ZyXEL Communications VMG8324B10A Wireless N VDSL2 VoIP Combo WAN Gigabit IAD User Manual VMG8324 B10A UserMan 1 2013 12 09

ZyXEL Communications Corporation Wireless N VDSL2 VoIP Combo WAN Gigabit IAD VMG8324 B10A UserMan 1 2013 12 09

Contents

(VMG8324-B10A)UserMan(1) 2013-12-09

Download: ZyXEL Communications VMG8324B10A Wireless N VDSL2 VoIP Combo WAN Gigabit IAD User Manual  VMG8324 B10A UserMan 1  2013 12 09
Mirror Download [FCC.gov]ZyXEL Communications VMG8324B10A Wireless N VDSL2 VoIP Combo WAN Gigabit IAD User Manual  VMG8324 B10A UserMan 1  2013 12 09
Document ID2137565
Application IDoGppsElbkIw3JBj+nhhX5g==
Document Description(VMG8324-B10A)UserMan(1) 2013-12-09
Short Term ConfidentialNo
Permanent ConfidentialNo
SupercedeNo
Document TypeUser Manual
Display FormatAdobe Acrobat PDF - pdf
Filesize286.32kB (3578941 bits)
Date Submitted2013-12-10 00:00:00
Date Available2013-12-13 00:00:00
Creation Date2017-10-24 18:35:46
Producing SoftwareGPL Ghostscript 9.18
Document Lastmod2017-10-24 18:35:46
Document Title(VMG8324-B10A)UserMan(1) 2013-12-09
Document CreatorFrameMaker 9.0

VM G8 3 2 4 - B1 0 A a n d VM G8 3 2 4 B3 0 A Se r ie s
Wireless N VDSL2 VoI P Com bo WAN Gigabit I AD
Version 1.00
Edit ion 1, 11/ 2013
Quick Start Guide
Use r ’s Gu ide
D e fa u lt Login D e t a ils
LAN I P Address
ht t p: / / 192.168.1.1
Login
adm in
Passwordwww.zyxel.com
1234
Copyright © 2013 ZyXEL Com m unicat ions Corporat ion
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
Screenshot s and graphics in t his book m ay differ slight ly from your product due t o differences in
your product firm ware or your com put er operat ing syst em . Every effort has been m ade t o ensure
t hat t he inform at ion in t his m anual is accurat e.
Related Documentation
• Quick St art Guide
The Quick St art Guide shows how t o connect t he Device and get up and running right away.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Contents Overview
Contents Overview
User’s Guide .......................................................................................................................................15
Introducing the Device ............................................................................................................................17
The Web Configurator .............................................................................................................................25
Quick Start ...............................................................................................................................................33
Technical Reference ..........................................................................................................................35
Network Map and Status Screens ...........................................................................................................37
Broadband ...............................................................................................................................................43
Wireless ..................................................................................................................................................71
Home Networking ..................................................................................................................................107
Routing ..................................................................................................................................................131
Quality of Service (QoS) .......................................................................................................................139
Network Address Translation (NAT) ......................................................................................................157
Dynamic DNS Setup .............................................................................................................................175
Interface Group .....................................................................................................................................179
USB Service ..........................................................................................................................................185
Power Management ..............................................................................................................................193
Firewall ..................................................................................................................................................197
MAC Filter .............................................................................................................................................205
Parental Control ....................................................................................................................................207
Scheduler Rule ...................................................................................................................................... 211
Certificates ............................................................................................................................................213
VPN .......................................................................................................................................................221
Voice .....................................................................................................................................................235
Log .......................................................................................................................................................267
Traffic Status ........................................................................................................................................271
VoIP Status ...........................................................................................................................................275
ARP Table .............................................................................................................................................277
Routing Table ........................................................................................................................................279
IGMP/MLD Status ................................................................................................................................281
xDSL Statistics ......................................................................................................................................283
3G Statistics .........................................................................................................................................287
User Account .........................................................................................................................................289
Remote Management ............................................................................................................................291
TR-069 Client ........................................................................................................................................295
TR-064 ..................................................................................................................................................297
SNMP ....................................................................................................................................................299
Time Settings ........................................................................................................................................301
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Contents Overview
E-mail Notification .................................................................................................................................305
Logs Setting .........................................................................................................................................307
Firmware Upgrade ................................................................................................................................ 311
Configuration .........................................................................................................................................313
Diagnostic .............................................................................................................................................317
Troubleshooting ....................................................................................................................................323
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Table of Contents
Table of Contents
Contents Overview ..............................................................................................................................3
Table of Contents .................................................................................................................................5
Part I: User’s Guide ......................................................................................... 15
Chapter 1
Introducing the Device .......................................................................................................................17
1.1 Overview ...........................................................................................................................................17
1.2 Ways to Manage the Device .............................................................................................................17
1.3 Good Habits for Managing the Device ..............................................................................................17
1.4 Applications for the Device ...............................................................................................................18
1.4.1 Internet Access ........................................................................................................................18
1.4.2 Device’s USB Support .............................................................................................................19
1.5 LEDs (Lights) ....................................................................................................................................20
1.6 The RESET Button ............................................................................................................................22
1.7 Wireless Access ................................................................................................................................22
1.7.1 Using the Wi-Fi and WPS Buttons ...........................................................................................22
1.8 Wall-mounting Instructions ................................................................................................................23
Chapter 2
The Web Configurator ........................................................................................................................25
2.1 Overview ...........................................................................................................................................25
2.1.1 Accessing the Web Configurator .............................................................................................25
2.2 Web Configurator Layout ..................................................................................................................27
2.2.1 Title Bar ...................................................................................................................................27
2.2.2 Main Window ...........................................................................................................................28
2.2.3 Navigation Panel .....................................................................................................................29
Chapter 3
Quick Start...........................................................................................................................................33
3.1 Overview ...........................................................................................................................................33
3.2 Quick Start Setup ..............................................................................................................................33
Part II: Technical Reference............................................................................ 35
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Table of Contents
Chapter 4
Network Map and Status Screens .....................................................................................................37
4.1 Overview ...........................................................................................................................................37
4.2 The Network Map Screen .................................................................................................................37
4.3 The Status Screen .............................................................................................................................38
Chapter 5
Broadband...........................................................................................................................................43
5.1 Overview ...........................................................................................................................................43
5.1.1 What You Can Do in this Chapter ............................................................................................43
5.1.2 What You Need to Know ..........................................................................................................44
5.1.3 Before You Begin .....................................................................................................................47
5.2 The Broadband Screen .....................................................................................................................47
5.2.1 Add/Edit Internet Connection ...................................................................................................49
5.3 The 3G Backup Screen .....................................................................................................................57
5.4 The Advanced Screen .......................................................................................................................61
5.5 The 802.1x Screen ............................................................................................................................62
5.5.1 Edit 802.1X Settings ................................................................................................................63
5.6 The WAN Status Screen ...................................................................................................................63
5.7 Technical Reference ..........................................................................................................................64
Chapter 6
Wireless ...............................................................................................................................................71
6.1 Overview ...........................................................................................................................................71
6.1.1 What You Can Do in this Chapter ............................................................................................71
6.1.2 What You Need to Know ..........................................................................................................72
6.2 The General Screen .........................................................................................................................72
6.2.1 No Security ..............................................................................................................................75
6.2.2 Basic (WEP Encryption) ..........................................................................................................75
6.2.3 Basic (802.1X) .........................................................................................................................76
6.2.4 More Secure (WPA(2)-PSK) ....................................................................................................79
6.2.5 WPA(2) Authentication .............................................................................................................80
6.3 The More AP Screen .........................................................................................................................81
6.3.1 Edit More AP ..........................................................................................................................83
6.4 MAC Authentication ..........................................................................................................................85
6.5 The WPS Screen ..............................................................................................................................86
6.6 The WMM Screen .............................................................................................................................87
6.7 The WDS Screen ..............................................................................................................................88
6.7.1 WDS Scan ...............................................................................................................................89
6.8 The Others Screen ............................................................................................................................90
6.9 The Channel Status Screen ..............................................................................................................92
6.10 Technical Reference ........................................................................................................................92
6.10.1 Wireless Network Overview ...................................................................................................92
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Table of Contents
6.10.2 Additional Wireless Terms .....................................................................................................94
6.10.3 Wireless Security Overview ...................................................................................................94
6.10.4 Signal Problems ....................................................................................................................96
6.10.5 BSS .......................................................................................................................................97
6.10.6 MBSSID .................................................................................................................................97
6.10.7 Preamble Type ......................................................................................................................98
6.10.8 Wireless Distribution System (WDS) .....................................................................................98
6.10.9 WiFi Protected Setup (WPS) .................................................................................................98
Chapter 7
Home Networking .............................................................................................................................107
7.1 Overview .........................................................................................................................................107
7.1.1 What You Can Do in this Chapter ..........................................................................................107
7.1.2 What You Need To Know .......................................................................................................108
7.1.3 Before You Begin ...................................................................................................................109
7.2 The LAN Setup Screen ...................................................................................................................109
7.3 The Static DHCP Screen ................................................................................................................. 113
7.4 The UPnP Screen ........................................................................................................................... 114
7.5 Installing UPnP in Windows Example ............................................................................................. 115
7.6 Using UPnP in Windows XP Example ............................................................................................ 118
7.7 The Additional Subnet Screen ........................................................................................................124
7.8 The STB Vendor ID Screen .............................................................................................................125
7.9 The 5th Ethernet Port Screen .........................................................................................................125
7.10 The LAN VLAN Screen .................................................................................................................126
7.11 The Wake on LAN Screen .............................................................................................................127
7.12 Technical Reference ......................................................................................................................128
7.12.1 LANs, WANs and the Device ...............................................................................................128
7.12.2 DHCP Setup ........................................................................................................................128
7.12.3 DNS Server Addresses .......................................................................................................128
7.12.4 LAN TCP/IP .........................................................................................................................129
Chapter 8
Routing ..............................................................................................................................................131
8.1 Overview ........................................................................................................................................131
8.2 The Routing Screen ........................................................................................................................132
8.2.1 Add/Edit Static Route .............................................................................................................133
8.3 The DNS Route Screen ..................................................................................................................134
8.3.1 The DNS Route Add Screen .................................................................................................134
8.4 The Policy Forwarding Screen ........................................................................................................135
8.4.1 Add/Edit Policy Forwarding ...................................................................................................136
8.5 RIP
..............................................................................................................................................137
8.5.1 The RIP Screen .....................................................................................................................137
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Table of Contents
Chapter 9
Quality of Service (QoS)...................................................................................................................139
9.1 Overview ........................................................................................................................................139
9.1.1 What You Can Do in this Chapter ..........................................................................................139
9.2 What You Need to Know .................................................................................................................139
9.3 The Quality of Service General Screen ..........................................................................................141
9.4 The Queue Setup Screen ...............................................................................................................142
9.4.1 Adding a QoS Queue ...........................................................................................................143
9.5 The Class Setup Screen .................................................................................................................144
9.5.1 Add/Edit QoS Class ..............................................................................................................146
9.6 The QoS Policer Setup Screen .......................................................................................................149
9.6.1 Add/Edit a QoS Policer .........................................................................................................150
9.7 The QoS Monitor Screen ...............................................................................................................151
9.8 Technical Reference ........................................................................................................................152
Chapter 10
Network Address Translation (NAT)................................................................................................157
10.1 Overview .......................................................................................................................................157
10.1.1 What You Can Do in this Chapter ........................................................................................157
10.1.2 What You Need To Know .....................................................................................................157
10.2 The Port Forwarding Screen ........................................................................................................158
10.2.1 Add/Edit Port Forwarding ...................................................................................................160
10.3 The Applications Screen ...............................................................................................................161
10.3.1 Add New Application ...........................................................................................................162
10.4 The Port Triggering Screen ...........................................................................................................162
10.4.1 Add/Edit Port Triggering Rule .............................................................................................164
10.5 The DMZ Screen ...........................................................................................................................165
10.6 The ALG Screen ...........................................................................................................................166
10.7 The Address Mapping Screen .......................................................................................................166
10.7.1 Add/Edit Address Mapping Rule ..........................................................................................167
10.8 The Address Mapping Screen .......................................................................................................168
10.9 The Sessions Screen ....................................................................................................................169
10.10 Technical Reference ....................................................................................................................169
10.10.1 NAT Definitions ..................................................................................................................170
10.10.2 What NAT Does .................................................................................................................171
10.10.3 How NAT Works ................................................................................................................172
10.10.4 NAT Application .................................................................................................................173
Chapter 11
Dynamic DNS Setup .........................................................................................................................175
11.1 Overview .......................................................................................................................................175
11.1.1 What You Can Do in this Chapter ........................................................................................175
11.1.2 What You Need To Know .....................................................................................................176
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Table of Contents
11.2 The DNS Entry Screen ..................................................................................................................176
11.2.1 Add/Edit DNS Entry .............................................................................................................177
11.3 The Dynamic DNS Screen ............................................................................................................177
Chapter 12
Interface Group .................................................................................................................................179
12.1 Overview .......................................................................................................................................179
12.1.1 What You Can Do in this Chapter ........................................................................................179
12.2 The Interface Group Screen ..........................................................................................................179
12.2.1 Interface Group Configuration .............................................................................................180
12.2.2 Interface Grouping Criteria .................................................................................................182
Chapter 13
USB Service ......................................................................................................................................185
13.1 Overview .......................................................................................................................................185
13.1.1 What You Can Do in this Chapter ........................................................................................185
13.1.2 What You Need To Know .....................................................................................................185
13.1.3 Before You Begin .................................................................................................................187
13.2 The File Sharing Screen ...............................................................................................................188
13.2.1 The Add New Share Screen ................................................................................................189
13.2.2 The Add New User Screen ..................................................................................................190
13.3 The Media Server Screen .............................................................................................................190
13.4 Printer Server ...............................................................................................................................191
13.4.1 Before You Begin .................................................................................................................191
13.4.2 The Printer Server Screen ...................................................................................................192
Chapter 14
Power Management ..........................................................................................................................193
14.1 Overview .......................................................................................................................................193
14.1.1 What You Can Do in this Chapter ........................................................................................193
14.1.2 What You Need To Know .....................................................................................................193
14.2 The Power Management Screen ..................................................................................................193
14.3 The Auto Switch Off Screen ..........................................................................................................194
14.3.1 The Auto Switch Off Add/Edit Screen ..................................................................................195
14.3.2 The Add/Edit Rule Screen ...................................................................................................195
Chapter 15
Firewall ..............................................................................................................................................197
15.1 Overview .......................................................................................................................................197
15.1.1 What You Can Do in this Chapter ........................................................................................197
15.1.2 What You Need to Know ......................................................................................................198
15.2 The Firewall Screen ......................................................................................................................199
15.3 The Protocol Screen ....................................................................................................................199
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Table of Contents
15.3.1 Add/Edit a Service ..............................................................................................................200
15.4 The Access Control Screen ..........................................................................................................201
15.4.1 Add/Edit an ACL Rule ........................................................................................................202
15.5 The DoS Screen ............................................................................................................................204
Chapter 16
MAC Filter..........................................................................................................................................205
16.1 Overview ......................................................................................................................................205
16.2 The MAC Filter Screen ..................................................................................................................205
Chapter 17
Parental Control ................................................................................................................................207
17.1 Overview .......................................................................................................................................207
17.2 The Parental Control Screen .........................................................................................................207
17.2.1 Add/Edit a Parental Control Rule .........................................................................................208
Chapter 18
Scheduler Rule.................................................................................................................................. 211
18.1 Overview ....................................................................................................................................... 211
18.2 The Scheduler Rule Screen .......................................................................................................... 211
18.2.1 Add/Edit a Schedule ............................................................................................................212
Chapter 19
Certificates ........................................................................................................................................213
19.1 Overview .......................................................................................................................................213
19.1.1 What You Can Do in this Chapter ........................................................................................213
19.2 What You Need to Know ...............................................................................................................213
19.3 The Local Certificates Screen .......................................................................................................213
19.3.1 Create Certificate Request .................................................................................................214
19.3.2 Load Signed Certificate ......................................................................................................215
19.4 The Trusted CA Screen ................................................................................................................216
19.4.1 View Trusted CA Certificate .................................................................................................218
19.4.2 Import Trusted CA Certificate ..............................................................................................219
Chapter 20
VPN ....................................................................................................................................................221
20.1 Overview .......................................................................................................................................221
20.2 The IPSec VPN General Screen ...................................................................................................221
20.3 The IPSec VPN Add/Edit Screen ..................................................................................................222
20.4 The IPSec VPN Monitor Screen ....................................................................................................228
20.5 Technical Reference ......................................................................................................................228
20.5.1 IPSec Architecture ...............................................................................................................228
20.5.2 Encapsulation ......................................................................................................................229
10
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Table of Contents
20.5.3 IKE Phases .........................................................................................................................230
20.5.4 Negotiation Mode ................................................................................................................231
20.5.5 IPSec and NAT ....................................................................................................................232
20.5.6 VPN, NAT, and NAT Traversal .............................................................................................232
20.5.7 ID Type and Content ............................................................................................................233
20.5.8 Pre-Shared Key ...................................................................................................................234
20.5.9 Diffie-Hellman (DH) Key Groups ..........................................................................................234
Chapter 21
Voice ..................................................................................................................................................235
21.1 Overview .......................................................................................................................................235
21.1.1 What You Can Do in this Chapter ........................................................................................235
21.1.2 What You Need to Know About VoIP ...................................................................................236
21.2 Before You Begin ..........................................................................................................................236
21.3 The SIP Account Screen ..............................................................................................................236
21.3.1 The SIP Account Add/Edit Screen ......................................................................................237
21.4 The SIP Service Provider Screen ................................................................................................241
21.4.1 The SIP Service Provider Add/Edit Screen ........................................................................242
21.4.2 Dial Plan Rules ....................................................................................................................248
21.5 The Phone Screen .......................................................................................................................249
21.6 The Call Rule Screen ....................................................................................................................249
21.7 The Call History Summary Screen ................................................................................................250
21.8 The Call History Outgoing Calls Screen ........................................................................................251
21.9 The Call History Incoming Calls Screen ........................................................................................251
21.10 Technical Reference ....................................................................................................................252
21.10.1 Quality of Service (QoS) ....................................................................................................260
21.10.2 Phone Services Overview .................................................................................................260
Chapter 22
Log ....................................................................................................................................................267
22.1 Overview .......................................................................................................................................267
22.1.1 What You Can Do in this Chapter ........................................................................................267
22.1.2 What You Need To Know .....................................................................................................267
22.2 The System Log Screen ................................................................................................................268
22.3 The Security Log Screen ...............................................................................................................269
Chapter 23
Traffic Status ....................................................................................................................................271
23.1 Overview .......................................................................................................................................271
23.1.1 What You Can Do in this Chapter ........................................................................................271
23.2 The WAN Status Screen ...............................................................................................................271
23.3 The LAN Status Screen .................................................................................................................273
23.4 The NAT Status Screen .................................................................................................................274
VMG8324-B10A / VMG8324-B30A Series User’s Guide
11
Table of Contents
Chapter 24
VoIP Status .......................................................................................................................................275
24.1 The VoIP Status Screen ................................................................................................................275
Chapter 25
ARP Table ..........................................................................................................................................277
25.1 Overview .......................................................................................................................................277
25.1.1 How ARP Works ..................................................................................................................277
25.2 ARP Table Screen .........................................................................................................................277
Chapter 26
Routing Table ....................................................................................................................................279
26.1 Overview .......................................................................................................................................279
26.2 The Routing Table Screen .............................................................................................................279
Chapter 27
IGMP/MLD Status .............................................................................................................................281
27.1 Overview .......................................................................................................................................281
27.2 The IGMP/MLD Group Status Screen ...........................................................................................281
Chapter 28
xDSL Statistics..................................................................................................................................283
28.1 The xDSL Statistics Screen ...........................................................................................................283
Chapter 29
3G Statistics .....................................................................................................................................287
29.1 Overview .......................................................................................................................................287
29.2 The 3G Statistics Screen ...............................................................................................................287
Chapter 30
User Account ....................................................................................................................................289
30.1 Overview ......................................................................................................................................289
30.2 The User Account Screen .............................................................................................................289
Chapter 31
Remote Management........................................................................................................................291
31.1 Overview .......................................................................................................................................291
31.2 The Remote MGMT Screen ..........................................................................................................291
31.3 The Trust Domain Screen .............................................................................................................292
31.4 The Add Trust Domain Screen ......................................................................................................293
Chapter 32
TR-069 Client.....................................................................................................................................295
12
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Table of Contents
32.1 Overview .......................................................................................................................................295
32.2 The TR-069 Client Screen ............................................................................................................295
Chapter 33
TR-064................................................................................................................................................297
33.1 Overview .......................................................................................................................................297
33.2 The TR-064 Screen .......................................................................................................................297
Chapter 34
SNMP .................................................................................................................................................299
34.1 Overview .......................................................................................................................................299
34.2 The SNMP Screen ........................................................................................................................299
Chapter 35
Time Settings ....................................................................................................................................301
35.1 Overview .......................................................................................................................................301
35.2 The Time Screen ..........................................................................................................................301
Chapter 36
E-mail Notification ............................................................................................................................305
36.1 Overview
....................................................................................................................................305
36.2 The Email Notification Screen .......................................................................................................305
36.2.1 Email Notification Edit ........................................................................................................306
Chapter 37
Logs Setting .....................................................................................................................................307
37.1 Overview ......................................................................................................................................307
37.2 The Log Settings Screen ...............................................................................................................307
37.2.1 Example E-mail Log ............................................................................................................308
Chapter 38
Firmware Upgrade ............................................................................................................................ 311
38.1 Overview ....................................................................................................................................... 311
38.2 The Firmware Screen .................................................................................................................... 311
Chapter 39
Configuration ....................................................................................................................................313
39.1 Overview .......................................................................................................................................313
39.2 The Configuration Screen .............................................................................................................313
39.3 The Reboot Screen .......................................................................................................................315
Chapter 40
Diagnostic .........................................................................................................................................317
VMG8324-B10A / VMG8324-B30A Series User’s Guide
13
Table of Contents
40.1 Overview .......................................................................................................................................317
40.1.1 What You Can Do in this Chapter ........................................................................................317
40.2 What You Need to Know ...............................................................................................................317
40.3 Ping & TraceRoute & NsLookup ...................................................................................................318
40.4 802.1ag .........................................................................................................................................319
40.5 OAM Ping ......................................................................................................................................320
Chapter 41
Troubleshooting................................................................................................................................323
41.1 Power, Hardware Connections, and LEDs ....................................................................................323
41.2 Device Access and Login ..............................................................................................................324
41.3 Internet Access .............................................................................................................................326
41.4 Wireless Internet Access ...............................................................................................................327
41.5 USB Device Connection ................................................................................................................328
41.6 UPnP .............................................................................................................................................328
Appendix A Customer Support ........................................................................................................329
Appendix B Setting up Your Computer’s IP Address .......................................................................335
Appendix C IP Addresses and Subnetting.......................................................................................357
Appendix D Pop-up Windows, JavaScripts and Java Permissions .................................................365
Appendix E Wireless LANs..............................................................................................................375
Appendix F IPv6 ..............................................................................................................................389
Appendix G Services .......................................................................................................................397
Appendix H Legal Information .........................................................................................................401
Index ..................................................................................................................................................405
14
VMG8324-B10A / VMG8324-B30A Series User’s Guide
P ART I
User’s Guide
15
16
C HAPT ER
Introducing the Device
1.1 Overview
The Device is a wireless VDSL rout er and Gigabit Et hernet gat eway. I t has a DSL port and a Gigabit
Et hernet port for super- fast I nt ernet access. The Device support s bot h Packet Transfer Mode ( PTM)
and Asynchronous Transfer Mode ( ATM) . I t is backward com pat ible wit h ADSL, ADSL2 and ADSL2+
in case VDSL is not available.
Only use firmware for your Device’s specific model. Refer to the label on
the bottom of your Device.
The Device has t wo USB port s for sharing files via a USB st orage device, sharing a USB print er, or
connect ing a 3G dongle for a WAN backup connect ion.
• The VMG8324- B10A works over t he analog t elephone syst em , POTS ( Plain Old Telephone
Service) .
• The VMG8324- B30A works over I SDN ( I nt egrat ed Services Digit al Net work) or T- I SDN ( UR- 2) .
1.2 Ways to Manage the Device
Use any of t he following m et hods t o m anage t he Device.
• Web Configurat or. This is recom m ended for everyday m anagem ent of t he Device using a
( support ed) web browser.
• TR- 069. This is an aut o- configurat ion server used t o rem ot ely configure your device.
1.3 Good Habits for Managing the Device
Do t he following t hings regularly t o m ake t he Device m ore secure and t o m anage t he Device m ore
effect ively.
• Change t he password. Use a password t hat ’s not easy t o guess and t hat consist s of different
t ypes of charact ers, such as num bers and let t ers.
• Writ e down t he password and put it in a safe place.
• Back up t he configurat ion ( and m ake sure you know how t o rest ore it ) . Rest oring an earlier
working configurat ion m ay be useful if t he device becom es unst able or even crashes. I f you
forget your password, you will have t o reset t he Device t o it s fact ory default set t ings. I f you
backed up an earlier configurat ion file, you would not have t o t ot ally re- configure t he Device. You
could sim ply rest ore your last configurat ion.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
17
Chapter 1 Introducing the Device
1.4 Applications for the Device
Here are som e exam ple uses for which t he Device is well suit ed.
1.4.1 Internet Access
Your Device provides shared I nt ernet access by connect ing t he DSL port t o t he D SL or M OD EM
j ack on a split t er or your t elephone j ack. You can have m ult iple WAN services over one ADSL or
VDSL. The Device cannot work in ADSL and VDSL m ode at t he sam e t im e.
Not e: The ADSL and VDSL lines share t he sam e WAN ( layer- 2) int erfaces t hat you
configure in t he Device. Refer t o Sect ion 5.2 on page 47 for t he N e t w or k Se t t in g
> Br oa dba n d screen.
Com put ers can connect t o t he Device’s LAN port s ( or wirelessly) .
Figure 1 Device’s I nt ernet Access Applicat ion
WLAN
WAN
Bridging
IPoE
PPPoE
ADSL / VDSL
LAN
WLAN
WAN
Bridging
PPPoE
IPoE
PPPoA
IPoA
LAN
ADSL
You can also configure I P filt ering on t he Device for secure I nt ernet access. When t he I P filt er is on,
all incom ing t raffic from t he I nt ernet t o your net work is blocked by default unless it is init iat ed from
your net work. This m eans t hat probes from t he out side t o your net work are not allowed, but you
can safely browse t he I nt ernet and download files.
18
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 1 Introducing the Device
1.4.2 Device’s USB Support
The USB port of t he Device is used for file- sharing, m edia server and print er- sharing.
File Sharing
Use t he built- in USB 2.0 port t o share files on a USB m em ory st ick or a USB hard drive ( B) . You can
connect one USB hard drive t o t he Device at a t im e. Use FTP t o access t he files on t he USB device.
Figure 2 USB File Sharing Applicat ion
Media Server
You can also use t he Device as a m edia server. This let s anyone on your net work play video, m usic,
and phot os from a USB device ( B) connect ed t o t he Device’s USB port ( wit hout having t o copy t hem
t o anot her com put er) .
Figure 3 USB Media Server Applicat ion
VMG8324-B10A / VMG8324-B30A Series User’s Guide
19
Chapter 1 Introducing the Device
Printer Server
The Device allows you t o share a USB print er on your LAN. You can do t his by connect ing a USB
print er t o one of t he USB port s on t he Device and t hen configuring a TCP/ I P port on t he com put ers
connect ed t o your net work.
Figure 4 Sharing a USB Print er
1.5 LEDs (Lights)
The following graphic displays t he labels of t he LEDs.
Figure 5 LEDs on t he Device
2.4G
5G
None of t he LEDs are on if t he Device is not receiving power.
Table 1 LED Descript ions
LED
COLOR
STATUS
DESCRIPTION
Green
On
The Device is receiving power and ready for use.
Blinking
The Device is self- t est ing.
On
The Device det ect ed an error while self- t est ing, or t here is a device
m alfunct ion.
Off
The Device is not receiving power.
Green
On
The ADSL line is up.
Blinking
The Device is init ializing t he ADSL line.
Orange
On
The VDSL line is up.
Blinking
The Device is init ializing t he VDSL line.
Off
The DSL line is down.
PWR/ SYS
Red
DSL
20
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 1 Introducing the Device
Table 1 LED Descript ions ( cont inued)
LED
COLOR
STATUS
DESCRIPTION
Green
On
The Device has an I P connect ion but no t raffic.
I NTERNET
Your device has a WAN I P address ( eit her st at ic or assigned by a DHCP
server) , PPP negot iat ion was successfully com plet ed ( if used) and t he
DSL connect ion is up.
Blinking
The Device is sending or receiving I P t raffic.
Off
There is no I nt ernet connect ion or t he gat eway is in bridged m ode.
Red
On
The Device at t em pt ed t o m ake an I P connect ion but failed. Possible
causes are no response from a DHCP server, no PPPoE response, PPPoE
aut hent icat ion failed.
Green
On
The Device has a successful 1000 Mbps Et hernet connect ion on t he
WAN.
Blinking
The Device is sending or receiving dat a t o/ from t he WAN at 1000 Mbps.
On
The Device has a successful 10/ 100 Mbps Et hernet connect ion on t he
WAN.
Blinking
The Device is sending or receiving dat a t o/ from t he WAN at 10/ 100
Mbps.
Off
There is no Et hernet connect ion on t he WAN.
On
The Device has a successful 1000 Mbps Et hernet connect ion wit h a
device on t he Local Area Net work ( LAN) .
Blinking
The Device is sending or receiving dat a t o/ from t he LAN at 1000 Mbps.
Off
The Device does not have an Et hernet connect ion wit h t he LAN.
Green
On
The 2.4 GHz wireless net work is act ivat ed.
Blinking
The Device is com m unicat ing wit h ot her wireless client s.
Orange
Blinking
The Device is set t ing up a WPS connect ion.
Off
The 2.4 GHz wireless net work is not act ivat ed.
On
A SI P account is regist ered for t he phone port .
Blinking
A t elephone connect ed t o t he phone port has it s receiver off of t he hook
or t here is an incom ing call.
On
A SI P account is regist ered for t he phone port and t here is a voice
m essage in t he corresponding SI P account .
Blinking
A t elephone connect ed t o t he phone port has it s receiver off of t he hook
and t here is a voice m essage in t he corresponding SI P account .
Off
The phone port does not have a SI P account regist ered.
On
The Device recognizes a USB connect ion t hrough t he USB1 slot .
Blinking
The Device is sending/ receiving dat a t o / from t he USB device connect ed
t o it .
Off
The Device does not det ect a USB connect ion t hrough t he USB1 slot .
On
The Device recognizes a USB connect ion t hrough t he USB2 slot .
Blinking
The Device is sending/ receiving dat a t o / from t he USB device connect ed
t o it .
Off
The Device does not det ect a USB connect ion t hrough t he USB2 slot .
WAN
Orange
Green
LAN
WiFi 2.4G
Green
Phone1,
Phone2
Orange
Green
USB1
Green
USB2
VMG8324-B10A / VMG8324-B30A Series User’s Guide
21
Chapter 1 Introducing the Device
1.6 The RESET Button
I f you forget your password or cannot access t he Web Configurat or, you will need t o use t he RESET
but t on at t he back of t he device t o reload t he factory- default configurat ion file. This m eans t hat you
will lose all configurat ions t hat you had previously and t he password will be reset t o “ 1234”.
Make sure t he PW R/ SYS LED is on ( not blinking) .
To set t he device back t o t he fact ory default set t ings, press t he RESET but t on for t en seconds or
unt il t he PW R/ SYS LED begins t o blink and t hen release it . When t he PW R/ SYS LED begins t o
blink, t he default s have been rest ored and t he device rest art s.
1.7 Wireless Access
The Device is a wireless Access Point ( AP) for wireless client s, such as not ebook com put ers or PDAs
and iPads. I t allows t hem t o connect t o t he I nt ernet wit hout having t o rely on inconvenient Et hernet
cables.
You can configure your wireless net work in eit her t he built- in Web Configurat or, or using t he WPS
but t on.
Figure 6 Wireless Access Exam ple
1.7.1 Using the Wi-Fi and WPS Buttons
I f t he wireless net work is t urned off, press t he W i- Fi but t on for one second. Once t he W iFi 2 .4 G
LED t urns green, t he wireless net work is act ive.
You can also use t he W PS but t on t o quickly set up a secure wireless connect ion bet ween t he Device
and a WPS- com pat ible client by adding one device at a t im e.
To act ivat e WPS:
22
Make sure t he PW R/ SYS LED is on and not blinking.
Press t he W PS but t on for five seconds and release it .
Press t he WPS but t on on anot her WPS- enabled device wit hin range of t he Device. The W iFi 2 .4 G
LED flashes orange while t he Device set s up a WPS connect ion wit h t he ot her wireless device.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 1 Introducing the Device
Once t he connect ion is successfully m ade, t he W iFi 2 .4 G LED shines green.
To t urn off t he wireless net work, press t he W i- Fi but t on for one t o five seconds. The W iFi 2 .4 G
LED t urns off when t he wireless net work is off.
1.8 Wall-mounting Instructions
Do t he following t o hang your Device on a wall.
Locat e a high posit ion on a wall t hat is free of obst ruct ions. Use a st urdy wall.
Hold t he bracket against t he wall and m ark where t o drill t he holes.
Drill t he t wo screw holes in t he wall.
Be careful to avoid damaging pipes or cables located inside the wall
when drilling holes for the screws.
Align and insert t he bracket t o t he wall- m ount ing not ches on t he rear panel of t he Device.
Push t he bracket up t o t ight ly at t ach it t o t he Device.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
23
Chapter 1 Introducing the Device
24
Mount t he Device on t he screws which are already inst alled on t he wall. Make sure t hat t he Device
is firm ly at t ached t o t he screws so it does not fall off.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPT ER
The Web Configurator
2.1 Overview
The web configurat or is an HTML- based m anagem ent int erface t hat allows easy device set up and
m anagem ent via I nt ernet browser. Use I nt ernet Explorer 6.0 and lat er versions or Mozilla Firefox 3
and lat er versions or Safari 2.0 and lat er versions. The recom m ended screen resolut ion is 1024 by
768 pixels.
I n order t o use t he web configurat or you need t o allow:
• Web browser pop- up windows from your device. Web pop- up blocking is enabled by default in
Windows XP SP ( Service Pack) 2.
• JavaScript ( enabled by default ) .
• Java perm issions ( enabled by default ) .
See Appendix D on page 365 if you need t o m ake sure t hese funct ions are allowed in I nt ernet
Explorer.
2.1.1 Accessing the Web Configurator
Make sure your Device hardware is properly connect ed ( refer t o t he Quick St art Guide) .
Launch your web browser. I f t he Device does not aut om at ically re- direct you t o t he login screen, go
t o ht t p: / / 192.168.1.1.
A password screen displays. To access t he adm inist rat ive web configurat or and m anage t he Device,
t ype t he default usernam e a dm in and password 1 2 3 4 in t he password screen and click Login . I f
advanced account securit y is enabled ( see Sect ion 30.2 on page 289) t he num ber of dot s t hat
appears when you t ype t he password changes random ly t o prevent anyone wat ching t he password
field from knowing t he lengt h of your password. I f you have changed t he password, ent er your
password and click Login .
Figure 7 Password Screen
VMG8324-B10A / VMG8324-B30A Series User’s Guide
25
Chapter 2 The Web Configurator
The following screen displays if you have not yet changed your password. I t is st rongly
recom m ended you change t he default password. Ent er a new password, ret ype it t o confirm and
click Apply; alt ernat ively click Sk ip t o proceed t o t he m ain m enu if you do not want t o change t he
password now.
Figure 8 Change Password Screen
The Quick St a r t W iza r d screen appears. You can configure t he Device’s t im e zone, basic I nt ernet
access, and wireless set t ings. See Chapt er 3 on page 33 for m ore inform at ion.
Aft er you finished or closed t he Quick St a r t W iza r d screen, t he N e t w or k M a p page appears.
Figure 9 Net work Map
26
Click St a t us t o display t he St a t us screen, where you can view t he Device’s int erface and syst em
inform at ion.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 2 The Web Configurator
2.2 Web Configurator Layout
Figure 10 Screen Layout
As illust rat ed above, t he m ain screen is divided int o t hese part s:
• A - t it le bar
• B - m ain window
• C - navigat ion panel
2.2.1 Title Bar
The t it le bar provides som e icons in t he upper right corner.
The icons provide t he following funct ions.
Table 2 Web Configurat or I cons in t he Tit le Bar
ICON
DESCRIPTION
Language: Select t he language you prefer.
Qu ick St a r t : Click t his icon t o open screens where you can configure t he Device’s t im e zone
I nt ernet access, and wireless set t ings.
Logou t : Click t his icon t o log out of t he web configurat or.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
27
Chapter 2 The Web Configurator
2.2.2 Main Window
The m ain window displays inform at ion and configurat ion fields. I t is discussed in t he rest of t his
docum ent .
Aft er you click St a t u s on t he Con n e ct ion St a t us page, t he St a t us screen is displayed. See
Chapt er 4 on page 38 for m ore inform at ion about t he St a t u s screen.
I f you click Vir t ua l D e vice on t he Syst e m I n fo screen, a visual graphic appears, showing t he
connect ion st at us of t he Device’s port s. The connect ed port s are in color and disconnect ed port s are
gray.
Figure 11 Virt ual Device
28
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 2 The Web Configurator
2.2.3 Navigation Panel
Use t he m enu it em s on t he navigat ion panel t o open screens t o configure Device feat ures. The
following t ables describe each m enu it em .
Table 3 Navigat ion Panel Sum m ary
LINK
TAB
Connect ion St at us
FUNCTION
This screen shows t he net work st at us of t he Device and com put ers/
devices connect ed t o it .
Net work Set t ing
Broadband
Wireless
Hom e
Net working
Broadband
Use t his screen t o view and configure I SP param et ers, WAN I P
address assignm ent , and ot her advanced propert ies. You can also
add new WAN connect ions.
3G Backup
Use t his screen t o configure 3G WAN connect ion.
Advanced
Use t his screen t o enable or disable PTM over ADSL, Annex M/ Annex
J, and DSL PhyR funct ions.
802.1x
Use t his screen t o view and configure t he I EEE 802.1x set t ings on t he
Device.
Wan St at us
Use t his screen t o view hist orical t raffic t ransm ission st at ist ics of a
WAN int erface.
General
Use t his screen t o configure t he wireless LAN set t ings and WLAN
aut hent icat ion/ securit y set t ings.
More AP
Use t his screen t o configure m ult iple BSSs on t he Device.
MAC
Aut hent icat ion
Use t his screen t o block or allow wireless t raffic from wireless devices
of cert ain SSI Ds and MAC addresses t o t he Device.
WPS
Use t his screen t o configure and view your WPS ( Wi- Fi Prot ect ed
Set up) set t ings.
WMM
Use t his screen t o enable or disable Wi- Fi Mult iMedia ( WMM) .
WDS
Use t his screen t o set up Wireless Dist ribut ion Syst em ( WDS) links t o
ot her access point s.
Ot hers
Use t his screen t o configure advanced wireless set t ings.
Channel St at us
Use t his screen t o scan wireless LAN channel noises and view t he
result s.
LAN Set up
Use t his screen t o configure LAN TCP/ I P set t ings, and ot her advanced
propert ies.
St at ic DHCP
Use t his screen t o assign specific I P addresses t o individual MAC
addresses.
UPnP
Use t his screen t o t urn UPnP and UPnP NAT-T on or off.
Addit ional
Subnet
Use t his screen t o configure I P alias and public st at ic I P.
STB Vendor I D
Use t his screen t o have t he Device aut om at ically creat e st at ic DHCP
ent ries for Set Top Box ( STB) devices when t hey request I P
addresses.
5t h Et hernet
port
Use t his screen t o configure t he role of t he W AN port . I t can be eit her
t he Et hernet WAN or a LAN port .
LAN VLAN
Use t his screen t o cont rol t he VLAN I D and I EEE 802.1p priorit y t ags
of t raffic sent out t hrough individual LAN port s.
Wake on Lan
Use t his screen t o rem ot ely t urn on a device on t he net work.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
29
Chapter 2 The Web Configurator
Table 3 Navigat ion Panel Sum m ary ( cont inued)
LINK
Rout ing
QoS
NAT
DNS
TAB
FUNCTION
St at ic Rout e
Use t his screen t o view and set up st at ic rout es on t he Device.
DNS Rout e
Use t his screen t o forward DNS queries for cert ain dom ain nam es
t hrough a specific WAN int erface t o it s DNS server( s) .
Policy
Forwarding
Use t his screen t o configure policy rout ing on t he Device.
RI P
Use t his screen t o configure Rout ing I nform at ion Prot ocol t o
exchange rout ing inform at ion wit h ot her rout ers.
General
Use t his screen t o enable QoS and t raffic priorit izing. You can also
configure t he QoS rules and act ions.
Queue Set up
Use t his screen t o configure QoS queues.
Class Set up
Use t his screen t o define a classifier.
Policer Set up
Use t hese screens t o configure QoS policers.
Port Forwarding
Use t his screen t o m ake your local servers visible t o t he out side
world.
Applicat ions
Use t his screen t o configure servers behind t he Device.
Port Triggering
Use t his screen t o change your Device’s port t riggering set t ings.
DMZ
Use t his screen t o configure a default server which receives packet s
from port s t hat are not specified in t he Por t For w a r din g screen.
ALG
Use t his screen t o enable or disable SI P ALG.
Address Mapping
Use t his screen t o change your Device’s address m apping set t ings.
Sessions
Use t his screen t o configure t he m axim um num ber of NAT sessions
each client host is allowed t o have t hrough t he Device.
DNS Ent ry
Use t his screen t o view and configure DNS rout es.
Dynam ic DNS
Use t his screen t o allow a st at ic host nam e alias for a dynam ic I P
address.
I nt erface
Group
USB Service
Power
Managem ent
Use t his screen t o m ap a port t o a PVC or bridge group.
File Sharing
Use t his screen t o enable file sharing via t he Device.
Media Server
Use t his screen t o use t he Device as a m edia server.
Print er Server
Use t his screen t o enable t he print server on t he Device and get t he
m odel nam e of t he associat ed print er.
Power
Managem ent
This screen is only available for supervisors. Use t his screen t o
m anually t urn on/ off specific int erface( s) and/ or all LEDs
im m ediat ely.
Aut o Swit ch Off
This screen is only available for supervisors. Use t his screen t o
configure schedules t o have t he Device aut om at ically t urn on/ off
specific int erface( s) and/ or all LEDs.
General
Use t his screen t o configure t he securit y level of your firewall.
Prot ocol
Use t his screen t o add I nt ernet services and configure firewall rules.
Access Cont rol
Use t his screen t o enable specific t raffic direct ions for net work
services.
DoS
Use t his screen t o act ivat e prot ect ion against Denial of Service ( DoS)
at t acks.
Securit y Set t ings
Firewall
MAC Filt er
30
Use t his screen t o block or allow t raffic from devices of cert ain MAC
addresses t o t he Device.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 2 The Web Configurator
Table 3 Navigat ion Panel Sum m ary ( cont inued)
LINK
TAB
FUNCTION
Parent al
Cont rol
Use t his screen t o block web sit es wit h t he specific URL.
Scheduler
Rules
Use t his screen t o configure t he days and t im es when a configured
rest rict ion ( such as parent al cont rol) is enforced.
Cert ificat es
I PSec VPN
Local Cert ificat es
Use t his screen t o view a sum m ary list of cert ificat es and m anage
cert ificat es and cert ificat ion request s.
Trust ed CA
Use t his screen t o view and m anage t he list of t he t rust ed CAs.
