ZyXEL Communications VMG8324B10A Wireless N VDSL2 VoIP Combo WAN Gigabit IAD User Manual VMG8324 B10A UserMan 2 2013 12 09

Download:
Mirror Download [FCC.gov]
Document ID	2137566
Application ID	oGppsElbkIw3JBj+nhhX5g==
Document Description	(VMG8324-B10A)UserMan(2) 2013-12-09
Short Term Confidential	No
Permanent Confidential	No
Supercede	No
Document Type	User Manual
Display Format	Adobe Acrobat PDF - pdf
Filesize	271.64kB (3395517 bits)
Date Submitted	2013-12-10 00:00:00
Date Available	2013-12-13 00:00:00
Creation Date	2017-10-24 18:35:41
Producing Software	GPL Ghostscript 9.18
Document Lastmod	2017-10-24 18:35:41
Document Title	(VMG8324-B10A)UserMan(2) 2013-12-09
Document Creator	FrameMaker 9.0

C HAPTER
17
Parental Control
17.1 Overview
Parent al cont rol allows you t o block web sit es wit h t he specific URL. You can also define t im e
periods and days during which t he Device perform s parent al cont rol on a specific user.
17.2 The Parental Control Screen
Use t his screen t o enable parent al cont rol, view t he parent al cont rol rules and schedules.
Click Se cur it y > Pa r e nt a l Cont r ol t o open t he following screen.
Figure 124 Securit y > Parent al Cont rol
The following t able describes t he fields in t his screen.
Table 93 Securit y > Parent al Cont rol
LABEL
DESCRIPTION
Parent al
Cont rol
Select En a ble t o act ivat e parent al cont rol.
Add new PCP
Click t his if you want t o configure a new parent al cont rol rule.
This shows t he index num ber of t he rule.
St at us
This indicat es whet her t he rule is act ive or not .
A yellow bulb signifies t hat t his rule is act ive. A gray bulb signifies t hat t his rule is not act ive.
PCP Nam e
This shows t he nam e of t he rule.
Hom e Net work
User ( MAC)
This shows t he MAC address of t he LAN user ’s com put er t o which t his rule applies.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
207
Chapter 17 Parental Control
Table 93 Securit y > Parent al Cont rol ( cont inued)
LABEL
DESCRIPTION
I nt ernet Access
Schedule
This shows t he day( s) and t im e on which parent al cont rol is enabled.
Net work
Service
This shows whet her t he net work service is configured. I f not , N on e will be shown.
Websit e Block
This shows whet her t he websit e block is configured. I f not , N on e will be shown.
Modify
Click t he Edit icon t o go t o t he screen where you can edit t he rule.
Click t he D e le t e icon t o delet e an exist ing rule.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
17.2.1 Add/Edit a Parental Control Rule
Click Add n e w PCP in t he Pa r e nt a l Cont r ol screen t o add a new rule or click t he Edit icon next t o
an exist ing rule t o edit it . Use t his screen t o configure a rest rict ed access schedule and/ or URL
filt ering set t ings t o block t he users on your net work from accessing cert ain web sit es.
Figure 125 Parent al Cont rol Rule: Add/ Edit
208
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 17 Parental Control
The following t able describes t he fields in t his screen.
Table 94 Parent al Cont rol Rule: Add/ Edit
LABEL
DESCRIPTION
General
Act ive
Select t he checkbox t o act ivat e t his parent al cont rol rule.
Parent al
Cont rol Profile
Nam e
Ent er a descript ive nam e for t he rule.
Hom e Net work
User
Select t he LAN user t hat you want t o apply t his rule t o from t he drop- down list box. I f you
select Cu st om , ent er t he LAN user ’s MAC address. I f you select All, t he rule applies t o all
LAN users.
I nt ernet Access Schedule
Day
Select check boxes for t he days t hat you want t he Device t o perform parent al cont rol.
Tim e
Drag t he t im e bar t o define t he t im e t hat t he LAN user is allowed access.
Net work Service
Net work
Service Set t ing
I f you select Block , t he Device prohibit s t he users from viewing t he Web sit es wit h t he URLs
list ed below.
I f you select Allow , t he Device blocks access t o all URLs except ones list ed below.
Add new
service
Click t his t o show a screen in which you can add a new service rule. You can configure t he
Se r vice N a m e , Pr ot ocol, and N a m e of t he new rule.
This shows t he index num ber of t he rule. Select t he checkbox next t o t he rule t o act ivat e it .
Service Nam e
This shows t he nam e of t he rule.
Prot ocol: Port
This shows t he prot ocol and t he port of t he rule.
Modify
Click t he Edit icon t o go t o t he screen where you can edit t he rule.
Click t he D e le t e icon t o delet e an exist ing rule.
Blocked Sit e/
URL Keyword
Click Add t o show a screen t o ent er t he URL of web sit e or URL keyword t o which t he Device
blocks access. Click D e le t e t o rem ove it .
Apply
Click t his but t on t o save your set t ings back t o t he Device.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
209
Chapter 17 Parental Control
210
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
18
Scheduler Rule
18.1 Overview
You can define t im e periods and days during which t he Device perform s scheduled rules of cert ain
feat ures ( such as Firewall Access Cont rol) in the Scheduler Rule screen.
18.2 The Scheduler Rule Screen
Use t his screen t o view, add, or edit t im e schedule rules.
Click Se cur it y > Sche dule r Rule t o open t he following screen.
Figure 126 Securit y > Scheduler Rule
The following t able describes t he fields in t his screen.
Table 95 Securit y > Scheduler Rule
LABEL
DESCRIPTION
Add new rule
Click t his t o creat e a new rule.
This is t he index num ber of t he ent ry.
Rule Nam e
This shows t he nam e of t he rule.
Day
This shows t he day( s) on which t his rule is enabled.
Tim e
This shows t he period of t im e on which t his rule is enabled.
Descript ion
This shows t he descript ion of t his rule.
Modify
Click t he Edit icon t o edit t he schedule.
Click t he D e le t e icon t o delet e a scheduler rule.
Note: You cannot delete a scheduler rule once it is applied to a certain feature.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
211
Chapter 18 Scheduler Rule
18.2.1 Add/Edit a Schedule
Click t he Add but t on in t he Sche dule r Rule screen or click t he Edit icon next t o a schedule rule t o
open t he following screen. Use t his screen t o configure a rest rict ed access schedule.
Figure 127 Scheduler Rule: Add/ Edit
The following t able describes t he fields in t his screen.
Table 96 Scheduler Rule: Add/ Edit
212
LABEL
DESCRIPTION
Rule Nam e
Ent er a nam e ( up t o 31 print able English keyboard charact ers, not including spaces) for t his
schedule.
Day
Select check boxes for t he days t hat you want t he Device t o perform t his scheduler rule.
Tim e if Day
Range
Ent er t he t im e period of each day, in 24- hour form at , during which t he rule will be enforced.
Descript ion
Ent er a descript ion for t his scheduler rule.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
19
Certificates
19.1 Overview
The Device can use cert ificat es ( also called digit al I Ds) t o aut hent icat e users. Cert ificat es are based
on public- privat e key pairs. A cert ificat e cont ains t he cert ificat e owner ’s ident it y and public key.
Cert ificat es provide a way t o exchange public keys for use in aut hent icat ion.
19.1.1 What You Can Do in this Chapter
• The Loca l Ce r t ifica t e s screen let s you generat e cert ificat ion request s and im port t he Device's
CA- signed cert ificat es ( Sect ion 19.4 on page 216) .
• The Tr u st e d CA screen let s you save t he cert ificat es of t rust ed CAs t o t he Device ( Sect ion 19.4
on page 216) .
19.2 What You Need to Know
The following t erm s and concept s m ay help as you read t hrough t his chapt er.
Certification Authority
A Cert ificat ion Aut horit y ( CA) issues cert ificat es and guarant ees t he ident it y of each cert ificat e
owner. There are com m ercial cert ificat ion aut horit ies like CyberTrust or VeriSign and governm ent
cert ificat ion aut horit ies. The cert ificat ion aut horit y uses it s privat e key t o sign cert ificat es. Anyone
can t hen use t he cert ificat ion aut horit y's public key t o verify t he cert ificat es. You can use t he Device
t o generat e cert ificat ion request s t hat cont ain ident ifying inform at ion and public keys and t hen send
t he cert ificat ion request s t o a cert ificat ion aut horit y.
19.3 The Local Certificates Screen
Click Se cur it y > Ce r t ifica t e s t o open t he Loca l Ce r t ifica t e s screen. This is t he Device’s sum m ary
list of cert ificat es and cert ificat ion request s.
Figure 128 Securit y > Cert ificat es > Local Cert ificat es
VMG8324-B10A / VMG8324-B30A Series User’s Guide
213
Chapter 19 Certificates
The following t able describes t he labels in t his screen.
Table 97 Securit y > Cert ificat es > Local Cert ificat es
LABEL
DESCRIPTION
Privat e Key is
prot ect ed by a
password
Select t he checkbox and ent er t he privat e key int o t he t ext box t o st ore it on t he Device.
The privat e key should not exceed 63 ASCI I charact ers ( not including spaces) .
Browse...
Click t his t o find t he cert ificat e file you want t o upload.
I m port Cert ificat e
Click t his but t on t o save t he cert ificat e t hat you have enrolled from a cert ificat ion
aut horit y from your com put er t o t he Device.
Creat e Cert ificat e
Request
Click t his but t on t o go t o t he screen where you can have t he Device generat e a
cert ificat ion request .
Current File
This field displays t he nam e used t o ident ify t his cert ificat e. I t is recom m ended t hat you
give each cert ificat e a unique nam e.
Subj ect
This field displays ident ifying inform at ion about t he cert ificat e’s owner, such as CN
( Com m on Nam e) , OU ( Organizat ional Unit or depart m ent ) , O ( Organizat ion or com pany)
and C ( Count ry) . I t is recom m ended t hat each cert ificat e have unique subj ect
inform at ion.
I ssuer
This field displays ident ifying inform at ion about t he cert ificat e’s issuing cert ificat ion
aut horit y, such as a com m on nam e, organizat ional unit or depart m ent , organizat ion or
com pany and count ry.
Valid From
This field displays t he dat e t hat t he cert ificat e becom es applicable. The t ext displays in
red and includes a N ot Ye t V a lid! m essage if t he cert ificat e has not yet becom e
applicable.
Valid To
This field displays t he dat e t hat t he cert ificat e expires. The t ext displays in red and
includes an Ex pir in g! or Ex pir e d! m essage if t he cert ificat e is about t o expire or has
already expired.
Modify
Click t he V ie w icon t o open a screen wit h an in- dept h list of inform at ion about t he
cert ificat e ( or cert ificat ion request ) .
For a cert ificat ion request , click Loa d Sign e d t o im port t he signed cert ificat e.
Click t he Re m ove icon t o delet e t he cert ificat e ( or cert ificat ion request ) . You cannot
delet e a cert ificat e t hat one or m ore feat ures is configured t o use.
19.3.1 Create Certificate Request
Click Se cur it y > Ce r t ifica t e s > Loca l Ce r t ifica t e s and t hen Cr e a t e Ce r t ifica t e Re que st t o
open t he following screen. Use t his screen t o have t he Device generat e a cert ificat ion request .
Figure 129 Creat e Cert ificat e Request
214
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 19 Certificates
The following t able describes t he labels in t his screen.
Table 98 Creat e Cert ificat e Request
LABEL
DESCRIPTION
Cert ificat e
Nam e
Type up t o 63 ASCI I charact ers ( not including spaces) t o ident ify t his cert ificat e.
Com m on Nam e
Select Au t o t o have t he Device configure t his field aut om at ically. Or select Cu st om ize t o
ent er it m anually.
Type t he I P address ( in dot t ed decim al not at ion) , dom ain nam e or e- m ail address in t he
field provided. The dom ain nam e or e- m ail address can be up t o 63 ASCI I charact ers. The
dom ain nam e or e- m ail address is for ident ificat ion purposes only and can be any st ring.
Organizat ion
Nam e
Type up t o 63 charact ers t o ident ify t he com pany or group t o which t he cert ificat e owner
belongs. You m ay use any charact er, including spaces, but t he Device drops t railing spaces.
St at e/ Province
Nam e
Type up t o 32 charact ers t o ident ify t he st ate or province where t he cert ificat e owner is
locat ed. You m ay use any charact er, including spaces, but t he Device drops t railing spaces.
Count ry/ Region
Nam e
Select a count ry t o ident ify t he nat ion where t he cert ificat e owner is locat ed.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
Aft er you click Apply, t he following screen displays t o not ify you t hat you need t o get t he cert ificat e
request signed by a Cert ificat e Aut horit y. I f you already have, click Loa d_ Signe d t o im port t he
signed cert ificat e int o t he Device. Ot herwise click Ba ck t o ret urn t o t he Loca l Ce r t ifica t e s screen.
Figure 130 Cert ificat e Request Creat ed
19.3.2 Load Signed Certificate
Aft er you creat e a cert ificat e request and have it signed by a Cert ificat e Aut horit y, in t he Loca l
Ce r t ifica t e s screen click t he cert ificat e request ’s Loa d Sign e d icon t o im port t he signed cert ificat e
int o t he Device.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
215
Chapter 19 Certificates
Not e: You m ust rem ove any spaces from t he cert ificat e’s filenam e before you can im port
it .
Figure 131 Load Signed Cert ificat e
The following t able describes t he labels in t his screen.
Table 99 Load Signed Cert ificat e
LABEL
DESCRIPTION
Cert ificat e
Nam e
This is t he nam e of t he signed cert ificat e.
Cert ificat e
Copy and past e t he signed cert ificat e int o t he t ext box t o st ore it on t he Device.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
19.4 The Trusted CA Screen
Click Se cur it y > Ce r t ifica t e s > Tr u st e d CA t o open t he following screen. This screen displays a
sum m ary list of cert ificat es of t he cert ificat ion aut horit ies t hat you have set t he Device t o accept as
t rust ed. The Device accept s any valid cert ificat e signed by a cert ificat ion aut horit y on t his list as
216
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 19 Certificates
being t rust wort hy; t hus you do not need t o im port any cert ificat e t hat is signed by one of t hese
cert ificat ion aut horit ies.
Figure 132 Securit y > Cert ificat es > Trust ed CA
The following t able describes t he fields in t his screen.
Table 100 Securit y > Cert ificat es > Trust ed CA
LABEL
DESCRIPTION
I m port
Cert ificat e
Click t his but t on t o open a screen where you can save t he cert ificat e of a cert ificat ion
aut horit y t hat you t rust t o t he Device.
This is t he index num ber of t he ent ry.
Nam e
This field displays t he nam e used t o ident ify t his cert ificat e.
Subj ect
This field displays inform at ion t hat ident ifies t he owner of t he cert ificat e, such as Com m on
Nam e ( CN) , OU ( Organizat ional Unit or depart m ent ) , Organizat ion ( O) , St at e ( ST) and
Count ry ( C) . I t is recom m ended t hat each cert ificat e have unique subj ect inform at ion.
Type
This field displays general inform at ion about t he cert ificat e. ca m eans t hat a Cert ificat ion
Aut horit y signed t he cert ificat e.
Modify
Click t he Vie w icon t o open a screen wit h an in- dept h list of inform at ion about t he
cert ificat e ( or cert ificat ion request ) .
Click t he Re m ove but t on t o delet e t he cert ificat e ( or cert ificat ion request ) . You cannot
delet e a cert ificat e t hat one or m ore feat ures is configured t o use.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
217
Chapter 19 Certificates
19.4.1 View Trusted CA Certificate
Click t he Vie w icon in t he Tr u st e d CA screen t o open t he following screen. Use t his screen t o view
in- dept h inform at ion about t he cert ificat ion aut horit y’s cert ificat e.
Figure 133 Trust ed CA: View
The following t able describes t he fields in t his screen.
Table 101 Trust ed CA: View
LABEL
DESCRIPTION
Nam e
This field displays t he ident ifying nam e of t his cert ificat e.
Type
This field displays general inform at ion about t he cert ificat e. ca m eans t hat a Cert ificat ion
Aut horit y signed t he cert ificat e.
Subj ect
This field displays inform at ion t hat ident ifies t he owner of t he cert ificat e, such as Com m on
Nam e ( CN) , Organizat ional Unit ( OU) , Organizat ion ( O) and Count ry ( C) .
Cert ificat e
This read- only t ext box displays t he cert ificat e in Privacy Enhanced Mail ( PEM) form at . PEM
uses base 64 t o convert t he binary cert ificat e int o a print able form .
You can copy and past e t he cert ificat e int o an e- m ail t o send t o friends or colleagues or you
can copy and past e t he cert ificat e int o a t ext edit or and save t he file on a m anagem ent
com put er for lat er dist ribut ion ( via floppy disk for exam ple) .
Back
218
Click Ba ck t o ret urn t o t he previous screen.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 19 Certificates
19.4.2 Import Trusted CA Certificate
Click t he I m por t Ce r t ifica t e but t on in t he Tr ust e d CA screen t o open t he following screen. The
Device t rust s any valid cert ificat e signed by any of t he im port ed t rust ed CA cert ificat es.
Figure 134 Trust ed CA: I m port Cert ificat e
The following t able describes t he fields in t his screen.
Table 102 Trust ed CA: I m port Cert ificat e
LABEL
DESCRIPTION
Cert ificat e File
Pat h
Type in t he locat ion of t he cert ificat e you want t o upload in t his field or click Br ow se ... t o
find it .
Enable Trust ed
CA for 802.1x
Aut hent icat ion
I f you select t his checkbox, t he t rust ed CA will be used for 802.1x aut hent icat ion. The
select ed t rust ed CA will be displayed in t he N e t w or k Se t t in g > Br oa dba n d > 8 0 2 .1 x :
Edit screen.
Cert ificat e
Copy and past e t he cert ificat e int o t he t ext box t o st ore it on t he Device.
OK
Click OK t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
219
Chapter 19 Certificates
220
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
20
VPN
20.1 Overview
A virt ual privat e net work ( VPN) provides secure com m unicat ions over t he t he I nt ernet . I nt ernet
Prot ocol Securit y ( I PSec) is a st andards- based VPN t hat provides confident ialit y, dat a int egrit y, and
aut hent icat ion. This chapt er shows you how t o configure t he Device’s VPN set t ings.
20.2 The IPSec VPN General Screen
Use t his screen t o view and m anage your VPN t unnel policies. The following figure helps explain t he
m ain fields in t he web configurat or.
Figure 135 I PSec Fields Sum m ary
Remote Network
Local Network
VPN Tunnel
Click Se cur it y > I PSe c VPN t o open t his screen as shown next .
Figure 136 Securit y > I PSec VPN
VMG8324-B10A / VMG8324-B30A Series User’s Guide
221
Chapter 20 VPN
This screen cont ains t he following fields:
Table 103 Securit y > I PSec VPN
LABEL
DESCRIPTION
Add New
Connect ion
Click t his but t on t o add an it em t o t he list .
This displays t he index num ber of an ent ry.
St at us
This displays whet her t he VPN policy is enabled ( En a ble ) or not ( D isa ble ) .
Connect ion Nam e
The nam e of t he VPN policy.
Rem ot e Gat eway
This is t he I P address of t he rem ot e I PSec rout er in t he I KE SA.
Local Addresses
This displays t he I P address( es) on t he LAN behind your Device.
Rem ot e
Addresses
This displays t he I P address( es) on t he LAN behind t he rem ot e I PSec’s rout er.
Delet e
Click t he Edit icon t o m odify t he VPN policy.
Click t he D e le t e icon t o delet e t he VPN policy.
20.3 The IPSec VPN Add/Edit Screen
Use t hese set t ings t o add or edit VPN policies. Click t he Add N e w Conne ct ion but t on in t he
Se cur it y > VPN screen t o open t his screen as shown next .
222
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 20 VPN
Figure 137 Securit y > I PSec VPN: Add/ Edit
This screen cont ains t he following fields:
Table 104 Securit y > I PSec VPN: Add/ Edit
LABEL
DESCRIPTION
Act ive
Select t his t o act ivat e t his VPN policy.
I PSec Connect ion
Nam e
Ent er t he nam e of t he VPN policy.
Rem ot e I PSec
Gat eway Address
Ent er t he I P address of t he rem ot e I PSec rout er in t he I KE SA.
Tunnel access
from local I P
addresses
Select Sin gle Addr e ss t o have only one local LAN I P address use t he VPN t unnel. Select
Su bn e t t o specify local LAN I P addresses by t heir subnet m ask.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
223
Chapter 20 VPN
Table 104 Securit y > I PSec VPN: Add/ Edit
LABEL
DESCRIPTION
I P Address for
VPN
I f Single Addr e ss is select ed, ent er a ( st at ic) I P address on t he LAN behind your Device.
I f Su bn e t is select ed, specify I P addresses on a net work by t heir subnet m ask by ent ering
a ( st at ic) I P address on t he LAN behind your Device. Then ent er t he subnet m ask t o
ident ify t he net work address.
I P Subnet m ask
I f Su bn e t is select ed, ent er t he subnet m ask t o ident ify t he net work address.
Tunnel access
from rem ot e I P
addresses
Select Sin gle Addr e ss t o have only one rem ot e LAN I P address use t he VPN t unnel.
Select Subne t t o specify rem ot e LAN I P addresses by t heir subnet m ask.
I P Address for
VPN
I f Sin gle Addr e ss is select ed, ent er a ( st at ic) I P address on t he LAN behind t he rem ot e
I PSec’s rout er.
I f Su bn e t is select ed, specify I P addresses on a net work by t heir subnet m ask by ent ering
a ( st at ic) I P address on t he LAN behind t he rem ot e I PSec’s rout er. Then ent er t he subnet
m ask t o ident ify t he net work address.
I P Subnet m ask
I f Su bn e t is select ed, ent er t he subnet m ask t o ident ify t he net work address.
Prot ocol
Select which prot ocol you want t o use in t he I PSec SA. Choices are:
AH ( RFC 2402) - provides int egrit y, aut hent icat ion, sequence int egrit y ( replay
resist ance) , and non- repudiat ion but not encrypt ion. I f you select AH , you m ust select an
I n t e gr a t y Algor it hm .
ESP ( RFC 2406) - provides encrypt ion and t he sam e services offered by AH , but it s
aut hent icat ion is weaker. I f you select ESP, you m ust select an Encr ypt ion Agor it h m
and I n t e gr a t y Algor it h m .
Bot h AH and ESP increase processing requirem ent s and lat ency ( delay) . The Device and
rem ot e I PSec rout er m ust use t he sam e act ive prot ocol.
Key Exchange
Met hod
Select t he key exchange m et hod:
Au t o( I KE) - Select t his t o use aut om at ic I KE key m anagem ent VPN connect ion policy.
M a n u a l - Select t his opt ion t o configure a VPN connect ion policy t hat uses a m anual key
inst ead of I KE key m anagem ent . This m ay be useful if you have problem s wit h I KE key
m anagem ent .
Note: Only use manual key as a temporary solution, because it is not as secure as a regular
IPSec SA.
Aut hent icat ion
Met hod
Select Pr e - Sh a r e d Ke y t o use a pre- shared key for aut hent icat ion, and t ype in your preshared key. A pre- shared key ident ifies a com m unicat ing part y during a phase 1 I KE
negot iat ion. I t is called " pre- shared" because you have t o share it wit h anot her part y
before you can com m unicat e wit h t hem over a secure connect ion.
Select Ce r t ifica t e ( X .5 0 9 ) t o use a cert ificat e for aut hent icat ion.
Pre- Shared Key
Type your pre- shared key in t his field. A pre- shared key ident ifies a com m unicat ing part y
during a phase 1 I KE negot iat ion.
Type from 8 t o 31 case- sensit ive ASCI I charact ers or from 16 t o 62 hexadecim al ( " 0- 9" ,
" A- F" ) charact ers. You m ust precede a hexadecim al key wit h a " 0x” ( zero x) , which is not
count ed as part of t he 16 t o 62 charact er range for t he key. For exam ple, in
" 0x0123456789ABCDEF" , “ 0x” denot es t hat t he key is hexadecim al and
“ 0123456789ABCDEF” is t he key it self.
Local I D Type
Select I P t o ident ify t he Device by it s I P address.
Select E- m a il t o ident ify t his Device by an e- m ail address.
Select D N S t o ident ify t his Device by a dom ain nam e.
Select ASN 1 D N ( Abst ract Synt ax Not at ion one - Dist inguished Nam e) t o t his Device by
t he subj ect field in a cert ificat e. This is used only wit h cert ificat e- based aut hent icat ion.
224
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 20 VPN
Table 104 Securit y > I PSec VPN: Add/ Edit
LABEL
DESCRIPTION
Local I D Cont ent
When you select I P in t he Loca l I D Type field, t ype t he I P address of your com put er in
t his field. I f you configure t his field t o 0.0.0.0 or leave it blank, t he Device aut om at ically
uses t he Pr e - Sh a r e d Ke y ( refer t o t he Pr e - Sh a r e d Ke y field descript ion) .
I t is recom m ended t hat you t ype an I P address ot her t han 0.0.0.0 in t his field or use t he
D N S or E- m a il t ype in t he following sit uat ions.
•
•
When t here is a NAT rout er bet ween t he t wo I PSec rout ers.
When you want t he rem ot e I PSec rout er t o be able t o dist inguish bet ween VPN
connect ion request s t hat com e in from I PSec rout ers wit h dynam ic WAN I P addresses.
When you select D N S or E- m a il in t he Loca l I D Type field, t ype a dom ain nam e or em ail address by which t o ident ify t his Device in t his field. Use up t o 31 ASCI I charact ers
including spaces, alt hough t railing spaces are t runcat ed. The dom ain nam e or e- m ail
address is for ident ificat ion purposes only and can be any st ring.
Rem ot e I D Type
Select I P t o ident ify t he rem ot e I PSec rout er by it s I P address.
Select E- m a il t o ident ify t he rem ot e I PSec rout er by an e- m ail address.
Select D N S t o ident ify t he rem ot e I PSec rout er by a dom ain nam e.
Select ASN 1 D N t o ident ify t he rem ot e I PSec rout er by t he subj ect field in a cert ificat e.
This is used only wit h cert ificat e- based aut hent icat ion.
Rem ot e I D
Cont ent
The configurat ion of t he rem ot e cont ent depends on t he rem ot e I D t ype.
For I P, t ype t he I P address of t he com put er wit h which you will m ake t he VPN connect ion.
I f you configure t his field t o 0.0.0.0 or leave it blank, t he Device will use t he address in
t he Re m ot e I PSe c Ga t e w a y Addr e ss field ( refer t o t he Re m ot e I PSe c Ga t e w a y
Addr e ss field descript ion) .
For D N S or E- m a il, t ype a dom ain nam e or e- m ail address by which t o ident ify t he
rem ot e I PSec rout er. Use up t o 31 ASCI I charact ers including spaces, alt hough t railing
spaces are t runcat ed. The dom ain nam e or e- m ail address is for ident ificat ion purposes
only and can be any st ring.
I t is recom m ended t hat you t ype an I P address ot her t han 0.0.0.0 or use t he D N S or Em a il I D t ype in t he following sit uat ions:
•
•
When t here is a NAT rout er bet ween t he t wo I PSec rout ers.
When you want t he Device t o dist inguish bet ween VPN connect ion request s t hat com e
in from rem ot e I PSec rout ers wit h dynam ic WAN I P addresses.
Advanced I KE
Set t ings
Click m or e t o display advanced set t ings. Click le ss t o display basic set t ings only.
NAT_Traversal
Select En a ble if you want t o set up a VPN t unnel when t here are NAT rout ers bet ween t he
Device and rem ot e I PSec rout er. The rem ot e I PSec rout er m ust also enable NAT t raversal,
and t he NAT rout ers have t o forward UDP port 500 packet s t o t he rem ot e I PSec rout er
behind t he NAT rout er. Ot herwise, select D isa ble .
Phase 1
Mode
Select t he negot iat ion m ode t o use t o negot iat e t he I KE SA. Choices are:
M a in - t his encrypt s t he Device’s and rem ot e I PSec rout er ’s ident it ies but t akes m ore
t im e t o est ablish t he I KE SA.
Aggr e ssive - t his is fast er but does not encrypt t he ident it ies.
The Device and t he rem ot e I PSec rout er m ust use t he sam e negot iat ion m ode.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
225
Chapter 20 VPN
Table 104 Securit y > I PSec VPN: Add/ Edit
LABEL
DESCRIPTION
Encrypt ion
Algorit hm
Select which key size and encrypt ion algorit hm t o use in t he I KE SA. Choices are:
D ES - a 56- bit key wit h t he DES encrypt ion algorit hm
3 D ES - a 168- bit key wit h t he DES encrypt ion algorit hm
AES - 1 2 8 - a 128- bit key wit h t he AES encrypt ion algorit hm
AES - 1 9 6 - a 196- bit key wit h t he AES encrypt ion algorit hm
AES - 2 5 6 - a 256- bit key wit h t he AES encrypt ion algorit hm
The Device and t he rem ot e I PSec rout er m ust use t he sam e key size and encrypt ion
algorit hm . Longer keys require m ore processing power, result ing in increased lat ency and
decreased t hroughput .
I nt egrit y
Algorit hm
Select which hash algorit hm t o use t o aut hent icat e packet dat a. Choices are M D 5 , SH A1 .
SH A is generally considered st ronger t han M D 5 , but it is also slower.
Select DiffieHellm an Group
for Key Exchange
Select which Diffie- Hellm an key group you want t o use for encrypt ion keys. Choices for
num ber of bit s in t he random num ber are: 768, 1024, 1536, 2048, 3072, 4096.
Key Life Tim e
Define t he lengt h of t im e before an I PSec SA aut om at ically renegot iat es in t his field.
The longer t he key, t he m ore secure t he encrypt ion, but also t he longer it t akes t o encrypt
and decrypt inform at ion. Bot h rout ers m ust use t he sam e DH key group.
A short SA Life Tim e increases securit y by forcing t he t wo VPN gat eways t o updat e t he
encrypt ion and aut hent icat ion keys. However, every t im e t he VPN t unnel renegot iat es, all
users accessing rem ot e resources are t em porarily disconnect ed.
Phase 2
Encrypt ion
Algorit hm
Select which key size and encrypt ion algorit hm t o use in t he I KE SA. Choices are:
D ES - a 56- bit key wit h t he DES encrypt ion algorit hm
3 D ES - a 168- bit key wit h t he DES encrypt ion algorit hm
AES - 1 2 8 - a 128- bit key wit h t he AES encrypt ion algorit hm
AES - 1 9 2 - a 196- bit key wit h t he AES encrypt ion algorit hm
AES - 2 5 6 - a 256- bit key wit h t he AES encrypt ion algorit hm
Select ESP_ N ULL t o set up a t unnel wit hout encrypt ion. When you select ESP_ N ULL,
you do not ent er an encrypt ion key.
The Device and t he rem ot e I PSec rout er m ust use t he sam e key size and encrypt ion
algorit hm . Longer keys require m ore processing power, result ing in increased lat ency and
decreased t hroughput .
I nt egrit y
Algorit hm
226
Select which hash algorit hm t o use t o aut hent icat e packet dat a. Choices are M D 5 and
SH A1 . SH A is generally considered st ronger t han M D 5 , but it is also slower.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 20 VPN
Table 104 Securit y > I PSec VPN: Add/ Edit
LABEL
DESCRIPTION
Perfect Forward
Secrecy ( PFS)
Select whet her or not you want t o enable Perfect Forward Secrecy ( PFS)
PFS changes t he root key t hat is used t o generat e encrypt ion keys for each I PSec SA. The
longer t he key, t he m ore secure t he encrypt ion, but also t he longer it t akes t o encrypt and
decrypt inform at ion. Bot h rout ers m ust use t he sam e DH key group. Choices are:
N on e - do not use any random num ber.
7 6 8 bit ( D H Gr ou p1 ) - use a 768- bit random num ber
1 0 2 4 bit ( D H Gr ou p2 ) - use a 1024- bit random num ber
1 5 3 6 bit ( D H Gr ou p5 ) - use a 1536- bit random num ber
2 0 4 8 bit ( D H Gr ou p1 4 ) - use a 2048- bit random num ber
3 0 7 2 bit ( D H Gr ou p1 5 ) - use a 3072- bit random num ber
4 0 9 6 bit ( D H Gr ou p1 6 ) - use a 4096- bit random num ber
Key Life Tim e
Define t he lengt h of t im e before an I PSec SA aut om at ically renegot iat es in t his field.
A short SA Life Tim e increases securit y by forcing t he t wo VPN gat eways t o updat e t he
encrypt ion and aut hent icat ion keys. However, every t im e t he VPN t unnel renegot iat es, all
users accessing rem ot e resources are t em porarily disconnect ed.
The following fields are available if you select Manual in t he Key Exchange Met hod field.
Encrypt ion
Algorit hm
Select which key size and encrypt ion algorit hm t o use in t he I KE SA. Choices are:
D ES - a 56- bit key wit h t he DES encrypt ion algorit hm
3 D ES - a 168- bit key wit h t he DES encrypt ion algorit hm
EPS_ N ULL - no encrypt ion key or algorit hm
Encrypt ion
Key
This field is applicable when you select an Encrypt ion Algorit hm .
Ent er t he encrypt ion key, which depends on t he encrypt ion algorit hm .
D ES - t ype a unique key 16 hexadecim al charact ers long
3 D ES - t ype a unique key 48 hexadecim al charact ers long
Aut hent icat ion
Algorit hm
Select which hash algorit hm t o use t o aut hent icat e packet dat a. Choices are MD5, SHA1.
SHA is generally considered st ronger t han MD5, but it is also slower.
Aut hent icat ion
Key
Ent er t he aut hent icat ion key, which depends on t he aut hent icat ion algorit hm .
M D 5 - t ype a unique key 32 hexadecim al charact ers long
SH A1 - t ype a unique key 40 hexadecim al charact ers long
SPI
Type a unique SPI ( Securit y Param et er I ndex) in hexadecim al charact ers.
The SPI is used t o ident ify t he Device during aut hent icat ion.
The Device and rem ot e I PSec rout er m ust use t he sam e SPI .
OK
Click OK t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
227
Chapter 20 VPN
20.4 The IPSec VPN Monitor Screen
Use t his screen t o check your VPN t unnel’s current st at us. You can also m anually t rigger a VPN
t unnel t o t he rem ot e net work. Click Se cu r it y > I PSe c VPN > M on it or t o open t his screen as
shown next .
Figure 138 Securit y > I PSec VPN > Monit or
This screen cont ains t he following fields:
Table 105 Securit y > I PSec VPN > Monit or
LABEL
DESCRIPTION
Refresh I nt erval
Select how oft en you want t he Device t o updat e t his screen. Select N o Re fr e sh t o have
t he Device st op updat ing t he screen.
St at us
This displays a green line bet ween t wo host s if t he VPN t unnel has been est ablished
successfully. Ot herwise, it displays a red line in bet ween.
Connect ion Nam e
This displays t he nam e of t he VPN policy.
Rem ot e Gat eway
This is t he I P address of t he rem ot e I PSec rout er in t he I KE SA.
Local Addresses
This displays t he I P address( es) on t he LAN behind your Device.
Rem ot e
Addresses
This displays t he I P address( es) on t he LAN behind t he rem ot e I PSec rout er.
Act ion
Click Tr igge r t o est ablish a VPN connect ion wit h t he rem ot e net work.
20.5 Technical Reference
This sect ion provides som e t echnical background inform at ion about t he t opics covered in t his
sect ion.
20.5.1 IPSec Architecture
The overall I PSec archit ect ure is shown as follows.
228
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 20 VPN
Figure 139 I PSec Archit ect ure
IPSec Algorithms
The ESP ( Encapsulat ing Securit y Payload) Prot ocol ( RFC 2406) and AH ( Aut hent icat ion Header)
prot ocol ( RFC 2402) describe t he packet form at s and t he default st andards for packet st ruct ure
( including im plem ent at ion algorit hm s) .
The Encrypt ion Algorit hm describes t he use of encrypt ion t echniques such as DES ( Dat a Encrypt ion
St andard) and Triple DES algorit hm s.
The Aut hent icat ion Algorit hm s, HMAC- MD5 ( RFC 2403) and HMAC- SHA- 1 ( RFC 2404, provide an
aut hent icat ion m echanism for t he AH and ESP prot ocols.
Key Management
Key m anagem ent allows you t o det erm ine whet her t o use I KE ( I SAKMP) or m anual key
configurat ion in order t o set up a VPN.
20.5.2 Encapsulation
The t wo m odes of operat ion for I PSec VPNs are Tr a n spor t m ode and Tunne l m ode. At t he t im e of
writ ing, t he Device support s Tun n e l m ode only.
Figure 140 Transport and Tunnel Mode I PSec Encapsulat ion
VMG8324-B10A / VMG8324-B30A Series User’s Guide
229
Chapter 20 VPN
Transport Mode
Tr a nspor t m ode is used t o prot ect upper layer prot ocols and only affect s t he dat a in t he I P packet .
I n Tr a n spor t m ode, t he I P packet cont ains t he securit y prot ocol ( AH or ESP) locat ed aft er t he
original I P header and opt ions, but before any upper layer prot ocols cont ained in t he packet ( such
as TCP and UDP) .
Wit h ESP, prot ect ion is applied only t o t he upper layer prot ocols cont ained in t he packet . The I P
header inform at ion and opt ions are not used in t he aut hent icat ion process. Therefore, t he
originat ing I P address cannot be verified for int egrit y against t he dat a.
Wit h t he use of AH as t he securit y prot ocol, prot ect ion is ext ended forward int o t he I P header t o
verify t he int egrit y of t he ent ire packet by use of port ions of t he original I P header in t he hashing
process.
Tunnel Mode
Tunne l m ode encapsulat es t he ent ire I P packet t o t ransm it it securely. A Tunne l m ode is required
for gat eway services t o provide access t o int ernal syst em s. Tunne l m ode is fundam ent ally an I P
t unnel wit h aut hent icat ion and encrypt ion. This is t he m ost com m on m ode of operat ion. Tu n ne l
m ode is required for gat eway t o gat eway and host t o gat eway com m unicat ions. Tunne l m ode
com m unicat ions have t wo set s of I P headers:
• Out side he a de r : The out side I P header cont ains t he dest inat ion I P address of t he VPN gat eway.
