Many- t o- Many Overload m apping), NAT offers t he additional benefit  of firewall protect ion. Wit h no servers defined, your Device filt ers out all incom ing inquiries, thus preventing int ruders from  probing your net work. For m ore inform ation on I P address t ranslation, refer t o RFC 1631, The I P Net work Address Translat or ( NAT) .Table 69   NAT DefinitionsITEM DESCRIPTIONI nside This refers t o t he host  on t he LAN.Outside This refers t o the host  on t he WAN.Local This refers t o the packet  address ( source or dest ination)  as t he packet travels on t he LAN.Global This refers t o t he packet  address (source or destinat ion)  as t he packet  travels on t he WAN.
Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide17210.10.3  How NAT WorksEach packet  has t wo addresses – a source address and a dest inat ion address. For out going packet s, the I LA (I nside Local Address)  is t he source address on t he LAN, and the I GA (I nside Global Address)  is t he source address on the WAN. For incom ing packet s, t he I LA is t he dest inat ion address on t he LAN, and t he I GA is t he dest inat ion address on t he WAN. NAT m aps privat e ( local)  I P addresses to globally unique ones requir ed for com m unication wit h host s on ot her net works. I t  replaces t he original I P source address (and TCP or UDP sour ce port num bers for Many- t o- One and Many- t o- Many Overload NAT m apping)  in each packet  and then forwards it  t o the I nternet . The Device keeps t rack of the original addr esses and port num bers so incom ing reply packets can have their original values restor ed. The following figure illust rates t his.Figure 96   How  NAT Works192.168.1.13192.168.1.10192.168.1.11192.168.1.12 SA192.168.1.10SAIGA1Inside LocalIP Address192.168.1.10192.168.1.11192.168.1.12192.168.1.13Inside Global IP AddressIGA 1IGA 2IGA 3IGA 4NAT TableWANLANInside LocalAddress (ILA)Inside GlobalAddress (IGA)
 Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide 17310.10.4  NAT ApplicationThe following figure illust rat es a possible NAT application, where t hree inside LANs ( logical LANs using I P alias)  behind the Device can com m unicat e with t hree dist inct  WAN net works.Figure 97   NAT Applicat ion Wit h I P AliasPort Forwarding: Services and Port NumbersThe m ost  often used port  num bers are shown in the following t able. Please refer t o RFC 1700 for further  inform ation about port  num bers. Please also refer t o t he Support ing CD for m ore exam ples and det ails on port  forwarding and NAT.Table 70   Services and Port  Num bersSERVICES PORT NUMBERECHO 7FTP (File Transfer Prot ocol) 21SMTP ( Sim ple Mail Transfer Protocol) 25DNS ( Dom ain Nam e Syst em ) 53Finger 79HTTP ( Hyper Text Transfer prot ocol or WWW, Web) 80POP3 (Post  Office Pr ot ocol) 110NNTP (Net work  New s Transport  Prot ocol) 119SNMP (Sim ple Networ k Managem ent  Prot ocol) 161SNMP trap 162PPTP ( Point- t o- Point  Tunneling Protocol) 1723
Chapter 10 Network Address Translation (NAT)VMG8324-B10A / VMG8324-B30A Series User’s Guide174Port Forwarding ExampleLet 's say you want  to assign port s 21- 25 to one FTP, Telnet  and SMTP server (A in t he exam ple) , port  80 t o anot her ( B in the exam ple)  and assign a default  server I P address of 192.168.1.35 t o a third (C in t he exam ple) . You assign the LAN I P addresses and t he I SP assigns the WAN I P address. The NAT network appears as a single host  on t he I nt ernet .Figure 98   Mult iple Servers Behind NAT Exam pleD=192.168.1.36192.168.1.1IP address assigned by ISPA=192.168.1.33B=192.168.1.34C=192.168.1.35
VMG8324-B10A / VMG8324-B30A Series User’s Guide 175CHAPTER   11Dynamic DNS Setup11.1  Overview DNSDNS (Dom ain Nam e Syst em )  is for m apping a dom ain nam e to it s corresponding I P address and vice versa. The DNS server is ext rem ely im port ant because wit hout  it , you m ust  know the I P address of a m achine before you can access it . I n addit ion to the syst em  DNS server( s), each WAN int erface (service)  is set  to have it s own st atic or dynam ic DNS server list . You can configure a DNS st atic route to forward DNS queries for cert ain dom ain nam es through a specific WAN int erface to it s DNS server( s) . The Device uses a system  DNS server ( in t he order you specify in t he Broa dband screen)  t o resolve dom ain nam es t hat  do not  m atch any DNS rout ing entry. Aft er t he Device receives a DNS reply from  a DNS server, it  creates a new ent ry for t he resolved I P address in the rout ing t able.Dynamic DNSDynam ic DNS allows you t o update your  current  dynam ic I P address w ith one or m any dynam ic DNS services so that anyone can cont act  you ( in Net Meet ing, CU-SeeMe, etc.) . You can also access your FTP server or Web site on your own com put er using a dom ain nam e ( for inst ance m yhost .dhs.org, where m yhost  is a nam e of your choice)  t hat will never change inst ead of using an I P address t hat  changes each t im e you reconnect . Your friends or relat ives will always be able t o call you even if they don't  know your I P address.First of all, you need t o have regist ered a dynam ic DNS account with www.dyndns.org. This is for people wit h a dynam ic I P from  t heir I SP or DHCP server t hat  would still like t o have a dom ain nam e. The Dynam ic DNS service provider will give you a password or key. 11.1.1  What You Can Do in this Chapter• Use the D N S Entr y screen to view, configure, or rem ove DNS routes (Sect ion 11.2 on page 176) .• Use the D yna m ic DN S screen t o enable DDNS and configure t he DDNS sett ings on t he Device (Sect ion 11.3 on page 177) .