Set up
Use t his screen t o add or edit VPN policies.
Monit or
Use t his screen t o view t he st at us of all I PSec VPN t unnels. You can
also m anually init iat e a t unnel in t his screen.
SI P Account
Use t his screen t o set up inform at ion about your SI P account and
configure audio set t ings such as volum e levels for t he phones
connect ed t o t he ZyXEL Device.
SI P Service
Provider
Use t his screen t o configure your ZyXEL Device’s Voice over I P
set t ings.
VoI P
SI P
Phone
Use t his screen t o select your locat ion and a call service m ode.
Call Rule
Use t his screen t o configure speed dial for SI P phone num bers t hat
you call oft en.
Call Hist ory
Call Hist ory
Sum m ary
Use t his screen t o view a call hist ory list .
Call Hist ory
Out going
Use t his screen t o view det ailed inform at ion for each out going call
you m ade.
Call Hist ory
I ncom ing
Use t his screen t o view det ailed inform at ion for each incom ing call
from som eone calling you.
Line Test
This screen is only available for supervisors. Use t his screen t o do
various t est s for a phone line.
Syst em Monit or
Log
Traffic St at us
Syst em Log
Use t his screen t o view t he st at us of event s t hat occurred t o t he
Device. You can export or e- m ail t he logs.
Securit y Log
Use t his screen t o view t he login record of t he Device. You can export
or e- m ail t he logs.
WAN
Use t his screen t o view t he st at us of all net work t raffic going t hrough
t he WAN port of t he Device.
LAN
Use t his screen t o view t he st at us of all net work t raffic going t hrough
t he LAN port s of t he Device.
NAT
Use t his screen t o view NAT st at ist ics for connect ed host s.
VoI P St at us
Use t his screen t o view VoI P regist rat ion, current call st at ust and
phone num bers for t he phone port s.
ARP Table
Use t his screen t o view t he ARP t able. I t displays t he I P and MAC
address of each DHCP connect ion.
Rout ing Table
Use t his screen t o view t he rout ing t able on t he Device.
I GMP/ MLD
Group St at us
Use t his screen t o view t he st at us of all I GMP set t ings on t he Device.
xDSL St at ist ics
Use t his screen t o view t he Device’s xDSL t raffic st at ist ics.
3G St at ist ics
Use t his screen t o look at 3G I nt ernet connect ion st at us.
Maint enance
VMG8324-B10A / VMG8324-B30A Series User’s Guide
31
Chapter 2 The Web Configurator
Table 3 Navigat ion Panel Sum m ary ( cont inued)
LINK
TAB
User Account
Use t his screen t o change user password on t he Device.
Rem ot e MGMT
Use t his screen t o enable specific t raffic direct ions for net work
services.
TR- 069 Client
Use t his screen t o configure t he Device t o be m anaged by an Aut o
Configurat ion Server ( ACS) .
TR- 064
Use t his screen t o enable m anagem ent via TR- 064 on t he LAN.
SNMP
Use t his screen t o configure SNMP ( Sim ple Net work Managem ent
Prot ocol) set t ings.
Tim e
Use t his screen t o change your Device’s t im e and dat e.
Em ail
Not ificat ion
Use t his screen t o configure up t o t wo m ail servers and sender
addresses on t he Device.
Log Set t ing
Use t his screen t o change your Device’s log set t ings.
Firm ware
Upgrade
Use t his screen t o upload firm ware t o your device.
Configurat ion
Use t his screen t o backup and rest ore your device’s configurat ion
( set t ings) or reset t he fact ory default set t ings.
Reboot
Diagnost ic
32
FUNCTION
Use t his screen t o reboot t he Device wit hout t urning t he power off.
Ping &
Tracerout e &
Nslookup
Use t his screen t o ident ify problem s w it h t he DSL connect ion. You can
use Ping, TraceRout e, or Nslookup t o help you ident ify problem s.
802.1ag
Use t his screen t o configure CFM ( Connect ivit y Fault Managem ent )
MD ( m aint enance dom ain) and MA ( m aint enance associat ion) ,
perform connect ivit y t est s and view t est report s.
OAM Ping
Use t his screen t o view inform at ion t o help you ident ify problem s wit h
t he DSL connect ion.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPT ER
Quick Start
3.1 Overview
Use t he Quick St art screens t o configure t he Device’s t im e zone, basic I nt ernet access, and wireless
set t ings.
Not e: See t he t echnical reference chapt ers ( st art ing on page 35) for background
inform at ion on t he feat ures in t his chapt er.
3.2 Quick Start Setup
The Quick St art Wizard appears aut om at ically aft er login. Or you can click t he Click St a r t icon in
t he t op right corner of t he web configurat or t o open t he quick st art screens. Select t he t im e zone of
t he Device’s locat ion and click N e x t .
Figure 12 Tim e Zone
VMG8324-B10A / VMG8324-B30A Series User’s Guide
33
Chapter 3 Quick Start
Ent er your I nt ernet connect ion inform at ion in t his screen. The screen and fields t o ent er m ay vary
depending on your current connect ion t ype. Click N e x t . Click N e x t .
Figure 13 I nt ernet Connect ion
Turn t he wireless LAN on or off. I f you keep it on, record t he securit y set t ings so you can configure
your wireless client s t o connect t o t he Device. Click Sa ve .
Figure 14 I nt ernet Connect ion
34
Your Device saves your set t ings and at t em pt s t o connect t o t he I nt ernet .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
P ART II
Technical Reference
35
36
C HAPT ER
Network Map and Status Screens
4.1 Overview
Aft er you log int o t he Web Configurat or, t he N e t w or k M a p screen appears. This shows t he net work
connect ion st at us of t he Device and client s connect ed t o it .
You can use t he St a t u s screen t o look at t he current st at us of t he Device, syst em resources, and
int erfaces ( LAN, WAN, and WLAN) .
4.2 The Network Map Screen
Use t his screen t o view t he net work connect ion st at us of t he device and it s client s. A warning
m essage appears if t here is a connect ion problem .
Figure 15 Net work Map: I con View Mode
VMG8324-B10A / VMG8324-B30A Series User’s Guide
37
Chapter 4 Network Map and Status Screens
I f you want t o view inform at ion about a client , click t he client ’s nam e and I nfo. Click t he I P address
if you want t o change it . I f you want t o change t he nam e or icon of t he client , click Cha nge na m e /
icon .
I f you prefer t o view t he st at us in a list , click List Vie w in t he Vie w in g m ode select ion box. You
can configure how oft en you want t he Device t o updat e t his screen in Re fr e sh int e r va l.
Figure 16 Net work Map: List View Mode
4.3 The Status Screen
Use t his screen t o view t he st at us of t he Device. Click St a t u s t o open t his screen.
Figure 17 St at us Screen
38
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 4 Network Map and Status Screens
Each field is described in t he following t able.
Table 4 St at us Screen
LABEL
DESCRIPTION
Refresh I nt erval
Select how oft en you want t he Device t o updat e t his screen.
Device I nform at ion
Host Nam e
This field displays t he Device syst em nam e. I t is used for ident ificat ion.
Model Num ber
This shows t he m odel num ber of your Device.
Firm ware
Version
This is t he current version of t he firm ware inside t he Device.
WAN I nform at ion ( These fields display when you have a WAN connect ion.)
WAN Type
This field displays t he current WAN connect ion t ype.
MAC Address
This shows t he WAN Et hernet adapt er MAC ( Media Access Cont rol) Address of your
Device.
I P Address
This field displays t he current I P address of t he Device in t he WAN. Click Re le a se t o
release your I P address t o 0.0.0.0. I f you want t o renew your I P address, click Re n e w .
I P Subnet Mask
This field displays t he current subnet m ask in t he WAN.
Encapsulat ion
This field displays t he current encapsulat ion m et hod.
LAN I nform at ion
I Pv4 Address
This is t he current I Pv4 I P address of t he Device in t he LAN.
I Pv4 Subnet
Mask
This is t he current subnet m ask in t he LAN.
DHCP
This field displays what DHCP services t he Device is providing t o t he LAN. Choices are:
Se r ve r - The Device is a DHCP server in t he LAN. I t assigns I P addresses t o ot her
com put ers in t he LAN.
Re la y - The Device act s as a surrogat e DHCP server and relays DHCP request s and
responses bet w een t he rem ot e server and t he client s.
N on e - The Device is not providing any DHCP services t o t he LAN.
MAC Address
This shows t he LAN Et hernet adapt er MAC ( Media Access Cont rol) Address of your
Device.
WLAN I nform at ion
MAC Address
This shows t he wireless adapt er MAC ( Media Access Cont rol) Address of your Device.
St at us
This displays whet her WLAN is act ivat ed.
SSI D
This is t he descript ive nam e used t o ident ify t he Device in a wireless LAN.
Channel
This is t he channel num ber used by t he Device now.
Securit y
This displays t he t ype of securit y m ode t he Device is using in t he wireless LAN.
802.11 Mode
This displays t he t ype of 802.11 m ode t he Device is using in t he wireless LAN.
WPS
This displays whet her WPS is act ivat ed.
Securit y
Firewall
This displays t he firewall’s current securit y level.
Syst em St at us
Syst em Up
Tim e
This field displays how long t he Device has been running since it last st art ed up. The
Device st art s up when you plug it in, when you rest art it ( M a in t e n a n ce > Re boot ) , or
when you reset it .
Current Dat e/
Tim e
This field displays t he current dat e and t im e in t he Device. You can change t his in
M a in t e n a n ce > Tim e Se t t in g.
Syst em Resource
VMG8324-B10A / VMG8324-B30A Series User’s Guide
39
Chapter 4 Network Map and Status Screens
Table 4 St at us Screen ( cont inued)
LABEL
DESCRIPTION
CPU Usage
This field displays what percent age of t he Device’s processing abilit y is current ly used.
When t his percent age is close t o 100% , t he Device is running at full load, and t he
t hroughput is not going t o im prove anym ore. I f you want som e applicat ions t o have
m ore t hroughput , you should t urn off ot her applicat ions ( for exam ple, using QoS; see
Chapt er 9 on page 139) .
Mem ory Usage
This field displays what percent age of t he Device’s m em ory is current ly used. Usually,
t his percent age should not increase m uch. I f m em ory usage does get close t o 100% , t he
Device is probably becom ing unst able, and you should rest art t he device. See Sect ion
39.2 on page 313, or t urn off t he device ( unplug t he power) for a few seconds.
NAT Session
Usage
This field displays what percent age of t he Device support ed NAT sessions are current ly
being used.
I nt erface St at us
I nt erface
This colum n displays each int erface t he Device has.
St at us
This field indicat es t he int erface’s use st at us.
For t he DSL int erface, t his field displays D ow n ( line down) , Up ( line up or connect ed)
and D r op ( dropping a call) if you're using PPPoE encapsulat ion.
For t he Et hernet WAN and LAN int erface, t his field displays Up when using t he int erface
and N oLink when not using t he int erface.
For t he WLAN int erface, t his field displays t he enabled ( Act ive ) or disabled ( I n Act ive)
st at e of t he int erface.
For t he 3G USB int erface, t his field displays Up when using t he int erface and N oD e vice
when no device is det ect ed in any USB slot .
Rat e
For t he Et hernet WAN and LAN int erface, t his displays t he port speed and duplex set t ing.
For t he DSL int erface, it displays t he downst ream and upst ream t ransm ission rat e.
For t he WLAN int erface, it displays t he m axim um t ransm ission rat e or N / A wit h WLAN
disabled.
For t he 3G USB int erface, t his field displays Up when a 3G USB device is inst alled in a
USB slot and N oD e vice when no device is det ect ed in any USB slot .
Regist rat ion St at us
Account
This colum n displays each SI P account in t he Device.
Act ion
I f t he SI P account is already regist ered wit h t he SI P server, t he Accou n t St a t u s field
displays Re gist e r e d.
Click Un r e gist e r t o delet e t he SI P account ’s regist rat ion in t he SI P server. This does not
cancel your SI P account , but it delet es t he m apping bet ween your SI P ident it y and your
I P address or dom ain nam e.
I f t he SI P account is not regist ered wit h t he SI P server, t he Accou n t St a t u s field
displays N ot Re gist e r e d.
Click Re gist e r t o have t he Device at t em pt t o regist er t he SI P account wit h t he SI P
server.
The but t on is grayed out if t he SI P account is disabled.
40
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 4 Network Map and Status Screens
Table 4 St at us Screen ( cont inued)
LABEL
DESCRIPTION
Account St at us
This field displays t he current regist rat ion st at us of t he SI P account . You have t o regist er
SI P account s wit h a SI P server t o use VoI P.
I n a ct ive - The SI P account is not act ive. You can act ivat e it in V oI P > SI P > SI P
Accou n t .
N ot Re gist e r e d - The last t im e t he Device t ried t o regist er t he SI P account wit h t he
SI P server, t he at t em pt failed. Use t he Re gist e r but t on t o regist er t he account again.
The Device aut om at ically t ries t o regist er t he SI P account when you t urn on t he Device
or when you act ivat e it .
Re gist e r e d - The SI P account is already regist ered wit h t he SI P server. You can use it
t o m ake a VoI P call.
Service- Provider
This colum n displays t he service provider nam e and SI P num ber for each SI P account .
URI
This field displays t he account num ber and service dom ain of t he SI P account . You can
change t hese in t he V oI P > SI P screens.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
41
Chapter 4 Network Map and Status Screens
42
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPT ER
Broadband
5.1 Overview
This chapt er discusses t he Device’s Br oa dba n d screens. Use t hese screens t o configure your
Device for I nt ernet access.
A WAN ( Wide Area Net work) connect ion is an out side connect ion t o anot her net work or t he
I nt ernet . I t connect s your privat e net works, such as a LAN ( Local Area Net work) and ot her
net works, so t hat a com put er in one locat ion can com m unicat e wit h com put ers in ot her locat ions.
Figure 18 LAN and WAN
WAN
3G ( t hird generat ion) st andards for t he sending and receiving of voice, video, and dat a in a m obile
environm ent .
You can at t ach a 3G wireless adapt er t o t he USB port and set t he Device t o use t his 3G connect ion
as your WAN or a backup when t he wired WAN connect ion fails.
Figure 19 3G WAN Connect ion
5.1.1 What You Can Do in this Chapter
• Use t he Br oa dba n d screen t o view, rem ove or add a WAN int erface. You can also configure t he
WAN set t ings on t he Device for I nt ernet access ( Sect ion 5.2 on page 47) .
• Use t he 3 G Ba ck up screen t o configure 3G WAN connect ion ( Sect ion 5.3 on page 57) .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
43
Chapter 5 Broadband
• Use t he Adva nce d screen t o enable or disable PTM over ADSL, Annex M/ Annex J, and DSL PhyR
funct ions ( Sect ion 5.4 on page 61) .
• Use t he 8 0 2 .1 x screen t o view and configure t he I EEE 802.1X set t ings on t he Device ( Sect ion
5.5 on page 62) .
• Use t he W a n St a t u s screen t o view a WAN int erface’s hist orical t raffic t ransm ission rat e.
( Sect ion 5.6 on page 63) .
Table 5 WAN Set up Overview
LAYER-2 INTERFACE
CONNECTION
ADSL/ VDSL
over PTM
ADSL over ATM
Et herWAN
INTERNET CONNECTION
DSL LINK
TYPE
MODE
ENCAPSULATION
CONNECTION SETTINGS
N/ A
Rout ing
PPPoE
PPP inform at ion, I Pv4/ I Pv6 I P
address, rout ing feat ure, DNS
server, VLAN, QoS, and MTU
I PoE
I Pv4/ I Pv6 I P address, rout ing
feat ure, DNS server, VLAN, QoS,
and MTU
Bridge
N/ A
VLAN and QoS
Rout ing
PPPoE/ PPP0A
ATM PVC configurat ion, PPP
inform at ion, I Pv4/ I Pv6 I P address,
rout ing feat ure, DNS server, VLAN,
QoS, and MTU
I PoE/ I PoA
ATM PVC configurat ion, I Pv4/ I Pv6
I P address, rout ing feat ure, DNS
server, VLAN, QoS, and MTU
Bridge
N/ A
ATM PVC configurat ion, and QoS
Rout ing
PPPoE
PPP user nam e and password, WAN
I Pv4/ I Pv6 I P address, rout ing
feat ure, DNS server, VLAN, QoS,
and MTU
I PoE
WAN I Pv4/ I Pv6 I P address, NAT,
DNS server and rout ing feat ure
N/ A
VLAN and QoS
EoA
N/ A
Bridge
5.1.2 What You Need to Know
The following t erm s and concept s m ay help as you read t his chapt er.
Encapsulation Method
Encapsulat ion is used t o include dat a from an upper layer prot ocol int o a lower layer prot ocol. To set
up a WAN connect ion t o t he I nt ernet , you need t o use t he sam e encapsulat ion m et hod used by your
I SP ( I nt ernet Service Provider) . I f your I SP offers a dial- up I nt ernet connect ion using PPPoE ( PPP
over Et hernet ) , t hey should also provide a usernam e and password ( and service nam e) for user
aut hent icat ion.
44
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
WAN IP Address
The WAN I P address is an I P address for t he Device, which m akes it accessible from an out side
net work. I t is used by t he Device t o com m unicat e wit h ot her devices in ot her net works. I t can be
st at ic ( fixed) or dynam ically assigned by t he I SP each t im e t he Device t ries t o access t he I nt ernet .
I f your I SP assigns you a st at ic WAN I P address, t hey should also assign you t he subnet m ask and
DNS server I P address( es) .
ATM
Asynchronous Transfer Mode ( ATM) is a WAN net working t echnology t hat provides high- speed dat a
t ransfer. ATM uses fixed- size packet s of inform at ion called cells. Wit h ATM, a high QoS ( Qualit y of
Service) can be guarant eed. ATM uses a connect ion- orient ed m odel and est ablishes a virt ual circuit
( VC) bet ween Finding Out More
PTM
Packet Transfer Mode ( PTM) is packet- orient ed and support ed by t he VDSL2 st andard. I n PTM,
packet s are encapsulat ed direct ly in t he High- level Dat a Link Cont rol ( HDLC) fram es. I t is designed
t o provide a low- overhead, t ransparent way of t ransport ing packet s over DSL links, as an
alt ernat ive t o ATM.
3G
3G ( Third Generat ion) is a digit al, packet- swit ched wireless t echnology. Bandwidt h usage is
opt im ized as m ult iple users share t he sam e channel and bandwidt h is only allocat ed t o users when
t hey send dat a. I t allows fast t ransfer of voice and non- voice dat a and provides broadband I nt ernet
access t o m obile devices.
IPv6 Introduction
I Pv6 ( I nt ernet Prot ocol version 6) , is designed t o enhance I P address size and feat ures. The
increase in I Pv6 address size t o 128 bit s ( from t he 32- bit I Pv4 address) allows up t o 3.4 x 10 38 I P
addresses. The Device can use I Pv4/ I Pv6 dual st ack t o connect t o I Pv4 and I Pv6 net works, and
support s I Pv6 rapid deploym ent ( 6RD) .
IPv6 Addressing
The 128- bit I Pv6 address is writ t en as eight 16- bit hexadecim al blocks separat ed by colons ( : ) . This
is an exam ple I Pv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
I Pv6 addresses can be abbreviat ed in t wo ways:
• Leading zeros in a block can be om it t ed. So
2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be writ t en as
2001:db8:1a2b:15:0:0:1a2f:0.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
45
Chapter 5 Broadband
• Any num ber of consecut ive blocks of zeros can be replaced by a double colon. A double
colon can only appear once in an I Pv6 address. So
2001:0db8:0000:0000:1a2f:0000:0000:0015 can be writ t en as
2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015,
2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
IPv6 Prefix and Prefix Length
Sim ilar t o an I Pv4 subnet m ask, I Pv6 uses an address prefix t o represent t he net work address. An
I Pv6 prefix lengt h specifies how m any m ost significant bit s ( st art from t he left ) in t he address
com pose t he net work address. The prefix lengt h is writ t en as “ / x” where x is a num ber. For
exam ple,
2001:db8:1a2b:15::1a2f:0/32
m eans t hat t he first 32 bit s ( 2001:db8) is t he subnet prefix.
IPv6 Subnet Masking
Bot h an I Pv6 address and I Pv6 subnet m ask com pose of 128- bit binary digit s, which are divided
int o eight 16- bit blocks and writ t en in hexadecim al not at ion. Hexadecim al uses four bit s for each
charact er ( 1 ~ 10, A ~ F) . Each block’s 16 bit s are t hen represent ed by four hexadecim al
charact ers. For exam ple, FFFF: FFFF: FFFF: FFFF: FC00: 0000: 0000: 0000.
IPv6 Rapid Deployment
Use I Pv6 Rapid Deploym ent ( 6rd) when t he local net work uses I Pv6 and t he I SP has an I Pv4
net work. When t he Device has an I Pv4 WAN address and you set I Pv6 / I Pv4 M ode t o I Pv4 Only,
you can enable 6rd t o encapsulat e I Pv6 packet s in I Pv4 packet s t o cross t he I SP’s I Pv4 net work.
The Device generat es a global I Pv6 prefix from it s I Pv4 WAN address and t unnels I Pv6 t raffic t o t he
I SP’s Border Relay rout er ( BR in t he figure) t o connect t o t he nat ive I Pv6 I nt ernet . The local
net work can also use I Pv4 services. The Device uses it ’s configured I Pv4 WAN I P t o rout e I Pv4
t raffic t o t he I Pv4 I nt ernet .
Figure 20 I Pv6 Rapid Deploym ent
LAN
- I Pv6
- I Pv4
W AN
- I Pv4
- I Pv6 in I Pv4
I SP ( I Pv4)
I Pv6 in I Pv4
BR
I Pv6 I nt ernet
I Pv6 + I Pv4
I Pv4
I Pv4 I nt ernet
46
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
Dual Stack Lite
Use Dual St ack Lit e when local net work com put ers use I Pv4 and t he I SP has an I Pv6 net work.
When t he Device has an I Pv6 WAN address and you set I Pv6 / I Pv4 M ode t o I Pv6 On ly, you can
enable Dual St ack Lit e t o use I Pv4 com put ers and services.
The Device t unnels I Pv4 packet s inside I Pv6 encapsulat ion packet s t o t he I SP’s Address Fam ily
Transit ion Rout er ( AFTR in t he graphic) t o connect t o t he I Pv4 I nt ernet . The local net work can also
use I Pv6 services. The Device uses it ’s configured I Pv6 WAN I P t o rout e I Pv6 t raffic t o t he I Pv6
I nt ernet .
Figure 21 Dual St ack Lit e
LAN
- I Pv6
- I Pv4
W AN
- I Pv6
- I Pv4 in I Pv6
I SP ( I Pv6)
I Pv6
I Pv6 + I Pv4
I Pv6 I nt er net
I Pv4 in I Pv6
AFTR
I Pv4 I nt ernet
5.1.3 Before You Begin
You need t o know your I nt ernet access set t ings such as encapsulat ion and WAN I P address. Get t his
inform at ion from your I SP.
5.2 The Broadband Screen
Use t his screen t o change your Device’s I nt ernet access set t ings. Click N e t w or k Se t t ing >
Br oa dba n d from t he m enu. The sum m ary t able shows you t he configured WAN services
( connect ions) on t he Device.
Figure 22 Net work Set t ing > Broadband
VMG8324-B10A / VMG8324-B30A Series User’s Guide
47
Chapter 5 Broadband
The following t able describes t he labels in t his screen.
Table 6 Net work Set t ing > Broadband
LABEL
DESCRIPTION
Add New WAN
I nt erface
Click t his but t on t o creat e a new connect ion.
This is t he index num ber of t he ent ry.
Nam e
This is t he service nam e of t he connect ion.
Type
This shows whet her it is an ATM, Et hernet or a PTM connect ion.
Mode
This shows whet her t he connect ion is in rout ing or bridge m ode.
Encapsulat ion
This is t he m et hod of encapsulat ion used by t his connect ion.
802.1p
This indicat es t he 802.1p priorit y level assigned t o t raffic sent t hrough t his connect ion. This
displays N / A when t here is no priorit y level assigned.
802.1q
This indicat es t he VLAN I D num ber assigned t o t raffic sent t hrough t his connect ion. This
displays N / A when t here is no VLAN I D num ber assigned.
I GMP Proxy
This shows whet her t he Device act as an I GMP proxy on t his connect ion.
NAT
This shows whet her NAT is act ivat ed or not for t his connect ion.
Default
Gat eway
This shows whet her t he Device use t he WAN int erface of t his connect ion as t he syst em
default gat eway.
I Pv6
This shows whet her I Pv6 is act ivat ed or not for t his connect ion. I Pv6 is not available when
t he connect ion uses t he bridging service.
MLD Proxy
This shows whet her Mult icast List ener Discovery ( MLD) is act ivat ed or not for t his
connect ion. MLD is not available w hen t he connect ion uses t he bridging service.
Modify
Click t he Edit icon t o configure t he WAN connect ion.
Click t he D e le t e icon t o rem ove t he WAN connect ion.
48
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
5.2.1 Add/Edit Internet Connection
Click Add N e w W AN I n t e r fa ce in t he Br oa dba n d screen or t he Edit icon next t o an exist ing WAN
int erface t o configure a WAN connect ion. The screen varies depending on t he int erface t ype, m ode,
encapsulat ion, and I Pv6/ I Pv4 m ode you select .
5.2.1.1 Routing Mode
Use Rout ing m ode if your I SP give you one I P address only and you want m ult iple com put ers t o
share an I nt ernet account .
The following exam ple screen displays when you select t he AD SL/ VD SL ove r ATM connect ion
t ype, Rou t in g m ode, and PPPoE encapsulat ion. The screen varies when you select ot her int erface
t ype, encapsulat ion, and I Pv6/ I Pv4 m ode.
Figure 23 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( Rout ing Mode)
The following t able describes t he labels in t his screen.
Table 7 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( Rout ing Mode)
LABEL
DESCRIPTION
General
Act ive
Select t his t o act ivat e t he WAN configurat ion set t ings.
Nam e
Specify a descript ive nam e for t his connect ion.
Type
Select whet her it is an ADSL/ VDSL over PTM, ADSL over ATM connect ion or Et hernet .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
49
Chapter 5 Broadband
Table 7 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( Rout ing Mode) ( cont inued)
LABEL
DESCRIPTION
Mode
Select Rou t in g if your I SP give you one I P address only and you want m ult iple com put ers t o
share an I nt ernet account .
Encapsulat ion
Select t he m et hod of encapsulat ion used by your I SP from t he drop- down list box. This
opt ion is available only when you select Rou t in g in t he M ode field.
The choices depend on t he connect ion t ype you select ed. I f your connect ion t ype is AD SL/
V D SL ove r PTM , t he choices are PPPoE and I PoE. I f your connect ion t ype is AD SL ove r
ATM , t he choices are PPPoE, PPPoA, I PoE and I PoA.
I Pv6/ I Pv4 Mode
Select I Pv4 On ly if you want t he Device t o run I Pv4 only.
Select I Pv6 / I Pv4 D u a lSt a ck t o allow t he Device t o run I Pv4 and I Pv6 at t he sam e t im e.
Select I Pv6 On ly if you want t he Device t o run I Pv6 only.
ATM PVC Configurat ion ( These fields appear when t he Type is set t o AD SL ove r ATM .)
VPI
The valid range for t he VPI is 0 t o 255. Ent er t he VPI assigned t o you.
VCI
The valid range for t he VCI is 32 t o 65535 ( 0 t o 31 is reserved for local m anagem ent of ATM
t raffic) . Ent er t he VCI assigned t o you.
DSL Link Type
This field is not edit able. The select ion depends on t he set t ing in t he En ca psula t ion field.
EoA ( Et hernet over ATM) uses an Et hernet header in t he packet , so t hat you can have
m ult iple services/ connect ions over one PVC. You can set each connect ion t o have it s own
MAC address or all connect ions share one MAC address but use different VLAN I Ds for
different services. EoA support s ENET ENCAP ( I PoE) , PPPoE and RFC1483/ 2684 bridging
encapsulat ion m et hods.
PPPoA ( PPP over ATM) allows j ust one PPPoA connect ion over a PVC.
I PoA ( I P over ATM) allows j ust one RFC 1483 rout ing connect ion over a PVC.
Encapsulat ion
Mode
Select t he m et hod of m ult iplexing used by your I SP from t he drop- down list box. Choices
are:
•
•
•
•
Service
Cat egory
LLC/ SN AP- BRI D GI N G: I n LCC encapsulat ion, bridged PDUs are encapsulat ed by
ident ifying t he t ype of t he bridged m edia in t he SNAP header. This is available only when
you select I PoE or PPPoE in t he Se le ct D SL Lin k Type field.
VC/ M UX: I n VC m ult iplexing, each prot ocol is carried on a single ATM virt ual circuit
( VC) . To t ransport m ult iple prot ocols, t he Device needs separat e VCs. There is a binding
bet ween a VC and t he t ype of t he net work prot ocol carried on t he VC. This reduces
payload overhead since t here is no need t o carry prot ocol inform at ion in each Prot ocol
Dat a Unit ( PDU) payload.
LLC/ EN CAPSULATI ON : More t han one prot ocol can be carried over t he sam e VC. This
is available only when you select PPPoA in t he En ca psu la t ion field.
LLC/ SN AP- ROUTI N G: I n LCC encapsulat ion, an I EEE 802.2 Logical Link Cont rol ( LLC)
header is prefixed t o each rout ed PDU t o ident ify t he PDUs. The LCC header can be
followed by an I EEE 802.1a SubNet work At t achm ent Point ( SNAP) header. This is
available only when you select I PoA in t he En ca psu la t ion field.
Select UBR W it h ou t PCR or UBR W it h PCR for applicat ions t hat are non- t im e sensit ive,
such as e- m ail.
Select CBR ( Cont inuous Bit Rat e) t o specify fixed ( always- on) bandwidt h for voice or dat a
t raffic.
Select N on Re a lt im e V BR ( non real- t im e Variable Bit Rat e) for connect ions t hat do not
require closely cont rolled delay and delay variat ion.
Select Re a lt im e VBR ( real- t im e Variable Bit Rat e) for applicat ions wit h burst y connect ions
t hat require closely cont rolled delay and delay variat ion.
Peak Cell Rat e
50
Divide t he DSL line rat e ( bps) by 424 ( t he size of an ATM cell) t o find t he Peak Cell Rat e
( PCR) . This is t he m axim um rat e at which t he sender can send cells. Type t he PCR here.This
field is not available when you select UBR W it h out PCR.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
Table 7 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( Rout ing Mode) ( cont inued)
LABEL
DESCRIPTION
Sust ainable
Cell Rat e
The Sust ainable Cell Rat e ( SCR) set s t he average cell rat e ( long- t erm ) t hat can be
t ransm it t ed. Type t he SCR, which m ust be less t han t he PCR. Not e t hat syst em default is 0
cells/ sec.
This field is available only when you select N on Re a lt im e VBR or Re a lt im e VBR.
Maxim um Burst
Size
Maxim um Burst Size ( MBS) refers t o t he m axim um num ber of cells t hat can be sent at t he
peak rat e. Type t he MBS, which is less t han 65535.
This field is available only when you select N on Re a lt im e VBR or Re a lt im e VBR.
PPP I nform at ion ( This is available only when you select PPPoE or PPPoA in t he M ode field.)
PPP User Nam e
Ent er t he user nam e exact ly as your I SP assigned. I f assigned a nam e in t he form
user@dom ain where dom ain ident ifies a service nam e, t hen ent er bot h com ponent s exact ly
as given.
PPP Password
Ent er t he password associat ed wit h t he user nam e above. Select pa ssw or d u n m a sk t o
show your ent ered password in plain t ext .
PPP Triger Type
Select when t o have t he Device est ablish t he PPP connect ion.
Au t o Con n e ct - select t his t o not let t he connect ion t im e out .
Con n e ct on D e m a n d - select t his t o aut om at ically bring up t he connect ion when t he
Device receives packet s dest ined for t he I nt ernet .M a n u a l - select t his if you want t o
m anually t rigger t he connect ion up.
I dle Tim eout
This value specifies t he t im e in m inut es t hat elapses before t he rout er aut om at ically
disconnect s from t he PPPoE server.
This field is not configurable if you select Aut o Con n e ct in t he PPP Tr ige r Type field.
PPPoE Service
Nam e
Ent er t he nam e of your PPPoE service here.
PPPoE
Passt hrough
This field is available when you select PPPoE encapsulat ion.
I n addit ion t o t he Device’s built- in PPPoE client , you can enable PPPoE pass t hrough t o allow
up t o t en host s on t he LAN t o use PPPoE client soft ware on t heir com put ers t o connect t o t he
I SP via t he Device. Each host can have a separat e account and a public WAN I P address.
PPPoE pass t hrough is an alt ernat ive t o NAT for applicat ion where NAT is not appropriat e.
Disable PPPoE pass t hrough if you do not need t o allow host s on t he LAN t o use PPPoE client
soft ware on t heir com put ers t o connect t o t he I SP.
I P Address ( This is available only when you select I Pv4 On ly or I Pv6 / I Pv4 D u a lSt a ck in t he I Pv6 / I Pv4
M ode field.)
Obt ain an I P
Address
Aut om at ically
A st at ic I P address is a fixed I P t hat your I SP gives you. A dynam ic I P address is not fixed;
t he I SP assigns you a different one each t im e you connect t o t he I nt ernet . Select t his if you
have a dynam ic I P address.
DHCP
opt ion 60/
Vendor I D
This field displays when edit ing an exist ing WAN int erface. Type t he class vender I D you
want t he Device t o add in t he DHCP Discovery packet s t hat go t o t he DHCP server.
DHCP
opt ion 43
Enable
This field displays when edit ing an exist ing WAN int erface. Type t he vender specific
inform at ion you want t he Device t o add in t he DHCP Offer packet s. The inform at ion is used,
for exam ple, for configuring an ACS’s ( Aut o Configurat ion Server) URL.
St at ic I P
Address
Select t his opt ion I f t he I SP assigned a fixed I P address.
I P Address
Ent er t he st at ic I P address provided by your I SP.
Subnet
Mask
Ent er t he subnet m ask provided by your I SP.
Gat eway I P
Address
Ent er t he gat eway I P address provided by your I SP.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
51
Chapter 5 Broadband
Table 7 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( Rout ing Mode) ( cont inued)
LABEL
DESCRIPTION
Rout ing Feat ure ( This is available only when you select I Pv4 On ly or I Pv6 / I Pv4 D u a lSt a ck in t he I Pv6 /
I Pv4 M ode field.)
NAT Enable
Select t his opt ion t o act ivat e NAT on t his connect ion.
I GMP Proxy
Enable
I nt ernet Group Mult icast Prot ocol ( I GMP) is a net work- layer prot ocol used t o est ablish
m em bership in a Mult icast group - it is not used t o carry user dat a.
Select t his opt ion t o have t he Device act as an I GMP proxy on t his connect ion. This allows
t he Device t o get subscribing inform at ion and m aint ain a j oined m em ber list for each
m ult icast group. I t can reduce m ult icast t raffic significant ly.
Apply as
Default
Gat eway
Select t his opt ion t o have t he Device use t he WAN int erface of t his connect ion as t he syst em
default gat eway.
DNS Server ( This is available only when you select I Pv4 On ly or I Pv6 / I Pv4 D u a lSt a ck in t he I Pv6 / I Pv4
M ode field.)
DNS
Select D yna m ic if you want t he Device use t he DNS server addresses assigned by your I SP.
Select St a t ic if you want t he Device use t he DNS server addresses you configure m anually.
DNS Server 1
Ent er t he first DNS server address assigned by t he I SP.
DNS Server 2
Ent er t he second DNS server address assigned by t he I SP.
WAN MAC Address
Fact ory
Default
Select Fa ct or y D e fa u lt t o use t he fact ory assigned default MAC address.
Clone t he
com put er ’s
MAC
address - I P
Address
Select t his opt ion and ent er t he I P address of t he com put er on t he LAN whose MAC you are
cloning. I t is advisable t o clone t he MAC address from a com put er on your LAN even if your
I SP does not present ly require MAC address aut hent icat ion.
Set WAN
MAC
Address
Select t his opt ion and ent er t he MAC address you want t o use.
Tunnel ( This is available only when you select I Pv4 On ly or I Pv6 On ly in t he I Pv6 / I Pv4 M ode field.)
The DS- Lit e ( Dual St ack Lit e) fields display w hen you set t he I Pv6 / I Pv4 M ode field t o I Pv6 On ly.
Enable Dual St ack Lit e t o let local com put ers use I Pv4 t hrough an I SP’s I Pv6 net work. See Dual St ack Lit e on
page 47 for m ore inform at ion.
The 6RD ( I Pv6 rapid deploym ent ) fields display when you set t he I Pv6 / I Pv4 M ode field t o I Pv4 On ly. See
I Pv6 Rapid Deploym ent on page 46 for m ore inform at ion.
Enable DS- Lit e
This is available only when you select I Pv6 Only in t he I Pv6 / I Pv4 M ode field. Select
En a ble t o let local com put ers use I Pv4 t hrough an I SP’s I Pv6 net work.
DS- Lit e Relay
Server I P
Specify t he t ransit ion rout er ’s I Pv6 address.
Enable 6RD
This is available only when you select I Pv4 Only in t he I Pv6 / I Pv4 M ode field. Select
En a ble t o t unnel I Pv6 t raffic from t he local net work t hrough t he I SP’s I Pv4 net work.
6RD Type
Select St a t ic if you have t he I Pv4 address of t he relay server, ot herwise select D H CP t o
have t he Device det ect it aut om at ically t hrough DHCP.
I Pv4 Mask
Lengt h
Ent er t he subnet m ask num ber ( 1~ 32) for t he I Pv4 net work.
6RD Border
Relay Server I P
When you set t he 6 RD Type t o St a t ic, specify t he relay server ’s I Pv4 address in t his field.
6RD I Pv6 Prefix
Ent er an I Pv6 prefix for t unneling I Pv6 t raffic t o t he I SP’s border relay rout er and connect ing
t o t he nat ive I Pv6 I nt ernet .
I Pv6 Address ( This is available only when you select I Pv6 / I Pv4 D u a lSt a ck or I Pv6 On ly in t he I Pv6 / I Pv4
M ode field.)
52
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
Table 7 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( Rout ing Mode) ( cont inued)
LABEL
DESCRIPTION
I Pv6 Address
Select Au t om a t ic if you want t o have t he Device use t he I Pv6 prefix from t he connect ed
rout er ’s Rout er Advert isem ent ( RA) t o generat e an I Pv6 address.
•
•
Select Ge t I Pv6 Addr e ss Fr om D H CPv6 Se r ve r ( I A_ N A) if you want t o obt ain an I Pv6
address from a DHCPv6 server. The I P address assigned by a DHCPv6 server has priorit y
over t he I P address aut om at ically generat ed by t he Device using t he I Pv6 prefix from an
RA. This opt ion is available only when you choose t o get your I Pv6 address
aut om at ically.
Select Pr e fix D e le ga t ion ( I A_ PD ) t o use DHCP PD ( Prefix Delegat ion) which enables
t he Device t o pass t he I Pv6 prefix inform at ion t o it s LAN host s. The host s can t hen use
t he prefix t o generat e t heir I Pv6 addresses.
Select St a t ic if you have a fixed I Pv6 address assigned by your I SP.
Select N on e t o not assign any I Pv6 address t o t his WAN connect ion.
WAN I Pv6
Address
Ent er t he I Pv6 address assigned by your I SP.
Prefix
Lengt h
Ent er t he address prefix lengt h t o specify how m any m ost significant bit s in an I Pv6 address
com pose t he net work address.
Next Hop
Ent er t he I P address of t he next- hop gat eway. The gat eway is a rout er or swit ch on t he
sam e segm ent as your Device's int erface( s) . The gat eway helps forward packet s t o t heir
dest inat ions.
I Pv6 Rout ing Feat ure ( This is available only when you select I Pv6 / I Pv4 D u a lSt a ck or I Pv6 On ly in t he
I Pv6 / I Pv4 M ode field. You can enable I Pv6 rout ing feat ures in t he following sect ion.)
MLD Proxy
Enable
Select t his checkbox t o have t he Device act as an MLD proxy on t his connect ion. This allows
t he Device t o get subscript ion inform at ion and m aint ain a j oined m em ber list for each
m ult icast group. I t can reduce m ult icast t raffic significant ly.
Apply as
Default
Gat eway
Select t his opt ion t o have t he Device use t he WAN int erface of t his connect ion as t he syst em
default gat eway.
I Pv6 DNS
Server
Configure t he I Pv6 DNS server in t he following sect ion.
I Pv6 DNS
Select D yn a m ic t o have t he Device get t he I Pv6 DNS server addresses from t he I SP
aut om at ically.
Select St a t ic t o have t he Device use t he I Pv6 DNS server addresses you configure
m anually.
I Pv6 DNS
Server 1
Ent er t he first I Pv6 DNS server address assigned by t he I SP.
I Pv6 DNS
Server 2
Ent er t he second I Pv6 DNS server address assigned by t he I SP.
VLAN ( These fields appear when t he Type is set t o AD SL/ V D SL ove r PTM .)
Act ive
Select t his opt ion t o add t he VLAN t ag ( specified below) t o t he out going t raffic t hrough t his
connect ion.
802.1p
I EEE 802.1p defines up t o 8 separat e t raffic t ypes by insert ing a t ag int o a MAC- layer fram e
t hat cont ains bit s t o define class of service.
Select t he I EEE 802.1p priorit y level ( from 0 t o 7) t o add t o t raffic t hrough t his connect ion.
The great er t he num ber, t he higher t he priorit y level.
802.1q
Type t he VLAN I D num ber ( from 1 t o 4094) for t raffic t hrough t his connect ion.
QoS
Rat e Lim it
Ent er t he rat e lim it for t he connect ion. This is t he m axim um t ransm ission rat e allowed for
t raffic on t his connect ion.
WAN Out going
Default Tag
Select En a ble and ent er a D SCP ( DiffServ Code Point ) value t o have t he Device add it in t he
packet s sent by t his WAN int erface.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
53
Chapter 5 Broadband
Table 7 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( Rout ing Mode) ( cont inued)
LABEL
DESCRIPTION
MTU
MTU Size
Ent er t he MTU ( Maxim um Transfer Unit ) size for t his t raffic.
Apply
Click Apply t o save your changes back t o t he Device.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
5.2.1.2 Bridge Mode
Click t he Add n e w W AN I n t e r fa ce in t he N e t w or k Se t t ing > Br oa dba nd screen or t he Edit icon
next t o t he connect ion you want t o configure. Select Br idge as t he encapsulat ion m ode. The screen
varies depending on t he int erface t ype you select .
I f you select AD SL/ VD SL ove r PTM as t he int erface t ype, t he following screen appears.
Figure 24 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( Bridge Mode )
The following t able describes t he fields in t his screen.
Table 8 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( Bridge Mode)
LABEL
DESCRIPTION
General
54
Act ive
Select t his t o act ivat e t he WAN configurat ion set t ings.
Nam e
Ent er a service nam e of t he connect ion.
Type
Select AD SL/ V D SL ove r PTM as t he int erface t hat you want t o configure. The Device uses
t he VDSL t echnology for dat a t ransm ission over t he DSL port .
Mode
Select Br idge when your I SP provides you m ore t han one I P address and you want t he
connect ed com put ers t o get individual I P address from I SP’s DHCP server direct ly. I f you
select Br idge , you cannot use rout ing funct ions, such as QoS, Firewall, DHCP server and
NAT on t raffic from t he select ed LAN port ( s) .
VLAN
This sect ion is available only when you select AD SL/ V D SL ove r PTM in t he Type field.