• I nside he a de r : The inside I P header cont ains t he dest inat ion I P address of t he final syst em
behind t he VPN gat eway. The securit y prot ocol appears aft er t he out er I P header and before t he
inside I P header.
20.5.3 IKE Phases
There are t wo phases t o every I KE ( I nt ernet Key Exchange) negot iat ion – phase 1 ( Aut hent icat ion)
and phase 2 ( Key Exchange) . A phase 1 exchange est ablishes an I KE SA and t he second one uses
t hat SA t o negot iat e SAs for I PSec.
230
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 20 VPN
Figure 141 Two Phases t o Set Up t he I PSec SA
I n phase 1 you m ust :
• Choose a negot iat ion m ode.
• Aut hent icat e t he connect ion by ent ering a pre- shared key.
• Choose an encrypt ion algorit hm .
• Choose an aut hent icat ion algorit hm .
• Choose a Diffie- Hellm an public- key crypt ography key group.
• Set t he I KE SA lifet im e. This field allows you t o det erm ine how long an I KE SA should st ay up
before it t im es out . An I KE SA t im es out when t he I KE SA lifet im e period expires. I f an I KE SA
t im es out when an I PSec SA is already est ablished, t he I PSec SA st ays connect ed.
I n phase 2 you m ust :
• Choose an encrypt ion algorit hm .
• Choose an aut hent icat ion algorit hm
• Choose a Diffie- Hellm an public- key crypt ography key group.
• Set t he I PSec SA lifet im e. This field allows you t o det erm ine how long t he I PSec SA should st ay
up before it t im es out . The Device aut om at ically renegot iat es t he I PSec SA if t here is t raffic when
t he I PSec SA lifet im e period expires. I f an I PSec SA t im es out , t hen t he I PSec rout er m ust
renegot iat e t he SA t he next t im e som eone at t em pt s t o send t raffic.
20.5.4 Negotiation Mode
The phase 1 N e got ia t ion M ode you select det erm ines how t he Securit y Associat ion ( SA) will be
est ablished for each connect ion t hrough I KE negot iat ions.
• M a in M ode ensures t he highest level of securit y when t he com m unicat ing part ies are
negot iat ing aut hent icat ion ( phase 1) . I t uses 6 m essages in t hree round t rips: SA negot iat ion,
Diffie- Hellm an exchange and an exchange of nonces ( a nonce is a random num ber) . This m ode
feat ures ident it y prot ect ion ( your ident it y is not revealed in t he negot iat ion) .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
231
Chapter 20 VPN
• Aggr e ssive M ode is quicker t han M a in M ode because it elim inat es several st eps when t he
com m unicat ing part ies are negot iat ing aut hent icat ion ( phase 1) . However t he t rade- off is t hat
fast er speed lim it s it s negot iat ing power and it also does not provide ident it y prot ect ion. I t is
useful in rem ot e access sit uat ions where t he address of t he init iat or is not know by t he responder
and bot h part ies want t o use pre- shared key aut hent icat ion.
20.5.5 IPSec and NAT
Read t his sect ion if you are running I PSec on a host com put er behind t he Device.
NAT is incom pat ible wit h t he AH prot ocol in bot h Tr a nspor t and Tu n n e l m ode. An I PSec VPN using
t he AH prot ocol digit ally signs t he out bound packet , bot h dat a payload and headers, wit h a hash
value appended t o t he packet . When using AH prot ocol, packet cont ent s ( t he dat a payload) are not
encrypt ed.
A NAT device in bet ween t he I PSec endpoint s will rewrit e eit her t he source or dest inat ion address
wit h one of it s own choosing. The VPN device at t he receiving end will verify t he int egrit y of t he
incom ing packet by com put ing it s own hash value, and com plain t hat t he hash value appended t o
t he received packet doesn't m at ch. The VPN device at t he receiving end doesn't know about t he
NAT in t he m iddle, so it assum es t hat t he dat a has been m aliciously alt ered.
I PSec using ESP in Tu n ne l m ode encapsulat es t he ent ire original packet ( including headers) in a
new I P packet . The new I P packet 's source address is t he out bound address of t he sending VPN
gat eway, and it s dest inat ion address is t he inbound address of t he VPN device at t he receiving end.
When using ESP prot ocol wit h aut hent icat ion, t he packet cont ent s ( in t his case, t he ent ire original
packet ) are encrypt ed. The encrypt ed cont ent s, but not t he new headers, are signed wit h a hash
value appended t o t he packet .
Tunne l m ode ESP wit h aut hent icat ion is com pat ible wit h NAT because int egrit y checks are
perform ed over t he com binat ion of t he " original header plus original payload," which is unchanged
by a NAT device.
Tr a nspor t m ode ESP wit h aut hent icat ion is not com pat ible wit h NAT.
Table 106 VPN and NAT
SECURITY PROTOCOL
MODE
NAT
AH
Transport
AH
Tunnel
ESP
Transport
ESP
Tunnel
20.5.6 VPN, NAT, and NAT Traversal
NAT is incom pat ible wit h t he AH prot ocol in bot h t ransport and t unnel m ode. An I PSec VPN using
t he AH prot ocol digit ally signs t he out bound packet , bot h dat a payload and headers, wit h a hash
value appended t o t he packet , but a NAT device bet ween t he I PSec endpoint s rewrit es t he source or
dest inat ion address. As a result , t he VPN device at t he receiving end finds a m ism at ch bet ween t he
hash value and t he dat a and assum es t hat t he dat a has been m aliciously alt ered.
NAT is not norm ally com pat ible wit h ESP in t ransport m ode eit her, but t he Device’s N AT Tr a ve r sa l
feat ure provides a way t o handle t his. NAT t raversal allows you t o set up an I KE SA when t here are
NAT rout ers bet ween t he t wo I PSec rout ers.
232
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 20 VPN
Figure 142 NAT Rout er Bet ween I PSec Rout ers
Norm ally you cannot set up an I KE SA wit h a NAT rout er bet ween t he t wo I PSec rout ers because
t he NAT rout er changes t he header of t he I PSec packet . NAT t raversal solves t he problem by adding
a UDP port 500 header t o t he I PSec packet . The NAT rout er forwards t he I PSec packet wit h t he UDP
port 500 header unchanged. I n t he above figure, when I PSec rout er A t ries t o est ablish an I KE SA,
I PSec rout er B checks t he UDP port 500 header, and I PSec rout ers A and B build t he I KE SA.
For NAT t raversal t o work, you m ust :
• Use ESP securit y prot ocol ( in eit her t ransport or t unnel m ode) .
• Use I KE keying m ode.
• Enable NAT t raversal on bot h I PSec endpoint s.
• Set t he NAT rout er t o forward UDP port 500 t o I PSec rout er A.
Finally, NAT is com pat ible wit h ESP in t unnel m ode because int egrit y checks are perform ed over t he
com binat ion of t he " original header plus original payload," which is unchanged by a NAT device. The
com pat ibilit y of AH and ESP wit h NAT in t unnel and t ransport m odes is sum m arized in t he following
t able.
Table 107 VPN and NAT
SECURITY PROTOCOL
MODE
NAT
AH
Transport
AH
Tunnel
ESP
Transport
Y*
ESP
Tunnel
Y* - This is support ed in t he Device if you enable NAT t raversal.
20.5.7 ID Type and Content
Wit h aggressive negot iat ion m ode ( see Sect ion 20.5.4 on page 231) , t he Device ident ifies incom ing
SAs by I D t ype and cont ent since t his ident ifying inform at ion is not encrypt ed. This enables t he
Device t o dist inguish bet ween m ult iple rules for SAs t hat connect from rem ot e I PSec rout ers t hat
have dynam ic WAN I P addresses.
Regardless of t he I D t ype and cont ent configurat ion, t he Device does not allow you t o save m ult iple
act ive rules wit h overlapping local and rem ot e I P addresses.
Wit h m ain m ode ( see Sect ion 20.5.4 on page 231) , t he I D t ype and cont ent are encrypt ed t o
provide ident it y prot ect ion. I n t his case t he Device can only dist inguish bet ween up t o 12 different
incom ing SAs t hat connect from rem ot e I PSec rout ers t hat have dynam ic WAN I P addresses. The
Device can dist inguish up t o 48 incom ing SAs because you can select bet ween t hree encrypt ion
algorit hm s ( DES, 3DES and AES) , t wo aut hent icat ion algorit hm s ( MD5 and SHA1) and eight key
groups when you configure a VPN rule ( see Sect ion 20.2 on page 221) . The I D t ype and cont ent act
as an ext ra level of ident ificat ion for incom ing SAs.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
233
Chapter 20 VPN
The t ype of I D can be a dom ain nam e, an I P address or an e- m ail address. The cont ent is t he I P
address, dom ain nam e, or e- m ail address.
Table 108 Local I D Type and Cont ent Fields
LOCAL ID TYPE= CONTENT=
IP
Type t he I P address of your com put er.
DNS
Type a dom ain nam e ( up t o 31 charact ers) by which t o ident ify t his Device.
E- m ail
Type an e- m ail address ( up t o 31 charact ers) by which t o ident ify t his Device.
The dom ain nam e or e- m ail address t hat you use in t he Loca l I D Con t e nt field is used
for ident ificat ion purposes only and does not need t o be a real dom ain nam e or e- m ail
address.
20.5.7.1 ID Type and Content Examples
Two I PSec rout ers m ust have m at ching I D t ype and cont ent configurat ion in order t o set up a VPN
t unnel.
The t wo Devices in t his exam ple can com plet e negot iat ion and est ablish a VPN t unnel.
Table 109 Mat ching I D Type and Cont ent Configurat ion Exam ple
Device A
Device B
Local I D t ype: E- m ail
Local I D t ype: I P
Local I D cont ent : t om @yourcom pany.com
Local I D cont ent : 1.1.1.2
Rem ot e I D t ype: I P
Rem ot e I D t ype: E- m ail
Rem ot e I D cont ent : 1.1.1.2
Rem ot e I D cont ent : t om @yourcom pany.com
The t wo Devices in t his exam ple cannot com plet e t heir negot iat ion because Device B’s Loca l I D
Type is I P, but Device A’s Re m ot e I D Type is set t o E- m a il. An “ I D m ism at ched” m essage
displays in t he I PSEC LOG.
Table 110 Mism at ching I D Type and Cont ent Configurat ion Exam ple
DEVICE A
DEVICE B
Local I D t ype: I P
Local I D t ype: I P
Local I D cont ent : 1.1.1.10
Local I D cont ent : 1.1.1.2
Rem ot e I D t ype: E- m ail
Rem ot e I D t ype: I P
Rem ot e I D cont ent : aa@yahoo.com
Rem ot e I D cont ent : 1.1.1.0
20.5.8 Pre-Shared Key
A pre- shared key ident ifies a com m unicat ing part y during a phase 1 I KE negot iat ion ( see Sect ion
20.5.3 on page 230 for m ore on I KE phases) . I t is called “ pre- shared” because you have t o share it
wit h anot her part y before you can com m unicat e wit h t hem over a secure connect ion.
20.5.9 Diffie-Hellman (DH) Key Groups
Diffie- Hellm an ( DH) is a public- key crypt ography prot ocol t hat allows t wo part ies t o est ablish a
shared secret over an unsecured com m unicat ions channel. Diffie- Hellm an is used wit hin I KE SA
set up t o est ablish session keys. Upon com plet ion of t he Diffie- Hellm an exchange, t he t wo peers
have a shared secret , but t he I KE SA is not aut hent icat ed. For aut hent icat ion, use pre- shared keys.
234
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
21
Voice
21.1 Overview
Use t his chapt er t o:
• Connect an analog phone t o t he Device.
• Make phone calls over t he I nt ernet , as well as t he regular phone net work.
• Configure set t ings such as speed dial.
• Configure net work set t ings t o opt im ize t he voice qualit y of your phone calls.
21.1.1 What You Can Do in this Chapter
These screens allow you t o configure your Device t o m ake phone calls over t he I nt ernet and your
regular phone line, and t o set up t he phones you connect t o t he Device.
• Use t he SI P Account screen ( Sect ion 21.3 on page 236) t o set up inform at ion about your SI P
account , cont rol which SI P account s t he phones connect ed t o t he Device use and configure audio
set t ings such as volum e levels for t he phones connect ed t o t he Device.
• Use t he SI P Se r vice Pr ovide r screen ( Sect ion 21.4 on page 241) t o configure t he SI P server
inform at ion, QoS for VoI P calls, t he num bers for cert ain phone funct ions, and dialing plan.
• Use t he Ph one Re gion screen ( Sect ion 21.5 on page 249) t o change set t ings t hat depend on t he
count ry you are in.
• Use t he Ca ll Rule screen ( Sect ion 21.6 on page 249) t o set up short cut s for dialing frequent lyused ( VoI P) phone num bers.
• Use t he Ca ll H ist or y Sum m a r y screen ( Sect ion 21.7 on page 250) t o view t he sum m ary list of
received, dialed and m issed calls.
• Use t he Ca ll H ist or y Out going screen ( Sect ion 21.8 on page 251) t o view det ailed inform at ion
for each out going call you m ade.
• Use t he Ca ll H ist or y I n com in g screen ( Sect ion 21.9 on page 251) t o view det ailed inform at ion
for each incom ing call from som eone calling you.
You don’t necessarily need t o use all t hese screens t o set up your account . I n fact , if your service
provider did not supply inform at ion on a part icular field in a screen, it is usually best t o leave it at
it s default set t ing.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
235
Chapter 21 Voice
21.1.2 What You Need to Know About VoIP
VoIP
VoI P st ands for Voice over I P. I P is t he I nt ernet Prot ocol, which is t he m essage- carrying st andard
t he I nt ernet runs on. So, Voice over I P is t he sending of voice signals ( speech) over t he I nt ernet ( or
anot her net work t hat uses t he I nt ernet Prot ocol) .
SIP
SI P st ands for Session I nit iat ion Prot ocol. SI P is a signalling st andard t hat let s one net work device
( like a com put er or t he Device) send m essages t o anot her. I n VoI P, t hese m essages are about
phone calls over t he net work. For exam ple, when you dial a num ber on your Device, it sends a SI P
m essage over t he net work asking t he ot her device ( t he num ber you dialed) t o t ake part in t he call.
SIP Accounts
A SI P account is a t ype of VoI P account . I t is an arrangem ent wit h a service provider t hat let s you
m ake phone calls over t he I nt ernet . When you set t he Device t o use your SI P account t o m ake
calls, t he Device is able t o send all t he inform at ion about t he phone call t o your service provider on
t he I nt ernet .
St rict ly speaking, you don’t need a SI P account . I t is possible for one SI P device ( like t he Device) t o
call anot her wit hout involving a SI P service provider. However, t he net working difficult ies involved
in doing t his m ake it t rem endously im pract ical under norm al circum st ances. Your SI P account
provider rem oves t hese difficult ies by t aking care of t he call rout ing and set up - figuring out how t o
get your call t o t he right place in a way t hat you and t he ot her person can t alk t o one anot her.
How to Find Out More
See Chapt er 4 on page 37 for a t ut orial showing how t o set up t hese screens in an exam ple
scenario.
See Sect ion 21.10 on page 252 for advanced t echnical inform at ion on SI P.
21.2 Before You Begin
• Before you can use t hese screens, you need t o have a VoI P account already set up. I f you don’t
have one yet , you can sign up wit h a VoI P service provider over t he I nt ernet .
• You should have t he inform at ion your VoI P service provider gave you ready, before you st art t o
configure t he Device.
21.3 The SIP Account Screen
The Device uses a SI P account t o m ake out going VoI P calls and check if an incom ing call’s
dest inat ion num ber m at ches your SI P account ’s SI P num ber. I n order t o m ake or receive a VoI P
236
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
call, you need t o enable and configure a SI P account , and m ap it t o a phone port . The SI P account
cont ains inform at ion t hat allows your Device t o connect t o your VoI P service provider.
See Sect ion 21.3.1 on page 237 for how t o m ap a SI P account t o a phone port .
Use t his screen t o view SI P account inform at ion. You can also enable and disable each SI P account .
To access t his screen, click VoI P > SI P > SI P Accou nt .
Figure 143 VoI P > SI P > SI P Account
Each field is described in t he following t able.
Table 111 VoI P > SI P > SI P Account
LABEL
DESCRIPTION
Add new account
Click t his t o configure a SI P account .
This is t he index num ber of t he ent ry.
Act ive
This shows whet her t he SI P account is act ivat ed or not .
A yellow bulb signifies t hat t his SI P account is act ivat ed. A gray bulb signifies t hat t his SI P
account is not act ivat ed.
SI P Account
This shows t he nam e of t he SI P account .
Service Provider
This shows t he nam e of t he SI P service provider.
Account No.
This shows t he SI P num ber.
Modify
Click t he Edit icon t o configure t he SI P account .
Click t he D e le t e icon t o delet e t his SI P account from t he Device.
21.3.1 The SIP Account Add/Edit Screen
Use t his screen t o configure a SI P account and m ap it t o a phone port . To access t his screen, click
t he Add ne w a ccoun t but t on or click t he Edit icon of an ent ry in t he VoI P > SI P > SI P Accou n t
screen.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
237
Chapter 21 Voice
Not e: Click m or e t o see all t he fields in t he screen. You don’t necessarily need t o use all
t hese fields t o set up your account . Click le ss t o see and configure only t he fields
needed for t his feat ure.
Figure 144 VoI P > SI P > SI P Account > Add new accoun/ Edit
Each field is described in t he following t able.
Table 112 VoI P > SI P > SI P Account > Add new accoun/ Edit
LABEL
DESCRIPTION
SI P Account
Select ion
This field displays AD D _ N EW if you are creat ing a new SI P account or t he SI P
account you are m odifying.
SI P Service
Provider
Associat ion
Select t he SI P service provider profile t o use for t he SI P account you are
configuring in t his screen. This field is read- only when you are m odifying a SI P
account .
General
Enable SI P
Account
Select t his if you want t he Device t o use t his account . Clear it if you do not want
t he Device t o use t his account .
SI P Account
Num ber
Ent er your SI P num ber. I n t he full SI P URI , t his is t he part before t he @ sym bol.
You can use up t o 127 print able ASCI I charact ers.
Aut hent icat ion
238
Usernam e
Ent er t he user nam e for regist ering t his SI P account , exact ly as it was given t o
you. You can use up t o 95 print able ASCI I charact ers.
Password
Ent er t he user nam e for regist ering t his SI P account , exact ly as it was given t o
you. You can use up t o 95 print able ASCI I Ext ended set charact ers.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
Table 112 VoI P > SI P > SI P Account > Add new accoun/ Edit ( cont inued)
LABEL
DESCRIPTION
Apply To Phone
Select a phone port on which you want t o m ake or receive phone calls for t his
SI P account .
I f you m ap a phone port t o m ore t han one SI P account , t here is no way t o
dist inguish bet ween t he SI P account s when you receive phone calls. The Device
uses t he m ost recent ly regist ered SI P account first when you m ake an out going
call.
I f a phone port is not m apped t o a SI P account , you cannot receive or m ake any
calls on t he phone connect ed t o t his phone port .
m ore/ less
Click m or e t o display and edit m ore inform at ion for t he SI P account . Click le ss
t o display and configure t he basic SI P account set t ings.
URI Type
Select whet her or not t o include t he SI P service dom ain nam e when t he Device
sends t he SI P num ber.
SI P - include t he SI P service dom ain nam e.
TEL - do not include t he SI P service dom ain nam e.
Voice Feat ures
Prim ary
Com pression
Type
Secondary
Com pression
Type
Third
Com pression
Type
Select t he t ype of voice coder/ decoder ( codec) t hat you want t he Device t o use.
G.711 provides high voice qualit y but requires m ore bandwidt h ( 64 kbps) . G.711
is t he default codec used by phone com panies and digit al handset s.
•
•
G.7 1 1 a is t ypically used in Europe.
G.7 1 1 u is t ypically used in Nort h Am erica and Japan.
G.7 2 6 - 2 4 operat es at 2 4 kbps.
G.7 2 6 - 3 2 operat es at 3 2 kbps.
G.7 2 2 is a 7 KHz wideband voice codec t hat operat es at 48, 56 and 64 kbps. By
using a sam ple rat e of 16 kHz, G.722 can provide higher fidelit y and bet t er audio
qualit y t han narrowband codecs like G.711, in which t he voice signal is sam pled
at 8 KHz.
The Device m ust use t he sam e codec as t he peer. When t wo SI P devices st art a
SI P session, t hey m ust agree on a codec.
Select t he Device’s first choice for voice coder/ decoder.
Select t he Device’s second choice for voice coder/ decoder. Select N on e if you
only want t he Device t o accept t he first choice.
Select t he Device’s t hird choice for voice coder/ decoder. Select N on e if you only
want t he Device t o accept t he first or second choice.
Speaking Volum e
Cont rol
Select t he loudness t hat t he Device uses for speech t hat it sends t o t he peer
device.
List ening Volum e
Cont rol
Select t he loudness t hat t he Device uses for speech t hat it receives from t he
peer device.
- 1 2 is t he quiet est , and 1 2 is t he loudest .
- 1 2 is t he quiet est , and 1 2 is t he loudest .
Enable G.168
( Echo
Cancellat ion)
Select t his if you want t o elim inat e t he echo caused by t he sound of your voice
reverberat ing in t he t elephone receiver while you t alk.
Enable VAD
( Voice Act ive
Det ect or)
Select t his if t he Device should st op t ransm it t ing when you are not speaking.
This reduces t he bandwidt h t he Device uses.
Call Feat ures
VMG8324-B10A / VMG8324-B30A Series User’s Guide
239
Chapter 21 Voice
Table 112 VoI P > SI P > SI P Account > Add new accoun/ Edit ( cont inued)
LABEL
DESCRIPTION
Send Caller I D
Select t his if you want t o send ident ificat ion when you m ake VoI P phone calls.
Clear t his if you do not want t o send ident ificat ion.
Enable Call
Transfer
Select t his t o enable call t ransfer on t he Device. This allows you t o t ransfer an
incom ing call ( t hat you have answered) t o anot her phone.
Enable Call
Wait ing
Select t his t o enable call wait ing on t he Device. This allows you t o place a call on
hold while you answer anot her incom ing call on t he sam e t elephone num ber.
Call Wait ing
Rej ect Tim er
Specify a t im e of seconds t hat t he Device wait s before rej ect ing t he second call if
you do not answer it .
Enable
Uncondit ional
Forward
Select t his if you want t he Device t o forward all incom ing calls t o t he specified
phone num ber.
Enable Busy
Forward
Select t his if you want t he Device t o forward incom ing calls t o t he specified
phone num ber if t he phone port is busy.
Specify t he phone num ber in t he To N u m be r field on t he right .
Specify t he phone num ber in t he To N u m be r field on t he right .
I f you have call wait ing, t he incom ing call is forwarded t o t he specified phone
num ber if you rej ect or ignore t he second incom ing call.
Enable No Answer
Forward
Select t his if you want t he Device t o forward incom ing calls t o t he specified
phone num ber if t he call is unanswered. ( See N o An sw e r Tim e .)
Specify t he phone num ber in t he To N u m be r field on t he right .
No Answer Tim e
This field is used by t he Act ive N o Answ e r For w a r d feat ure.
Ent er t he num ber of seconds t he Device should wait for you t o answer an
incom ing call before it considers t he call is unanswered.
Enable Do Not
Dist urb
Select t his t o set your phone t o not ring when som eone calls you.
Enable
Anonym ous Call
Block
Select t his if you do not want t he phone t o ring when som eone t ries t o call you
wit h caller I D deact ivat ed.
Enable Call
Com plet ion on
Busy Subscriber
( CCBS)
When you m ake a phone call but hear a busy t one, Call Com plet ion on Busy
Subscriber ( CCBS) allows you t o enable aut o- callback by pressing 5 and hanging
up t he phone. The Device t hen t ries t o call t hat phone num ber every m inut e
since aft er you hang up t he phone. When t he called part y becom es available
wit hin t he CCBS t im eout period ( 60 m inut es by default ) , bot h phones ring.
•
•
•
I f t he called part y’s phone rings because of CCBS but no one answers t he
phone aft er 180 seconds, you w ill hear a busy t one. You can enable CCBS on
t he called num ber again.
I f you m anually call t he num ber on which you have enabled CCBS before t he
CCBS t im eout period expires, t he Device disables CCBS on t he called
num ber.
I f you call a second num ber before t he first called num ber ’s CCBS t im eout
period expires, t he Device st ops calling t he first num ber unt il you finish t he
second call.
Select t his opt ion t o act ivat e CCBS on t he Device.
240
MWI ( Message
Wait ing
I ndicat ion)
Select t his if you want t o hear a wait ing ( beeping) dial t one on your phone when
you have at least one voice m essage. Your VoI P service provider m ust support
t his feat ure.
Expirat ion Tim e
Keep t he default value for t his field, unless your VoI P service provider t ells you
t o change it . Ent er t he num ber of seconds t he SI P server should provide t he
m essage wait ing service each t im e t he Device subscribes t o t he service. Before
t his t im e passes, t he Device aut om at ically subscribes again.
Hot Line / Warm
Line Enable
Select t his t o enable t he hot line or warm line feat ure on t he Device.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
Table 112 VoI P > SI P > SI P Account > Add new accoun/ Edit ( cont inued)
LABEL
DESCRIPTION
Warm Line
Select t his t o have t he Device dial t he specified warm line num ber aft er you pick
up t he t elephone and do not press any keys on t he keypad for a period of t im e.
Hot Line
Select t his t o have t he Device dial t he specified hot line num ber im m ediat ely
when you pick up t he t elephone.
Hot Line / Warm
Line num ber
Ent er t he num ber of t he hot line or warm line t hat you want t he Device t o dial.
Warm Line Tim er
Ent er a num ber of seconds t hat t he Device wait s before dialing t he warm line
num ber if you pick up t he t elephone and do not press any keys on t he keypad.
Enable Missed
Call Em ail
Not ificat ion
Select t his opt ion t o have t he Device e- m ail you a not ificat ion when t here is a
m issed call.
Mail Server
Select a m ail server for t he e- m ail address specified below. I f you select N on e
here, e- m ail not ificat ions will not be sent via e- m ail.
You m ust have configured a m ail server already in t he Em a il N ot ifica t ion
screen.
Send
Not ificat ion t o
Em ail
Not ificat ions are sent t o t he e- m ail address specified in t his field. I f t his field is
left blank, not ificat ions will not be sent via e- m ail.
Missed Call
Em ail Tit le
Type a t it le t hat you want t o be in t he subj ect line of t he e- m ail not ificat ions t hat
t he Device sends.
Early Media
I VR Play
I ndex
Select t his opt ion if you want people t o hear a cust om ized recording when t hey
call you.
Select t he t one you want people t o hear when t hey call you.
This field is configurable only when you select Ea r ly M e dia . See Sect ion 21.10
on page 252 for inform at ion on how t o record t hese t ones.
Music On Hold
I VR Play
I ndex
Select t his opt ion t o play a cust om ized recording when you put people on hold.
Select t he t one t o play when you put som eone on hold.
This field is configurable only when you select M u sic On H old. See Sect ion
21.10 on page 252 for inform at ion on how t o record t hese t ones.
Apply
Click t his t o save your changes and t o apply t hem t o t he Device.
Cancel
Click t his t o set every field in t his screen t o it s last- saved value.
21.4 The SIP Service Provider Screen
Use t his screen t o view t he SI P service provider inform at ion on t he Device. Click VoI P > SI P >
SI P Se r vice Pr ovide r t o open t he following screen.
Figure 145 VoI P > SI P > SI P Service Provider
VMG8324-B10A / VMG8324-B30A Series User’s Guide
241
Chapter 21 Voice
Each field is described in t he following t able.
Table 113 VoI P > SI P > SI P Service Provider
LABEL
DESCRIPTION
Add new provider
This is t he index num ber of t he ent ry.
SI P Service
Provider Nam e
This shows t he nam e of t he SI P service provider.
SI P Server
Address
This shows t he I P address or dom ain nam e of t he SI P server.
REGI STER Server
Address
This shows t he I P address or dom ain nam e of t he SI P regist er server.
SI P Service
Dom ain
This shows t he SI P service dom ain nam e.
Modify
Click t he Edit icon t o configure t he SI P service provider.
Click t he D e le t e icon t o delet e t his SI P service provider from t he Device.
21.4.1 The SIP Service Provider Add/Edit Screen
Use t his screen t o configure a SI P service provider on t he Device. Click t he Add ne w pr ovide r
but t on or an Edit icon in t he VoI P > SI P > SI P Se r vice Pr ovide r t o open t he following screen.
242
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
Not e: Click m or e t o see all t he fields in t he screen. You don’t necessarily need t o use all
t hese fields t o set up your account . Click le ss t o see and configure only t he fields
needed for t his feat ure.
Figure 146 VoI P > SI P > SI P Service Provider > Add new provider/ Edit
Each field is described in t he following t able.
Table 114 VoI P > SI P > SI P Service Provider > Add new provider/ Edit
LABEL
DESCRIPTION
SI P Service Provider Select ion
Service
Provider
Select ion
Select t he SI P service provider profile you want t o use for t he SI P account you configure in
t his screen. I f you change t his field, t he screen aut om at ically refreshes.
General
SI P Service
Provider Nam e
Ent er t he nam e of your SI P service provider.
SI P Local Port
Ent er t he Device’s list ening port num ber, if your VoI P service provider gave you one.
Ot herwise, keep t he default value.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
243
Chapter 21 Voice
Table 114 VoI P > SI P > SI P Service Provider > Add new provider/ Edit ( cont inued)
LABEL
DESCRIPTION
SI P Server
Address
Ent er t he I P address or dom ain nam e of t he SI P server provided by your VoI P service
provider. You can use up t o 95 print able ASCI I charact ers. I t does not m at t er whet her t he
SI P server is a proxy, redirect or regist er server.
SI P Server Port
Ent er t he SI P server ’s list ening port num ber, if your VoI P service provider gave you one.
Ot herwise, keep t he default value.
REGI STER
Server Address
Ent er t he I P address or dom ain nam e of t he SI P regist er server, if your VoI P service provider
gave you one. Ot herwise, ent er t he sam e address you ent ered in t he SI P Se r ve r Addr e ss
field. You can use up t o 95 print able ASCI I charact ers.
REGI STER
Server Port
Ent er t he SI P regist er server ’s list ening port num ber, if your VoI P service provider gave you
one. Ot herwise, ent er t he sam e port num ber you ent ered in t he SI P Se r ve r Por t field.
SI P Service
Dom ain
Ent er t he SI P service dom ain nam e. I n t he full SI P URI , t his is t he part aft er t he @ sym bol.
You can use up t o 127 print able ASCI I Ext ended set charact ers.
RFC Support
Support
Locat ing SI P
Server
( RFC3263)
Select t his opt ion t o have t he Device use DNS procedures t o resolve t he SI P dom ain and
find t he SI P server ’s I P address, port num ber and support ed t ransport prot ocol( s) .
The Device first uses DNS Nam e Aut horit y Point er ( NAPTR) records t o det erm ine t he
t ransport prot ocols support ed by t he SI P server. I t t hen perform s DNS Service ( SRV) query
t o det erm ine t he port num ber for t he prot ocol. The Device resolves t he SI P server ’s I P
address by a st andard DNS address record lookup.
The SI P Se r ve r Por t and REGI STER Se r ve r Por t fields in t he Ge n e r a l sect ion above are
grayed out and not applicable and t he Tr a n spor t Type can also be set t o AUTO if you
select t his opt ion.
RFC
3262( Require:
100rel)
PRACK ( RFC 3262) defines a m echanism t o provide reliable t ransm ission of SI P provisional
response m essages, which convey inform at ion on t he processing progress of t he request .
This uses t he opt ion t ag 100rel and t he Provisional Response ACKnowledgem ent ( PRACK)
m et hod.
Select t his t o have t he t he peer device require t he opt ion t ag 100rel t o send provisional
responses reliably.
VoI P I OP Flags
Select t he VoI P int er- operabilit y set t ings you want t o act ivat e.
Replace dial
digit '# ' t o
'% 23' in SI P
m essages
Replace a dial digit “ # ” wit h “ % 23” in t he I NVI TE m essages.
Rem ove ‘: 5060’
and
't ransport = udp'
from requesturi in SI P
m essages
Rem ove “ : 5060” and “ t ransport = udp” from t he “ Request- URI ” st ring in t he REGI STER and
I NVI TE packet s.
Rem ove t he
'Rout e' header
in SI P
m essages
Rem ove t he 'Rout e' header in SI P packet s.
Don't send reI nvit e t o t he
rem ot e part y
w hen t here are
m ult iple codecs
answered in t he
SDP
Do not send a re- I nvit e packet t o t he rem ot e part y when t he rem ot e part y answers t hat it
can support m ult iple codecs.
Bound I nt erface Nam e
244
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
Table 114 VoI P > SI P > SI P Service Provider > Add new provider/ Edit ( cont inued)
LABEL
DESCRIPTION
Bound
I nt erface Nam e
I f you select LAN or Any_ W AN , t he Device aut om at ically act ivat es t he VoI P service when
any LAN or WAN connect ion is up.
I f you select M u lt i_ W AN , you also need t o select t wo or m ore pre- configured WAN
int erfaces. The VoI P service is act ivat ed only when one of t he select ed WAN connect ions is
up.
Out bound Proxy
Out bound
Proxy Address
Ent er t he I P address or dom ain nam e of t he SI P out bound proxy server if your VoI P service
provider has a SI P out bound server t o handle voice calls. This allows t he Device t o work
wit h any t ype of NAT rout er and elim inat es t he need for STUN or a SI P ALG. Turn off any SI P
ALG on a NAT rout er in front of t he Device t o keep it from re- t ranslat ing t he I P address
( since t his is already handled by t he out bound proxy server) .
Out bound
Proxy Port
Ent er t he SI P out bound proxy server ’s list ening port , if your VoI P service provider gave you
one. Ot herwise, keep t he default value.
RTP Port Range
St art Port
End Port
Ent er t he list ening port num ber( s) for RTP t raffic, if your VoI P service provider gave you t his
inform at ion. Ot herwise, keep t he default values.
To ent er one port num ber, ent er t he port num ber in t he St a r t Por t and En d Por t fields.
To ent er a range of port s,
•
•
ent er t he port num ber at t he beginning of t he range in t he St a r t Por t field.
ent er t he port num ber at t he end of t he range in t he En d Por t field.
SRTP Support
SRTP Support
When you m ake a VoI P call using SI P, t he Real- t im e Transport Prot ocol ( RTP) is used t o
handle voice dat a t ransfer. The Secure Real- t im e Transport Prot ocol ( SRTP) is a securit y
profile of RTP. I t is designed t o provide encrypt ion and aut hent icat ion for t he RTP dat a in
bot h unicast and m ult icast applicat ions.
The Device support s encrypt ion using AES wit h a 128- bit key. To prot ect dat a int egrit y, SRTP
uses a Hash- based Message Aut hent icat ion Code ( HMAC) calculat ion wit h Secure Hash
Algorit hm ( SHA) - 1 t o aut hent icat e dat a. HMAC SHA- 1 produces a 80 or 32- bit
aut hent icat ion t ag t hat is appended t o t he packet .
Bot h t he caller and callee should use t he sam e algorit hm s t o est ablish an SRTP session.
Crypt o Suit e
Select t he encrypt ion and aut hent icat ion algorit hm set used by t he Device t o set up an SRTP
m edia session wit h t he peer device.
Select AES_ CM _ 1 2 8 _ H M AC_ SH A1 _ 8 0 or AES_ CM _ 1 2 8 _ H M AC_ SH A1 _ 3 2 t o enable
bot h dat a encrypt ion and aut hent icat ion for voice dat a.
Select AES_ CM _ 1 2 8 _ N ULL t o use 128- bit dat a encrypt ion but disable dat a aut hent icat ion.
Select N ULL_ CI PH ER_ H M AC_ SH A1 _ 8 0 t o disable encrypt ion but require aut hent icat ion
using t he default 80- bit t ag.
DTMF Mode
DTMF Mode
Cont rol how t he Device handles t he t ones t hat your t elephone m akes when you push it s
but t ons. You should use t he sam e m ode your VoI P service provider uses.
RFC2 8 3 3 - send t he DTMF t ones in RTP packet s.
PCM - send t he DTMF t ones in t he voice dat a st ream . This m et hod works best when you are
using a codec t hat does not use com pression ( like G.711) . Codecs t hat use com pression
( like G.729 and G.726) can dist ort t he t ones.
SI P I N FO - send t he DTMF t ones in SI P m essages.
Transport Type
Transport Type
Select t he t ransport layer prot ocol UD P or TCP ( usually UDP) used for SI P.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
245
Chapter 21 Voice
Table 114 VoI P > SI P > SI P Service Provider > Add new provider/ Edit ( cont inued)
LABEL
DESCRIPTION
I gnore Direct I P Select En a ble t o have t he connect ed CPE devices accept SI P request s only from t he SI P
proxy/ regist er server specified above. SI P request s sent from ot her I P addresses will be
ignored.
FAX Opt ion
This field cont rols how t he Device handles fax m essages.
G711 Fax
Passt hrough
Select t his if t he Device should use G.711 t o send fax m essages. You have t o also select
which operat ing codec ( G.7 1 1 M u la w or G.7 1 1 Ala w ) t o use for encoding/ decoding FAX
dat a. The peer devices m ust use t he sam e set t ings.
T38 Fax Relay
Select t his if t he Device should send fax m essages as UDP or TCP/ I P packet s t hrough I P
net works. This provides bet t er qualit y, but it m ay have int er- operabilit y problem s. The peer
devices m ust also use T.38.
QoS Tag
SI P DSCP Mark
Set t ing
Ent er t he DSCP ( DiffServ Code Point ) num ber for SI P m essage t ransm issions. The Device
creat es Class of Service ( CoS) priorit y t ags wit h t his num ber t o SI P t raffic t hat it t ransm it s.
RTP DSCP Mark
Set t ing
Ent er t he DSCP ( DiffServ Code Point ) num ber for RTP voice t ransm issions. The Device
creat es Class of Service ( CoS) priorit y t ags wit h t his num ber t o RTP t raffic t hat it t ransm it s.
Tim er Set t ing
246
Expirat ion
Durat ion
Ent er t he num ber of seconds your SI P account is regist ered wit h t he SI P regist er server
before it is delet ed. The Device aut om at ically t ries t o re- regist er your SI P account when
one- half of t his t im e has passed. ( The SI P regist er server m ight have a different expirat ion.)