Chapter 11 Dynamic DNS SetupVMG8324-B10A / VMG8324-B30A Series User’s Guide17611.1.2  What You Need To KnowDYNDNS WildcardEnabling the w ildcard feature for your host  causes * .yourhost .dyndns.org t o be aliased to the sam e I P address as yourhost .dyndns.org. This feature is useful if you want t o be able t o use, for exam ple, ww w.yourhost .dyndns.or g and st ill reach your host nam e.I f you have a privat e WAN I P address, t hen you cannot use Dynam ic DNS.11.2  The DNS Entry ScreenUse t his scr een t o view and configure DNS rout es on t he Device. Click N e t w or k  Se t t ing >  D N S to open the D N S En t ry screen.Figure 99   Net work Set t ing >  DNS >  DNS Ent ryThe following t able describes t he fields in t his screen. Table 71   Net work Sett ing >  DNS >  DNS Ent ryLABEL DESCRIPTIONAdd new DNS entryClick t his to creat e a new DNS entry.#This is the index num ber of t he entry.Host nam e This indicates t he host  nam e or dom ain nam e.I P Address This indicat es t he I P address assigned t o t his com put er.Modify Click t he Ed it  icon t o edit  t he rule.Click the D e le t e  icon t o delet e an ex ist ing rule.
 Chapter 11 Dynamic DNS SetupVMG8324-B10A / VMG8324-B30A Series User’s Guide 17711.2.1  Add/Edit DNS EntryYou can m anually add or edit  t he Device’s DNS nam e and I P address ent ry. Click Add ne w  D N S e nt r y  in t he DN S Ent r y screen or the Ed it  icon next  to the ent ry you want  t o edit . The screen shown next  appears.Figure 100   DNS Ent ry :  Add/ EditThe following t able describes t he labels in this screen. 11.3  The Dynamic DNS ScreenUse t his scr een t o change your Device’s DDNS. Click N e t w or k  Set t ing >  D N S >  Dyn a m ic DN S. The screen appears as shown.Figure 101   Network Sett ing >  DNS >  Dynam ic DNSTable 72   DNS Ent ry:  Add/ EditLABEL DESCRIPTIONHost Nam e Enter t he host  nam e of t he DNS ent ry.I P Address Enter t he I P address of t he DNS entry.Apply Click Apply t o save your changes.Cancel Click Ca nce l to exit this screen without saving.
Chapter 11 Dynamic DNS SetupVMG8324-B10A / VMG8324-B30A Series User’s Guide178The following t able describes t he fields in t his screen. Table 73   Net work Set t ing >  DNS >  >  Dynam ic DNSLABEL DESCRIPTIONDynam ic DNS Select Enable  t o use dynam ic DNS.Service ProviderSelect  your  Dynam ic DNS service provider from  the dr op- down list  box.Host nam e Ty pe the dom ain nam e assigned t o your Dev ice by  your Dynam ic DNS provider.You can specify up to t wo host nam es in the field separated by a com m a ( "," ) .User nam e Ty pe your user nam e.Passw ord Type t he password assigned t o you.Em ail I f you select  TZO in t he Se r vice Provide r  field, ent er t he user nam e you used to register for t his service.Key I f you select TZO in the Se rvice Pr ovide r field, ent er  the password you used t o regist er for this serv ice.Apply Click Apply t o save your  changes.Cancel Click Ca nce l to ex it  t his scr een wit hout sav ing.
VMG8324-B10A / VMG8324-B30A Series User’s Guide 179CHAPTER   12Interface Group12.1  OverviewBy default , all LAN and WAN interfaces on the Device are in the sam e group and can com m unicat e wit h each other. Creat e int erface groups to have t he Device assign t he I P addresses in different  dom ains t o different groups. Each group act s as an independent  net work on the Device. This lets devices connect ed to an int erface group’s LAN int erfaces com m unicate t hrough the int erface group’s WAN or LAN interfaces but  not  other WAN or LAN int erfaces.12.1.1  What You Can Do in this ChapterThe I nt e rface Group screens let  you cr eate m ultiple networks on t he Device (Sect ion 12.2 on page 179) .12.2  The Interface Group ScreenYou can m anually add a LAN interface t o a new group. Alternatively, you can have t he Device aut om atically add t he incom ing t raffic and t he LAN int erface on which t raffic is received to an int erface group when it s DHCP Vendor  I D option inform at ion m at ches one listed for the int erface group. Use t he LAN  screen t o configure t he private I P addresses t he DHCP server on t he Device assigns to the clients in the default  and/ or user- defined groups. I f you set  t he Device t o assign I P addresses based on the client ’s DHCP Vendor I D opt ion inform ation, you m ust  enable DHCP server and configure LAN TCP/ I P set tings for bot h t he default and user- defined groups. See Chapter 7 on page 107 for m ore inform at ion.
Chapter 12 Interface GroupVMG8324-B10A / VMG8324-B30A Series User’s Guide180I n t he follow ing exam ple, t he client  t hat sends packet s wit h t he DHCP Vendor I D opt ion set  t o MSFT 5.0 ( m eaning it  is a Windows 2000 DHCP client )  is assigned the I P address 192.168.2.2 and uses the WAN VDSL_PoE/ ppp0.1 interface.Figure 102   I nt erface Grouping Applicat ionClick N et w or k  Se t t in g >  I nt e r f a ce Grou p t o open the following scr een. Figure 103   Network Sett ing >  I nt erface Group The following t able describes t he fields in t his screen. 12.2.1  Interface Group ConfigurationClick t he Add N e w  I nt e r fa ce Group butt on in the I nt erface  Grou p screen t o open t he following screen. Use t his screen t o creat e a new interface group. Table 74   Net work Sett ing >  I nt erface GroupLABEL DESCRIPTIONAdd New  I nterface GroupClick t his button t o creat e a new int erface group.Group Nam e This shows t he descriptive nam e of t he group.WAN I nt erface This show s t he WAN interfaces in the gr oup.LAN I nterfaces This shows t he LAN int erfaces in t he group.Criteria This shows t he filter ing criteria for t he group.Modify Click the De le t e  icon t o rem ove the group.Add Click t his button t o create a new group.Default: ETH 2~4Internet192.168.1.x/24192.168.2.x/24VDSL_PoE/ppp0.1eth10.0DHCP Vendor ID option: MSFT 5.0
 Chapter 12 Interface GroupVMG8324-B10A / VMG8324-B30A Series User’s Guide 181Note:  An int erface can belong t o only one group at  a t im e.Figure 104   I nt erface Group Configurat ion The following t able describes t he fields in t his screen. Table 75   I nt erface Group Configurat ionLABEL DESCRIPTIONGroup Nam e Ent er  a nam e t o ident ify t his group. You can enter up to 30 charact er s.  You can use let t ers, num bers, hyphens ( - )  and underscores ( _) . Spaces are not  allowed.WAN I nt erface used in the groupingSelect  t he WAN interface this group uses. The group can have up to one PTM int erface, up to one ATM interface and up t o one ETH interface.Select N one  t o not  add a WAN int erface t o this group.Grouped LAN I nterfacesAvailable LAN I nterfacesSelect  one or m ore LAN interfaces ( Et hernet  LAN, HPNA or wireless LAN)  in t he Av a ila ble  LAN  I nt erface s list and use t he left  arrow t o m ove t hem  t o t he Grou pe d LAN  I n t e rfa ces list  t o add the interfaces to this group.To rem ove a LAN or wireless LAN int erface from  t he Gr ou pe d LAN  I nt e r fa ce s, use the right- facing arrow.Aut om at ically Add Clients With the following DHCP Ven dor  I DsClick Add t o identify LAN host s t o add t o the int er face group by crit eria such as t he type of the hardware or firm ware. See Sect ion 12.2.2 on page 182 for m ore infor m ation.