Act ive
Select t his t o add t he VLAN Tag ( specified below) t o t he out going t raffic t hrough t his
connect ion.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
Table 8 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( Bridge Mode) ( cont inued)
LABEL
DESCRIPTION
802.1p
I EEE 802.1p defines up t o 8 separat e t raffic t ypes by insert ing a t ag int o a MAC- layer fram e
t hat cont ains bit s t o define class of service.
Select t he I EEE 802.1p priorit y level ( from 0 t o 7) t o add t o t raffic t hrough t his connect ion.
The great er t he num ber, t he higher t he priorit y level.
802.1q
Type t he VLAN I D num ber ( from 0 t o 4094) for t raffic t hrough t his connect ion.
QoS
Rat e Lim it
Ent er t he rat e lim it for t he connect ion. This is t he m axim um t ransm ission rat e allowed for
t raffic on t his connect ion.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
I f you select AD SL ove r ATM as t he int erface t ype, t he following screen appears.
Figure 25 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( ADSL over ATM- Bridge
Mode)
The following t able describes t he fields in t his screen.
Table 9 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( ADSL over ATM - Bridge
Mode)
LABEL
DESCRIPTION
General
Act ive
Select t his t o act ivat e t he WAN configurat ion set t ings.
Nam e
Ent er a service nam e of t he connect ion.
Type
Select AD SL ove r ATM as t he int erface for which you want t o configure here. The Device
uses t he ADSL t echnology for dat a t ransm ission over t he DSL port .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
55
Chapter 5 Broadband
Table 9 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( ADSL over ATM - Bridge
Mode) ( cont inued)
LABEL
DESCRIPTION
Mode
Select Br idge when your I SP provides you m ore t han one I P address and you want t he
connect ed com put ers t o get individual I P address from I SP’s DHCP server direct ly. I f you
select Br idge , you cannot use rout ing funct ions, such as QoS, Firewall, DHCP server and
NAT on t raffic from t he select ed LAN port ( s) .
ATM PVC Configurat ion ( These fields appear when t he Type is set t o AD SL ove r ATM .)
VPI
The valid range for t he VPI is 0 t o 255. Ent er t he VPI assigned t o you.
VCI
The valid range for t he VCI is 32 t o 65535 ( 0 t o 31 is reserved for local m anagem ent of ATM
t raffic) . Ent er t he VCI assigned t o you.
DSL Link Type
This field is not edit able. The select ion depends on t he set t ing in t he En ca psu la t ion field.
EoA ( Et hernet over ATM) uses an Et hernet header in t he packet , so t hat you can have
m ult iple services/ connect ions over one PVC. You can set each connect ion t o have it s own
MAC address or all connect ions share one MAC address but use different VLAN I Ds for
different services. EoA support s ENET ENCAP ( I PoE) , PPPoE and RFC1483/ 2684 bridging
encapsulat ion m et hods.
PPPoA ( PPP over ATM) allows j ust one PPPoA connect ion over a PVC.
I PoA ( I P over ATM) allows j ust one RFC 1483 rout ing connect ion over a PVC.
Encapsulat ion
Mode
Select t he m et hod of m ult iplexing used by your I SP from t he drop- down list box. Choices
are:
•
•
•
•
Service
Cat egory
LLC/ SN AP- BRI D GI N G: I n LCC encapsulat ion, bridged PDUs are encapsulat ed by
ident ifying t he t ype of t he bridged m edia in t he SNAP header. This is available only when
you select I PoE or PPPoE in t he Select DSL Link Type field.
V C/ M UX: I n VC m ult iplexing, each prot ocol is carried on a single ATM virt ual circuit
( VC) . To t ransport m ult iple prot ocols, t he Device needs separat e VCs. There is a binding
bet ween a VC and t he t ype of t he net work prot ocol carried on t he VC. This reduces
payload overhead since t here is no need t o carry prot ocol inform at ion in each Prot ocol
Dat a Unit ( PDU) payload.
LLC/ EN CAPSULATI ON : More t han one prot ocol can be carried over t he sam e VC. This
is available only when you select PPPoA in t he En ca psu la t ion field.
LLC/ SN AP- ROUTI N G: I n LCC encapsulat ion, an I EEE 802.2 Logical Link Cont rol ( LLC)
header is prefixed t o each rout ed PDU t o ident ify t he PDUs. The LCC header can be
followed by an I EEE 802.1a SubNet work At t achm ent Point ( SNAP) header. This is
available only when you select I PoA in t he En ca psu la t ion field.
Select UBR W it hou t PCR or UBR W it h PCR for applicat ions t hat are non- t im e sensit ive,
such as e- m ail.
Select CBR ( Cont inuous Bit Rat e) t o specify fixed ( always- on) bandwidt h for voice or dat a
t raffic.
Select N on Re a lt im e VBR ( non real- t im e Variable Bit Rat e) for connect ions t hat do not
require closely cont rolled delay and delay variat ion.
Select Re a lt im e V BR ( real- t im e Variable Bit Rat e) for applicat ions wit h burst y connect ions
t hat require closely cont rolled delay and delay variat ion.
Peak Cell Rat e
Divide t he DSL line rat e ( bps) by 424 ( t he size of an ATM cell) t o find t he Peak Cell Rat e
( PCR) . This is t he m axim um rat e at which t he sender can send cells. Type t he PCR here.This
field is not available when you select UBR W it h ou t PCR.
Sust ainable Cell
Rat e
The Sust ainable Cell Rat e ( SCR) set s t he average cell rat e ( long- t erm ) t hat can be
t ransm it t ed. Type t he SCR, which m ust be less t han t he PCR. Not e t hat syst em default is 0
cells/ sec.
This field is available only when you select N on Re a lt im e VBR or Re a lt im e VBR.
Maxim um Burst
Size
Maxim um Burst Size ( MBS) refers t o t he m axim um num ber of cells t hat can be sent at t he
peak rat e. Type t he MBS, which is less t han 65535.
This field is available only when you select N on Re a lt im e VBR or Re a lt im e VBR.
56
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
Table 9 Net work Set t ing > Broadband > Add New WAN I nt erface/ Edit ( ADSL over ATM - Bridge
Mode) ( cont inued)
LABEL
DESCRIPTION
QoS
Rat e Lim it
Ent er t he rat e lim it for t he connect ion. This is t he m axim um t ransm ission rat e allowed for
t raffic on t his connect ion.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
5.3 The 3G Backup Screen
The USB port s ( at t he left side panel of t he Device) allow you t o at t ach a 3G dongle t o wirelessly
connect t o a 3G net work for I nt ernet access. You can have t he Device use t he 3G WAN connect ion
as a backup. Disconnect t he DSL and Et hernet WAN port s t o use t he 3G dongle as your prim ary
WAN connect ion. The Device aut om at ically uses a wired WAN connect ion when available.
Not e: This Device support s connect ing one 3G dongle at a t im e.
Figure 26 I nt ernet Access Applicat ion: 3G WAN
Use t his screen t o configure your 3G set t ings. Click N e t w or k Se t t in g > Br oa dba n d > 3 G
Ba ck up.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
57
Chapter 5 Broadband
Not e: The act ual dat a rat e you obt ain varies depending t he 3G card you use, t he signal
st rengt h t o t he service provider’s base st at ion, and so on.
Figure 27 Net work Set t ing > Broadband > 3G Backup
The following t able describes t he labels in t his screen.
Table 10 Net work Set t ing > Broadband > 3G Backup
LABEL
DESCRIPTION
General
3G Backup
Select En a ble t o have t he Device use t he 3G connect ion as your WAN or a backup w hen t he
wired WAN connect ion fails.
Ping Check
Select En a ble if you want t he Device t o ping check t he connect ion st at us of your WAN. You
can configure t he frequency of t he ping check and num ber of consecut ive failures before
t riggering 3G backup.
Check Cycle
Ent er t he frequency of t he ping check in t his field.
Consecut ive
PI NG Fail
Ent er how m any consecut ive failures are required before 3G backup is t riggered.
Ping Default
Gat eway
Select t his t o have t he Device ping t he WAN int erface’s default gat eway I P address.
Ping t he Host
Select t his t o have t he Device ping t he part icular host nam e or I P address you t yped in t his
field.
3G Connect ion Set t ings
Card
descript ion
58
This field displays t he m anufact urer and m odel nam e of your 3G card if you insert ed one in
t he Device. Ot herwise, it displays N / A.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
Table 10 Net work Set t ing > Broadband > 3G Backup ( cont inued)
LABEL
DESCRIPTION
Usernam e
Type t he user nam e ( of up t o 64 ASCI I print able charact ers) given t o you by your service
provider.
Password
Type t he password ( of up t o 64 ASCI I print able charact ers) associat ed wit h t he user nam e
above.
PI N
A PI N ( Personal I dent ificat ion Num ber) code is a key t o a 3G card. Wit hout t he PI N code,
you cannot use t he 3G card.
I f your I SP enabled PI N code aut hent icat ion, ent er t he 4- digit PI N code ( 0000 for exam ple)
provided by your I SP. I f you ent er t he PI N code incorrect ly, t he 3G card m ay be blocked by
your I SP and you cannot use t he account t o access t he I nt ernet .
I f your I SP disabled PI N code aut hent icat ion, leave t his field blank.
Dial st ring
Ent er t he phone num ber ( dial st ring) used t o dial up a connect ion t o your service provider ’s
base st at ion. Your I SP should provide t he phone num ber.
APN
Ent er t he APN ( Access Point Nam e) provided by your service provider. Connect ions wit h
different APNs m ay provide different services ( such as I nt ernet access or MMS ( Mult i- Media
Messaging Service) ) and charge m et hod.
Connect ion
Select N a ile d UP if you do not want t he connect ion t o t im e out .
For exam ple, * 99# is t he dial st ring t o est ablish a GPRS or 3G connect ion in Taiwan.
You can ent er up t o 32 ASCI I print able charact ers. Spaces are allowed.
Select on D e m a n d if you do not want t he connect ion up all t he t im e and specify an idle
t im e- out in t he M a x I dle Tim e ou t field.
Max I dle
Tim eout
This value specifies t he t im e in m inut es t hat elapses before t he Device aut om at ically
disconnect s from t he I SP.
Obt ain an I P
Address
Aut om at ically
Select t his opt ion if your I SP did not assign you a fixed I P address.
Use t he
following st at ic
I P address
Select t his opt ion if t he I SP assigned a fixed I P address.
I P Address
Ent er your WAN I P address in t his field if you select ed Use t h e follow ing st a t ic I P
a ddr e ss.
Obt ain DNS
info
dynam ically
Select t his t o have t he Device get t he DNS server addresses from t he I SP aut om at ically.
Use t he
following st at ic
DNS I P address
Select t his t o have t he Device use t he DNS server addresses you configure m anually.
Prim ary
DNS server
Ent er t he first DNS server address assigned by t he I SP.
Secondary
DNS server
Ent er t he second DNS server address assigned by t he I SP.
Enable Em ail
Not ificat ion
Select t his t o enable t he e- m ail not ificat ion funct ion. The Device will e- m ail you a
not ificat ion w hen t he 3G connect ion is up.
Mail Server
Select a m ail server for t he e- m ail address specified below.
I f you do not select a m ail server, e- m ail not ificat ions cannot be sent via e- m ail. You m ust
have configured a m ail server already in t he M a in t e n a n ce > Em a il N ot ifica t ion screen.
3G backup
Send Em ail
Tit le
Type a t it le t hat you want t o be in t he subj ect line of t he e- m ail not ificat ions t hat t he Device
sends.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
59
Chapter 5 Broadband
Table 10 Net work Set t ing > Broadband > 3G Backup ( cont inued)
LABEL
DESCRIPTION
Send
Not ificat ion t o
Em ail
Not ificat ions are sent t o t he e- m ail address specified in t his field. I f t his field is left blank,
not ificat ions cannot be sent via e- m ail.
Advanced
Click t his t o show t he advanced 3G backup set t ings.
Budget Set up
Enable Budget
Cont rol
Select En a ble t o set a m ont hly lim it for t he user account of t he inst alled 3G card. You can
set a lim it on t he t ot al t raffic and/ or call t im e. The Device t akes t he act ions you specified
when a lim it is exceeded during t he m ont h.
Tim e Budget
Select t his and specify t he am ount of t im e ( in hours) t hat t he 3G connect ion can be used
wit hin one m ont h. I f you change t he value aft er you configure and enable budget cont rol,
t he Device reset s t he st at ist ics.
Dat a Budget
( Mbyt es)
Select t his and specify how m uch downst ream and/ or upst ream dat a ( in Mega byt es) can be
t ransm it t ed via t he 3G connect ion wit hin one m ont h.
Select D ow n loa d/ Uploa d t o set a lim it on t he t ot al t raffic in bot h direct ions.
Select D ow n loa d t o set a lim it on t he downst ream t raffic ( from t he I SP t o t he Device) .
Select Uploa d t o set a lim it on t he upst ream t raffic ( from t he Device t o t he I SP) .
I f you change t he value aft er you configure and enable budget cont rol, t he Device reset s t he
st at ist ics.
Dat a Budget
( kPacket s)
Select t his and specify how m uch downst ream and/ or upst ream dat a ( in k Packet s) can be
t ransm it t ed via t he 3G connect ion wit hin one m ont h.
Select D ow n loa d/ Uploa d t o set a lim it on t he t ot al t raffic in bot h direct ions.
Select D ow n loa d t o set a lim it on t he downst ream t raffic ( from t he I SP t o t he Device) .
Select Uploa d t o set a lim it on t he upst ream t raffic ( from t he Device t o t he I SP) .
I f you change t he value aft er you configure and enable budget cont rol, t he Device reset s t he
st at ist ics.
Reset all
budget
count ers on
Select t he dat e on which t he Device reset s t he budget every m ont h. Select la st if you want
t he Device t o reset t he budget on t he last day of t he m ont h. Select spe cific and ent er t he
num ber of t he dat e you want t he Device t o reset t he budget
Reset t im e and
dat a budget
count ers
Click t his but t on t o reset t he t im e and dat a budget s im m ediat ely. The count st art s over wit h
t he 3G connect ion’s full configured m ont hly t im e and dat a budget s. This does not affect t he
norm al m ont hly budget rest art ; so if you configured t he t im e and dat a budget count ers t o
reset on t he second day of t he m ont h and you use t his but t on on t he first , t he t im e and dat a
budget count ers will st ill reset on t he second.
Act ions before
over budget
Specify t he act ions t he Device t akes before t he t im e or dat a lim it exceeds.
Enable % of
t im e budget /
dat a budget
( Mbyt es) / dat a
budget
( kPacket s)
Select En a ble and ent er a num ber from 1 t o 99 in t he percent age fields. I f you change t he
value aft er you configure and enable budget cont rol, t he Device reset s t he st at ist ics.
Act ions when
over budget
Specify t he act ions t he Device t akes when t he t im e or dat a lim it is exceeded.
Current 3G
connect ion
Select Ke e p t o m aint ain an exist ing 3G connect ion or D r op t o disconnect it .
Act ions
Enable Em ail
Not ificat ion
60
Select t his t o enable t he e- m ail not ificat ion funct ion. The Device will e- m ail you a
not ificat ion when t here over budget occurs.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
Table 10 Net work Set t ing > Broadband > 3G Backup ( cont inued)
LABEL
DESCRIPTION
Mail Server
Select a m ail server for t he e- m ail address specified below.
I f you do not select a m ail server, e- m ail not ificat ions cannot be sent via e- m ail. You m ust
have configured a m ail server already in t he M a in t e n a n ce > Em a il N ot ifica t ion screen.
Over Budget
Em ail Tit le
Type a t it le t hat you want t o be in t he subj ect line of t he e- m ail not ificat ions t hat t he Device
sends.
Send
Not ificat ion t o
Em ail
Not ificat ions are sent t o t he e- m ail address specified in t his field. I f t his field is left blank,
not ificat ions cannot be sent via e- m ail.
I nt erval
Ent er t he int erval of how m any m inut es you want t he Device t o e- m ail you.
Enable Log
Select t his t o act ivat e t he logging funct ion at t he int erval you set in t his field.
Basic
Click t his t o hide t he advanced set t ings of 3G backup.
Apply
Click Apply t o save your changes back t o t he Device.
Cancel
Click Ca nce l t o ret urn t o t he previous configurat ion.
5.4 The Advanced Screen
Use t he Adva nce d screen t o enable or disable ADSL over PTM, Annex M, DSL PhyR, and SRA
( Seam less Rat e Adapt ion) funct ions. The Device support s t he PhyR ret ransm ission schem e. PhyR is
a ret ransm ission schem e designed t o provide prot ect ion against noise on t he DSL line. I t im proves
voice, video and dat a t ransm ission resilience by ut ilizing a ret ransm ission buffer.
Click N e t w or k Se t t in g > Br oa dba nd > Adva nce d t o display t he following screen.
Figure 28 Net work Set t ing > Broadband > Advanced
The following t able describes t he labels in t his screen.
Table 11 Net work Set t ing > Net work Set t ing > Broadband
LABEL
DESCRIPTION
ADSL over PTM
Select En a ble t o use ADSL over PTM. Since PTM has less overhead t han ATM, som e I SPs
use ADSL over PTM for bet t er perform ance.
Annex M
You can enable An n e x M for t he Device t o use double upst ream m ode t o increase t he
m axim um upst ream t ransfer rat e.
PhyR US
Enable or disable Ph yR US ( upst ream ) for upst ream t ransm ission t o t he WAN. PhyR US
should be enabled if dat a being t ransm it t ed upst ream is sensit ive t o noise. However,
enabling PhyR US can decrease t he US line rat e. Enabling or disabling PhyR will require t he
CPE t o ret rain. For PhyR t o funct ion, t he DSLAM m ust also support PhyR and have it
enabled.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
61
Chapter 5 Broadband
Table 11 Net work Set t ing > Net work Set t ing > Broadband ( cont inued)
LABEL
DESCRIPTION
PhyR DS
Enable or disable Ph yR D S ( downst ream ) for downst ream t ransm ission from t he WAN.
PhyR DS should be enabled if dat a being t ransm it t ed downst ream is sensit ive t o noise.
However, enabling PhyR DS can decrease t he DS line rat e. Enabling or disabling PhyR will
require t he CPE t o ret rain. For PhyR t o funct ion, t he DSLAM m ust also support PhyR and
have it enabled.
SRA
Enable or disable Seam less Rat e Adapt ion ( SRA) . Select En a ble t o have t he Device
aut om at ically adj ust t he connect ion’s dat a rat e according t o line condit ions wit hout
int errupt ing service.
Apply
Click Apply t o save your changes back t o t he Device.
Cancel
Click Ca nce l t o ret urn t o t he previous configurat ion.
5.5 The 802.1x Screen
You can view and configure t he 802.1X aut hent icat ion set t ings in t he 8 0 2 .1 x screen. Click
N e t w or k Se t t in g > Br oa dba n d > 8 0 2 .1 x t o display t he following screen.
Figure 29 Net work Set t ing > Broadband > 802.1x
The following t able describes t he labels in t his screen.
Table 12 Net work Set t ing > Net work Set t ing > 802.1x
62
LABEL
DESCRIPTION
This is t he index num ber of t he ent ry.
St at us
This field displays whet her t he aut hent icat ion is act ive or not . A yellow bulb signifies t hat
t his aut hent icat ion is act ive. A gray bulb signifies t hat t his aut hent icat ion is not act ive.
I nt erface
This is t he int erface t hat uses t he aut hent icat ion. This displays N / A w hen t here is no
int erface assigned.
EAP I dent it y
This shows t he EAP ident it y of t he aut hent icat ion. This displays N / A when t here is no EAP
ident it y assigned.
EAP m et hod
This shows t he EAP m et hod used in t he aut hent icat ion. This displays N / A when t here is no
EAP m et hod assigned.
Bidirect ional
Aut hent icat ion
This shows whet her bidirect ional aut hent icat ion is allowed.
Cert ificat e
This shows t he cert ificat e used for t his aut hent icat ion. This displays N / A when t here is no
cert ificat e assigned.
Trust ed CA
This shows t he Trust ed CA used for t his aut hent icat ion. This displays N / A when t here is no
Trust ed CA assigned.
Apply
Click Apply t o save your changes back t o t he Device.
Cancel
Click Ca nce l t o ret urn t o t he previous configurat ion.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
5.5.1 Edit 802.1X Settings
Use t his screen t o edit 802.1X aut hent icat ion set t ings. Click t he Edit icon next t o t he rule you want
t o edit . The screen shown next appears.
Figure 30 Net work Set t ing > Broadband > 802.1x: Edit
The following t able describes t he labels in t his screen.
Table 13 Net work Set t ing > Broadband > 802.1x: Edit
LABEL
DESCRIPTION
Act ive
This field allows you t o act ivat e/ deact ivat e t he aut hent icat ion.
Select t his t o enable t he aut hent icat ion. Clear t his t o disable t his aut hent icat ion wit hout
having t o delet e t he ent ry.
I nt erface
Select an int erface t o which t he aut hent icat ion applies.
EAP I dent it y
Ent er t he EAP ident it y of t he aut hent icat ion.
EAP m et hod
This is t he EAP m et hod used for t his aut hent icat ion.
Enable
Bidirect ional
Aut hent icat ion
Select t his t o allow bidirect ional aut hent icat ion.
Cert ificat e
Select t he cert ificat e you want t o assign t o t he aut hent icat ion. You need t o im port t he
cert ificat e in t he Se cu r it y > Ce r t ifica t e s > Loca l Ce r t ifica t e s screen.
Trust ed CA
Select t he Trust ed CA you want t o assign t o t he aut hent icat ion. You need t o im port t he
cert ificat e in t he Se cu r it y > Ce r t ifica t e s > Tr u st e d CA screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
5.6 The WAN Status Screen
Click N e t w or k Se t t in g > Br oa dba n d > W a n St a t us t o open t his screen. Use t his screen t o query
and view t he hist orical t raffic t ransm ission rat e for a WAN int erface in a bar chart . N / A displays if
t he specified WAN int erface was disconnect ed at t hat t im e.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
63
Chapter 5 Broadband
Figure 31 Net work Set t ing > Broadband > Wan St at us
The following t able describes t he labels in t his screen.
Table 14 Net work Set t ing > Broadband > Wan St at us
LABEL
DESCRIPTION
I nt erface
Select a WAN int erface t o see it s hist orical t raffic t ransm ission rat e in t he chart .
Direct ion
Select RX or TX t o display received t raffic only or t ransm it t ed t raffic only in t he chart .
Tim e I nt erval
Select t he t im e periods t o display in t he chart . Available choices are M in u t e , D a y, and
M on t h .
Scan
Click t his t o updat e t he chart according t o your select ed crit eria.
5.7 Technical Reference
The following sect ion cont ains addit ional t echnical inform at ion about t he Device feat ures described
in t his chapt er.
Encapsulation
Be sure t o use t he encapsulat ion m et hod required by your I SP. The Device can work in bridge m ode
or rout ing m ode. When t he Device is in rout ing m ode, it support s t he following m et hods.
IP over Ethernet
I P over Et hernet ( I PoE) is an alt ernat ive t o PPPoE. I P packet s are being delivered across an
Et hernet net work, wit hout using PPP encapsulat ion. They are rout ed bet ween t he Et hernet int erface
64
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
and t he WAN int erface and t hen form at t ed so t hat t hey can be underst ood in a bridged
environm ent . For inst ance, it encapsulat es rout ed Et hernet fram es int o bridged Et hernet cells.
PPP over ATM (PPPoA)
PPPoA st ands for Point t o Point Prot ocol over ATM Adapt at ion Layer 5 ( AAL5) . A PPPoA connect ion
funct ions like a dial- up I nt ernet connect ion. The Device encapsulat es t he PPP session based on
RFC1483 and sends it t hrough an ATM PVC ( Perm anent Virt ual Circuit ) t o t he I nt ernet Service
Provider ’s ( I SP) DSLAM ( digit al access m ult iplexer) . Please refer t o RFC 2364 for m ore inform at ion
on PPPoA. Refer t o RFC 1661 for m ore inform at ion on PPP.
PPP over Ethernet (PPPoE)
Point- t o- Point Prot ocol over Et hernet ( PPPoE) provides access cont rol and billing funct ionalit y in a
m anner sim ilar t o dial- up services using PPP. PPPoE is an I ETF st andard ( RFC 2516) specifying how
a personal com put er ( PC) int eract s wit h a broadband m odem ( DSL, cable, wireless, et c.)
connect ion.
For t he service provider, PPPoE offers an access and aut hent icat ion m et hod t hat works wit h exist ing
access cont rol syst em s ( for exam ple RADI US) .
One of t he benefit s of PPPoE is t he abilit y t o let you access one of m ult iple net work services, a
funct ion known as dynam ic service select ion. This enables t he service provider t o easily creat e and
offer new I P services for individuals.
Operat ionally, PPPoE saves significant effort for bot h you and t he I SP or carrier, as it requires no
specific configurat ion of t he broadband m odem at t he cust om er sit e.
By im plem ent ing PPPoE direct ly on t he Device ( rat her t han individual com put ers) , t he com put ers on
t he LAN do not need PPPoE soft ware inst alled, since t he Device does t hat part of t he t ask.
Furt herm ore, wit h NAT, all of t he LANs’ com put ers will have access.
RFC 1483
RFC 1483 describes t wo m et hods for Mult iprot ocol Encapsulat ion over ATM Adapt at ion Layer 5
( AAL5) . The first m et hod allows m ult iplexing of m ult iple prot ocols over a single ATM virt ual circuit
( LLC- based m ult iplexing) and t he second m et hod assum es t hat each prot ocol is carried over a
separat e ATM virt ual circuit ( VC- based m ult iplexing) . Please refer t o RFC 1483 for m ore det ailed
inform at ion.
Multiplexing
There are t wo convent ions t o ident ify what prot ocols t he virt ual circuit ( VC) is carrying. Be sure t o
use t he m ult iplexing m et hod required by your I SP.
VC- based Mult iplexing
I n t his case, by prior m ut ual agreem ent , each prot ocol is assigned t o a specific virt ual circuit ; for
exam ple, VC1 carries I P, et c. VC- based m ult iplexing m ay be dom inant in environm ent s where
dynam ic creat ion of large num bers of ATM VCs is fast and econom ical.
LLC- based Mult iplexing
VMG8324-B10A / VMG8324-B30A Series User’s Guide
65
Chapter 5 Broadband
I n t his case one VC carries m ult iple prot ocols wit h prot ocol ident ifying inform at ion being cont ained
in each packet header. Despit e t he ext ra bandwidt h and processing overhead, t his m et hod m ay be
advant ageous if it is not pract ical t o have a separat e VC for each carried prot ocol, for exam ple, if
charging heavily depends on t he num ber of sim ult aneous VCs.
Traffic Shaping
Traffic Shaping is an agreem ent bet ween t he carrier and t he subscriber t o regulat e t he average rat e
and fluct uat ions of dat a t ransm ission over an ATM net work. This agreem ent helps elim inat e
congest ion, which is im port ant for t ransm ission of real t im e dat a such as audio and video
connect ions.
Peak Cell Rat e ( PCR) is t he m axim um rat e at which t he sender can send cells. This param et er m ay
be lower ( but not higher) t han t he m axim um line speed. 1 ATM cell is 53 byt es ( 424 bit s) , so a
m axim um speed of 832Kbps gives a m axim um PCR of 1962 cells/ sec. This rat e is not guarant eed
because it is dependent on t he line speed.
Sust ained Cell Rat e ( SCR) is t he m ean cell rat e of each burst y t raffic source. I t specifies t he
m axim um average rat e at which cells can be sent over t he virt ual connect ion. SCR m ay not be
great er t han t he PCR.
Maxim um Burst Size ( MBS) is t he m axim um num ber of cells t hat can be sent at t he PCR. Aft er MBS
is reached, cell rat es fall below SCR unt il cell rat e averages t o t he SCR again. At t his t im e, m ore
cells ( up t o t he MBS) can be sent at t he PCR again.
I f t he PCR, SCR or MBS is set t o t he default of " 0" , t he syst em will assign a m axim um value t hat
correlat es t o your upst ream line rat e.
The following figure illust rat es t he relat ionship bet ween PCR, SCR and MBS.
Figure 32 Exam ple of Traffic Shaping
ATM Traffic Classes
These are t he basic ATM t raffic classes defined by t he ATM Forum Traffic Managem ent 4.0
Specificat ion.
Const ant Bit Rat e ( CBR)
Const ant Bit Rat e ( CBR) provides fixed bandwidt h t hat is always available even if no dat a is being
sent . CBR t raffic is generally t im e- sensit ive ( doesn't t olerat e delay) . CBR is used for connect ions
66
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
t hat cont inuously require a specific am ount of bandwidt h. A PCR is specified and if t raffic exceeds
t his rat e, cells m ay be dropped. Exam ples of connect ions t hat need CBR would be high- resolut ion
video and voice.
Variable Bit Rat e ( VBR)
The Variable Bit Rat e ( VBR) ATM t raffic class is used wit h burst y connect ions. Connect ions t hat use
t he Variable Bit Rat e ( VBR) t raffic class can be grouped int o real t im e ( VBR- RT) or non- real t im e
( VBR- nRT) connect ions.
The VBR- RT ( real- t im e Variable Bit Rat e) t ype is used wit h burst y connect ions t hat require closely
cont rolled delay and delay variat ion. I t also provides a fixed am ount of bandwidt h ( a PCR is
specified) but is only available when dat a is being sent . An exam ple of an VBR- RT connect ion would
be video conferencing. Video conferencing requires real- t im e dat a t ransfers and t he bandwidt h
requirem ent varies in proport ion t o t he video im age's changing dynam ics.
The VBR- nRT ( non real- t im e Variable Bit Rat e) t ype is used wit h burst y connect ions t hat do not
require closely cont rolled delay and delay variat ion. I t is com m only used for " burst y" t raffic t ypical
on LANs. PCR and MBS define t he burst levels, SCR defines t he m inim um level. An exam ple of an
VBR- nRT connect ion would be non- t im e sensit ive dat a file t ransfers.
Unspecified Bit Rat e ( UBR)
The Unspecified Bit Rat e ( UBR) ATM t raffic class is for burst y dat a t ransfers. However, UBR doesn't
guarant ee any bandwidt h and only delivers t raffic when t he net work has spare bandwidt h. An
exam ple applicat ion is background file t ransfer.
IP Address Assignment
A st at ic I P is a fixed I P t hat your I SP gives you. A dynam ic I P is not fixed; t he I SP assigns you a
different one each t im e. The Single User Account feat ure can be enabled or disabled if you have
eit her a dynam ic or st at ic I P. However t he encapsulat ion m et hod assigned influences your choices
for I P address and default gat eway.
Introduction to VLANs
A Virt ual Local Area Net work ( VLAN) allows a physical net work t o be part it ioned int o m ult iple logical
net works. Devices on a logical net work belong t o one group. A device can belong t o m ore t han one
group. Wit h VLAN, a device cannot direct ly t alk t o or hear from devices t hat are not in t he sam e
group( s) ; t he t raffic m ust first go t hrough a rout er.
I n Mult i-Tenant Unit ( MTU) applicat ions, VLAN is vit al in providing isolat ion and securit y am ong t he
subscribers. When properly configured, VLAN prevent s one subscriber from accessing t he net work
resources of anot her on t he sam e LAN, t hus a user will not see t he print ers and hard disks of
anot her user in t he sam e building.
VLAN also increases net work perform ance by lim it ing broadcast s t o a sm aller and m ore
m anageable logical broadcast dom ain. I n t radit ional swit ched environm ent s, all broadcast packet s
go t o each and every individual port . Wit h VLAN, all broadcast s are confined t o a specific broadcast
dom ain.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
67
Chapter 5 Broadband
Introduction to IEEE 802.1Q Tagged VLAN
A t agged VLAN uses an explicit t ag ( VLAN I D) in t he MAC header t o ident ify t he VLAN m em bership
of a fram e across bridges - t hey are not confined t o t he swit ch on which t hey were creat ed. The
VLANs can be creat ed st at ically by hand or dynam ically t hrough GVRP. The VLAN I D associat es a
fram e wit h a specific VLAN and provides t he inform at ion t hat swit ches need t o process t he fram e
across t he net work. A t agged fram e is four byt es longer t han an unt agged fram e and cont ains t wo
byt es of TPI D ( Tag Prot ocol I dent ifier) , residing wit hin t he t ype/ lengt h field of t he Et hernet fram e)
and t wo byt es of TCI ( Tag Cont rol I nform at ion) , st art s aft er t he source address field of t he Et hernet
fram e) .
The CFI ( Canonical Form at I ndicat or) is a single- bit flag, always set t o zero for Et hernet swit ches. I f
a fram e received at an Et hernet port has a CFI set t o 1, t hen t hat fram e should not be forwarded as
it is t o an unt agged port . The rem aining t welve bit s define t he VLAN I D, giving a possible m axim um
num ber of 4,096 VLANs. Not e t hat user priorit y and VLAN I D are independent of each ot her. A
fram e wit h VI D ( VLAN I dent ifier) of null ( 0) is called a priorit y fram e, m eaning t hat only t he priorit y
level is significant and t he default VI D of t he ingress port is given as t he VI D of t he fram e. Of t he
4096 possible VI Ds, a VI D of 0 is used t o ident ify priorit y fram es and value 4095 ( FFF) is reserved,
so t he m axim um possible VLAN configurat ions are 4,094.
TPI D
User Priorit y
CFI
VLAN I D
2 Byt es
3 Bit s
1 Bit
12 Bit s
Multicast
I P packet s are t ransm it t ed in eit her one of t wo ways - Unicast ( 1 sender - 1 recipient ) or Broadcast
( 1 sender - everybody on t he net work) . Mult icast delivers I P packet s t o a group of host s on t he
net work - not everybody and not j ust 1.
I nt ernet Group Mult icast Prot ocol ( I GMP) is a net work- layer prot ocol used t o est ablish m em bership
in a Mult icast group - it is not used t o carry user dat a. I GMP version 2 ( RFC 2236) is an
im provem ent over version 1 ( RFC 1112) but I GMP version 1 is st ill in wide use. I f you would like t o
read m ore det ailed inform at ion about int eroperabilit y bet ween I GMP version 2 and version 1, please
see sect ions 4 and 5 of RFC 2236. The class D I P address is used t o ident ify host groups and can be
in t he range 224.0.0.0 t o 239.255.255.255. The address 224.0.0.0 is not assigned t o any group
and is used by I P m ult icast com put ers. The address 224.0.0.1 is used for query m essages and is
assigned t o t he perm anent group of all I P host s ( including gat eways) . All host s m ust j oin t he
224.0.0.1 group in order t o part icipat e in I GMP. The address 224.0.0.2 is assigned t o t he m ult icast
rout ers group.
At st art up, t he Device queries all direct ly connect ed net works t o gat her group m em bership. Aft er
t hat , t he Device periodically updat es t his inform at ion.
DNS Server Address Assignment
Use Dom ain Nam e Syst em ( DNS) t o m ap a dom ain nam e t o it s corresponding I P address and vice
versa, for inst ance, t he I P address of www.zyxel.com is 204.217.0.2. The DNS server is ext rem ely
im port ant because wit hout it , you m ust know t he I P address of a com put er before you can access
it .
The Device can get t he DNS server addresses in t he following ways.
68
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 5 Broadband
The I SP t ells you t he DNS server addresses, usually in t he form of an inform at ion sheet , when you
sign up. I f your I SP gives you DNS server addresses, m anually ent er t hem in t he DNS server fields.
I f your I SP dynam ically assigns t he DNS server I P addresses ( along wit h t he Device’s WAN I P
address) , set t he DNS server fields t o get t he DNS server address from t he I SP.
IPv6 Addressing
The 128- bit I Pv6 address is writ t en as eight 16- bit hexadecim al blocks separat ed by colons ( : ) . This
is an exam ple I Pv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.
I Pv6 addresses can be abbreviat ed in t wo ways:
• Leading zeros in a block can be om it t ed. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can
be writ t en as 2001:db8:1a2b:15:0:0:1a2f:0.
• Any num ber of consecut ive blocks of zeros can be replaced by a double colon. A double colon can
only appear once in an I Pv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be
writ t en as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015,
2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
IPv6 Prefix and Prefix Length
Sim ilar t o an I Pv4 subnet m ask, I Pv6 uses an address prefix t o represent t he net work address. An
I Pv6 prefix lengt h specifies how m any m ost significant bit s ( st art from t he left ) in t he address
com pose t he net work address. The prefix lengt h is writ t en as “ / x” where x is a num ber. For
exam ple,
2001:db8:1a2b:15::1a2f:0/32
m eans t hat t he first 32 bit s ( 2001:db8) is t he subnet prefix.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
69
Chapter 5 Broadband
70
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPT ER
Wireless
6.1 Overview
This chapt er describes t he Device’s N e t w or k Se t t ing > W ir e le ss screens. Use t hese screens t o
set up your Device’s wireless connect ion.
6.1.1 What You Can Do in this Chapter
This sect ion describes t he Device’s W ir e le ss screens. Use t hese screens t o set up your Device’s
wireless connect ion.
• Use t he Ge n e r a l screen t o enable t he Wireless LAN, ent er t he SSI D and select t he wireless
securit y m ode ( Sect ion 6.2 on page 72) .
• Use t he M or e AP screen t o set up m ult iple wireless net works on your Device (Sect ion 6.3 on
page 81) .
• Use t he M AC Aut he nt ica t ion screen t o allow or deny wireless client s based on t heir MAC
addresses from connect ing t o t he Device ( Sect ion 6.4 on page 85) .
• Use t he W PS screen t o enable or disable WPS, view or generat e a securit y PI N ( Personal
I dent ificat ion Num ber) ( Sect ion 6.5 on page 86) .
• Use t he W M M screen t o enable Wi- Fi Mult iMedia ( WMM) t o ensure qualit y of service in wireless
net works for m ult im edia applicat ions ( Sect ion 6.6 on page 87) .
• Use t he W D S screen t o set up a Wireless Dist ribut ion Syst em , in which t he Device act s as a
bridge wit h ot her ZyXEL access point s ( Sect ion 6.7 on page 88) .
• Use t he Ot h e r s screen t o configure wireless advanced feat ures, such as t he RTS/ CTS Threshold
( Sect ion 6.8 on page 90) .
• Use t he Cha nn e l St a t us screen t o scan wireless LAN channel noises and view t he result s
( Sect ion 6.9 on page 92) .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
71
Chapter 6 Wireless
6.1.2 What You Need to Know
Wireless Basics
“ Wireless” is essent ially radio com m unicat ion. I n t he sam e way t hat walkie- t alkie radios send and
receive inform at ion over t he airwaves, wireless net working devices exchange inform at ion wit h one
anot her. A wireless net working device is j ust like a radio t hat let s your com put er exchange
inform at ion wit h radios at t ached t o ot her com put ers. Like walkie- t alkies, m ost wireless net working
devices operat e at radio frequency bands t hat are open t o t he public and do not require a license t o
use. However, wireless net working is different from t hat of m ost t radit ional radio com m unicat ions in
t hat t here a num ber of wireless net working st andards available wit h different m et hods of dat a
encrypt ion.
Finding Out More
See Sect ion 6.10 on page 92 for advanced t echnical inform at ion on wireless net works.
6.2 The General Screen
Use t his screen t o enable t he Wireless LAN, ent er t he SSI D and select t he wireless securit y m ode.
Not e: I f you are configur ing t he Device fr om a com put er connect ed t o t he wireless LAN
and you change t he Device’s SSI D, channel or securit y set t ings, you will lose your
wireless connect ion when you press Apply t o confirm . You m ust t hen change t he
wireless set t ings of your com put er t o m at ch t he Device’s new set t ings.
72
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
Click N e t w or k Se t t in g > W ir e le ss t o open t he Ge ne r a l screen.
Figure 33 Net work Set t ing > Wireless > General
VMG8324-B10A / VMG8324-B30A Series User’s Guide
73
Chapter 6 Wireless
The following t able describes t he general wireless LAN labels in t his screen.
Table 15 Net work Set t ing > Wireless > General
LABEL
DESCRIPTION
Wireless Net work Set up
Wireless
You can En a ble or D isa ble t he wireless LAN in t his field.
Band
This shows t he wireless band which t his radio profile is using. 2 .4 GH z is t he frequency used
by I EEE 802.11b/ g/ n wireless client s.
Channel
Use Au t o t o have t he Device aut om at ically det erm ine a channel t o use.
m ore.../ less
Click m or e ... t o show m ore inform at ion. Click le ss t o hide t hem .
Bandw idt h
Select whet her t he Device uses a wireless channel widt h of 2 0 M H z or 4 0 M H z.
A st andard 20MHz channel offers t ransfer speeds of up t o 150Mbps whereas a 40MHz
channel uses t wo st andard channels and offers speeds of up t o 300 Mbps.
40MHz ( channel bonding or dual channel) bonds t wo adj acent radio channels t o increase
t hroughput . The wireless client s m ust also support 40 MHz. I t is oft en bet t er t o use t he 20
MHz set t ing in a locat ion where t he environm ent hinders t he wireless signal.
Select 2 0 M H z if you want t o lessen radio int erference wit h ot her wireless devices in your
neighborhood or t he wireless client s do not support channel bonding.
Cont rol
Sideband
This is available for som e regions when you select a specific channel and set t he Bandwidt h
field t o 4 0 M H z . Set whet her t he cont rol channel ( set in t he Ch a n n e l field) should be in t he
Low e r or Uppe r range of channel bands.
Passphrase
Type
I f you set securit y for t he wireless LAN and have t he Device generat e a password, t he
set t ing in t his field det erm ines how t he Device generat es t he password.
Select N on e t o set t he Device’s password generat ion t o not be based on a passphrase.
Select Fix e d t o use a 16 charact er passphrase for generat ing a password.
Select Va r ia ble t o use a 16 t o 63 charact er passphrase for generat ing a password.
Passphrase Key
For a fixed t ype passphrase ent er 16 alphanum eric charact ers ( 0- 9, A- Z, wit h no spaces) . I t
m ust cont ain bot h let t ers and num bers and is case- sensit ive.
For a variable t ype passphrase ent er 16 t o 63 alphanum eric charact ers ( 0- 9, A- Z, wit h no
spaces) . I t m ust cont ain bot h let t ers and num bers and is case- sensit ive.
Wireless Net work Set t ings
Wireless
Net work Nam e
( SSI D)
The SSI D ( Service Set I Dent it y) ident ifies t he service set wit h which a wireless device is
associat ed. Wireless devices associat ing t o t he access point ( AP) m ust have t he sam e SSI D.
Max client s
Specify t he m axim um num ber of client s t hat can connect t o t his net work at t he sam e t im e.
Hide SSI D
Select t his check box t o hide t he SSI D in t he out going beacon fram e so a st at ion cannot
obt ain t he SSI D t hrough scanning using a sit e survey t ool.
Enhanced
Mult icast
Forwarding
Select t his check box t o allow t he Device t o convert wireless m ult icast t raffic int o wireless
unicast t raffic.
Maxim um
Upst ream
Bandw idt h
Specify t he m axim um rat e for upst ream wireless t raffic t o t he WAN from t his WLAN in
kilobit s per second ( Kbps) .
Maxim um
Downst ream
Bandw idt h
Specify t he m axim um rat e for downst ream wireless t raffic t o t his WLAN from t he WAN in
kilobit s per second ( Kbps) .
BSSI D
This shows t he MAC address of t he wireless int erface on t he Device when wireless LAN is
enabled.
Ent er a descript ive nam e ( up t o 32 English keyboard charact ers) for t he wireless LAN.
Securit y Level
74
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
Table 15 Net work Set t ing > Wireless > General ( cont inued)
LABEL
DESCRIPTION
Securit y Mode
Select Ba sic ( W EP, 8 0 2 .1 X) or M or e Se cur e ( W PA( 2 ) - PSK, W PA( 2 ) ) t o add securit y
on t his wireless net work. The wireless client s which want t o associat e t o t his net work m ust
have sam e wireless securit y set t ings as t he Device. When you select t o use a securit y,
addit ional opt ions appears in t his screen.