Regist er Resend t im er
Ent er t he num ber of seconds t he Device wait s before it t ries again t o regist er t he SI P
account , if t he first t ry failed or if t here is no response.
Session Expires
Ent er t he num ber of seconds t he Device let s a SI P session rem ain idle ( wit hout t raffic)
before it aut om at ically disconnect s t he session.
Min- SE
Ent er t he m inim um num ber of seconds t he Device let s a SI P session rem ain idle ( wit hout
t raffic) before it aut om at ically disconnect s t he session. When t wo SI P devices st art a SI P
session, t hey m ust agree on an expirat ion t im e for idle sessions. This field is t he short est
expirat ion t im e t hat t he Device accept s.
Phone Key
Config
Ent er t he key com binat ions for cert ain funct ions of t he SI P phone.
Call Ret urn
Ent er t he key com binat ions t hat you can ent er t o place a call t o t he last num ber t hat called
you.
One Shot Caller
Display Call
Ent er t he key com binat ions t hat you can ent er t o act ivat e caller I D for t he next call only.
One Shot Caller
Hidden Call
Ent er t he key com binat ions t hat you can ent er t o deact ivat e caller I D for t he next call only.
Call Wait ing
Enable
Ent er t he key com binat ions t hat you can ent er t o t urn on t he call wait ing funct ion.
Call Wait ing
Disable
Ent er t he key com binat ions t hat you can ent er t o t urn off t he call wait ing funct ion.
I VR
Ent er t he key com binat ions t hat you can ent er t o record cust om caller ringing t ones ( t he
sound a caller hears before you pick up t he phone) and on hold t ones ( t he sound som eone
hears when you put t heir call on hold) . I VR st ands for I nt eract ive Voice Response.
I nt ernal Call
Ent er t he key com binat ions t hat you can ent er t o call t he phone( s) connect ed t o t he Device.
Call Transfer
Ent er t he key com binat ions t hat you can ent er t o t ransfer a call t o anot her phone.
Uncondit ional
Call Forward
Enable
Ent er t he key com binat ions t hat you can ent er t o forward all incom ing calls t o t he phone
num ber you specified in t he SI P > SI P Account screen.
Uncondit ional
Call Forward
Disable
Ent er t he key com binat ions t hat you can ent er t o t urn t he uncondit ional call forward
funct ion off.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
Table 114 VoI P > SI P > SI P Service Provider > Add new provider/ Edit ( cont inued)
LABEL
DESCRIPTION
No Answer Call
Forward Enable
Ent er t he key com binat ions t hat you can ent er t o forward incom ing calls t o t he phone
num ber you specified in t he SI P > SI P Account screen if t he calls are unanswered.
No Answer Call
Forward
Disable
Ent er t he key com binat ions t hat you can ent er t o t urn t he no answer call forward funct ion
off.
Call Forward
When Busy
Enable
Ent er t he key com binat ions t hat you can ent er t o forward incom ing calls t o t he phone
num ber you specified in t he SI P > SI P Account screen if t he phone port is busy.
Call Forward
When Busy
Disable
Ent er t he key com binat ions t hat you can ent er t o t urn t he busy forward funct ion off.
One Shot Call
Wait ing Enable
Ent er t he key com binat ions t hat you can ent er t o act ivat e call wait ing on t he next calls.
One Shot Call
Wait ing Disable
Ent er t he key com binat ions t hat you can ent er t o deact ivat e call wait ing on t he next call
only.
Do Not Dist urb
Enable
Ent er t he key com binat ions t hat you can ent er t o set your phone not t o ring when som eone
calls you.
Do Not Dist urb
Disable
Ent er t he key com binat ions t hat you can ent er t o t urn t his funct ion off.
Call Com plet ion
on Busy
Subscriber
( CCBS)
Deact ivat e
Ent er t he key com binat ions t hat you can ent er t o disable CCBS on a call.
Out going SI P
Ent er t he key com binat ions t hat you can ent er t o select t he SI P account t hat you use t o
m ake out going calls.
I f you ent er # 12( by default ) < SI P account index num ber> # < t he phone num ber you want t o
call> , # 1201# 12345678 for exam ple, t he Device uses t he first SI P account t o call
12345678.
Dial Plan
Dial Plan
Enable
Select t his t o act ivat e t he dial plan rules you specify in t he t ext box provided. See Sect ion
21.4.2 on page 248 for how t o set up a rule.
Dialing I nt erval Select ion
Dialing I nt erval
Select ion
Ent er t he num ber of seconds t he Device should wait aft er you st op dialing num bers before it
m akes t he phone call. The value depends on how quickly you dial phone num bers.
I f you select I m m e dia t e D ia l En a ble , you can press t he pound key ( # ) t o t ell t he Device
t o m ake t he phone call im m ediat ely, regardless of t his set t ing.
I m m ediat e Dial Enable
I m m ediat e Dial
Enable
Select t his if you want t o use t he pound key ( # ) t o t ell t he Device t o m ake t he phone call
im m ediat ely, inst ead of wait ing t he num ber of seconds you select ed in t he D ia lin g I n t e r va l
Se le ct ion field.
I f you select t his, dial t he phone num ber, and t hen press t he pound key.
The Device m akes t he call im m ediat ely, inst ead of wait ing. You can st ill wait , if you want .
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
247
Chapter 21 Voice
21.4.2 Dial Plan Rules
A dial plan defines t he dialing pat t erns, such as t he lengt h and range of t he digit s for a t elephone
num ber. I t also includes count ry codes, access codes, area codes, local num bers, long dist ance
num bers or int ernat ional call prefixes. For exam ple, t he dial plan ( [ 2- 9] xxxxxx) does not allow a
local num ber which begins wit h 1 or 0.
Wit hout a dial plan, users have t o m anually ent er t he whole callee’s num ber and wait for t he
specified dialing int erval t o t im e out or press a t erm inat or key ( usually t he pound key on t he phone
keypad) before t he Device m akes t he call.
The Device init ializes a call when t he dialed num ber m at ches any one of t he rules in t he dial plan.
Dial plan rules follow t hese convent ions:
• The collect ion of rules is in parent heses ( ) .
• Rules are separat ed by t he | ( bar) sym bol.
• “ x” st ands for a wildcard and can be any digit from 0 t o 9.
• A subset of keys is in a square bracket [ ] . Ranges are allowed.
For exam ple, [ 359] m eans a num ber m at ching t his rule can be 3, 5 or 9. [ 26- 8* ] m eans a
num ber m at ching t his rule can be 2, 6, 7, 8 or * .
• The dot “ .” appended t o a digit allows t he digit t o be ignored or repeat ed m ult iple t im es. Any digit
( 0~ 9, * , # ) aft er t he dot will be ignored.
For exam ple, ( 01.) m eans a num ber m at ching t his rule can be 0, 01, 0111, 01111, and so on.
• < dialed- num ber: t ranslat ed- num ber> indicat es t he num ber aft er t he colon replaces t he num ber
before t he colon in an angle bracket < > . For exam ple,
( < : 1212> xxxxxxx) m eans t he Device aut om at ically prefixes t he t ranslat ed- num ber “ 1212” t o
t he num ber you dialed before m aking t he call. This can be used for local calls in t he US.
( < 9: > xxx xxxxxxx) m eans t he Device aut om at ically rem oves t he specified prefix “ 9” from t he
num ber you dialed before m aking t he call. This is always used for m aking out side calls from an
office.
( xx< 123: 456> xxxx) m eans t he Device aut om at ically t ranslat es “ 123” t o “ 456” in t he num ber
you dialed before m aking t he call.
• Calls wit h a num ber followed by t he exclam at ion m ark “ !” will be dropped.
• Calls wit h a num ber followed by t he t erm inat ion charact er “ @” will be m ade im m ediat ely. Any
digit ( 0~ 9, * , # ) aft er t he @ charact er will be ignored.
I n t his exam ple dial plan ( 0 | [ 49] 11 | 1 [ 2- 9] xx xxxxxxx | 1 947 xxxxxxx ! ) , you can dial “ 0” t o call
t he local operat or, call 411 or 911, or m ake a long dist ance call wit h an area code st art ing from 2 t o
9 in t he US. The calls wit h t he area code 947 will be dropped.
248
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
21.5 The Phone Screen
Use t his screen t o m aint ain set t ings t hat depend on which region of t he world t he Device is in. To
access t his screen, click VoI P > Ph on e .
Figure 147 VoI P > Phone
Each field is described in t he following t able.
Table 115 VoI P > Phone
LABEL
DESCRIPTION
Region Set t ings
Select t he place in which t he Device is locat ed.
Call Service Mode
Select t he m ode for supplem ent ary phone services ( call hold, call wait ing, call t ransfer
and t hree- way conference calls) t hat your VoI P service provider support s.
Eur ope Type - use supplem ent ary phone services in European m ode
USA Type - use supplem ent ary phone services Am erican m ode
You m ight have t o subscribe t o t hese services t o use t hem . Cont act your VoI P service
provider.
Apply
Click t his t o save your changes and t o apply t hem t o t he Device.
Cancel
Click t his t o set every field in t his screen t o it s last- saved value.
21.6 The Call Rule Screen
Use t his screen t o add, edit , or rem ove speed- dial num bers for out going calls. Speed dial provides
short cut s for dialing frequent ly- used ( VoI P) phone num bers. You also have t o creat e speed- dial
ent ries if you want t o call SI P num bers t hat cont ain let t ers. Once you have configured a speed dial
VMG8324-B10A / VMG8324-B30A Series User’s Guide
249
Chapter 21 Voice
rule, you can use a short cut ( t he speed dial num ber, # 01 for exam ple) on your phone's keypad t o
call t he phone num ber.
Figure 148 VoI P > Call Rule
Each field is described in t he following t able.
Table 116 VoI P > Call Rule
LABEL
DESCRIPTION
Clear all speed
dials
Click t his t o erase all t he speed- dial ent ries on t his screen.
Keys
This field displays t he speed- dial num ber you should dial t o use t his ent ry.
Num ber
Ent er t he SI P num ber you want t he Device t o call when you dial t he speed- dial num ber.
Descript ion
Ent er a nam e t o ident ify t he part y you call when you dial t he speed- dial num ber. You can
use up t o 127 print able ASCI I charact ers.
Apply
Click t his t o save your changes and t o apply t hem t o t he Device.
Cancel
Click t his t o set every field in t his screen t o it s last- saved value.
21.7 The Call History Summary Screen
The Device logs calls from or t o your SI P num bers. This screen allows you t o view t he sum m ary of
received, dialed and m issed calls.
Click VoI P > Ca ll H ist or y > Ca ll H ist or y Sum m a r y. The following screen displays.
Figure 149 VoI P > Call Hist ory > Call Hist ory Sum m ary
250
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
Each field is described in t he following t able.
Table 117 VoI P > Call Hist ory > Call Hist ory Sum m ary
LABEL
DESCRIPTION
Refresh
Click t his but t on t o renew t he call hist ory list .
Clear All
Click t his but t on t o rem ove all ent ries from t he call hist ory list .
This is a read- only index num ber.
Dat e
This is t he dat e when t he calls were m ade.
Tot al Calls
This displays t he t ot al num ber of calls from or t o your SI P num bers t hat day.
Out going Calls
This displays how m any calls originat ed from you t hat day.
I ncom ing Calls
This displays how m any calls you received t hat day.
Missing Calls
This displays how m any incom ing calls were not answered t hat day.
Tot al Durat ion
This displays how long all calls last ed t hat day.
21.8 The Call History Outgoing Calls Screen
Use t his screen t o see det ailed inform at ion for each out going call you m ade.
Click VoI P > Ca ll H ist or y > Ca ll H ist or y Out going. The following screen displays.
Figure 150 VoI P > Call Hist ory > Call Hist ory Out going
Each field is described in t he following t able.
Table 118 VoI P > Call Hist ory > Call Hist ory Out going
LABEL
DESCRIPTION
Refresh
Click t his but t on t o renew t he dialed call list .
Clear All
Click t his but t on t o rem ove all ent ries from t he dialed call list .
This is a read- only index num ber.
t im e
This is t he dat e and t im e when t he call was m ade.
phone port
This is t he phone port on which you m ade t he call.
phone num ber
This is t he SI P num ber you called.
durat ion
This displays how long t he call last ed.
21.9 The Call History Incoming Calls Screen
Use t his screen t o see det ailed inform at ion for each incom ing call from som eone calling you.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
251
Chapter 21 Voice
Click VoI P > Ca ll H ist or y > Ca ll H ist or y I ncom ing Ca lls. The following screen displays.
Figure 151 VoI P > Call Hist ory > Call Hist ory I ncom ing Calls
Each field is described in t he following t able.
Table 119 VoI P > Call Hist ory > Call Hist ory I ncom ing
LABEL
DESCRIPTION
Refresh
Click t his but t on t o renew t he received call list .
Clear All
Click t his but t on t o rem ove all ent ries from t he received call list .
This is a read- only index num ber.
t im e
This is t he dat e and t im e when t he call was m ade.
phone port
This is t he phone port on which you received t he call.
M isse d m eans t he call was unanswered.
phone num ber
This is t he SI P num ber t hat called you.
durat ion
This displays how long t he call last ed.
21.10 Technical Reference
This sect ion cont ains background m at erial relevant t o t he VoI P screens.
VoIP
VoI P is t he sending of voice signals over I nt ernet Prot ocol. This allows you t o m ake phone calls and
send faxes over t he I nt ernet at a fract ion of t he cost of using t he t radit ional circuit- swit ched
t elephone net work. You can also use servers t o run t elephone service applicat ions like PBX services
and voice m ail. I nt ernet Telephony Service Provider ( I TSP) com panies provide VoI P service.
Circuit- swit ched t elephone net works require 64 kilobit s per second ( Kbps) in each direct ion t o
handle a t elephone call. VoI P can use advanced voice coding t echniques wit h com pression t o reduce
t he required bandwidt h.
SIP
The Session I nit iat ion Prot ocol ( SI P) is an applicat ion- layer cont rol ( signaling) prot ocol t hat handles
t he set t ing up, alt ering and t earing down of voice and m ult im edia sessions over t he I nt ernet .
SI P signaling is separat e from t he m edia for which it handles sessions. The m edia t hat is exchanged
during t he session can use a different pat h from t hat of t he signaling. SI P handles t elephone calls
and can int erface wit h t radit ional circuit- swit ched t elephone net works.
SIP Identities
A SI P account uses an ident it y ( som et im es referred t o as a SI P address) . A com plet e SI P ident it y is
called a SI P URI ( Uniform Resource I dent ifier) . A SI P account 's URI ident ifies t he SI P account in a
252
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
way sim ilar t o t he way an e- m ail address ident ifies an e- m ail account . The form at of a SI P ident it y
is SI P- Num ber@SI P- Service- Dom ain.
SIP Number
The SI P num ber is t he part of t he SI P URI t hat com es before t he “ @” sym bol. A SI P num ber can
use let t ers like in an e- m ail address ( j ohndoe@your- I TSP.com for exam ple) or num bers like a
t elephone num ber ( 1122334455@VoI P- provider.com for exam ple) .
SIP Service Domain
The SI P service dom ain of t he VoI P service provider is t he dom ain nam e in a SI P URI . For exam ple,
if t he SI P address is 1122334455@VoI P- provider.com , t hen “ VoI P- provider.com ” is t he SI P service
dom ain.
SIP Registration
Each Device is an individual SI P User Agent ( UA) . To provide voice service, it has a public I P
address for SI P and RTP prot ocols t o com m unicat e wit h ot her servers.
A SI P user agent has t o regist er wit h t he SI P regist rar and m ust provide inform at ion about t he
users it represent s, as well as it s current I P address ( for t he rout ing of incom ing SI P request s) .
Aft er successful regist rat ion, t he SI P server knows t hat t he users ( ident ified by t heir dedicat ed SI P
URI s) are represent ed by t he UA, and knows t he I P address t o which t he SI P request s and
responses should be sent .
Regist rat ion is init iat ed by t he User Agent Client ( UAC) running in t he VoI P gat eway ( t he Device) .
The gat eway m ust be configured wit h inform at ion let t ing it know where t o send t he REGI STER
m essage, as well as t he relevant user and aut horizat ion dat a.
A SI P regist rat ion has a lim it ed lifespan. The User Agent Client m ust renew it s regist rat ion wit hin
t his lifespan. I f it does not do so, t he regist rat ion dat a will be delet ed from t he SI P regist rar's
dat abase and t he connect ion broken.
The Device at t em pt s t o regist er all enabled subscriber port s when it is swit ched on. When you
enable a subscriber port t hat was previously disabled, t he Device at t em pt s t o regist er t he port
im m ediat ely.
Authorization Requirements
SI P regist rat ions ( and subsequent SI P request s) require a usernam e and password for
aut horizat ion. These credent ials are validat ed via a challenge / response syst em using t he HTTP
digest m echanism ( as det ailed in RFC 3261, " SI P: Session I nit iat ion Prot ocol") .
SIP Servers
SI P is a client- server prot ocol. A SI P client is an applicat ion program or device t hat sends SI P
request s. A SI P server responds t o t he SI P request s.
When you use SI P t o m ake a VoI P call, it originat es at a client and t erm inat es at a server. A SI P
client could be a com put er or a SI P phone. One device can act as bot h a SI P client and a SI P server.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
253
Chapter 21 Voice
SIP User Agent
A SI P user agent can m ake and receive VoI P t elephone calls. This m eans t hat SI P can be used for
peer- t o- peer com m unicat ions even t hough it is a client- server prot ocol. I n t he following figure,
eit her A or B can act as a SI P user agent client t o init iat e a call. A and B can also bot h act as a SI P
user agent t o receive t he call.
Figure 152 SI P User Agent
SIP Proxy Server
A SI P proxy server receives request s from client s and forwards t hem t o anot her server.
I n t he following exam ple, you want t o use client device A t o call som eone who is using client device
C.
The client device ( A in t he figure) sends a call invit at ion t o t he SI P proxy server ( B) .
The SI P proxy server forwards t he call invit at ion t o C.
Figure 153 SI P Proxy Server
SIP Redirect Server
A SI P redirect server accept s SI P request s, t ranslat es t he dest inat ion address t o an I P address and
sends t he t ranslat ed I P address back t o t he device t hat sent t he request . Then t he client device t hat
originally sent t he request can send request s t o t he I P address t hat it received back from t he
redirect server. Redirect servers do not init iat e SI P request s.
254
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
I n t he following exam ple, you want t o use client device A t o call som eone who is using client device
C.
Client device A sends a call invit at ion for C t o t he SI P redirect server ( B) .
The SI P redirect server sends t he invit at ion back t o A wit h C’s I P address ( or dom ain nam e) .
Client device A t hen sends t he call invit at ion t o client device C.
Figure 154 SI P Redirect Server
SIP Register Server
A SI P regist er server m aint ains a dat abase of SI P ident it y- t o- I P address ( or dom ain nam e)
m apping. The regist er server checks your user nam e and password when you regist er.
RTP
When you m ake a VoI P call using SI P, t he RTP ( Real t im e Transport Prot ocol) is used t o handle voice
dat a t ransfer. See RFC 1889 for det ails on RTP.
Pulse Code Modulation
Pulse Code Modulat ion ( PCM) m easures analog signal am plit udes at regular t im e int ervals and
convert s t hem int o bit s.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
255
Chapter 21 Voice
SIP Call Progression
The following figure displays t he basic st eps in t he set up and t ear down of a SI P call. A calls B.
Table 120 SI P Call Progression
1. I NVI TE
2. Ringing
3. OK
4. ACK
5.Dialogue ( voice t raffic)
6. BYE
7. OK
A sends a SI P I NVI TE request t o B. This m essage is an invit at ion for B t o part icipat e in a SI P
t elephone call.
B sends a response indicat ing t hat t he t elephone is ringing.
B sends an OK response aft er t he call is answered.
A t hen sends an ACK m essage t o acknowledge t hat B has answered t he call.
Now A and B exchange voice m edia ( t alk) .
Aft er t alking, A hangs up and sends a BYE request .
B replies wit h an OK response confirm ing receipt of t he BYE request and t he call is t erm inat ed.
SIP Call Progression Through Proxy Servers
Usually, t he SI P UAC set s up a phone call by sending a request t o t he SI P proxy server. Then, t he
proxy server looks up t he dest inat ion t o which t he call should be forwarded ( according t o t he URI
request ed by t he SI P UAC) . The request m ay be forwarded t o m ore t han one proxy server before
arriving at it s dest inat ion.
The response t o t he request goes t o all t he proxy servers t hrough which t he request passed, in
reverse sequence. Once t he session is set up, session t raffic is sent bet ween t he UAs direct ly,
bypassing all t he proxy servers in bet ween.
256
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
The following figure shows t he SI P and session t raffic flow bet ween t he user agent s ( UA 1 and UA
2 ) and t he proxy servers ( t his exam ple shows t wo proxy servers, PROXY 1 and PROXY 2 ) .
Figure 155 SI P Call Through Proxy Servers
PROXY 1
PROXY 2
SIP
SIP
SIP
SIP & RTP
UA 1
UA 2
The following t able shows t he SI P call progression.
Table 121 SI P Call Progression
UA 1
PROXY 1
PROXY 2
UA 2
I nvit e
I nvit e
100 Trying
I nvit e
100 Trying
180 Ringing
180 Ringing
180 Ringing
200 OK
200 OK
200 OK
ACK
RTP
RTP
BYE
200 OK
Use r Age n t 1 sends a SI P I NVI TE request t o Pr ox y 1 . This m essage is an invit at ion t o Use r
Age nt 2 t o part icipat e in a SI P t elephone call. Pr ox y 1 sends a response indicat ing t hat it is t rying
t o com plet e t he request .
Pr ox y 1 sends a SI P I NVI TE request t o Pr ox y 2 . Pr ox y 2 sends a response indicat ing t hat it is
t rying t o com plet e t he request .
Pr ox y 2 sends a SI P I NVI TE request t o Use r Age nt 2 .
Use r Age n t 2 sends a response back t o Pr ox y 2 indicat ing t hat t he phone is ringing. The response
is relayed back t o Use r Age n t 1 via Pr ox y 1 .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
257
Chapter 21 Voice
Use r Age n t 2 sends an OK response t o Pr ox y 2 aft er t he call is answered. This is also relayed
back t o Use r Age nt 1 via Pr ox y 1 .
Use r Age n t 1 and Use r Age nt 2 exchange RTP packet s cont aining voice dat a direct ly, wit hout
involving t he proxies.
When Use r Age nt 2 hangs up, he sends a BYE request .
Use r Age n t 1 replies wit h an OK response confirm ing receipt of t he BYE request , and t he call is
t erm inat ed.
Voice Coding
A codec ( coder/ decoder) codes analog voice signals int o digit al signals and decodes t he digit al
signals back int o analog voice signals. The Device support s t he following codecs.
• G.711 is a Pulse Code Modulat ion ( PCM) waveform codec. PCM m easures analog signal
am plit udes at regular t im e int ervals and convert s t hem int o digit al sam ples. G.711 provides very
good sound qualit y but requires 64 kbps of bandwidt h.
• G.726 is an Adapt ive Different ial PCM ( ADPCM) waveform codec t hat uses a lower bit rat e t han
st andard PCM conversion. ADPCM convert s analog audio int o digit al signals based on t he
difference bet ween each audio sam ple and a predict ion based on previous sam ples. The m ore
sim ilar t he audio sam ple is t o t he predict ion, t he less space needed t o describe it . G.726 operat es
at 16, 24, 32 or 40 kbps.
• G.729 is an Analysis- by- Synt hesis ( AbS) hybrid waveform codec t hat uses a filt er based on
inform at ion about how t he hum an vocal t ract produces sounds. G.729 provides good sound
qualit y and reduces t he required bandwidt h t o 8 kbps.
Voice Activity Detection/Silence Suppression
Voice Act ivit y Det ect ion ( VAD) det ect s whet her or not speech is present . This let s t he Device reduce
t he bandwidt h t hat a call uses by not t ransm it t ing “ silent packet s” when you are not speaking.
Comfort Noise Generation
When using VAD, t he Device generat es com fort noise when t he ot her part y is not speaking. The
com fort noise let s you know t hat t he line is st ill connect ed as t ot al silence could easily be m ist aken
for a lost connect ion.
Echo Cancellation
G.168 is an I TU-T st andard for elim inat ing t he echo caused by t he sound of your voice
reverberat ing in t he t elephone receiver while you t alk.
MWI (Message Waiting Indication)
Enable Message Wait ing I ndicat ion ( MWI ) enables your phone t o give you a m essage–wait ing
( beeping) dial t one when you have a voice m essage( s) . Your VoI P service provider m ust have a
m essaging syst em t hat sends m essage wait ing st at us SI P packet s as defined in RFC 3842.
258
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
Custom Tones (IVR)
I VR ( I nt eract ive Voice Response) is a feat ure t hat allows you t o use your t elephone t o int eract wit h
t he Device. The Device allows you t o record cust om t ones for t he Ea r ly M e dia and M usic On H old
funct ions. The sam e recordings apply t o bot h t he caller ringing and on hold t ones.
Table 122 Cust om Tones Det ails
LABEL
DESCRIPTION
Tot al Tim e for All Tones
900 seconds for all cust om t ones com bined
Maxim um Tim e per
I ndividual Tone
180 seconds
Tot al Num ber of Tones
Recordable
You can record up t o 5 different cust om t ones but t he t ot al t im e m ust be 900
seconds or less.
Recording Custom Tones
Use t he following st eps if you would like t o creat e new t ones or change your t ones:
Pick up t he phone and press “ * * * * ” on your phone’s keypad and wait for t he m essage t hat says
you are in t he configurat ion m enu.
Press a num ber from 1101~ 1105 on your phone followed by t he “ # ” key.
Play your desired m usic or voice recording int o t he receiver ’s m out hpiece. Press t he “ # ” key.
You can cont inue t o add, list en t o, or delet e t ones, or you can hang up t he receiver when you are
done.
Listening to Custom Tones
Do t he following t o list en t o a cust om t one:
Pick up t he phone and press “ * * * * ” on your phone’s keypad and wait for t he m essage t hat says
you are in t he configurat ion m enu.
Press a num ber from 1201~ 1208 followed by t he “ # ” key t o list en t o t he t one.
You can cont inue t o add, list en t o, or delet e t ones, or you can hang up t he receiver when you are
done.
Deleting Custom Tones
Do t he following t o delet e a cust om t one:
Pick up t he phone and press “ * * * * ” on your phone’s keypad and wait for t he m essage t hat says
you are in t he configurat ion m enu.
Press a num ber from 1301~ 1308 followed by t he “ # ” key t o delet e t he t one of your choice. Press
14 followed by t he “ # ” key if you wish t o clear all your cust om t ones.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
259
Chapter 21 Voice
You can cont inue t o add, list en t o, or delet e t ones, or you can hang up t he receiver when you are
done.
21.10.1 Quality of Service (QoS)
Qualit y of Service ( QoS) refers t o bot h a net work's abilit y t o deliver dat a wit h m inim um delay, and
t he net working m et hods used t o provide bandwidt h for real- t im e m ult im edia applicat ions.
Type of Service (ToS)
Net work t raffic can be classified by set t ing t he ToS ( Type of Service) values at t he dat a source ( for
exam ple, at t he Device) so a server can decide t he best m et hod of delivery, t hat is t he least cost ,
fast est rout e and so on.
DiffServ
DiffServ is a class of service ( CoS) m odel t hat m arks packet s so t hat t hey receive specific per- hop
t reat m ent at DiffServ- com pliant net work devices along t he rout e based on t he applicat ion t ypes
and t raffic flow. Packet s are m arked wit h DiffServ Code Point s ( DSCP) indicat ing t he level of service
desired. This allows t he int erm ediary DiffServ- com pliant net work devices t o handle t he packet s
different ly depending on t he code point s wit hout t he need t o negot iat e pat hs or rem em ber st at e
inform at ion for every flow. I n addit ion, applicat ions do not have t o request a part icular service or
give advanced not ice of where t he t raffic is going. 3
DSCP and Per-Hop Behavior
DiffServ defines a new DS ( Different iat ed Services) field t o replace t he Type of Service ( TOS) field
in t he I P header. The DS field cont ains a 2- bit unused field and a 6- bit DSCP field which can define
up t o 64 service levels. The following figure illust rat es t he DS field.
DSCP is backward com pat ible wit h t he t hree precedence bit s in t he ToS oct et so t hat non- DiffServ
com pliant , ToS- enabled net work device will not conflict wit h t he DSCP m apping.
Figure 156 DiffServ: Different iat ed Service Field
DSCP
Unused
( 6- bit )
(2-bit)
The DSCP value det erm ines t he forwarding behavior, t he PHB ( Per- Hop Behavior) , t hat each packet
get s across t he DiffServ net work. Based on t he m arking rule, different kinds of t raffic can be
m arked for different priorit ies of forwarding. Resources can t hen be allocat ed according t o t he DSCP
values and t he configured policies.
21.10.2 Phone Services Overview
Supplem ent ary services such as call hold, call wait ing, and call t ransfer. are generally available from
your VoI P service provider. The Device support s t he following services:
3.
260
The Device does not support DiffServ at the time of writing.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
• Call Ret urn
• Call Hold
• Call Wait ing
• Making a Second Call
• Call Transfer
• Call Forwarding
• Three- Way Conference
• I nt ernal Calls
• Call Park and Pickup
• Do not Dist urb
• I VR
• Call Com plet ion
• CCBS
• Out going SI P
Not e: To t ake full advant age of t he supplem ent ary phone services available t hrough t he
Device's phone port s, you m ay need t o subscribe t o t he services from your VoI P
service provider.
21.10.2.1 The Flash Key
Flashing m eans t o press t he hook for a short period of t im e ( a few hundred m illiseconds) before
releasing it . On newer t elephones, t here should be a " flash" key ( but t on) t hat generat es t he signal
elect ronically. I f t he flash key is not available, you can t ap ( press and im m ediat ely release) t he
hook by hand t o achieve t he sam e effect . However, using t he flash key is preferred since t he t im ing
is m uch m ore precise. Wit h m anual t apping, if t he durat ion is t oo long, it m ay be int erpret ed as
hanging up by t he Device.
You can invoke all t he supplem ent ary services by using t he flash key.
21.10.2.2 Europe Type Supplementary Phone Services
This sect ion describes how t o use supplem ent ary phone services wit h t he Eur ope Type Ca ll
Se r vice M ode . Com m ands for supplem ent ary services are list ed in t he t able below.
Aft er pressing t he flash key, if you do not issue t he sub- com m and before t he default sub- com m and
t im eout ( 2 seconds) expires or issue an invalid sub- com m and, t he current operat ion will be
abort ed.
Table 123 European Flash Key Com m ands
COMMAND
SUB-COMMAND
Flash
DESCRIPTION
Put a current call on hold t o place a second call.
Swit ch back t o t he call ( if t here is no second call) .
Flash
Drop t he call present ly on hold or rej ect an incom ing call which is wait ing
for answer.
Flash
Disconnect t he current phone connect ion and answer t he incom ing call or
resum e wit h caller present ly on hold.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
261
Chapter 21 Voice
Table 123 European Flash Key Com m ands
COMMAND
SUB-COMMAND
DESCRIPTION
Flash
1. Swit ch back and fort h bet ween t wo calls.
2. Put a current call on hold t o answer an incom ing call.
3. Separat e t he current t hree- way conference call int o t wo individual calls
( one is on- line, t he ot her is on hold) .
Flash
Creat e t hree- way conference connect ion.
Flash
* 98#
Transfer t he call t o anot her phone.
European Call Hold
Call hold allows you t o put a call ( A) on hold by pressing t he flash key.
I f you have anot her call, press t he flash key and t hen “ 2” t o swit ch back and fort h bet ween caller A
and B by put t ing eit her one on hold.
Press t he flash key and t hen “ 0” t o disconnect t he call present ly on hold and keep t he current call
on line.
Press t he flash key and t hen “ 1” t o disconnect t he current call and resum e t he call on hold.
I f you hang up t he phone but a caller is st ill on hold, t here will be a rem ind ring.
European Call Waiting
This allows you t o place a call on hold while you answer anot her incom ing call on t he sam e
t elephone ( direct ory) num ber.
I f t here is a second call t o a t elephone num ber, you will hear a call wait ing t one. Take one of t he
following act ions.
• Rej ect t he second call.
Press t he flash key and t hen press “ 0”.
• Disconnect t he first call and answer t he second call.
Eit her press t he flash key and press “ 1”, or j ust hang up t he phone and t hen answer t he phone
aft er it rings.
• Put t he first call on hold and answer t he second call.
Press t he flash key and t hen “ 2”.
European Call Transfer
Do t he following t o t ransfer an incom ing call ( t hat you have answered) t o anot her phone.
262
Press t he flash key t o put t he caller on hold.
When you hear t he dial t one, dial “ * 98# ” followed by t he num ber t o which you want t o t ransfer t he
call.
Aft er you hear t he ring signal or t he second part y answers it , hang up t he phone.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
European Three-Way Conference
Use t he following st eps t o m ake t hree- way conference calls.
When you are on t he phone t alking t o som eone, press t he flash key t o put t he caller on hold and
get a dial t one.
Dial a phone num ber direct ly t o m ake anot her call.
When t he second call is answered, press t he flash key and press “ 3” t o creat e a t hree- way
conversat ion.
Hang up t he phone t o drop t he connect ion.
I f you want t o separat e t he act ivat ed t hree- way conference int o t wo individual connect ions ( one is
on- line, t he ot her is on hold) , press t he flash key and press “ 2”.
21.10.2.3 USA Type Supplementary Services
This sect ion describes how t o use supplem ent ary phone services wit h t he USA Type Ca ll Se r vice
M ode . Com m ands for supplem ent ary services are list ed in t he t able below.
Aft er pressing t he flash key, if you do not issue t he sub- com m and before t he default sub- com m and
t im eout ( 2 seconds) expires or issue an invalid sub- com m and, t he current operat ion will be
abort ed.
Table 124 USA Flash Key Com m ands
COMMAND
SUB-COMMAND
Flash
DESCRIPTION
Put a current call on hold t o place a second call. Aft er t he second call is
successful, press t he flash key again t o have a t hree- way conference call.
Put a current call on hold t o answer an incom ing call.
Flash
* 98#
Transfer t he call t o anot her phone.
USA Call Hold
Call hold allows you t o put a call ( A) on hold by pressing t he flash key.
I f you have anot her call, press t he flash key t o swit ch back and fort h bet ween caller A and B by
put t ing eit her one on hold.
I f you hang up t he phone but a caller is st ill on hold, t here will be a rem ind ring.
USA Call Waiting
This allows you t o place a call on hold while you answer anot her incom ing call on t he sam e
t elephone ( direct ory) num ber.
I f t here is a second call t o your t elephone num ber, you will hear a call wait ing t one.
Press t he flash key t o put t he first call on hold and answer t he second call.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
263
Chapter 21 Voice
USA Call Transfer
Do t he following t o t ransfer an incom ing call ( t hat you have answered) t o anot her phone.
Press t he flash key t o put t he caller on hold.
When you hear t he dial t one, dial “ * 98# ” followed by t he num ber t o which you want t o t ransfer t he
call.
Aft er you hear t he ring signal or t he second part y answers it , hang up t he phone.
USA Three-Way Conference
Use t he following st eps t o m ake t hree- way conference calls.
When you are on t he phone t alking t o som eone ( part y A) , press t he flash key t o put t he caller on
hold and get a dial t one.
Dial a phone num ber direct ly t o m ake anot her call ( t o part y B) .
When part y B answers t he second call, press t he flash key t o creat e a t hree- way conversat ion.
Hang up t he phone t o drop t he connect ion.
I f you want t o separat e t he act ivat ed t hree- way conference int o t wo individual connect ions ( wit h
part y A on- line and part y B on hold) , press t he flash key.
I f you want t o go back t o t he t hree- way conversat ion, press t he flash key again.
I f you want t o separat e t he act ivat ed t hree- way conference int o t wo individual connect ions again,
press t he flash key. This t im e t he part y B is on- line and part y A is on hold.
21.10.2.4 Phone Functions Summary
The following t able shows t he key com binat ions you can ent er on your phone’s keypad t o use
cert ain feat ures.
Table 125 Phone Funct ions Sum m ary
264
ACTION
FUNCTION
DESCRIPTION
* 98#
Call t ransfer
Transfer a call t o anot her phone. See Sect ion 21.10.2.2 on page 261
( Europe t ype) and Sect ion 21.10.2.3 on page 263 ( USA t ype) .
* 66#
Call ret urn
Place a call t o t he last person who called you.
* 95#
Enable Do Not Dist urb
# 95#
Disable Do Not Dist urb
Use t hese t o set your phone not t o ring when som eone calls you, or
t o t urn t his funct ion off.
* 41#
Enable Call Wait ing
# 41#
Disable Call Wait ing
****
I VR
Use t hese t o set up I nt eract ive Voice Response ( I VR) . I VR allow s
you t o record cust om caller ringing t ones ( t he sound a caller hears
before you pick up t he phone) and on hold t ones ( t he sound
som eone hears when you put t heir call on hold) .
####
I nt ernal Call
Call t he phone( s) connect ed t o t he Device.
Use t hese t o allow you t o put a call on hold when you are answering
anot her, or t o t urn t his funct ion off.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 21 Voice
Table 125 Phone Funct ions Sum m ary
ACTION
FUNCTION
DESCRIPTION
* 82
One Shot Caller Display Call
Act ivat e or deact ivat e caller I D for t he next call only.
* 67
One Shot Caller Hidden Call
VMG8324-B10A / VMG8324-B30A Series User’s Guide
265
Chapter 21 Voice
266
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
22
Log
22.1 Overview
The web configurat or allows you t o choose which cat egories of event s and/ or alert s t o have t he
Device log and t hen display t he logs or have t he Device send t hem t o an adm inist rat or ( as e- m ail)
or t o a syslog server.
22.1.1 What You Can Do in this Chapter
• Use t he Syst e m Log screen t o see t he syst em logs ( Sect ion 22.2 on page 268) .
• Use t he Se cu r it y Log screen t o see t he securit y- relat ed logs for t he cat egories t hat you select
( Sect ion 22.3 on page 269) .
22.1.2 What You Need To Know
The following t erm s and concept s m ay help as you read t his chapt er.