Chapter 12 Interface GroupVMG8324-B10A / VMG8324-B30A Series User’s Guide18212.2.2   Interface Grouping CriteriaClick t he Add butt on in t he I nt e r fa ce  Gr ouping Con figu r a t ion screen t o open the following screen.Figure 105   I nt erface Grouping Crit eria The following t able describes t he fields in t his screen. #This shows t he index  num ber of t he rule.Filt er Criteria This shows t he filter ing crit eria. The LAN int erface on which the m at ched t raffic is received will belong t o t his group aut om at ically.WildCard SupportThis shows if wildcard on DHCP opt ion 60 is enabled.Rem ov e Click t he Rem ove  icon to delet e t his rule fr om  t he Device.Apply Click Apply t o save your changes back to t he Device.Cancel Click Ca nce l to exit  t his screen w it hout saving.Table 75   I nt erface Group Configurat ion ( cont inued)LABEL DESCRIPTIONTable 76   I nt erface Grouping Crit eriaLABEL DESCRIPTIONSource MAC AddressEnter the source MAC address of the packet.DHCP Opt ion 60Select this opt ion and ent er the Vendor Class I dentifier ( Option 60)  of t he m atched t raffic, such as the t ype of t he har dware or firm war e.Enable wildcard on DHCP opt ion 60 opt ionSelect  this opt ion to be able to use w ildcards in t he Vendor Class I dent ifier  configur ed for DHCP option 60.
 Chapter 12 Interface GroupVMG8324-B10A / VMG8324-B30A Series User’s Guide 183DHCP Opt ion 61Select this and enter t he device ident ity of the m at ched t raffic.I AI D Enter t he I dent it y Associat ion I dentifier (I AI D)  of t he device, for  exam ple, t he WAN connection index num ber.DUI D type Select  D UI D - LLT ( DUI D Based on Link- layer Address Plus Tim e)  t o enter t he hardware type, a t im e value and the MAC address of the device.Select D UI D - EN  ( DUI D Assigned by Vendor Based upon Ent erprise Num ber)  t o ent er  the vendor’s registered enterprise num ber.Select DUI D- LL ( DUI D Based on Link- layer Address) to enter t he device’s hardware t ype and hardware address ( MAC address)  in the follow ing fields.Select  Ot h er t o enter any st ring that ident ifies the device in t he DUI D field.DHCP Opt ion 125Select this and ent er vendor specific inform at ion of the m atched traffic.Ent erprise Nu m berEnt er t he vendor ’s 32- bit  enterprise num ber regist ered w it h the I ANA ( I nt ernet  Assigned Num bers Aut hor it y) .Man uf act urer OUISpecify the vendor ’s OUI  ( Or ganization Unique I dent ifier) . I t  is usually t he first  t hree byt es of the MAC address.Product  ClassEnter t he product  class of the device.Model Nam eEnter the m odel nam e of t he dev ice.Serial Nu m berEnt er t he serial num ber of t he device.Apply Click Apply t o save your changes back to t he Device.Cancel Click Ca nce l to exit  t his screen w it hout saving.Table 76   I nt erface Grouping Crit eria ( continued)LABEL DESCRIPTION
Chapter 12 Interface GroupVMG8324-B10A / VMG8324-B30A Series User’s Guide184
VMG8324-B10A / VMG8324-B30A Series User’s Guide 185CHAPTER   13USB Service13.1  Overview You can share files on a USB m em ory st ick or hard drive connected t o your Device wit h users on your net work. The following figure is an overview of t he Device’s file server feat ure. Com put ers A and B can access files on a USB device ( C)  which is connect ed to the Device.Figure 106   File Sharing OverviewThe Device will not be able t o j oin the workgroup if your local area network has restrict ions set up t hat  do not allow devices t o j oin a workgroup. I n this case, cont act  your net work  adm inistrat or.13.1.1  What You Can Do in this Chapter• Use the File  Sh a ring screen t o enable file-sharing server (Sect ion 13.1.3 on page 187) . • Use the M edia  Se r ve r  screen to enable or disable t he sharing of m edia files ( Sect ion 13.3 on page 190) .• Use the Pr int er  Se rver scr een t o enable t he print  server (Sect ion 13.4 on page 191) .13.1.2  What You Need To KnowThe following t erm s and concept s m ay help as you read t his chapt er.ABC
Chapter 13 USB ServiceVMG8324-B10A / VMG8324-B30A Series User’s Guide18613.1.2.1  About File SharingWorkgroup nameThis is the nam e given to a set of com put ers t hat are connected on a net w ork and share resources such as a print er or files. Window s aut om at ically assigns t he workgroup nam e when you set  up a net work. SharesWhen sett ings are set  t o default , each USB device connect ed to the Device is given a folder, called a “ share”. I f a USB hard drive connect ed to t he Device has m ore than one part it ion, then each partition will be allocat ed a share. You can also configure a “ share”  t o be a sub-folder or file on t he USB device.File SystemsA file system  is a way of st oring and organizing files on your hard drive and st orage device. Often different operat ing syst em s such as Windows or Linux have different  file syst em s. The file sharing feat ure on your Device support s File Allocation Table ( FAT)  and FAT32. Common Internet File SystemThe Device uses Com m on I nt ernet  File System  ( CI FS)  prot ocol for it s file sharing funct ions. CI FS com pat ible com puters can access t he USB file st orage devices connect ed t o t he Device. CI FS protocol is support ed on Microsoft Window s, Linux Sam ba and ot her operating syst em s ( r efer to your system s specifications for CI FS com pat ibilit y) . 13.1.2.2  About Printer ServerPrint ServerThis is a com put er or other device which m anages one or m ore printers, and which sends print j obs to each printer from  t he com put er it self or ot her devices.Operating SystemAn operat ing syst em  ( OS)  is t he int erface which helps you m anage a com put er. Com m on exam ples are Microsoft  Windows, Mac OS or Linux.TCP/IPTCP/ I P ( Transm ission Control Prot ocol/  I nt ernet Protocol)  is a set  of com m unicat ions protocols t hat m ost  of t he I nt ernet  runs on.   PortA port  m aps a net work service such as htt p t o a process running on your com put er, such as a process run by your web browser. When t raffic from  t he I nt ernet  is received on your com put er, t he port  num ber is used t o ident ify which process running on your com put er it  is int ended for.