Or you can select N o Se cur it y t o allow any client t o associat e t his net work wit hout any dat a
encrypt ion or aut hent icat ion.
See t he following sect ions for m ore det ails about t his field.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
6.2.1 No Security
Select N o Se cur it y t o allow wireless st at ions t o com m unicat e wit h t he access point s wit hout any
dat a encrypt ion or aut hent icat ion.
Not e: I f you do not enable any wireless securit y on your Device, your net work is
accessible t o any wireless net working device t hat is wit hin range.
Figure 34 Wireless > General: No Securit y
The following t able describes t he labels in t his screen.
Table 16 Wireless > General: No Securit y
LABEL
DESCRIPTION
Securit y Level
Choose N o Se cur it y t o allow all wireless connect ions wit hout dat a encrypt ion or
aut hent icat ion.
6.2.2 Basic (WEP Encryption)
WEP encrypt ion scram bles t he dat a t ransm it t ed bet ween t he wireless st at ions and t he access point s
( AP) t o keep net work com m unicat ions privat e. Bot h t he wireless st at ions and t he access point s
m ust use t he sam e WEP key.
Not e: WEP is ext r em ely insecure. I t s encrypt ion can be br oken by an at t acker, using
widely- available soft ware. I t is st rongly recom m ended t hat you use a m ore
effect ive securit y m echanism . Use t he st rongest securit y m echanism t hat all t he
wireless devices in your net w ork support . For exam ple, use WPA- PSK or WPA2- PSK
if all your wireless devices support it , or use WPA or WPA2 if your wireless devices
support it and you have a RADI US server. I f your wireless devices support not hing
st r onger t han WEP, use t he highest encrypt ion level available.
Your Device allows you t o configure up t o four 64- bit or 128- bit WEP keys but only one key can be
enabled at any one t im e.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
75
Chapter 6 Wireless
I n order t o configure and enable WEP encrypt ion, click N e t w or k Se t t ing > W ir e le ss t o display t he
Ge ne r a l screen, t hen select Ba sic as t he securit y level.
Figure 35 Wireless > General: Basic ( WEP)
The following t able describes t he labels in t his screen.
Table 17 Wireless > General: Basic ( WEP)
LABEL
DESCRIPTION
Securit y Level
Select Ba sic t o enable WEP dat a encrypt ion.
Generat e
password
aut om at ically
Select t his opt ion t o have t he Device aut om at ically generat e a password. The password field
will not be configurable when you select t his opt ion.
Password 1~ 4
The password ( WEP keys) are used t o encrypt dat a. Bot h t he Device and t he wireless
st at ions m ust use t he sam e password ( WEP key) for dat a t ransm ission.
I f you chose 6 4 - bit WEP, t hen ent er any 5 ASCI I charact ers or 10 hexadecim al charact ers
( " 0- 9" , " A- F" ) .
I f you chose 1 2 8 - bit WEP, t hen ent er 13 ASCI I charact ers or 26 hexadecim al charact ers
( " 0- 9" , " A- F" ) .
You m ust configure at least one password, only one password can be act ivat ed at any one
t im e.
m ore.../ less
Click m or e ... t o show m ore fields in t his sect ion. Click le ss t o hide t hem .
WEP Encrypt ion
Select 6 4 - bit s or 1 2 8 - bit s.
This dict at es t he lengt h of t he securit y key t hat t he net work is going t o use.
6.2.3 Basic (802.1X)
Use t his screen t o configure 802.1X encrypt ion and aut hent icat ion. Configure your RADI US server
inform at ion and WEP encrypt ion set t ings. Use t his securit y m et hod if your wireless usernam es and
passwords are configured on a RADI US server.
76
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
I n order t o configure and enable WEP encrypt ion, click N e t w or k Se t t ing > W ir e le ss t o display t he
Ge ne r a l screen, t hen select Ba sic as t he securit y level and 8 0 2 .1 X as t he Se cu r it y M ode .
Figure 36 Wireless > General: Basic ( 802.1X)
The following t able describes t he labels in t his screen.
Table 18 Wireless > General: Basic ( 802.1X)
LABEL
DESCRIPTION
Securit y Level
Select Ba sic and 8 0 2 .1 X t o enable 802.1X dat a encrypt ion.
Generat e
password
aut om at ically
Select t his opt ion t o have t he Device aut om at ically generat e a password. The password field
will not be configurable when you select t his opt ion.
Password 1~ 4
The password ( WEP key) is used t o encrypt dat a. Bot h t he Device and t he wireless st at ions
m ust use t he sam e password ( WEP key) for dat a t ransm ission.
I f you chose 6 4 - bit WEP, t hen ent er any 5 ASCI I charact ers or 10 hexadecim al charact ers
( " 0- 9" , " A- F" ) .
I f you chose 1 2 8 - bit WEP, t hen ent er 13 ASCI I charact ers or 26 hexadecim al charact ers
( " 0- 9" , " A- F" ) .
You m ust configure at least one password, only one password can be act ivat ed at any one
t im e.
m ore.../ less
Click m or e ... t o show m ore fields in t his sect ion. Click le ss t o hide t hem .
WEP Encrypt ion
Select 6 4 - bit s or 1 2 8 - bit s.
This dict at es t he lengt h of t he securit y key t hat t he net work is going t o use.
I P Address
Ent er t he I P address of an ext ernal RADI US server in dot t ed decim al not at ion.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
77
Chapter 6 Wireless
Table 18 Wireless > General: Basic ( 802.1X) ( cont inued)
78
LABEL
DESCRIPTION
Port Num ber
The default port of a RADI US server for aut hent icat ion is 1812. You need not change t his
value unless your net work adm inist rat or inst ruct s you t o do so.
Shared Secret
Specify a password ( up t o 32 alphanum eric charact ers) as t he key t o be shared bet ween t he
ext ernal RADI US server and t he Device. This key is not sent over t he net work. This key
m ust be t he sam e on t he ext ernal RADI US server and t he Device.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
6.2.4 More Secure (WPA(2)-PSK)
The WPA- PSK securit y m ode provides bot h im proved dat a encrypt ion and user aut hent icat ion over
WEP. Using a Pre- Shared Key ( PSK) , bot h t he Device and t he connect ing client share a com m on
password in order t o validat e t he connect ion. This t ype of encrypt ion, while robust , is not as st rong
as WPA, WPA2 or even WPA2- PSK. The WPA2- PSK securit y m ode is a newer, m ore robust version of
t he WPA encrypt ion st andard. I t offers slight ly bet t er securit y, alt hough t he use of PSK m akes it
less robust t han it could be.
Click N e t w or k Se t t in g > W ir e le ss t o display t he Ge ne r a l screen. Select M or e Se cu r e as t he
securit y level. Then select W PA- PSK or W PA2 - PSK from t he Se cur it y M ode list .
Figure 37 Wireless > General: More Secure: WPA( 2) - PSK
The following t able describes t he labels in t his screen.
Table 19 Wireless > General: More Secure: WPA( 2) - PSK
LABEL
DESCRIPTION
Securit y Level
Select M or e Se cu r e t o enable WPA( 2) - PSK dat a encrypt ion.
Securit y Mode
Select W PA- PSK or W PA2 - PSK from t he drop- down list box.
Generat e
password
aut om at ically
Select t his opt ion t o have t he Device aut om at ically generat e a password. The password field
will not be configurable when you select t his opt ion.
Password
The encrypt ion m echanism s used for WPA( 2) and WPA( 2) - PSK are t he sam e. The only
difference bet ween t he t wo is t hat WPA( 2) - PSK uses a sim ple com m on password, inst ead of
user- specific credent ials.
I f you did not select Ge n e r a t e pa ssw or d a ut om a t ica lly, you can m anually t ype a preshared key from 8 t o 64 case- sensit ive keyboard charact ers.
m ore.../ less
Click m or e ... t o show m ore fields in t his sect ion. Click le ss t o hide t hem .
WPA- PSK
Com pat ible
This field appears when you choose W PA- PSK2 as t he Se cu r it y M ode .
Check t his field t o allow wireless devices using W PA- PSK securit y m ode t o connect t o your
Device. The Device support s WPA- PSK and WPA2- PSK sim ult aneously.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
79
Chapter 6 Wireless
Table 19 Wireless > General: More Secure: WPA( 2) - PSK ( cont inued)
LABEL
DESCRIPTION
Encrypt ion
Select t he encrypt ion t ype ( TKI P, AES or TKI P+ AES) for dat a encrypt ion.
Select TKI P if your wireless client s can all use TKI P.
Select AES if your w ireless client s can all use AES.
Select TKI P+ AES t o allow t he wireless client s t o use eit her TKI P or AES.
Group Key
Updat e Tim er
The Gr ou p Ke y Upda t e Tim e r is t he rat e at which t he RADI US server sends a new group
key out t o all client s.
6.2.5 WPA(2) Authentication
The WPA2 securit y m ode is current ly t he m ost robust form of encrypt ion for wireless net works. I t
requires a RADI US server t o aut hent icat e user credent ials and is a full im plem ent at ion t he securit y
prot ocol. Use t his securit y opt ion for m axim um prot ect ion of your net work. However, it is t he least
backwards com pat ible wit h older devices.
The WPA securit y m ode is a securit y subset of WPA2. I t requires t he presence of a RADI US server
on your net work in order t o validat e user credent ials. This encrypt ion st andard is slight ly older t han
WPA2 and t herefore is m ore com pat ible wit h older devices.
Click N e t w or k Se t t in g > W ir e le ss t o display t he Ge ne r a l screen. Select M or e Se cu r e as t he
securit y level. Then select W PA or W PA2 from t he Se cur it y M ode list .
Figure 38 Wireless > General: More Secure: WPA( 2)
The following t able describes t he labels in t his screen.
Table 20 Wireless > General: More Secure: WPA( 2)
80
LABEL
DESCRIPTION
Securit y Level
Select M or e Se cu r e t o enable WPA( 2) - PSK dat a encrypt ion.
Securit y Mode
Choose W PA or W PA2 from t he drop- down list box.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
Table 20 Wireless > General: More Secure: WPA( 2) ( cont inued)
LABEL
DESCRIPTION
Aut hent icat ion Server
I P Address
Ent er t he I P address of t he ext ernal aut hent icat ion server in dot t ed decim al not at ion.
Port
Num ber
Ent er t he port num ber of t he ext ernal aut hent icat ion server. The default port num ber is
1812.
You need not change t his value unless your net work adm inist rat or inst ruct s you t o do so
wit h addit ional inform at ion.
Shared
Secret
Ent er a password ( up t o 31 alphanum eric charact ers) as t he key t o be shared bet ween t he
ext ernal aut hent icat ion server and t he Device.
The key m ust be t he sam e on t he ext ernal aut hent icat ion server and your Device. The key is
not sent over t he net work.
m ore.../ less
Click m or e ... t o show m ore fields in t his sect ion. Click le ss t o hide t hem .
WPA
Com pat ible
This field is only available for WPA2. Select t his if you want t he Device t o support WPA and
WPA2 sim ult aneously.
Encrypt ion
Select t he encrypt ion t ype ( TKI P, AES or TKI P+ AES) for dat a encrypt ion.
Select TKI P if your wireless client s can all use TKI P.
Select AES if your wireless client s can all use AES.
Select TKI P+ AES t o allow t he wireless client s t o use eit her TKI P or AES.
WPA2 PreAut hent icat ion
Net work Reaut h I nt erval
This field is available only when you select W PA2 .
Pre- aut hent icat ion enables fast roam ing by allowing t he wireless client ( already connect ing
t o an AP) t o perform I EEE 802.1x aut hent icat ion wit h anot her AP before connect ing t o it .
Select En a ble d t o t urn on preaut hent icat ion in WAP2. Ot herwise, select D isa ble d.
Specify how oft en wireless st at ions have t o resend usernam es and passwords in order t o
st ay connect ed.
I f wireless st at ion aut hent icat ion is done using a RADI US server, t he reaut hent icat ion t im er
on t he RADI US server has priorit y.
Group Key
Updat e Tim er
The Gr ou p Ke y Upda t e Tim e r is t he rat e at which t he RADI US server sends a new group
key out t o all client s.
6.3 The More AP Screen
This screen allows you t o enable and configure m ult iple Basic Service Set s ( BSSs) on t he Device.
Click N e t w or k Se t t ing > W ir e le ss > M or e AP. The following screen displays.
Figure 39 Net work Set t ing > Wireless > More AP
VMG8324-B10A / VMG8324-B30A Series User’s Guide
81
Chapter 6 Wireless
The following t able describes t he labels in t his screen.
Table 21 Net work Set t ing > Wireless > More AP
LABEL
DESCRIPTION
This is t he index num ber of t he ent ry.
St at us
This field indicat es whet her t his SSI D is act ive. A yellow bulb signifies t hat t his SSI D is act ive.
A gray bulb signifies t hat t his SSI D is not act ive.
SSI D
An SSI D profile is t he set of param et ers relat ing t o one of t he Device’s BSSs. The SSI D
( Service Set I Dent ifier) ident ifies t he Service Set wit h which a wireless device is associat ed.
This field displays t he nam e of t he wireless profile on t he net work. When a wireless client
scans for an AP t o associat e wit h, t his is t he nam e t hat is broadcast and seen in t he wireless
client ut ilit y.
Securit y
This field indicat es t he securit y m ode of t he SSI D profile.
Guest WLAN
This displays if t he guest WLAN funct ion has been enabled for t his WLAN.
I f H om e Gu e st displays, client s can connect t o each ot her direct ly.
I f Ex t e r n a l Gu e st displays, client s are blocked from connect ing t o each ot her direct ly.
N / A displays if guest WLAN is disabled.
Modify
82
Click t he Edit icon t o configure t he SSI D profile.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
6.3.1 Edit More AP
Use t his screen t o edit an SSI D profile. Click t he Edit icon next t o an SSI D in t he M or e AP screen.
The following screen displays.
Figure 40 Net work Set t ing > Wireless > More AP > Edit
The following t able describes t he fields in t his screen.
Table 22 Net work Set t ing > Wireless > More AP > Edit
LABEL
DESCRIPTION
Wireless Net work Set up
Wireless
You can En a ble or D isa ble t he wireless LAN in t his field.
Passphrase
Type
Passphrase t ype cannot be changed. The default is N on e .
Wireless Net work Set t ings
VMG8324-B10A / VMG8324-B30A Series User’s Guide
83
Chapter 6 Wireless
Table 22 Net work Set t ing > Wireless > More AP > Edit ( cont inued)
LABEL
DESCRIPTION
Wireless
Net work Nam e
( SSI D)
The SSI D ( Service Set I Dent it y) ident ifies t he service set wit h which a wireless device is
associat ed. Wireless devices associat ing t o t he access point ( AP) m ust have t he sam e SSI D.
Max client s
Specify t he m axim um num ber of client s t hat can connect t o t his net work at t he sam e t im e.
Hide SSI D
Select t his check box t o hide t he SSI D in t he out going beacon fram e so a st at ion cannot
obt ain t he SSI D t hrough scanning using a sit e survey t ool.
Enhanced
Mult icast
Forwarding
Select t his check box t o allow t he Device t o convert wireless m ult icast t raffic int o wireless
unicast t raffic.
Guest WLAN
Select t his t o creat e Guest WLANs for hom e and ext ernal client s. Select t he WLAN t ype in
t he Acce ss Sce na r io field.
Access
Scenario
I f you select H om e Gu e st , client s can connect t o each ot her direct ly.
Ent er a descript ive nam e ( up t o 32 English keyboard charact ers) for t he wireless LAN.
I f you select Ex t e r n a l Gu e st , client s are blocked from connect ing t o each ot her direct ly.
Maxim um
Upst ream
Bandw idt h
Specify t he m axim um rat e for upst ream wireless t raffic t o t he WAN from t his WLAN in
kilobit s per second ( Kbps) .
Maxim um
Downst ream
Bandw idt h
Specify t he m axim um rat e for downst ream wireless t raffic t o t his WLAN from t he WAN in
kilobit s per second ( Kbps) .
BSSI D
This shows t he MAC address of t he wireless int erface on t he Device when wireless LAN is
enabled.
E- m ail not ificat ion when t he wireless guest visit
Enable Em ail
Not ificat ion
Select t his t o have t he Device e- m ail you a not ificat ion when a wireless client is connect ed
t o t he wireless net work.
Mail Server
Select a m ail server for t he e- m ail address specified below.
I f you do not select a m ail server, e- m ail not ificat ions cannot be sent via e- m ail. You m ust
have configured a m ail server already in t he M a int e n a n ce > Em a il N ot ifica t ion screen.
Em ail Tit le
Type a t it le t hat you want t o be in t he subj ect line of t he e- m ail not ificat ions t hat t he Device
sends.
Send
Not ificat ion t o
Em ail
Not ificat ions are sent t o t he e- m ail address specified in t his field. I f t his field is left blank,
not ificat ions cannot be sent via e- m ail.
Securit y Level
Securit y Mode
Select Ba sic ( W EP, 8 0 2 .1 X ) or M or e Se cu r e ( W PA( 2 ) - PSK, W PA( 2 ) ) t o add securit y
on t his wireless net work. The wireless client s which want t o associat e t o t his net work m ust
have sam e wireless securit y set t ings as t he Device. Aft er you select t o use a securit y,
addit ional opt ions appears in t his screen.
Or you can select N o Se cu r it y t o allow any client t o associat e t his net work wit hout any dat a
encrypt ion or aut hent icat ion.
See Sect ion 6.2.1 on page 75 for m ore det ails about t his field.
84
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
6.4 MAC Authentication
This screen allows you t o configure t he ZyXEL Device t o give exclusive access t o specific devices
( Allow ) or exclude specific devices from accessing t he ZyXEL Device ( D e n y) . Every Et hernet
device has a unique MAC ( Media Access Cont rol) address. The MAC address is assigned at t he
fact ory and consist s of six pairs of hexadecim al charact ers, for exam ple, 00: A0: C5: 00: 00: 02. You
need t o know t he MAC addresses of t he devices t o configure t his screen.
Use t his screen t o view your Device’s MAC filt er set t ings and add new MAC filt er rules. Click
N e t w or k Se t t ing > W ir e le ss > M AC Aut he nt ica t ion . The screen appears as shown.
Figure 41 Wireless > MAC Aut hent icat ion
The following t able describes t he labels in t his screen.
Table 23 Wireless > MAC Aut hent icat ion
LABEL
DESCRIPTION
SSI D
Select t he SSI D for which you want t o configure MAC filt er set t ings.
MAC Restrict
Mode
Define t he filt er act ion for t he list of MAC addresses in t he M AC Addr e ss t able.
Select D isa ble t o t urn off MAC filt ering.
Select D e ny t o block access t o t he Device. MAC addresses not list ed will be allowed t o
access t he Device.
Select Allow t o perm it access t o t he Device. MAC addresses not list ed will be denied access
t o t he Device.
Add new MAC
address
Click t his if you want t o add a new MAC address ent ry t o t he MAC filt er list below.
Ent er t he MAC addresses of t he wireless devices t hat are allowed or denied access t o t he
Device in t hese address fields. Ent er t he MAC addresses in a valid MAC address form at , t hat
is, six hexadecim al charact er pairs, for exam ple, 12: 34: 56: 78: 9a: bc.
This is t he index num ber of t he ent ry.
MAC Address
This is t he MAC addresses of t he wireless devices t hat are allowed or denied access t o t he
Device.
Delet e
Click t he D e le t e icon t o delet e t he ent ry.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
85
Chapter 6 Wireless
6.5 The WPS Screen
Use t his screen t o configure WiFi Prot ect ed Set up ( WPS) on your Device.
WPS allows you t o quickly set up a wireless net work wit h st rong securit y, wit hout having t o
configure securit y set t ings m anually. Set up each WPS connect ion bet ween t wo devices. Bot h
devices m ust support WPS. See Sect ion 6.10.9.3 on page 101 for m ore inform at ion about WPS.
Not e: The Device applies t he securit y set t ings of t he SSI D 1 profile ( see Sect ion 6.2 on
page 72) . I f you want t o use t he WPS feat ure, m ake sure you have set t he securit y
m ode of SSI D 1 t o W PA2 - PSK or N o Se cu r it y.
Click N e t w or k Se t t ing > W ir e le ss > W PS. The following screen displays. Select Ena ble and click
Apply t o act ivat e t he WPS funct ion. Then you can configure t he WPS set t ings in t his screen.
Figure 42 Net work Set t ing > Wireless > WPS
The following t able describes t he labels in t his screen.
Table 24 Net work Set t ing > Wireless > WPS
LABEL
DESCRIPTION
WPS
Select En a ble t o act ivat e WPS on t he Device.
Met hod 1
Use t his sect ion t o set up a WPS wireless net work using Push But t on Configurat ion ( PBC) .
Connect
Click t his but t on t o add anot her WPS- enabled wireless device ( wit hin wireless range of t he
Device) t o your wireless net w ork. This but t on m ay eit her be a physical but t on on t he
out side of device, or a m enu but t on sim ilar t o t he Con n e ct but t on on t his screen.
Note: You must press the other wireless device’s WPS button within two minutes of pressing
this button.
Met hod 2
86
Use t his sect ion t o set up a WPS wireless net work by ent ering t he PI N of t he client int o t he
Device.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
Table 24 Net work Set t ing > Wireless > WPS ( cont inued)
LABEL
Regist er
DESCRIPTION
Ent er t he PI N of t he device t hat you are set t ing up a WPS connect ion wit h and click
Re gist e r t o aut hent icat e and add t he wireless device t o your wireless net work.
You can find t he PI N eit her on t he out side of t he device, or by checking t he device’s
set t ings.
Note: You must also activate WPS on that device within two minutes to have it present its PIN
to the Device.
Met hod 3
Release
Configurat io
Generat e
New PI N
Num ber
Use t his sect ion t o set up a WPS wireless net work by ent ering t he PI N of t he Device int o t he
client .
The default WPS st at us is configured.
Click t his but t on t o rem ove all configured wireless and wireless securit y set t ings for WPS
connect ions on t he Device.
The PI N ( Personal I dent ificat ion Num ber) of t he Device is shown here. Ent er t his PI N in t he
configurat ion ut ilit y of t he device you want t o connect t o using WPS.
The PI N is not necessary when you use WPS push- but t on m et hod.
Click t he Ge n e r a t e N e w PI N N u m be r but t on t o have t he Device creat e a new PI N.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
6.6 The WMM Screen
Use t his screen t o enable Wi- Fi Mult iMedia ( WMM) and WMM Power Save in wireless net works for
m ult im edia applicat ions.
Click N e t w or k Se t t ing > W ir e le ss > W M M . The following screen displays.
Figure 43 Net work Set t ing > Wireless > WMM
The following t able describes t he labels in t his screen.
Table 25 Net work Set t ing > Wireless > WMM
LABEL
DESCRIPTION
WMM
Select On t o have t he Device aut om at ically give a service a priorit y level according t o t he
ToS value in t he I P header of packet s it sends. WMM QoS ( Wifi Mult iMedia Qualit y of
Service) gives high priorit y t o voice and video, which m akes t hem run m ore sm oot hly.
WMM
Aut om at ic
Power Save
Delivery
Select t his opt ion t o ext end t he bat t ery life of your m obile devices ( especially useful for
sm all devices t hat are running m ult im edia applicat ions) . The Device goes t o sleep m ode t o
save power when it is not t ransm it t ing dat a. The AP buffers t he packet s sent t o t he Device
unt il t he Device " wakes up" . The Device wakes up periodically t o check for incom ing dat a.
Note: Note: This works only if the wireless device to which the Device is connected also
supports this feature.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
87
Chapter 6 Wireless
Table 25 Net work Set t ing > Wireless > WMM ( cont inued)
LABEL
DESCRIPTION
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
6.7 The WDS Screen
An AP using t he Wireless Dist ribut ion Syst em ( WDS) can funct ion as a wireless net work bridge
allowing you t o wirelessly connect t wo wired net work segm ent s. The W D S screen allows you t o
configure t he Device t o connect t o t wo or m ore APs wirelessly when WDS is enabled.
Use t his screen t o set up your WDS ( Wireless Dist ribut ion Syst em ) links bet ween t he Device and
ot her wireless APs. You need t o know t he MAC address of t he peer device. Once t he securit y
set t ings of peer sides m at ch one anot her, t he connect ion bet ween devices is m ade.
Not e: WDS securit y is independent of t he securit y set t ings bet ween t he Device and any
wireless client s.
Not e: At t he t im e of writ ing, WDS is com pat ible wit h ot her ZyXEL APs only. Not all m odels
support WDS links. Check your ot her AP’s docum ent at ion.
Click N e t w or k Se t t ing > W ir e le ss > W D S. The following screen displays.
Figure 44 Net work Set t ing > Wireless > WDS
88
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
The following t able describes t he labels in t his screen.
Table 26 Net work Set t ing > Wireless > WDS
LABEL
DESCRIPTION
Wireless Bridge Set up
AP Mode
Select t he operat ing m ode for your Device.
•
•
Bridge Rest rict
Acce ss Poin t - The Device funct ions as a bridge and access point sim ult aneously.
W ir e le ss Br idge - The Device act s as a wireless net work bridge and est ablishes
wireless links wit h ot her APs. I n t his m ode, client s cannot connect t o t he Device
wirelessly.
This field is available only when you set operat ing m ode t o Acce ss Poin t .
Select En a ble d t o t urn on WDS and ent er t he peer device’s MAC address m anually in t he
t able below. Select D isa ble t o t urn off WDS.
Rem ot e Bridge
MAC Address
You can ent er t he MAC address of t he peer device by clicking t he Edit icon under M odify.
This is t he index num ber of t he ent ry.
MAC Address
This shows t he MAC address of t he peer device.
You can connect t o up t o 4 peer devices.
Modify
Click t he Edit icon and t ype t he MAC address of t he peer device in a valid MAC address
form at ( six hexadecim al charact er pairs, for exam ple 12: 34: 56: 78: 9a: bc) .
Click t he D e le t e icon t o rem ove t his ent ry.
Scan
Click t he Sca n icon t o search and display t he available APs wit hin range.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
6.7.1 WDS Scan
You can click t he Sca n icon in W ir e le ss > W D S t o have t he Device aut om at ically search and
display t he available APs wit hin range. Select an AP and click Apply t o have t he Device est ablish a
wireless link wit h t he select ed wireless device.
Figure 45 WDS: Scan
VMG8324-B10A / VMG8324-B30A Series User’s Guide
89
Chapter 6 Wireless
The following t able describes t he labels in t his screen.
Table 27 WDS: Scan
LABEL
DESCRIPTION
Wireless Bridge Scan Set up
Refresh
Click Re fr e sh t o updat e t he t able.
This is t he index num ber of t he ent ry.
SSI D
This shows t he SSI D of t he available wireless device wit hin range.
BSSI D
This shows t he MAC address of t he available wireless device wit hin range.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
6.8 The Others Screen
Use t his screen t o configure advanced wireless set t ings. Click N e t w or k Se t t in g > W ir e le ss >
Ot he r s. The screen appears as shown.
See Sect ion 6.10.2 on page 94 for det ailed definit ions of t he t erm s list ed in t his screen.
Figure 46 Net work Set t ing > Wireless > Ot hers
The following t able describes t he labels in t his screen.
Table 28 Net work Set t ing > Wireless > Ot hers
LABEL
DESCRIPTION
RTS/ CTS
Threshold
Dat a wit h it s fram e size larger t han t his value will perform t he RTS ( Request To Send) / CTS
( Clear To Send) handshake.
Ent er a value bet ween 0 and 2347.
90
Fragm ent at ion
Threshold
This is t he m axim um dat a fragm ent size t hat can be sent . Ent er a value bet ween 256 and
2346.
Aut o Channel
Tim er
I f you set t he channel t o Au t o in t he N e t w or k Se t t in g > W ir e le ss > Ge ne r a l screen,
specify t he int erval in m inut es for how oft en t he Device scans for t he best channel. Ent er 0
t o disable t he periodical scan.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
Table 28 Net work Set t ing > Wireless > Ot hers ( cont inued)
LABEL
DESCRIPTION
Out put Pow er
Set t he out put power of t he Device. I f t here is a high densit y of APs in an area, decrease
t he out put power t o reduce int erference wit h ot her APs. Select one of t he following: 2 0 % ,
4 0 % , 6 0 % , 8 0 % or 1 0 0 % .
Beacon I nt erval
When a wirelessly net worked device sends a beacon, it includes wit h it a beacon int erval.
This specifies t he t im e period before t he device sends t he beacon again.
The int erval t ells receiving devices on t he net work how long t hey can wait in low power
m ode before waking up t o handle t he beacon. This value can be set from 50m s t o 1000m s.
A high value helps save current consum pt ion of t he access point .
DTI M I nt erval
Delivery Traffic I ndicat ion Message ( DTI M) is t he t im e period aft er which broadcast and
m ult icast packet s are t ransm it t ed t o m obile client s in t he Power Saving m ode. A high DTI M
value can cause client s t o lose connect ivit y wit h t he net work. This value can be set from 1
t o 255.
802.11 Mode
Select 8 0 2 .1 1 b On ly t o allow only I EEE 802.11b com pliant WLAN devices t o associat e wit h
t he Device.
Select 8 0 2 .1 1 g On ly t o allow only I EEE 802.11g com pliant WLAN devices t o associat e wit h
t he Device.
Select 8 0 2 .1 1 n On ly t o allow only I EEE 802.11n com pliant WLAN devices t o associat e wit h
t he Device.
Select 8 0 2 .1 1 b/ g M ix e d t o allow eit her I EEE 802.11b or I EEE 802.11g com pliant WLAN
devices t o associat e wit h t he Device. The t ransm ission rat e of your Device m ight be
reduced.
Select 8 0 2 .1 1 b/ g/ n M ix e d t o allow I EEE 802.11b, I EEE 802.11g or I EEE802.11n
com pliant WLAN devices t o associat e wit h t he Device. The t ransm ission rat e of your Device
m ight be reduced.
802.11
Prot ect ion
Enabling t his feat ure can help prevent collisions in m ixed- m ode net works ( net works wit h
bot h I EEE 802.11b and I EEE 802.11g t raffic) .
Select Au t o t o have t he wireless devices t ransm it dat a aft er a RTS/ CTS handshake. This
helps im prove I EEE 802.11g perform ance.
Select Off t o disable 802.11 prot ect ion. The t ransm ission rat e of your Device m ight be
reduced in a m ixed- m ode net work.
This field displays Off and is not configurable when you set 8 0 2 .1 1 M ode t o 8 0 2 .1 1 b
On ly.
Pream ble
Select a pream ble t ype from t he drop- down list box. Choices are Lon g or Sh or t . See
Sect ion 6.10.7 on page 98 for m ore inform at ion.
This field is configurable only when you set 802.11 Mode t o 8 0 2 .1 1 b.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
91
Chapter 6 Wireless
6.9 The Channel Status Screen
Use t he Cha nn e l St a t us screen t o scan wireless LAN channel noises and view t he result s. Click
N e t w or k Se t t ing > W ir e le ss > Cha nne l St a t us. The screen appears as shown. Click Sca n t o
scan t he wireless LAN channels. You can view t he result s in t he Cha nne l Sca n Re sult sect ion.
Figure 47 Net work Set t ing > Wireless > Channel St at us
6.10 Technical Reference
This sect ion discusses wireless LANs in dept h. For m ore inform at ion, see Appendix E on page 375.
6.10.1 Wireless Network Overview
Wireless net works consist of wireless client s, access point s and bridges.
• A wireless client is a radio connect ed t o a user ’s com put er.
• An access point is a radio wit h a wired connect ion t o a net work, which can connect wit h
num erous wireless client s and let t hem access t he net work.
• A bridge is a radio t hat relays com m unicat ions bet ween access point s and wireless client s,
ext ending a net work’s range.
Tradit ionally, a wireless net work operat es in one of t wo ways.
92
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
• An “ infrast ruct ure” t ype of net work has one or m ore access point s and one or m ore wireless
client s. The wireless client s connect t o t he access point s.
• An “ ad- hoc” t ype of net work is one in which t here is no access point . Wireless client s connect t o
one anot her in order t o exchange inform at ion.
The following figure provides an exam ple of a wireless net work.
Figure 48 Exam ple of a Wireless Net work
The wireless net work is t he part in t he blue circle. I n t his wireless net work, devices A and B use t he
access point ( AP) t o int eract wit h t he ot her devices ( such as t he print er) or wit h t he I nt ernet . Your
Device is t he AP.
Every wireless net work m ust follow t hese basic guidelines.
• Every device in t he sam e wireless net work m ust use t he sam e SSI D.
The SSI D is t he nam e of t he wireless net work. I t st ands for Service Set I Dent ifier.
• I f t wo wireless net works overlap, t hey should use a different channel.
Like radio st at ions or t elevision channels, each wireless net work uses a specific channel, or
frequency, t o send and receive inform at ion.
• Every device in t he sam e wireless net work m ust use securit y com pat ible wit h t he AP.
Securit y st ops unaut horized devices from using t he wireless net work. I t can also prot ect t he
inform at ion t hat is sent in t he wireless net work.
Radio Channels
I n t he radio spect rum , t here are cert ain frequency bands allocat ed for unlicensed, civilian use. For
t he purposes of wireless net working, t hese bands are divided int o num erous channels. This allows a
VMG8324-B10A / VMG8324-B30A Series User’s Guide
93
Chapter 6 Wireless
variet y of net works t o exist in t he sam e place wit hout int erfering wit h one anot her. When you
creat e a net work, you m ust select a channel t o use.
Since t he available unlicensed spect rum varies from one count ry t o anot her, t he num ber of
available channels also varies.
6.10.2 Additional Wireless Terms
The following t able describes som e wireless net work t erm s and acronym s used in t he Device’s Web
Configurat or.
Table 29 Addit ional Wireless Term s
TERM
DESCRIPTION
RTS/ CTS Threshold
I n a wireless net work which covers a large area, wireless devices are som et im es not
aware of each ot her ’s presence. This m ay cause t hem t o send inform at ion t o t he AP
at t he sam e t im e and result in inform at ion colliding and not get t ing t hrough.
By set t ing t his value lower t han t he default value, t he wireless devices m ust
som et im es get perm ission t o send inform at ion t o t he Device. The lower t he value, t he
m ore oft en t he devices m ust get perm ission.
I f t his value is great er t han t he fragm ent at ion t hreshold value ( see below) , t hen
wireless devices never have t o get perm ission t o send inform at ion t o t he Device.
Pream ble
A pream ble affect s t he t im ing in your wireless net work. There are t wo pream ble
m odes: long and short . I f a device uses a different pream ble m ode t han t he Device
does, it cannot com m unicat e wit h t he Device.
Aut hent icat ion
The process of verifying whet her a wireless device is allowed t o use t he wireless
net work.
Fragm ent at ion
Threshold
A sm all fragm ent at ion t hreshold is recom m ended for busy net works, while a larger
t hreshold provides fast er perform ance if t he net work is not very busy.
6.10.3 Wireless Security Overview
By t heir nat ure, radio com m unicat ions are sim ple t o int ercept . For wireless dat a net works, t his
m eans t hat anyone wit hin range of a wireless net work wit hout securit y can not only read t he dat a
passing over t he airwaves, but also j oin t he net work. Once an unaut horized person has access t o
t he net work, he or she can st eal inform at ion or int roduce m alware ( m alicious soft ware) int ended t o
com prom ise t he net work. For t hese reasons, a variet y of securit y syst em s have been developed t o
ensure t hat only aut horized people can use a wireless dat a net work, or underst and t he dat a carried
on it .
These securit y st andards do t wo t hings. First , t hey aut hent icat e. This m eans t hat only people
present ing t he right credent ials ( oft en a usernam e and password, or a “ key” phrase) can access t he
net work. Second, t hey encrypt . This m eans t hat t he inform at ion sent over t he air is encoded. Only
people wit h t he code key can underst and t he inform at ion, and only people who have been
aut hent icat ed are given t he code key.
These securit y st andards vary in effect iveness. Som e can be broken, such as t he old Wired
Equivalent Prot ocol ( WEP) . Using WEP is bet t er t han using no securit y at all, but it will not keep a
det erm ined at t acker out . Ot her securit y st andards are secure in t hem selves but can be broken if a
user does not use t hem properly. For exam ple, t he WPA- PSK securit y st andard is very secure if you
use a long key which is difficult for an at t acker ’s soft ware t o guess - for exam ple, a t went y- let t er
long st ring of apparent ly random num bers and let t ers - but it is not very secure if you use a short
key which is very easy t o guess - for exam ple, a t hree- let t er word from t he dict ionary.
94
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
Because of t he dam age t hat can be done by a m alicious at t acker, it ’s not j ust people who have
sensit ive inform at ion on t heir net work who should use securit y. Everybody who uses any wireless
net work should ensure t hat effect ive securit y is in place.
A good way t o com e up wit h effect ive securit y keys, passwords and so on is t o use obscure
inform at ion t hat you personally will easily rem em ber, and t o ent er it in a way t hat appears random
and does not include real words. For exam ple, if your m ot her owns a 1970 Dodge Challenger and
her favorit e m ovie is Vanishing Point ( which you know was m ade in 1971) you could use
“ 70dodchal71vanpoi” as your securit y key.
The following sect ions int roduce different t ypes of wireless securit y you can set up in t he wireless
net work.
6.10.3.1 SSID
Norm ally, t he Device act s like a beacon and regularly broadcast s t he SSI D in t he area. You can hide
t he SSI D inst ead, in which case t he Device does not broadcast t he SSI D. I n addit ion, you should
change t he default SSI D t o som et hing t hat is difficult t o guess.
This t ype of securit y is fairly weak, however, because t here are ways for unaut horized wireless
devices t o get t he SSI D. I n addit ion, unaut horized wireless devices can st ill see t he inform at ion t hat
is sent in t he wireless net work.
6.10.3.2 MAC Address Filter
Every device t hat can use a wireless net work has a unique ident ificat ion num ber, called a MAC
address. 1 A MAC address is usually writ t en using t welve hexadecim al charact ers2 ; for exam ple,
00A0C5000002 or 00: A0: C5: 00: 00: 02. To get t he MAC address for each device in t he wireless
net work, see t he device’s User ’s Guide or ot her docum ent at ion.
You can use t he MAC address filt er t o t ell t he Device which devices are allowed or not allowed t o
use t he wireless net work. I f a device is allowed t o use t he wireless net work, it st ill has t o have t he
correct inform at ion ( SSI D, channel, and securit y) . I f a device is not allowed t o use t he wireless
net work, it does not m at t er if it has t he correct inform at ion.
This t ype of securit y does not prot ect t he inform at ion t hat is sent in t he wireless net work.
Furt herm ore, t here are ways for unaut horized wireless devices t o get t he MAC address of an
aut horized device. Then, t hey can use t hat MAC address t o use t he wireless net work.
6.10.3.3 User Authentication
Aut hent icat ion is t he process of verifying whet her a wireless device is allowed t o use t he wireless
net work. You can m ake every user log in t o t he wireless net work before using it . However, every
device in t he wireless net work has t o support I EEE 802.1x t o do t his.
For wireless net works, you can st ore t he user nam es and passwords for each user in a RADI US
server. This is a server used in businesses m ore t han in hom es. I f you do not have a RADI US server,
you cannot set up user nam es and passwords for your users.
Unaut horized wireless devices can st ill see t he inform at ion t hat is sent in t he wireless net work,
even if t hey cannot use t he wireless net work. Furt herm ore, t here are ways for unaut horized
1.
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds
of wireless devices might not have MAC addresses.
2.
Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
95
Chapter 6 Wireless
wireless users t o get a valid user nam e and password. Then, t hey can use t hat user nam e and
password t o use t he wireless net work.
6.10.3.4 Encryption
Wireless net works can use encrypt ion t o prot ect t he inform at ion t hat is sent in t he wireless
net work. Encrypt ion is like a secret code. I f you do not know t he secret code, you cannot
underst and t he m essage.
The t ypes of encrypt ion you can choose depend on t he t ype of aut hent icat ion. ( See Sect ion
6.10.3.3 on page 95 for inform at ion about t his.)
Table 30 Types of Encrypt ion for Each Type of Aut hent icat ion
W e a k e st
NO AUTHENTICATION
RADIUS SERVER
No Securit y
WPA
St at ic WEP
WPA- PSK
St r on ge st
WPA2- PSK
WPA2
For exam ple, if t he wireless net work has a RADI US server, you can choose W PA or W PA2 . I f users
do not log in t o t he wireless net work, you can choose no encrypt ion, St a t ic W EP, W PA- PSK, or
W PA2 - PSK.
Usually, you should set up t he st rongest encrypt ion t hat every device in t he wireless net work
support s. For exam ple, suppose you have a wireless net work wit h t he Device and you do not have
a RADI US server. Therefore, t here is no aut hent icat ion. Suppose t he wireless net work has t wo
devices. Device A only support s WEP, and device B support s WEP and WPA. Therefore, you should
set up St a t ic W EP in t he wireless net work.
Not e: I t is recom m ended t hat w ireless net works use W PA- PSK, W PA, or st ronger
encrypt ion. The ot her t ypes of encrypt ion are bet t er t han none at all, but it is st ill
possible for unaut horized wireless devices t o figure out t he original inform at ion
pret t y quickly.
When you select W PA2 or W PA2 - PSK in your Device, you can also select an opt ion (W PA
com pa t ible ) t o support WPA as well. I n t his case, if som e of t he devices support WPA and som e
support WPA2, you should set up W PA2 - PSK or W PA2 ( depending on t he t ype of wireless net work
login) and select t he W PA com pa t ible opt ion in t he Device.
Many t ypes of encrypt ion use a key t o prot ect t he inform at ion in t he wireless net work. The longer
t he key, t he st ronger t he encrypt ion. Every device in t he wireless net work m ust have t he sam e key.
6.10.4 Signal Problems
Because wireless net works are radio net works, t heir signals are subj ect t o lim it at ions of dist ance,
int erference and absorpt ion.
Problem s wit h dist ance occur when t he t wo radios are t oo far apart . Problem s wit h int erference
occur when ot her radio waves int errupt t he dat a signal. I nt erference m ay com e from ot her radio
t ransm issions, such as m ilit ary or air t raffic cont rol com m unicat ions, or from m achines t hat are
96
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
coincident al em it t ers such as elect ric m ot ors or m icrowaves. Problem s wit h absorpt ion occur when
physical obj ect s ( such as t hick walls) are bet ween t he t wo radios, m uffling t he signal.
6.10.5 BSS
A Basic Service Set ( BSS) exist s when all com m unicat ions bet ween wireless st at ions or bet ween a
wireless st at ion and a wired net work client go t hrough one access point ( AP) .
I nt ra- BSS t raffic is t raffic bet ween wireless st at ions in t he BSS. When I nt ra- BSS t raffic blocking is
disabled, wireless st at ion A and B can access t he wired net work and com m unicat e wit h each ot her.
When I nt ra- BSS t raffic blocking is enabled, wireless st at ion A and B can st ill access t he wired
net work but cannot com m unicat e wit h each ot her.
Figure 49 Basic Service set
6.10.6 MBSSID
Tradit ionally, you need t o use different APs t o configure different Basic Service Set s ( BSSs) . As well
as t he cost of buying ext ra APs, t here is also t he possibilit y of channel int erference. The Device’s
MBSSI D ( Mult iple Basic Service Set I Dent ifier) funct ion allows you t o use one access point t o
provide several BSSs sim ult aneously. You can t hen assign varying QoS priorit ies and/ or securit y
m odes t o different SSI Ds.
Wireless devices can use different BSSI Ds t o associat e wit h t he sam e AP.
6.10.6.1 Notes on Multiple BSSs
• A m axim um of eight BSSs are allowed on one AP sim ult aneously.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
97
Chapter 6 Wireless
• You m ust use different keys for different BSSs. I f t wo wireless devices have different BSSI Ds
( t hey are in different BSSs) , but have t he sam e keys, t hey m ay hear each ot her ’s
com m unicat ions ( but not com m unicat e wit h each ot her) .