Alerts and Logs
An alert is a t ype of log t hat warrant s m ore serious at t ent ion. They include syst em errors, at t acks
( access cont rol) and at t em pt ed access t o blocked web sit es. Som e cat egories such as Syst e m
Er r or s consist of bot h logs and alert s. You m ay different iat e t hem by t heir color in t he Vie w Log
screen. Alert s display in red and logs display in black.
Syslog Overview
The syslog prot ocol allows devices t o send event not ificat ion m essages across an I P net work t o
syslog servers t hat collect t he event m essages. A syslog- enabled device can generat e a syslog
m essage and send it t o a syslog server.
Syslog is defined in RFC 3164. The RFC defines t he packet form at , cont ent and syst em log relat ed
inform at ion of syslog m essages. Each syslog m essage has a facilit y and severit y level. The syslog
facilit y ident ifies a file in t he syslog server. Refer t o t he docum ent at ion of your syslog program for
det ails. The following t able describes t he syslog severit y levels.
Table 126 Syslog Severit y Levels
CODE
SEVERITY
Em ergency: The syst em is unusable.
Alert : Act ion m ust be t aken im m ediat ely.
Crit ical: The syst em condit ion is crit ical.
Error: There is an error condit ion on t he syst em .
Warning: There is a warning condit ion on t he syst em .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
267
Chapter 22 Log
Table 126 Syslog Severit y Levels
CODE
SEVERITY
Not ice: There is a norm al but significant condit ion on t he syst em .
I nform at ional: The syslog contains an inform at ional m essage.
Debug: The m essage is int ended for debug- level purposes.
22.2 The System Log Screen
Use t he Syst e m Log screen t o see t he syst em logs. Click Syst e m M onit or > Log t o open t he
Syst e m Log screen.
Figure 157 Syst em Monit or > Log > Syst em Log
The following t able describes t he fields in t his screen.
Table 127 Syst em Monit or > Log > Syst em Log
LABEL
DESCRIPTION
Level
Select a severit y level from t he drop- down list box. This filt ers search result s according t o
t he severit y level you have select ed. When you select a severit y, t he Device searches
t hrough all logs of t hat severit y or higher.
Cat egory
Select t he t ype of logs t o display.
Clear Log
Click t his t o delet e all t he logs.
Refresh
Click t his t o renew t he log screen.
Export Log
Click t his t o export t he select ed log( s) .
Em ail Log Now
Click t his t o send t he log file( s) t o t he E- m ail address you specify in t he M a in t e n a n ce >
Logs Se t t in g screen.
Syst em Log
268
This field is a sequent ial value and is not associat ed wit h a specific ent ry.
Tim e
This field displays t he t im e t he log was recorded.
Facilit y
The log facilit y allows you t o send logs t o different files in t he syslog server. Refer t o t he
docum ent at ion of your syslog program for m ore det ails.
Level
This field displays t he severit y level of t he logs t hat t he device is t o send t o t his syslog
server.
Messages
This field st at es t he reason for t he log.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 22 Log
22.3 The Security Log Screen
Use t he Se cu r it y Log screen t o see t he securit y- relat ed logs for t he cat egories t hat you select .
Click Syst e m M onit or > Log > Se cur it y Log t o open t he following screen.
Figure 158 Syst em Monit or > Log > Securit y Log
The following t able describes t he fields in t his screen.
Table 128 Syst em Monit or > Log > Securit y Log
LABEL
DESCRIPTION
Level
Select a severit y level from t he drop- down list box. This filt ers search result s according t o
t he severit y level you have select ed. When you select a severit y, t he Device searches
t hrough all logs of t hat severit y or higher.
Cat egory
Select t he t ype of logs t o display.
Clear Log
Click t his t o delet e all t he logs.
Refresh
Click t his t o renew t he log screen.
Export Log
Click t his t o export t he select ed log( s) .
Em ail Log Now
Click t his t o send t he log file( s) t o t he E- m ail address you specify in t he M a in t e n a n ce >
Logs Se t t in g screen.
This field is a sequent ial value and is not associat ed wit h a specific ent ry.
Tim e
This field displays t he t im e t he log was recorded.
Facilit y
The log facilit y allows you t o send logs t o different files in t he syslog server. Refer t o t he
docum ent at ion of your syslog program for m ore det ails.
Level
This field displays t he severit y level of t he logs t hat t he device is t o send t o t his syslog
server.
Messages
This field st at es t he reason for t he log.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
269
Chapter 22 Log
270
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
23
Traffic Status
23.1 Overview
Use t he Tr a ffic St a t us screens t o look at net work t raffic st at us and st at ist ics of t he WAN, LAN
int erfaces and NAT.
23.1.1 What You Can Do in this Chapter
• Use t he W AN screen t o view t he WAN t raffic st at ist ics ( Sect ion 23.2 on page 271) .
• Use t he LAN screen t o view t he LAN t raffic st at ist ics ( Sect ion 23.3 on page 273) .
• Use t he N AT screen t o view t he NAT st at us of t he Device’s client ( s) ( Sect ion 23.4 on page 274)
23.2 The WAN Status Screen
Click Syst e m M onit or > Tr a ffic St a t us t o open t he W AN screen. The figure in t his screen shows
t he num ber of byt es received and sent on t he Device.
Figure 159 Syst em Monit or > Traffic St at us > WAN
VMG8324-B10A / VMG8324-B30A Series User’s Guide
271
Chapter 23 Traffic Status
The following t able describes t he fields in t his screen.
Table 129 Syst em Monit or > Traffic St at us > WAN
LABEL
DESCRIPTION
Connect ed
I nt erface
This shows t he nam e of t he WAN int erface t hat is current ly connect ed.
Packet s Sent
Dat a
This indicat es t he num ber of t ransm it t ed packet s on t his int erface.
Error
This indicat es t he num ber of fram es wit h errors t ransm it t ed on t his int erface.
Drop
This indicat es t he num ber of out going packet s dropped on t his int erface.
Packet s Received
Dat a
This indicat es t he num ber of received packet s on t his int erface.
Error
This indicat es t he num ber of fram es wit h errors received on t his int erface.
Drop
This indicat es t he num ber of received packet s dropped on t his int erface.
m ore...hide
m ore
Click m or e ... t o show m ore inform at ion. Click h ide m or e t o hide t hem .
Disabled
I nt erface
This shows t he nam e of t he WAN int erface t hat is current ly disconnect ed.
Packet s Sent
Dat a
This indicat es t he num ber of t ransm it t ed packet s on t his int erface.
Error
This indicat es t he num ber of fram es wit h errors t ransm it t ed on t his int erface.
Drop
This indicat es t he num ber of out going packet s dropped on t his int erface.
Packet s Received
272
Dat a
This indicat es t he num ber of received packet s on t his int erface.
Error
This indicat es t he num ber of fram es wit h errors received on t his int erface.
Drop
This indicat es t he num ber of received packet s dropped on t his int erface.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 23 Traffic Status
23.3 The LAN Status Screen
Click Syst e m M onit or > Tr a ffic St a t us > LAN t o open t he following screen. The figure in t his
screen shows t he int erface t hat is current ly connect ed on t he Device.
Figure 160 Syst em Monit or > Traffic St at us > LAN
The following t able describes t he fields in t his screen.
Table 130 Syst em Monit or > Traffic St at us > LAN
LABEL
DESCRIPTION
Refresh I nt erval
Select how oft en you want t he Device t o updat e t his screen.
I nt erface
This shows t he LAN or WLAN int erface.
Byt es Sent
This indicat es t he num ber of byt es t ransm it t ed on t his int erface.
Byt es Received
This indicat es t he num ber of byt es received on t his int erface.
m ore...hide
m ore
Click m or e ... t o show m ore inform at ion. Click h ide m or e t o hide t hem .
I nt erface
This shows t he LAN or WLAN int erface.
Sent ( Packet s)
Dat a
This indicat es t he num ber of t ransm it t ed packet s on t his int erface.
Error
This indicat es t he num ber of fram es wit h errors t ransm it t ed on t his int erface.
Drop
This indicat es t he num ber of out going packet s dropped on t his int erface.
Received ( Packet s)
Dat a
This indicat es t he num ber of received packet s on t his int erface.
Error
This indicat es t he num ber of fram es wit h errors received on t his int erface.
Drop
This indicat es t he num ber of received packet s dropped on t his int erface.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
273
Chapter 23 Traffic Status
23.4 The NAT Status Screen
Click Syst e m M onit or > Tr a ffic St a t us > N AT t o open t he following screen. The figure in t his
screen shows t he NAT session st at ist ics for host s current ly connect ed on t he Device.
Figure 161 Syst em Monit or > Traffic St at us > NAT
The following t able describes t he fields in t his screen.
Table 131 Syst em Monit or > Traffic St at us > NAT
274
LABEL
DESCRIPTION
Refresh I nt erval
Select how oft en you want t he Device t o updat e t his screen.
Device Nam e
This displays t he nam e of t he connect ed host .
I P Address
This displays t he I P address of t he connect ed host .
MAC Address
This displays t he MAC address of t he connect ed host .
No. of Open
Session
This displays t he num ber of NAT sessions current ly opened for t he connect ed
host .
Tot al
This displays what percent age of NAT sessions t he Device can support is current ly
being used by all connect ed host s.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
24
VoIP Status
24.1 The VoIP Status Screen
Click Syst e m M onit or > VoI P St a t us t o open t he following screen. You can view t he VoI P
regist rat ion, current call st at us and phone num bers in t his screen.
Figure 162 Syst em Monit or > VoI P St at us
The following t able describes t he fields in t his screen.
Table 132 Syst em Monit or > VoI P St at us
LABEL
DESCRIPTION
Poll I nt erval( s)
Ent er t he num ber of seconds t he Device needs t o wait before updat ing t his screen and t hen
click Se t I n t e r va l. Click St op t o have t he Device st op updat ing t his screen.
SI P St at us
Account
This colum n displays each SI P account in t he Device.
Regist rat ion
This field displays t he current regist rat ion st at us of t he SI P account . You can change t his in
t he St a t us screen.
Re gist e r e d - The SI P account is regist ered wit h a SI P server.
N ot Re gist e r e d - The last t im e t he Device t ried t o regist er t he SI P account wit h t he SI P
server, t he at t em pt failed. The Device aut om at ically t ries t o regist er t he SI P account when
you t urn on t he Device or when you act ivat e it .
I n a ct ive - The SI P account is not act ive. You can act ivat e it in V oI P > SI P > SI P
Accou n t .
Regist rat ion
Tim e
This field displays t he last t im e t he Device successfully regist ered t he SI P account . The field
is blank if t he Device has never successfully regist ered t his account .
URI
This field displays t he account num ber and service dom ain of t he SI P account . You can
change t hese in t he V oI P > SI P screens.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
275
Chapter 24 VoIP Status
Table 132 Syst em Monit or > VoI P St at us ( cont inued)
LABEL
DESCRIPTION
Message
Wait ing
This field indicat es whet her or not t here are any m essages wait ing for t he SI P account .
Last I ncom ing
Num ber
This field displays t he last num ber t hat called t he SI P account . The field is blank if no
num ber has ever dialed t he SI P account .
Last Out going
Num ber
This field displays t he last num ber t he SI P account called. The field is blank if t he SI P
account has never dialed a num ber.
Call St at us
Account
This colum n displays each SI P account in t he Device.
Durat ion
This field displays how long t he current call has last ed.
St at us
This field displays t he current st at e of t he phone call.
I dle - There are no current VoI P calls, incom ing calls or out going calls being m ade.
D ia l - The callee’s phone is ringing.
Rin g - The phone is ringing for an incom ing VoI P call.
Pr oce ss - There is a VoI P call in progress.
D I SC - The callee’s line is busy, t he callee hung up or your phone was left off t he hook.
Codec
This field displays what voice codec is being used for a current VoI P call t hrough a phone
port .
Peer Num ber
This field displays t he SI P num ber of t he part y t hat is current ly engaged in a VoI P call
t hrough a phone port .
Phone St at us
276
Phone
This field displays t he nam e of a phone port on t he Device.
Out going
Num ber
This field displays t he SI P num ber t hat you use t o m ake calls on t his phone port .
I ncom ing
Num ber
This field displays t he SI P num ber t hat you use t o receive calls on t his phone port .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
25
ARP Table
25.1 Overview
Address Resolut ion Prot ocol ( ARP) is a prot ocol for m apping an I nt ernet Prot ocol address ( I P
address) t o a physical m achine address, also known as a Media Access Cont rol or MAC address, on
t he local area net work.
An I P ( version 4) address is 32 bit s long. I n an Et hernet LAN, MAC addresses are 48 bit s long. The
ARP Table m aint ains an associat ion bet ween each MAC address and it s corresponding I P address.
25.1.1 How ARP Works
When an incom ing packet dest ined for a host device on a local area net work arrives at t he device,
t he device's ARP program looks in t he ARP Table and, if it finds t he address, sends it t o t he device.
I f no ent ry is found for t he I P address, ARP broadcast s t he request t o all t he devices on t he LAN.
The device fills in it s own MAC and I P address in t he sender address fields, and put s t he known I P
address of t he t arget in t he t arget I P address field. I n addit ion, t he device put s all ones in t he t arget
MAC field ( FF.FF.FF.FF.FF.FF is t he Et hernet broadcast address) . The replying device ( which is eit her
t he I P address of t he device being sought or t he rout er t hat knows t he way) replaces t he broadcast
address wit h t he t arget 's MAC address, swaps t he sender and t arget pairs, and unicast s t he answer
direct ly back t o t he request ing m achine. ARP updat es t he ARP Table for fut ure reference and t hen
sends t he packet t o t he MAC address t hat replied.
25.2 ARP Table Screen
Use t he ARP t able t o view I P- t o- MAC address m apping( s) . To open t his screen, click Syst e m
M onit or > ARP Ta ble .
Figure 163 Syst em Monit or > ARP Table
VMG8324-B10A / VMG8324-B30A Series User’s Guide
277
Chapter 25 ARP Table
The following t able describes t he labels in t his screen.
Table 133 Syst em Monit or > ARP Table
LABEL
278
DESCRIPTION
This is t he ARP t able ent ry num ber.
I Pv4/ I Pv6
Address
This is t he learned I Pv4 or I Pv6 I P address of a device connect ed t o a port .
MAC Address
This is t he MAC address of t he device wit h t he list ed I P address.
Device
This is t he t ype of int erface used by t he device. You can click on t he device t ype t o go t o it s
configurat ion screen.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
26
Routing Table
26.1 Overview
Rout ing is based on t he dest inat ion address only and t he Device t akes t he short est pat h t o forward
a packet .
26.2 The Routing Table Screen
Click Syst e m M onit or > Rou t in g Ta ble t o open t he following screen.
Figure 164 Syst em Monit or > Rout ing Table
The following t able describes t he labels in t his screen.
Table 134 Syst em Monit or > Rout ing Table
LABEL
DESCRIPTION
I Pv4/ I Pv6 Rout ing Table
Dest inat ion
This indicat es t he dest inat ion I Pv4 address or I Pv6 address and prefix of t his rout e.
Gat eway
This indicat es t he I Pv4 address or I Pv6 address of t he gat eway t hat helps forward t his
rout e’s t raffic.
Subnet Mask
This indicat es t he dest inat ion subnet m ask of t he I Pv4 rout e.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
279
Chapter 26 Routing Table
Table 134 Syst em Monit or > Rout ing Table ( cont inued)
LABEL
DESCRIPTION
Flag
This indicat es t he rout e st at us.
U- Up: The rout e is up.
!- Re j e ct : The rout e is blocked and will force a rout e lookup t o fail.
G- Ga t e w a y: The rout e uses a gat eway t o forward t raffic.
H - H ost : The t arget of t he rout e is a host .
R- Re in st a t e : The rout e is reinst at ed for dynam ic rout ing.
D - D yn a m ic ( r e dir e ct ) : The rout e is dynam ically inst alled by a rout ing daem on or redirect .
M - M odifie d ( r e dir e ct ) : The rout e is m odified from a rout ing daem on or redirect .
Met ric
The m et ric represent s t he " cost of t ransm ission" . A rout er det erm ines t he best rout e for
t ransm ission by choosing a pat h wit h t he lowest " cost " . The sm aller t he num ber, t he lower
t he " cost " .
Service
This indicat es t he nam e of t he service used t o forward t he rout e.
I nt erface
This indicat es t he nam e of t he int erface t hrough which t he rout e is forwarded.
br x indicat es a LAN int erface where x can be 0~ 3 t o represent LAN1 t o LAN4 respect ively.
pt m 0 indicat es a WAN int erface using I PoE or in bridge m ode.
ppp0 indicat es a WAN int erface using PPPoE.
280
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
27
IGMP/MLD Status
27.1 Overview
Use t he I GM P St a t us screens t o look at I GMP/ MLD group st at us and t raffic st at ist ics.
27.2 The IGMP/MLD Group Status Screen
Use t his screen t o look at t he current list of m ult icast groups t he Device has j oined and which port s
have j oined it . To open t his screen, click Syst e m M onit or > I GM P/ M LD Gr ou p St a t u s.
Figure 165 Syst em Monit or > I GMP/ MLD Group St at us
The following t able describes t he labels in t his screen.
Table 135 Syst em Monit or > I GMP/ MLD Group St at us
LABEL
DESCRIPTION
I nt erface
This field displays t he nam e of an int erface on t he Device t hat belongs t o an I GMP or MLD
m ult icast group.
Mult icast Group
This field displays t he nam e of t he I GMP or MLD m ult icast group t o which t he int erface
belongs.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
281
Chapter 27 IGMP/MLD Status
Table 135 Syst em Monit or > I GMP/ MLD Group St at us ( cont inued)
LABEL
DESCRIPTION
Filt er Mode
I N CLUD E m eans t hat only t he I P addresses in t he Sou r ce List get t o receive t he m ult icast
group’s t raffic.
EXCLUD E m eans t hat t he I P addresses in t he Sour ce List are not allowed t o receive t he
m ult icast group’s t raffic but ot her I P addresses can.
Source List
282
This is t he list of I P addresses t hat are allowed or not allowed t o receive t he m ult icast
group’s t raffic depending on t he filt er m ode.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
28
xDSL Statistics
28.1 The xDSL Statistics Screen
Use t his screen t o view det ailed DSL st at ist ics. Click Syst e m M on it or > x D SL St a t ist ics t o open
t he following screen.
Figure 166 Syst em Monit or > xDSL St at ist ics
VMG8324-B10A / VMG8324-B30A Series User’s Guide
283
Chapter 28 xDSL Statistics
284
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 28 xDSL Statistics
The following t able describes t he labels in t his screen.
Table 136 St at us > xDSL St at ist ics
LABEL
DESCRIPTION
Refresh I nt erval
Select t he t im e int erval for refreshing st at ist ics.
Line
Select which DSL line’s st at ist ics you want t o display.
xDSL Training
St at us
This displays t he current st at e of set t ing up t he DSL connect ion.
Mode
This displays t he I TU st andard used for t his connect ion.
Traffic Type
This displays t he t ype of t raffic t he DSL port is sending and receiving. I na ct ive displays if
t he DSL port is not current ly sending or receiving t raffic.
Link Upt im e
This displays how long t he port has been running ( or connect ed) since t he last t im e it was
st art ed.
xDSL Port Det ails
Upst ream
These are t he st at ist ics for t he t raffic direct ion going out from t he port t o t he service
provider.
Downst ream
These are t he st at ist ics for t he t raffic direct ion com ing int o t he port from t he service
provider.
Line Rat e
These are t he dat a t ransfer rat es at which t he port is sending and receiving dat a.
Act ual Net Dat a
Rat e
These are t he rat es at which t he port is sending and receiving t he payload dat a wit hout
t ransport layer prot ocol headers and t raffic.
Trellis Coding
This displays whet her or not t he port is using Trellis coding for t raffic it is sending and
receiving. Trellis coding helps t o reduce t he noise in ADSL t ransm issions. Trellis m ay
reduce t hroughput but it m akes t he connect ion m ore st able.
SNR Margin
This is t he upst ream and downst ream Signal- t o- Noise Rat io m argin ( in dB) . A DMT subcarrier ’s SNR is t he rat io bet ween t he received signal power and t he received noise power.
The signal- t o- noise rat io m argin is t he m axim um t hat t he received noise power could
increase wit h t he syst em st ill being able t o m eet it s t ransm ission t arget s.
Act ual Delay
This is t he upst ream and downst ream int erleave delay. I t is t he wait ( in m illiseconds) t hat
det erm ines t he size of a single block of dat a t o be int erleaved ( assem bled) and t hen
t ransm it t ed. I nt erleave delay is used when t ransm ission error correct ion ( Reed- Solom on)
is necessary due t o a less t han ideal t elephone line. The bigger t he delay, t he bigger t he
dat a block size, allowing bet t er error correct ion t o be perform ed.
Transm it Power
This is t he upst ream and downst ream far end act ual aggregat e t ransm it power ( in dBm ) .
Upst ream is how m uch power t he port is using t o t ransm it t o t he service provider.
Downst ream is how m uch port t he service provider is using t o t ransm it t o t he port .
Receive Power
Upst ream is how m uch power t he service provider is receiving from t he port . Downst ream
is how m uch power t he port is receiving from t he service provider.
Act ual I NP
Sudden spikes in t he line’s level of ext ernal noise ( im pulse noise) can cause errors and
result in lost packet s. This could especially im pact t he qualit y of m ult im edia t raffic such as
voice or video. I m pulse noise prot ect ion ( I NP) provides a buffer t o allow for correct ion of
errors caused by error correct ion t o deal wit h t his. The num ber of DMT ( Discret e Mult iTone) sym bols shows t he level of im pulse noise prot ect ion for t he upst ream and
downst ream t raffic. A higher sym bol value provides higher error correct ion capabilit y, but it
causes overhead and higher delay which m ay increase error rat es in received m ult im edia
dat a.
Tot al
At t enuat ion
This is t he upst ream and downst ream line at t enuat ion, m easured in decibels ( dB) . This
at t enuat ion is t he difference bet ween t he power t ransm it t ed at t he near- end and t he power
received at t he far- end. At t enuat ion is affect ed by t he channel charact erist ics ( w ire gauge,
qualit y, condit ion and lengt h of t he physical line) .
At t ainable Net
Dat a Rat e
These are t he highest t heoret ically possible t ransfer rat es at which t he port could send and
receive payload dat a wit hout t ransport layer prot ocol headers and t raffic.
xDSL Count ers
VMG8324-B10A / VMG8324-B30A Series User’s Guide
285
Chapter 28 xDSL Statistics
Table 136 St at us > xDSL St at ist ics ( cont inued)
286
LABEL
DESCRIPTION
Downst ream
These are t he st at ist ics for t he t raffic direct ion com ing int o t he port from t he service
provider.
Upst ream
These are t he st at ist ics for t he t raffic direct ion going out from t he port t o t he service
provider.
FEC
This is t he num ber of Far End Correct ed blocks.
CRC
This is t he num ber of Cyclic Redundancy Checks.
ES
This is t he num ber of Errored Seconds m eaning t he num ber of seconds cont aining at least
one errored block or at least one defect .
SES
This is t he num ber of Severely Errored Seconds m eaning t he num ber of seconds cont aining
30% or m ore errored blocks or at least one defect . This is a subset of ES.
UAS
This is t he num ber of UnAvailable Seconds.
LOS
This is t he num ber of Loss Of Signal seconds.
LOF
This is t he num ber of Loss Of Fram e seconds.
LOM
This is t he num ber of Loss of Margin seconds.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
29
3G Statistics
29.1 Overview
Use t he 3 G St a t ist ics screens t o look at 3G I nt ernet connect ion st at us.
29.2 The 3G Statistics Screen
To open t his screen, click Syst e m M onit or > 3 G St a t ist ics. The 3G st at us is available on t his
screen only when you insert a com pat ible 3G dongle in a USB port on t he Device.
Figure 167 Syst em Monit or > 3G St at ist ics
The following t able describes t he labels in t his screen.
Table 137 Syst em Monit or > 3G St at ist ics
LABEL
DESCRIPTION
Refresh
I nt erval
Select how oft en you want t he Device t o updat e t his screen. Select N o Re fr e sh t o st op
refreshing.
3G St at us
This field displays t he st at us of t he 3G I nt ernet connect ion. This field can display:
GSM - Global Syst em for Mobile Com m unicat ions, 2G
GPRS - General Packet Radio Service, 2.5G
ED GE - Enhanced Dat a rat es for GSM Evolut ion, 2.75G
W CD M A - Wideband Code Division Mult iple Access, 3G
H SD PA - High- Speed Downlink Packet Access, 3.5G
H SUPA - High- Speed Uplink Packet Access, 3.75G
H SPA - HSDPA+ HSUPA, 3.75G
Service
Provider
This field displays t he nam e of t he service provider.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
287
Chapter 29 3G Statistics
Table 137 Syst em Monit or > 3G St at ist ics ( cont inued)
LABEL
288
DESCRIPTION
Signal St rengt h
This field displays t he st rengt h of t he signal in dBm .
Connect ion
Upt im e
This field displays t he t im e t he connect ion has been up.
3G Card
Manufact urer
This field displays t he m anufact urer of t he 3G card.
3G Card Model
This field displays t he m odel nam e of t he 3G card.
3G Card F/ W
Version
This field displays t he firm ware version of t he 3G card.
SI M Card I MSI
The I nt ernat ional Mobile Subscriber I dent it y or I MSI is a unique ident ificat ion num ber
associat ed wit h all cellular net works. This num ber is provisioned in t he SI M card.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
30
User Account
30.1 Overview
I n t he Use r s Account screen, you can change t he password of t he “ adm in” user account t hat you
used t o log in t he Device.
30.2 The User Account Screen
Click M a in t e na n ce > Use r Accoun t t o open t he following screen.
Figure 168 Maint enance > User Account
The following t able describes t he labels in t his screen.
Table 138 Maint enance > User Account
LABEL
DESCRIPTION
User Nam e
This field displays t he nam e of t he account t hat you used t o log in t he syst em .
Old Password
Type t he default password or t he exist ing password you use t o access t he syst em in t his
field.
New Password
Type your new syst em password ( up t o 256 charact ers) . Not e t hat as you t ype a password,
t he screen displays a ( * ) for each charact er you t ype. Aft er you change t he password, use
t he new password t o access t he Device.
Ret ype t o
confirm
Type t he new password again for confirm at ion.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
289
Chapter 30 User Account
290
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
31
Remote Management
31.1 Overview
Rem ot e m anagem ent cont rols t hrough which int erface( s) , which services can access t he Device.
Not e: The Device is m anaged using t he Web Configurat or.
31.2 The Remote MGMT Screen
Use t his screen t o configure t hrough which int erface( s) , which services can access t he Device. You
can also specify t he port num bers t he services m ust use t o connect t o t he Device. Click
M a int e na nce > Re m ot e M GM T t o open t he following screen.
Figure 169 Maint enance > Rem ot e MGMT
The following t able describes t he fields in t his screen.
Table 139 Maint enance > Rem ot e MGMT
LABEL
DESCRIPTION
WAN I nt erface
used for
services
Select An y W AN t o have t he Device aut om at ically act ivat e t he rem ot e m anagem ent service
when any WAN connect ion is up.
HTTP
This is t he service you m ay use t o access t he Device.
LAN/ WLAN
Select t he En a ble check box for t he corresponding services t hat you want t o allow access t o
t he Device from t he LAN/ WLAN.
WAN
Select t he En a ble check box for t he corresponding services t hat you want t o allow access t o
t he Device from t he WAN.
Select M u lt i W AN and t hen select one or m ore WAN connect ions t o have t he Device
act ivat e t he rem ot e m anagem ent service when t he select ed WAN connect ions are up.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
291
Chapter 31 Remote Management
Table 139 Maint enance > Rem ot e MGMT ( cont inued)
LABEL
DESCRIPTION
Port
You m ay change t he server port num ber for a service if needed, however you m ust use t he
sam e port num ber in order t o use t hat service for rem ot e m anagem ent .
Cert ificat e
HTTPS
Cert ificat e
Select a cert ificat e t he HTTPS server ( t he Device) uses t o aut hent icat e it self t o t he HTTPS
client . You m ust have cert ificat es already configured in t he Ce r t ifica t e s screen.
Apply
Click Apply t o save your changes back t o t he Device.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
31.3 The Trust Domain Screen
Use t his screen t o view a list of public I P addresses which are allowed t o access t he Device t hrough
t he services configured in t he M a int e n a n ce > Re m ot e M GM T screen. Click M a int e na nce >
Re m ot e M GM T > Tur st D om a in t o open t he following screen.
Not e: I f t his list is em pt y, all public I P addresses can access t he Device from t he WAN
t hrough t he specified services.
Figure 170 Maint enance > Rem ot e MGMT > Trust Dom ain
The following t able describes t he fields in t his screen.
Table 140 Maint enance > Rem ot e MGMT > Trust Dom ain
292
LABEL
DESCRIPTION
Add Trust
Dom ain
Click t his t o add a t rust ed host I P address.
I Pv4 Address
This field shows a t rust ed host I P address.
Delet e
Click t he D e le t e icon t o rem ove t he t rust I P address.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 31 Remote Management
31.4 The Add Trust Domain Screen
Use t his screen t o configure a public I P address which is allowed t o access t he Device. Click t he Add
Tr ust D om a in but t on in t he M a in t e n a n ce > Re m ot e M GM T > Tur st D om a in screen t o open t he
following screen.
Figure 171 Maint enance > Rem ot e MGMT > Trust Dom ain > Add Trust Dom ain
The following t able describes t he fields in t his screen.
Table 141 Maint enance > Rem ot e MGMT > Trust Dom ain > Add Trust Dom ain
LABEL
DESCRIPTION
I Pv4 Address
Ent er a public I Pv4 I P address which is allowed t o access t he service on t he Device from t he
WAN.
Apply
Click Apply t o save your changes back t o t he Device.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
293
Chapter 31 Remote Management
294
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
32
TR-069 Client
32.1 Overview
This chapt er explains how t o configure t he Device’s TR- 069 aut o- configurat ion set t ings.
32.2 The TR-069 Client Screen
TR- 069 defines how Cust om er Prem ise Equipm ent ( CPE) , for exam ple your Device, can be m anaged
over t he WAN by an Aut o Configurat ion Server ( ACS) . TR- 069 is based on sending Rem ot e
Procedure Calls ( RPCs) bet ween an ACS and a client device. RPCs are sent in Ext ensible Markup
Language ( XML) form at over HTTP or HTTPS.
An adm inist rat or can use an ACS t o rem ot ely set up t he Device, m odify set t ings, perform firm ware
upgrades as well as m onit or and diagnose t he Device. You have t o enable t he device t o be m anaged
by t he ACS and specify t he ACS I P address or dom ain nam e and usernam e and password.
Click M a in t e n a n ce > TR- 0 6 9 Clie n t t o open t he following screen. Use t his screen t o configure
your Device t o be m anaged by an ACS.
Figure 172 Maint enance > TR- 069 Client
VMG8324-B10A / VMG8324-B30A Series User’s Guide
295
Chapter 32 TR-069 Client
The following t able describes t he fields in t his screen.
Table 142 Maint enance > TR- 069 Client
LABEL
DESCRIPTION
I nform
Select En a ble for t he Device t o send periodic inform via TR- 069 on t he WAN. Ot herwise,
select D isa ble .
I nform I nt erval
Ent er t he t im e int erval ( in seconds) at which t he Device sends inform at ion t o t he aut oconfigurat ion server.
ACS URL
Ent er t he URL or I P address of t he aut o- configurat ion server.
ACS User Nam e
Ent er t he TR- 069 user nam e for aut hent icat ion wit h t he aut o- configurat ion server.
ACS Password
Ent er t he TR- 069 password for aut hent icat ion wit h t he aut o- configurat ion server.
WAN I nt erface
used by TR- 069
client
Select a WAN int erface t hrough which t he TR- 069 t raffic passes.
I f you select An y_ W AN , t he Device aut om at ically passes t he TR- 069 t raffic when any WAN
connect ion is up.
I f you select M u lt i_ W AN , you also need t o select t wo or m ore pre- configured WAN
int erfaces. The Device aut om at ically passes t he TR- 069 t raffic when one of t he select ed WAN
connect ions is up.
296
Display SOAP
m essages on
serial console
Select En a ble t o show t he SOAP m essages on t he console.
Connect ion
Request
Aut hent icat ion
Select t his opt ion t o enable aut hent icat ion when t here is a connect ion request from t he ACS.
Connect ion
Request User
Nam e
Ent er t he connect ion request user nam e.
Connect ion
Request
Password
Ent er t he connect ion request password.
When t he ACS m akes a connect ion request t o t he Device, t his user nam e is used t o
aut hent icat e t he ACS.
When t he ACS m akes a connect ion request t o t he Device, t his password is used t o
aut hent icat e t he ACS.
Connect ion
Request URL
This shows t he connect ion request URL.
Local cert ificat e
used by TR- 069
client
You can choose a local cert ificat e used by TR- 069 client . The local cert ificat e should be
im port ed in t he Se cu r it y > Ce r t ifica t e s > Loca l Ce r t ifica t e s screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
The ACS can use t his URL t o m ake a connect ion request t o t he Device.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
33
TR-064
33.1 Overview
This chapt er explains how t o configure t he Device’s TR- 064 aut o- configurat ion set t ings.
33.2 The TR-064 Screen
TR- 064 is a LAN- Side DSL CPE Configurat ion prot ocol defined by t he DSL Forum . TR- 064 is built on
t op of UPnP. I t allows t he users t o use a TR- 064 com pliant CPE m anagem ent applicat ion on t heir
com put ers from t he LAN t o discover t he CPE and configure user- specific param et ers, such as t he
usernam e and password.
Click M a in t e na n ce > TR- 0 6 4 t o open t he following screen.
Figure 173 Maint enance > TR- 064
The following t able describes t he fields in t his screen.
Table 143 Maint enance > TR- 064
LABEL
DESCRIPTION
St at e
Select En a ble t o act ivat e m anagem ent via TR- 064 on t he LAN.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
297
Chapter 33 TR-064
298
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
34
SNMP
34.1 Overview
This chapt er explains how t o configure t he SNMP set t ings on t he Device.
34.2 The SNMP Screen
Sim ple Net work Managem ent Prot ocol is a prot ocol used for exchanging m anagem ent inform at ion
bet ween net work devices. Your Device support s SNMP agent funct ionalit y, which allows a m anager
st at ion t o m anage and m onit or t he Device t hrough t he net work. The Device support s SNMP version
one ( SNMPv1) and version t wo ( SNMPv2c) . The next figure illust rat es an SNMP m anagem ent
operat ion.
Figure 174 SNMP Managem ent Model
An SNMP m anaged net work consist s of t wo m ain t ypes of com ponent : agent s and a m anager.
An agent is a m anagem ent soft ware m odule t hat resides in a m anaged device ( t he Device) . An
agent t ranslat es t he local m anagem ent inform at ion from t he m anaged device int o a form
com pat ible wit h SNMP. The m anager is t he console t hrough which net work adm inist rat ors perform
net work m anagem ent funct ions. I t execut es applicat ions t hat cont rol and m onit or m anaged
devices.
The m anaged devices cont ain obj ect variables/ m anaged obj ect s t hat define each piece of
inform at ion t o be collect ed about a device. Exam ples of variables include such as num ber of
packet s received, node port st at us et c. A Managem ent I nform at ion Base ( MI B) is a collect ion of
VMG8324-B10A / VMG8324-B30A Series User’s Guide
299
Chapter 34 SNMP
m anaged obj ect s. SNMP allows a m anager and agent s t o com m unicat e for t he purpose of accessing
t hese obj ect s.
SNMP it self is a sim ple request / response prot ocol based on t he m anager/ agent m odel. The
m anager issues a request and t he agent ret urns responses using t he following prot ocol operat ions:
• Get - Allows t he m anager t o ret rieve an obj ect variable from t he agent .
• Get Next - Allows t he m anager t o ret rieve t he next obj ect variable from a t able or list wit hin an
agent . I n SNMPv1, when a m anager want s t o ret rieve all elem ent s of a t able from an agent , it
init iat es a Get operat ion, followed by a series of Get Next operat ions.
• Set - Allows t he m anager t o set values for obj ect variables wit hin an agent .
• Trap - Used by t he agent t o inform t he m anager of som e event s.
Click M a in t e n a n ce > SN M P t o open t he following screen. Use t his screen t o configure t he Device
SNMP set t ings.
Figure 175 Maint enance > SNMP
The following t able describes t he fields in t his screen.
Table 144 Maint enance > SNMP
300
LABEL
DESCRIPTION
SNMP Agent
Select En a ble t o let t he Device act as an SNMP agent , which allows a m anager st at ion
t o m anage and m onit or t he Device t hrough t he net work. Select D isa ble t o t urn t his
feat ure off.
Get Com m unit y
Ent er t he Ge t Com m un it y, which is t he password for t he incom ing Get and Get Next
request s from t he m anagem ent st at ion.
Set Com m unit y
Ent er t he Se t com m u n it y, which is t he password for incom ing Set request s from t he
m anagem ent st at ion.
Syst em Nam e
Ent er t he SNMP syst em nam e.
Syst em Locat ion
Ent er t he SNMP syst em locat ion.
Syst em Cont act
Ent er t he SNMP syst em cont act .
Trap Dest inat ion
Type t he I P address of t he st at ion t o send your SNMP t raps t o.
Apply
Click t his t o save your changes back t o t he Device.
Cancel
Click t his t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
35
Time Settings
35.1 Overview
This chapt er shows you how t o configure syst em relat ed set t ings, such as syst em t im e, password,
nam e, t he dom ain nam e and t he inact ivit y t im eout int erval.
35.2 The Time Screen
To change your Device’s t im e and dat e, click M a int e na nce > Tim e . The screen appears as shown.
Use t his screen t o configure t he Device’s t im e based on your local t im e zone.
Figure 176 Maint enance > Tim e
VMG8324-B10A / VMG8324-B30A Series User’s Guide
301
Chapter 35 Time Settings
The following t able describes t he fields in t his screen.
Table 145 Maint enance > Tim e
LABEL
DESCRIPTION
Current Dat e/ Tim e
Current Tim e
This field displays t he t im e of your Device.
Each t im e you reload t his page, t he Device synchronizes t he t im e wit h t he t im e server.