 Chapter 13 USB ServiceVMG8324-B10A / VMG8324-B30A Series User’s Guide 187Supported OSsYour operat ing syst em  m ust  support  TCP/ I P port s for print ing and be com pat ible wit h t he RAW ( port  9100)  protocol.The following OSs support Device’s print er sharing feat ure.• Microsoft Windows 95, Windows 98 SE ( Second Edit ion) , Windows Me, Windows NT 4.0, Windows 2000, Windows XP or Macintosh OS X. 13.1.3  Before You BeginMake sure t he Device is connected t o your net w ork and t urned on.1Connect  t he USB device to one of t he Device’s USB port. Make sure t he Device is connected t o your net work.2The Device detects t he USB device and m akes its cont ent s available for browsing. I f you are connect ing a USB hard drive that  com es wit h an ext ernal power supply, m ake sur e it  is connected to an appropriat e power source t hat  is on.Not e:  I f your USB device cannot be detect ed by t he Device, see t he t roubleshoot ing for suggest ions.
Chapter 13 USB ServiceVMG8324-B10A / VMG8324-B30A Series User’s Guide18813.2  The File Sharing ScreenUse t his screen to set  up file sharing through the Device. The Device’s LAN users can access the shared folder ( or share)  from  t he USB device insert ed in t he Device. To access t his screen, click N e t w ork Se t t ing >  USB Service >  File Sh a ring.Figure 107   Network Sett ing >  USB Service >  File SharingEach field is described in the following t able.Table 77   Net work Sett ing >  Hom e Networking >  File SharingLABEL DESCRIPTIONI nfor m at ionVo l u m e This is t he volum e nam e t he Device gives to an insert ed USB device.Capacit y This is t he t otal available m em ory size ( in m egabytes)  on t he USB device.Used Space This is t he m em ory size ( in m egabyt es)  already used on t he USB device.Ser ver Configurat ionFile Sharing ServicesSelect  En a ble t o act ivate file sharing t hrough the Device. Host Nam e Ent er  the host  nam e on t he shar e.Share Direct ory ListAdd New  Shar e Click t his t o creat e a new  share for users t o access thr ough the Device.Act ive Select  t his t o act ivat e t he share.St atus This field shows the stat us of t he shar e.:  The share is not  activat ed.:  The share is act ivat ed and shar ed to all users.:  The share is activat ed and only shared t o the specified users list ed in the Accou nt  M a na ge m e n t  sect ion below.
 Chapter 13 USB ServiceVMG8324-B10A / VMG8324-B30A Series User’s Guide 18913.2.1  The Add New Share ScreenUse t his screen to create a share. To access this screen, click t he Add new  share  but t on in t he N e t w ork Se t t ing >  USB Service >  File Sh a ring screen.Figure 108   Network Sett ing >  USB Service >  File Sharing >  Add new shareEach field is descr ibed in the following t able.Share Nam e This field shows t he nam e of a folder that is shared t hrough t he Device.Share Path This field show s t he locat ion of t he share in t he Device.Share Descript ionThis field shows a shor t  descript ion of the shar e.Modify Click t he Ed it  icon to m odify t he share.Click the D ele t e icon t o rem ove t he share from  t he Device.Account  Managem entAdd New  User Click t his but t on to cr eat e a user account to access the secured shares.Act ive Select  t his t o allow t he user to access the secured shares.St atus This field shows the stat us of t he user.:  The user account is not  activat ed for the share.:  The user account is act ivat ed for the share.User  Nam e This is the nam e of a user who is allowed t o access the secured shares on t he USB device.Modify Click t he Ed it  icon to m odify t he user account .Click the D ele t e icon t o rem ove t he user account fr om  t he Device.Apply Click this to save your changes t o t he Device.Cancel Click this to restore your previously saved set t ings.Table 77   Net work Sett ing >  Hom e Networking >  File SharingLABEL DESCRIPTIONTable 78   Net work Set t ing >  Hom e Net working >  File Sharing >  Add new shareLABEL DESCRIPTIONVo l u m e Select  t he volum e w here you want to cr eat e t he shar e.Share Path Type in t he locat ion of t he shar e or click the Brow se butt on t o locat e t he folder.Descript ion Type m ore inform at ion t o describe t he share optionally.
Chapter 13 USB ServiceVMG8324-B10A / VMG8324-B30A Series User’s Guide19013.2.2  The Add New User ScreenUse t his screen t o create a user account  that can access t he secured shares on t he USB device. To access t his screen, click t he Add new  use r  but t on in t he N et w or k  Se t t ing >  USB Service >  File  Sha r in g screen.Figure 109   Network Sett ing >  USB Service >  File Sharing >  Add new  userEach field is described in the following t able.13.3  The Media Server ScreenThe m edia server feat ure let s anyone on your network play video, m usic, and phot os from  t he USB st orage device connect ed t o your Device ( without having t o copy them  t o another com puter) . The Device can funct ion as a DLNA- com pliant  m edia server. The Device st r eam s files to DLNA- com pliant  Access Level Select  Public t o allow all users on t he net work to access the shared files.Select  Se cu r it y  t o require users t o log in to access shared files.Set  up user accounts in t he Accou nt  M a nagem e nt  sect ion.Apply Click this to save your changes t o t he Device.Back Click t his t o ret urn t o t he previous screen.Table 78   Net work Set t ing >  Hom e Net working >  File Sharing >  Add new shareLABEL DESCRIPTIONTable 79   Net work Set t ing >  Hom e Net working >  File Sharing >  Add new userLABEL DESCRIPTIONUser  Nam e Ent er a user  nam e. You can ent er up to 16 charact ers. Only let t ers and num bers allowed.New  Password Ent er the passwor d used to access the secured share. The password m ust  be 5 to 15 charact ers long. Only let t ers and num bers are allowed. The passw ord is case sensitive.Ret y pe New Passw ordRet ype t he password t hat  you ent ered above.Apply Click this to save your changes t o t he Device.Back Click t his t o ret urn t o t he previous screen.