• MBSSI D should not replace but rat her be used in conj unct ion wit h 802.1x securit y.
6.10.7 Preamble Type
Pream ble is used t o signal t hat dat a is com ing t o t he receiver. Short and long refer t o t he lengt h of
t he synchronizat ion field in a packet .
Short pream ble increases perform ance as less t im e sending pream ble m eans m ore t im e for sending
dat a. All I EEE 802.11 com pliant wireless adapt ers support long pream ble, but not all support short
pream ble.
Use long pream ble if you are unsure what pream ble m ode ot her wireless devices on t he net work
support , and t o provide m ore reliable com m unicat ions in busy wireless net works.
Use short pream ble if you are sure all wireless devices on t he net work support it , and t o provide
m ore efficient com m unicat ions.
Use t he dynam ic set t ing t o aut om at ically use short pream ble when all wireless devices on t he
net work support it , ot herwise t he Device uses long pream ble.
Not e: The wireless devices MUST use t he sam e pream ble m ode in order t o com m unicat e.
6.10.8 Wireless Distribution System (WDS)
The Device can act as a wireless net work bridge and est ablish WDS ( Wireless Dist ribut ion Syst em )
links wit h ot her APs. You need t o know t he MAC addresses of t he APs you want t o link t o. Once t he
securit y set t ings of peer sides m at ch one anot her, t he connect ion bet ween devices is m ade.
At t he t im e of writ ing, WDS securit y is com pat ible wit h ot her ZyXEL access point s only. Refer t o
your ot her access point ’s docum ent at ion for det ails.
The following figure illust rat es how WDS link works bet ween APs. Not ebook com put er A is a
wireless client connect ing t o access point AP 1 . AP 1 has no wired I nt ernet connect ion, but it can
est ablish a WDS link wit h access point AP 2 , which has a wired I nt ernet connect ion. When AP 1
has a WDS link wit h AP 2 , t he not ebook com put er can access t he I nt ernet t hrough AP 2 .
Figure 50 WDS Link Exam ple
WDS
AP 1
AP 2
6.10.9 WiFi Protected Setup (WPS)
Your Device support s WiFi Prot ect ed Set up ( WPS) , which is an easy way t o set up a secure wireless
net work. WPS is an indust ry st andard specificat ion, defined by t he WiFi Alliance.
98
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
WPS allows you t o quickly set up a wireless net work wit h st rong securit y, wit hout having t o
configure securit y set t ings m anually. Each WPS connect ion works bet ween t wo devices. Bot h
devices m ust support WPS ( check each device’s docum ent at ion t o m ake sure) .
Depending on t he devices you have, you can eit her press a but t on ( on t he device it self, or in it s
configurat ion ut ilit y) or ent er a PI N ( a unique Personal I dent ificat ion Num ber t hat allows one device
t o aut hent icat e t he ot her) in each of t he t wo devices. When WPS is act ivat ed on a device, it has t wo
m inut es t o find anot her device t hat also has WPS act ivat ed. Then, t he t wo devices connect and set
up a secure net work by t hem selves.
6.10.9.1 Push Button Configuration
WPS Push But t on Configurat ion ( PBC) is init iat ed by pressing a but t on on each WPS- enabled
device, and allowing t hem t o connect aut om at ically. You do not need t o ent er any inform at ion.
Not every WPS- enabled device has a physical WPS but t on. Som e m ay have a WPS PBC but t on in
t heir configurat ion ut ilit ies inst ead of or in addit ion t o t he physical but t on.
Take t he following st eps t o set up WPS using t he but t on.
Ensure t hat t he t wo devices you want t o set up are wit hin wireless range of one anot her.
Look for a WPS but t on on each device. I f t he device does not have one, log int o it s configurat ion
ut ilit y and locat e t he but t on ( see t he device’s User ’s Guide for how t o do t his - for t he Device, see
Sect ion 6.6 on page 87) .
Press t he but t on on one of t he devices ( it doesn’t m at t er which) . For t he Device you m ust press t he
WPS but t on for m ore t han t hree seconds.
Wit hin t wo m inut es, press t he but t on on t he ot her device. The regist rar sends t he net work nam e
( SSI D) and securit y key t hrough an secure connect ion t o t he enrollee.
I f you need t o m ake sure t hat WPS worked, check t he list of associat ed wireless client s in t he AP’s
configurat ion ut ilit y. I f you see t he wireless client in t he list , WPS was successful.
6.10.9.2 PIN Configuration
Each WPS- enabled device has it s own PI N ( Personal I dent ificat ion Num ber) . This m ay eit her be
st at ic ( it cannot be changed) or dynam ic ( in som e devices you can generat e a new PI N by clicking
on a but t on in t he configurat ion int erface) .
Use t he PI N m et hod inst ead of t he push- but t on configurat ion ( PBC) m et hod if you want t o ensure
t hat t he connect ion is est ablished bet ween t he devices you specify, not j ust t he first t wo devices t o
act ivat e WPS in range of each ot her. However, you need t o log int o t he configurat ion int erfaces of
bot h devices t o use t he PI N m et hod.
When you use t he PI N m et hod, you m ust ent er t he PI N from one device ( usually t he wireless client )
int o t he second device ( usually t he Access Point or wireless rout er) . Then, when WPS is act ivat ed
on t he first device, it present s it s PI N t o t he second device. I f t he PI N m at ches, one device sends
t he net work and securit y inform at ion t o t he ot her, allowing it t o j oin t he net work.
Take t he following st eps t o set up a WPS connection bet ween an access point or wireless rout er
( referred t o here as t he AP) and a client device using t he PI N m et hod.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
99
Chapter 6 Wireless
Ensure WPS is enabled on bot h devices.
Access t he WPS sect ion of t he AP’s configurat ion int erface. See t he device’s User ’s Guide for how t o
do t his.
Look for t he client ’s WPS PI N; it will be displayed eit her on t he device, or in t he WPS sect ion of t he
client ’s configurat ion int erface ( see t he device’s User ’s Guide for how t o find t he WPS PI N - for t he
Device, see Sect ion 6.5 on page 86) .
Ent er t he client ’s PI N in t he AP’s configurat ion int erface.
I f t he client device’s configurat ion int erface has an area for ent ering anot her device’s PI N, you can
eit her ent er t he client ’s PI N in t he AP, or ent er t he AP’s PI N in t he client - it does not m at t er which.
St art WPS on bot h devices wit hin t wo m inut es.
Use t he configurat ion ut ilit y t o act ivat e WPS, not t he push- but t on on t he device it self.
On a com put er connect ed t o t he wireless client , t ry t o connect t o t he I nt ernet . I f you can connect ,
WPS was successful.
I f you cannot connect , check t he list of associat ed wireless client s in t he AP’s configurat ion ut ilit y. I f
you see t he wireless client in t he list , WPS was successful.
100
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
The following figure shows a WPS- enabled wireless client ( inst alled in a not ebook com put er)
connect ing t o t he WPS- enabled AP via t he PI N m et hod.
Figure 51 Exam ple WPS Process: PI N Met hod
ENROLLEE
REGISTRAR
WPS
This device’s
WPS PIN: 123456
WPS
Enter WPS PIN
from other device:
WPS
START
WPS
START
WITHIN 2 MINUTES
SECURE EAP TUNNEL
SSID
WPA(2)-PSK
COMMUNICATION
6.10.9.3 How WPS Works
When t wo WPS- enabled devices connect , each device m ust assum e a specific role. One device act s
as t he regist rar ( t he device t hat supplies net work and securit y set t ings) and t he ot her device act s
as t he enrollee ( t he device t hat receives net work and securit y set t ings. The regist rar creat es a
secure EAP ( Ext ensible Aut hent icat ion Prot ocol) t unnel and sends t he net work nam e ( SSI D) and t he
WPA- PSK or WPA2- PSK pre- shared key t o t he enrollee. Whet her WPA- PSK or WPA2- PSK is used
depends on t he st andards support ed by t he devices. I f t he regist rar is already part of a net work, it
sends t he exist ing inform at ion. I f not , it generat es t he SSI D and WPA( 2) - PSK random ly.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
101
Chapter 6 Wireless
The following figure shows a WPS- enabled client ( inst alled in a not ebook com put er) connect ing t o a
WPS- enabled access point .
Figure 52 How WPS works
ACTIVATE
WPS
ACTIVATE
WPS
WITHIN 2 MINUTES
WPS HANDSHAKE
ENROLLEE
REGISTRAR
SECURE TUNNEL
SECURITY INFO
COMMUNICATION
The roles of regist rar and enrollee last only as long as t he WPS set up process is act ive ( t wo
m inut es) . The next t im e you use WPS, a different device can be t he regist rar if necessary.
The WPS connect ion process is like a handshake; only t wo devices part icipat e in each WPS
t ransact ion. I f you want t o add m ore devices you should repeat t he process wit h one of t he exist ing
net worked devices and t he new device.
Not e t hat t he access point ( AP) is not always t he regist rar, and t he wireless client is not always t he
enrollee. All WPS- cert ified APs can be a regist rar, and so can som e WPS- enabled wireless client s.
By default , a WPS devices is “ unconfigured”. This m eans t hat it is not part of an exist ing net work
and can act as eit her enrollee or regist rar ( if it support s bot h funct ions) . I f t he regist rar is
unconfigured, t he securit y set t ings it t ransm it s t o t he enrollee are random ly- generat ed. Once a
WPS- enabled device has connect ed t o anot her device using WPS, it becom es “ configured”. A
configured wireless client can st ill act as enrollee or regist rar in subsequent WPS connect ions, but a
configured access point can no longer act as enrollee. I t will be t he regist rar in all subsequent WPS
connect ions in which it is involved. I f you want a configured AP t o act as an enrollee, you m ust reset
it t o it s fact ory default s.
6.10.9.4 Example WPS Network Setup
This sect ion shows how securit y set t ings are dist ribut ed in an exam ple WPS set up.
The following figure shows an exam ple net work. I n st ep 1 , bot h AP1 and Clie nt 1 are
unconfigured. When WPS is act ivat ed on bot h, t hey perform t he handshake. I n t his exam ple, AP1
102
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
is t he regist rar, and Clie nt 1 is t he enrollee. The regist rar random ly generat es t he securit y
inform at ion t o set up t he net work, since it is unconfigured and has no exist ing inform at ion.
Figure 53 WPS: Exam ple Net work St ep 1
ENROLLEE
REGISTRAR
SECURITY INFO
AP1
CLIENT 1
I n st ep 2 , you add anot her wireless client t o t he net work. You know t hat Clie nt 1 support s regist rar
m ode, but it is bet t er t o use AP1 for t he WPS handshake wit h t he new client since you m ust
connect t o t he access point anyway in order t o use t he net work. I n t his case, AP1 m ust be t he
regist rar, since it is configured ( it already has securit y inform at ion for t he net work) . AP1 supplies
t he exist ing securit y inform at ion t o Clie nt 2 .
Figure 54 WPS: Exam ple Net work St ep 2
REGISTRAR
EXISTING CONNECTION
AP1
CLIENT 1
ENROLLEE
INF
RI
CU
SE
CLIENT 2
VMG8324-B10A / VMG8324-B30A Series User’s Guide
103
Chapter 6 Wireless
I n st ep 3, you add anot her access point ( AP2 ) t o your net work. AP2 is out of range of AP1 , so you
cannot use AP1 for t he WPS handshake wit h t he new access point . However, you know t hat Clie nt
2 support s t he regist rar funct ion, so you use it t o perform t he WPS handshake inst ead.
Figure 55 WPS: Exam ple Net work St ep 3
EXISTING CONNECTION
CLIENT 1
IS
EX
GC
TIN
ION
CT
NN
AP1
REGISTRAR
CLIENT 2
SE
CU
RIT
ENROLLEE
INF
AP2
6.10.9.5 Limitations of WPS
WPS has som e lim it at ions of which you should be aware.
• WPS works in I nfrast ruct ure net works only ( where an AP and a wireless client com m unicat e) . I t
does not work in Ad- Hoc net works ( where t here is no AP) .
• When you use WPS, it works bet ween t wo devices only. You cannot enroll m ult iple devices
sim ult aneously, you m ust enroll one aft er t he ot her.
For inst ance, if you have t wo enrollees and one regist rar you m ust set up t he first enrollee ( by
pressing t he WPS but t on on t he regist rar and t he first enrollee, for exam ple) , t hen check t hat it
successfully enrolled, t hen set up t he second device in t he sam e way.
• WPS works only wit h ot her WPS- enabled devices. However, you can st ill add non-WPS devices t o
a net work you already set up using WPS.
WPS works by aut om at ically issuing a random ly- generat ed WPA- PSK or WPA2- PSK pre- shared
key from t he regist rar device t o t he enrollee devices. Whet her t he net work uses WPA- PSK or
WPA2- PSK depends on t he device. You can check t he configurat ion int erface of t he regist rar
device t o discover t he key t he net work is using ( if t he device support s t his feat ure) . Then, you
can ent er t he key int o t he non-WPS device and j oin t he net work as norm al ( t he non-WPS device
m ust also support WPA- PSK or WPA2- PSK) .
104
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 6 Wireless
• When you use t he PBC m et hod, t here is a short period ( from t he m om ent you press t he but t on
on one device t o t he m om ent you press t he but t on on t he ot her device) when any WPS- enabled
device could j oin t he net work. This is because t he regist rar has no way of ident ifying t he
“ correct ” enrollee, and cannot different iat e bet ween your enrollee and a rogue device. This is a
possible way for a hacker t o gain access t o a net work.
You can easily check t o see if t his has happened. WPS works bet ween only t wo devices
sim ult aneously, so if anot her device has enrolled your device will be unable t o enroll, and will not
have access t o t he net work. I f t his happens, open t he access point ’s configurat ion int erface and
look at t he list of associat ed client s ( usually displayed by MAC address) . I t does not m at t er if t he
access point is t he WPS regist rar, t he enrollee, or was not involved in t he WPS handshake; a
rogue device m ust st ill associat e wit h t he access point t o gain access t o t he net work. Check t he
MAC addresses of your wireless client s ( usually print ed on a label on t he bot t om of t he device) . I f
t here is an unknown MAC address you can rem ove it or reset t he AP.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
105
Chapter 6 Wireless
106
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPT ER
Home Networking
7.1 Overview
A Local Area Net work ( LAN) is a shared com m unicat ion syst em t o which m any net working devices
are connect ed. I t is usually locat ed in one im m ediat e area such as a building or floor of a building.
Use t he LAN screens t o help you configure a LAN DHCP server and m anage I P addresses.
LAN
DSL
7.1.1 What You Can Do in this Chapter
• Use t he LAN Se t u p screen t o set t he LAN I P address, subnet m ask, and DHCP set t ings of your
Device ( Sect ion 7.2 on page 109) .
• Use t he St a t ic D H CP screen t o assign I P addresses on t he LAN t o specific individual com put ers
based on t heir MAC Addresses ( Sect ion 7.3 on page 113) .
• Use t he UPn P screen t o enable UPnP and UPnP NAT t raversal on t he Device ( Sect ion 7.4 on page
114) .
• Use t he Addit ion a l Su bne t screen t o configure I P alias and public st at ic I P ( Sect ion 7.5 on page
115) .
• Use t he STB Ve n dor I D screen t o have t he Device aut om at ically creat e st at ic DHCP ent ries for
Set Top Box ( STB) devices when t hey request I P addresses ( Sect ion 7.8 on page 125)
• Use t he 5 t h Et h e r ne t Por t screen t o configure t he W AN port as t he Et hernet WAN port or a LAN
port ( Sect ion 7.10 on page 126) .
• Use t he LAN VLAN screen t o cont rol t he VLAN I D and I EEE 802.1p priorit y t ags of t raffic sent out
t hrough individual LAN port s ( Sect ion 7.10 on page 126) .
• Use t he W a k e on La n screen t o rem ot ely t urn on a device on t he net work. ( Sect ion 7.10 on
page 126) .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
107
Chapter 7 Home Networking
7.1.2 What You Need To Know
7.1.2.1 About LAN
IP Address
I P addresses ident ify individual devices on a net work. Every net working device ( including
com put ers, servers, rout ers, print ers, et c.) needs an I P address t o com m unicat e across t he
net work. These net working devices are also known as host s.
Subnet Mask
Subnet m asks det erm ine t he m axim um num ber of possible host s on a net work. You can also use
subnet m asks t o divide one net work int o m ult iple sub- net works.
DHCP
A DHCP ( Dynam ic Host Configurat ion Prot ocol) server can assign your Device an I P address, subnet
m ask, DNS and ot her rout ing inform at ion when it 's t urned on.
DNS
DNS ( Dom ain Nam e Syst em ) is for m apping a dom ain nam e t o it s corresponding I P address and
vice versa. The DNS server is ext rem ely im port ant because wit hout it , you m ust know t he I P
address of a net working device before you can access it .
RADVD (Router Advertisement Daemon)
When an I Pv6 host sends a Rout er Solicit at ion ( RS) request t o discover t he available rout ers,
RADVD wit h Rout er Advert isem ent ( RA) m essages in response t o t he request . I t specifies t he
m inim um and m axim um int ervals of RA broadcast s. RA m essages cont aining t he address prefix.
I Pv6 host s can be generat ed wit h t he I Pv6 prefix an I Pv6 address.
7.1.2.2 About UPnP
Identifying UPnP Devices
UPnP hardware is ident ified as an icon in t he Net work Connect ions folder ( Windows XP) . Each UPnP
com pat ible device inst alled on your net work will appear as a separat e icon. Select ing t he icon of a
UPnP device will allow you t o access t he inform at ion and propert ies of t hat device.
NAT Traversal
UPnP NAT t raversal aut om at es t he process of allowing an applicat ion t o operat e t hrough NAT. UPnP
net work devices can aut om at ically configure net work addressing, announce t heir presence in t he
net work t o ot her UPnP devices and enable exchange of sim ple product and service descript ions.
NAT t raversal allows t he following:
• Dynam ic port m apping
• Learning public I P addresses
108
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 7 Home Networking
• Assigning lease t im es t o m appings
Windows Messenger is an exam ple of an applicat ion t hat support s NAT t raversal and UPnP.
See t he Chapt er 10 on page 157 for m ore inform at ion on NAT.
Cautions with UPnP
The aut om at ed nat ure of NAT t raversal applicat ions in est ablishing t heir own services and opening
firewall port s m ay present net work securit y issues. Net work inform at ion and configurat ion m ay also
be obt ained and m odified by users in som e net work environm ent s.
When a UPnP device j oins a net work, it announces it s presence wit h a m ult icast m essage. For
securit y reasons, t he Device allows m ult icast m essages on t he LAN only.
All UPnP- enabled devices m ay com m unicat e freely wit h each ot her wit hout addit ional configurat ion.
Disable UPnP if t his is not your int ent ion.
UPnP and ZyXEL
ZyXEL has achieved UPnP cert ificat ion from t he Universal Plug and Play Forum UPnP™
I m plem ent ers Corp. ( UI C) . ZyXEL's UPnP im plem ent at ion support s I nt ernet Gat eway Device ( I GD)
1.0.
See Sect ion 7.5 on page 115 for exam ples of inst alling and using UPnP.
Finding Out More
See Sect ion 7.12 on page 128 for t echnical background inform at ion on LANs.
7.1.3 Before You Begin
Find out t he MAC addresses of your net work devices if you int end t o add t hem t o t he DHCP Client
List screen.
7.2 The LAN Setup Screen
Use t his screen t o set t he Local Area Net work I P address and subnet m ask of your Device. Click
N e t w or k Se t t ing > H om e N e t w or k ing t o open t he LAN Se t up screen.
Follow t hese st eps t o configure your LAN set t ings.
Ent er an I P address int o t he I P Addr e ss field. The I P address m ust be in dot t ed decim al not at ion.
This will becom e t he I P address of your Device.
Ent er t he I P subnet m ask int o t he I P Su bn e t M a sk field. Unless inst ruct ed ot herwise it is best t o
leave t his alone, t he configurat or will aut om at ically com put e a subnet m ask based upon t he I P
address you ent ered.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
109
Chapter 7 Home Networking
Click Apply t o save your set t ings.
Figure 56 Net work Set t ing > Hom e Net working > LAN Set up
The following t able describes t he fields in t his screen.
Table 31 Net work Set t ing > Hom e Net working > LAN Set up
LABEL
DESCRIPTION
I nt erface Group
Group Nam e
Select t he int erface group nam e for which you want t o configure LAN set t ings. See Chapt er
12 on page 179 for how t o creat e a new int erface group.
LAN I P Set up
I Pv4 Address
Ent er t he LAN I Pv4 I P address you want t o assign t o your Device in dot t ed decim al not at ion,
for exam ple, 192.168.1.1 ( fact ory default ) .
Subnet Mask/
Prefix Lengt h
Type t he subnet m ask of your net work in dot t ed decim al not at ion, for exam ple
255.255.255.0 ( fact ory default ) . Your Device aut om at ically com put es t he subnet m ask
based on t he I P Address you ent er, so do not change t his field unless you are inst ruct ed t o
do so.
I GMP Snooping
St at us
Select t he En a ble I GM P Sn ooping checkbox t o allows t he Device t o passively learn
m ult icast group.
I GMP Mode
Select St a n da r d M ode t o have t he Device forward m ult icast packet s t o a port t hat j oins t he
m ult icast group and broadcast unknown m ult icast packet s from t he WAN t o all LAN port s.
Select Block ing M ode t o have t he Device block all unknown m ult icast packet s from t he
WAN.
DHCP Server St at e
DHCP
Select En a ble t o have t he Device act as a DHCP server or DHCP relay agent .
Select D isa ble t o st op t he DHCP server on t he Device.
Select D H CP Re la y t o have t he Device forward DHCP request t o t he DHCP server.
DHCP Relay
Server Address
110
This field is only available when you select D H CP Re la y in t he D H CP field.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 7 Home Networking
Table 31 Net work Set t ing > Hom e Net working > LAN Set up ( cont inued)
LABEL
DESCRIPTION
I Pv4 Address
Ent er t he I Pv4 I P address of t he act ual rem ot e DHCP server in t his field.
I P Addressing
Values
This field is only available when you select En a ble in t he D H CP field.
Beginning I P
Address
This field specifies t he first of t he cont iguous addresses in t he I P address pool.
Ending I P
Address
This field specifies t he last of t he cont iguous addresses in t he I P address pool.
Aut o reserve I P
for t he sam e
host
Select En a ble t o have t he Device record DHCP I P addresses wit h t he MAC addresses t he I P
addresses are assigned t o. The Device assigns t he sam e I P address t o t he sam e MAC
address when t he host request s an I P address again t hrough DHCP.
DHCP Server
Lease Tim e
This is t he period of t im e DHCP- assigned addresses is used. DHCP aut om at ically assigns I P
addresses t o client s when t hey log in. DHCP cent ralizes I P address m anagem ent on cent ral
com put ers t hat run t he DHCP server program . DHCP leases addresses, for a period of t im e,
which m eans t hat past addresses are “ recycled” and m ade available for fut ure reassignm ent
t o ot her syst em s.
This field is only available when you select En a ble in t he D H CP field.
Days/ Hours/
Minut es
Ent er t he lease t im e of t he DHCP server.
DNS Values
This field is only available when you select En a ble in t he D H CP field.
DNS
Select t he t ype of service t hat you are regist ered for from your Dynam ic DNS service
provider.
Select D yn a m ic if you have t he Dynam ic DNS service.
Select St a t ic if you have t he St at ic DNS service.
DNS Server 1
DNS Server 2
Ent er t he first and second DNS ( Dom ain Nam e Syst em ) server I P address t he Device passes
t o t he DHCP client s.
LAN I Pv6 Mode Set up
I Pv6 St at e
Select Ena ble t o act ivat e t he I Pv6 m ode and configure I Pv6 set t ings on t he Device.
LAN I Pv6 Address Set up
Delegat e prefix
from WAN
Select t his opt ion t o aut om at ically obt ain an I Pv6 net work prefix from t he service provider
or an uplink rout er.
St at ic
Select t his opt ion t o configure a fixed I Pv6 address for t he Device’s LAN I Pv6 address.
ULA PseudoRandom Global
ID
A unique local address ( ULA) is a unique I Pv6 address for use in privat e net works but not
rout able in t he global I Pv6 I nt ernet .
Select t his t o have t he Device aut om at ically generat e a globally unique address for t he LAN
I Pv6 address. The address form at is like fdxx: xxxx: xxxx: xxxx: : / 64.
ULA I Pv6 Address Set up
I Pv6 Address
I f you select st at ic I Pv6 address, ent er t he I Pv6 address prefix t hat t he Device uses for t he
LAN I Pv6 address.
Prefix Lengt h
I f you select st at ic I Pv6 address, ent er t he I Pv6 prefix lengt h t hat t he Device uses t o
generat e t he LAN I Pv6 address.
An I Pv6 prefix lengt h specifies how m any m ost significant bit s ( st art ing from t he left ) in t he
address com pose t he net work address. This field displays t he bit num ber of t he I Pv6 subnet
m ask.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
111
Chapter 7 Home Networking
Table 31 Net work Set t ing > Hom e Net working > LAN Set up ( cont inued)
LABEL
DESCRIPTION
MLD Snooping
Mult icast List ener Discovery ( MLD) allows an I Pv6 swit ch or rout er t o discover t he presence
of MLD host s who wish t o receive m ult icast packet s and t he I P addresses of m ult icast
groups t he host s want t o j oin on it s net work. Select En a ble M LD Sn oopin g t o act ivat e MLD
Snooping on t he Device. This allows t he Device t o check MLD packet s passing t hrough it and
learn t he m ult icast group m em bership. I t helps reduce m ult icast t raffic.
MLD Mode
Select St a n da r d M ode t o have t he Device forward I Pv6 m ult icast packet s t o a port t hat
j oins t he I Pv6 m ult icast group and broadcast unknown I Pv6 m ult icast packet s from t he WAN
t o all LAN port s.
Select Block ing M ode t o have t he Device block all unknown I Pv6 m ult icast packet s from
t he WAN.
LAN I Pv6
Address Assign
Set up
Select how you want t o obt ain an I Pv6 address:
•
•
•
St a t e le ss: The Device uses I Pv6 st at eless aut oconfigurat ion. RADVD ( Rout er
Advert isem ent Daem on) is enabled t o have t he Device send I Pv6 prefix inform at ion in
rout er advert isem ent s periodically and in response t o rout er solicit at ions. DHCPv6 server
is disabled.
St a t e fu l: The Device uses I Pv6 st at eful aut oconfigurat ion. The DHCPv6 server is
enabled t o have t he Device act as a DHCPv6 server and pass I Pv6 addresses t o DHCPv6
client s.
St a t e le ss a n d St a t e fu l: The Device uses bot h I Pv6 st at eless and st at eful
aut oconfigurat ion. The LAN I Pv6 client s can obt ain I Pv6 addresses eit her t hrough rout er
advert isem ent s or t hrough DHCPv6.
•
LAN I Pv6 DNS
Assign Set up
Select how t he Device provide DNS server and dom ain nam e inform at ion t o t he client s:
•
•
•
Fr om Rout e r Adve r t ise m e nt : The Device provides DNS inform at ion t hrough rout er
advert isem ent s.
Fr om D H CPv6 Se r ve r : The Device provides DNS inform at ion t hrough DHCPv6.
Fr om RA & D H CPv6 Se r ve r : The Device provides DNS inform at ion t hrough bot h rout er
advert isem ent s and DHCPv6.
DHCPv6 Configurat ion
DHCPv6 St at e
This shows t he st at us of t he DHCPv6.
I Pv6 Rout er Advert isem ent St at e
RADVD St at e
This shows whet her RADVD is enabled or not .
I Pv6 DNS Values
I Pv6 DNS
Server 1- 3
Select Fr om I SP if your I SP dynam ically assigns I Pv6 DNS server inform at ion.
Select Use r - D e fin e d if you have t he I Pv6 address of a DNS server. Ent er t he DNS server
I Pv6 addresses t he Device passes t o t he DHCP client s.
Select N on e if you do not want t o configure I Pv6 DNS servers.
DNS Query
Scenario
Select how t he Device handles client s’ DNS inform at ion request s.
•
•
•
•
•
112
I Pv4 / I Pv6 D N S Se r ve r : The Device forwards t he request s t o bot h t he I Pv4 and I Pv6
DNS servers and sends client s t he first DNS inform at ion it receives.
I Pv6 D N S Se r ve r On ly: The Device forwards t he request s t o t he I Pv6 DNS server and
sends client s t he DNS inform at ion it receives.
I Pv4 D N S Se r ve r On ly: The Device forwards t he request s t o t he I Pv4 DNS server and
sends client s t he DNS inform at ion it receives.
I Pv6 D N S Se r ve r Fir st : The Device forwards t he request s t o t he I Pv6 DNS server first
and t hen t he I Pv4 DNS server. Then it sends client s t he first DNS inform at ion it receives.
I Pv4 D N S Se r ve r Fir st : The Device forwards t he request s t o t he I Pv4 DNS server first
and t hen t he I Pv6 DNS server. Then it sends client s t he first DNS inform at ion it receives.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 7 Home Networking
7.3 The Static DHCP Screen
This t able allows you t o assign I P addresses on t he LAN t o specific individual com put ers based on
t heir MAC Addresses.
Every Et hernet device has a unique MAC ( Media Access Cont rol) address. The MAC address is
assigned at t he fact ory and consist s of six pairs of hexadecim al charact ers, for exam ple,
00: A0: C5: 00: 00: 02.
Use t his screen t o change your Device’s st at ic DHCP set t ings. Click N e t w or k Se t t in g > H om e
N e t w or k in g > St a t ic D H CP t o open t he following screen.
Figure 57 Net work Set t ing > Hom e Net working > St at ic DHCP
The following t able describes t he labels in t his screen.
Table 32 Net work Set t ing > Hom e Net working > St at ic DHCP
LABEL
DESCRIPTION
Add new st at ic
lease
Click t his t o add a new st at ic DHCP ent ry.
This is t he index num ber of t he ent ry.
St at us
This field displays whet her t he client is connect ed t o t he Device.
MAC Address
The MAC ( Media Access Cont rol) or Et hernet address on a LAN ( Local Area Net work) is
unique t o your com put er ( six pairs of hexadecim al not at ion) .
A net work int erface card such as an Et hernet adapt er has a hardwired address t hat is
assigned at t he fact ory. This address follows an indust ry st andard t hat ensures no ot her
adapt er has a sim ilar address.
I P Address
This field displays t he I P address relat ive t o t he # field list ed above.
Modify
Click t he Edit icon t o have t he I P address field edit able and change it .
Click t he D e le t e icon t o delet e a st at ic DHCP ent ry. A window displays asking you t o
confirm t hat you want t o delet e t he select ed ent ry.
I f you click Add ne w st a t ic le a se in t he St a t ic D H CP screen or t he Edit icon next t o a st at ic DHCP
ent ry, t he following screen displays.
Figure 58 St at ic DHCP: Add/ Edit
VMG8324-B10A / VMG8324-B30A Series User’s Guide
113
Chapter 7 Home Networking
The following t able describes t he labels in t his screen.
Table 33 St at ic DHCP: Add/ Edit
LABEL
DESCRIPTION
Act ive
Select t his t o act ivat e t he connect ion bet ween t he client and t he Device.
Group Nam e
Select t he int erface group nam e for which you want t o configure st at ic DHCP set t ings.
See Chapt er 12 on page 179 for how t o creat e a new int erface group.
Select Device I nfo
Select a device or com put er from t he drop- down list or select M a n u a l I n pu t t o m anually
ent er a device’s MAC address and I P address in t he following fields.
MAC Address
I f you select M a n u a l I n pu t , ent er t he MAC address of a com put er on your LAN.
I P Address
I f you select M a n u a l I n pu t , ent er t he I P address t hat you want t o assign t o t he
com put er on your LAN wit h t he MAC address t hat you will also specify.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
7.4 The UPnP Screen
Universal Plug and Play ( UPnP) is a dist ribut ed, open net working st andard t hat uses TCP/ I P for
sim ple peer- t o- peer net work connect ivit y bet ween devices. A UPnP device can dynam ically j oin a
net work, obt ain an I P address, convey it s capabilit ies and learn about ot her devices on t he net work.
I n t urn, a device can leave a net work sm oot hly and aut om at ically when it is no longer in use.
See page 108 for m ore inform at ion on UPnP.
Use t he following screen t o configure t he UPnP set t ings on your Device. Click N e t w or k Se t t in g >
H om e N e t w or k ing > UPn P t o display t he screen shown next .
Figure 59 Net work Set t ing > Hom e Net working > UPnP
114
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 7 Home Networking
The following t able describes t he labels in t his screen.
Table 34 Net work Set t ing > Hom e Net working > UPnP
LABEL
DESCRIPTION
UPnP
Select En a ble t o act ivat e UPnP. Be aware t hat anyone could use a UPnP applicat ion t o open
t he web configurat or's login screen wit hout ent ering t he Device's I P address ( alt hough you
m ust st ill ent er t he password t o access t he web configurat or) .
UPnP NAT-T
Select En a ble t o allow UPnP- enabled applicat ions t o aut om at ically configure t he Device so
t hat t hey can com m unicat e t hrough t he Device by using NAT t raversal. UPnP applicat ions
aut om at ically reserve a NAT forwarding port in order t o com m unicat e wit h anot her UPnP
enabled device; t his elim inat es t he need t o m anually configure port forwarding for t he UPnP
enabled applicat ion.
This is t he index num ber of t he UPnP NAT-T connect ion.
Descript ion
This is t he descript ion of t he UPnP NAT-T connect ion.
I P Address
This is t he I P address of t he ot her connect ed UPnP enabled device.
Ext ernal Port
This is t he ext ernal port num ber t hat ident ifies t he service.
I nt ernal Port
This is t he int ernal port num ber t hat ident ifies t he service.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
The t able below displays t he NAT port forwarding rules added aut om at ically by UPnP NAT-T.
7.5 Installing UPnP in Windows Example
This sect ion shows how t o inst all UPnP in Windows Me and Windows XP.
Installing UPnP in Windows Me
Follow t he st eps below t o inst all t he UPnP in Windows Me.
Click St a r t and Cont r ol Pa ne l. Double- click Add/ Re m ove Pr ogr a m s.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
115
Chapter 7 Home Networking
Click on t he W indow s Se t up t ab and select Com m u n ica t ion in t he Com pone n t s select ion box.
Click D e t a ils.
Add/Remove Programs: Windows Setup: Communication
I n t he Com m unica t ions window, select t he Un ive r sa l Plug a n d Pla y check box in t he
Com pone nt s select ion box.
Add/Remove Programs: Windows Setup: Communication: Components
116
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 7 Home Networking
Click OK t o go back t o t he Add/ Re m ove Pr ogr a m s Pr ope r t ie s window and click N e x t .
Rest art t he com put er when prom pt ed.
Installing UPnP in Windows XP
Follow t he st eps below t o inst all t he UPnP in Windows XP.
Click St a r t and Con t r ol Pa n e l.
Double- click N e t w or k Conne ct ions.
I n t he N e t w or k Conne ct ions window, click Adva n ce d in t he m ain m enu and select Opt iona l
N e t w or k in g Com pon e n t s ….
Network Connections
The W in dow s Opt ion a l N e t w or k in g Com pon e n t s W iza r d window displays. Select N e t w or k in g
Se r vice in t he Com pon e n t s select ion box and click D e t a ils.
Windows Optional Networking Components Wizard
VMG8324-B10A / VMG8324-B30A Series User’s Guide
117
Chapter 7 Home Networking
I n t he N e t w or k ing Se r vice s window, select t he Unive r sa l Plug a nd Pla y check box.
Networking Services
Click OK t o go back t o t he W indow s Opt ion a l N e t w or k ing Com pone nt W iz a r d window and
click N e x t .
7.6 Using UPnP in Windows XP Example
This sect ion shows you how t o use t he UPnP feat ure in Windows XP. You m ust already have UPnP
inst alled in Windows XP and UPnP act ivat ed on t he Device.
Make sure t he com put er is connect ed t o a LAN port of t he Device. Turn on your com put er and t he
Device.
Auto-discover Your UPnP-enabled Network Device
118
Click St a r t and Con t r ol Pa n e l. Double- click N e t w or k Con ne ct ion s. An icon displays under
I nt ernet Gat eway.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 7 Home Networking
Right- click t he icon and select Pr ope r t ie s.
Network Connections
I n t he I nt e r ne t Conne ct ion Pr ope r t ie s window, click Se t t ings t o see t he port m appings t here
were aut om at ically creat ed.
Internet Connection Properties
VMG8324-B10A / VMG8324-B30A Series User’s Guide
119
Chapter 7 Home Networking
You m ay edit or delet e t he port m appings or click Add t o m anually add port m appings.
Internet Connection Properties: Advanced Settings
Internet Connection Properties: Advanced Settings: Add
When t he UPnP- enabled device is disconnect ed from your com put er, all port m appings will be
delet ed aut om at ically.
Select Sh ow icon in not ifica t ion a r e a w he n conn e ct e d opt ion and click OK. An icon displays in
t he syst em t ray.
System Tray Icon
120
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 7 Home Networking
Double- click on t he icon t o display your current I nt ernet connect ion st at us.
Internet Connection Status
Web Configurator Easy Access
Wit h UPnP, you can access t he web- based configurat or on t he Device wit hout finding out t he I P
address of t he Device first . This com es helpful if you do not know t he I P address of t he Device.
Follow t he st eps below t o access t he web configurat or.
Click St a r t and t hen Cont r ol Pa ne l.
Double- click N e t w or k Conne ct ions.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
121
Chapter 7 Home Networking
Select M y N e t w or k Pla ce s under Ot h e r Pla ce s.
Network Connections
An icon wit h t he descript ion for each UPnP- enabled device displays under Loca l N e t w or k .
Right- click on t he icon for your Device and select I n vok e . The web configurat or login screen
displays.
Network Connections: My Network Places
122
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 7 Home Networking
Right- click on t he icon for your Device and select Pr ope r t ie s. A propert ies window displays wit h
basic inform at ion about t he Device.
Network Connections: My Network Places: Properties: Example
VMG8324-B10A / VMG8324-B30A Series User’s Guide
123
Chapter 7 Home Networking
7.7 The Additional Subnet Screen
Use t he Addit iona l Su bne t screen t o configure I P alias and public st at ic I P.
I P alias allows you t o part it ion a physical net work int o different logical net works over t he sam e
Et hernet int erface. The Device support s m ult iple logical LAN int erfaces via it s physical Et hernet
int erface wit h t he Device it self as t he gat eway for t he LAN net work. When you use I P alias, you can
also configure firewall rules t o cont rol access t o t he LAN's logical net work ( subnet ) .
I f your I SP provides t he Public LAN service, t he Device m ay use an LAN I P address t hat can be
accessed from t he WAN.
Click N e t w or k Se t t in g > H om e N e t w or k ing > Addit ion a l Subn e t t o display t he screen shown
next .
Figure 60 Net work Set t ing > Hom e Net working > Addit ional Subnet
The following t able describes t he labels in t his screen.
Table 35 Net work Set t ing > Hom e Net working > Addit ional Subnet
LABEL
DESCRIPTION
I P Alias Set up
Group Nam e
Select t he int erface group nam e for which you want t o configure t he I P alias set t ings. See
Chapt er 12 on page 179 for how t o creat e a new int erface group.
Act ive
Select t he checkbox t o configure a LAN net work for t he Device.
I P Address
Ent er t he I P address of your Device in dot t ed decim al not at ion.
I P Subnet Mask
Your Device will aut om at ically calculat e t he subnet m ask based on t he I P address t hat you
assign. Unless you are im plem ent ing subnet t ing, use t he subnet m ask com put ed by t he
Device.
Public LAN
124
Act ive
Select t he checkbox t o enable t he Public LAN feat ure. Your I SP m ust support Public LAN and
St at ic I P.
I P Address
Ent er t he public I P address provided by your I SP.
I P Subnet Mask
Ent er t he public I P subnet m ask provided by your I SP.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 7 Home Networking
Table 35 Net work Set t ing > Hom e Net working > Addit ional Subnet ( cont inued)
LABEL
DESCRIPTION
Offer Public I P
by DHCP
Select t he checkbox t o enable t he Device t o provide public I P addresses by DHCP server.
Enable ARP
Proxy
Select t he checkbox t o enable t he ARP ( Address Resolut ion Prot ocol) proxy.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
7.8 The STB Vendor ID Screen
Set Top Box ( STB) devices wit h dynam ic I P addresses som et im es don’t renew t heir I P addresses
before t he lease t im e expires. This could lead t o I P address conflict s if t he STB cont inues t o use an
I P address t hat get s assigned t o anot her device. Use t his screen t o list t he Vendor I Ds of connect ed
STBs t o have t he Device aut om at ically creat e st at ic DHCP ent ries for t hem when t hey request I P
addresses.
Click N e t w or k Se t t in g > H om e N e t w or k in g > STB Ve ndor I D t o open t his screen.
Figure 61 Net work Set t ing > Hom e Net working > STB Vendor I D
The following t able describes t he labels in t his screen.
Table 36 Net work Set t ing > Hom e Net working > STB Vendor I D
LABEL
DESCRIPTION
Vendor I D 1 ~
Ent er t he STB’s vendor I D.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
7.9 The 5th Ethernet Port Screen
I f you use a DSL connect ion, you can configure your Et hernet WAN port as an ext ra LAN port . This
Gigabit Et hernet port provides fast er t ransm ission speeds. Click N e t w or k Se t t ing > H om e
N e t w or k in g > 5 t h Et h e r n e t Por t t o open t his screen.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
125
Chapter 7 Home Networking
Not e: The Device needs t o rest art t o m ake t he role change t ake effect .
Figure 62 Net work Set t ing > Hom e Net working > 5t h Et hernet Port
The following t able describes t he labels in t his screen.
Table 37 Net work Set t ing > Hom e Net working > 5t h Et hernet Port
LABEL
DESCRIPTION
St at e
Select En a ble t o use t he Et hernet WAN port as a LAN port on t he Device.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
7.10 The LAN VLAN Screen
Click N e t w or k Se t t ing > H om e N e t w or k in g > LAN VLAN t o open t his screen. Use t his screen t o
cont rol t he VLAN I D and I EEE 802.1p priorit y t ags of t raffic sent out t hrough individual LAN port s.
Figure 63 Net work Set t ing > Hom e Net working > LAN VLAN
126
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 7 Home Networking
The following t able describes t he labels in t his screen.
Table 38 Net work Set t ing > Hom e Net working > LAN VLAN
LABEL
DESCRIPTION
Lan Port
These represent t he Device’s LAN port s.
Tag Operat ion
Select what you want t he Device t o do t o t he I EEE 802.1q VLAN I D and priorit y t ags of
downst ream t raffic before sending it out t hrough t his LAN port .
•
•
•
•
Un ch a n ge - Don’t do anyt hing t o t he t raffic’s VLAN I D and priorit y t ags.
Add - Add VLAN I D and priorit y t ags t o unt agged t raffic.
Re m ove - Delet e one t ag from t agged t raffic. I f t he fram e has double t ags, t his rem oves
t he out er t ag. This does not affect unt agged t raffic.
Re m a r k - Change t he value of t he out er VLAN I D and priorit y t ags.
802.1P Mark
Use t his opt ion t o set what t o do for t he I EEE 802.1p priorit y t ags when you add or rem ark
t he t ags for a LAN port ’s downst ream t raffic. Eit her select Un ch a n ge t o not m odify t he
t raffic’s priorit y t ags or select an priorit y from 0 t o 7 t o use. The larger t he num ber, t he
higher t he priorit y.