Current Dat e
This field displays t he dat e of your Device.
Each t im e you reload t his page, t he Device synchronizes t he dat e wit h t he t im e server.
NTP Tim e Server
First ~ Fift h NTP
t im e server
Select an NTP t im e server from t he drop- down list box.
Ot herwise, select Ot h e r and ent er t he I P address or URL ( up t o 29 ext ended ASCI I
charact ers in lengt h) of your t im e server.
Select N on e if you don’t want t o configure t he t im e server.
Check wit h your I SP/ net work adm inist rat or if you are unsure of t his inform at ion.
Tim e Zone
Tim e zone offset
Choose t he t im e zone of your locat ion. This will set t he t im e difference bet ween your t im e
zone and Greenwich Mean Tim e ( GMT) .
Daylight Saving
Daylight Saving Tim e is a period from lat e spring t o early fall when m any count ries set
t heir clocks ahead of norm al local t im e by one hour t o give m ore dayt im e light in t he
evening.
St at e
Select En a ble if you use Daylight Saving Tim e.
St art rule:
Configure t he day and t im e when Daylight Saving Tim e st art s if you enabled Daylight
Saving. You can select a specific dat e in a part icular m ont h or a specific day of a specific
week in a part icular m ont h. The Tim e field uses t he 24 hour form at . Here are a couple of
exam ples:
Daylight Saving Tim e st art s in m ost part s of t he Unit ed St at es on t he second Sunday of
March. Each t im e zone in t he Unit ed St at es st art s using Daylight Saving Tim e at 2 A.M.
local t im e. So in t he Unit ed St at es, set t he day t o Se con d, Su n da y, t he m ont h t o M a r ch
and t he t im e t o 2 in t he H ou r field.
Daylight Saving Tim e st art s in t he European Union on t he last Sunday of March. All of t he
t im e zones in t he European Union st art using Daylight Saving Tim e at t he sam e m om ent
( 1 A.M. GMT or UTC) . So in t he European Union you would set t he day t o La st , Sun da y
and t he m ont h t o M a r ch . The t im e you select in t he o'clock field depends on your t im e
zone. I n Germ any for inst ance, you would select 2 in t he H ou r field because Germ any's
t im e zone is one hour ahead of GMT or UTC ( GMT+ 1) .
End rule
Configure t he day and t im e when Daylight Saving Tim e ends if you enabled Daylight
Saving. You can select a specific dat e in a part icular m ont h or a specific day of a specific
week in a part icular m ont h. The Tim e field uses t he 24 hour form at . Here are a couple of
exam ples:
Daylight Saving Tim e ends in t he Unit ed St at es on t he first Sunday of Novem ber. Each
t im e zone in t he Unit ed St at es st ops using Daylight Saving Tim e at 2 A.M. local t im e. So
in t he Unit ed St at es you would set t he day t o Fir st , Su n da y, t he m ont h t o N ove m be r
and t he t im e t o 2 in t he H ou r field.
Daylight Saving Tim e ends in t he European Union on t he last Sunday of Oct ober. All of t he
t im e zones in t he European Union st op using Daylight Saving Tim e at t he sam e m om ent
( 1 A.M. GMT or UTC) . So in t he European Union you would set t he day t o La st , Su nda y,
and t he m ont h t o Oct obe r. The t im e you select in t he o'clock field depends on your t im e
zone. I n Germ any for inst ance, you would select 2 in t he H ou r field because Germ any's
t im e zone is one hour ahead of GMT or UTC ( GMT+ 1) .
302
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 35 Time Settings
Table 145 Maint enance > Tim e ( cont inued)
LABEL
DESCRIPTION
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
303
Chapter 35 Time Settings
304
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
36
E-mail Notification
36.1 Overview
A m ail server is an applicat ion or a com put er t hat runs such an applicat ion t o receive, forward and
deliver e- m ail m essages.
To have t he Device send report s, logs or not ificat ions via e- m ail, you m ust specify an e- m ail server
and t he e- m ail addresses of t he sender and receiver.
36.2 The Email Notification Screen
Click M a int e n a n ce > Em a il N ot ifica t ion t o open t he Em a il N ot ifica t ion screen. Use t his screen
t o view, rem ove and add m ail server inform at ion on t he Device.
Figure 177 Maint enance > Em ail Not ificat ion
The following t able describes t he labels in t his screen.
Table 146 Maint enance > Em ail Not ificat ion
LABEL
DESCRIPTION
Add New Em ail
Click t his but t on t o creat e a new ent ry.
Mail Server
Address
This field displays t he server nam e or t he I P address of t he m ail server.
Usernam e
This field displays t he user nam e of t he sender ’s m ail account .
Password
This field displays t he password of t he sender ’s m ail account .
Em ail Address
This field displays t he e- m ail address t hat you want t o be in t he from / sender line of t he em ail t hat t he Device sends.
Delet e
Click t his but t on t o delet e t he select ed ent ry( ies) .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
305
Chapter 36 E-mail Notification
36.2.1 Email Notification Edit
Click t he Add but t on in t he Em a il N ot ifica t ion screen. Use t his screen t o configure t he required
inform at ion for sending e- m ail via a m ail server.
Figure 178 Em ail Not ificat ion > Add
The following t able describes t he labels in t his screen.
Table 147 Em ail Not ificat ion > Add
LABEL
DESCRIPTION
Mail Server
Address
Ent er t he server nam e or t he I P address of t he m ail server for t he e- m ail address specified
in t he Accou n t Em a il Addr e ss field.
I f t his field is left blank, report s, logs or not ificat ions will not be sent via e- m ail.
Aut hent icat ion
Usernam e
Ent er t he user nam e ( up t o 32 charact ers) . This is usually t he user nam e of a m ail account
you specified in t he Accou n t Em a il Addr e ss field.
Aut hent icat ion
Password
Ent er t he password associat ed wit h t he user nam e above.
Account Em ail
Address
Ent er t he e- m ail address t hat you want t o be in t he from / sender line of t he e- m ail
not ificat ion t hat t he Device sends.
I f you act ivat e SSL/ TLS aut hent icat ion, t he e- m ail address m ust be able t o be aut hent icat ed
by t he m ail server as well.
306
Apply
Click t his but t on t o save your changes and ret urn t o t he previous screen.
Cancel
Click t his but t on t o begin configuring t his screen afresh.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
37
Logs Setting
37.1 Overview
You can configure where t he Device sends logs and which logs and/ or im m ediat e alert s t he Device
records in t he Logs Se t t ing screen.
37.2 The Log Settings Screen
To change your Device’s log set t ings, click M a int e na nce > Logs Se t t in g. The screen appears as
shown.
Figure 179 Maint enance > Logs Set t ing
VMG8324-B10A / VMG8324-B30A Series User’s Guide
307
Chapter 37 Logs Setting
The following t able describes t he fields in t his screen.
Table 148 Maint enance > Logs Set t ing
LABEL
DESCRIPTION
Syslog Set t ing
Syslog Logging
The Device sends a log t o an ext ernal syslog server. Select En a ble t o enable syslog logging.
Mode
Select t he syslog dest inat ion from t he drop- down list box.
I f you select Re m ot e , t he log( s) will be sent t o a rem ot e syslog server. I f you select Loca l
File , t he log( s) will be saved in a local file. I f you want t o send t he log( s) t o a rem ot e syslog
server and save it in a local file, select Loca l File a n d Re m ot e .
Syslog Server
Ent er t he server nam e or I P address of t he syslog server t hat will log t he select ed cat egories
of logs.
UDP Port
Ent er t he port num ber used by t he syslog server.
E- m ail Log Set t ings
Mail Server
Ent er t he server nam e or t he I P address of t he m ail server for t he e- m ail addresses
specified below. I f t his field is left blank, logs and alert m essages will not be sent via E- m ail.
Syst em Log
Mail Subj ect
Type a t it le t hat you want t o be in t he subj ect line of t he syst em log e- m ail m essage t hat
t he Device sends.
Securit y Log
Mail Subj ect
Type a t it le t hat you want t o be in t he subj ect line of t he securit y log e- m ail m essage t hat
t he Device sends.
Send Log t o
The Device sends logs t o t he e- m ail address specified in t his field. I f t his field is left blank,
t he Device does not send logs via E- m ail.
Send Alarm t o
Alert s are real- t im e not ificat ions t hat are sent as soon as an event , such as a DoS at t ack,
syst em error, or forbidden web access at t em pt occurs. Ent er t he E- m ail address where t he
alert m essages will be sent . Alert s include syst em errors, at t acks and at t em pt ed access t o
blocked web sit es. I f t his field is left blank, alert m essages will not be sent via E- m ail.
Alarm I nt erval
Specify how oft en t he alarm should be updat ed.
Allowed
Capacit y Before
Em ail
Set what percent of t he Device’s log st orage space can be filled before t he Device sends a
log e- m ail.
Clear log aft er
sending m ail
Select t his t o delet e all t he logs aft er t he Device sends an E- m ail of t he logs.
Act ive Log and Alert
Syst em Log
Select t he cat egories of syst em logs t hat you want t o record.
Securit y Log
Select t he cat egories of securit y logs t hat you want t o record.
Send
im m ediat e alert
Select log cat egories for which you want t he Device t o send E- m ail alert s im m ediat ely.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
37.2.1 Example E-mail Log
An " End of Log" m essage displays for each m ail in which a com plet e log has been sent . The
following is an exam ple of a log sent by e- m ail.
• You m ay edit t he subj ect t it le.
• The dat e form at here is Day- Mont h-Year.
• The dat e form at here is Mont h- Day-Year. The t im e form at is Hour- Minut e- Second.
308
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 37 Logs Setting
• " End of Log" m essage shows t hat a com plet e log has been sent .
Figure 180 E- m ail Log Exam ple
Subject:
Firewall Alert From
Date:
Fri, 07 Apr 2000 10:05:42
From:
user@zyxel.com
To:
user@zyxel.com
1|Apr 7 00 |From:192.168.1.1
To:192.168.1.255
|default policy |forward
| 09:54:03 |UDP
src port:00520 dest port:00520 |<1,00>
2|Apr 7 00 |From:192.168.1.131
To:192.168.1.255
|default policy |forward
| 09:54:17 |UDP
src port:00520 dest port:00520 |<1,00>
3|Apr 7 00 |From:192.168.1.6
To:10.10.10.10 |match
|forward
| 09:54:19 |UDP
src port:03516 dest port:00053 |<1,01>
……………………………..{snip}…………………………………..
……………………………..{snip}…………………………………..
126|Apr 7 00 |From:192.168.1.1
To:192.168.1.255
|match
|forward
| 10:05:00 |UDP
src port:00520 dest port:00520 |<1,02>
127|Apr 7 00 |From:192.168.1.131
To:192.168.1.255
|match
|forward
| 10:05:17 |UDP
src port:00520 dest port:00520 |<1,02>
128|Apr 7 00 |From:192.168.1.1
To:192.168.1.255
|match
|forward
| 10:05:30 |UDP
src port:00520 dest port:00520 |<1,02>
End of Firewall Log
VMG8324-B10A / VMG8324-B30A Series User’s Guide
309
Chapter 37 Logs Setting
310
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
38
Firmware Upgrade
38.1 Overview
This chapt er explains how t o upload new firm ware t o your Device. You can download new firm ware
releases from your nearest ZyXEL FTP sit e ( or www.zyxel.com ) t o use t o upgrade your device’s
perform ance.
Only use firmware for your device’s specific model. Refer to the label on
the bottom of your Device.
38.2 The Firmware Screen
Click M a int e na nce > Fir m w a r e Upgr a de t o open t he following screen. The upload process uses
HTTP ( Hypert ext Transfer Prot ocol) and m ay t ake up t o t wo m inut es. Aft er a successful upload, t he
syst em will reboot .
Do NOT turn off the Device while firmware upload is in progress!
Figure 181 Maint enance > Firm ware Upgrade
The following t able describes t he labels in t his screen.
Table 149 Maint enance > Firm ware Upgrade
LABEL
DESCRIPTION
Current
Firm ware
Version
This is t he present Firm ware version and t he dat e creat ed.
File Pat h
Type in t he locat ion of t he file you want t o upload in t his field or click Br ow se ... t o find it .
Browse...
Click t his t o find t he .bin file you want t o upload. Rem em ber t hat you m ust decom press
com pressed ( .zip) files before you can upload t hem .
Upload
Click t his t o begin t he upload process. This process m ay t ake up t o t wo m inut es.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
311
Chapter 38 Firmware Upgrade
Aft er you see t he firm ware updat ing screen, wait t wo m inut es before logging int o t he Device again.
Figure 182 Firm ware Uploading
The Device aut om at ically rest art s in t his t im e causing a t em porary net work disconnect . I n som e
operat ing syst em s, you m ay see t he following icon on your deskt op.
Figure 183 Net work Tem porarily Disconnect ed
Aft er t wo m inut es, log in again and check your new firm ware version in t he St a t us screen.
I f t he upload was not successful, t he following screen will appear. Click OK t o go back t o t he
Fir m w a r e Upgr a de screen.
Figure 184 Error Message
312
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
39
Configuration
39.1 Overview
The Con figu r a t ion screen allows you t o backup and rest ore device configurat ions. You can also
reset your device set t ings back t o t he fact ory default .
39.2 The Configuration Screen
Click M a int e na nce > Configur a t ion . I nform at ion relat ed t o fact ory default s, backup
configurat ion, and rest oring configurat ion appears in t his screen, as shown next .
Figure 185 Maint enance > Configurat ion
Backup Configuration
Backup Configurat ion allows you t o back up ( save) t he Device’s current configurat ion t o a file on
your com put er. Once your Device is configured and funct ioning properly, it is highly recom m ended
t hat you back up your configurat ion file before m aking configurat ion changes. The backup
configurat ion file will be useful in case you need t o ret urn t o your previous set t ings.
Click Ba ck up t o save t he Device’s current configurat ion t o your com put er.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
313
Chapter 39 Configuration
Restore Configuration
Rest ore Configurat ion allows you t o upload a new or previously saved configurat ion file from your
com put er t o your Device.
Table 150 Rest ore Configurat ion
LABEL
DESCRIPTION
File Pat h
Type in t he locat ion of t he file you want t o upload in t his field or click Br ow se ... t o find it .
Browse...
Click t his t o find t he file you want t o upload. Rem em ber t hat you m ust decom press
com pressed ( .ZI P) files before you can upload t hem .
Upload
Click t his t o begin t he upload process.
Do not turn off the Device while configuration file upload is in progress.
Aft er t he Device configurat ion has been rest ored successfully, t he login screen appears. Login again
t o rest art t he Device.
The Device aut om at ically rest art s in t his t im e causing a t em porary net work disconnect . I n som e
operat ing syst em s, you m ay see t he following icon on your deskt op.
Figure 186 Net work Tem porarily Disconnect ed
I f you uploaded t he default configurat ion file you m ay need t o change t he I P address of your
com put er t o be in t he sam e subnet as t hat of t he default device I P address ( 192.168.1.1) . See
Appendix B on page 335 for det ails on how t o set up your com put er ’s I P address.
I f t he upload was not successful, t he following screen will appear. Click OK t o go back t o t he
Con figu r a t ion screen.
Figure 187 Configurat ion Upload Error
314
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 39 Configuration
Reset to Factory Defaults
Click t he Re se t but t on t o clear all user- ent ered configurat ion inform at ion and ret urn t he Device t o
it s fact ory default s. The following warning screen appears.
Figure 188 Reset Warning Message
Figure 189 Reset I n Process Message
You can also press t he RESET but t on on t he rear panel t o reset t he fact ory default s of your Device.
Refer t o Sect ion 1.6 on page 22 for m ore inform at ion on t he RESET but t on.
39.3 The Reboot Screen
Syst em rest art allows you t o reboot t he Device rem ot ely wit hout t urning t he power off. You m ay
need t o do t his if t he Device hangs, for exam ple.
Click M a in t e n a n ce > Re boot . Click Re boot t o have t he Device reboot . This does not affect t he
Device's configurat ion.
Figure 190 Maint enance > Reboot
VMG8324-B10A / VMG8324-B30A Series User’s Guide
315
Chapter 39 Configuration
316
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
40
Diagnostic
40.1 Overview
The D ia gnost ic screens display inform at ion t o help you ident ify problem s wit h t he Device.
The rout e bet ween a CO VDSL swit ch and one of it s CPE m ay go t hrough swit ches owned by
independent organizat ions. A connect ivit y fault point generally t akes t im e t o discover and im pact s
subscriber ’s net work access. I n order t o elim inat e t he m anagem ent and m aint enance effort s, I EEE
802.1ag is a Connect ivit y Fault Managem ent ( CFM) specificat ion which allows net work
adm inist rat ors t o ident ify and m anage connect ion fault s. Through discovery and verificat ion of t he
pat h, CFM can det ect , analyze and isolat e connect ivit y fault s in bridged LANs.
40.1.1 What You Can Do in this Chapter
• The Pin g & Tr a ce Rou t e & N sLook up screen let s you ping an I P address or t race t he rout e
packet s t ake t o a host ( Sect ion 40.3 on page 318) .
• The 8 0 2 .1 a g screen let s you perform CFM act ions ( Sect ion 40.5 on page 320) .
• The OAM Ping screen let s you send an ATM OAM ( Operat ion, Adm inist rat ion and Maint enance)
packet t o verify t he connect ivit y of a specific PVC. ( Sect ion 40.5 on page 320) .
40.2 What You Need to Know
The following t erm s and concept s m ay help as you read t hrough t his chapt er.
How CFM Works
A Maint enance Associat ion ( MA) defines a VLAN and associat ed Maint enance End Point ( MEP) port s
on t he device under a Maint enance Dom ain ( MD) level. An MEP port has t he abilit y t o send
Connect ivit y Check Messages ( CCMs) and get ot her MEP port s inform at ion from neighbor devices’
CCMs wit hin an MA.
CFM provides t wo t est s t o discover connect ivit y fault s.
• Loopback t est - checks if t he MEP port receives it s Loop Back Response ( LBR) from it s t arget
aft er it sends t he Loop Back Message ( LBM) . I f no response is received, t here m ight be a
connect ivit y fault bet ween t hem .
• Link t race t est - provides addit ional connect ivit y fault analysis t o get m ore inform at ion on where
t he fault is. I f an MEP port does not respond t o t he source MEP, t his m ay indicat e a fault .
Adm inist rat ors can t ake furt her act ion t o check and resum e services from t he fault according t o
t he line connect ivit y st at us report .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
317
Chapter 40 Diagnostic
40.3 Ping & TraceRoute & NsLookup
Use t his screen t o ping, t racerout e, or nslookup an I P address. Click M a int e na nce > D ia gnost ic >
Pin g& Tr a ce Rout e & N sLook up t o open t he screen shown next .
Figure 191 Maint enance > Diagnost ic > Ping &TraceRout e&NsLookup
The following t able describes t he fields in t his screen.
Table 151 Maint enance > Diagnost ic > Ping & TraceRout e & NsLookup
318
LABEL
DESCRIPTION
URL or I P
Address
Type t he I P address of a com put er t hat you want t o perform ping, t racerout e, or nslookup in
order t o t est a connect ion.
Ping
Click t his t o ping t he I P address t hat you ent ered.
TraceRout e
Click t his but t on t o perform t he t racerout e funct ion. This det erm ines t he pat h a packet
t akes t o t he specified com put er.
Nslookup
Click t his but t on t o perform a DNS lookup on t he I P address of a com put er you ent er.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 40 Diagnostic
40.4 802.1ag
Click M a in t e n a n ce > D ia gn ost ic > 8 .2 .1 a g t o open t he following screen. Use t his screen t o
perform CFM act ions.
Figure 192 Maint enance > Diagnost ic > 802.1ag
The following t able describes t he fields in t his screen.
Table 152 Maint enance > Diagnost ic > 802.1ag
LABEL
DESCRIPTION
802.1ag Connect ivit y Fault Managem ent
Maint enance
Dom ain ( MD)
Level
Select a level ( 0- 7) under which you want t o creat e an MA.
Dest inat ion
MAC Address
Ent er t he t arget device’s MAC address t o which t he Device perform s a CFM loopback t est .
802.1Q VLAN
ID
Type a VLAN I D ( 0- 4095) for t his MA.
VDSL Traffic
Type
This shows whet her t he VDSL t raffic is act ivat ed.
Loopback
Message ( LBM)
This shows how m any Loop Back Messages ( LBMs) are sent and if t here is any inorder or
out order Loop Back Response ( LBR) received from a rem ot e MEP.
Linkt race
Message ( LTM)
This shows t he dest inat ion MAC address in t he Link Trace Response ( LTR) .
Set MD Level
Click t his but t on t o configure t he MD ( Maint enance Dom ain) level.
Send Loopback
Click t his but t on t o have t he select ed MEP send t he LBM ( Loop Back Message) t o a specified
rem ot e end point .
Send Linkt race
Click t his but t on t o have t he select ed MEP send t he LTMs ( Link Trace Messages) t o a
specified rem ot e end point .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
319
Chapter 40 Diagnostic
40.5 OAM Ping
Click M a in t e n a nce > D ia gn ost ic > OAM Pin g t o open t he screen shown next . Use t his screen t o
perform an OAM ( Operat ion, Adm inist rat ion and Maint enance) F4 or F5 loopback t est on a PVC. The
Device sends an OAM F4 or F5 packet t o t he DSLAM or ATM swit ch and t hen ret urns it t o t he
Device. The t est result t hen displays in t he t ext box.
ATM set s up virt ual circuit s over which end syst em s com m unicat e. The t erm inology for virt ual
circuit s is as follows:
•
Virt ual Channel ( VC)
Logical connect ions bet ween ATM devices
•
Virt ual Pat h ( VP)
A bundle of virt ual channels
•
Virt ual Circuit s
A series of virt ual pat hs bet ween circuit end point s
Figure 193 Virt ual Circuit Topology
Think of a virt ual pat h as a cable t hat cont ains a bundle of wires. The cable connect s t wo point s and
wires wit hin t he cable provide individual circuit s bet ween t he t wo point s. I n an ATM cell header, a
VPI ( Virt ual Pat h I dent ifier) ident ifies a link form ed by a virt ual pat h; a VCI ( Virt ual Channel
I dent ifier) ident ifies a channel wit hin a virt ual pat h. A series of virt ual pat hs m ake up a virt ual
circuit .
F4 cells operat e at t he virt ual pat h ( VP) level, while F5 cells operat e at t he virt ual channel ( VC)
level. F4 cells use t he sam e VPI as t he user dat a cells on VP connect ions, but use different
predefined VCI values. F5 cells use t he sam e VPI and VCI as t he user dat a cells on t he VC
connect ions, and are dist inguished from dat a cells by a predefinded Payload Type I dent ifier ( PTI ) in
t he cell header. Bot h F4 flows and F5 flows are bidirect ional and have t wo t ypes.
• segm ent F4 flows ( VCI = 3)
• end- t o- end F4 flows ( VCI = 4)
• segm ent F5 flows ( PTI = 100)
• end- t o- end F5 flows ( PTI = 101)
OAM F4 or F5 t est s are used t o check virt ual pat h or virt ual channel availabilit y bet ween t wo DSL
devices. Segm ent flows are t erm inat ed at t he connect ing point which t erm inat es a VP or VC
segm ent . End- t o- end flows are t erm inat ed at t he end point of a VP or VC connect ion, where an ATM
link is t erm inat ed. Segm ent loopback t est s allow you t o verify int egrit y of a PVC t o t he nearest
neighboring ATM device. End- t o- end loopback t est s allow you t o verify int egrit y of an end- t o- end
PVC.
Not e: The DSLAM t o w hich t he Device is connect ed m ust also support ATM F4 and/ or F5
t o use t his t est .
320
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 40 Diagnostic
Not e: This screen is available only when you configure an ATM layer- 2 int erface.
Figure 194 Maint enance > Diagnost ic > OAM Ping
The following t able describes t he fields in t his screen.
Table 153 Maint enance > Diagnost ic > OAM Ping
LABEL
DESCRIPTION
Select a PVC on which you want t o perform t he loopback t est .
F4 segm ent
Press t his t o perform an OAM F4 segm ent loopback t est .
F4 end- end
Press t his t o perform an OAM F4 end- t o- end loopback t est .
F5 segm ent
Press t his t o perform an OAM F5 segm ent loopback t est .
F5 end- end
Press t his t o perform an OAM F5 end- t o- end loopback t est .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
321
Chapter 40 Diagnostic
322
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
41
Troubleshooting
This chapt er offers som e suggest ions t o solve problem s you m ight encount er. The pot ent ial
problem s are divided int o t he following cat egories.
• Power, Hardware Connect ions, and LEDs
• Device Access and Login
• I nt ernet Access
• Wireless I nt ernet Access
• USB Device Connect ion
• UPnP
41.1 Power, Hardware Connections, and LEDs
The Device does not t urn on. None of t he LEDs t urn on.
Make sure t he Device is t urned on.
Make sure you are using t he power adapt or or cord included wit h t he Device.
Make sure t he power adapt or or cord is connect ed t o t he Device and plugged in t o an appropriat e
power source. Make sure t he power source is t urned on.
Turn t he Device off and on.
I f t he problem cont inues, cont act t he vendor.
One of t he LEDs does not behave as expect ed.
Make sure you underst and t he norm al behavior of t he LED. See Sect ion 1.5 on page 20.
Check t he hardware connect ions.
I nspect your cables for dam age. Cont act t he vendor t o replace any dam aged cables.
Turn t he Device off and on.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
323
Chapter 41 Troubleshooting
I f t he problem cont inues, cont act t he vendor.
41.2 Device Access and Login
I forgot t he I P address for t he Device.
The default LAN I P address is 192.168.1.1.
I f you changed t he I P address and have forgot t en it , you m ight get t he I P address of t he Device by
looking up t he I P address of t he default gat eway for your com put er. To do t his in m ost Windows
com put ers, click St a r t > Run , ent er cm d, and t hen ent er ipconfig. The I P address of t he D e fa ult
Ga t e w a y m ight be t he I P address of t he Device ( it depends on t he net work) , so ent er t his I P
address in your I nt ernet browser.
I f t his does not work, you have t o reset t he device t o it s fact ory default s. See Sect ion 1.6 on page
22.
I forgot t he passwor d.
The default adm in password is 1 2 3 4 .
I f t his does not work, you have t o reset t he device t o it s fact ory default s. See Sect ion 1.6 on page
22.
I cannot see or access t he Login screen in t he web configurat or.
Make sure you are using t he correct I P address.
• The default I P address is 192.168.1.1.
• I f you changed t he I P address ( Sect ion 7.2 on page 109) , use t he new I P address.
• I f you changed t he I P address and have forgot t en it , see t he t roubleshoot ing suggest ions for I
forgot t he I P address for t he Device.
324
Check t he hardware connect ions, and m ake sure t he LEDs are behaving as expect ed. See Sect ion
1.5 on page 20.
Make sure your I nt ernet browser does not block pop- up windows and has JavaScript s and Java
enabled. See Appendix D on page 365.
I f it is possible t o log in from anot her int erface, check t he service cont rol set t ings for HTTP and
HTTPS ( M a int e n a n ce > Re m ot e M GM T) .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 41 Troubleshooting
Reset t he device t o it s fact ory default s, and t ry t o access t he Device wit h t he default I P address.
See Sect ion 1.6 on page 22.
I f t he problem cont inues, cont act t he net work adm inist rat or or vendor, or t ry one of t he advanced
suggest ions.
Adva n ce d Sugge st ions
• Make sure you have logged out of any earlier m anagem ent sessions using t he sam e user account
even if t hey were t hrough a different int erface or using a different browser.
• Try t o access t he Device using anot her service, such as Telnet . I f you can access t he Device,
check t he rem ot e m anagem ent set t ings and firewall rules t o find out why t he Device does not
respond t o HTTP.
I can see t he Login screen, but I cannot log in t o t he Device.
Make sure you have ent ered t he password correct ly. The default adm in password is 1 2 3 4 . The field
is case- sensit ive, so m ake sure [ Caps Lock] is not on.
You cannot log in t o t he web configurat or while som eone is using Telnet t o access t he Device. Log
out of t he Device in t he ot her session, or ask t he person who is logged in t o log out .
Turn t he Device off and on.
I f t his does not work, you have t o reset t he device t o it s fact ory default s. See Sect ion 41.1 on page
323.
I cannot Telnet t o t he Device.
See t he t roubleshoot ing suggest ions for I cannot see or access t he Login screen in t he web
configurat or. I gnore t he suggest ions about your browser.
I cannot use FTP t o upload / download t he configurat ion file. / I cannot use FTP t o upload
new firm ware.
See t he t roubleshoot ing suggest ions for I cannot see or access t he Login screen in t he web
configurat or. I gnore t he suggest ions about your browser.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
325
Chapter 41 Troubleshooting
41.3 Internet Access
I cannot access t he I nt er net .
Check t he hardware connect ions, and m ake sure t he LEDs are behaving as expect ed. See t he
Quick St a r t Guide and Sect ion 1.5 on page 20.
Make sure you ent ered your I SP account inform at ion correct ly in t he N e t w or k Se t t in g >
Br oa dba n d screen. These fields are case- sensit ive, so m ake sure [ Caps Lock] is not on.
I f you are t rying t o access t he I nt ernet wirelessly, m ake sure t hat you enabled t he wireless LAN in
t he Device and your wireless client and t hat t he wireless set t ings in t he wireless client are t he sam e
as t he set t ings in t he Device.
Disconnect all t he cables from your device and reconnect t hem .
I f t he problem cont inues, cont act your I SP.
I cannot access t he I nt er net t hrough a DSL connect ion.
Make sure you have t he D SL W AN port connect ed t o a t elephone j ack ( or t he DSL or m odem j ack
on a split t er if you have one) .
Make sure you configured a proper DSL WAN int erface (N e t w or k Se t t in g > Br oa dba n d screen)
wit h t he I nt ernet account inform at ion provided by your I SP and t hat it is enabled.
Check t hat t he LAN int erface you are connect ed t o is in t he sam e int erface group as t he DSL
connect ion ( N e t w or k Se t t ing > I nt e r fa ce Gr oup) .
I f you set up a WAN connect ion using bridging service, m ake sure you t urn off t he DHCP feat ure in
t he LAN screen t o have t he client s get WAN I P addresses direct ly from your I SP’s DHCP server.
I cannot connect t o t he I nt ernet using a second DSL connect ion.
ADSL and VDSL connect ions cannot work at t he sam e t im e. You can only use one t ype of DSL
connect ion, eit her ADSL or VDSL connect ion at one t im e.
I cannot access t he I nt ernet anym ore. I had access t o t he I nt ernet ( wit h t he Device) , but m y
I nt ernet connect ion is not available anym ore.
326
Your session wit h t he Device m ay have expired. Try logging int o t he Device again.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 41 Troubleshooting
Check t he hardware connect ions, and m ake sure t he LEDs are behaving as expect ed. See t he
Quick St a r t Guide and Sect ion 1.5 on page 20.
Turn t he Device off and on.
I f t he problem cont inues, cont act your I SP.
41.4 Wireless Internet Access
What fact ors m ay cause int erm it t ent or unst abled wireless connect ion? How can I solve t his
problem ?
The following fact ors m ay cause int erference:
• Obst acles: walls, ceilings, furnit ure, and so on.
• Building Mat erials: m et al doors, alum inum st uds.
• Elect rical devices: m icrowaves, m onit ors, elect ric m ot ors, cordless phones, and ot her wireless
devices.
To opt im ize t he speed and qualit y of your wireless connect ion, you can:
• Move your wireless device closer t o t he AP if t he signal st rengt h is low.
• Reduce wireless int erference t hat m ay be caused by ot her wireless net works or surrounding
wireless elect ronics such as cordless phones.
• Place t he AP where t here are m inim um obst acles ( such as walls and ceilings) bet ween t he AP and
t he wireless client .
• Reduce t he num ber of wireless client s connect ing t o t he sam e AP sim ult aneously, or add
addit ional APs if necessary.
• Try closing som e program s t hat use t he I nt ernet , especially peer- t o- peer applicat ions. I f t he
wireless client is sending or receiving a lot of inform at ion, it m ay have t oo m any program s open
t hat use t he I nt ernet .
What is a Server Set I D ( SSI D) ?
An SSI D is a nam e t hat uniquely ident ifies a wireless net work. The AP and all t he client s wit hin a
wireless net work m ust use t he sam e SSI D.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
327
Chapter 41 Troubleshooting
41.5 USB Device Connection
The Device fails t o det ect m y USB device.
Disconnect t he USB device.
Reboot t he Device.
I f you are connect ing a USB hard drive t hat com es wit h an ext ernal power supply, m ake sure it is
connect ed t o an appropriat e power source t hat is on.
Re- connect your USB device t o t he Device.
41.6 UPnP
When using UPnP and t he Device reboot s, m y com put er cannot det ect UPnP and refresh M y
N e t w or k Pla ce s > Loca l N e t w or k .
Disconnect t he Et hernet cable from t he Device’s LAN port or from your com put er.
Re- connect t he Et hernet cable.
The Loca l Ar e a Con n e ct ion icon for UPnP disappears in t he screen.
Rest art your com put er.
I cannot open special applicat ions such as whit e board, file t ransfer and video when I use t he
MSN m essenger.
328
Wait m ore t han t hree m inut es.
Rest art t he applicat ions.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
A PPENDIX
Customer Support
I n t he event of problem s t hat cannot be solved by using t his m anual, you should cont act your
vendor. I f you cannot cont act your vendor, t hen cont act a ZyXEL office for t he region in which you
bought t he device. Regional websit es are list ed below ( see also ht t p: / / www.zyxel.com /
about _zyxel/ zyxel_worldwide.sht m l) . Please have t he following inform at ion ready when you
cont act an office.
Required Information
• Product m odel and serial num ber.
• Warrant y I nform at ion.
• Dat e t hat you received your device.
• Brief descript ion of t he problem and t he st eps you t ook t o solve it .
Corporate Headquarters (Worldwide)
Taiwan
• ZyXEL Com m unicat ions Corporat ion
• ht t p: / / www.zyxel.com
Asia
China
• ZyXEL Com m unicat ions ( Shanghai) Corp.
ZyXEL Com m unicat ions ( Beij ing) Corp.
ZyXEL Com m unicat ions ( Tianj in) Corp.
• ht t p: / / www.zyxel.cn
India
• ZyXEL Technology I ndia Pvt Lt d
• ht t p: / / www.zyxel.in
Kazakhstan
• ZyXEL Kazakhst an
• ht t p: / / www.zyxel.kz
VMG8324-B10A / VMG8324-B30A Series User’s Guide
329
Appendix A Customer Support
Korea
• ZyXEL Korea Corp.
• ht t p: / / www.zyxel.kr
Malaysia
• ZyXEL Malaysia Sdn Bhd.
• ht t p: / / www.zyxel.com .m y
Pakistan
• ZyXEL Pakist an ( Pvt .) Lt d.
• ht t p: / / www.zyxel.com .pk
Philippines
• ZyXEL Philippines
• ht t p: / / www.zyxel.com .ph
Singapore
• ZyXEL Singapore Pt e Lt d.
• ht t p: / / www.zyxel.com .sg
Taiwan
• ZyXEL Com m unicat ions Corporat ion
• ht t p: / / www.zyxel.com
Thailand
• ZyXEL Thailand Co., Lt d
• ht t p: / / www.zyxel.co.t h
Vietnam
• ZyXEL Com m unicat ions Corporat ion-Viet nam Office
• ht t p: / / www.zyxel.com / vn/ vi
Europe
Austria
• ZyXEL Deut schland Gm bH
• ht t p: / / www.zyxel.de
Belarus
• ZyXEL BY
• ht t p: / / www.zyxel.by
330
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix A Customer Support
Belgium
• ZyXEL Com m unicat ions B.V.
• ht t p: / / www.zyxel.com / be/ nl/
Bulgaria
• ZyXEL България
• ht t p: / / www.zyxel.com / bg/ bg/
Czech
• ZyXEL Com m unicat ions Czech s.r.o
• ht t p: / / www.zyxel.cz
Denmark
• ZyXEL Com m unicat ions A/ S
• ht t p: / / www.zyxel.dk
Estonia
• ZyXEL Est onia
• ht t p: / / www.zyxel.com / ee/ et /
Finland
• ZyXEL Com m unicat ions
• ht t p: / / www.zyxel.fi
France
• ZyXEL France
• ht t p: / / www.zyxel.fr
Germany
• ZyXEL Deut schland Gm bH
• ht t p: / / www.zyxel.de
Hungary
• ZyXEL Hungary & SEE
• ht t p: / / www.zyxel.hu
Latvia
• ZyXEL Lat via
• ht t p: / / www.zyxel.com / lv/ lv/ hom epage.sht m l
VMG8324-B10A / VMG8324-B30A Series User’s Guide
331
Appendix A Customer Support
Lithuania
• ZyXEL Lit huania
• ht t p: / / www.zyxel.com / lt / lt / hom epage.sht m l
Netherlands
• ZyXEL Benelux
• ht t p: / / www.zyxel.nl
Norway
• ZyXEL Com m unicat ions
• ht t p: / / www.zyxel.no
Poland
• ZyXEL Com m unicat ions Poland
• ht t p: / / www.zyxel.pl
Romania
• ZyXEL Rom ania
• ht t p: / / www.zyxel.com / ro/ ro
Russia
• ZyXEL Russia
• ht t p: / / www.zyxel.ru
Slovakia
• ZyXEL Com m unicat ions Czech s.r.o. organizacna zlozka
• ht t p: / / www.zyxel.sk
Spain
• ZyXEL Spain
• ht t p: / / www.zyxel.es
Sweden
• ZyXEL Com m unicat ions
• ht t p: / / www.zyxel.se
Switzerland
• St uderus AG
• ht t p: / / www.zyxel.ch/
332
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix A Customer Support
Turkey
• ZyXEL Turkey A.S.
• ht t p: / / www.zyxel.com .t r
UK
• ZyXEL Com m unicat ions UK Lt d.