 Chapter 13 USB ServiceVMG8324-B10A / VMG8324-B30A Series User’s Guide 191m edia client s ( like Windows Media Player) . The Digit al Living Net work Alliance (DLNA)  is a group of personal com put er and elect ronics com panies t hat works t o m ake product s com pat ible in a hom e net work.The Device m edia server enables you to:• Publish all shares for everyone t o play m edia files in the USB storage device connect ed to the Device.• Use hardware- based m edia client s like the DMA- 2500 t o play t he files. Not e:  Anyone on your net work can play the m edia files in t he published shares. No user nam e and passwor d or ot her form  of securit y is used. The m edia ser ver is enabled by default w it h t he video, phot o, and m usic shares published. To change your Device’s m edia server set t ings, click Ne t w or k  Se t t ing >  USB Service >  Me dia Se r v e r. The scr een appears as shown.Figure 110   Net work Sett ing >  USB Service >  Media ServerThe following t able describes t he labels in this m enu.13.4  Printer Server The Device allows you t o shar e a USB print er on your LAN. You can do t his by connecting a USB print er t o one of the USB por t s on t he Device and t hen configuring a TCP/ I P port  on t he com put ers connect ed to your net w ork. 13.4.1  Before You BeginTo configure t he print server you need t he follow ing:• Your Device m ust  be connect ed t o your com put er and any ot her devices on your net work. The USB print er m ust  be connected to your Device.Table 80   Net work Sett ing >  USB Service >  Media ServerLABEL DESCRIPTIONMedia Server Select Enable t o have t he Dev ice funct ion as a DLNA- com pliant  m edia server.Enable t he m edia server to let  ( DLNA- com pliant) m edia clients on your net w ork  play m edia files locat ed in the shares. I nterface Select  an int erface on w hich you want  t o enable t he m edia server funct ion.Media Librar y Pat hEnter t he path client s use to access the m edia files on a USB storage device connect ed to the Dev ice.Apply Click Apply t o save your changes.Cancel Click Ca nce l to rest ore your previously saved set t ings.
Chapter 13 USB ServiceVMG8324-B10A / VMG8324-B30A Series User’s Guide192• A USB print er wit h t he driver already installed on your com put er.• The com put ers on your net work m ust  have t he print er software already inst alled before they can create a TCP/ I P port  for printing via t he net work. Follow your  printer m anufact urers inst ructions on how t o inst all t he print er software on your com put er. Not e:  Your print er ’s inst allat ion instructions m ay ask t hat  you connect  t he print er to your com put er. Connect  your print er to t he Device instead.13.4.2  The Printer Server ScreenUse t his screen t o enable or disable sharing of a USB print er via your Device. To access t his screen, click N e t w or k  Set t ing >  USB Se rvice >  Print e r  Server.Figure 111   Network Sett ing >  USB Service >  Print er  ServerThe following t able describes t he labels in this m enu.Table 81   Net work Set t ing >  USB Service >  Print  ServerLABEL DESCRIPTIONPrinter Server   Select Enable t o have t he Device share a USB printer.User Defined Printer Nam eType t he nam e for t he print er.Maker and m odelType up t o 80 characters for t he m anufacturer and m odel num ber of t he printer.Syst em  Print er  Nam eThis field shows the pr int er’s system  nam e the Device has det ected from  one of t he USB port s.Apply Click Apply t o save y our  changes.Cancel Click Can cel t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide 193CHAPTER   14Power Management14.1  Overview Power m anagem ent allows you to turn on/ off one or m ore int erfaces and all LED light s w ithout  power off t he whole system  when necessary. You can configure a schedule t o do so aut om at ically or m anually do it  on the Web Configurat or.14.1.1  What You Can Do in this Chapter• Use the Pow e r Ma n a ge m e nt  screen to m anually t urn on/ off interface( s) and/ or LEDs ( Sect ion 14.2 on page 193) . • Use the Aut o Sw it ch  Off screen t o configure schedules for t urning on/ off int erface( s)  and/ or LEDs autom at ically ( Sect ion 14.3 on page 194) .14.1.2  What You Need To Know• These screens are only available for t he “ supervisor ”  user.• The Pow e r  M ana gem e n t  and Au t o Sw it ch  Off screens are dependant . You can only configure the on/ off swit ches of t he sam e interface and LEDs in one of the two screens.14.2  The Power Management ScreenUse t his screen to m anually t urn on/ off int erface(s) or LEDs. Click Ne t w or k  Se t t ing >  Pow er M an age m e nt  >  Pow er Ma na gem e n t . The screen appears as shown.Figure 112   Net work Set t ing >  Power Managem ent
Chapter 14 Power ManagementVMG8324-B10A / VMG8324-B30A Series User’s Guide194Each field is described in the following t able.14.3  The Auto Switch Off ScreenUse t his scr een t o view schedules t o t urn on or off specific int er face( s)  and/ or all LED light s on t he Device. To access this screen, click N e t w ork  Se t t ing >  Pow er  M a nagem e nt  >  Auto Sw it ch Off.Figure 113   Net work Sett ing >  Pow er  Managm ent >  Aut o Swit ch Off The following t able describes t he labels in this m enu.Table 82   Net work Sett ing >  Power Managem entLABEL DESCRIPTIONManually Switch On/ OffSelect  POW ER ON  or POW ER OFF t o t urn on/ off the int erface or  LED light s.Apply Click Apply t o save your changes.Cancel Click Ca ncel t o restore your previously saved set t ings.Table 83   Net work Sett ing >  Power Managm ent >  Auto Swit ch OffNet work Set t ing >  Power Managm ent >  Aut o Sw itch OffLABEL DESCRIPTIONAdd or m odify rulesClick  t his link t o cr eat e or edit a schedule.#This is t he index num ber of a schedule rule.Rule Nam e This field shows the nam e of t he schedule rule.Day This field shows which week  days ( in green)  t he int erface( s)  and/ or LEDs are t urned on and the days ( grayed- out )  t hey are t urned off aut om at ically.Tim e This field shows t he t im e per iod t he int erface( s)  and/ or LEDs are t urned on.Wireless This field show s whether this schedule applies t o the wireless LAN int erface.DSL WAN This field shows whet her this schedule applies to t he DSL WAN int erface.Eth WAN This field shows whet her t his schedule applies to t he Ethernet  WAN int er face.LAN1~ LAN4 This field show s w het her t his schedule applies to the cor responding LAN int erface.LED This field shows whet her t his schedule applies t o t he LEDs.Apply Click Apply t o save your changes.Cancel Click Ca nce l to rest ore your previously saved set t ings.