VLAN I D
I f you will add or rem ark t ags for t his LAN port ’s downst ream t raffic, specify t he VLAN I D
( from 0 t o 4094) t o use here.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
7.11 The Wake on LAN Screen
Use t his screen t o t urn on a device on t he LAN net work. To use t his feat ure, t he rem ot e device m ust
also support Wake On LAN.
You need t o know t he MAC address of t he LAN device. I t m ay be on a label on t he device or in it s
docum ent at ion.
Click N e t w or k Se t t in g > H om e N e t w or k in g > W a k e on La n t o open t his screen.
Figure 64 Net work Set t ing > Hom e Net working > Wake on Lan
The following t able describes t he labels in t his screen.
Table 39 Net work Set t ing > Hom e Net working > Wake on Lan
LABEL
DESCRIPTION
Wake by
Address
Select M a nu a l and ent er t he I P address or MAC address of t he device t o t urn it on rem ot ely.
The drop- down list also list s t he I P addresses t hat can be found in t he Device’s ARP t able.
Select an I P address and it will t hen aut om at ically updat e t he I P address and MAC address
in t he following fields.
I P Address
Ent er t he I Pv4 I P address of t he device t o t urn it on.
MAC Address
Ent er t he MAC address of t he device t o t urn it on. A MAC address consist s of six
hexadecim al charact er pairs.
Wake up
Click t his t o send a wake up packet t o wake up t he specified device.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
127
Chapter 7 Home Networking
7.12 Technical Reference
This sect ion provides som e t echnical background inform at ion about t he t opics covered in t his
chapt er.
7.12.1 LANs, WANs and the Device
The act ual physical connect ion det erm ines whet her t he Device port s are LAN or WAN port s. There
are t wo separat e I P net works, one inside t he LAN net work and t he ot her out side t he WAN net work
as shown next .
Figure 65 LAN and WAN I P Addresses
LAN
WAN
7.12.2 DHCP Setup
DHCP ( Dynam ic Host Configurat ion Prot ocol, RFC 2131 and RFC 2132) allows individual client s t o
obt ain TCP/ I P configurat ion at st art- up from a server. You can configure t he Device as a DHCP
server or disable it . When configured as a server, t he Device provides t he TCP/ I P configurat ion for
t he client s. I f you t urn DHCP service off, you m ust have anot her DHCP server on your LAN, or else
t he com put er m ust be m anually configured.
IP Pool Setup
The Device is pre- configured wit h a pool of I P addresses for t he DHCP client s ( DHCP Pool) . See t he
product specificat ions in t he appendices. Do not assign st at ic I P addresses from t he DHCP pool t o
your LAN com put ers.
7.12.3 DNS Server Addresses
DNS ( Dom ain Nam e Syst em ) m aps a dom ain nam e t o it s corresponding I P address and vice versa.
The DNS server is ext rem ely im port ant because wit hout it , you m ust know t he I P address of a
com put er before you can access it . The DNS server addresses you ent er when you set up DHCP are
passed t o t he client m achines along wit h t he assigned I P address and subnet m ask.
There are t wo ways t hat an I SP dissem inat es t he DNS server addresses.
• The I SP t ells you t he DNS server addresses, usually in t he form of an inform at ion sheet , when
you sign up. I f your I SP gives you DNS server addresses, ent er t hem in t he D N S Se r ve r fields in
t he D H CP Se t up screen.
128
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 7 Home Networking
• Som e I SPs choose t o dissem inat e t he DNS server addresses using t he DNS server ext ensions of
I PCP ( I P Cont rol Prot ocol) aft er t he connect ion is up. I f your I SP did not give you explicit DNS
servers, chances are t he DNS servers are conveyed t hrough I PCP negot iat ion. The Device
support s t he I PCP DNS server ext ensions t hrough t he DNS proxy feat ure.
Please not e t hat DNS proxy works only when t he I SP uses t he I PCP DNS server ext ensions. I t
does not m ean you can leave t he DNS servers out of t he DHCP set up under all circum st ances. I f
your I SP gives you explicit DNS servers, m ake sure t hat you ent er t heir I P addresses in t he
D H CP Se t up screen.
7.12.4 LAN TCP/IP
The Device has built- in DHCP server capabilit y t hat assigns I P addresses and DNS servers t o
syst em s t hat support DHCP client capabilit y.
IP Address and Subnet Mask
Sim ilar t o t he way houses on a st reet share a com m on st reet nam e, so t oo do com put ers on a LAN
share one com m on net work num ber.
Where you obt ain your net work num ber depends on your part icular sit uat ion. I f t he I SP or your
net work adm inist rat or assigns you a block of regist ered I P addresses, follow t heir inst ruct ions in
select ing t he I P addresses and t he subnet m ask.
I f t he I SP did not explicit ly give you an I P net work num ber, t hen m ost likely you have a single user
account and t he I SP will assign you a dynam ic I P address when t he connect ion is est ablished. I f t his
is t he case, it is recom m ended t hat you select a net work num ber from 192.168.0.0 t o
192.168.255.0 and you m ust enable t he Net work Address Translat ion ( NAT) feat ure of t he Device.
The I nt ernet Assigned Num ber Aut horit y ( I ANA) reserved t his block of addresses specifically for
privat e use; please do not use any ot her num ber unless you are t old ot herwise. Let 's say you select
192.168.1.0 as t he net work num ber; which covers 254 individual addresses, from 192.168.1.1 t o
192.168.1.254 ( zero and 255 are reserved) . I n ot her words, t he first t hree num bers specify t he
net work num ber while t he last num ber ident ifies an individual com put er on t hat net work.
Once you have decided on t he net work num ber, pick an I P address t hat is easy t o rem em ber, for
inst ance, 192.168.1.1, for your Device, but m ake sure t hat no ot her device on your net work is
using t hat I P address.
The subnet m ask specifies t he net work num ber port ion of an I P address. Your Device will com put e
t he subnet m ask aut om at ically based on t he I P address t hat you ent ered. You don't need t o change
t he subnet m ask com put ed by t he Device unless you are inst ruct ed t o do ot herwise.
Private IP Addresses
Every m achine on t he I nt ernet m ust have a unique address. I f your net works are isolat ed from t he
I nt ernet , for exam ple, only bet ween your t wo branch offices, you can assign any I P addresses t o
t he host s wit hout problem s. However, t he I nt ernet Assigned Num bers Aut horit y ( I ANA) has
reserved t he following t hree blocks of I P addresses specifically for privat e net works:
• 10.0.0.0
• 172.16.0.0
— 10.255.255.255
— 172.31.255.255
• 192.168.0.0 — 192.168.255.255
VMG8324-B10A / VMG8324-B30A Series User’s Guide
129
Chapter 7 Home Networking
You can obt ain your I P address from t he I ANA, from an I SP or it can be assigned from a privat e
net work. I f you belong t o a sm all organizat ion and your I nt ernet access is t hrough an I SP, t he I SP
can provide you wit h t he I nt ernet addresses for your local net works. On t he ot her hand, if you are
part of a m uch larger organizat ion, you should consult your net work adm inist rat or for t he
appropriat e I P addresses.
Not e: Regardless of your part icular sit uat ion, do not creat e an arbit rary I P address;
always follow t he guidelines above. For m ore inform at ion on address assignm ent ,
please refer t o RFC 1597, “Address Allocat ion for Privat e I nt ernet s” and RFC 1466,
“ Guidelines for Managem ent of I P Address Space”.
130
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPT ER
Routing
8.1 Overview
The Device usually uses t he default gat eway t o rout e out bound t raffic from com put ers on t he LAN
t o t he I nt ernet . To have t he Device send dat a t o devices not reachable t hrough t he default gat eway,
use st at ic rout es.
For exam ple, t he next figure shows a com put er ( A) connect ed t o t he Device’s LAN int erface. The
Device rout es m ost t raffic from A t o t he I nt ernet t hrough t he Device’s default gat eway ( R1 ) . You
creat e one st at ic rout e t o connect t o services offered by your I SP behind rout er R2 . You creat e
anot her st at ic rout e t o com m unicat e wit h a separat e net work behind a rout er R3 connect ed t o t he
LAN.
Figure 66 Exam ple of Rout ing Topology
R1
LAN
WAN
R3
R2
VMG8324-B10A / VMG8324-B30A Series User’s Guide
131
Chapter 8 Routing
8.2 The Routing Screen
Use t his screen t o view and configure t he st at ic rout e rules on t he Device. Click N e t w or k Se t t ing
> Rou t in g > St a t ic Rou t e t o open t he following screen.
Figure 67 Net work Set t ing > Rout ing > St at ic Rout e
The following t able describes t he labels in t his screen.
Table 40 Net work Set t ing > Rout ing > St at ic Rout e
LABEL
DESCRIPTION
Add new st at ic
rout e
Click t his t o configure a new st at ic rout e.
This is t he index num ber of t he ent ry.
St at us
This field displays whet her t he st at ic rout e is act ive or not . A yellow bulb signifies t hat t his
rout e is act ive. A gray bulb signifies t hat t his rout e is not act ive.
Nam e
This is t he nam e t hat describes or ident ifies t his rout e.
Dest inat ion I P
This param et er specifies t he I P net work address of t he final dest inat ion. Rout ing is always
based on net work num ber.
Subnet Mask
This param et er specifies t he I P net work subnet m ask of t he final dest inat ion.
Gat eway
This is t he I P address of t he gat eway. The gat eway is a rout er or swit ch on t he sam e
net work segm ent as t he device's LAN or WAN port . The gat eway helps forward packet s t o
t heir dest inat ions.
I nt erface
This is t he WAN int erface used for t his st at ic rout e.
Modify
Click t he Edit icon t o edit t he st at ic rout e on t he Device.
Click t he D e le t e icon t o rem ove a st at ic rout e from t he Device. A window displays asking
you t o confirm t hat you want t o delet e t he rout e.
132
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 8 Routing
8.2.1 Add/Edit Static Route
Use t his screen t o add or edit a st at ic rout e. Click Add n e w st a t ic r ou t e in t he Rout ing screen or
t he Edit icon next t o t he st at ic rout e you want t o edit . The screen shown next appears.
Figure 68 Rout ing: Add/ Edit
The following t able describes t he labels in t his screen.
Table 41 Rout ing: Add/ Edit
LABEL
DESCRIPTION
Act ive
This field allows you t o act ivat e/ deact ivat e t his st at ic rout e.
Select t his t o enable t he st at ic rout e. Clear t his t o disable t his st at ic rout e wit hout having t o
delet e t he ent ry.
Rout e Nam e
Ent er a descript ive nam e for t he st at ic rout e.
I P Type
Select whet her your I P t ype is I Pv4 or I Pv6 .
Dest inat ion I P
Address
Ent er t he I Pv4 or I Pv6 net work address of t he final dest inat ion.
I P Subnet Mask
I f you are using I Pv4 and need t o specify a rout e t o a single host , use a subnet m ask of
255.255.255.255 in t he subnet m ask field t o force t he net work num ber t o be ident ical t o
t he host I D. Ent er t he I P subnet m ask here.
Use Gat eway I P
Address
The gat eway is a rout er or swit ch on t he sam e net work segm ent as t he device's LAN or WAN
port . The gat eway helps forward packet s t o t heir dest inat ions.
I f you want t o use t he gat eway I P address, select Ena ble .
Gat eway I P
Address
Ent er t he I P address of t he gat eway.
Use I nt erface
Select t he WAN int erface you want t o use for t his st at ic rout e.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
133
Chapter 8 Routing
8.3 The DNS Route Screen
Use t his screen t o view and configure DNS rout es on t he Device. Click N e t w or k Se t t in g >
Rout ing > D N S Rout e t o open t he following screen.
Figure 69 Net work Set t ing > Rout ing > DNS Rout e
The following t able describes t he labels in t his screen.
Table 42 Net work Set t ing > Rout ing > DNS Rout e
LABEL
DESCRIPTION
Add new DNS
Rout e
Click t his t o add a new DNS rout e.
This is t he index num ber of a DNS rout e.
Dom ain Nam e
This is t he host nam e or dom ain nam e of t he DNS rout e ent ry.
I nt erface
This is t he WAN connect ion t hrough which t he Device forwards DNS request s for t his dom ain
nam e.
Subnet Mask
This is t he subnet m ask of t he DNS rout e ent ry.
Modify
Click t he Edit icon t o m odify t he DNS rout e.
Click t he D e le t e icon t o delet e t he DNS rout e.
8.3.1 The DNS Route Add Screen
You can m anually add t he Device’s DNS rout e ent ry. Click Add n e w D N S Rou t e in t he N e t w or k
Se t t in g > Rou t in g > D N S Rou t e screen. The screen shown next appears.
Figure 70 DNS Rout e Add
134
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 8 Routing
The following t able describes t he labels in t his screen.
Table 43 DNS Rout e Add
LABEL
DESCRIPTION
Dom ain Nam e
Ent er t he dom ain nam e of t he DNS rout e ent ry.
I nt erface
Select t he WAN connect ion t hrough which t he Device forwards DNS request s for t his dom ain
nam e.
Subnet Mask
Ent er t he subnet m ask of t he DNS rout e ent ry.
OK
Click t his t o save your changes.
Cancel
Click t his t o exit t his screen wit hout saving any changes.
8.4 The Policy Forwarding Screen
Tradit ionally, rout ing is based on t he dest inat ion address only and t he Device t akes t he short est
pat h t o forward a packet . Policy forwarding allows t he Device t o override t he default rout ing
behavior and alt er t he packet forwarding based on t he policy defined by t he net work adm inist rat or.
Policy- based rout ing is applied t o out going packet s, prior t o t he norm al rout ing.
You can use source- based policy forwarding t o direct t raffic from different users t hrough different
connect ions or dist ribut e t raffic am ong m ult iple pat hs for load sharing.
The Policy For w a r din g screen let you view and configure rout ing policies on t he Device. Click
N e t w or k Se t t ing > Rout ing > Policy For w a r ding t o open t he following screen.
Figure 71 Net work Set t ing > Rout ing > Policy Forwarding
The following t able describes t he labels in t his screen.
Table 44 Net work Set t ing > Rout ing > Policy Forwarding
LABEL
DESCRIPTION
Add new Policy
Forward Rule
Click t his t o creat e a new policy forwarding rule.
This is t he index num ber of t he ent ry.
Policy Nam e
This is t he nam e of t he rule.
Source I P
This is t he source I P address.
Source Subnet
Mask
his is t he source subnet m ask address.
Prot ocol
This is t he t ransport layer prot ocol.
Source Port
This is t he source port num ber.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
135
Chapter 8 Routing
Table 44 Net work Set t ing > Rout ing > Policy Forwarding ( cont inued)
LABEL
DESCRIPTION
WAN
This is t he WAN int erface t hrough which t he t raffic is rout ed.
Modify
Click t he Edit icon t o edit t his policy.
Click t he D e le t e icon t o rem ove a policy from t he Device. A window displays asking you t o
confirm t hat you want t o delet e t he policy.
8.4.1 Add/Edit Policy Forwarding
Click Add ne w Policy For w a r d Rule in t he Policy For w a r din g screen or click t he Edit icon next
t o a policy. Use t his screen t o configure t he required inform at ion for a policy rout e.
Figure 72 Policy Forwarding: Add/ Edit
The following t able describes t he labels in t his screen.
Table 45 Policy Forwarding: Add/ Edit
136
LABEL
DESCRIPTION
Policy Nam e
Ent er a descript ive nam e of up t o 8 print able English keyboard charact ers, not including
spaces.
Source I P
Ent er t he source I P address.
Source Subnet
Mask
Ent er t he source subnet m ask address.
Prot ocol
Select t he t ransport layer prot ocol ( TCP or UD P) .
Source Port
Ent er t he source port num ber.
Source MAC
Ent er t he source MAC address.
WAN
Select a WAN int erface t hrough which t he t raffic is sent . You m ust have t he WAN
int erface( s) already configured in t he Br oa dba n d screens.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 8 Routing
8.5 RIP
Rout ing I nform at ion Prot ocol ( RI P, RFC 1058 and RFC 1389) allows a device t o exchange rout ing
inform at ion wit h ot her rout ers.
8.5.1 The RIP Screen
Click N e t w or k Se t t ing > Rout ing > RI P t o open t he RI P screen.
Figure 73 RI P
The following t able describes t he labels in t his screen.
Table 46 RI P
LABEL
DESCRIPTION
This is t he index of t he int erface in which t he RI P set t ing is used.
I nt erface
This is t he nam e of t he int erface in which t he RI P set t ing is used.
Version
The RI P version cont rols t he form at and t he broadcast ing m et hod of t he RI P
packet s t hat t he Device sends ( it recognizes bot h form at s when receiving) . RI P
version 1 is universally support ed but RI P version 2 carries m ore inform at ion. RI P
version 1 is probably adequat e for m ost net works, unless you have an unusual
net work t opology.
Operat ion
Select Pa ssive t o have t he Device updat e t he rout ing t able based on t he RI P
packet s received from neighbors but not advert ise it s rout e inform at ion t o ot her
rout ers in t his int erface.
Select Act ive t o have t he Device advert ise it s rout e inform at ion and also list en for
rout ing updat es from neighboring rout ers.
Enabled
Select t he check box t o act ivat e t he set t ings.
Apply
Click Apply t o save your changes back t o t he Device.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
137
Chapter 8 Routing
138
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPT ER
Quality of Service (QoS)
9.1 Overview
Qualit y of Service ( QoS) refers t o bot h a net work’s abilit y t o deliver dat a wit h m inim um delay, and
t he net working m et hods used t o cont rol t he use of bandwidt h. Wit hout QoS, all t raffic dat a is
equally likely t o be dropped when t he net work is congest ed. This can cause a reduct ion in net work
perform ance and m ake t he net work inadequat e for t im e- crit ical applicat ion such as video- ondem and.
Configure QoS on t he Device t o group and priorit ize applicat ion t raffic and fine- t une net work
perform ance. Set t ing up QoS involves t hese st eps:
Configure classifiers t o sort t raffic int o different flows.
Assign priorit y and define act ions t o be perform ed for a classified t raffic flow.
The Device assigns each packet a priorit y and t hen queues t he packet accordingly. Packet s assigned
a high priorit y are processed m ore quickly t han t hose wit h low priorit y if t here is congest ion,
allowing t im e- sensit ive applicat ions t o flow m ore sm oot hly. Tim e- sensit ive applicat ions include bot h
t hose t hat require a low level of lat ency ( delay) and a low level of j it t er ( variat ions in delay) such as
Voice over I P ( VoI P) or I nt ernet gam ing, and t hose for which j it t er alone is a problem such as
I nt ernet radio or st ream ing video.
This chapt er cont ains inform at ion about configuring QoS and edit ing classifiers.
9.1.1 What You Can Do in this Chapter
• The Ge n e r a l screen let s you enable or disable QoS and set t he upst ream bandwidt h ( Sect ion 9.3
on page 141) .
• The Que ue Se t up screen let s you configure QoS queue assignm ent ( Sect ion 9.4 on page 142) .
• The Cla ss Se t up screen let s you add, edit or delet e QoS classifiers (Sect ion 9.5 on page 144) .
• The Police r Se t u p screen let s you add, edit or delet e QoS policers (Sect ion 9.5 on page 144) .
9.2 What You Need to Know
The following t erm s and concept s m ay help as you read t hrough t his chapt er.
QoS versus Cos
QoS is used t o priorit ize source- t o- dest inat ion t raffic flows. All packet s in t he sam e flow are given
t he sam e priorit y. CoS ( class of service) is a way of m anaging t raffic in a net work by grouping
VMG8324-B10A / VMG8324-B30A Series User’s Guide
139
Chapter 9 Quality of Service (QoS)
sim ilar t ypes of t raffic t oget her and t reat ing each t ype as a class. You can use CoS t o give different
priorit ies t o different packet t ypes.
CoS t echnologies include I EEE 802.1p layer 2 t agging and DiffServ ( Different iat ed Services or DS) .
I EEE 802.1p t agging m akes use of t hree bit s in t he packet header, while DiffServ is a new prot ocol
and defines a new DS field, which replaces t he eight- bit ToS ( Type of Service) field in t he I P header.
Tagging and Marking
I n a QoS class, you can configure whet her t o add or change t he DSCP ( DiffServ Code Point ) value,
I EEE 802.1p priorit y level and VLAN I D num ber in a m at ched packet . When t he packet passes
t hrough a com pat ible net work, t he net working device, such as a backbone swit ch, can provide
specific t reat m ent or service based on t he t ag or m arker.
Traffic Shaping
Burst y t raffic m ay cause net work congest ion. Traffic shaping regulat es packet s t o be t ransm it t ed
wit h a pre- configured dat a t ransm ission rat e using buffers ( or queues) . Your Device uses t he Token
Bucket algorit hm t o allow a cert ain am ount of large burst s while keeping a lim it at t he average rat e.
Traffic Rat e
Traffic
Traffic
Traffic Rat e
Tim e
Tim e
( Aft er Traffic Shaping)
( Before Traffic Shaping)
Traffic Policing
Traffic policing is t he lim it ing of t he input or out put t ransm ission rat e of a class of t raffic on t he
basis of user- defined crit eria. Traffic policing m et hods m easure t raffic flows against user- defined
crit eria and ident ify it as eit her conform ing, exceeding or violat ing t he crit eria.
Traffic Rat e
Traffic
Traffic
Traffic Rat e
Tim e
( Before Traffic Policing)
Tim e
( Aft er Traffic Policing)
The Device support s t hree incom ing t raffic m et ering algorit hm s: Token Bucket Filt er ( TBF) , Single
Rat e Two Color Maker ( srTCM) , and Two Rat e Two Color Marker ( t rTCM) . You can specify act ions
140
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 9 Quality of Service (QoS)
which are perform ed on t he colored packet s. See Sect ion 9.8 on page 152 for m ore inform at ion on
each m et ering algorit hm .
9.3 The Quality of Service General Screen
Click N e t w or k Se t t in g > QoS > Ge ne r a l t o open t he screen as shown next .
Use t his screen t o enable or disable QoS and set t he upst ream bandwidt h. See Sect ion 9.1 on page
139 for m ore inform at ion.
Figure 74 Net work Set t ings > QoS > General
The following t able describes t he labels in t his screen.
Table 47 Net work Set t ing > QoS > General
LABEL
DESCRIPTION
QoS
Select t he Ena ble check box t o t urn on QoS t o im prove your net work perform ance.
WAN Managed
Upst ream
Bandw idt h
Ent er t he am ount of upst ream bandwidt h for t he WAN int erfaces t hat you want t o allocat e
using QoS.
The recom m endat ion is t o set t his speed t o m at ch t he int erfaces’ act ual t ransm ission speed.
For exam ple, set t he WAN int erfaces’ speed t o 100000 kbps if your I nt ernet connect ion has
an upst ream t ransm ission speed of 100 Mbps.
You can set t his num ber higher t han t he int erfaces’ act ual t ransm ission speed. The Device
uses up t o 95% of t he DSL port ’s act ual upst ream t ransm ission speed even if you set t his
num ber higher t han t he DSL port ’s act ual t ransm ission speed.
You can also set t his num ber lower t han t he int erfaces’ act ual t ransm ission speed. This will
cause t he Device t o not use som e of t he int erfaces’ available bandwidt h.
I f you leave t his field blank, t he Device aut om at ically set s t his num ber t o be 95% of t he
WAN int erfaces’ act ual upst ream t ransm ission speed.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
141
Chapter 9 Quality of Service (QoS)
Table 47 Net work Set t ing > QoS > General ( cont inued) ( cont inued)
LABEL
DESCRIPTION
LAN Managed
Downst ream
Bandw idt h
Ent er t he am ount of downst ream bandwidt h for t he LAN int erfaces ( including WLAN) t hat
you want t o allocat e using QoS.
The recom m endat ion is t o set t his speed t o m at ch t he WAN int erfaces’ act ual t ransm ission
speed. For exam ple, set t he LAN m anaged downst ream bandwidt h t o 100000 kbps if you
use a 100 Mbps wired Et hernet WAN connect ion.
You can also set t his num ber lower t han t he WAN int erfaces’ act ual t ransm ission speed. This
will cause t he Device t o not use som e of t he int erfaces’ available bandwidt h.
I f you leave t his field blank, t he Device aut om at ically set s t his t o t he LAN int erfaces’
m axim um support ed connect ion speed.
Upst ream
t raffic priorit y
Assigned by
Select how t he Device assigns priorit ies t o various upst ream t raffic flows.
•
•
•
•
N on e : Disables aut o priorit y m apping and has t he Device put packet s int o t he queues
according t o your classificat ion rules. Traffic which does not m at ch any of t he
classificat ion rules is m apped int o t he default queue wit h t he lowest priorit y.
Et h e r n e t Pr ior it y: Aut om at ically assign priorit y based on t he I EEE 802.1p priorit y level.
I P Pr e ce de n ce : Aut om at ically assign priorit y based on t he first t hree bit s of t he TOS
field in t he I P header.
Pa ck e t Le n gt h : Aut om at ically assign priorit y based on t he packet size. Sm aller packet s
get higher priorit y since cont rol, signaling, VoI P, int ernet gam ing, or ot her real- t im e
packet s are usually sm all while larger packet s are usually best effort dat a packet s like
file t ransfers.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
9.4 The Queue Setup Screen
Click N e t w or k Se t t in g > QoS > Qu e ue Se t u p t o open t he screen as shown next .
Use t his screen t o configure QoS queue assignm ent .
Figure 75 Net work Set t ing > QoS > Queue Set up
142
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 9 Quality of Service (QoS)
The following t able describes t he labels in t his screen.
Table 48 Net work Set t ing > QoS > Queue Set up
LABEL
DESCRIPTION
Add new Queue
Click t his but t on t o creat e a new queue ent ry.
This is t he index num ber of t he ent ry.
St at us
This field displays whet her t he queue is act ive or not . A yellow bulb signifies t hat t his queue
is act ive. A gray bulb signifies t hat t his queue is not act ive.
Nam e
This shows t he descript ive nam e of t his queue.
I nt erface
This shows t he nam e of t he Device’s int erface t hrough which t raffic in t his queue passes.
Priorit y
This shows t he priorit y of t his queue.
Weight
This shows t he weight of t his queue.
Buffer
Managem ent
This shows t he queue m anagem ent algorit hm used for t his queue.
Rat e Lim it
This shows t he m axim um t ransm ission rat e allowed for t raffic on t his queue.
Modify
Click t he Edit icon t o edit t he queue.
Queue m anagem ent algorit hm s det erm ine how t he Device should handle packet s when it
receives t oo m any ( net work congest ion) .
Click t he D e le t e icon t o delet e an exist ing queue. Not e t hat subsequent rules m ove up by
one when you t ake t his act ion.
9.4.1 Adding a QoS Queue
Click Add ne w Qu e u e or t he edit icon in t he Que ue Se t up screen t o configure a queue.
Figure 76 Queue Set up: Add
The following t able describes t he labels in t his screen.
Table 49 Queue Set up: Add
LABEL
DESCRIPTION
Act ive
Select t o enable or disable t his queue.
Nam e
Ent er t he descript ive nam e of t his queue.
I nt erface
Select t he int erface t o which t his queue is applied.
This field is read- only if you are edit ing t he queue.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
143
Chapter 9 Quality of Service (QoS)
Table 49 Queue Set up: Add ( cont inued)
LABEL
DESCRIPTION
Priorit y
Select t he priorit y level ( from 1 t o 7) of t his queue.
The sm aller t he num ber, t he higher t he priorit y level. Traffic assigned t o higher priorit y
queues get s t hrough fast er while t raffic in lower priorit y queues is dropped if t he net work is
congest ed.
Weight
Select t he weight ( from 1 t o 8) of t his queue.
I f t wo queues have t he sam e priorit y level, t he Device divides t he bandwidt h across t he
queues according t o t heir weight s. Queues wit h larger weight s get m ore bandwidt h t han
queues wit h sm aller weight s.
Buffer
Managem ent
This field displays D r op Ta il ( D T) . D r op Ta il ( D T) is a sim ple queue m anagem ent
algorit hm t hat allows t he Device buffer t o accept as m any packets as it can unt il it is full.
Once t he buffer is full, new packet s t hat arrive are dropped unt il t here is space in t he buffer
again ( packet s are t ransm it t ed out of it ) .
Rat e Lim it
Specify t he m axim um t ransm ission rat e ( in Kbps) allowed for t raffic on t his queue.
OK
Click OK t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
9.5 The Class Setup Screen
Use t his screen t o add, edit or delet e QoS classifiers. A classifier groups t raffic int o dat a flows
according t o specific crit eria such as t he source address, dest inat ion address, source port num ber,
dest inat ion port num ber or incom ing int erface. For exam ple, you can configure a classifier t o select
t raffic from t he sam e prot ocol port ( such as Telnet ) t o form a flow.
You can give different priorit ies t o t raffic t hat t he Device forwards out t hrough t he WAN int erface.
Give high priorit y t o voice and video t o m ake t hem run m ore sm oot hly. Sim ilarly, give low priorit y
t o m any large file downloads so t hat t hey do not reduce t he qualit y of ot her applicat ions.
Click N e t w or k Se t t in g > QoS > Cla ss Se t u p t o open t he following screen.
Figure 77 Net work Set t ing > QoS > Class Set up
The following t able describes t he labels in t his screen.
Table 50 Net work Set t ing > QoS > Class Set up
144
LABEL
DESCRIPTION
Add new Classifier
Click t his t o creat e a new classifier.
This is t he index num ber of t he ent ry.
St at us
This field displays whet her t he classifier is act ive or not . A yellow bulb signifies t hat t his
classifier is act ive. A gray bulb signifies t hat t his classifier is not act ive.
Class Nam e
This is t he nam e of t he classifier.
Classificat ion
Crit eria
This shows crit eria specified in t his classifier, for exam ple t he int erface from which
t raffic of t his class should com e and t he source MAC address of t raffic t hat m at ches t his
classifier.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 9 Quality of Service (QoS)
Table 50 Net work Set t ing > QoS > Class Set up ( cont inued)
LABEL
DESCRIPTION
DSCP Mark
This is t he DSCP num ber added t o t raffic of t his classifier.
802.1P Mark
This is t he I EEE 802.1p priorit y level assigned t o t raffic of t his classifier.
VLAN I D Tag
This is t he VLAN I D num ber assigned t o t raffic of t his classifier.
To Queue
This is t he nam e of t he queue in which t raffic of t his classifier is put .
Modify
Click t he Edit icon t o edit t he classifier.
Click t he D e le t e icon t o delet e an exist ing classifier. Not e t hat subsequent rules m ove
up by one when you t ake t his act ion.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
145
Chapter 9 Quality of Service (QoS)
9.5.1 Add/Edit QoS Class
Click Add ne w Cla ssifie r in t he Cla ss Se t up screen or t he Edit icon next t o a classifier t o open
t he following screen.
Figure 78 Class Set up: Add/ Edit
146
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 9 Quality of Service (QoS)
The following t able describes t he labels in t his screen.
Table 51 Class Set up: Add/ Edit
LABEL
DESCRIPTION
Act ive
Select t his t o enable t his classifier.
Class Nam e
Ent er a descript ive nam e of up t o 15 print able English keyboard charact ers, not including
spaces.
Classificat ion
Order
Select an exist ing num ber for where you want t o put t his classifier t o m ove t he classifier t o
t he num ber you select ed aft er clicking Apply.
Select La st t o put t his rule in t he back of t he classifier list .
From I nt erface
I f you want t o classify t he t raffic by an ingress int erface, select an int erface from t he Fr om
I n t e r fa ce drop- down list box.
Et her Type
Select a predefined applicat ion t o configure a class for t he m at ched t raffic.
I f you select I P, you also need t o configure source or dest inat ion MAC address, I P address,
DHCP opt ions, DSCP value or t he prot ocol t ype.
I f you select 8 0 2 .1 Q, you can configure an 802.1p priorit y level.
Source
Address
Select t he check box and ent er t he source I P address in dot t ed decim al not at ion. A blank
source I P address m eans any source I P address.
Subnet
Net m ask
Ent er t he source subnet m ask.
Port Range
I f you select TCP or UD P in t he I P Pr ot ocol field, select t he check box and ent er t he port
num ber( s) of t he source.
MAC
Select t he check box and ent er t he source MAC address of t he packet .
MAC Mask
Type t he m ask for t he specified MAC address t o det erm ine which bit s a packet ’s MAC
address should m at ch.
Ent er “ f” for each bit of t he specified source MAC address t hat t he t raffic’s MAC address
should m at ch. Ent er “ 0” for t he bit ( s) of t he m at ched t raffic’s MAC address, which can be of
any hexadecim al charact er( s) . For exam ple, if you set t he MAC address t o
00: 13: 49: 00: 00: 00 and t he m ask t o ff: ff: ff: 00: 00: 00, a packet wit h a MAC address of
00: 13: 49: 12: 34: 56 m at ches t his crit eria.
Exclude
Select t his opt ion t o exclude t he packet s t hat m at ch t he specified crit eria from t his classifier.
Dest inat ion
Address
Select t he check box and ent er t he source I P address in dot t ed decim al not at ion. A blank
source I P address m eans any source I P address.
Subnet
Net m ask
Ent er t he source subnet m ask.
Port Range
I f you select TCP or UD P in t he I P Pr ot ocol field, select t he check box and ent er t he port
num ber( s) of t he source.
MAC
Select t he check box and ent er t he source MAC address of t he packet .
MAC Mask
Type t he m ask for t he specified MAC address t o det erm ine which bit s a packet ’s MAC
address should m at ch.
Ent er “ f” for each bit of t he specified source MAC address t hat t he t raffic’s MAC address
should m at ch. Ent er “ 0” for t he bit ( s) of t he m at ched t raffic’s MAC address, which can be of
any hexadecim al charact er( s) . For exam ple, if you set t he MAC address t o
00: 13: 49: 00: 00: 00 and t he m ask t o ff: ff: ff: 00: 00: 00, a packet wit h a MAC address of
00: 13: 49: 12: 34: 56 m at ches t his crit eria.
Exclude
Select t his opt ion t o exclude t he packet s t hat m at ch t he specified crit eria from t his classifier.
Ot hers
VMG8324-B10A / VMG8324-B30A Series User’s Guide
147
Chapter 9 Quality of Service (QoS)
Table 51 Class Set up: Add/ Edit ( cont inued)
LABEL
Service
DESCRIPTION
This field is available only when you select I P in t he Et h e r Type field.
This field sim plifies classifier configurat ion by allowing you t o select a predefined
applicat ion. When you select a predefined applicat ion, you do not configure t he rest of t he
filt er fields.
I P Prot ocol
This field is available only when you select I P in t he Et h e r Type field.
Select t his opt ion and select t he prot ocol ( service t ype) from TCP, UD P, I CM P or I GM P. I f
you select Use r de fin e d, ent er t he prot ocol ( service t ype) num ber.
DHCP
This field is available only when you select I P in t he Et h e r Type field.
Select t his opt ion and select a DHCP opt ion.
I f you select Ve n dor Cla ss I D ( D H CP Opt ion 6 0 ) , ent er t he Vendor Class I dent ifier
( Opt ion 60) of t he m at ched t raffic, such as t he t ype of t he hardware or firm ware.
I f you select Use r Cla ss I D ( D H CP Opt ion 7 7 ) , ent er a st ring t hat ident ifies t he user ’s
cat egory or applicat ion t ype in t he m at ched DHCP packet s.
Packet
Lengt h
This field is available only when you select I P in t he Et h e r Type field.
Select t his opt ion and ent er t he m inim um and m axim um packet lengt h ( from 46 t o 1500) in
t he fields provided.
DSCP
This field is available only when you select I P in t he Et h e r Type field.
Select t his opt ion and specify a DSCP ( DiffServ Code Point ) num ber bet ween 0 and 63 in t he
field provided.
802.1P
This field is available only when you select 8 0 2 .1 Q in t he Et h e r Type field.
Select t his opt ion and select a priorit y level ( bet ween 0 and 7) from t he drop- down list box.
" 0" is t he lowest priorit y level and " 7" is t he highest .
VLAN I D
This field is available only when you select 8 0 2 .1 Q in t he Et h e r Type field.
Select t his opt ion and specify a VLAN I D num ber.
TCP ACK
This field is available only when you select I P in t he Et h e r Type field.
I f you select t his opt ion, t he m at ched TCP packet s m ust cont ain t he ACK ( Acknowledge)
flag.
Exclude
DSCP Mark
Select t his opt ion t o exclude t he packet s t hat m at ch t he specified crit eria from t his classifier.
This field is available only when you select I P in t he Et h e r Type field.
I f you select M a r k , ent er a DSCP value wit h which t he Device replaces t he DSCP field in t he
packet s.
I f you select Un cha n ge , t he Device keep t he DSCP field in t he packet s.
802.1P Mark
Select a priorit y level wit h which t he Device replaces t he I EEE 802.1p priorit y field in t he
packet s.
I f you select Un cha n ge , t he Device keep t he 802.1p priorit y field in t he packet s.
VLAN I D
I f you select Re m a r k , ent er a VLAN I D num ber wit h which t he Device replaces t he VLAN I D
of t he fram es.
I f you select Re m ove , t he Device delet es t he VLAN I D of t he fram es before forwarding
t hem out .
I f you select Add, t he Device t reat all m at ched t raffic unt agged and add a second VLAN I D.
I f you select Un cha n ge , t he Device keep t he VLAN I D in t he packet s.
Forward t o
I nt erface
148
Select a WAN int erface t hrough which t raffic of t his class will be forwarded out . I f you select
Un ch a n ge , t he Device forward t raffic of t his class according t o t he default rout ing t able.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 9 Quality of Service (QoS)
Table 51 Class Set up: Add/ Edit ( cont inued)
LABEL
DESCRIPTION
To Queue I ndex
Select a queue t hat applies t o t his class.
You should have configured a queue in t he Qu e u e Se t u p screen already.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
9.6 The QoS Policer Setup Screen
Use t his screen t o configure QoS policers t hat allow you t o lim it t he t ransm ission rat e of incom ing
t raffic. Click N e t w or k Se t t in g > QoS > Police r Se t up. The screen appears as shown.
Figure 79 Net work Set t ing > QoS > Policer Set up
The following t able describes t he labels in t his screen.
Table 52 Net work Set t ing > QoS > Policer Set up
LABEL
DESCRIPTION
Add new Policer
Click t his t o creat e a new ent ry.
This is t he index num ber of t he ent ry.
St at us
This field displays whet her t he policer is act ive or not . A yellow bulb signifies t hat t his
policer is act ive. A gray bulb signifies t hat t his policer is not act ive.
Nam e
This field displays t he descript ive nam e of t his policer.
Regulat ed
Classes
This field displays t he nam e of a QoS classifier
Met er Type
This field displays t he t ype of QoS m et ering algorit hm used in t his policer.
Rule
These are t he rat es and burst sizes against which t he policer checks t he t raffic of t he
m em ber QoS classes.
Act ion
This shows t he how t he policer has t he Device t reat different t ypes of t raffic belonging t o
t he policer ’s m em ber QoS classes.
Modify
Click t he Edit icon t o edit t he policer.
Click t he D e le t e icon t o delet e an exist ing policer. Not e t hat subsequent rules m ove up by
one when you t ake t his act ion.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
149
Chapter 9 Quality of Service (QoS)
9.6.1 Add/Edit a QoS Policer
Click Add ne w Police r in t he Police r Se t u p screen or t he Edit icon next t o a policer t o show t he
following screen.
Figure 80 Policer Set up: Add/ Edit
The following t able describes t he labels in t his screen.
Table 53 Policer Set up: Add/ Edit
LABEL
DESCRIPTION
Act ive
Select t he check box t o act ivat e t his policer.
Nam e
Ent er t he descript ive nam e of t his policer.
Met er Type
This shows t he t raffic m et ering algorit hm used in t his policer.
The Sim ple Tok e n Bu ck e t algorit hm uses t okens in a bucket t o cont rol when t raffic can be
t ransm it t ed. Each t oken represent s one byt e. The algorit hm allows burst s of up t o b byt es
which is also t he bucket size.
The Sin gle Ra t e Thr e e Color M a r k e r ( srTCM) is based on t he t oken bucket filt er and
ident ifies packet s by com paring t hem t o t he Com m it t ed I nform at ion Rat e ( CI R) , t he
Com m it t ed Burst Size ( CBS) and t he Excess Burst Size ( EBS) .
The Tw o Ra t e Th r e e Color M a r k e r ( t rTCM) is based on t he t oken bucket filt er and
ident ifies packet s by com paring t hem t o t he Com m it t ed I nform at ion Rat e ( CI R) and t he
Peak I nform at ion Rat e ( PI R) .
Com m it t ed
Rat e
Specify t he com m it t ed rat e. When t he incom ing t raffic rat e of t he m em ber QoS classes is
less t han t he com m it t ed rat e, t he device applies t he conform ing act ion t o t he t raffic.
Com m it t ed
Burst Size
Specify t he com m it t ed burst size for packet burst s. This m ust be equal t o or less t han t he
peak burst size ( t wo rat e t hree color) or excess burst size ( single rat e t hree color) if it is also
configured.
This is t he m axim um size of t he ( first ) t oken bucket in a t raffic m et ering algorit hm .
Conform ing
Act ion
Specify what t he Device does for packet s wit hin t he com m it t ed rat e and burst size ( greenm arked packet s) .
•
•
NonConform ing
Act ion
150
Pa ss: Send t he packet s wit hout m odificat ion.
D SCP M a r k : Change t he DSCP m ark value of t he packet s. Ent er t he DSCP m ark value t o
use.
Specify what t he Device does for packet s t hat exceed t he excess burst size or peak rat e and
burst size ( red- m arked packet s) .
•
•
D r op: Discard t he packet s.
D SCP M a r k : Change t he DSCP m ark value of t he packet s. Ent er t he DSCP m ark value t o
use. The packet s m ay be dropped if t here is congest ion on t he net work.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 9 Quality of Service (QoS)
Table 53 Policer Set up: Add/ Edit
LABEL
DESCRIPTION
Available Class
Select a QoS classifier t o apply t his QoS policer t o t raffic t hat m at ches t he QoS classifier.
Select ed Class
Highlight a QoS classifier in t he Ava ila ble Cla ss box and use t he > but t on t o m ove it t o t he
Se le ct e d Cla ss box.
To rem ove a QoS classifier from t he Se le ct e d Cla ss box, select it and use t he < but t on.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
9.7 The QoS Monitor Screen
This screen is available only when you set a rat e lim it for a WAN queue in t he Que ue Se t up screen
and t he WAN int erface is connect ed. Use t his screen t o m onit or t he t raffic st at ist ics for bot h t he
WAN and LAN int erfaces. To view t he Device’s QoS packet st at ist ics, click N e t w or k Se t t ing > QoS
> M on it or. The screen appears as shown.
Figure 81 Net work Set t ing > QoS > Monit or
The following t able describes t he labels in t his screen.
Table 54 Net work Set t ing > QoS > Monit or
LABEL
DESCRIPTION
Refresh I nt erval
Ent er how oft en you want t he Device t o updat e t his screen. Select No Refresh
t o st op refreshing st at ist ics.
I nt erface Monit or
This is t he index num ber of t he ent ry.
Nam e
This shows t he nam e of t he int erface on t he Device.
Pass Rat e
This shows how m any packet s forwarded t o t his int erface are t ransm it t ed
successfully.
Drop Rat e
This shows how m any packet s forwarded t o t his int erface are dropped.
Queue Monit or
This is t he index num ber of t he ent ry.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
151
Chapter 9 Quality of Service (QoS)
Table 54 Net work Set t ing > QoS > Monit or ( cont inued)
LABEL
DESCRIPTION
Nam e
This shows t he nam e of t he queue.
Pass Rat e
This shows how m any packet s assigned t o t his queue are t ransm it t ed
successfully.
Drop Rat e
This shows how m any packet s assigned t o t his queue are dropped.
9.8 Technical Reference
The following sect ion cont ains addit ional t echnical inform at ion about t he Device feat ures described
in t his chapt er.