• ht t p: / / www.zyxel.co.uk
Ukraine
• ZyXEL Ukraine
• ht t p: / / www.ua.zyxel.com
Latin America
Argentina
• ZyXEL Com m unicat ion Corporat ion
• ht t p: / / www.zyxel.com / ec/ es/
Ecuador
• ZyXEL Com m unicat ion Corporat ion
• ht t p: / / www.zyxel.com / ec/ es/
Middle East
Egypt
• ZyXEL Com m unicat ion Corporat ion
• ht t p: / / www.zyxel.com / hom epage.sht m l
Middle East
• ZyXEL Com m unicat ion Corporat ion
• ht t p: / / www.zyxel.com / hom epage.sht m l
North America
USA
• ZyXEL Com m unicat ions, I nc. - Nort h Am erica Headquart ers
• ht t p: / / www.us.zyxel.com /
VMG8324-B10A / VMG8324-B30A Series User’s Guide
333
Appendix A Customer Support
Oceania
Australia
• ZyXEL Com m unicat ions Corporat ion
• ht t p: / / www.zyxel.com / au/ en/
Africa
South Africa
• Nology ( Pt y) Lt d.
• ht t p: / / www.zyxel.co.za
334
VMG8324-B10A / VMG8324-B30A Series User’s Guide
A PPENDIX
Setting up Your Computer’s IP Address
All com put ers m ust have a 10M or 100M Et hernet adapt er card and TCP/ I P inst alled.
Windows 95/ 98/ Me/ NT/ 2000/ XP/ Vist a, Macint osh OS 7 and lat er operat ing syst em s and all versions
of UNI X/ LI NUX include t he soft ware com ponent s you need t o inst all and use TCP/ I P on your
com put er. Windows 3.1 requires t he purchase of a t hird- part y TCP/ I P applicat ion package.
TCP/ I P should already be inst alled on com put ers using Windows NT/ 2000/ XP, Macint osh OS 7 and
lat er operat ing syst em s.
Aft er t he appropriat e TCP/ I P com ponent s are inst alled, configure t he TCP/ I P set t ings in order t o
" com m unicat e" wit h your net work.
I f you m anually assign I P inform at ion inst ead of using dynam ic assignm ent , m ake sure t hat your
com put ers have I P addresses t hat place t hem in t he sam e subnet as t he Device’s LAN port .
Windows 95/98/Me
Click St a r t , Se t t ings, Cont r ol Pa ne l and double- click t he N e t w or k icon t o open t he N e t w or k
window.
Figure 195 WI ndows 95/ 98/ Me: Net work: Configurat ion
VMG8324-B10A / VMG8324-B30A Series User’s Guide
335
Appendix B Setting up Your Computer’s IP Address
Installing Components
The N e t w or k window Con figu r a t ion t ab displays a list of inst alled com ponent s. You need a
net work adapt er, t he TCP/ I P prot ocol and Client for Microsoft Net works.
I f you need t he adapt er:
I n t he N e t w or k window, click Add.
Select Ada pt e r and t hen click Add.
Select t he m anufact urer and m odel of your net work adapt er and t hen click OK.
I f you need TCP/ I P:
I n t he N e t w or k window, click Add.
Select Pr ot ocol and t hen click Add.
Select M icr osoft from t he list of m a nu fa ct ur e r s.
Select TCP/ I P from t he list of net work prot ocols and t hen click OK.
I f you need Client for Microsoft Net works:
Click Add.
Select Clie n t and t hen click Add.
Select M icr osoft from t he list of m anufact urers.
Select Clie n t for M icr osoft N e t w or k s from t he list of net work client s and t hen click OK.
Rest art your com put er so t he changes you m ade t ake effect .
Configuring
I n t he N e t w or k window Con figu r a t ion t ab, select your net work adapt er's TCP/ I P ent ry and click
Pr ope r t ie s
Click t he I P Addr e ss t ab.
• I f your I P address is dynam ic, select Obt a in a n I P a ddr e ss a ut om a t ica lly.
336
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix B Setting up Your Computer’s IP Address
• I f you have a st at ic I P address, select Spe cify a n I P a ddr e ss and t ype your inform at ion int o
t he I P Addr e ss and Subn e t M a sk fields.
Figure 196 Windows 95/ 98/ Me: TCP/ I P Propert ies: I P Address
Click t he D N S Configurat ion t ab.
• I f you do not know your DNS inform at ion, select D isa ble D N S.
• I f you know your DNS inform at ion, select En a ble D N S and t ype t he inform at ion in t he fields
below ( you m ay not need t o fill t hem all in) .
Figure 197 Windows 95/ 98/ Me: TCP/ I P Propert ies: DNS Configurat ion
VMG8324-B10A / VMG8324-B30A Series User’s Guide
337
Appendix B Setting up Your Computer’s IP Address
Click t he Ga t e w a y t ab.
• I f you do not know your gat eway’s I P address, rem ove previously inst alled gat eways.
• I f you have a gat eway I P address, t ype it in t he N e w ga t e w a y fie ld and click Add.
Click OK t o save and close t he TCP/ I P Pr ope r t ie s window.
Click OK t o close t he N e t w or k window. I nsert t he Windows CD if prom pt ed.
Turn on your Device and rest art your com put er when prom pt ed.
Verifying Settings
Click St a r t and t hen Run .
I n t he Ru n window, t ype " winipcfg" and t hen click OK t o open t he I P Configur a t ion window.
Select your net work adapt er. You should see your com put er's I P address, subnet m ask and default
gat eway.
Windows 2000/NT/XP
The following exam ple figures use t he default Windows XP GUI t hem e.
Click st a r t ( St a r t in Windows 2000/ NT) , Se t t ings, Cont r ol Pa n e l.
Figure 198 Windows XP: St art Menu
338
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix B Setting up Your Computer’s IP Address
I n t he Cont r ol Pa n e l, double- click N e t w or k Conne ct ions ( N e t w or k a nd D ia l- up Conne ct ions
in Windows 2000/ NT) .
Figure 199 Windows XP: Cont rol Panel
Right- click Loca l Ar e a Conne ct ion and t hen click Pr ope r t ie s.
Figure 200 Windows XP: Cont rol Panel: Net work Connect ions: Propert ies
VMG8324-B10A / VMG8324-B30A Series User’s Guide
339
Appendix B Setting up Your Computer’s IP Address
Select I n t e r n e t Pr ot ocol ( TCP/ I P) ( under t he Ge n e r a l t ab in Win XP) and t hen click Pr ope r t ie s.
Figure 201 Windows XP: Local Area Connect ion Propert ies
The I nt e r ne t Pr ot ocol TCP/ I P Pr ope r t ie s window opens ( t he Ge ne r a l t a b in Windows XP) .
• I f you have a dynam ic I P address click Obt a in a n I P a ddr e ss a u t om a t ica lly.
• I f you have a st at ic I P address click Use t he follow in g I P Addr e ss and fill in t he I P a ddr e ss,
Subne t m a sk , and D e fa u lt ga t e w a y fields.
340
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix B Setting up Your Computer’s IP Address
• Click Adva nce d.
Figure 202 Windows XP: I nt ernet Prot ocol ( TCP/ I P) Propert ies
I f you do not know your gat eway's I P address, rem ove any previously inst alled gat eways in t he I P
Se t t in gs t ab and click OK.
Do one or m ore of t he following if you want t o configure addit ional I P addresses:
• I n t he I P Se t t ings t ab, in I P addresses, click Add.
• I n TCP/ I P Addr e ss, t ype an I P address in I P a ddr e ss and a subnet m ask in Subne t m a sk ,
and t hen click Add.
• Repeat t he above t wo st eps for each I P address you want t o add.
• Configure addit ional default gat eways in t he I P Se t t in gs t ab by clicking Add in D e fa ult
ga t e w a ys.
• I n TCP/ I P Ga t e w a y Addr e ss, t ype t he I P address of t he default gat eway in Ga t e w a y. To
m anually configure a default m et ric ( t he num ber of t ransm ission hops) , clear t he Aut om a t ic
m e t r ic check box and t ype a m et ric in M e t r ic.
• Click Add.
• Repeat t he previous t hree st eps for each default gat eway you want t o add.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
341
Appendix B Setting up Your Computer’s IP Address
• Click OK when finished.
Figure 203 Windows XP: Advanced TCP/ I P Propert ies
I n t he I n t e r n e t Pr ot ocol TCP/ I P Pr ope r t ie s window ( t he Ge n e r a l t ab in Windows XP) :
• Click Obt a in D N S se r ve r a ddr e ss a u t om a t ica lly if you do not know your DNS server I P
address( es) .
• I f you know your DNS server I P address( es) , click Use t he follow in g D N S se r ve r
a ddr e sse s, and t ype t hem in t he Pr e fe r r e d D N S se r ve r and Alt e r na t e D N S se r ve r fields.
342
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix B Setting up Your Computer’s IP Address
I f you have previously configured DNS servers, click Adva nce d and t hen t he D N S t ab t o order
t hem .
Figure 204 Windows XP: I nt ernet Prot ocol ( TCP/ I P) Propert ies
Click OK t o close t he I n t e r ne t Pr ot ocol ( TCP/ I P) Pr ope r t ie s window.
Click Close ( OK in Windows 2000/ NT) t o close t he Loca l Ar e a Conn e ct ion Pr ope r t ie s window.
10
Close t he N e t w or k Conn e ct ion s window ( N e t w or k a n d D ia l- up Con n e ct ions in Windows
2000/ NT) .
11 Turn on your Device and rest art your com put er ( if prom pt ed) .
Verifying Settings
Click St a r t , All Pr ogr a m s, Acce ssor ie s and t hen Com m a nd Pr om pt .
I n t he Com m a nd Pr om pt window, t ype " ipconfig" and t hen press [ ENTER] . You can also open
N e t w or k Con n e ct ions, right - click a net work connect ion, click St a t us and t hen click t he Suppor t
t ab.
Windows Vista
This sect ion shows screens from Windows Vist a Ent erprise Version 6.0.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
343
Appendix B Setting up Your Computer’s IP Address
Click t he St a r t icon, Con t r ol Pa n e l.
Figure 205 Windows Vist a: St art Menu
I n t he Cont r ol Pa n e l, double- click N e t w or k a nd I nt e r ne t .
Figure 206 Windows Vist a: Cont rol Panel
Click N e t w or k a n d Sh a r in g Ce n t e r.
Figure 207 Windows Vist a: Net work And I nt ernet
344
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix B Setting up Your Computer’s IP Address
Click M a n a ge n e t w or k con n e ct ions.
Figure 208 Windows Vist a: Net work and Sharing Cent er
Right- click Loca l Ar e a Conne ct ion and t hen click Pr ope r t ie s.
Not e: During t his procedure, click Con t inu e whenever Windows displays a screen saying
t hat it needs your perm ission t o cont inue.
Figure 209 Windows Vist a: Net work and Sharing Cent er
VMG8324-B10A / VMG8324-B30A Series User’s Guide
345
Appendix B Setting up Your Computer’s IP Address
Select I n t e r n e t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) and click Pr ope r t ie s.
Figure 210 Windows Vist a: Local Area Connect ion Propert ies
The I nt e r ne t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) Pr ope r t ie s window opens ( t he Ge n e r a l t a b) .
• I f you have a dynam ic I P address click Obt a in a n I P a ddr e ss a u t om a t ica lly.
• I f you have a st at ic I P address click Use t h e follow ing I P a ddr e ss and fill in t he I P a ddr e ss,
Subne t m a sk , and D e fa u lt ga t e w a y fields.
346
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix B Setting up Your Computer’s IP Address
• Click Adva nce d.
Figure 211 Windows Vist a: I nt ernet Prot ocol Version 4 ( TCP/ I Pv4) Propert ies
I f you do not know your gat eway's I P address, rem ove any previously inst alled gat eways in t he I P
Se t t in gs t ab and click OK.
Do one or m ore of t he following if you want t o configure addit ional I P addresses:
• I n t he I P Se t t ings t ab, in I P addresses, click Add.
• I n TCP/ I P Addr e ss, t ype an I P address in I P a ddr e ss and a subnet m ask in Subne t m a sk ,
and t hen click Add.
• Repeat t he above t wo st eps for each I P address you want t o add.
• Configure addit ional default gat eways in t he I P Se t t in gs t ab by clicking Add in D e fa ult
ga t e w a ys.
• I n TCP/ I P Ga t e w a y Addr e ss, t ype t he I P address of t he default gat eway in Ga t e w a y. To
m anually configure a default m et ric ( t he num ber of t ransm ission hops) , clear t he Aut om a t ic
m e t r ic check box and t ype a m et ric in M e t r ic.
• Click Add.
• Repeat t he previous t hree st eps for each default gat eway you want t o add.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
347
Appendix B Setting up Your Computer’s IP Address
• Click OK when finished.
Figure 212 Windows Vist a: Advanced TCP/ I P Propert ies
I n t he I n t e r n e t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) Pr ope r t ie s window, ( t he Ge n e r a l t a b) :
• Click Obt a in D N S se r ve r a ddr e ss a u t om a t ica lly if you do not know your DNS server I P
address( es) .
• I f you know your DNS server I P address( es) , click Use t he follow in g D N S se r ve r
a ddr e sse s, and t ype t hem in t he Pr e fe r r e d D N S se r ve r and Alt e r na t e D N S se r ve r fields.
348
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix B Setting up Your Computer’s IP Address
I f you have previously configured DNS servers, click Adva nce d and t hen t he D N S t ab t o order
t hem .
Figure 213 Windows Vist a: I nt ernet Prot ocol Version 4 ( TCP/ I Pv4) Propert ies
10 Click OK t o close t he I n t e r ne t Pr ot ocol Ve r sion 4 ( TCP/ I Pv4 ) Pr ope r t ie s window.
11 Click Close t o close t he Loca l Ar e a Con ne ct ion Pr ope r t ie s window.
12
Close t he N e t w or k Conn e ct ion s window.
13 Turn on your Device and rest art your com put er ( if prom pt ed) .
Verifying Settings
Click St a r t , All Pr ogr a m s, Acce ssor ie s and t hen Com m a nd Pr om pt .
I n t he Com m a nd Pr om pt window, t ype " ipconfig" and t hen press [ ENTER] . You can also open
N e t w or k Con n e ct ions, right - click a net work connect ion, click St a t us and t hen click t he Suppor t
t ab.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
349
Appendix B Setting up Your Computer’s IP Address
Macintosh OS 8/9
Click t he Apple m enu, Cont r ol Pa ne l and double- click TCP/ I P t o open t he TCP/ I P Con t r ol
Pa ne l.
Figure 214 Macint osh OS 8/ 9: Apple Menu
350
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix B Setting up Your Computer’s IP Address
Select Et he r ne t built - in from t he Con n e ct via list .
Figure 215 Macint osh OS 8/ 9: TCP/ I P
For dynam ically assigned set t ings, select Using D H CP Se r ve r from t he Con figu r e : list .
For st at ically assigned set t ings, do t he following:
• From t he Configu r e box, select M a n u a lly.
• Type your I P address in t he I P Addr e ss box.
• Type your subnet m ask in t he Subne t m a sk box.
• Type t he I P address of your Device in t he Rou t e r a ddr e ss box.
Close t he TCP/ I P Con t r ol Pa ne l.
Click Sa ve if prom pt ed, t o save changes t o your configurat ion.
Turn on your Device and rest art your com put er ( if prom pt ed) .
Verifying Settings
Check your TCP/ I P propert ies in t he TCP/ I P Con t r ol Pa ne l window.
Macintosh OS X
Click t he Apple m enu, and click Syst e m Pr e fe r e nce s t o open t he Syst e m Pr e fe r e nce s window.
Figure 216 Macint osh OS X: Apple Menu
Click N e t w or k in t he icon bar.
• Select Aut om a t ic from t he Loca t ion list .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
351
Appendix B Setting up Your Computer’s IP Address
• Select Bu ilt - in Et h e r n e t from t he Show list .
• Click t he TCP/ I P t ab.
For dynam ically assigned set t ings, select Using D H CP from t he Con figu r e list .
Figure 217 Macint osh OS X: Net work
For st at ically assigned set t ings, do t he following:
• From t he Configu r e box, select M a n u a lly.
• Type your I P address in t he I P Addr e ss box.
• Type your subnet m ask in t he Subne t m a sk box.
• Type t he I P address of your Device in t he Rou t e r a ddr e ss box.
Click Apply N ow and close t he window.
Turn on your Device and rest art your com put er ( if prom pt ed) .
Verifying Settings
Check your TCP/ I P propert ies in t he N e t w or k window.
352
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix B Setting up Your Computer’s IP Address
Linux
This sect ion shows you how t o configure your com put er ’s TCP/ I P set t ings in Red Hat Linux 9.0.
Procedure, screens and file locat ion m ay vary depending on your Linux dist ribut ion and release
version.
Not e: Make sur e you are logged in as t he root adm inist rat or.
Using the K Desktop Environment (KDE)
Follow t he st eps below t o configure your com put er I P address using t he KDE.
Click t he Red Hat but t on ( locat ed on t he bot t om left corner) , select Syst e m Se t t in g and click
N e t w or k .
Figure 218 Red Hat 9.0: KDE: Net work Configurat ion: Devices
VMG8324-B10A / VMG8324-B30A Series User’s Guide
353
Appendix B Setting up Your Computer’s IP Address
Double- click on t he profile of t he net work card you wish t o configure. The Et he r ne t D e vice
Ge ne r a l screen displays as shown.
Figure 219 Red Hat 9.0: KDE: Et hernet Device: General
• I f you have a dynam ic I P address, click Aut om a t ica lly obt a in I P a ddr e ss se t t in gs w it h and
select dh cp from t he drop down list .
• I f you have a st at ic I P address, click St a t ica lly se t I P Addr e sse s and fill in t he Addr e ss,
Subne t m a sk , and D e fa u lt Ga t e w a y Addr e ss fields.
Click OK t o save t he changes and close t he Et he r ne t D e vice Ge ne r a l screen.
I f you know your DNS server I P address( es) , click t he D N S t ab in t he N e t w or k Configur a t ion
screen. Ent er t he DNS server inform at ion in t he fields provided.
Figure 220 Red Hat 9.0: KDE: Net work Configurat ion: DNS
354
Click t he D e vice s t ab.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix B Setting up Your Computer’s IP Address
Click t he Act iva t e but t on t o apply t he changes. The following screen displays. Click Ye s t o sa ve
t h e cha n ge s in a ll scr e e n s.
Figure 221 Red Hat 9.0: KDE: Net work Configurat ion: Act ivat e
Aft er t he net work card rest art process is com plet e, m ake sure t he St a t us is Act ive in t he N e t w or k
Con figu r a t ion screen.
Using Configuration Files
Follow t he st eps below t o edit t he net work configurat ion files and set your com put er I P address.
Assum ing t hat you have only one net work card on t he com put er, locat e t he ifconfig-eth0
configurat ion file ( where eth0 is t he nam e of t he Et hernet card) . Open t he configurat ion file wit h
any plain t ext edit or.
• I f you have a dynam ic I P address, ent er dhcp in t he BOOTPROTO= field. The following figure
shows an exam ple.
Figure 222 Red Hat 9.0: Dynam ic I P Address Set t ing in ifconfig- et h0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
USERCTL=no
PEERDNS=yes
TYPE=Ethernet
• I f you have a st at ic I P address, ent er static in t he BOOTPROTO= field. Type IPADDR= followed
by t he I P address ( in dot t ed decim al not at ion) and t ype NETMASK= followed by t he subnet
m ask. The following exam ple shows an exam ple where t he st at ic I P address is 192.168.1.10
and t he subnet m ask is 255.255.255.0.
Figure 223 Red Hat 9.0: St at ic I P Address Set t ing in ifconfig- et h0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0
USERCTL=no
PEERDNS=yes
TYPE=Ethernet
VMG8324-B10A / VMG8324-B30A Series User’s Guide
355
Appendix B Setting up Your Computer’s IP Address
I f you know your DNS server I P address( es) , ent er t he DNS server inform at ion in t he resolv.conf
file in t he /etc direct ory. The following figure shows an exam ple where t wo DNS server I P
addresses are specified.
Figure 224 Red Hat 9.0: DNS Set t ings in resolv.conf
nameserver 172.23.5.1
nameserver 172.23.5.2
Aft er you edit and save t he configurat ion files, you m ust rest art t he net work card. Ent er ./network
restart in t he /etc/rc.d/init.d direct ory. The following figure shows an exam ple.
Figure 225 Red Hat 9.0: Rest art Et hernet Card
[root@localhost init.d]# network restart
Shutting down interface eth0:
Shutting down loopback interface:
Setting network parameters:
Bringing up loopback interface:
Bringing up interface eth0:
[OK]
[OK]
[OK]
[OK]
[OK]
Verifying Settings
Ent er ifconfig in a t erm inal screen t o check your TCP/ I P propert ies.
Figure 226 Red Hat 9.0: Checking TCP/ I P Propert ies
[root@localhost]# ifconfig
eth0
Link encap:Ethernet HWaddr 00:50:BA:72:5B:44
inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:717 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb)
Interrupt:10 Base address:0x1000
[root@localhost]#
356
VMG8324-B10A / VMG8324-B30A Series User’s Guide
A PPENDIX
IP Addresses and Subnetting
This appendix int roduces I P addresses and subnet m asks.
I P addresses ident ify individual devices on a net work. Every net working device ( including
com put ers, servers, rout ers, print ers, et c.) needs an I P address t o com m unicat e across t he
net work. These net working devices are also known as host s.
Subnet m asks det erm ine t he m axim um num ber of possible host s on a net work. You can also use
subnet m asks t o divide one net work int o m ult iple sub- net works.
Introduction to IP Addresses
One part of t he I P address is t he net work num ber, and t he ot her part is t he host I D. I n t he sam e
way t hat houses on a st reet share a com m on st reet nam e, t he host s on a net work share a com m on
net work num ber. Sim ilarly, as each house has it s own house num ber, each host on t he net work has
it s own unique ident ifying num ber - t he host I D. Rout ers use t he net work num ber t o send packet s
t o t he correct net work, while t he host I D det erm ines t o which host on t he net work t he packet s are
delivered.
Structure
An I P address is m ade up of four part s, writ t en in dot t ed decim al not at ion ( for exam ple,
192.168.1.1) . Each of t hese four part s is known as an oct et . An oct et is an eight- digit binary
num ber ( for exam ple 11000000, which is 192 in decim al not at ion) .
Therefore, each oct et has a possible range of 00000000 t o 11111111 in binary, or 0 t o 255 in
decim al.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
357
Appendix C IP Addresses and Subnetting
The following figure shows an exam ple I P address in which t he first t hree oct et s ( 192.168.1) are
t he net work num ber, and t he fourt h oct et ( 16) is t he host I D.
Figure 227 Net work Num ber and Host I D
How m uch of t he I P address is t he net work num ber and how m uch is t he host I D varies according
t o t he subnet m ask.
Subnet Masks
A subnet m ask is used t o det erm ine which bit s are part of t he net work num ber, and which bit s are
part of t he host I D ( using a logical AND operat ion) . The t erm “ subnet ” is short for “ sub- net work”.
A subnet m ask has 32 bit s. I f a bit in t he subnet m ask is a “ 1” t hen t he corresponding bit in t he I P
address is part of t he net work num ber. I f a bit in t he subnet m ask is “ 0” t hen t he corresponding bit
in t he I P address is part of t he host I D.
The following exam ple shows a subnet m ask ident ifying t he net work num ber ( in bold t ext ) and host
I D of an I P address ( 192.168.1.2 in decim al) .
Table 154 Subnet Masks
1ST OCTET: 2ND
OCTET:
(192)
(168)
3RD
OCTET:
4TH OCTET
(1)
(2)
I P Address ( Binary)
11000000
10101000
00000001
00000010
Subnet Mask ( Binary)
11111111
11111111
11111111
00000000
Net work Num ber
11000000
10101000
00000001
Host I D
00000010
By convent ion, subnet m asks always consist of a cont inuous sequence of ones beginning from t he
left m ost bit of t he m ask, followed by a cont inuous sequence of zeros, for a t ot al num ber of 32 bit s.
358
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix C IP Addresses and Subnetting
Subnet m asks can be referred t o by t he size of t he net work num ber part ( t he bit s wit h a “ 1” value) .
For exam ple, an “ 8- bit m ask” m eans t hat t he first 8 bit s of t he m ask are ones and t he rem aining 24
bit s are zeroes.
Subnet m asks are expressed in dot t ed decim al not at ion j ust like I P addresses. The following
exam ples show t he binary and decim al not at ion for 8- bit , 16- bit , 24- bit and 29- bit subnet m asks.
Table 155 Subnet Masks
BINARY
DECIMAL
1ST
OCTET
2ND
OCTET
3RD
OCTET
4TH OCTET
8- bit m ask
11111111
00000000
00000000
00000000
255.0.0.0
16- bit m ask
11111111
11111111
00000000
00000000
255.255.0.0
24- bit m ask
11111111
11111111
11111111
00000000
255.255.255.0
29- bit m ask
11111111
11111111
11111111
11111000
255.255.255.248
Network Size
The size of t he net work num ber det erm ines t he m axim um num ber of possible host s you can have
on your net work. The larger t he num ber of net work num ber bit s, t he sm aller t he num ber of
rem aining host I D bit s.
An I P address wit h host I Ds of all zeros is t he I P address of t he net work ( 192.168.1.0 wit h a 24- bit
subnet m ask, for exam ple) . An I P address wit h host I Ds of all ones is t he broadcast address for t hat
net work ( 192.168.1.255 wit h a 24- bit subnet m ask, for exam ple) .
As t hese t wo I P addresses cannot be used for individual host s, calculat e t he m axim um num ber of
possible host s in a net work as follows:
Table 156 Maxim um Host Num bers
SUBNET MASK
HOST ID SIZE
MAXIMUM NUMBER OF HOSTS
24
8 bit s
255.0.0.0
24 bit s
16 bit s
255.255.0.0
16 bit s
2 16 – 2
24 bit s
29 bit s
255.255.255.0
255.255.255.24
8 bit s
3 bit s
– 2
16777214
65534
254
2 – 2
2 – 2
Notation
Since t he m ask is always a cont inuous num ber of ones beginning from t he left , followed by a
cont inuous num ber of zeros for t he rem ainder of t he 32 bit m ask, you can sim ply specify t he
num ber of ones inst ead of writ ing t he value of each oct et . This is usually specified by writ ing a “ / ”
followed by t he num ber of bit s in t he m ask aft er t he address.
For exam ple, 192.1.1.0 / 25 is equivalent t o saying 192.1.1.0 wit h subnet m ask 255.255.255.128.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
359
Appendix C IP Addresses and Subnetting
The following t able shows som e possible subnet m asks using bot h not at ions.
Table 157 Alt ernat ive Subnet Mask Not at ion
SUBNET MASK
ALTERNATIVE
NOTATION
LAST OCTET
(BINARY)
LAST OCTET
(DECIMAL)
255.255.255.0
/ 24
0000 0000
255.255.255.128
/ 25
1000 0000
128
255.255.255.192
/ 26
1100 0000
192
255.255.255.224
/ 27
1110 0000
224
255.255.255.240
/ 28
1111 0000
240
255.255.255.248
/ 29
1111 1000
248
255.255.255.252
/ 30
1111 1100
252
Subnetting
You can use subnet t ing t o divide one net work int o m ult iple sub- net works. I n t he following exam ple
a net work adm inist rat or creat es t wo sub- net works t o isolat e a group of servers from t he rest of t he
com pany net work for securit y reasons.
I n t his exam ple, t he com pany net work address is 192.168.1.0. The first t hree oct et s of t he address
( 192.168.1) are t he net work num ber, and t he rem aining oct et is t he host I D, allowing a m axim um
of 2 8 – 2 or 254 possible host s.
The following figure shows t he com pany net work before subnet t ing.
Figure 228 Subnet t ing Exam ple: Before Subnet t ing
You can “ borrow” one of t he host I D bit s t o divide t he net work 192.168.1.0 int o t wo separat e subnet works. The subnet m ask is now 25 bit s ( 255.255.255.128 or / 25) .
The “ borrowed” host I D bit can have a value of eit her 0 or 1, allowing t wo subnet s; 192.168.1.0 / 25
and 192.168.1.128 / 25.
360
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix C IP Addresses and Subnetting
The following figure shows t he com pany net work aft er subnet t ing. There are now t wo subnet works, A and B.
Figure 229 Subnet t ing Exam ple: Aft er Subnet t ing
I n a 25- bit subnet t he host I D has 7 bit s, so each sub- net work has a m axim um of 2 7 – 2 or 126
possible host s ( a host I D of all zeroes is t he subnet ’s address it self, all ones is t he subnet ’s
broadcast address) .
192.168.1.0 wit h m ask 255.255.255.128 is subnet A it self, and 192.168.1.127 wit h m ask
255.255.255.128 is it s broadcast address. Therefore, t he lowest I P address t hat can be assigned t o
an act ual host for subnet A is 192.168.1.1 and t he highest is 192.168.1.126.
Sim ilarly, t he host I D range for subnet B is 192.168.1.129 t o 192.168.1.254.
Example: Four Subnets
The previous exam ple illust rat ed using a 25- bit subnet m ask t o divide a 24- bit address int o t wo
subnet s. Sim ilarly, t o divide a 24- bit address int o four subnet s, you need t o “ borrow” t wo host I D
bit s t o give four possible com binat ions ( 00, 01, 10 and 11) . The subnet m ask is 26 bit s
( 11111111.11111111.11111111.1 1 000000) or 255.255.255.192.
Each subnet cont ains 6 host I D bit s, giving 2 6 - 2 or 62 host s for each subnet ( a host I D of all
zeroes is t he subnet it self, all ones is t he subnet ’s broadcast address) .
Table 158 Subnet 1
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
I P Address ( Decim al)
192.168.1.
I P Address ( Binary)
11000000.10101000.00000001.
0 0 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
VMG8324-B10A / VMG8324-B30A Series User’s Guide
361
Appendix C IP Addresses and Subnetting
Table 158 Subnet 1 ( cont inued)
LAST OCTET BIT
VALUE
IP/SUBNET MASK
NETWORK NUMBER
Subnet Address:
192.168.1.0
Lowest Host I D: 192.168.1.1
Broadcast Address:
192.168.1.63
Highest Host I D: 192.168.1.62
Table 159 Subnet 2
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT
VALUE
I P Address
192.168.1.
64
I P Address ( Binary)
11000000.10101000.00000001.
0 1 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
Subnet Address:
192.168.1.64
Lowest Host I D: 192.168.1.65
Broadcast Address:
192.168.1.127
Highest Host I D: 192.168.1.126
Table 160 Subnet 3
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT VALUE
I P Address
192.168.1.
128
I P Address ( Binary)
11000000.10101000.00000001.
1 0 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
Subnet Address:
192.168.1.128
Lowest Host I D: 192.168.1.129
Broadcast Address:
192.168.1.191
Highest Host I D: 192.168.1.190
Table 161 Subnet 4
IP/SUBNET MASK
NETWORK NUMBER
LAST OCTET BIT VALUE
I P Address
192.168.1.
192
I P Address ( Binary)
11000000.10101000.00000001.
1 1 000000
Subnet Mask ( Binary)
11111111.11111111.11111111.
1 1 000000
Subnet Address:
192.168.1.192
Lowest Host I D: 192.168.1.193
Broadcast Address:
192.168.1.255
Highest Host I D: 192.168.1.254
Example: Eight Subnets
Sim ilarly, use a 27- bit m ask t o creat e eight subnet s ( 000, 001, 010, 011, 100, 101, 110 and 111) .
The following t able shows I P address last oct et values for each subnet .
Table 162 Eight Subnet s
362
SUBNET
SUBNET
ADDRESS
FIRST ADDRESS
LAST
ADDRESS
BROADCAST
ADDRESS
30
31
32
33
62
63
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix C IP Addresses and Subnetting
Table 162 Eight Subnet s ( cont inued)
SUBNET
SUBNET
ADDRESS
FIRST ADDRESS
LAST
ADDRESS
BROADCAST
ADDRESS
64
65
94
95
96
97
126
127
128
129
158
159
160
161
190
191
192
193
222
223
224
225
254
255
Subnet Planning
The following t able is a sum m ary for subnet planning on a net work wit h a 24- bit net work num ber.
Table 163 24- bit Net work Num ber Subnet Planning
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
255.255.255.128 ( / 25)
126
255.255.255.192 ( / 26)
62
255.255.255.224 ( / 27)
30
255.255.255.240 ( / 28)
16
14
255.255.255.248 ( / 29)
32
255.255.255.252 ( / 30)
64
255.255.255.254 ( / 31)
128
The following t able is a sum m ary for subnet planning on a net work wit h a 16- bit net work num ber.
Table 164 16- bit Net work Num ber Subnet Planning
NO. “BORROWED”
HOST BITS
SUBNET MASK
NO. SUBNETS
NO. HOSTS PER
SUBNET
255.255.128.0 ( / 17)
32766
255.255.192.0 ( / 18)
16382
255.255.224.0 ( / 19)
8190
255.255.240.0 ( / 20)
16
4094
255.255.248.0 ( / 21)
32
2046
255.255.252.0 ( / 22)
64
1022
255.255.254.0 ( / 23)
128
510
255.255.255.0 ( / 24)
256
254
255.255.255.128 ( / 25)
512
126
10
255.255.255.192 ( / 26)
1024
62
11
255.255.255.224 ( / 27)
2048
30
12
255.255.255.240 ( / 28)
4096
14
13
255.255.255.248 ( / 29)
8192
14
255.255.255.252 ( / 30)
16384
15
255.255.255.254 ( / 31)
32768
VMG8324-B10A / VMG8324-B30A Series User’s Guide
363
Appendix C IP Addresses and Subnetting
Configuring IP Addresses
Where you obt ain your net work num ber depends on your part icular sit uat ion. I f t he I SP or your
net work adm inist rat or assigns you a block of regist ered I P addresses, follow t heir inst ruct ions in
select ing t he I P addresses and t he subnet m ask.
I f t he I SP did not explicit ly give you an I P net work num ber, t hen m ost likely you have a single user
account and t he I SP will assign you a dynam ic I P address when t he connect ion is est ablished. I f t his
is t he case, it is recom m ended t hat you select a net work num ber from 192.168.0.0 t o
192.168.255.0. The I nt ernet Assigned Num ber Aut horit y ( I ANA) reserved t his block of addresses
specifically for privat e use; please do not use any ot her num ber unless you are t old ot herwise. You
m ust also enable Net work Address Translat ion ( NAT) on t he Device.
Once you have decided on t he net work num ber, pick an I P address for your Device t hat is easy t o
rem em ber ( for inst ance, 192.168.1.1) but m ake sure t hat no ot her device on your net work is using
t hat I P address.
The subnet m ask specifies t he net work num ber port ion of an I P address. Your Device will com put e
t he subnet m ask aut om at ically based on t he I P address t hat you ent ered. You don't need t o change
t he subnet m ask com put ed by t he Device unless you are inst ruct ed t o do ot herwise.
Private IP Addresses
Every m achine on t he I nt ernet m ust have a unique address. I f your net works are isolat ed from t he
I nt ernet ( running only bet ween t wo branch offices, for exam ple) you can assign any I P addresses t o
t he host s wit hout problem s. However, t he I nt ernet Assigned Num bers Aut horit y ( I ANA) has
reserved t he following t hree blocks of I P addresses specifically for privat e net works:
• 10.0.0.0
• 172.16.0.0
— 10.255.255.255
— 172.31.255.255
• 192.168.0.0 — 192.168.255.255
You can obt ain your I P address from t he I ANA, from an I SP, or it can be assigned from a privat e
net work. I f you belong t o a sm all organizat ion and your I nt ernet access is t hrough an I SP, t he I SP
can provide you wit h t he I nt ernet addresses for your local net works. On t he ot her hand, if you are
part of a m uch larger organizat ion, you should consult your net work adm inist rat or for t he
appropriat e I P addresses.
Regardless of your part icular sit uat ion, do not creat e an arbit rary I P address; always follow t he
guidelines above. For m ore inform at ion on address assignm ent , please refer t o RFC 1597, Address
Allocat ion for Privat e I nt ernet s and RFC 1466, Guidelines for Managem ent of I P Address Space.
364
VMG8324-B10A / VMG8324-B30A Series User’s Guide
A PPENDIX
Pop-up Windows, JavaScripts and Java
Permissions
I n order t o use t he web configurat or you need t o allow:
• Web browser pop- up windows from your device.
• JavaScript s ( enabled by default ) .
• Java perm issions ( enabled by default ) .
Not e: I nt ernet Explorer 6 screens are used here. Screens for ot her I nt ernet Explorer
ver sions m ay vary.
Internet Explorer Pop-up Blockers
You m ay have t o disable pop- up blocking t o log int o your device.
Eit her disable pop- up blocking ( enabled by default in Windows XP SP ( Service Pack) 2) or allow
pop- up blocking and creat e an except ion for your device’s I P address.
Disable Pop-up Blockers
I n I nt ernet Explorer, select Tools, Pop- u p Block e r and t hen select Tur n Off Pop- up Block e r.
Figure 230 Pop- up Blocker
You can also check if pop- up blocking is disabled in t he Pop- u p Block e r sect ion in t he Pr iva cy t ab.
I n I nt ernet Explorer, select Tools, I nt e r ne t Opt ions, Pr iva cy.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
365
Appendix D Pop-up Windows, JavaScripts and Java Permissions
Clear t he Block pop- ups check box in t he Pop- u p Block e r sect ion of t he screen. This disables any
web pop- up blockers you m ay have enabled.
Figure 231 I nt ernet Opt ions: Privacy
Click Apply t o save t his set t ing.
Enable Pop-up Blockers with Exceptions
Alt ernat ively, if you only want t o allow pop- up windows from your device, see t he following st eps.
366
I n I nt ernet Explorer, select Tools, I nt e r ne t Opt ions and t hen t he Pr iva cy t ab.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix D Pop-up Windows, JavaScripts and Java Permissions
Select Se t t ings…t o open t he Pop- up Block e r Se t t ings screen.
Figure 232 I nt ernet Opt ions: Privacy
Type t he I P address of your device ( t he web page t hat you do not want t o have blocked) wit h t he
prefix “ ht t p: / / ”. For exam ple, ht t p: / / 192.168.167.1.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
367
Appendix D Pop-up Windows, JavaScripts and Java Permissions
Click Add t o m ove t he I P address t o t he list of Allow e d sit e s.
Figure 233 Pop- up Blocker Set t ings
Click Close t o ret urn t o t he Pr iva cy screen.
Click Apply t o save t his set t ing.
JavaScripts
I f pages of t he web configurat or do not display properly in I nt ernet Explorer, check t hat JavaScript s
are allowed.