 Chapter 14 Power ManagementVMG8324-B10A / VMG8324-B30A Series User’s Guide 19514.3.1  The Auto Switch Off Add/Edit ScreenUse t his screen to m anage t he aut o switch off schedules. To access t his screen, click t he Add or m odify rules link in t he N et w or k  Set t ing >  Pow e r M a n a ge m ent  >  Au t o Sw itch Off screen.Figure 114   Net work Sett ing >  Pow er  Managm ent >  Aut o Swit ch Off >  Add or m odify rulesThe following t able describes t he labels in this m enu.14.3.2  The Add/Edit Rule ScreenUse t his screen to configure a schedule rule. To access t his screen, click the Add n e w  rule link or the Ed it  icon in t he N e t w or k Set t in g >  Pow e r  M a nagem ent  >  Aut o Sw itch Off >  Add or m odify rules screen.Figure 115   Net work Sett ing >  Pow er  Managem ent  >  Auto Swit ch Off >  Add or m odify rules >  Add new rule/ EditTable 84   Net work Sett ing >  Power  Managm ent  >  Aut o Swit ch Off Net work Sett ing >  Power Managm ent >  Aut o Sw it ch Off >  Add or m odify rulesLABEL DESCRIPTIONAdd new rule Click t his link t o creat e a rule.#This is t he index num ber of a r ule.Rule Nam e This field shows the nam e of t he rule.Day This field shows t he week days of the schedule ( in green) .Tim e This field shows t he t im e period of t he schedule.Descript ion This field shows m ore inform at ion about this rule.Modify Click t he Ed it  icon t o m odify the rule or click t he D e le t e  icon t o rem ove it.
Chapter 14 Power ManagementVMG8324-B10A / VMG8324-B30A Series User’s Guide196Each field is described in the following t able.Table 85   Net work Set t ing >  Power Managem ent  >  Aut o Switch Off >  Add or m odify rules >  Add new rule/ Edit >  LABEL DESCRIPTIONRule Nam e Type up to 31 alphanum beric charact ers for t he nam e of t his rule.Day Select the week day( s)  of t he schedule.Tim e of Day RangeEnt er t he Fr om  and To t im es ( in hh: m m  form at)  t o set a tim e period for t he schedule. You can only enter a t im e period between 00: 00 and 23: 59.To set  a t im e period crossing over m idnight, you m ust  split  t he t im e period into t wo schedule rules. For exam ple, for a tim e period from  10: 00 PM t o t he next  day’s 8: 00 AM, you can set  one schedule for 22: 00~ 23: 59 and anot her schedule for 00: 00~ 08: 00.Descript ion Ent er m or e inform at ion for this rule here.Apply Click Apply t o save your changes.Cancel Click Ca ncel t o restore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide 197CHAPTER   15Firewall15.1  OverviewThis chapt er shows you how t o enable and configure t he Device’s security set t ings. Use t he firewall to pr otect  your Device and network from  at t acks by hackers on t he I nternet and control access t o it . By default t he firewall:• allows t raffic that originates from  your LAN com puters to go t o all ot her networks. • blocks traffic t hat  originat es on ot her net w orks from  going t o t he LAN. The following figure illust rat es t he default firewall action. User A can initiat e an I M ( I nstant Messaging)  session from  t he LAN t o the WAN ( 1) . Ret urn t raffic for this session is also allowed (2) . However ot her t raffic init iated from  t he WAN is blocked (3 and 4) .Figure 116   Default  Fir ewall Action15.1.1  What You Can Do in this Chapter• Use the Ge n e r al screen t o configure t he security level of the firewall on t he Device ( Sect ion 15.2 on page 199) .• Use the Pr otocol screen t o add or rem ove predefined I nt ernet  services and configure firewall rules ( Sect ion 15.3 on page 199) .• Use the Acce ss Cont r ol screen to view and configure incom ing/ outgoing filt ering rules ( Section 15.4 on page 201) . • Use the DoS screen t o act ivat e protect ion against  Denial of Service ( DoS)  att acks ( .Sect ion 15.5 on page 204) .WANLAN3412A
Chapter 15 FirewallVMG8324-B10A / VMG8324-B30A Series User’s Guide19815.1.2  What You Need to KnowSYN AttackA SYN att ack floods a target ed syst em  wit h a series of SYN packet s. Each packet  causes t he target ed syst em  t o issue a SYN-ACK response. While the target ed syst em  waits for t he ACK t hat  follows the SYN- ACK, it  queues up all out st anding SYN- ACK responses on a backlog queue. SYN-ACKs are m oved off the queue only when an ACK com es back or when an int ernal t im er t erm inat es the three- way handshake. Once t he queue is full, t he syst em  will ignore all incom ing SYN requests, m aking the system  unavailable for legit im at e users.DoSDenials of Service ( DoS)  att acks are aim ed at devices and net w orks wit h a connect ion to the I nt ernet . Their goal is not  t o st eal infor m at ion, but  to disable a device or  net w ork so users no longer have access t o net w ork resources. The ZyXEL Device is pre- configured t o aut om at ically det ect  and thwart all known DoS at tacks.DDoSA DDoS att ack is one in which m ult iple com prom ised syst em s at t ack a single target , thereby causing denial of service for users of t he target ed syst em .LAND AttackI n a LAND att ack, hackers flood SYN packet s int o t he network wit h a spoofed source I P addr ess of the target  syst em . This m akes it appear as if the host  com put er sent  t he packets to it self, m aking the syst em  unavailable while t he t arget  syst em  tries t o respond to it self.Ping of DeathPing of Deat h uses a " ping"  utility t o create and send an I P packet t hat  exceeds t he m axim um  65,536 bytes of dat a allowed by the I P specificat ion. This m ay cause system s t o crash, hang or reboot.SPISt at eful Packet  I nspection ( SPI )  t racks each connection crossing the firewall and m akes sur e it  is valid. Filt ering decisions are based not  only on rules but  also context . For exam ple, t raffic from  the WAN m ay only be allowed t o cross t he firewall in response to a request  from  t he LAN.