IEEE 802.1Q Tag
The I EEE 802.1Q st andard defines an explicit VLAN t ag in t he MAC header t o ident ify t he VLAN
m em bership of a fram e across bridges. A VLAN t ag includes t he 12- bit VLAN I D and 3- bit user
priorit y. The VLAN I D associat es a fram e wit h a specific VLAN and provides t he inform at ion t hat
devices need t o process t he fram e across t he net work.
I EEE 802.1p specifies t he user priorit y field and defines up t o eight separat e t raffic t ypes. The
following t able describes t he t raffic t ypes defined in t he I EEE 802.1d st andard ( which incorporat es
t he 802.1p) .
Table 55 I EEE 802.1p Priorit y Level and Traffic Type
PRIORITY
LEVEL
TRAFFIC TYPE
Level 7
Typically used for net work cont rol t raffic such as rout er configurat ion m essages.
Level 6
Typically used for voice t raffic t hat is especially sensit ive t o j it t er ( j it t er is t he
variat ions in delay) .
Level 5
Typically used for video t hat consum es high bandwidt h and is sensit ive t o j it t er.
Level 4
Typically used for cont rolled load, lat ency- sensit ive t raffic such as SNA ( Syst em s
Net work Archit ect ure) t ransact ions.
Level 3
Typically used for “ excellent effort ” or bet t er t han best effort and would include
im port ant business t raffic t hat can t olerat e som e delay.
Level 2
This is for “ spare bandwidt h”.
Level 1
This is t ypically used for non- crit ical “ background” t raffic such as bulk t ransfers t hat
are allowed but t hat should not affect ot her applicat ions and users.
Level 0
Typically used for best- effort t raffic.
DiffServ
QoS is used t o priorit ize source- t o- dest inat ion t raffic flows. All packet s in t he flow are given t he
sam e priorit y. You can use CoS ( class of service) t o give different priorit ies t o different packet
t ypes.
DiffServ ( Different iat ed Services) is a class of service ( CoS) m odel t hat m arks packet s so t hat t hey
receive specific per- hop t reat m ent at DiffServ- com pliant net work devices along t he rout e based on
t he applicat ion t ypes and t raffic flow. Packet s are m arked wit h DiffServ Code Point s ( DSCPs)
152
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 9 Quality of Service (QoS)
indicat ing t he level of service desired. This allows t he int erm ediary DiffServ- com pliant net work
devices t o handle t he packet s different ly depending on t he code point s wit hout t he need t o
negot iat e pat hs or rem em ber st at e inform at ion for every flow. I n addit ion, applicat ions do not have
t o request a part icular service or give advanced not ice of where t he t raffic is going.
DSCP and Per-Hop Behavior
DiffServ defines a new Different iat ed Services ( DS) field t o replace t he Type of Service ( TOS) field
in t he I P header. The DS field cont ains a 2- bit unused field and a 6- bit DSCP field which can define
up t o 64 service levels. The following figure illust rat es t he DS field.
DSCP is backward com pat ible wit h t he t hree precedence bit s in t he ToS oct et so t hat non- DiffServ
com pliant , ToS- enabled net work device will not conflict wit h t he DSCP m apping.
DSCP ( 6 bit s)
Unused ( 2 bit s)
The DSCP value det erm ines t he forwarding behavior, t he PHB ( Per- Hop Behavior) , t hat each packet
get s across t he DiffServ net work. Based on t he m arking rule, different kinds of t raffic can be
m arked for different kinds of forwarding. Resources can t hen be allocat ed according t o t he DSCP
values and t he configured policies.
IP Precedence
Sim ilar t o I EEE 802.1p priorit izat ion at layer- 2, you can use I P precedence t o priorit ize packet s in a
layer- 3 net work. I P precedence uses t hree bit s of t he eight- bit ToS ( Type of Service) field in t he I P
header. There are eight classes of services ( ranging from zero t o seven) in I P precedence. Zero is
t he lowest priorit y level and seven is t he highest .
Automatic Priority Queue Assignment
I f you enable QoS on t he Device, t he Device can aut om at ically base on t he I EEE 802.1p priorit y
level, I P precedence and/ or packet lengt h t o assign priorit y t o t raffic which does not m at ch a class.
The following t able shows you t he int ernal layer- 2 and layer- 3 QoS m apping on t he Device. On t he
Device, t raffic assigned t o higher priorit y queues get s t hrough fast er while t raffic in lower index
queues is dropped if t he net work is congest ed.
Table 56 I nt ernal Layer2 and Layer3 QoS Mapping
LAYER 2
LAYER 3
PRIORITY
QUEUE
IEEE 802.1P USER
PRIORITY
(ETHERNET
PRIORITY)
TOS (IP
PRECEDENCE)
DSCP
000000
000000
> 1100
001110
250~ 1100
IP PACKET
LENGTH (BYTE)
001100
001010
001000
VMG8324-B10A / VMG8324-B30A Series User’s Guide
153
Chapter 9 Quality of Service (QoS)
Table 56 I nt ernal Layer2 and Layer3 QoS Mapping
LAYER 2
LAYER 3
PRIORITY
QUEUE
IEEE 802.1P USER
PRIORITY
(ETHERNET
PRIORITY)
TOS (IP
PRECEDENCE)
DSCP
010110
IP PACKET
LENGTH (BYTE)
010100
010010
010000
011110
< 250
011100
011010
011000
100110
100100
100010
100000
101110
101000
110000
111000
Token Bucket
The t oken bucket algorit hm uses t okens in a bucket t o cont rol when t raffic can be t ransm it t ed. The
bucket st ores t okens, each of which represent s one byt e. The algorit hm allows burst s of up t o b
byt es which is also t he bucket size, so t he bucket can hold up t o b t okens. Tokens are generat ed
and added int o t he bucket at a const ant rat e. The following shows how t okens work wit h packet s:
• A packet can be t ransm it t ed if t he num ber of t okens in t he bucket is equal t o or great er t han t he
size of t he packet ( in byt es) .
• Aft er a packet is t ransm it t ed, a num ber of t okens corresponding t o t he packet size is rem oved
from t he bucket .
• I f t here are no t okens in t he bucket , t he Device st ops t ransm it t ing unt il enough t okens are
generat ed.
• I f not enough t okens are available, t he Device t reat s t he packet in eit her one of t he following
ways:
I n t raffic shaping:
• Holds it in t he queue unt il enough t okens are available in t he bucket .
I n t raffic policing:
• Drops it .
• Transm it s it but adds a DSCP m ark. The Device m ay drop t hese m arked packet s if t he net work
is overloaded.
154
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 9 Quality of Service (QoS)
Configure t he bucket size t o be equal t o or less t han t he am ount of t he bandwidt h t hat t he int erface
can support . I t does not help if you set it t o a bucket size over t he int erface’s capabilit y. The sm aller
t he bucket size, t he lower t he dat a t ransm ission rat e and t hat m ay cause out going packet s t o be
dropped. A larger t ransm ission rat e requires a big bucket size. For exam ple, use a bucket size of 10
kbyt es t o get t he t ransm ission rat e up t o 10 Mbps.
Single Rate Three Color Marker
The Single Rat e Three Color Marker ( srTCM, defined in RFC 2697) is a t ype of t raffic policing t hat
ident ifies packet s by com paring t hem t o one user- defined rat e, t he Com m it t ed I nform at ion Rat e
( CI R) , and t wo burst sizes: t he Com m it t ed Burst Size ( CBS) and Excess Burst Size ( EBS) .
The srTCM evaluat es incom ing packet s and m arks t hem wit h one of t hree colors which refer t o
packet loss priorit y levels. High packet loss priorit y level is referred t o as red, m edium is referred t o
as yellow and low is referred t o as green.
The srTCM is based on t he t oken bucket filt er and has t wo t oken bucket s ( CBS and EBS) . Tokens
are generat ed and added int o t he bucket at a const ant rat e, called Com m it t ed I nform at ion Rat e
( CI R) . When t he first bucket ( CBS) is full, new t okens overflow int o t he second bucket ( EBS) .
All packet s are evaluat ed against t he CBS. I f a packet does not exceed t he CBS it is m arked green.
Ot herwise it is evaluat ed against t he EBS. I f it is below t he EBS t hen it is m arked yellow. I f it
exceeds t he EBS t hen it is m arked red.
The following shows how t okens work wit h incom ing packet s in srTCM:
• A packet arrives. The packet is m arked green and can be t ransm it t ed if t he num ber of t okens in
t he CBS bucket is equal t o or great er t han t he size of t he packet ( in byt es) .
• Aft er a packet is t ransm it t ed, a num ber of t okens corresponding t o t he packet size is rem oved
from t he CBS bucket .
• I f t here are not enough t okens in t he CBS bucket , t he Device checks t he EBS bucket . The packet
is m arked yellow if t here are sufficient t okens in t he EBS bucket . Ot herwise, t he packet is m arked
red. No t okens are rem oved if t he packet is dropped.
Two Rate Three Color Marker
The Two Rat e Three Color Marker ( t rTCM, defined in RFC 2698) is a t ype of t raffic policing t hat
ident ifies packet s by com paring t hem t o t wo user- defined rat es: t he Com m it t ed I nform at ion Rat e
( CI R) and t he Peak I nform at ion Rat e ( PI R) . The CI R specifies t he average rat e at which packet s are
adm it t ed t o t he net work. The PI R is great er t han or equal t o t he CI R. CI R and PI R values are based
on t he guarant eed and m axim um bandwidt h respect ively as negot iat ed bet ween a service provider
and client .
The t rTCM evaluat es incom ing packet s and m arks t hem wit h one of t hree colors which refer t o
packet loss priorit y levels. High packet loss priorit y level is referred t o as red, m edium is referred t o
as yellow and low is referred t o as green.
The t rTCM is based on t he t oken bucket filt er and has t wo t oken bucket s ( Com m it t ed Burst Size
( CBS) and Peak Burst Size ( PBS) ) . Tokens are generat ed and added int o t he t wo bucket s at t he CI R
and PI R respect ively.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
155
Chapter 9 Quality of Service (QoS)
All packet s are evaluat ed against t he PI R. I f a packet exceeds t he PI R it is m arked red. Ot herwise it
is evaluat ed against t he CI R. I f it exceeds t he CI R t hen it is m arked yellow. Finally, if it is below t he
CI R t hen it is m arked green.
The following shows how t okens work wit h incom ing packet s in t rTCM:
• A packet arrives. I f t he num ber of t okens in t he PBS bucket is less t han t he size of t he packet ( in
byt es) , t he packet is m arked red and m ay be dropped regardless of t he CBS bucket . No t okens
are rem oved if t he packet is dropped.
• I f t he PBS bucket has enough t okens, t he Device checks t he CBS bucket . The packet is m arked
green and can be t ransm it t ed if t he num ber of t okens in t he CBS bucket is equal t o or great er
t han t he size of t he packet ( in byt es) . Ot herwise, t he packet is m arked yellow.
156
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
10
Network Address Translation (NAT)
10.1 Overview
This chapt er discusses how t o configure NAT on t he Device. NAT ( Net work Address Translat ion NAT, RFC 1631) is t he t ranslat ion of t he I P address of a host in a packet , for exam ple, t he source
address of an out going packet , used wit hin one net work t o a different I P address known wit hin
anot her net work.
10.1.1 What You Can Do in this Chapter
• Use t he Por t For w a r ding screen t o configure forward incom ing service request s t o t he server( s)
on your local net work ( Sect ion 10.2 on page 158) .
• Use t he Applica t ions screen t o forward incom ing service request s t o t he server( s) on your local
net work ( Sect ion 10.3 on page 161) .
• Use t he Por t Tr igge r ing screen t o add and configure t he Device’s t rigger port set t ings ( Sect ion
10.4 on page 162) .
• Use t he D M Z screen t o configure a default server ( Sect ion 10.5 on page 165) .
• Use t he ALG screen t o enable and disable t he NAT and SI P ( VoI P) ALG in t he Device (Sect ion
10.6 on page 166) .
• Use t he Addr e ss M a pping screen t o configure t he Device's address m apping set t ings ( Sect ion
10.7 on page 166) .
• Use t he Se ssion s screen t o configure t he Device's m axim um num ber of NAT sessions (Sect ion
10.7 on page 166) .
10.1.2 What You Need To Know
Inside/Outside
I nside/ out side denot es where a host is locat ed relat ive t o t he Device, for exam ple, t he com put ers
of your subscribers are t he inside host s, while t he web servers on t he I nt ernet are t he out side
host s.
Global/Local
Global/ local denot es t he I P address of a host in a packet as t he packet t raverses a rout er, for
exam ple, t he local address refers t o t he I P address of a host when t he packet is in t he local
net work, while t he global address refers t o t he I P address of t he host when t he sam e packet is
t raveling in t he WAN side.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
157
Chapter 10 Network Address Translation (NAT)
NAT
I n t he sim plest form , NAT changes t he source I P address in a packet received from a subscriber
( t he inside local address) t o anot her ( t he inside global address) before forwarding t he packet t o t he
WAN side. When t he response com es back, NAT t ranslat es t he dest inat ion address ( t he inside
global address) back t o t he inside local address before forwarding it t o t he original inside host .
Port Forwarding
A port forwarding set is a list of inside ( behind NAT on t he LAN) servers, for exam ple, web or FTP,
t hat you can m ake visible t o t he out side world even t hough NAT m akes your whole inside net work
appear as a single com put er t o t he out side world.
Finding Out More
See Sect ion 10.10 on page 169 for advanced t echnical inform at ion on NAT.
10.2 The Port Forwarding Screen
Use t he Por t For w a r din g screen t o forward incom ing service request s t o t he server( s) on your
local net work.
You m ay ent er a single port num ber or a range of port num bers t o be forwarded, and t he local I P
address of t he desired server. The port num ber ident ifies a service; for exam ple, web service is on
port 80 and FTP on port 21. I n som e cases, such as for unknown services or where one server can
support m ore t han one service ( for exam ple bot h FTP and web service) , it m ight be bet t er t o
specify a range of port num bers. You can allocat e a server I P address t hat corresponds t o a port or
a range of port s.
The m ost oft en used port num bers and services are shown in Appendix G on page 397. Please refer
t o RFC 1700 for furt her inform at ion about port num bers.
Not e: Many resident ial broadband I SP account s do not allow you t o run any server
processes ( such as a Web or FTP server) from your locat ion. Your I SP m ay
periodically check for servers and m ay suspend your account if it discovers any
act ive services at your locat ion. I f you are unsure, refer t o your I SP.
Configuring Servers Behind Port Forwarding (Example)
Let 's say you want t o assign port s 21- 25 t o one FTP, Telnet and SMTP server (A in t he exam ple) ,
port 80 t o anot her ( B in t he exam ple) and assign a default server I P address of 192.168.1.35 t o a
158
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 10 Network Address Translation (NAT)
t hird ( C in t he exam ple) . You assign t he LAN I P addresses and t he I SP assigns t he WAN I P address.
The NAT net work appears as a single host on t he I nt ernet .
Figure 82 Mult iple Servers Behind NAT Exam ple
A=192.168.1.33
LAN
WAN
B=192.168.1.34
192.168.1.1
IP Address assigned by ISP
C=192.168.1.3
D=192.168.1.36
Click N e t w or k Se t t in g > N AT > Por t For w a r ding t o open t he following screen.
See Appendix G on page 397 for port num bers com m only used for part icular services.
Figure 83 Net work Set t ing > NAT > Port Forwarding
The following t able describes t he fields in t his screen.
Table 57 Net work Set t ing > NAT > Port Forwarding
LABEL
DESCRIPTION
Add new rule
Click t his t o add a new rule.
This is t he index num ber of t he ent ry.
St at us
This field displays whet her t he NAT rule is act ive or not . A yellow bulb signifies t hat t his rule
is act ive. A gray bulb signifies t hat t his rule is not act ive.
Service Nam e
This show s t he service’s nam e.
WAN I nt erface
This show s t he WAN int erface t hrough which t he service is forwarded.
WAN I P
This field displays t he incom ing packet ’s dest inat ion I P address.
Server I P
Address
This is t he server ’s I P address.
St art Port
This is t he first ext ernal port num ber t hat ident ifies a service.
End Port
This is t he last ext ernal port num ber t hat ident ifies a service.
Translat ion
St art Port
This is t he first int ernal port num ber t hat ident ifies a service.
Translat ion End
Port
This is t he last int ernal port num ber t hat ident ifies a service.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
159
Chapter 10 Network Address Translation (NAT)
Table 57 Net work Set t ing > NAT > Port Forwarding ( cont inued)
LABEL
DESCRIPTION
Prot ocol
This shows t he I P prot ocol support ed by t his virt ual server, whet her it is TCP, UD P, or TCP/
UD P.
Modify
Click t he Edit icon t o edit t his rule.
Click t he D e le t e icon t o delet e an exist ing rule.
10.2.1 Add/Edit Port Forwarding
Click Add ne w r u le in t he Por t For w a r ding screen or click t he Edit icon next t o an exist ing rule t o
open t he following screen.
Figure 84 Port Forwarding: Add/ Edit
The following t able describes t he labels in t his screen.
Table 58 Port Forwarding: Add/ Edit
LABEL
DESCRIPTION
Act ive
Clear t he checkbox t o disable t he rule. Select t he check box t o enable it .
Service Nam e
Ent er a nam e t o ident ify t his rule using keyboard charact ers ( A- Z, a- z, 1- 2 and so on) .
WAN I nt erface
Select t he WAN int erface t hrough which t he service is forwarded.
You m ust have already configured a WAN connect ion wit h NAT enabled.
WAN I P
Ent er t he WAN I P address for which t he incom ing service is dest ined. I f t he packet ’s
dest inat ion I P address doesn’t m at ch t he one specified here, t he port forwarding rule will
not be applied.
St art Port
Ent er t he original dest inat ion port for t he packet s.
To forward only one port , ent er t he port num ber again in t he En d Por t field.
To forward a series of port s, ent er t he st art port num ber here and t he end port num ber in
t he En d Por t field.
160
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 10 Network Address Translation (NAT)
Table 58 Port Forwarding: Add/ Edit ( cont inued)
LABEL
DESCRIPTION
End Port
Ent er t he last port of t he original dest inat ion port range.
To forward only one port , ent er t he port num ber in t he St a r t Por t field above and t hen
ent er it again in t his field.
To forward a series of port s, ent er t he last port num ber in a series t hat begins wit h t he port
num ber in t he St a r t Por t field above.
Translat ion
St art Port
This shows t he port num ber t o which you want t he Device t o t ranslat e t he incom ing port .
For a range of port s, ent er t he first num ber of t he range t o which you want t he incom ing
port s t ranslat ed.
Translat ion End
Port
This shows t he last port of t he t ranslat ed port range.
Server I P
Address
Ent er t he inside I P address of t he virt ual server here.
Prot ocol
Select t he prot ocol support ed by t his virt ual server. Choices are TCP, UD P, or TCP/ UD P.
OK
Click OK t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
10.3 The Applications Screen
This screen provides a sum m ary of all NAT applications and t heir configurat ion. I n addit ion, t his
screen allows you t o creat e new applicat ions and/ or rem ove exist ing ones.
To access t his screen, click N e t w or k Se t t ing > N AT > Applica t ions. The following screen
appears.
Figure 85 Net work Set t ing > NAT > Applicat ions
The following t able describes t he labels in t his screen.
Table 59 Net work Set t ing > NAT > Applicat ions
LABEL
DESCRIPTION
Add new
applicat ion
Click t his t o add a new NAT applicat ion rule.
Applicat ion
Forwarded
This field show s t he t ype of applicat ion t hat t he service forwards.
WAN I nt erface
This field show s t he WAN int erface t hrough which t he service is forwarded.
Server I P
Address
This field displays t he dest inat ion I P address for t he service.
Modify
Click t he D e le t e icon t o delet e t he rule.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
161
Chapter 10 Network Address Translation (NAT)
10.3.1 Add New Application
This screen let s you creat e new NAT applicat ion rules. Click Add ne w a pplica t ion in t he
Applica t ions screen t o open t he following screen.
Figure 86 Applicat ions: Add
The following t able describes t he labels in t his screen.
Table 60 Applicat ions: Add
LABEL
DESCRIPTION
WAN I nt erface
Select t he WAN int erface t hat you want t o apply t his NAT rule t o.
Server I P
Address
Ent er t he inside I P address of t he applicat ion here.
Applicat ion
Cat egory
Select t he cat egory of t he applicat ion from t he drop- down list box.
Applicat ion
Forwarded
Select a service from t he drop- down list box and t he Device aut om at ically configures t he
prot ocol, st art , end, and m ap port num ber t hat define t he service.
View Rule
Click t his t o display t he configurat ion of t he service t hat you have chosen in Applica t ion
Fow a r de d.
OK
Click OK t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
10.4 The Port Triggering Screen
Som e services use a dedicat ed range of port s on t he client side and a dedicat ed range of port s on
t he server side. Wit h regular port forwarding you set a forwarding port in NAT t o forward a service
( com ing in from t he server on t he WAN) t o t he I P address of a com put er on t he client side ( LAN) .
The problem is t hat port forwarding only forwards a service t o a single LAN I P address. I n order t o
use t he sam e service on a different LAN com put er, you have t o m anually replace t he LAN
com put er's I P address in t he forwarding port wit h anot her LAN com put er's I P address.
Trigger port forwarding solves t his problem by allowing com put ers on t he LAN t o dynam ically t ake
t urns using t he service. The Device records t he I P address of a LAN com put er t hat sends t raffic t o
t he WAN t o request a service wit h a specific port num ber and prot ocol ( a " t rigger" port ) . When t he
Device's WAN port receives a response wit h a specific port num ber and prot ocol ( " open" port ) , t he
Device forwards t he t raffic t o t he LAN I P address of t he com put er t hat sent t he request . Aft er t hat
com put er ’s connect ion for t hat service closes, anot her com put er on t he LAN can use t he service in
t he sam e m anner. This way you do not need t o configure a new I P address each t im e you want a
different LAN com put er t o use t he applicat ion.
162
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 10 Network Address Translation (NAT)
For exam ple:
Figure 87 Trigger Port Forwarding Process: Exam ple
Jane request s a file from t he Real Audio server ( port 7070) .
Port 7070 is a “ t rigger ” port and causes t he Device t o record Jane’s com put er I P address. The
Device associat es Jane's com put er I P address wit h t he " open" port range of 6970- 7170.
The Real Audio server responds using a port num ber ranging bet ween 6970- 7170.
The Device forwards t he t raffic t o Jane’s com put er I P address.
Only Jane can connect t o t he Real Audio server unt il t he connect ion is closed or t im es out . The
Device t im es out in t hree m inut es wit h UDP ( User Dat agram Prot ocol) or t wo hours wit h TCP/ I P
( Transfer Cont rol Prot ocol/ I nt ernet Prot ocol) .
Click N e t w or k Se t t ing > N AT > Por t Tr igge r ing t o open t he following screen. Use t his screen t o
view your Device’s t rigger port set t ings.
Figure 88 Net work Set t ing > NAT > Port Triggering
The following t able describes t he labels in t his screen.
Table 61 Net work Set t ing > NAT > Port Triggering
LABEL
DESCRIPTION
Add new rule
Click t his t o creat e a new rule.
This is t he index num ber of t he ent ry.
St at us
This field displays whet her t he port t riggering rule is act ive or not . A yellow bulb signifies
t hat t his rule is act ive. A gray bulb signifies t hat t his rule is not act ive.
Service Nam e
This field displays t he nam e of t he service used by t his rule.
WAN I nt erface
This field show s t he WAN int erface t hrough which t he service is forwarded.
Trigger St art
Port
The t rigger port is a port ( or a range of port s) t hat causes ( or t riggers) t he Device t o record
t he I P address of t he LAN com put er t hat sent t he t raffic t o a server on t he WAN.
This is t he first port num ber t hat ident ifies a service.
Trigger End
Port
This is t he last port num ber t hat ident ifies a service.
Trigger Prot o.
This is t he t rigger t ransport layer prot ocol.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
163
Chapter 10 Network Address Translation (NAT)
Table 61 Net work Set t ing > NAT > Port Triggering ( cont inued)
LABEL
DESCRIPTION
Open St art Port
The open port is a port ( or a range of port s) t hat a server on t he WAN uses when it sends
out a part icular service. The Device forwards t he t raffic wit h t his port ( or range of port s) t o
t he client com put er on t he LAN t hat request ed t he service.
This is t he first port num ber t hat ident ifies a service.
Open End Port
This is t he last port num ber t hat ident ifies a service.
Open Prot o.
This is t he open t ransport layer prot ocol.
Modify
Click t he Edit icon t o edit t his rule.
Click t he D e le t e icon t o delet e an exist ing rule.
10.4.1 Add/Edit Port Triggering Rule
This screen let s you creat e new port t riggering rules. Click Add ne w r u le in t he Por t Tr igge r ing
screen or click a rule’s Edit icon t o open t he following screen.
Figure 89 Port Triggering: Add/ Edit
The following t able describes t he labels in t his screen.
Table 62 Port Triggering: Configurat ion Add/ Edit
LABEL
DESCRIPTION
Act ive
Select t he check box t o enable t his rule.
Service Nam e
Ent er a nam e t o ident ify t his rule using keyboard charact ers ( A- Z, a- z, 1- 2 and so on) .
WAN I nt erface
Select a WAN int erface for which you want t o configure port t riggering rules.
Trigger St art
Port
The t rigger port is a port ( or a range of port s) t hat causes ( or t riggers) t he Device t o record
t he I P address of t he LAN com put er t hat sent t he t raffic t o a server on t he WAN.
Type a port num ber or t he st art ing port num ber in a range of port num bers.
164
Trigger End
Port
Type a port num ber or t he ending port num ber in a range of port num bers.
Trigger Prot ocol
Select t he t ransport layer prot ocol from TCP, UD P, or TCP/ UD P.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 10 Network Address Translation (NAT)
Table 62 Port Triggering: Configurat ion Add/ Edit ( cont inued)
LABEL
DESCRIPTION
Open St art Port
The open port is a port ( or a range of port s) t hat a server on t he WAN uses when it sends
out a part icular service. The Device forwards t he t raffic wit h t his port ( or range of port s) t o
t he client com put er on t he LAN t hat request ed t he service.
Type a port num ber or t he st art ing port num ber in a range of port num bers.
Open End Port
Type a port num ber or t he ending port num ber in a range of port num bers.
Open Prot ocol
Select t he t ransport layer prot ocol from TCP, UD P, or TCP/ UD P.
OK
Click OK t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
10.5 The DMZ Screen
I n addit ion t o t he servers for specified services, NAT support s a default server I P address. A default
server receives packet s from port s t hat are not specified in t he N AT Por t For w a r ding Se t up
screen.
Figure 90 Net work Set t ing > NAT > DMZ
The following t able describes t he fields in t his screen.
Table 63 Net work Set t ing > NAT > DMZ
LABEL
DESCRIPTION
Default Server
Address
Ent er t he I P address of t he default server which receives packet s from port s t hat are not
specified in t he N AT Por t For w a r din g screen.
Note: If you do not assign a Default Server Address, the Device discards all packets
received for ports that are not specified in the NAT Port Forwarding screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
165
Chapter 10 Network Address Translation (NAT)
10.6 The ALG Screen
Som e NAT rout ers m ay include a SI P Applicat ion Layer Gat eway ( ALG) . A SI P ALG allows SI P calls
t o pass t hrough NAT by exam ining and t ranslat ing I P addresses em bedded in t he dat a st ream .
When t he Device regist ers wit h t he SI P regist er server, t he SI P ALG t ranslat es t he Device’s privat e
I P address inside t he SI P dat a st ream t o a public I P address. You do not need t o use STUN or an
out bound proxy if your Device is behind a SI P ALG.
Use t his screen t o enable and disable t he NAT and SI P ( VoI P) ALG in t he Device. To access t his
screen, click N e t w or k Se t t in g > N AT > ALG.
Figure 91 Net work Set t ing > NAT > ALG
The following t able describes t he fields in t his screen.
Table 64 Net work Set t ing > NAT > ALG
LABEL
DESCRIPTION
NAT ALG
Enable t his t o m ake sure applicat ions such as FTP and file t ransfer in I M applicat ions work
correct ly wit h port- forwarding and address- m apping rules.
SI P ALG
Enable t his t o m ake sure SI P ( VoI P) works correct ly wit h port- forwarding and addressm apping rules.
RTSP ALG
Enable t his t o have t he Device det ect RTSP t raffic and help build RTSP sessions t hrough it s
NAT. The Real Tim e St ream ing ( m edia cont rol) Prot ocol ( RTSP) is a rem ot e cont rol for
m ult im edia on t he I nt ernet .
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
10.7 The Address Mapping Screen
Ordering your rules is im port ant because t he Device applies t he rules in t he order t hat you specify.
When a rule m at ches t he current packet , t he Device t akes t he corresponding act ion and t he
rem aining rules are ignored.
Click N e t w or k Se t t in g > N AT > Addr e ss M a ppin g t o display t he following screen.
Figure 92 Net work Set t ing > NAT > Address Mapping
166
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 10 Network Address Translation (NAT)
The following t able describes t he fields in t his screen.
Table 65 Net work Set t ing > NAT > Address Mapping
LABEL
DESCRIPTION
Add new rule
Click t his t o creat e a new rule.
Set
This is t he index num ber of t he address m apping set .
Local St art I P
This is t he st art ing I nside Local I P Address ( I LA) .
Local End I P
This is t he ending I nside Local I P Address ( I LA) . I f t he rule is for all local I P addresses, t hen
t his field displays 0.0.0.0 as t he Local St art I P address and 255.255.255.255 as t he Local
End I P address. This field is blank for On e - t o- On e m apping t ypes.
Global St art I P
This is t he st art ing I nside Global I P Address ( I GA) . Ent er 0.0.0.0 here if you have a dynam ic
I P address from your I SP. You can only do t his for t he M a n y- t o- On e m apping t ype.
Global End I P
This is t he ending I nside Global I P Address ( I GA) . This field is blank for On e - t o- On e and
M a n y- t o- On e m apping t ypes.
Type
This is t he address m apping t ype.
On e - t o- On e : This m ode m aps one local I P address t o one global I P address. Not e t hat port
num bers do not change for t he One- t o- one NAT m apping t ype.
M a n y- t o- On e : This m ode m aps m ult iple local I P addresses t o one global I P address. This is
equivalent t o SUA ( i.e., PAT, port address t ranslat ion) , t he Device's Single User Account
feat ure t hat previous rout ers support ed only.
M a n y- t o- M a n y: This m ode m aps m ult iple local I P addresses t o shared global I P addresses.
Modify
Click t he Edit icon t o go t o t he screen where you can edit t he address m apping rule.
Click t he D e le t e icon t o delet e an exist ing address m apping rule. Not e t hat subsequent
address m apping rules m ove up by one when you t ake t his act ion.
10.7.1 Add/Edit Address Mapping Rule
To add or edit an address m apping rule, click Add ne w r ule or t he rule’s edit icon in t he Addr e ss
M a pping screen t o display t he screen shown next .
Figure 93 Address Mapping: Add/ Edit
VMG8324-B10A / VMG8324-B30A Series User’s Guide
167
Chapter 10 Network Address Translation (NAT)
The following t able describes t he fields in t his screen.
Table 66 Address Mapping: Add/ Edit
LABEL
DESCRIPTION
Type
Choose t he I P/ port m apping t ype from one of t he following.
On e - t o- On e : This m ode m aps one local I P address t o one global I P address. Not e t hat port
num bers do not change for t he One- t o- one NAT m apping t ype.
M a n y- t o- On e : This m ode m aps m ult iple local I P addresses t o one global I P address. This is
equivalent t o SUA ( i.e., PAT, port address t ranslat ion) , t he Device's Single User Account
feat ure t hat previous rout ers support ed only.
M a n y- t o- M a n y: This m ode m aps m ult iple local I P addresses t o shared global I P addresses.
Local St art I P
Ent er t he st art ing I nside Local I P Address ( I LA) .
Local End I P
Ent er t he ending I nside Local I P Address ( I LA) . I f t he rule is for all local I P addresses, t hen
t his field displays 0.0.0.0 as t he Local St art I P address and 255.255.255.255 as t he Local
End I P address. This field is blank for On e - t o- On e m apping t ypes.
Global St art I P
Ent er t he st art ing I nside Global I P Address ( I GA) . Ent er 0.0.0.0 here if you have a dynam ic
I P address from your I SP. You can only do t his for t he M a n y- t o- On e m apping t ype.
Global End I P
Ent er t he ending I nside Global I P Address ( I GA) . This field is blank for On e - t o- On e and
M a n y- t o- On e m apping t ypes.
Set
Select t he num ber of t he m apping set for which you want t o configure.
OK
Click OK t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
10.8 The Address Mapping Screen
Ordering your rules is im port ant because t he Device applies t he rules in t he order t hat you specify.
When a rule m at ches t he current packet , t he Device t akes t he corresponding act ion and t he
rem aining rules are ignored.
Click N e t w or k Se t t in g > N AT > Addr e ss M a ppin g t o display t he following screen.
Figure 94 Net work Set t ing > NAT > Address Mapping
The following t able describes t he fields in t his screen.
Table 67 Net work Set t ing > NAT > Address Mapping
168
LABEL
DESCRIPTION
Add new rule
Click t his t o creat e a new rule.
Set
This is t he index num ber of t he address m apping set .
Local St art I P
This is t he st art ing I nside Local I P Address ( I LA) .
Local End I P
This is t he ending I nside Local I P Address ( I LA) . I f t he rule is for all local I P addresses, t hen
t his field displays 0.0.0.0 as t he Local St art I P address and 255.255.255.255 as t he Local
End I P address. This field is blank for On e - t o- On e m apping t ypes.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 10 Network Address Translation (NAT)
Table 67 Net work Set t ing > NAT > Address Mapping ( cont inued)
LABEL
DESCRIPTION
Global St art I P
This is t he st art ing I nside Global I P Address ( I GA) . Ent er 0.0.0.0 here if you have a dynam ic
I P address from your I SP. You can only do t his for t he M a n y- t o- On e m apping t ype.
Global End I P
This is t he ending I nside Global I P Address ( I GA) . This field is blank for On e - t o- On e and
M a n y- t o- On e m apping t ypes.
Type
This is t he address m apping t ype.
On e - t o- On e : This m ode m aps one local I P address t o one global I P address. Not e t hat port
num bers do not change for t he One- t o- one NAT m apping t ype.
M a n y- t o- On e : This m ode m aps m ult iple local I P addresses t o one global I P address. This is
equivalent t o SUA ( i.e., PAT, port address t ranslat ion) , t he Device's Single User Account
feat ure t hat previous rout ers support ed only.
M a n y- t o- M a n y: This m ode m aps m ult iple local I P addresses t o shared global I P addresses.
Modify
Click t he Edit icon t o go t o t he screen where you can edit t he address m apping rule.
Click t he D e le t e icon t o delet e an exist ing address m apping rule. Not e t hat subsequent
address m apping rules m ove up by one when you t ake t his act ion.
10.9 The Sessions Screen
Use t his screen t o lim it t he num ber of concurrent NAT sessions a client can use. Click N e t w or k
Se t t in g > N AT > Se ssion s t o display t he following screen.
Figure 95 Net work Set t ing > NAT > Sessions
The following t able describes t he fields in t his screen.
Table 68 Net work Set t ing > NAT > Sessions
LABEL
DESCRIPTION
WAX NAT
Session Per
Host
Use t his field t o set a lim it t o t he num ber of concurrent NAT sessions each client host can
have.
I f only a few client s use peer t o peer applicat ions, you can raise t his num ber t o im prove
t heir perform ance. Wit h heavy peer- t o- peer applicat ion use, lower t his num ber t o ensure no
single client uses t oo m any of t he available NAT sessions.
Apply
Click t his t o save your changes on t his screen.
Cancel
Click t his t o exit t his screen wit hout saving any changes.
10.10 Technical Reference
This part cont ains m ore inform at ion regarding NAT.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
169
Chapter 10 Network Address Translation (NAT)
10.10.1 NAT Definitions
I nside/ out side denot es where a host is locat ed relat ive t o t he Device, for exam ple, t he com put ers
of your subscribers are t he inside host s, while t he web servers on t he I nt ernet are t he out side
host s.
Global/ local denot es t he I P address of a host in a packet as t he packet t raverses a rout er, for
exam ple, t he local address refers t o t he I P address of a host when t he packet is in t he local
net work, while t he global address refers t o t he I P address of t he host when t he sam e packet is
t raveling in t he WAN side.
170
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 10 Network Address Translation (NAT)
Not e t hat inside/ out side refers t o t he locat ion of a host , while global/ local refers t o t he I P address
of a host used in a packet . Thus, an inside local address ( I LA) is t he I P address of an inside host in
a packet when t he packet is st ill in t he local net work, while an inside global address ( I GA) is t he I P
address of t he sam e inside host when t he packet is on t he WAN side. The following t able
sum m arizes t his inform at ion.
Table 69 NAT Definit ions
ITEM
DESCRIPTION
I nside
This refers t o t he host on t he LAN.
Out side
This refers t o t he host on t he WAN.
Local
This refers t o t he packet address ( source or dest inat ion) as t he packet t ravels on t he
LAN.
Global
This refers t o t he packet address ( source or dest inat ion) as t he packet t ravels on t he
WAN.
NAT never changes t he I P address ( eit her local or global) of an out side host .
10.10.2 What NAT Does
I n t he sim plest form , NAT changes t he source I P address in a packet received from a subscriber
( t he inside local address) t o anot her ( t he inside global address) before forwarding t he packet t o t he
WAN side. When t he response com es back, NAT t ranslat es t he dest inat ion address ( t he inside
global address) back t o t he inside local address before forwarding it t o t he original inside host . Not e
t hat t he I P address ( eit her local or global) of an out side host is never changed.
The global I P addresses for t he inside host s can be eit her st at ic or dynam ically assigned by t he I SP.
I n addit ion, you can designat e servers, for exam ple, a web server and a t elnet server, on your local
net work and m ake t hem accessible t o t he out side world. I f you do not define any servers ( for Manyt o- One and Many- t o- Many Overload m apping) , NAT offers t he addit ional benefit of firewall
prot ect ion. Wit h no servers defined, your Device filt ers out all incom ing inquiries, t hus prevent ing
int ruders from probing your net work. For m ore inform at ion on I P address t ranslat ion, refer t o RFC
1631, The I P Net work Address Translat or ( NAT) .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
171
Chapter 10 Network Address Translation (NAT)
10.10.3 How NAT Works
Each packet has t wo addresses – a source address and a dest inat ion address. For out going packet s,
t he I LA ( I nside Local Address) is t he source address on t he LAN, and t he I GA ( I nside Global
Address) is t he source address on t he WAN. For incom ing packet s, t he I LA is t he dest inat ion
address on t he LAN, and t he I GA is t he dest inat ion address on t he WAN. NAT m aps privat e ( local)
I P addresses t o globally unique ones required for com m unicat ion wit h host s on ot her net works. I t
replaces t he original I P source address ( and TCP or UDP source port num bers for Many- t o- One and
Many- t o- Many Overload NAT m apping) in each packet and t hen forwards it t o t he I nt ernet . The
Device keeps t rack of t he original addresses and port num bers so incom ing reply packet s can have
t heir original values rest ored. The following figure illust rat es t his.
Figure 96 How NAT Works
NAT Table
LAN
Inside Local
IP Address
192.168.1.10
192.168.1.11
192.168.1.12
192.168.1.13
192.168.1.13
192.168.1.12
SA
SA
192.168.1.10
IGA1
Inside Local
Address (ILA)
192.168.1.11
172
Inside Global
IP Address
IGA 1
IGA 2
IGA 3
IGA 4
WAN
Inside Global
Address (IGA)
192.168.1.10
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 10 Network Address Translation (NAT)
10.10.4 NAT Application
The following figure illust rat es a possible NAT applicat ion, where t hree inside LANs ( logical LANs
using I P alias) behind t he Device can com m unicat e wit h t hree dist inct WAN net works.
Figure 97 NAT Applicat ion Wit h I P Alias
Port Forwarding: Services and Port Numbers
The m ost oft en used port num bers are shown in t he following t able. Please refer t o RFC 1700 for
furt her inform at ion about port num bers. Please also refer t o t he Support ing CD for m ore exam ples
and det ails on port forwarding and NAT.
Table 70 Services and Port Num bers
SERVICES
PORT NUMBER
ECHO
FTP ( File Transfer Prot ocol)
21
SMTP ( Sim ple Mail Transfer Prot ocol)
25
DNS ( Dom ain Nam e Syst em )
53
Finger
79
HTTP ( Hyper Text Transfer prot ocol or WWW, Web)
80
POP3 ( Post Office Prot ocol)
110
NNTP ( Net work News Transport Prot ocol)
119
SNMP ( Sim ple Net work Managem ent Prot ocol)
161
SNMP t rap
162
PPTP ( Point- t o- Point Tunneling Prot ocol)
1723
VMG8324-B10A / VMG8324-B30A Series User’s Guide
173
Chapter 10 Network Address Translation (NAT)
Port Forwarding Example
Let 's say you want t o assign port s 21- 25 t o one FTP, Telnet and SMTP server (A in t he exam ple) ,
port 80 t o anot her ( B in t he exam ple) and assign a default server I P address of 192.168.1.35 t o a
t hird ( C in t he exam ple) . You assign t he LAN I P addresses and t he I SP assigns t he WAN I P address.
The NAT net work appears as a single host on t he I nt ernet .
Figure 98 Mult iple Servers Behind NAT Exam ple
A=192.168.1.33
192.168.1.1
B=192.168.1.34
IP address assigned by ISP
C=192.168.1.35
174
D=192.168.1.36
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
11
Dynamic DNS Setup
11.1 Overview
DNS
DNS ( Dom ain Nam e Syst em ) is for m apping a dom ain nam e t o it s corresponding I P address and
vice versa. The DNS server is ext rem ely im port ant because wit hout it , you m ust know t he I P
address of a m achine before you can access it .
I n addit ion t o t he syst em DNS server( s) , each WAN int erface ( service) is set t o have it s own st at ic
or dynam ic DNS server list . You can configure a DNS st at ic rout e t o forward DNS queries for cert ain
dom ain nam es t hrough a specific WAN int erface t o it s DNS server( s) . The Device uses a syst em
DNS server ( in t he order you specify in t he Br oa dba n d screen) t o resolve dom ain nam es t hat do
not m at ch any DNS rout ing ent ry. Aft er t he Device receives a DNS reply from a DNS server, it
creat es a new ent ry for t he resolved I P address in t he rout ing t able.
Dynamic DNS
Dynam ic DNS allows you t o updat e your current dynam ic I P address wit h one or m any dynam ic
DNS services so t hat anyone can cont act you ( in Net Meet ing, CU- SeeMe, et c.) . You can also access
your FTP server or Web sit e on your own com put er using a dom ain nam e ( for inst ance
m yhost .dhs.org, where m yhost is a nam e of your choice) t hat will never change inst ead of using an
I P address t hat changes each t im e you reconnect . Your friends or relat ives will always be able t o
call you even if t hey don't know your I P address.
First of all, you need t o have regist ered a dynam ic DNS account wit h www.dyndns.org. This is for
people wit h a dynam ic I P from t heir I SP or DHCP server t hat would st ill like t o have a dom ain nam e.
The Dynam ic DNS service provider will give you a password or key.
11.1.1 What You Can Do in this Chapter
• Use t he D N S En t r y screen t o view, configure, or rem ove DNS rout es (Sect ion 11.2 on page
176) .
• Use t he D yn a m ic D N S screen t o enable DDNS and configure t he DDNS set t ings on t he Device
( Sect ion 11.3 on page 177) .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
175
Chapter 11 Dynamic DNS Setup
11.1.2 What You Need To Know
DYNDNS Wildcard
Enabling t he wildcard feat ure for your host causes * .yourhost .dyndns.org t o be aliased t o t he sam e
I P address as yourhost .dyndns.org. This feat ure is useful if you want t o be able t o use, for exam ple,
www.yourhost .dyndns.org and st ill reach your host nam e.