368
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix D Pop-up Windows, JavaScripts and Java Permissions
I n I nt ernet Explorer, click Tools, I n t e r ne t Opt ion s and t hen t he Se cur it y t ab.
Figure 234 I nt ernet Opt ions: Securit y
Click t he Cu st om Le ve l... but t on.
Scroll down t o Scr ipt ing.
Under Act ive scr ipt ing m ake sure t hat Ena ble is select ed ( t he default ) .
Under Scr ipt ing of Ja va a pple t s m ake sure t hat Ena ble is select ed ( t he default ) .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
369
Appendix D Pop-up Windows, JavaScripts and Java Permissions
Click OK t o close t he window.
Figure 235 Securit y Set t ings - Java Script ing
Java Permissions
370
From I nt ernet Explorer, click Tools, I nt e r ne t Opt ions and t hen t he Se cu r it y t ab.
Click t he Cu st om Le ve l... but t on.
Scroll down t o M icr osoft VM .
Under Ja va pe r m issions m ake sure t hat a safet y level is select ed.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix D Pop-up Windows, JavaScripts and Java Permissions
Click OK t o close t he window.
Figure 236 Securit y Set t ings - Java
JAVA (Sun)
From I nt ernet Explorer, click Tools, I nt e r ne t Opt ions and t hen t he Adva n ce d t ab.
Make sure t hat Use Ja va 2 for < a pple t > under Ja va ( Sun) is select ed.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
371
Appendix D Pop-up Windows, JavaScripts and Java Permissions
Click OK t o close t he window.
Figure 237 Java ( Sun)
Mozilla Firefox
Mozilla Firefox 2.0 screens are used here. Screens for ot her versions m ay vary.
You can enable Java, Javascript s and pop- ups in one screen. Click Tools, t hen click Opt ions in t he
screen t hat appears.
Figure 238 Mozilla Firefox: Tools > Opt ions
372
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix D Pop-up Windows, JavaScripts and Java Permissions
Click Cont e n t .t o show t he screen below. Select t he check boxes as shown in t he following screen.
Figure 239 Mozilla Firefox Cont ent Securit y
VMG8324-B10A / VMG8324-B30A Series User’s Guide
373
Appendix D Pop-up Windows, JavaScripts and Java Permissions
374
VMG8324-B10A / VMG8324-B30A Series User’s Guide
A PPENDIX
Wireless LANs
Wireless LAN Topologies
This sect ion discusses ad- hoc and infrast ruct ure wireless LAN t opologies.
Ad-hoc Wireless LAN Configuration
The sim plest WLAN configurat ion is an independent ( Ad- hoc) WLAN t hat connect s a set of
com put ers wit h wireless adapt ers ( A, B, C) . Any t im e t wo or m ore wireless adapt ers are wit hin
range of each ot her, t hey can set up an independent net work, which is com m only referred t o as an
ad- hoc net work or I ndependent Basic Service Set ( I BSS) . The following diagram shows an exam ple
of not ebook com put ers using wireless adapt ers t o form an ad- hoc wireless LAN.
Figure 240 Peer- t o- Peer Com m unicat ion in an Ad- hoc Net work
BSS
A Basic Service Set ( BSS) exist s when all com m unicat ions bet ween wireless client s or bet ween a
wireless client and a wired net work client go t hrough one access point ( AP) .
I nt ra- BSS t raffic is t raffic bet ween wireless client s in t he BSS. When I nt ra- BSS is enabled, wireless
client A and B can access t he wired net work and com m unicat e wit h each ot her. When I nt ra- BSS is
VMG8324-B10A / VMG8324-B30A Series User’s Guide
375
Appendix E Wireless LANs
disabled, wireless client A and B can st ill access t he wired net work but cannot com m unicat e wit h
each ot her.
Figure 241 Basic Service Set
ESS
An Ext ended Service Set ( ESS) consist s of a series of overlapping BSSs, each cont aining an access
point , wit h each access point connect ed t oget her by a wired net work. This wired connect ion
bet ween APs is called a Dist ribut ion Syst em ( DS) .
This t ype of wireless LAN t opology is called an I nfrast ruct ure WLAN. The Access Point s not only
provide com m unicat ion wit h t he wired net work but also m ediat e wireless net work t raffic in t he
im m ediat e neighborhood.
376
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix E Wireless LANs
An ESSI D ( ESS I Dent ificat ion) uniquely ident ifies each ESS. All access point s and t heir associat ed
wireless client s wit hin t he sam e ESS m ust have t he sam e ESSI D in order t o com m unicat e.
Figure 242 I nfrast ruct ure WLAN
Channel
A channel is t he radio frequency( ies) used by wireless devices t o t ransm it and receive dat a.
Channels available depend on your geographical area.
Adj acent channels part ially overlap however. To avoid int erference due t o overlap, your AP should
be on a channel at least five channels away from a channel t hat an adj acent AP is using.
RTS/CTS
A hidden node occurs when t wo st at ions are wit hin range of t he sam e access point , but are not
wit hin range of each ot her. The following figure illust rat es a hidden node. Bot h st at ions ( STA) are
wit hin range of t he access point ( AP) or wireless gat eway, but out- of- range of each ot her, so t hey
VMG8324-B10A / VMG8324-B30A Series User’s Guide
377
Appendix E Wireless LANs
cannot " hear" each ot her, t hat is t hey do not know if t he channel is current ly being used. Therefore,
t hey are considered hidden from each ot her.
Figure 243
RTS/ CTS
When st at ion A sends dat a t o t he AP, it m ight not know t hat t he st at ion B is already using t he
channel. I f t hese t wo st at ions send dat a at t he sam e t im e, collisions m ay occur when bot h set s of
dat a arrive at t he AP at t he sam e t im e, result ing in a loss of m essages for bot h st at ions.
RTS/ CTS is designed t o prevent collisions due t o hidden nodes. An RTS/ CTS defines t he biggest
size dat a fram e you can send before an RTS ( Request To Send) / CTS ( Clear t o Send) handshake is
invoked.
When a dat a fram e exceeds t he RTS/ CTS value you set ( bet ween 0 t o 2432 byt es) , t he st at ion
t hat want s t o t ransm it t his fram e m ust first send an RTS ( Request To Send) m essage t o t he AP for
perm ission t o send it . The AP t hen responds wit h a CTS ( Clear t o Send) m essage t o all ot her
st at ions wit hin it s range t o not ify t hem t o defer t heir t ransm ission. I t also reserves and confirm s
wit h t he request ing st at ion t he t im e fram e for t he request ed t ransm ission.
St at ions can send fram es sm aller t han t he specified RTS/ CTS direct ly t o t he AP wit hout t he RTS
( Request To Send) / CTS ( Clear t o Send) handshake.
You should only configure RTS/ CTS if t he possibilit y of hidden nodes exist s on your net work and
t he " cost " of resending large fram es is m ore t han t he ext ra net work overhead involved in t he RTS
( Request To Send) / CTS ( Clear t o Send) handshake.
I f t he RTS/ CTS value is great er t han t he Fr a gm e nt a t ion Thr e sh old value ( see next ) , t hen t he
RTS ( Request To Send) / CTS ( Clear t o Send) handshake will never occur as dat a fram es will be
fragm ent ed before t hey reach RTS/ CTS size.
Not e: Enabling t he RTS Threshold causes redundant net w ork overhead t hat could
negat ively affect t he t hroughput perfor m ance inst ead of pr oviding a rem edy.
Fragmentation Threshold
A Fr a gm e nt a t ion Thr e sh old is t he m axim um dat a fragm ent size ( bet ween 256 and 2432 byt es)
t hat can be sent in t he wireless net work before t he AP will fragm ent t he packet int o sm aller dat a
fram es.
A large Fr a gm e n t a t ion Th r e sh old is recom m ended for net works not prone t o int erference while
you should set a sm aller t hreshold for busy net works or net works t hat are prone t o int erference.
378
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix E Wireless LANs
I f t he Fr a gm e nt a t ion Thr e shold value is sm aller t han t he RTS/ CTS value ( see previously) you
set t hen t he RTS ( Request To Send) / CTS ( Clear t o Send) handshake will never occur as dat a fram es
will be fragm ent ed before t hey reach RTS/ CTS size.
IEEE 802.11g Wireless LAN
I EEE 802.11g is fully com pat ible wit h t he I EEE 802.11b st andard. This m eans an I EEE 802.11b
adapt er can int erface direct ly wit h an I EEE 802.11g access point ( and vice versa) at 11 Mbps or
lower depending on range. I EEE 802.11g has several int erm ediat e rat e st eps bet ween t he
m axim um and m inim um dat a rat es. The I EEE 802.11g dat a rat e and m odulat ion are as follows:
Table 165 I EEE 802.11g
DATA RATE (MBPS)
MODULATION
DBPSK ( Different ial Binary Phase Shift Keyed)
DQPSK ( Different ial Quadrat ure Phase Shift Keying)
5.5 / 11
CCK ( Com plem ent ary Code Keying)
6/ 9/ 12/ 18/ 24/ 36/ 48/
54
OFDM ( Ort hogonal Frequency Division Mult iplexing)
Wireless Security Overview
Wireless securit y is vit al t o your net work t o prot ect wireless com m unicat ion bet ween wireless
client s, access point s and t he wired net work.
Wireless securit y m et hods available on t he Device are dat a encrypt ion, wireless client
aut hent icat ion, rest rict ing access by device MAC address and hiding t he Device ident it y.
The following figure shows t he relat ive effect iveness of t hese wireless securit y m et hods available on
your Device.
Table 166 Wireless Securit y Levels
SECURITY
LEVEL
Least
Secure
SECURITY TYPE
Unique SSI D ( Default )
Unique SSI D wit h Hide SSI D Enabled
MAC Address Filt ering
WEP Encrypt ion
I EEE802.1x EAP wit h RADI US Server Aut hent icat ion
Wi- Fi Prot ect ed Access ( WPA)
WPA2
Most Secure
Not e: You m ust enable t he sam e wireless securit y set t ings on t he Device and on all
wireless client s t hat you want t o associat e wit h it .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
379
Appendix E Wireless LANs
IEEE 802.1x
I n June 2001, t he I EEE 802.1x st andard was designed t o ext end t he feat ures of I EEE 802.11 t o
support ext ended aut hent icat ion as well as providing addit ional account ing and cont rol feat ures. I t
is support ed by Windows XP and a num ber of net work devices. Som e advant ages of I EEE 802.1x
are:
• User based ident ificat ion t hat allows for roam ing.
• Support for RADI US ( Rem ot e Aut hent icat ion Dial I n User Service, RFC 2138, 2139) for
cent ralized user profile and account ing m anagem ent on a net work RADI US server.
• Support for EAP ( Ext ensible Aut hent icat ion Prot ocol, RFC 2486) t hat allows addit ional
aut hent icat ion m et hods t o be deployed wit h no changes t o t he access point or t he wireless
client s.
RADIUS
RADI US is based on a client- server m odel t hat support s aut hent icat ion, aut horizat ion and
account ing. The access point is t he client and t he server is t he RADI US server. The RADI US server
handles t he following t asks:
• Aut hent icat ion
Det erm ines t he ident it y of t he users.
• Aut horizat ion
Det erm ines t he net work services available t o aut hent icat ed users once t hey are connect ed t o t he
net work.
• Account ing
Keeps t rack of t he client ’s net work act ivit y.
RADI US is a sim ple package exchange in which your AP act s as a m essage relay bet ween t he
wireless client and t he net work RADI US server.
Types of RADIUS Messages
The following t ypes of RADI US m essages are exchanged bet ween t he access point and t he RADI US
server for user aut hent icat ion:
• Access- Request
Sent by an access point request ing aut hent icat ion.
• Access- Rej ect
Sent by a RADI US server rej ect ing access.
• Access-Accept
Sent by a RADI US server allowing access.
• Access- Challenge
Sent by a RADI US server request ing m ore inform at ion in order t o allow access. The access point
sends a proper response from t he user and t hen sends anot her Access- Request m essage.
The following t ypes of RADI US m essages are exchanged bet ween t he access point and t he RADI US
server for user account ing:
380
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix E Wireless LANs
• Account ing- Request
Sent by t he access point request ing account ing.
• Account ing- Response
Sent by t he RADI US server t o indicat e t hat it has st art ed or st opped account ing.
I n order t o ensure net work securit y, t he access point and t he RADI US server use a shared secret
key, which is a password, t hey bot h know. The key is not sent over t he net work. I n addit ion t o t he
shared key, password inform at ion exchanged is also encrypt ed t o prot ect t he net work from
unaut horized access.
Types of EAP Authentication
This sect ion discusses som e popular aut hent icat ion t ypes: EAP- MD5, EAP-TLS, EAP-TTLS, PEAP and
LEAP. Your wireless LAN device m ay not support all aut hent icat ion t ypes.
EAP ( Ext ensible Aut hent icat ion Prot ocol) is an aut hent icat ion prot ocol t hat runs on t op of t he I EEE
802.1x t ransport m echanism in order t o support m ult iple t ypes of user aut hent icat ion. By using EAP
t o int eract wit h an EAP- com pat ible RADI US server, an access point helps a wireless st at ion and a
RADI US server perform aut hent icat ion.
The t ype of aut hent icat ion you use depends on t he RADI US server and an int erm ediary AP( s) t hat
support s I EEE 802.1x.
For EAP-TLS aut hent icat ion t ype, you m ust first have a wired connect ion t o t he net work and obt ain
t he cert ificat e( s) from a cert ificat e aut horit y ( CA) . A cert ificat e ( also called digit al I Ds) can be used
t o aut hent icat e users and a CA issues cert ificat es and guarant ees t he ident it y of each cert ificat e
owner.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 aut hent icat ion is t he sim plest one- way aut hent icat ion m et hod. The aut hent icat ion server
sends a challenge t o t he wireless client . The wireless client ‘proves’ t hat it knows t he password by
encrypt ing t he password wit h t he challenge and sends back t he inform at ion. Password is not sent in
plain t ext .
However, MD5 aut hent icat ion has som e weaknesses. Since t he aut hent icat ion server needs t o get
t he plaint ext passwords, t he passwords m ust be st ored. Thus som eone ot her t han t he
aut hent icat ion server m ay access t he password file. I n addit ion, it is possible t o im personat e an
aut hent icat ion server as MD5 aut hent icat ion m et hod does not perform m ut ual aut hent icat ion.
Finally, MD5 aut hent icat ion m et hod does not support dat a encrypt ion wit h dynam ic session key. You
m ust configure WEP encrypt ion keys for dat a encrypt ion.
EAP-TLS (Transport Layer Security)
Wit h EAP-TLS, digit al cert ificat ions are needed by bot h t he server and t he wireless client s for
m ut ual aut hent icat ion. The server present s a cert ificat e t o t he client . Aft er validat ing t he ident it y of
t he server, t he client sends a different cert ificat e t o t he server. The exchange of cert ificat es is done
in t he open before a secured t unnel is creat ed. This m akes user ident it y vulnerable t o passive
at t acks. A digit al cert ificat e is an elect ronic I D card t hat aut hent icat es t he sender ’s ident it y.
However, t o im plem ent EAP-TLS, you need a Cert ificat e Aut horit y ( CA) t o handle cert ificat es, which
im poses a m anagem ent overhead.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
381
Appendix E Wireless LANs
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an ext ension of t he EAP-TLS aut hent icat ion t hat uses cert ificat es for only t he serverside aut hent icat ions t o est ablish a secure connect ion. Client aut hent icat ion is t hen done by sending
usernam e and password t hrough t he secure connect ion, t hus client ident it y is prot ect ed. For client
aut hent icat ion, EAP-TTLS support s EAP m et hods and legacy aut hent icat ion m et hods such as PAP,
CHAP, MS- CHAP and MS- CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server- side cert ificat e aut hent icat ion is used t o est ablish a secure connect ion, t hen
use sim ple usernam e and password m et hods t hrough t he secured connect ion t o aut hent icat e t he
client s, t hus hiding client ident it y. However, PEAP only support s EAP m et hods, such as EAP- MD5,
EAP- MSCHAPv2 and EAP- GTC ( EAP- Generic Token Card) , for client aut hent icat ion. EAP- GTC is
im plem ent ed only by Cisco.
LEAP
LEAP ( Light weight Ext ensible Aut hent icat ion Prot ocol) is a Cisco im plem ent at ion of I EEE 802.1x.
Dynamic WEP Key Exchange
The AP m aps a unique key t hat is generat ed wit h t he RADI US server. This key expires when t he
wireless connect ion t im es out , disconnect s or reaut hent icat ion t im es out . A new WEP key is
generat ed each t im e reaut hent icat ion is perform ed.
I f t his feat ure is enabled, it is not necessary t o configure a default encrypt ion key in t he wireless
securit y configurat ion screen. You m ay st ill configure and st ore keys, but t hey will not be used while
dynam ic WEP is enabled.
Not e: EAP- MD5 cannot be used wit h Dynam ic WEP Key Exchange
For added securit y, cert ificat e- based aut hent icat ions ( EAP-TLS, EAP-TTLS and PEAP) use dynam ic
keys for dat a encrypt ion. They are oft en deployed in corporat e environm ent s, but for public
deploym ent , a sim ple user nam e and password pair is m ore pract ical. The following t able is a
com parison of t he feat ures of aut hent icat ion t ypes.
Table 167 Com parison of EAP Aut hent icat ion Types
382
EAP-MD5
EAP-TLS
EAP-TTLS
PEAP
LEAP
Mut ual Aut hent icat ion
No
Yes
Yes
Yes
Yes
Cert ificat e – Client
No
Yes
Opt ional
Opt ional
No
Cert ificat e – Server
No
Yes
Yes
Yes
No
Dynam ic Key Exchange
No
Yes
Yes
Yes
Yes
Credent ial I nt egrit y
None
St rong
St rong
St rong
Moderat e
Deploym ent Difficult y
Easy
Hard
Moderat e
Moderat e
Moderat e
Client I dent it y Prot ect ion
No
No
Yes
Yes
No
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix E Wireless LANs
WPA and WPA2
Wi- Fi Prot ect ed Access ( WPA) is a subset of t he I EEE 802.11i st andard. WPA2 ( I EEE 802.11i) is a
wireless securit y st andard t hat defines st ronger encrypt ion, aut hent icat ion and key m anagem ent
t han WPA.
Key differences bet ween WPA or WPA2 and WEP are im proved dat a encrypt ion and user
aut hent icat ion.
I f bot h an AP and t he wireless client s support WPA2 and you have an ext ernal RADI US server, use
WPA2 for st ronger dat a encrypt ion. I f you don't have an ext ernal RADI US server, you should use
WPA2- PSK ( WPA2- Pre- Shared Key) t hat only requires a single ( ident ical) password ent ered int o
each access point , wireless gat eway and wireless client . As long as t he passwords m at ch, a wireless
client will be grant ed access t o a WLAN.
I f t he AP or t he wireless client s do not support WPA2, j ust use WPA or WPA- PSK depending on
whet her you have an ext ernal RADI US server or not .
Select WEP only when t he AP and/ or wireless client s do not support WPA or WPA2. WEP is less
secure t han WPA or WPA2.
Encryption
WPA im proves dat a encrypt ion by using Tem poral Key I nt egrit y Prot ocol ( TKI P) , Message I nt egrit y
Check ( MI C) and I EEE 802.1x. WPA2 also uses TKI P when required for com pat ibilit y reasons, but
offers st ronger encrypt ion t han TKI P wit h Advanced Encrypt ion St andard ( AES) in t he Count er
m ode wit h Cipher block chaining Message aut hent icat ion code Prot ocol ( CCMP) .
TKI P uses 128- bit keys t hat are dynam ically generat ed and dist ribut ed by t he aut hent icat ion server.
AES ( Advanced Encrypt ion St andard) is a block cipher t hat uses a 256- bit m at hem at ical algorit hm
called Rij ndael. They bot h include a per- packet key m ixing funct ion, a Message I nt egrit y Check
( MI C) nam ed Michael, an ext ended init ializat ion vect or ( I V) wit h sequencing rules, and a re- keying
m echanism .
WPA and WPA2 regularly change and rot at e t he encrypt ion keys so t hat t he sam e encrypt ion key is
never used t wice.
The RADI US server dist ribut es a Pairwise Mast er Key ( PMK) key t o t he AP t hat t hen set s up a key
hierarchy and m anagem ent syst em , using t he PMK t o dynam ically generat e unique dat a encrypt ion
keys t o encrypt every dat a packet t hat is wirelessly com m unicat ed bet ween t he AP and t he wireless
client s. This all happens in t he background aut om at ically.
The Message I nt egrit y Check ( MI C) is designed t o prevent an at t acker from capt uring dat a packet s,
alt ering t hem and resending t hem . The MI C provides a st rong m at hem at ical funct ion in which t he
receiver and t he t ransm it t er each com put e and t hen com pare t he MI C. I f t hey do not m at ch, it is
assum ed t hat t he dat a has been t am pered wit h and t he packet is dropped.
By generat ing unique dat a encrypt ion keys for every dat a packet and by creat ing an int egrit y
checking m echanism ( MI C) , wit h TKI P and AES it is m ore difficult t o decrypt dat a on a Wi- Fi
net work t han WEP and difficult for an int ruder t o break int o t he net work.
The encrypt ion m echanism s used for WPA( 2) and WPA( 2) - PSK are t he sam e. The only difference
bet ween t he t wo is t hat WPA( 2) - PSK uses a sim ple com m on password, inst ead of user- specific
credent ials. The com m on- password approach m akes WPA( 2) - PSK suscept ible t o brut e- force
VMG8324-B10A / VMG8324-B30A Series User’s Guide
383
Appendix E Wireless LANs
password- guessing at t acks but it ’s st ill an im provem ent over WEP as it em ploys a consist ent ,
single, alphanum eric password t o derive a PMK which is used t o generat e unique t em poral
encrypt ion keys. This prevent all wireless devices sharing t he sam e encrypt ion keys. ( a weakness of
WEP)
User Authentication
WPA and WPA2 apply I EEE 802.1x and Ext ensible Aut hent icat ion Prot ocol ( EAP) t o aut hent icat e
wireless client s using an ext ernal RADI US dat abase. WPA2 reduces t he num ber of key exchange
m essages from six t o four ( CCMP 4- way handshake) and short ens t he t im e required t o connect t o a
net work. Ot her WPA2 aut hent icat ion feat ures t hat are different from WPA include key caching and
pre- aut hent icat ion. These t wo feat ures are opt ional and m ay not be support ed in all wireless
devices.
Key caching allows a wireless client t o st ore t he PMK it derived t hrough a successful aut hent icat ion
wit h an AP. The wireless client uses t he PMK when it t ries t o connect t o t he sam e AP and does not
need t o go wit h t he aut hent icat ion process again.
Pre- aut hent icat ion enables fast roam ing by allowing t he wireless client ( already connect ing t o an
AP) t o perform I EEE 802.1x aut hent icat ion wit h anot her AP before connect ing t o it .
Wireless Client WPA Supplicants
A wireless client supplicant is t he soft ware t hat runs on an operat ing syst em inst ruct ing t he wireless
client how t o use WPA. At t he t im e of writ ing, t he m ost widely available supplicant is t he WPA pat ch
for Windows XP, Funk Soft ware's Odyssey client .
The Windows XP pat ch is a free download t hat adds WPA capabilit y t o Windows XP's built- in " Zero
Configurat ion" wireless client . However, you m ust run Windows XP t o use it .
WPA(2) with RADIUS Application Example
To set up WPA( 2) , you need t he I P address of t he RADI US server, it s port num ber ( default is 1812) ,
and t he RADI US shared secret . A WPA( 2) applicat ion exam ple wit h an ext ernal RADI US server
looks as follows. " A" is t he RADI US server. " DS" is t he dist ribut ion syst em .
384
The AP passes t he wireless client 's aut hent icat ion request t o t he RADI US server.
The RADI US server t hen checks t he user's ident ificat ion against it s dat abase and grant s or denies
net work access accordingly.
A 256- bit Pairwise Mast er Key ( PMK) is derived from t he aut hent icat ion process by t he RADI US
server and t he client .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix E Wireless LANs
The RADI US server dist ribut es t he PMK t o t he AP. The AP t hen set s up a key hierarchy and
m anagem ent syst em , using t he PMK t o dynam ically generat e unique dat a encrypt ion keys. The
keys are used t o encrypt every dat a packet t hat is wirelessly com m unicat ed bet ween t he AP and
t he wireless client s.
Figure 244 WPA( 2) wit h RADI US Applicat ion Exam ple
WPA(2)-PSK Application Example
A WPA( 2) - PSK applicat ion looks as follows.
First ent er ident ical passwords int o t he AP and all wireless client s. The Pre- Shared Key ( PSK) m ust
consist of bet ween 8 and 63 ASCI I charact ers or 64 hexadecim al charact ers ( including spaces and
sym bols) .
The AP checks each wireless client 's password and allows it t o j oin t he net work only if t he password
m at ches.
The AP and wireless client s generat e a com m on PMK ( Pairwise Mast er Key) . The key it self is not
sent over t he net work, but is derived from t he PSK and t he SSI D.
The AP and wireless client s use t he TKI P or AES encrypt ion process, t he PMK and inform at ion
exchanged in a handshake t o creat e t em poral encrypt ion keys. They use t hese keys t o encrypt dat a
exchanged bet ween t hem .
Figure 245 WPA( 2) - PSK Aut hent icat ion
VMG8324-B10A / VMG8324-B30A Series User’s Guide
385
Appendix E Wireless LANs
Security Parameters Summary
Refer t o t his t able t o see what ot her securit y param et ers you should configure for each
aut hent icat ion m et hod or key m anagem ent prot ocol t ype. MAC address filt ers are not dependent on
how you configure t hese securit y feat ures.
Table 168 Wireless Securit y Relat ional Mat rix
AUTHENTICATION
ENCRYPTIO
METHOD/ KEY
MANAGEMENT PROTOCOL N METHOD
ENTER
MANUAL KEY
IEEE 802.1X
Open
No
Disable
None
Enable wit hout Dynam ic WEP Key
Open
Shared
WEP
WEP
No
Enable wit h Dynam ic WEP Key
Yes
Enable wit hout Dynam ic WEP Key
Yes
Disable
No
Enable wit h Dynam ic WEP Key
Yes
Enable wit hout Dynam ic WEP Key
Yes
Disable
WPA
TKI P/ AES
No
Enable
WPA- PSK
TKI P/ AES
Yes
Disable
WPA2
TKI P/ AES
No
Enable
WPA2- PSK
TKI P/ AES
Yes
Disable
Antenna Overview
An ant enna couples RF signals ont o air. A t ransm it t er wit hin a wireless device sends an RF signal t o
t he ant enna, which propagat es t he signal t hrough t he air. The ant enna also operat es in reverse by
capt uring RF signals from t he air.
Posit ioning t he ant ennas properly increases t he range and coverage area of a wireless LAN.
Antenna Characteristics
Frequency
An ant enna in t he frequency of 2.4GHz ( I EEE 802.11b and I EEE 802.11g) or 5GHz ( I EEE 802.11a)
is needed t o com m unicat e efficient ly in a wireless LAN
Radiation Pattern
A radiat ion pat t ern is a diagram t hat allows you t o visualize t he shape of t he ant enna’s coverage
area.
Antenna Gain
Ant enna gain, m easured in dB ( decibel) , is t he increase in coverage wit hin t he RF beam widt h.
Higher ant enna gain im proves t he range of t he signal for bet t er com m unicat ions.
For an indoor sit e, each 1 dB increase in ant enna gain result s in a range increase of approxim at ely
386
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix E Wireless LANs
2.5% . For an unobst ruct ed out door sit e, each 1dB increase in gain result s in a range increase of
approxim at ely 5% . Act ual result s m ay vary depending on t he net work environm ent .
Ant enna gain is som et im es specified in dBi, which is how m uch t he ant enna increases t he signal
power com pared t o using an isot ropic ant enna. An isot ropic ant enna is a t heoret ical perfect ant enna
t hat sends out radio signals equally well in all direct ions. dBi represent s t he t rue gain t hat t he
ant enna provides.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
387
Appendix E Wireless LANs
388
VMG8324-B10A / VMG8324-B30A Series User’s Guide
A PPENDIX
IPv6
Overview
I Pv6 ( I nt ernet Prot ocol version 6) , is designed t o enhance I P address size and feat ures. The
increase in I Pv6 address size t o 128 bit s ( from t he 32- bit I Pv4 address) allows up t o 3.4 x 10 38 I P
addresses.
IPv6 Addressing
The 128- bit I Pv6 address is writ t en as eight 16- bit hexadecim al blocks separat ed by colons ( : ) . This
is an exam ple I Pv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
I Pv6 addresses can be abbreviat ed in t wo ways:
• Leading zeros in a block can be om it t ed. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can
be writ t en as 2001:db8:1a2b:15:0:0:1a2f:0.
• Any num ber of consecut ive blocks of zeros can be replaced by a double colon. A double colon can
only appear once in an I Pv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be
writ t en as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015,
2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
Prefix and Prefix Length
Sim ilar t o an I Pv4 subnet m ask, I Pv6 uses an address prefix t o represent t he net work address. An
I Pv6 prefix lengt h specifies how m any m ost significant bit s ( st art from t he left ) in t he address
com pose t he net work address. The prefix lengt h is writ t en as “ / x” where x is a num ber. For
exam ple,
2001:db8:1a2b:15::1a2f:0/32
m eans t hat t he first 32 bit s ( 2001:db8) is t he subnet prefix.
Link-local Address
A link- local address uniquely ident ifies a device on t he local net work ( t he LAN) . I t is sim ilar t o a
“ privat e I P address” in I Pv4. You can have t he sam e link- local address on m ult iple int erfaces on a
device. A link- local unicast address has a predefined prefix of fe80: : / 10. The link- local unicast
address form at is as follows.
Table 169 Link- local Unicast Address Form at
1111 1110 10
I nt erface I D
10 bit s
54 bit s
64 bit s
VMG8324-B10A / VMG8324-B30A Series User’s Guide
389
Appendix F IPv6
Global Address
A global address uniquely ident ifies a device on t he I nt ernet . I t is sim ilar t o a “ public I P address” in
I Pv4. A global unicast address st art s wit h a 2 or 3.
Unspecified Address
An unspecified address ( 0: 0: 0: 0: 0: 0: 0: 0 or : : ) is used as t he source address when a device does
not have it s own address. I t is sim ilar t o “ 0.0.0.0” in I Pv4.
Loopback Address
A loopback address ( 0: 0: 0: 0: 0: 0: 0: 1 or : : 1) allows a host t o send packet s t o it self. I t is sim ilar t o
“ 127.0.0.1” in I Pv4.
Multicast Address
I n I Pv6, m ult icast addresses provide t he sam e funct ionalit y as I Pv4 broadcast addresses.
Broadcast ing is not support ed in I Pv6. A m ult icast address allows a host t o send packet s t o all host s
in a m ult icast group.
Mult icast scope allows you t o det erm ine t he size of t he m ult icast group. A m ult icast address has a
predefined prefix of ff00: : / 8. The following t able describes som e of t he predefined m ult icast
addresses.
Table 170 Predefined Mult icast Address
MULTICAST ADDRESS
DESCRIPTION
FF01:0:0:0:0:0:0:1
All host s on a local node.
FF01:0:0:0:0:0:0:2
All rout ers on a local node.
FF02:0:0:0:0:0:0:1
All host s on a local connect ed link.
FF02:0:0:0:0:0:0:2
All rout ers on a local connect ed link.
FF05:0:0:0:0:0:0:2
All rout ers on a local sit e.
FF05:0:0:0:0:0:1:3
All DHCP severs on a local sit e.
The following t able describes t he m ult icast addresses which are reserved and can not be assigned
t o a m ult icast group.
Table 171 Reserved Mult icast Address
MULTICAST ADDRESS
FF00:0:0:0:0:0:0:0
FF01:0:0:0:0:0:0:0
FF02:0:0:0:0:0:0:0
FF03:0:0:0:0:0:0:0
FF04:0:0:0:0:0:0:0
FF05:0:0:0:0:0:0:0
FF06:0:0:0:0:0:0:0
FF07:0:0:0:0:0:0:0
390
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix F IPv6
Table 171 Reserved Mult icast Address ( cont inued)
MULTICAST ADDRESS
FF08:0:0:0:0:0:0:0
FF09:0:0:0:0:0:0:0
FF0A:0:0:0:0:0:0:0
FF0B:0:0:0:0:0:0:0
FF0C:0:0:0:0:0:0:0
FF0D:0:0:0:0:0:0:0
FF0E:0:0:0:0:0:0:0
FF0F:0:0:0:0:0:0:0
Subnet Masking
Bot h an I Pv6 address and I Pv6 subnet m ask com pose of 128- bit binary digit s, which are divided
int o eight 16- bit blocks and writ t en in hexadecim al not at ion. Hexadecim al uses four bit s for each
charact er ( 1 ~ 10, A ~ F) . Each block’s 16 bit s are t hen represent ed by four hexadecim al
charact ers. For exam ple, FFFF: FFFF: FFFF: FFFF: FC00: 0000: 0000: 0000.
Interface ID
I n I Pv6, an int erface I D is a 64- bit ident ifier. I t ident ifies a physical int erface ( for exam ple, an
Et hernet port ) or a virt ual int erface ( for exam ple, t he m anagem ent I P address for a VLAN) . One
int erface should have a unique int erface I D.
EUI-64
The EUI - 64 ( Ext ended Unique I dent ifier) defined by t he I EEE ( I nst it ut e of Elect rical and Elect ronics
Engineers) is an int erface I D form at designed t o adapt wit h I Pv6. I t is derived from t he 48- bit ( 6byt e) Et hernet MAC address as shown next . EUI - 64 insert s t he hex digit s fffe bet ween t he t hird and
fourt h byt es of t he MAC address and com plem ent s t he sevent h bit of t he first byt e of t he MAC
address. See t he following exam ple.
M AC
EUI - 6 4
02
00
: 13
: 49
: 12
: 34
: 56
: 13
: 49
: FF
: FE
: 12
: 34
: 56
Identity Association
An I dent it y Associat ion ( I A) is a collect ion of addresses assigned t o a DHCP client , t hrough which
t he server and client can m anage a set of relat ed I P addresses. Each I A m ust be associat ed wit h
exact ly one int erface. The DHCP client uses t he I A assigned t o an int erface t o obt ain configurat ion
from a DHCP server for t hat int erface. Each I A consist s of a unique I AI D and associat ed I P
inform at ion.
The I A t ype is t he t ype of address in t he I A. Each I A holds one t ype of address. I A_NA m eans an
ident it y associat ion for non- t em porary addresses and I A_TA is an ident it y associat ion for t em porary
addresses. An I A_NA opt ion cont ains t he T1 and T2 fields, but an I A_TA opt ion does not . The
DHCPv6 server uses T1 and T2 t o cont rol t he t im e at which t he client cont act s wit h t he server t o
ext end t he lifet im es on any addresses in t he I A_NA before t he lifet im es expire. Aft er T1, t he client
sends t he server ( S1 ) ( from which t he addresses in t he I A_NA were obt ained) a Renew m essage. I f
VMG8324-B10A / VMG8324-B30A Series User’s Guide
391
Appendix F IPv6
t he t im e T2 is reached and t he server does not respond, t he client sends a Rebind m essage t o any
available server ( S2 ) . For an I A_TA, t he client m ay send a Renew or Rebind m essage at t he client 's
discret ion.
T2
T1
Renew Renew
to S1
to S1
Renew Renew
to S1
to S1
Renew
to S1
Renew
to S1
Rebind
to S2
Rebind
to S2
DHCP Relay Agent
A DHCP relay agent is on t he sam e net work as t he DHCP client s and helps forward m essages
bet ween t he DHCP server and client s. When a client cannot use it s link- local address and a wellknown m ult icast address t o locat e a DHCP server on it s net work, it t hen needs a DHCP relay agent
t o send a m essage t o a DHCP server t hat is not at t ached t o t he sam e net work.
The DHCP relay agent can add t he rem ot e ident ificat ion ( rem ot e- I D) opt ion and t he int erface- I D
opt ion t o t he Relay- Forward DHCPv6 m essages. The rem ot e- I D opt ion carries a user- defined st ring,
such as t he syst em nam e. The int erface- I D opt ion provides slot num ber, port inform at ion and t he
VLAN I D t o t he DHCPv6 server. The rem ot e- I D opt ion ( if any) is st ripped from t he Relay- Reply
m essages before t he relay agent sends t he packet s t o t he client s. The DHCP server copies t he
int erface- I D opt ion from t he Relay- Forward m essage int o t he Relay- Reply m essage and sends it t o
t he relay agent . The int erface- I D should not change even aft er t he relay agent rest art s.
Prefix Delegation
Prefix delegat ion enables an I Pv6 rout er t o use t he I Pv6 prefix ( net work address) received from t he
I SP ( or a connect ed uplink rout er) for it s LAN. The Device uses t he received I Pv6 prefix ( for
exam ple, 2001: db2: : / 48) t o generat e it s LAN I P address. Through sending Rout er Advert isem ent s
( RAs) regularly by m ult icast , t he Device passes t he I Pv6 prefix inform at ion t o it s LAN host s. The
host s t hen can use t he prefix t o generat e t heir I Pv6 addresses.
ICMPv6
I nt ernet Cont rol Message Prot ocol for I Pv6 ( I CMPv6 or I CMP for I Pv6) is defined in RFC 4443.
I CMPv6 has a preceding Next Header value of 58, which is different from t he value used t o ident ify
I CMP for I Pv4. I CMPv6 is an int egral part of I Pv6. I Pv6 nodes use I CMPv6 t o report errors
encount ered in packet processing and perform ot her diagnost ic funct ions, such as " ping" .
Neighbor Discovery Protocol (NDP)
The Neighbor Discovery Prot ocol ( NDP) is a prot ocol used t o discover ot her I Pv6 devices and t rack
neighbor ’s reachabilit y in a net work. An I Pv6 device uses t he following I CMPv6 m essages t ypes:
• Neighbor solicit at ion: A request from a host t o det erm ine a neighbor ’s link- layer address ( MAC
address) and det ect if t he neighbor is st ill reachable. A neighbor being “ reachable” m eans it
responds t o a neighbor solicit at ion m essage ( from t he host ) wit h a neighbor advert isem ent
m essage.