 Chapter 15 FirewallVMG8324-B10A / VMG8324-B30A Series User’s Guide 19915.2  The Firewall ScreenUse t his scr een t o set t he securit y level of the firewall on t he Device. Firewall rules are grouped based on the direct ion of t ravel of packet s t o which t hey apply. Click Se cu r it y >  Firew a ll t o display the Gene r a l screen. Figure 117   Security >  Firewall >  GeneralThe following t able describes t he labels in this screen.15.3  The Protocol Screen You can configure cust om ized services and port num bers in t he Pr ot ocol screen. For a com prehensive list  of por t  num bers and services, visit  t he I ANA ( I nt ernet Assigned Num ber Aut hority)  w ebsite. See Appendix G on page 397 for som e exam ples. Table 86   Securit y >  Firewall >  GeneralLABEL DESCRIPTIONFirewall Select Enable  t o act ivate t he firewall feat ure on the Device.Easy Select  Ea sy t o allow LAN t o WAN and WAN t o LAN packet  direct ions.Medium Select  Med iu m  to allow LAN to WAN but  deny  WAN to LAN packet  direct ions.High Select  High  t o deny LAN t o WAN and WAN t o LAN packet  direct ions.Apply Click App ly t o save your  changes.Cancel Click Ca nce l t o rest ore your  previously saved settings.
Chapter 15 FirewallVMG8324-B10A / VMG8324-B30A Series User’s Guide200Click Se cu r it y >  Firew a ll >  Prot ocol t o display t he following screen.Figure 118   Securit y >  Firewall >  Protocol The following t able describes t he labels in this screen. 15.3.1  Add/Edit a Service Use t his screen to add a cust om ized service rule t hat you can use in the firewall’s ACL rule configurat ion. Click Add new  ser vice ent ry or t he edit icon next  t o an exist ing service rule in t he Se r v ice  screen to display t he following screen.Figure 119   Service:  Add/ EditTable 87   Securit y >  Firewall >  Prot ocolLABEL DESCRIPTIONAdd new service entryClick this to add a new service.Nam e This is t he nam e of your cust om ized service.Descript ion This is t he descript ion of your cust om ized service.Port s/ Prot ocol Nu m berThis shows t he I P prot ocol (TCP, UDP, I CMP, or TCP/ UDP)  and the port num ber or range of port s that defines your cust om ized serv ice. Ot h e r  and t he prot ocol num ber displays if t he service uses another  I P prot ocol.Modify Click t he Ed it  icon t o edit t he ent r y.Click the D ele t e icon to rem ove t his ent ry.
 Chapter 15 FirewallVMG8324-B10A / VMG8324-B30A Series User’s Guide 201The following t able describes t he labels in this screen.15.4  The Access Control ScreenClick Securit y >  Fire w all >  Acce ss Cont rol t o display t he following screen. This scr een displays a list  of the configured incom ing or outgoing filt ering rules. Figure 120   Security >  Firewall >  Access Control The following t able describes t he labels in this screen. Table 88   Service:  Add/ EditLABEL DESCRIPTIONProt ocol Choose t he I P protocol ( TCP, UD P, I CM P, or O t he r ) t hat  defines your custom ized port  from  the drop-down list  box . Select  Ot h er  t o be able t o ent er a prot ocol num ber.Source/Dest ination PortThese fields are displayed if you select  TCP or UDP as the I P port . Select  Single  t o specify one port  only or Ra nge to specify a span of port s t hat define your cust om ized service. I f you select  An y, t he service is applied t o all ports.Type a single port num ber or the range of por t  num bers t hat  define your custom ized service.Prot ocol Nu m berThis field is displayed if you select O t he r as the protocol.Enter t he prot ocol num ber of your cust om ized port . Add Click t his t o add the prot ocol to t he Ru le List  below.Rule ListProt ocol This is t he I P port (TCP, UD P, I CMP, or Ot h e r)  t hat  defines your cust om ized port .Port s/ Prot ocol Nu m berFor  TCP, UDP, I CMP, or TCP/ UDP protocol rules t his shows the port  num ber or range t hat  defines t he cust om  service. For other I P protocol rules this shows t he prot ocol num ber. Delet e Click t he Dele t e icon t o rem ove t he rule.Service Nam e Ent er  a unique nam e ( up t o 32 print able English keyboard charact ers, including spaces)  for your  cust om ized port . Service Descript ionEnt er a descript ion for your cust om ized port .Apply Click Apply t o save your changes.Cancel Click Ca nce l to exit  t his screen w it hout saving.Table 89   Securit y >  Firewall >  Access Cont rolLABEL DESCRIPTIONAdd new ACL ruleClick t his t o go t o add a filter rule for incom ing or outgoing I P traffic.#This is t he index  num ber of t he entry.