I f you have a privat e WAN I P address, t hen you cannot use Dynam ic DNS.
11.2 The DNS Entry Screen
Use t his screen t o view and configure DNS rout es on t he Device. Click N e t w or k Se t t ing > D N S t o
open t he D N S En t r y screen.
Figure 99 Net work Set t ing > DNS > DNS Ent ry
The following t able describes t he fields in t his screen.
Table 71 Net work Set t ing > DNS > DNS Ent ry
LABEL
DESCRIPTION
Add new DNS
ent ry
Click t his t o creat e a new DNS ent ry.
This is t he index num ber of t he ent ry.
Host nam e
This indicat es t he host nam e or dom ain nam e.
I P Address
This indicat es t he I P address assigned t o t his com put er.
Modify
Click t he Edit icon t o edit t he rule.
Click t he D e le t e icon t o delet e an exist ing rule.
176
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 11 Dynamic DNS Setup
11.2.1 Add/Edit DNS Entry
You can m anually add or edit t he Device’s DNS nam e and I P address ent ry. Click Add ne w D N S
e nt r y in t he D N S En t r y screen or t he Edit icon next t o t he ent ry you want t o edit . The screen
shown next appears.
Figure 100 DNS Ent ry: Add/ Edit
The following t able describes t he labels in t his screen.
Table 72 DNS Ent ry: Add/ Edit
LABEL
DESCRIPTION
Host Nam e
Ent er t he host nam e of t he DNS ent ry.
I P Address
Ent er t he I P address of t he DNS ent ry.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
11.3 The Dynamic DNS Screen
Use t his screen t o change your Device’s DDNS. Click N e t w or k Se t t in g > D N S > D yn a m ic D N S.
The screen appears as shown.
Figure 101 Net work Set t ing > DNS > Dynam ic DNS
VMG8324-B10A / VMG8324-B30A Series User’s Guide
177
Chapter 11 Dynamic DNS Setup
The following t able describes t he fields in t his screen.
Table 73 Net work Set t ing > DNS > > Dynam ic DNS
LABEL
DESCRIPTION
Dynam ic DNS
Select En a ble t o use dynam ic DNS.
Service
Provider
Select your Dynam ic DNS service provider from t he drop- down list box.
Host nam e
Type t he dom ain nam e assigned t o your Device by your Dynam ic DNS provider.
You can specify up t o t wo host nam es in t he field separat ed by a com m a ( " ," ) .
178
Usernam e
Type your user nam e.
Password
Type t he password assigned t o you.
Em ail
I f you select TZO in t he Se r vice Pr ovide r field, ent er t he user nam e you used t o regist er
for t his service.
Key
I f you select TZO in t he Se r vice Pr ovide r field, ent er t he password you used t o regist er for
t his service.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
12
Interface Group
12.1 Overview
By default , all LAN and WAN int erfaces on t he Device are in t he sam e group and can com m unicat e
wit h each ot her. Creat e int erface groups t o have t he Device assign t he I P addresses in different
dom ains t o different groups. Each group act s as an independent net work on t he Device. This let s
devices connect ed t o an int erface group’s LAN int erfaces com m unicat e t hrough t he int erface
group’s WAN or LAN int erfaces but not ot her WAN or LAN int erfaces.
12.1.1 What You Can Do in this Chapter
The I nt e r fa ce Gr ou p screens let you creat e m ult iple net works on t he Device (Sect ion 12.2 on
page 179) .
12.2 The Interface Group Screen
You can m anually add a LAN int erface t o a new group. Alt ernat ively, you can have t he Device
aut om at ically add t he incom ing t raffic and t he LAN int erface on which t raffic is received t o an
int erface group when it s DHCP Vendor I D opt ion inform at ion m at ches one list ed for t he int erface
group.
Use t he LAN screen t o configure t he privat e I P addresses t he DHCP server on t he Device assigns t o
t he client s in t he default and/ or user- defined groups. I f you set t he Device t o assign I P addresses
based on t he client ’s DHCP Vendor I D opt ion inform at ion, you m ust enable DHCP server and
configure LAN TCP/ I P set t ings for bot h t he default and user- defined groups. See Chapt er 7 on page
107 for m ore inform at ion.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
179
Chapter 12 Interface Group
I n t he following exam ple, t he client t hat sends packet s wit h t he DHCP Vendor I D opt ion set t o MSFT
5.0 ( m eaning it is a Windows 2000 DHCP client ) is assigned t he I P address 192.168.2.2 and uses
t he WAN VDSL_PoE/ ppp0.1 int erface.
Figure 102 I nt erface Grouping Applicat ion
Default: ETH 2~4
192.168.1.x/24
eth10.0
Internet
VDSL_PoE/ppp0.1
192.168.2.x/24
DHCP Vendor ID option: MSFT 5.0
Click N e t w or k Se t t in g > I n t e r fa ce Gr ou p t o open t he following screen.
Figure 103 Net work Set t ing > I nt erface Group
The following t able describes t he fields in t his screen.
Table 74 Net work Set t ing > I nt erface Group
LABEL
DESCRIPTION
Add New
I nt erface Group
Click t his but t on t o creat e a new int erface group.
Group Nam e
This shows t he descript ive nam e of t he group.
WAN I nt erface
This shows t he WAN int erfaces in t he group.
LAN I nt erfaces
This shows t he LAN int erfaces in t he group.
Crit eria
This shows t he filt ering crit eria for t he group.
Modify
Click t he D e le t e icon t o rem ove t he group.
Add
Click t his but t on t o creat e a new group.
12.2.1 Interface Group Configuration
Click t he Add N e w I nt e r fa ce Gr oup but t on in t he I n t e r fa ce Gr ou p screen t o open t he following
screen. Use t his screen t o creat e a new int erface group.
180
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 12 Interface Group
Not e: An int erface can belong t o only one group at a t im e.
Figure 104 I nt erface Group Configurat ion
The following t able describes t he fields in t his screen.
Table 75 I nt erface Group Configurat ion
LABEL
DESCRIPTION
Group Nam e
Ent er a nam e t o ident ify t his group. You can ent er up t o 30 charact ers. You can use let t ers,
num bers, hyphens ( - ) and underscores ( _) . Spaces are not allowed.
WAN I nt erface
used in t he
grouping
Select t he WAN int erface t his group uses. The group can have up t o one PTM int erface, up
t o one ATM int erface and up t o one ETH int erface.
Grouped LAN
I nt erfaces
Select one or m ore LAN int erfaces ( Et hernet LAN, HPNA or wireless LAN) in t he Ava ila ble
LAN I n t e r fa ce s list and use t he left arrow t o m ove t hem t o t he Gr ou pe d LAN I n t e r fa ce s
list t o add t he int erfaces t o t his group.
Available LAN
I nt erfaces
Aut om at ically
Add Client s
Wit h t he
following DHCP
Vendor I Ds
Select N on e t o not add a WAN int erface t o t his group.
To rem ove a LAN or wireless LAN int erface from t he Gr ou pe d LAN I n t e r fa ce s, use t he
right- facing arrow.
Click Add t o ident ify LAN host s t o add t o t he int erface group by crit eria such as t he t ype of
t he hardware or firm ware. See Sect ion 12.2.2 on page 182 for m ore inform at ion.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
181
Chapter 12 Interface Group
Table 75 I nt erface Group Configurat ion ( cont inued)
LABEL
DESCRIPTION
This shows t he index num ber of t he rule.
Filt er Crit eria
This shows t he filt ering crit eria. The LAN int erface on which t he m at ched t raffic is received
will belong t o t his group aut om at ically.
WildCard
Support
This shows if wildcard on DHCP opt ion 60 is enabled.
Rem ove
Click t he Re m ove icon t o delet e t his rule from t he Device.
Apply
Click Apply t o save your changes back t o t he Device.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
12.2.2 Interface Grouping Criteria
Click t he Add but t on in t he I n t e r fa ce Gr oupin g Con figu r a t ion screen t o open t he following
screen.
Figure 105 I nt erface Grouping Crit eria
The following t able describes t he fields in t his screen.
Table 76 I nt erface Grouping Crit eria
LABEL
DESCRIPTION
Source MAC
Address
Ent er t he source MAC address of t he packet .
DHCP Opt ion
60
Select t his opt ion and ent er t he Vendor Class I dent ifier ( Opt ion 60) of t he m at ched t raffic,
such as t he t ype of t he hardware or firm ware.
Enable
wildcard on
DHCP
opt ion 60
opt ion
182
Select t his opt ion t o be able t o use wildcards in t he Vendor Class I dent ifier configured for
DHCP opt ion 60.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 12 Interface Group
Table 76 I nt erface Grouping Crit eria ( cont inued)
LABEL
DESCRIPTION
DHCP Opt ion
61
Select t his and ent er t he device ident it y of t he m at ched t raffic.
I AI D
Ent er t he I dent it y Associat ion I dent ifier ( I AI D) of t he device, for exam ple, t he WAN
connect ion index num ber.
DUI D t ype
Select D UI D - LLT ( DUI D Based on Link- layer Address Plus Tim e) t o ent er t he hardware
t ype, a t im e value and t he MAC address of t he device.
Select D UI D - EN ( DUI D Assigned by Vendor Based upon Ent erprise Num ber) t o ent er t he
vendor ’s regist ered ent erprise num ber.
Select D UI D - LL ( DUI D Based on Link- layer Address) t o ent er t he device’s hardware t ype
and hardware address ( MAC address) in t he following fields.
Select Ot h e r t o ent er any st ring t hat ident ifies t he device in t he DUI D field.
DHCP Opt ion
125
Select t his and ent er vendor specific inform at ion of t he m at ched t raffic.
Ent erprise
Num ber
Ent er t he vendor ’s 32- bit ent erprise num ber regist ered wit h t he I ANA ( I nt ernet Assigned
Num bers Aut horit y) .
Manufact ur
er OUI
Specify t he vendor ’s OUI ( Organizat ion Unique I dent ifier) . I t is usually t he first t hree byt es
of t he MAC address.
Product
Class
Ent er t he product class of t he device.
Model
Nam e
Ent er t he m odel nam e of t he device.
Serial
Num ber
Ent er t he serial num ber of t he device.
Apply
Click Apply t o save your changes back t o t he Device.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
183
Chapter 12 Interface Group
184
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
13
USB Service
13.1 Overview
You can share files on a USB m em ory st ick or hard drive connect ed t o your Device wit h users on
your net work.
The following figure is an overview of t he Device’s file server feat ure. Com put ers A and B can
access files on a USB device ( C) which is connect ed t o t he Device.
Figure 106 File Sharing Overview
The Device will not be able t o j oin t he workgroup if your local area net work has rest rict ions
set up t hat do not allow devices t o j oin a workgroup. I n t his case, cont act your net work
adm inist rat or.
13.1.1 What You Can Do in this Chapter
• Use t he File Sh a r ing screen t o enable file- sharing server ( Sect ion 13.1.3 on page 187) .
• Use t he M e dia Se r ve r screen t o enable or disable t he sharing of m edia files ( Sect ion 13.3 on
page 190) .
• Use t he Pr in t e r Se r ve r screen t o enable t he print server ( Sect ion 13.4 on page 191) .
13.1.2 What You Need To Know
The following t erm s and concept s m ay help as you read t his chapt er.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
185
Chapter 13 USB Service
13.1.2.1 About File Sharing
Workgroup name
This is t he nam e given t o a set of com put ers t hat are connect ed on a net work and share resources
such as a print er or files. Windows aut om at ically assigns t he workgroup nam e when you set up a
net work.
Shares
When set t ings are set t o default , each USB device connect ed t o t he Device is given a folder, called
a “ share”. I f a USB hard drive connect ed t o t he Device has m ore t han one part it ion, t hen each
part it ion will be allocat ed a share. You can also configure a “ share” t o be a sub- folder or file on t he
USB device.
File Systems
A file syst em is a way of st oring and organizing files on your hard drive and st orage device. Oft en
different operat ing syst em s such as Windows or Linux have different file syst em s. The file sharing
feat ure on your Device support s File Allocat ion Table ( FAT) and FAT32.
Common Internet File System
The Device uses Com m on I nt ernet File Syst em ( CI FS) prot ocol for it s file sharing funct ions. CI FS
com pat ible com put ers can access t he USB file st orage devices connect ed t o t he Device. CI FS
prot ocol is support ed on Microsoft Windows, Linux Sam ba and ot her operat ing syst em s ( refer t o
your syst em s specificat ions for CI FS com pat ibilit y) .
13.1.2.2 About Printer Server
Print Server
This is a com put er or ot her device which m anages one or m ore print ers, and which sends print j obs
t o each print er from t he com put er it self or ot her devices.
Operating System
An operat ing syst em ( OS) is t he int erface which helps you m anage a com put er. Com m on exam ples
are Microsoft Windows, Mac OS or Linux.
TCP/IP
TCP/ I P ( Transm ission Cont rol Prot ocol/ I nt ernet Prot ocol) is a set of com m unicat ions prot ocols t hat
m ost of t he I nt ernet runs on.
Port
A port m aps a net work service such as ht t p t o a process running on your com put er, such as a
process run by your web browser. When t raffic from t he I nt ernet is received on your com put er, t he
port num ber is used t o ident ify which process running on your com put er it is int ended for.
186
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 13 USB Service
Supported OSs
Your operat ing syst em m ust support TCP/ I P port s for print ing and be com pat ible wit h t he RAW ( port
9100) prot ocol.
The following OSs support Device’s print er sharing feat ure.
• Microsoft Windows 95, Windows 98 SE ( Second Edit ion) , Windows Me, Windows NT 4.0, Windows
2000, Windows XP or Macint osh OS X.
13.1.3 Before You Begin
Make sure t he Device is connect ed t o your net work and t urned on.
Connect t he USB device t o one of t he Device’s USB port . Make sure t he Device is connect ed t o your
net work.
The Device det ect s t he USB device and m akes it s cont ent s available for browsing. I f you are
connect ing a USB hard drive t hat com es wit h an ext ernal power supply, m ake sure it is connect ed
t o an appropriat e power source t hat is on.
Not e: I f your USB device cannot be det ect ed by t he Device, see t he t roubleshoot ing for
suggest ions.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
187
Chapter 13 USB Service
13.2 The File Sharing Screen
Use t his screen t o set up file sharing t hrough t he Device. The Device’s LAN users can access t he
shared folder ( or share) from t he USB device insert ed in t he Device. To access t his screen, click
N e t w or k Se t t ing > USB Se r vice > File Sha r ing.
Figure 107 Net work Set t ing > USB Service > File Sharing
Each field is described in t he following t able.
Table 77 Net work Set t ing > Hom e Net working > File Sharing
LABEL
DESCRIPTION
I nform at ion
Volum e
This is t he volum e nam e t he Device gives t o an insert ed USB device.
Capacit y
This is t he t ot al available m em ory size ( in m egabyt es) on t he USB device.
Used Space
This is t he m em ory size ( in m egabyt es) already used on t he USB device.
Server Configurat ion
File Sharing
Services
Select En a ble t o act ivat e file sharing t hrough t he Device.
Host Nam e
Ent er t he host nam e on t he share.
Share Direct ory List
Add New Share
Click t his t o creat e a new share for users t o access t hrough t he Device.
Act ive
Select t his t o act ivat e t he share.
St at us
This field shows t he st at us of t he share.
: The share is not act ivat ed.
: The share is act ivat ed and shared t o all users.
: The share is act ivat ed and only shared t o t he specified users list ed in t he Account
M a n a ge m e n t sect ion below.
188
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 13 USB Service
Table 77 Net work Set t ing > Hom e Net working > File Sharing
LABEL
DESCRIPTION
Share Nam e
This field shows t he nam e of a folder t hat is shared t hrough t he Device.
Share Pat h
This field shows t he locat ion of t he share in t he Device.
Share
Descript ion
This field shows a short descript ion of t he share.
Modify
Click t he Edit icon t o m odify t he share.
Click t he D e le t e icon t o rem ove t he share from t he Device.
Account Managem ent
Add New User
Click t his but t on t o creat e a user account t o access t he secured shares.
Act ive
Select t his t o allow t he user t o access t he secured shares.
St at us
This field shows t he st at us of t he user.
: The user account is not act ivat ed for t he share.
: The user account is act ivat ed for t he share.
User Nam e
This is t he nam e of a user who is allowed t o access t he secured shares on t he USB device.
Modify
Click t he Edit icon t o m odify t he user account .
Click t he D e le t e icon t o rem ove t he user account from t he Device.
Apply
Click t his t o save your changes t o t he Device.
Cancel
Click t his t o rest ore your previously saved set t ings.
13.2.1 The Add New Share Screen
Use t his screen t o creat e a share. To access t his screen, click t he Add n e w sh a r e but t on in t he
N e t w or k Se t t ing > USB Se r vice > File Sha r ing screen.
Figure 108 Net work Set t ing > USB Service > File Sharing > Add new share
Each field is described in t he following t able.
Table 78 Net work Set t ing > Hom e Net working > File Sharing > Add new share
LABEL
DESCRIPTION
Volum e
Select t he volum e where you want t o creat e t he share.
Share Pat h
Type in t he locat ion of t he share or click t he Browse but t on t o locat e t he folder.
Descript ion
Type m ore inform at ion t o describe t he share opt ionally.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
189
Chapter 13 USB Service
Table 78 Net work Set t ing > Hom e Net working > File Sharing > Add new share
LABEL
DESCRIPTION
Access Level
Select Public t o allow all users on t he net work t o access t he shared files.
Select Se cu r it y t o require users t o log in t o access shared files.
Set up user account s in t he Accou n t M a n a ge m e n t sect ion.
Apply
Click t his t o save your changes t o t he Device.
Back
Click t his t o ret urn t o t he previous screen.
13.2.2 The Add New User Screen
Use t his screen t o creat e a user account t hat can access t he secured shares on t he USB device. To
access t his screen, click t he Add ne w use r but t on in t he N e t w or k Se t t ing > USB Se r vice > File
Sha r ing screen.
Figure 109 Net work Set t ing > USB Service > File Sharing > Add new user
Each field is described in t he following t able.
Table 79 Net work Set t ing > Hom e Net working > File Sharing > Add new user
LABEL
DESCRIPTION
User Nam e
Ent er a user nam e. You can ent er up t o 16 charact ers. Only let t ers and num bers allowed.
New Password
Ent er t he password used t o access t he secured share. The password m ust be 5 t o 15
charact ers long. Only let t ers and num bers are allowed. The password is case sensit ive.
Ret ype New
Password
Ret ype t he password t hat you ent ered above.
Apply
Click t his t o save your changes t o t he Device.
Back
Click t his t o ret urn t o t he previous screen.
13.3 The Media Server Screen
The m edia server feat ure let s anyone on your net work play video, m usic, and phot os from t he USB
st orage device connect ed t o your Device ( wit hout having t o copy t hem t o anot her com put er) . The
Device can funct ion as a DLNA- com pliant m edia server. The Device st ream s files t o DLNA- com pliant
190
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 13 USB Service
m edia client s ( like Windows Media Player) . The Digit al Living Net work Alliance ( DLNA) is a group of
personal com put er and elect ronics com panies t hat works t o m ake product s com pat ible in a hom e
net work.
The Device m edia server enables you t o:
• Publish all shares for everyone t o play m edia files in t he USB st orage device connect ed t o t he
Device.
• Use hardware- based m edia client s like t he DMA- 2500 t o play t he files.
Not e: Anyone on your net wor k can play t he m edia files in t he published shares. No user
nam e and passwor d or ot her form of secur it y is used. The m edia ser ver is enabled
by default wit h t he video, phot o, and m usic shares published.
To change your Device’s m edia server set t ings, click N e t w or k Se t t ing > USB Se r vice > M e dia
Se r ve r. The screen appears as shown.
Figure 110 Net work Set t ing > USB Service > Media Server
The following t able describes t he labels in t his m enu.
Table 80 Net work Set t ing > USB Service > Media Server
LABEL
DESCRIPTION
Media Server
Select En a ble t o have t he Device funct ion as a DLNA- com pliant m edia server.
Enable t he m edia server t o let ( DLNA- com pliant ) m edia client s on your net work play m edia
files locat ed in t he shares.
I nt erface
Select an int erface on which you want t o enable t he m edia server funct ion.
Media Library
Pat h
Ent er t he pat h client s use t o access t he m edia files on a USB st orage device connect ed t o
t he Device.
Apply
Click Apply t o save your changes.
Cancel
Click Ca nce l t o rest ore your previously saved set t ings.
13.4 Printer Server
The Device allows you t o share a USB print er on your LAN. You can do t his by connect ing a USB
print er t o one of t he USB port s on t he Device and t hen configuring a TCP/ I P port on t he com put ers
connect ed t o your net work.
13.4.1 Before You Begin
To configure t he print server you need t he following:
• Your Device m ust be connect ed t o your com put er and any ot her devices on your net work. The
USB print er m ust be connect ed t o your Device.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
191
Chapter 13 USB Service
• A USB print er wit h t he driver already inst alled on your com put er.
• The com put ers on your net work m ust have t he print er soft ware already inst alled before t hey can
creat e a TCP/ I P port for print ing via t he net work. Follow your print er m anufact urers inst ruct ions
on how t o inst all t he print er soft ware on your com put er.
Not e: Your print er ’s inst allat ion inst ruct ions m ay ask t hat you connect t he print er t o your
com put er. Connect your print er t o t he Device inst ead.
13.4.2 The Printer Server Screen
Use t his screen t o enable or disable sharing of a USB print er via your Device.
To access t his screen, click N e t w or k Se t t in g > USB Se r vice > Pr int e r Se r ve r.
Figure 111 Net work Set t ing > USB Service > Print er Server
The following t able describes t he labels in t his m enu.
Table 81 Net work Set t ing > USB Service > Print Server
192
LABEL
DESCRIPTION
Print er Server
Select En a ble t o have t he Device share a USB print er.
User Defined
Print er Nam e
Type t he nam e for t he print er.
Maker and
m odel
Type up t o 80 charact ers for t he m anufact urer and m odel num ber of t he print er.
Syst em Print er
Nam e
This field shows t he print er ’s syst em nam e t he Device has det ect ed from one of t he USB
port s.
Apply
Click Apply t o save your changes.
Cancel
Click Ca nce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
14
Power Management
14.1 Overview
Power m anagem ent allows you t o t urn on/ off one or m ore int erfaces and all LED light s wit hout
power off t he whole syst em when necessary. You can configure a schedule t o do so aut om at ically or
m anually do it on t he Web Configurat or.
14.1.1 What You Can Do in this Chapter
• Use t he Pow e r M a n a ge m e nt screen t o m anually t urn on/ off int erface( s) and/ or LEDs ( Sect ion
14.2 on page 193) .
• Use t he Aut o Sw it ch Off screen t o configure schedules for t urning on/ off int erface( s) and/ or
LEDs aut om at ically ( Sect ion 14.3 on page 194) .
14.1.2 What You Need To Know
• These screens are only available for t he “ supervisor ” user.
• The Pow e r M a n a ge m e n t and Aut o Sw it ch Off screens are dependant . You can only configure
t he on/ off swit ches of t he sam e int erface and LEDs in one of t he t wo screens.
14.2 The Power Management Screen
Use t his screen t o m anually t urn on/ off int erface( s) or LEDs. Click N e t w or k Se t t ing > Pow e r
M a na ge m e nt > Pow e r M a n a ge m e n t . The screen appears as shown.
Figure 112 Net work Set t ing > Power Managem ent
VMG8324-B10A / VMG8324-B30A Series User’s Guide
193
Chapter 14 Power Management
Each field is described in t he following t able.
Table 82 Net work Set t ing > Power Managem ent
LABEL
DESCRIPTION
Manually
Swit ch On/ Off
Select POW ER ON or POW ER OFF t o t urn on/ off t he int erface or LED light s.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
14.3 The Auto Switch Off Screen
Use t his screen t o view schedules t o t urn on or off specific int erface( s) and/ or all LED light s on t he
Device. To access t his screen, click N e t w or k Se t t ing > Pow e r M a na ge m e nt > Aut o Sw it ch Off.
Figure 113 Net work Set t ing > Power Managm ent > Aut o Swit ch Off
The following t able describes t he labels in t his m enu.
Table 83 Net work Set t ing > Power Managm ent > Aut o Swit ch OffNet work Set t ing > Power
Managm ent > Aut o Swit ch Off
194
LABEL
DESCRIPTION
Add or m odify
rules
Click t his link t o creat e or edit a schedule.
This is t he index num ber of a schedule rule.
Rule Nam e
This field shows t he nam e of t he schedule rule.
Day
This field shows which week days ( in green) t he int erface( s) and/ or LEDs are t urned on and
t he days ( grayed- out ) t hey are t urned off aut om at ically.
Tim e
This field shows t he t im e period t he int erface( s) and/ or LEDs are t urned on.
Wireless
This field shows whet her t his schedule applies t o t he wireless LAN int erface.
DSL WAN
This field shows whet her t his schedule applies t o t he DSL WAN int erface.
Et h WAN
This field shows whet her t his schedule applies t o t he Et hernet WAN int erface.
LAN1~ LAN4
This field shows whet her t his schedule applies t o t he corresponding LAN int erface.
LED
This field shows whet her t his schedule applies t o t he LEDs.
Apply
Click Apply t o save your changes.
Cancel
Click Ca nce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 14 Power Management
14.3.1 The Auto Switch Off Add/Edit Screen
Use t his screen t o m anage t he aut o swit ch off schedules. To access t his screen, click t he Add or
m odify r u le s link in t he N e t w or k Se t t ing > Pow e r M a na ge m e nt > Aut o Sw it ch Off screen.
Figure 114 Net work Set t ing > Power Managm ent > Aut o Swit ch Off > Add or m odify rules
The following t able describes t he labels in t his m enu.
Table 84 Net work Set t ing > Power Managm ent > Aut o Swit ch Off Net work Set t ing > Power
Managm ent > Aut o Swit ch Off > Add or m odify rules
LABEL
DESCRIPTION
Add new rule
Click t his link t o creat e a rule.
This is t he index num ber of a rule.
Rule Nam e
This field shows t he nam e of t he rule.
Day
This field shows t he week days of t he schedule ( in green) .
Tim e
This field shows t he t im e period of t he schedule.
Descript ion
This field shows m ore inform at ion about t his rule.
Modify
Click t he Edit icon t o m odify t he rule or click t he D e le t e icon t o rem ove it .
14.3.2 The Add/Edit Rule Screen
Use t his screen t o configure a schedule rule. To access t his screen, click t he Add n e w r u le link or
t he Edit icon in t he N e t w or k Se t t in g > Pow e r M a n a ge m e n t > Aut o Sw it ch Off > Add or
m odify r u le s screen.
Figure 115 Net work Set t ing > Power Managem ent > Aut o Swit ch Off > Add or m odify rules > Add
new rule/ Edit
VMG8324-B10A / VMG8324-B30A Series User’s Guide
195
Chapter 14 Power Management
Each field is described in t he following t able.
Table 85 Net work Set t ing > Power Managem ent > Aut o Swit ch Off > Add or m odify rules > Add
new rule/ Edit >
LABEL
DESCRIPTION
Rule Nam e
Type up t o 31 alphanum beric charact ers for t he nam e of t his rule.
Day
Select t he week day( s) of t he schedule.
Tim e of Day
Range
Ent er t he Fr om and To t im es ( in hh: m m form at ) t o set a t im e period for t he schedule. You
can only ent er a t im e period bet ween 00: 00 and 23: 59.
To set a t im e period crossing over m idnight , you m ust split t he t im e period int o t wo
schedule rules. For exam ple, for a t im e period from 10: 00 PM t o t he next day’s 8: 00 AM,
you can set one schedule for 22: 00~ 23: 59 and anot her schedule for 00: 00~ 08: 00.
196
Descript ion
Ent er m ore inform at ion for t his rule here.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
15
Firewall
15.1 Overview
This chapt er shows you how t o enable and configure t he Device’s securit y set t ings. Use t he firewall
t o prot ect your Device and net work from at t acks by hackers on t he I nt ernet and cont rol access t o
it . By default t he firewall:
• allows t raffic t hat originat es from your LAN com put ers t o go t o all ot her net works.
• blocks t raffic t hat originat es on ot her net works from going t o t he LAN.
The following figure illust rat es t he default firewall act ion. User A can init iat e an I M ( I nst ant
Messaging) session from t he LAN t o t he WAN ( 1) . Ret urn t raffic for t his session is also allowed ( 2) .
However ot her t raffic init iat ed from t he WAN is blocked ( 3 and 4) .
Figure 116 Default Firewall Act ion
WAN
LAN
15.1.1 What You Can Do in this Chapter
• Use t he Ge n e r a l screen t o configure t he securit y level of t he firewall on t he Device ( Sect ion 15.2
on page 199) .
• Use t he Pr ot ocol screen t o add or rem ove predefined I nt ernet services and configure firewall
rules ( Sect ion 15.3 on page 199) .
• Use t he Acce ss Cont r ol screen t o view and configure incom ing/ out going filt ering rules ( Sect ion
15.4 on page 201) .
• Use t he D oS screen t o act ivat e prot ect ion against Denial of Service ( DoS) at t acks ( .Sect ion 15.5
on page 204) .
VMG8324-B10A / VMG8324-B30A Series User’s Guide
197
Chapter 15 Firewall
15.1.2 What You Need to Know
SYN Attack
A SYN at t ack floods a t arget ed syst em wit h a series of SYN packet s. Each packet causes t he
t arget ed syst em t o issue a SYN- ACK response. While t he t arget ed syst em wait s for t he ACK t hat
follows t he SYN- ACK, it queues up all out st anding SYN- ACK responses on a backlog queue. SYNACKs are m oved off t he queue only when an ACK com es back or when an int ernal t im er t erm inat es
t he t hree- way handshake. Once t he queue is full, t he syst em will ignore all incom ing SYN request s,
m aking t he syst em unavailable for legit im at e users.
DoS
Denials of Service ( DoS) at t acks are aim ed at devices and net works wit h a connect ion t o t he
I nt ernet . Their goal is not t o st eal inform at ion, but t o disable a device or net work so users no longer
have access t o net work resources. The ZyXEL Device is pre- configured t o aut om at ically det ect and
t hwart all known DoS at t acks.
DDoS
A DDoS at t ack is one in which m ult iple com prom ised syst em s at t ack a single t arget , t hereby
causing denial of service for users of t he t arget ed syst em .
LAND Attack
I n a LAND at t ack, hackers flood SYN packet s int o t he net work wit h a spoofed source I P address of
t he t arget syst em . This m akes it appear as if t he host com put er sent t he packet s t o it self, m aking
t he syst em unavailable while t he t arget syst em t ries t o respond t o it self.
Ping of Death
Ping of Deat h uses a " ping" ut ilit y t o creat e and send an I P packet t hat exceeds t he m axim um
65,536 byt es of dat a allowed by t he I P specificat ion. This m ay cause syst em s t o crash, hang or
reboot .
SPI
St at eful Packet I nspect ion ( SPI ) t racks each connect ion crossing t he firewall and m akes sure it is
valid. Filt ering decisions are based not only on rules but also cont ext . For exam ple, t raffic from t he
WAN m ay only be allowed t o cross t he firewall in response t o a request from t he LAN.
198
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 15 Firewall
15.2 The Firewall Screen
Use t his screen t o set t he securit y level of t he firewall on t he Device. Firewall rules are grouped
based on t he direct ion of t ravel of packet s t o which t hey apply.
Click Se cur it y > Fir e w a ll t o display t he Ge ne r a l screen.
Figure 117 Securit y > Firewall > General
The following t able describes t he labels in t his screen.
Table 86 Securit y > Firewall > General
LABEL
DESCRIPTION
Firewall
Select En a ble t o act ivat e t he firewall feat ure on t he Device.
Easy
Select Ea sy t o allow LAN t o WAN and WAN t o LAN packet direct ions.
Medium
Select M e diu m t o allow LAN t o WAN but deny WAN t o LAN packet direct ions.
High
Select H igh t o deny LAN t o WAN and WAN t o LAN packet direct ions.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o rest ore your previously saved set t ings.
15.3 The Protocol Screen
You can configure cust om ized services and port num bers in t he Pr ot ocol screen. For a
com prehensive list of port num bers and services, visit t he I ANA ( I nt ernet Assigned Num ber
Aut horit y) websit e. See Appendix G on page 397 for som e exam ples.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
199
Chapter 15 Firewall
Click Se cur it y > Fir e w a ll > Pr ot ocol t o display t he following screen.
Figure 118 Securit y > Firewall > Prot ocol
The following t able describes t he labels in t his screen.
Table 87 Securit y > Firewall > Prot ocol
LABEL
DESCRIPTION
Add new
service ent ry
Click t his t o add a new service.
Nam e
This is t he nam e of your cust om ized service.
Descript ion
This is t he descript ion of your cust om ized service.
Port s/ Prot ocol
Num ber
This shows t he I P prot ocol ( TCP, UD P, I CM P, or TCP/ UD P) and t he port num ber or range
of port s t hat defines your cust om ized service. Ot h e r and t he prot ocol num ber displays if t he
service uses anot her I P prot ocol.
Modify
Click t he Edit icon t o edit t he ent ry.
Click t he D e le t e icon t o rem ove t his ent ry.
15.3.1 Add/Edit a Service
Use t his screen t o add a cust om ized service rule t hat you can use in t he firewall’s ACL rule
configurat ion. Click Add n e w se r vice e n t r y or t he edit icon next t o an exist ing service rule in t he
Se r vice screen t o display t he following screen.
Figure 119 Service: Add/ Edit
200
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 15 Firewall
The following t able describes t he labels in t his screen.
Table 88 Service: Add/ Edit
LABEL
DESCRIPTION
Prot ocol
Choose t he I P prot ocol ( TCP, UD P, I CM P, or Ot h e r ) t hat defines your cust om ized port from
t he drop- down list box. Select Ot h e r t o be able t o ent er a prot ocol num ber.
Source/
Dest inat ion Port
These fields are displayed if you select TCP or UD P as t he I P port .
Select Sin gle t o specify one port only or Ra n ge t o specify a span of port s t hat define your
cust om ized service. I f you select An y, t he service is applied t o all port s.
Type a single port num ber or t he range of port num bers t hat define your cust om ized
service.
Prot ocol
Num ber
Add
This field is displayed if you select Ot h e r as t he prot ocol.
Ent er t he prot ocol num ber of your cust om ized port .
Click t his t o add t he prot ocol t o t he Ru le List below.
Rule List
Prot ocol
This is t he I P port ( TCP, UD P, I CM P, or Ot h e r ) t hat defines your cust om ized port .
Port s/ Prot ocol
Num ber
For TCP, UD P, I CM P, or TCP/ UD P prot ocol rules t his shows t he port num ber or range t hat
defines t he cust om service. For ot her I P prot ocol rules t his shows t he prot ocol num ber.
Delet e
Click t he D e le t e icon t o rem ove t he rule.
Service Nam e
Ent er a unique nam e ( up t o 32 print able English keyboard charact ers, including spaces) for
your cust om ized port .
Service
Descript ion
Ent er a descript ion for your cust om ized port .
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
15.4 The Access Control Screen
Click Se cur it y > Fir e w a ll > Acce ss Cont r ol t o display t he following screen. This screen displays a
list of t he configured incom ing or out going filt ering rules.
Figure 120 Securit y > Firewall > Access Cont rol
The following t able describes t he labels in t his screen.
Table 89 Securit y > Firewall > Access Cont rol
LABEL
DESCRIPTION
Add new ACL
rule
Click t his t o go t o add a filt er rule for incom ing or out going I P t raffic.
This is t he index num ber of t he ent ry.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
201
Chapter 15 Firewall
Table 89 Securit y > Firewall > Access Cont rol ( cont inued)
LABEL
DESCRIPTION
Nam e
This displays t he nam e of t he rule.
Src I P
This displays t he source I P addresses t o which t his rule applies. Please not e t hat a blank
source address is equivalent t o An y.
Dst I P
This displays t he dest inat ion I P addresses t o which t his rule applies. Please not e t hat a
blank dest inat ion address is equivalent t o An y.
Service
This displays t he t ransport layer prot ocol t hat defines t he service and t he direct ion of t raffic
t o which t his rule applies.
Act ion
This field displays whet her t he rule silent ly discards packet s ( D ROP) , discards packet s and
sends a TCP reset packet or an I CMP dest inat ion- unreachable m essage t o t he sender
( REJECT) or allows t he passage of packet s ( ACCEPT) .
Modify
Click t he Edit icon t o edit t he rule.
Click t he D e le t e icon t o delet e an exist ing rule. Not e t hat subsequent rules m ove up by one
when you t ake t his act ion.
Click t he M ove To icon t o change t he order of t he rule. Ent er t he num ber in t he # field.
15.4.1 Add/Edit an ACL Rule
Click Add ne w ACL r ule or t he Edit icon next t o an exist ing ACL rule in t he Acce ss Cont r ol
screen. The following screen displays.
Figure 121 Access Cont rol: Add/ Edit
202
VMG8324-B10A / VMG8324-B30A Series User’s Guide
Chapter 15 Firewall
The following t able describes t he labels in t his screen.
Table 90 Access Cont rol: Add/ Edit
LABEL
DESCRIPTION
Filt er Nam e
Ent er a descript ive nam e of up t o 16 alphanum eric charact ers, not including spaces,
underscores, and dashes.
You m ust ent er t he filt er nam e t o add an ACL rule. This field is read- only if you are edit ing
t he ACL rule.
Order
Select t he order of t he ACL rule.
Select Source
Device
Select t he source device t o which t he ACL rule applies. I f you select Spe cific I P Addr e ss,
ent er t he source I P address in t he field below.
Source I P
Address
Ent er t he source I P address.
Select
Dest inat ion
Device
Select t he dest inat ion device t o which t he ACL rule applies. I f you select Spe cific I P
Addr e ss, ent er t he dest iniat ion I P address in t he field below.
Dest inat ion I P
Address
Ent er t he dest inat ion I P address.
I P Type
Select w het her your I P t ype is I Pv4 or I Pv6 .
Select Prot ocol
Select t he t ransport layer prot ocol t hat defines your cust om ized port from t he drop- down
list box. The specific prot ocol rule set s you add in t he Se cu r it y > Fir e w a ll > Se r vice >
Add screen display in t his list .
I f you want t o configure a cust om ized prot ocol, select Spe cific Se r vice .
Prot ocol
This field is displayed only when you select Spe cific Pr ot ocol in Se le ct Pr ot ocol.
Choose t he I P port ( TCP/ UD P, TCP, UD P, I CM P, or I CM Pv6 ) t hat defines your cust om ized
port from t he drop- down list box.
Cust om Source
Port
Cust om
Dest inat ion Port
This field is displayed only when you select Spe cific Pr ot ocol in Se le ct Pr ot ocol.
Ent er a single port num ber or t he range of port num bers of t he source.
This field is displayed only when you select Spe cific Pr ot ocol in Se le ct Pr ot ocol.
Ent er a single port num ber or t he range of port num bers of t he dest inat ion.
Policy
Use t he drop- down list box t o select whet her t o discard ( D ROP) , deny and send an I CMP
dest inat ion- unreachable m essage t o t he sender of ( REJECT) or allow t he passage of
( ACCEPT) packet s t hat m at ch t his rule.
Direct ion
Use t he drop- down list box t o select t he direct ion of t raffic t o which t his rule applies.
Enable Rat e
Lim it
Select t his check box t o set a lim it on t he upst ream / downst ream t ransm ission rat e for t he
specified prot ocol.
Specify how m any packet s per m inut e or second t he t ransm ission rat e is.
Scheduler Rules
Select a schedule rule for t his ACL rule form t he drop- down list box. You can configure a
new schedule rule by click Add N e w Ru le . This will bring you t o t he Se cu r it y > Sch e du le r
Ru le s screen.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
203
Chapter 15 Firewall
15.5 The DoS Screen
DoS ( Denial of Service) at t acks can flood your I nt ernet connect ion wit h invalid packet s and
connect ion request s, using so m uch bandwidt h and so m any resources t hat I nt ernet access
becom es unavailable.
Use t he D oS screen t o act ivat e prot ect ion against DoS at t acks. Click Se cur it y > Fir e w a ll > D oS
t o display t he following screen.
Figure 122 Securit y > Firewall > DoS
The following t able describes t he labels in t his screen.
Table 91 Securit y > Firewall > DoS
204
LABEL
DESCRIPTION
DoS Prot ect ion
Blocking
Select En a ble t o enable prot ect ion against DoS at t acks.
Deny Ping
Response
Select Enable t o block ping request packet s.
Apply
Click Apply t o save your changes.
Cancel
Click Ca n ce l t o exit t his screen wit hout saving.
VMG8324-B10A / VMG8324-B30A Series User’s Guide
C HAPTER
16
MAC Filter
16.1 Overview
You can configure t he Device t o perm it access t o client s based on t heir MAC addresses in t he M AC
Filt e r screen. This applies t o wired and wireless connect ions. Every Et hernet device has a unique
MAC ( Media Access Cont rol) address. The MAC address is assigned at t he fact ory and consist s of six
pairs of hexadecim al charact ers, for exam ple, 00: A0: C5: 00: 00: 02. You need t o know t he MAC
addresses of t he devices t o configure t his screen.
16.2 The MAC Filter Screen
Use t his screen t o allow wireless and LAN client s access t o t he Device. Click Se cur it y > M AC Filt e r.
The screen appears as shown.
Figure 123 Securit y > MAC Filt er
VMG8324-B10A / VMG8324-B30A Series User’s Guide
205
Chapter 16 MAC Filter
The following t able describes t he labels in t his screen.
Table 92 Securit y > MAC Filt er
LABEL
DESCRIPTION
MAC Address Filt er
Select En a ble t o act ivat e t he MAC filt er funct ion.
Set
This is t he index num ber of t he MAC address.
Allow
Select Allow t o perm it access t o t he Device. MAC addresses not list ed will be denied
access t o t he Device.
I f you clear t his, t he MAC Address field for t his set clears.
206
Host nam e
Ent er t he host nam e of t he wireless or LAN client s t hat are allowed access t o t he
Device.
MAC Address
Ent er t he MAC addresses of t he wireless or LAN client s t hat are allowed access t o t he
Device in t hese address fields. Ent er t he MAC addresses in a valid MAC address form at ,
t hat is, six hexadecim al charact er pairs, for exam ple, 12: 34: 56: 78: 9a: bc.
Apply
Click Apply t o save your changes.
Cancel
Click Ca nce l t o rest ore your previously saved set t ings.
VMG8324-B10A / VMG8324-B30A Series User’s Guide

Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.6
Linearized                      : Yes
Encryption                      : Standard V4.4 (128-bit)
User Access                     : Print, Annotate, Fill forms, Extract, Print high-res
Create Date                     : 2013:11:26 11:43:35Z
Modify Date                     : 2013:12:05 10:59:21+08:00
Has XFA                         : No
XMP Toolkit                     : Adobe XMP Core 4.2.1-c043 52.372728, 2009/01/18-15:08:04
Creator Tool                    : FrameMaker 9.0
Metadata Date                   : 2013:12:05 10:59:21+08:00
Format                          : application/pdf
Title                           : 
Creator                         : 
Producer                        : Acrobat Distiller 9.5.5 (Windows)
Document ID                     : uuid:2374e2cf-24e2-4aa4-881c-86b8a2afd24b
Instance ID                     : uuid:8226e7b1-99fa-4b07-9b7d-d0dc1ac3f2f0
Page Layout                     : OneColumn
Page Mode                       : UseOutlines
Page Count                      : 206
EXIF Metadata provided by EXIF.tools
FCC ID Filing: I88VMG8324B10A

Navigation menu