392
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix F IPv6
• Neighbor advert isem ent : A response from a node t o announce it s link- layer address.
• Rout er solicit at ion: A request from a host t o locat e a rout er t hat can act as t he default rout er and
forward packet s.
• Rout er advert isem ent : A response t o a rout er solicit at ion or a periodical m ult icast advert isem ent
from a rout er t o advert ise it s presence and ot her param et ers.
IPv6 Cache
An I Pv6 host is required t o have a neighbor cache, dest inat ion cache, prefix list and default rout er
list . The Device m aint ains and updat es it s I Pv6 caches const ant ly using t he inform at ion from
response m essages. I n I Pv6, t he Device configures a link- local address aut om at ically, and t hen
sends a neighbor solicit at ion m essage t o check if t he address is unique. I f t here is an address t o be
resolved or verified, t he Device also sends out a neighbor solicit at ion m essage. When t he Device
receives a neighbor advert isem ent in response, it st ores t he neighbor ’s link- layer address in t he
neighbor cache. When t he Device uses a rout er solicit at ion m essage t o query for a rout er and
receives a rout er advert isem ent m essage, it adds t he rout er ’s inform at ion t o t he neighbor cache,
prefix list and dest inat ion cache. The Device creat es an ent ry in t he default rout er list cache if t he
rout er can be used as a default rout er.
When t he Device needs t o send a packet , it first consult s t he dest inat ion cache t o det erm ine t he
next hop. I f t here is no m at ching ent ry in t he dest inat ion cache, t he Device uses t he prefix list t o
det erm ine whet her t he dest inat ion address is on- link and can be reached direct ly wit hout passing
t hrough a rout er. I f t he address is unlink, t he address is considered as t he next hop. Ot herwise, t he
Device det erm ines t he next- hop from t he default rout er list or rout ing t able. Once t he next hop I P
address is known, t he Device looks int o t he neighbor cache t o get t he link- layer address and sends
t he packet when t he neighbor is reachable. I f t he Device cannot find an ent ry in t he neighbor cache
or t he st at e for t he neighbor is not reachable, it st art s t he address resolut ion process. This helps
reduce t he num ber of I Pv6 solicit at ion and advert isem ent m essages.
Multicast Listener Discovery
The Mult icast List ener Discovery ( MLD) prot ocol ( defined in RFC 2710) is derived from I Pv4's
I nt ernet Group Managem ent Prot ocol version 2 ( I GMPv2) . MLD uses I CMPv6 m essage t ypes, rat her
t han I GMP m essage t ypes. MLDv1 is equivalent t o I GMPv2 and MLDv2 is equivalent t o I GMPv3.
MLD allows an I Pv6 swit ch or rout er t o discover t he presence of MLD list eners who wish t o receive
m ult icast packet s and t he I P addresses of m ult icast groups t he host s want t o j oin on it s net work.
MLD snooping and MLD proxy are analogous t o I GMP snooping and I GMP proxy in I Pv4.
MLD filt ering cont rols which m ult icast groups a port can j oin.
MLD Messages
A m ult icast rout er or swit ch periodically sends general queries t o MLD host s t o updat e t he m ult icast
forwarding t able. When an MLD host want s t o j oin a m ult icast group, it sends an MLD Report
m essage for t hat address.
An MLD Done m essage is equivalent t o an I GMP Leave m essage. When an MLD host want s t o leave
a m ult icast group, it can send a Done m essage t o t he rout er or swit ch. The rout er or swit ch t hen
sends a group- specific query t o t he port on which t he Done m essage is received t o det erm ine if
ot her devices connect ed t o t his port should rem ain in t he group.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
393
Appendix F IPv6
Example - Enabling IPv6 on Windows XP/2003/Vista
By default , Windows XP and Windows 2003 support I Pv6. This exam ple shows you how t o use t he
ipv6 install com m and on Windows XP/ 2003 t o enable I Pv6. This also displays how t o use t he
ipconfig com m and t o see aut o- generat ed I P addresses.
C:\>ipv6 install
Installing...
Succeeded.
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific
IP Address. . . . .
Subnet Mask . . . .
IP Address. . . . .
Default Gateway . .
DNS
. .
. .
. .
. .
Suffix
. . . .
. . . .
. . . .
. . . .
10.1.1.46
255.255.255.0
fe80::2d0:59ff:feb8:103c%4
10.1.1.254
I Pv6 is inst alled and enabled by default in Windows Vist a. Use t he ipconfig com m and t o check
your aut om at ic configured I Pv6 address as well. You should see at least one I Pv6 address available
for t he int erface on your com put er.
Example - Enabling DHCPv6 on Windows XP
Windows XP does not support DHCPv6. I f your net work uses DHCPv6 for I P address assignm ent ,
you have t o addit ionally inst all a DHCPv6 client soft ware on your Windows XP. ( Not e: I f you use
st at ic I P addresses or Rout er Advert isem ent for I Pv6 address assignm ent in your net work, ignore
t his sect ion.)
This exam ple uses Dibbler as t he DHCPv6 client. To enable DHCPv6 client on your com put er:
394
I nst all Dibbler and select t he DHCPv6 client opt ion on your com put er.
Aft er t he inst allat ion is com plet e, select St a r t > All Pr ogr a m s > D ibble r - D H CPv6 > Clie nt
I nst a ll a s se r vice .
Select St a r t > Cont r ol Pa n e l > Adm in ist r a t ive Tools > Se r vice s.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix F IPv6
Double click D ibble r - a D H CPv6 clie nt .
Click St a r t and t hen OK.
Now your com put er can obt ain an I Pv6 address from a DHCPv6 server.
Example - Enabling IPv6 on Windows 7
Windows 7 support s I Pv6 by default . DHCPv6 is also enabled when you enable I Pv6 on a Windows 7
com put er.
To enable I Pv6 in Windows 7:
Select Cont r ol Pa ne l > N e t w or k a n d Sh a r in g Ce n t e r > Loca l Ar e a Con ne ct ion.
Select t he I n t e r n e t Pr ot ocol Ve r sion 6 ( TCP/ I Pv6 ) checkbox t o enable it .
Click OK t o save t he change.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
395
Appendix F IPv6
Click Close t o exit t he Loca l Ar e a Conn e ct ion St a t us screen.
Select St a r t > All Pr ogr a m s > Acce ssor ie s > Com m a nd Pr om pt .
Use t he ipconfig com m and t o check your dynam ic I Pv6 address. This exam ple shows a global
address ( 2001: b021: 2d: : 1000) obt ained from a DHCP server.
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS
IPv6 Address. . . . . .
Link-local IPv6 Address
IPv4 Address. . . . . .
Subnet Mask . . . . . .
Default Gateway . . . .
396
Suffix
. . . .
. . . .
. . . .
. . . .
. . . .
2001:b021:2d::1000
fe80::25d8:dcab:c80a:5189%11
172.16.100.61
255.255.255.0
fe80::213:49ff:feaa:7125%11
172.16.100.254
VMG8324-B10A / VMG8324-B30A Series User’s Guide
A PPENDIX
Services
The following t able list s som e com m only- used services and t heir associat ed prot ocols and port
num bers.
• N a m e : This is a short , descript ive nam e for t he service. You can use t his one or creat e a
different one, if you like.
• Pr ot ocol: This is t he t ype of I P prot ocol used by t he service. I f t his is TCP/ UD P, t hen t he service
uses t he sam e port num ber wit h TCP and UDP. I f t his is USER- D EFI N ED, t he Por t ( s) is t he I P
prot ocol num ber, not t he port num ber.
• Por t ( s) : This value depends on t he Pr ot ocol.
• I f t he Pr ot ocol is TCP, UD P, or TCP/ UD P, t his is t he I P port num ber.
• I f t he Pr ot ocol is USER, t his is t he I P prot ocol num ber.
• D e scr ipt ion : This is a brief explanat ion of t he applicat ions t hat use t his service or t he sit uat ions
in which t his service is used.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
397
Appendix G Services
Table 172 Exam ples of Services
NAME
398
PROTOCOL
PORT(S)
DESCRIPTION
AH ( I PSEC_TUNNEL) User- Defined
51
The I PSEC AH ( Aut hent icat ion Header)
t unneling prot ocol uses t his service.
AI M
TCP
5190
AOL’s I nt ernet Messenger service.
AUTH
TCP
113
Aut hent icat ion prot ocol used by som e
servers.
BGP
TCP
179
Border Gat eway Prot ocol.
BOOTP_CLI ENT
UDP
68
DHCP Client .
BOOTP_SERVER
UDP
67
DHCP Server.
CU- SEEME
TCP/ UDP
7648
TCP/ UDP
24032
A popular videoconferencing solut ion from
Whit e Pines Soft ware.
DNS
TCP/ UDP
53
Dom ain Nam e Server, a service t hat
m at ches web nam es ( for inst ance
www.zyxel.com ) t o I P num bers.
ESP
( I PSEC_TUNNEL)
User- Defined
50
The I PSEC ESP ( Encapsulat ion Securit y
Prot ocol) t unneling prot ocol uses t his
service.
FI NGER
TCP
79
Finger is a UNI X or I nt ernet relat ed
com m and t hat can be used t o find out if a
user is logged on.
FTP
TCP
20
TCP
21
File Transfer Prot ocol, a program t o enable
fast t ransfer of files, including large files
t hat m ay not be possible by e- m ail.
H.323
TCP
1720
Net Meet ing uses t his prot ocol.
HTTP
TCP
80
Hyper Text Transfer Prot ocol - a client /
server prot ocol for t he world wide web.
HTTPS
TCP
443
HTTPS is a secured ht t p session oft en used
in e- com m erce.
I CMP
User- Defined
I nt ernet Cont rol Message Prot ocol is oft en
used for diagnost ic purposes.
I CQ
UDP
4000
This is a popular I nt ernet chat program .
I GMP ( MULTI CAST)
User- Defined
I nt ernet Group Mult icast Prot ocol is used
when sending packet s t o a specific group
of host s.
I KE
UDP
500
The I nt ernet Key Exchange algorit hm is
used for key dist ribut ion and m anagem ent .
I MAP4
TCP
143
The I nt ernet Message Access Prot ocol is
used for e- m ail.
I MAP4S
TCP
993
This is a m ore secure version of I MAP4 t hat
runs over SSL.
I RC
TCP/ UDP
6667
This is anot her popular I nt ernet chat
program .
MSN Messenger
TCP
1863
Microsoft Net works’ m essenger service
uses t his prot ocol.
Net BI OS
TCP/ UDP
137
TCP/ UDP
138
The Net work Basic I nput / Out put Syst em is
used for com m unicat ion bet ween
com put ers in a LAN.
TCP/ UDP
139
TCP/ UDP
445
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix G Services
Table 172 Exam ples of Services ( cont inued)
NAME
PROTOCOL
PORT(S)
DESCRIPTION
NEW- I CQ
TCP
5190
An I nt ernet chat program .
NEWS
TCP
144
A prot ocol for news groups.
NFS
UDP
2049
Net work File Syst em - NFS is a client /
server dist ribut ed file service t hat provides
t ransparent file sharing for net work
environm ent s.
NNTP
TCP
119
Net work News Transport Prot ocol is t he
delivery m echanism for t he USENET
newsgroup service.
PI NG
User- Defined
Packet I Nt ernet Groper is a prot ocol t hat
sends out I CMP echo request s t o t est
whet her or not a rem ot e host is reachable.
POP3
TCP
110
Post Office Prot ocol version 3 let s a client
com put er get e- m ail from a POP3 server
t hrough a t em porary connect ion ( TCP/ I P or
ot her) .
POP3S
TCP
995
This is a m ore secure version of POP3 t hat
runs over SSL.
PPTP
TCP
1723
Point- t o- Point Tunneling Prot ocol enables
secure t ransfer of dat a over public
net works. This is t he cont rol channel.
PPTP_TUNNEL ( GRE) User- Defined
47
PPTP ( Point- t o- Point Tunneling Prot ocol)
enables secure t ransfer of dat a over public
net works. This is t he dat a channel.
RCMD
TCP
512
Rem ot e Com m and Service.
REAL_AUDI O
TCP
7070
A st ream ing audio service t hat enables real
t im e sound over t he web.
REXEC
TCP
514
Rem ot e Execut ion Daem on.
RLOGI N
TCP
513
Rem ot e Login.
ROADRUNNER
TCP/ UDP
1026
This is an I SP t hat provides services m ainly
for cable m odem s.
RTELNET
TCP
107
Rem ot e Telnet .
RTSP
TCP/ UDP
554
The Real Tim e St ream ing ( m edia cont rol)
Prot ocol ( RTSP) is a rem ot e cont rol for
m ult im edia on t he I nt ernet .
SFTP
TCP
115
The Sim ple File Transfer Prot ocol is an old
way of t ransferring files bet ween
com put ers.
SMTP
TCP
25
Sim ple Mail Transfer Prot ocol is t he
m essage- exchange st andard for t he
I nt ernet . SMTP enables you t o m ove
m essages from one e- m ail server t o
anot her.
SMTPS
TCP
465
This is a m ore secure version of SMTP t hat
runs over SSL.
SNMP
TCP/ UDP
161
Sim ple Net work Managem ent Program .
SNMP-TRAPS
TCP/ UDP
162
Traps for use wit h t he SNMP ( RFC: 1215) .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
399
Appendix G Services
Table 172 Exam ples of Services ( cont inued)
400
NAME
PROTOCOL
PORT(S)
DESCRIPTION
SQL- NET
TCP
1521
St ruct ured Query Language is an int erface
t o access dat a on m any different t ypes of
dat abase syst em s, including m ainfram es,
m idrange syst em s, UNI X syst em s and
net work servers.
SSDP
UDP
1900
The Sim ple Service Discovery Prot ocol
support s Universal Plug- and- Play ( UPnP) .
SSH
TCP/ UDP
22
Secure Shell Rem ot e Login Program .
STRM WORKS
UDP
1558
St ream Works Prot ocol.
SYSLOG
UDP
514
Syslog allows you t o send syst em logs t o a
UNI X server.
TACACS
UDP
49
Login Host Prot ocol used for ( Term inal
Access Cont roller Access Cont rol Syst em ) .
TELNET
TCP
23
Telnet is t he login and t erm inal em ulat ion
prot ocol com m on on t he I nt ernet and in
UNI X environm ent s. I t operat es over TCP/
I P net works. I t s prim ary funct ion is t o
allow users t o log int o rem ot e host
syst em s.
VDOLI VE
TCP
7000
UDP
userdefined
A videoconferencing solut ion. The UDP port
num ber is specified in t he applicat ion.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
A PPENDIX
Legal Information
Copyright
Copyright © 2013 by ZyXEL Com m unicat ions Corporat ion.
The cont ent s of t his publicat ion m ay not be reproduced in any part or as a whole, t ranscribed,
st ored in a ret rieval syst em , t ranslat ed int o any language, or t ransm it t ed in any form or by any
m eans, elect ronic, m echanical, m agnet ic, opt ical, chem ical, phot ocopying, m anual, or ot herwise,
wit hout t he prior writ t en perm ission of ZyXEL Com m unicat ions Corporat ion.
Published by ZyXEL Com m unicat ions Corporat ion. All right s reserved.
Disclaimer
ZyXEL does not assum e any liabilit y arising out of t he applicat ion or use of any product s, or
soft ware described herein. Neit her does it convey any license under it s pat ent right s nor t he pat ent
right s of ot hers. ZyXEL furt her reserves t he right t o m ake changes in any product s described herein
wit hout not ice. This publicat ion is subj ect t o change wit hout not ice.
Certifications
Federal Communications Commission (FCC) Interference Statement
The device com plies wit h Part 15 of FCC rules. Operat ion is subj ect t o t he following t wo condit ions:
• This device m ay not cause harm ful int erference.
• This device m ust accept any int erference received, including int erference t hat m ay cause
undesired operat ions.
This device has been t est ed and found t o com ply wit h t he lim it s for a Class B digit al device pursuant
t o Part 15 of t he FCC Rules. These lim it s are designed t o provide reasonable prot ect ion against
harm ful int erference in a resident ial inst allat ion. This device generat es, uses, and can radiat e radio
frequency energy, and if not inst alled and used in accordance wit h t he inst ruct ions, m ay cause
harm ful int erference t o radio com m unicat ions. However, t here is no guarant ee t hat int erference will
not occur in a part icular inst allat ion.
I f t his device does cause harm ful int erference t o radio/ t elevision recept ion, which can be
det erm ined by t urning t he device off and on, t he user is encouraged t o t ry t o correct t he
int erference by one or m ore of t he following m easures:
Reorient or relocat e t he receiving ant enna.
I ncrease t he separat ion bet ween t he equipm ent and t he receiver.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
401
Appendix H Legal Information
Connect t he equipm ent int o an out let on a circuit different from t hat t o which t he receiver is
connect ed.
Consult t he dealer or an experienced radio/ TV t echnician for help.
FCC Radiation Exposure Statement
• This t ransm it t er m ust not be co- locat ed or operat ing in conj unct ion wit h any ot her ant enna or
t ransm it t er.
• I EEE 802.11b or 802.11g operat ion of t his product in t he U.S.A. is firm ware- lim it ed t o channels 1
t hrough 11.
• To com ply wit h FCC RF exposure com pliance requirem ent s, a separat ion dist ance of at least 20
cm m ust be m aint ained bet ween t he ant enna of t his device and all persons.
注意 !
依據
低
率電波輻射性電機管理辦法
第十二條 經型式認證合格之低 率射頻電機，非經許可，公司
者均不得擅自變更頻率
大 率或變更原設計之特性及 能
商號或使用
第十四條 低 率射頻電機之使用不得影響飛航安 及干擾合法通信；經發現
有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用
前項合法通信，指依電信規定作業之無線電信 低 率射頻電機須忍
受合法通信或工業 科學及醫療用電波輻射性電機設備之干擾
本機限在不干擾合法電臺與不受被干擾保障條件下於室
減少電磁波影響，請妥適使用
使用
Notices
Changes or m odificat ions not expressly approved by t he part y responsible for com pliance could
void t he user's aut horit y t o operat e t he equipm ent .
This Class B digit al apparat us com plies wit h Canadian I CES- 003.
Cet appareil num érique de la classe B est conform e à la norm e NMB- 003 du Canada.
ZyXEL Limited Warranty
ZyXEL warrant s t o t he original end user ( purchaser) t hat t his product is free from any defect s in
m at erials or workm anship for a period of up t o t wo years from t he dat e of purchase. During t he
warrant y period, and upon proof of purchase, should t he product have indicat ions of failure due t o
fault y workm anship and/ or m at erials, ZyXEL will, at it s discret ion, repair or replace t he defect ive
product s or com ponent s wit hout charge for eit her part s or labor, and t o what ever ext ent it shall
deem necessary t o rest ore t he product or com ponent s t o proper operat ing condit ion. Any
replacem ent will consist of a new or re- m anufact ured funct ionally equivalent product of equal or
higher value, and will be solely at t he discret ion of ZyXEL. This warrant y shall not apply if t he
402
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Appendix H Legal Information
product has been m odified, m isused, t am pered wit h, dam aged by an act of God, or subj ect ed t o
abnorm al working condit ions.
Note
Repair or replacem ent , as provided under t his warrant y, is t he exclusive rem edy of t he purchaser.
This warrant y is in lieu of all ot her warrant ies, express or im plied, including any im plied warrant y of
m erchant abilit y or fit ness for a part icular use or purpose. ZyXEL shall in no event be held liable for
indirect or consequent ial dam ages of any kind t o t he purchaser.
To obt ain t he services of t his warrant y, cont act ZyXEL's Service Cent er for your Ret urn Mat erial
Aut horizat ion num ber ( RMA) . Product s m ust be ret urned Post age Prepaid. I t is recom m ended t hat
t he unit be insured when shipped. Any ret urned product s wit hout proof of purchase or t hose wit h
an out- dat ed warrant y will be repaired or replaced ( at t he discret ion of ZyXEL) and t he cust om er
will be billed for part s and labor. All repaired or replaced product s will be shipped by ZyXEL t o t he
corresponding ret urn address, Post age Paid. This warrant y gives you specific legal right s, and you
m ay also have ot her right s t hat vary from count ry t o count ry.
Registration
Regist er your product online t o receive e- m ail not ices of firm ware upgrades and inform at ion at
www.zyxel.com for global product s, or at www.us.zyxel.com for Nort h Am erican product s.
Open Source Licenses
This product cont ains in part som e free soft ware dist ribut ed under GPL license t erm s and/ or GPL
like licenses. Open source licenses are provided wit h t he firm ware package. You can download t he
lat est firm ware at www.zyxel.com . I f you cannot find it t here, cont act your vendor or ZyXEL
Technical Support at support @zyxel.com .t w. To obt ain t he source code covered under t hose
Licenses, please cont act your vendor or ZyXEL Technical Support at support @zyxel.com .t w.
Safety Warnings
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Do NOT use t his product near wat er, for exam ple, in a wet basem ent or near a swim m ing pool.
Do NOT expose your device t o dam pness, dust or corrosive liquids.
Do NOT st ore t hings on t he device.
Do NOT inst all, use, or service t his device during a t hunderst orm . There is a rem ot e risk of elect ric shock
from light ning.
Connect ONLY suit able accessories t o t he device.
The RJ- 45 LAN and WAN port j acks are not used for t elephone line connect ion.
Do NOT open t he device or unit . Opening or rem oving covers can expose you t o dangerous high volt age
point s or ot her risks. ONLY qualified service personnel should service or disassem ble t his device. Please
cont act your vendor for furt her inform at ion.
Make sure t o connect t he cables t o t he correct port s.
Place connect ing cables carefully so t hat no one will st ep on t hem or st um ble over t hem .
Always disconnect all cables from t his device before servicing or disassem bling.
Use ONLY an appropriat e power adapt or or cord for your device.
Connect t he power adapt or or cord t o t he right supply volt age ( for exam ple, 110V AC in Nort h Am erica or
230V AC in Europe) .
Do NOT allow anyt hing t o rest on t he pow er adapt or or cord and do NOT place t he product where anyone can
walk on t he power adapt or or cord.
Do NOT use t he device if t he power adapt or or cord is dam aged as it m ight cause elect rocut ion.
I f t he power adapt or or cord is dam aged, rem ove it from t he device and t he power source.
Do NOT at t em pt t o repair t he power adapt or or cord. Cont act your local vendor t o order a new one.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
403
Appendix H Legal Information
•
•
•
•
Do not use t he device out side, and m ake sure all t he connect ions are indoors. There is a rem ot e risk of
elect ric shock from light ning.
Do NOT obst ruct t he device vent ilat ion slot s, as insufficient airflow m ay harm your device.
Use only No. 26 AWG ( Am erican Wire Gauge) or larger t elecom m unicat ion line cord.
Ant enna Warning! This device m eet s ETSI and FCC cert ificat ion requirem ent s when using t he included
ant enna( s) . Only use t he included ant enna( s) .
Your product is m arked wit h t his sym bol, which is known as t he WEEE m ark. WEEE st ands for Wast e
Elect ronics and Elect rical Equipm ent . I t m eans t hat used elect rical and elect ronic product s should not be
m ixed wit h general wast e. Used elect rical and elect ronic equipm ent should be t reat ed separat ely.
404
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Index
Index
BYE request 256
ACK m essage 256
ACL rule 202
ACS 295
act ivat ion
firewalls 199
m edia server 191
SI P ALG 166
SSI D 82
CA 213, 381
Address Resolut ion Prot ocol 277
call service m ode 261, 263
adm inist rat or password 26
call t ransfer 262, 264
AH 229
call wait ing 262, 263
algorit hm s 229
Canonical Form at I ndicat or See CFI
alt ernat ive subnet m ask not at ion 360
CCMs 317
ant enna
gain 386
cert ificat e
fact ory default 214
applicat ions
I nt ernet access 18
m edia server 190
act ivat ion 191
iTunes server 190
Cert ificat e Aut horit y
See CA.
call hist ory 250
incom ing calls 251
out going calls 251
call hold 262, 263
aut hent icat ion 94, 95
RADI US server 95
cert ificat es 213
aut hent icat ion 213
CA
creat ing 214
public key 213
replacing 214
st orage space 214
Aut o Configurat ion Server, see ACS 295
Cert ificat ion Aut horit y 213
applicat ions, NAT 173
ARP Table 277, 279
Cert ificat ion Aut horit y. see CA
backup
configurat ion 313
Basic Service Set , See BSS 375
Basic Service Set , see BSS
blinking LEDs 20
Broadband 43
broadcast 68
BSS 97, 375
exam ple 97
VMG8324-B10A / VMG8324-B30A Series User’s Guide
cert ificat ions 401
not ices 402
CFI 68
CFM 317
CCMs 317
link t race t est 317
loopback t est 317
MA 317
MD 317
MEP 317
MI P 317
channel 377
channel, wireless LAN 93
405
Index
Class of Service 260
DNS server address assignm ent 68
Class of Service, see CoS
client list 113
docum ent at ion
relat ed 2
client- server prot ocol 253
Dom ain Nam e 173
com fort noise generat ion 258
Dom ain Nam e Syst em , see DNS
com pat ibilit y, WDS 88
Dom ain Nam e Syst em . See DNS.
configurat ion
backup 313
firewalls 199
reset 315
rest oring 314
st at ic rout e 63, 133, 134, 177
DoS 198
Connect ivit y Check Messages, see CCMs
cont act inform at ion 329
copyright 401
DS field 153, 260
DS, dee different iat ed services
DSCP 152, 260
dynam ic DNS 175
wildcard 176
Dynam ic Host Configurat ion Prot ocol, see DHCP
dynam ic WEP key exchange 382
DYNDNS wildcard 176
CoS 152, 260
CoS t echnologies 140
creat ing cert ificat es 214
CTS ( Clear t o Send) 378
CTS t hreshold 90, 94
cust om er support 329
EAP Aut hent icat ion 381
ECHO 173
echo cancellat ion 258
e- m ail
log exam ple 308
dat a fragm ent t hreshold 90, 94
Encapsulat ion 64
MER 64
PPP over Et hernet 65
DDoS 198
default server address 165
Denials of Service, see DoS
encapsulat ion 44, 229
RFC 1483 65
DH 234
encrypt ion 96, 383
DHCP 108, 128
ESP 229
different iat ed services 260
ESS 376
Different iat ed Services, see DiffServ 152
Europe t ype call service m ode 261
Diffie- Hellm an key groups 234
Ext ended Service Set I Dent ificat ion 74, 84
DiffServ 152
m arking rule 153
Ext ended Service Set , See ESS 376
DiffServ ( Different iat ed Services) 260
code point s 260
m arking rule 260
digit al I Ds 213
disclaim er 401
DLNA 190
FCC int erference st at em ent 401
file sharing 19
DMZ 165
filt ers
MAC address 85, 95
DNS 108, 128
Finger 173
406
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Index
firewalls 197
add prot ocols 199
configurat ion 199
DDoS 198
DoS 198
LAND at t ack 198
Ping of Deat h 198
SYN at t ack 198
I LA 171
firm ware 311
version 39
int erface group 179
flash key 261
flashing 261
forwarding port s 158
fragm ent at ion t hreshold 90, 94, 378
FTP 158, 173
I ndependent Basic Service Set
See I BSS 375
init ializat ion vect or ( I V) 383
I nside Global Address, see I GA
inside header 230
I nside Local Address, see I LA
I nt ernet
wizard set up 33
I nt ernet access 18
wizard set up 33
I nt ernet Key Exchange 230
I nt ernet Prot ocol version 6 45
I nt ernet Prot ocol version 6, see I Pv6
I nt ernet Service Provider, see I SP
G.168 258
I P address 108, 129
ping 318
privat e 129
WAN 45
General wireless LAN screen 72
I P Address Assignm ent 67
Guide
Quick St art 2
I P alias
NAT applicat ions 173
I PSec
algorit hm s 229
archit ect ure 228
NAT 232
hidden node 377
I PSec VPN 221
HTTP 173
I Pv6 45, 389
addressing 45, 69, 389
EUI - 64 391
global address 390
int erface I D 391
link- local address 389
Neighbor Discovery Prot ocol 389
ping 389
prefix 46, 69, 389
prefix delegat ion 47
prefix lengt h 46, 69, 389
unspecified address 390
I ANA 364
I nt ernet Assigned Num bers Aut horit y
see I ANA
I BSS 375
I D t ype and cont ent 233
I EEE 802.11g 379
I EEE 802.1Q 68
I GA 171
I GMP 68
m ult icast group list 281
version 68
I SP 44
iTunes server 190
I TU-T 258
I KE phases 230
VMG8324-B10A / VMG8324-B30A Series User’s Guide
407
Index
Maint enance End Point , see MEP
Managem ent I nform at ion Base ( MI B) 299
key com binat ions 264
keypad 264
m anaging t he device
good habit s 17
Maxim um Burst Size ( MBS) 66
MBSSI D 97
LAN 107
and USB print er 192
client list 113
DHCP 108, 128
DNS 108, 128
I P address 108, 109, 129
MAC address 113
st at us 39
subnet m ask 108, 109, 129
MD 317
m edia server 190
act ivat ion 191
iTunes server 190
MEP 317
MTU ( Mult i-Tenant Unit ) 67
m ult icast 68
m ult im edia 252
Mult iple BSS, see MBSSI D
LAND at t ack 198
m ult iplexing 65
LLC- based 65
VC- based 65
LAN- Side DSL CPE Configurat ion 297
m ult iprot ocol encapsulat ion 65
LBR 317
lim it at ions
wireless LAN 96
WPS 104
link t race 317
Link Trace Message, see LTM
Link Trace Response, see LTR
list ening port 245
login 25
passwords 25, 26
logs 267, 271, 281, 287, 307
Loop Back Response, see LBR
loopback 317
LTM 317
LTR 317
MA 317
MAC address 85, 113
filt er 85, 95
MAC aut hent icat ion 85
Mac filt er 205
Maint enance Associat ion, see MA
Maint enance Dom ain, see MD
408
VMG8324-B10A / VMG8324-B30A Series User’s Guide
NAT 157, 158, 159, 170, 171, 364
applicat ions 173
I P alias 173
exam ple 172
global 171
I GA 171
I LA 171
inside 171
I PSec 232
local 171
out side 171
port forwarding 158
port num ber 173
services 173
SI P ALG 166
act ivat ion 166
t raversal 232
NAT exam ple 174
negot iat ion m ode 231
Net work Address Translat ion
see NAT
Net work Address Translat ion, see NAT
Net work Map 37
Index
net work m ap 29
requirem ent s 191
NNTP 173
privat e I P address 129
non- proxy calls 249
product regist rat ion 403
prot ocol 44
PSK 383
push but t on 22
Push But t on Configurat ion, see PBC
OK response 256, 258
push but t on, WPS 99
ot her docum ent at ion 2
out side header 230
Pairwise Mast er Key ( PMK) 383, 385
passwords 25, 26
PBC 99
Peak Cell Rat e ( PCR) 66
QoS 139, 152, 260
m arking 140
set up 139
t agging 140
versus CoS 139
Qualit y of Service, see QoS
Quick St art Guide 2
peer- t o- peer calls 249
Per- Hop Behavior, see PHB 153
PHB 153, 260
phone book
speed dial 249
phone funct ions 264
PI N, WPS 99
exam ple 101
Ping of Deat h 198
Point- t o- Point Tunneling Prot ocol 173
POP3 173
RADI US 380
m essage t ypes 380
m essages 380
shared secret key 381
RADI US server 95
Real t im e Transport Prot ocol, see RTP
port forwarding 158
regist rat ion
product 403
port s 20
relat ed docum ent at ion 2
Power Mgm t 193
Power Mgm t Add 195
rem ot e m anagem ent
TR- 069 295
PPP over Et hernet , see PPPoE
Rem ot e Procedure Calls, see RPCs 295
PPPoE 44, 65
Benefit s 65
reset 22, 315
PPTP 173
rest oring configurat ion 314
pream ble 91, 94
RFC 1058. See RI P.
pream ble m ode 98
RFC 1389. See RI P.
prefix delegat ion 47
RFC 1483 65
pre- shared key 234
RFC 1889 255
Print er Server 191
RFC 3164 267
print er sharing
and LAN 192
RI P 137
VMG8324-B10A / VMG8324-B30A Series User’s Guide
rest art 315
409
Index
rout er feat ures 18
Rout ing I nform at ion Prot ocol. See RI P
RPPCs 295
RTP 255
RTS ( Request To Send) 378
t hreshold 377, 378
RTS t hreshold 90, 94
Get Next 300
Manager 299
m anagers 299
MI B 299
net work com ponent s 299
Set 300
Trap 300
versions 299
SNMP t rap 173
speed dial 249
SPI 198
srTCM 155
securit y
wireless LAN 94
Securit y Log 269
Securit y Param et er I ndex, see SPI
SSI D 95
act ivat ion 82
MBSSI D 97
Service Set 74, 84
st at ic rout e 131, 137, 305
configurat ion 63, 133, 134, 177
exam ple 131
Services 173
st at ic VLAN
Session I nit iat ion Prot ocol, see SI P
st at us 37
firm ware version 39
LAN 39
WAN 39
wireless LAN 39
service access cont rol 291, 292, 293
set up
firewalls 199
st at ic rout e 63, 133, 134, 177
silence suppression 258
Sim ple Net work Managem ent Prot ocol, see SNMP
Single Rat e Three Color Marker, see srTCM
SI P 252
account 252
call progression 256
client 253
ident it ies 252
I NVI TE request 256, 257
num ber 253
OK response 258
proxy server 254
redirect server 254
regist er server 255
servers 253
service dom ain 253
URI 252
user agent 254
SI P ALG 166
act ivat ion 166
SMTP 173
SNMP 173, 299, 300
agent s 299
Get 300
410
VMG8324-B10A / VMG8324-B30A Series User’s Guide
st at us indicat ors 20
subnet 357
subnet m ask 108, 129, 358
subnet t ing 360
supplem ent ary services 260
Sust ained Cell Rat e ( SCR) 66
SYN at t ack 198
syslog
prot ocol 267
severit y levels 267
syst em
firm ware 311
version 39
passwords 25, 26
reset 22
st at us 37
LAN 39
WAN 39
wireless LAN 39
t im e 301
Index
Virt ual Circuit ( VC) 65
Virt ual Local Area Net work See VLAN
Tag Cont rol I nform at ion See TCI
Tag Prot ocol I dent ifier See TPI D
TCI
The 45
t hree- way conference 263, 264
t hresholds
dat a fragm ent 90, 94
RTS/ CTS 90, 94
t im e 301
ToS 260
TPI D 68
TR- 064 297
TR- 069 295
ACS set up 295
aut hent icat ion 296
t raffic shaping 66
VLAN 67
I nt roduct ion 67
num ber of possible VI Ds
priorit y fram e
st at ic
VLAN I D 68
VLAN I dent ifier See VI D
VLAN t ag 68
voice act ivit y det ect ion 258
voice coding 258
VoI P 252
peer- t o- peer calls 249
VoI P st at us 275
t ransport m ode 230
t rTCM 155
t unnel m ode 230
Two Rat e Three Color Marker, see t rTCM
Type of Service, see ToS
WAN
st at us 39
Wide Area Net work, see WAN 43
warning
wall m ount ing 23
warrant y
not e 403
unicast 68
Uniform Resource I dent ifier 252
Universal Plug and Play, see UPnP
upgrading firm ware 311
WDS 88, 98
com pat ibilit y 88
exam ple 98
web configurat or 25
login 25
passwords 25, 26
WEP 96
UPnP 114
caut ions 109
exam ple 115
inst allat ion 115
NAT t raversal 108
WEP encrypt ion 75
USA t ype call service m ode 263
wireless client WPA supplicant s 384
USB feat ures 19
Wireless Dist ribut ion Syst em , see WDS
VAD 258
VI D
VMG8324-B10A / VMG8324-B30A Series User’s Guide
WEP Encrypt ion 76, 77, 79
WEP key 75
Wi- Fi Prot ect ed Access 383
wireless LAN 71, 92
aut hent icat ion 94, 95
BSS 97
exam ple 97
channel 93
encrypt ion 96
exam ple 93
411
Index
fragm ent at ion t hreshold 90, 94
lim it at ions 96
MAC address filt er 85, 95
MBSSI D 97
pream ble 91, 94
RADI US server 95
RTS/ CTS t hreshold 90, 94
securit y 94
SSI D 95
act ivat ion 82
st at us 39
WDS 88, 98
com pat ibilit y 88
exam ple 98
WEP 96
WPA 96
WPA- PSK 96
WPS 98, 101
exam ple 102
lim it at ions 104
PI N 99
push but t on 22, 99
wireless securit y 379
wizard set up
I nt ernet 33
WLAN
securit y param et ers 386
WPA 96, 383
key caching 384
pre- aut hent icat ion 384
user aut hent icat ion 384
vs WPA- PSK 383
wireless client supplicant 384
wit h RADI US applicat ion exam ple 384
WPA2 383
user aut hent icat ion 384
vs WPA2- PSK 383
wireless client supplicant 384
wit h RADI US applicat ion exam ple 384
WPA2- Pre- Shared Key 383
WPA2- PSK 383
applicat ion exam ple 385
WPA- PSK 96, 383
applicat ion exam ple 385
WPS 98, 101
exam ple 102
lim it at ions 104
PI N 99
412
VMG8324-B10A / VMG8324-B30A Series User’s Guide
exam ple 101
push but t on 22, 99

---

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.6
Linearized                      : Yes
Encryption                      : Standard V4.4 (128-bit)
User Access                     : Print, Annotate, Fill forms, Extract, Print high-res
Create Date                     : 2013:11:26 11:43:35Z
Modify Date                     : 2013:12:05 11:01:51+08:00
Has XFA                         : No
XMP Toolkit                     : Adobe XMP Core 4.2.1-c043 52.372728, 2009/01/18-15:08:04
Creator Tool                    : FrameMaker 9.0
Metadata Date                   : 2013:12:05 11:01:51+08:00
Format                          : application/pdf
Title                           : 
Creator                         : 
Producer                        : Acrobat Distiller 9.5.5 (Windows)
Document ID                     : uuid:2374e2cf-24e2-4aa4-881c-86b8a2afd24b
Instance ID                     : uuid:a04ff7fc-39a3-48e2-b45f-1ebc8a116817
Page Layout                     : OneColumn
Page Mode                       : UseOutlines
Page Count                      : 206

EXIF Metadata provided by EXIF.tools