Chapter 15 FirewallVMG8324-B10A / VMG8324-B30A Series User’s Guide20215.4.1  Add/Edit an ACL Rule   Click Add new  ACL r u le  or t he Ed it  icon next  to an exist ing ACL rule in t he Access Con t r ol screen. The following screen displays.Figure 121   Access Cont rol:  Add/ EditNam e This displays t he nam e of t he rule.Src I P  This display s t he source I P addresses to which this rule applies. Please not e that a blank source address is equivalent  t o Any.Dst  I P This displays t he destinat ion I P addr esses t o w hich t his rule applies. Please not e t hat  a blank destinat ion address is equivalent  t o Any.Service This displays t he t ransport layer protocol t hat  defines the service and t he dir ection of t raffic to which this rule applies. Act ion This field displays whet her the rule silent ly discards packet s ( D ROP) , discards packet s and sends a TCP r eset  packet or an I CMP dest inat ion-unreachable m essage to t he sender (REJECT)  or allows t he passage of packet s ( ACCEPT) .Modify Click t he Ed it  icon t o edit the rule.Click the D ele t e icon  t o d elet e an ex ist ing r u le. Not e t hat  subsequ ent  r ules m ov e up  by  on e when you t ake t his act ion.Click the Move  To icon t o change the order  of t he rule.  Ent er t he num ber in t he #  field.Table 89   Securit y >  Firewall >  Access Cont r ol ( continued)LABEL DESCRIPTION
 Chapter 15 FirewallVMG8324-B10A / VMG8324-B30A Series User’s Guide 203The following t able describes t he labels in this screen.Table 90   Access Cont rol:  Add/ EditLABEL DESCRIPTIONFilt er Nam e Ent er a descript ive nam e of up t o 16 alphanum eric charact ers, not including spaces, under scor es, and dashes. You m ust enter t he filt er nam e t o add an ACL rule. This field is read- only if you are edit ing the ACL rule.Order Select t he order of t he ACL rule.Select Source DeviceSelect  the source dev ice t o which t he ACL rule applies. I f you select Specific I P Address, enter t he source I P addr ess in t he field below.Source I P AddressEnt er t he source I P address.Select Dest ination DeviceSelect t he dest inat ion device t o which t he ACL rule applies. I f you select Spe cific I P Address, ent er the dest iniat ion I P address in the field below.Dest ination I P AddressEnt er t he dest inat ion I P address.I P Type Select  whet her your I P ty pe is I Pv4  or I Pv6 . Select  Prot ocol Select t he t ransport  layer prot ocol that  defines your cust om ized por t  from  t he drop- down list box. The specific prot ocol rule sets you add in t he Se cur it y >  Fir ew a ll >  Service >  Add screen display in this list . I f you want  t o configure a cust om ized prot ocol, select  Spe cific Service.Prot ocol This field is displayed only  when you select  Specific Prot ocol in Sele ct  Prot ocol.Choose t he I P port  ( TCP/ UDP, TCP, UDP, I CMP, or I CMPv6 )  that defines your cust om ized port  from  t he drop- down list  box.Cust om  Source PortThis field is displayed only when you select  Spe cific Pr ot ocol in Se le ct  Pr ot ocol.Ent er a single port  num ber or t he range of port  num bers of the source.Cust om  Dest ination PortThis field is displayed only when you select  Spe cific Pr ot ocol in Se le ct  Pr ot ocol.Ent er a single port  num ber or t he range of port  num bers of t he dest inat ion.Policy Use t he drop- down list  box t o select  whet her  to discard ( D ROP) , deny and send an I CMP dest inat ion- unreachable m essage t o t he sender  of ( REJECT)  or allow t he passage of (ACCEPT) packets t hat  m atch t his rule.Dir ect ion  Use t he dr op- down list  box t o select  t he direction of t raffic t o which t his rule applies.Enable Rate Lim itSelect  this check box t o set  a lim it  on t he upst ream / downstream  transm ission rate for the specified prot ocol.Specify how  m any packet s per m inut e or second t he t ransm ission rate is.Scheduler Rules Select  a schedule rule for t his ACL r ule for m  t he drop-down list box. You can configure a new schedule rule by click Add N ew  Ru le. This will bring you t o t he Secu r ity  >  Sch e dule r  Ru les screen.Apply Click Apply t o save your changes.Cancel Click Ca nce l to exit  t his screen wit hout  saving.
Chapter 15 FirewallVMG8324-B10A / VMG8324-B30A Series User’s Guide20415.5  The DoS ScreenDoS ( Denial of Ser vice)  at t acks can flood your I nt ernet connection with invalid packets and connect ion requests, using so m uch bandwidt h and so m any resources t hat I nt er net access becom es unavailable. Use t he D oS screen t o act ivat e protect ion against DoS at t acks. Click Securit y >  Fir e w all >  D oS to display t he following screen. Figure 122   Security >  Firewall >  DoSThe following t able describes t he labels in this screen. Table 91   Securit y >  Firewall >  DoSLABEL DESCRIPTIONDoS Protect ion BlockingSelect  En a ble t o enable prot ect ion against  DoS at t acks.Deny Ping ResponseSelect  Enable to block ping request  packets. Apply Click Apply t o save y our chan ges.Cancel Click Ca ncel t o exit  t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide 205CHAPTER   16MAC Filter16.1  Overview You can configure t he Device to perm it  access to clients based on t heir MAC addresses in t he M AC Filt e r  screen. This applies t o wired and wireless connect ions. Every Et hernet  device has a unique MAC ( Media Access Control)  address. The MAC address is assigned at  t he fact ory and consist s of six pairs of hexadecim al charact ers, for exam ple, 00: A0: C5: 00: 00: 02. You need t o know the MAC addresses of the devices t o configure t his screen.16.2  The MAC Filter ScreenUse t his scr een t o allow wireless and LAN client s access to the Device. Click Securit y  >  M AC Filt e r. The screen appears as shown.Figure 123   Security >  MAC Filt er
Chapter 16 MAC FilterVMG8324-B10A / VMG8324-B30A Series User’s Guide206The following t able describes t he labels in this screen. Table 92   Securit y >  MAC FilterLABEL DESCRIPTIONMAC Address Filt er  Select  En a ble t o activat e t he MAC filter funct ion.Set This is the index num ber of t he MAC address.Allow Select  Allow  t o perm it  access t o t he Device. MAC addresses not  list ed will be denied access to the Device. I f you clear this, the MAC Address field for  this set  clears.Host  nam e  Ent er  t he host  nam e of t he  wir eless or LAN clients t hat  are allowed access to the Dev ice.MAC Address Enter t he MAC addresses of t he wireless or  LAN client s t hat  are allowed access t o t he Device in t hese address fields. Ent er t he MAC addresses in a valid MAC address form at , that is, six hex adecim al charact er pairs, for exam ple, 12: 34: 56: 78: 9a: bc.Apply Click Apply t o save your changes.Cancel Click Ca n ce l to rest or e your previously  saved settings.

Navigation menu