ZyXEL Communications XMG3563-B10A Dual-Band Wireless AC/N VDSL2 Combo WAN Gigabit IAD User Manual Book
ZyXEL Communications Corporation Dual-Band Wireless AC/N VDSL2 Combo WAN Gigabit IAD Book
Contents
- 1. Users Manual-1
- 2. Users Manual-2
Users Manual-2
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
153
Figure 75 Multiple Servers Behind NAT Example
Click Network Setting > NAT > Port Forwarding to open the following screen.
See Appendix C on page 308 for port numbers commonly used for particular services.
Figure 76 Network Setting > NAT > Port Forwarding
The following table describes the fields in this screen.
Table 53 Network Setting > NAT > Port Forwarding
LABEL DESCRIPTION
Add New Rule Click this to add a new rule.
#This is the index number of the entry.
Status This field displays whether the NAT rule is active or not. A yellow bulb signifies that this rule is
active. A gray bulb signifies that this rule is not active.
Service Name This shows the service’s name.
Originating IP This shows the destination IP address that this NAT rule supports.
WAN Interface This shows the WAN interface through which the service is forwarded.
Server IP
Address
This is the server’s IP address.
Start Port This is the first external port number that identifies a service.
End Port This is the last external port number that identifies a service.
Translation Start
Port
This is the first internal port number that identifies a service.
DSL
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
154
11.2.1 Add/Edit Port Forwarding
Click Add New Rule in the Port Forwarding screen or click the Edit icon next to an existing rule to open
the following screen.
Figure 77 Port Forwarding: Add/Edit
The following table describes the labels in this screen.
Translation End
Port
This is the last internal port number that identifies a service.
Protocol This shows the IP protocol supported by this virtual server, whether it is TCP, UDP, or TCP/UDP.
Modify Click the Edit icon to edit this rule.
Click the Delete icon to delete an existing rule.
Table 53 Network Setting > NAT > Port Forwarding (continued)
LABEL DESCRIPTION
Table 54 Port Forwarding: Add/Edit
LABEL DESCRIPTION
Active Select to enable or disable the rule.
Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on).
WAN Interface Select the WAN interface through which the service is forwarded.
You must have already configured a WAN connection with NAT enabled.
Start Port Enter the original destination port for the packets.
To forward only one port, enter the port number again in the End Port field.
To forward a series of ports, enter the start port number here and the end port number in the End
Port field.
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
155
11.3 The Applications Screen
This screen provides a summary of all NAT applications and their configuration. In addition, this screen
allows you to create new applications and/or remove existing ones.
To access this screen, click Network Setting > NAT > Applications. The following screen appears.
Figure 78 Network Setting > NAT > Applications
The following table describes the labels in this screen.
End Port Enter the last port of the original destination port range.
To forward only one port, enter the port number in the Start Port field above and then enter it
again in this field.
To forward a series of ports, enter the last port number in a series that begins with the port
number in the Start Port field above.
Translation Start
Port
This shows the port number to which you want the XMG to translate the incoming port. For a
range of ports, enter the first number of the range to which you want the incoming ports
translated.
Translation End
Port
This shows the last port of the translated port range.
Server IP
Address
Enter the inside IP address of the virtual server here.
Configure
Originating IP
Specify the destination IP address of the packets received by this NAT rule.
Originating IP Type the destination IP address that this NAT rule supports.
Protocol Select the protocol supported by this virtual server. Choices are TCP, UDP, or TCP/UDP.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
Table 54 Port Forwarding: Add/Edit (continued)
LABEL DESCRIPTION
Table 55 Network Setting > NAT > Applications
LABEL DESCRIPTION
Add New
Application
Click this to add a new NAT application rule.
#This is the index number of the entry.
Application
Forwarded
This field shows the type of application that the service forwards.
WAN Interface This field shows the WAN interface through which the service is forwarded.
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
156
11.3.1 Add New Application
This screen lets you create new NAT application rules. Click Add New Application in the Applications
screen to open the following screen.
Figure 79 Network Setting > NAT > Applications: Add
The following table describes the labels in this screen.
11.4 The Port Triggering Screen
Some services use a dedicated range of ports on the client side and a dedicated range of ports on the
server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in
from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that
port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a
Server IP
Address
This field displays the destination IP address for the service.
Modify Click the Delete icon to delete the rule.
Table 55 Network Setting > NAT > Applications (continued)
LABEL DESCRIPTION
Table 56 Network Setting > NAT > Applications: Add
LABEL DESCRIPTION
WAN Interface Select the WAN interface that you want to apply this NAT rule to.
Server IP
Address
Enter the inside IP address of the application here.
Application
Category
Select the category of the application from the drop-down list box.
Application
Forwarded
Select a service from the drop-down list box and the XMG automatically configures the
protocol, start, end, and map port number that define the service.
View Rules Click this to display the configuration of the service that you have chosen in Application
Fowarded.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
157
different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding
port with another LAN computer's IP address.
Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns
using the service. The XMG records the IP address of a LAN computer that sends traffic to the WAN to
request a service with a specific port number and protocol (a "trigger" port). When the XMG's WAN port
receives a response with a specific port number and protocol ("open" port), the XMG forwards the traffic
to the LAN IP address of the computer that sent the request. After that computer’s connection for that
service closes, another computer on the LAN can use the service in the same manner. This way you do
not need to configure a new IP address each time you want a different LAN computer to use the
application.
For example:
Figure 80 Trigger Port Forwarding Process: Example
1Jane requests a file from the Real Audio server (port 7070).
2Port 7070 is a “trigger” port and causes the XMG to record Jane’s computer IP address. The XMG
associates Jane's computer IP address with the "open" port range of 6970-7170.
3The Real Audio server responds using a port number ranging between 6970-7170.
4The XMG forwards the traffic to Jane’s computer IP address.
5Only Jane can connect to the Real Audio server until the connection is closed or times out. The XMG
times out in three minutes with UDP (User Datagram Protocol) or two hours with TCP/IP (Transfer Control
Protocol/Internet Protocol).
Click Network Setting > NAT > Port Triggering to open the following screen. Use this screen to view your
XMG’s trigger port settings.
Figure 81 Network Setting > NAT > Port Triggering
DSL
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
158
The following table describes the labels in this screen.
11.4.1 Add/Edit Port Triggering Rule
This screen lets you create new port triggering rules. Click Add new rule in the Port Triggering screen or
click a rule’s Edit icon to open the following screen.
Figure 82 Port Triggering: Add/Edit
Table 57 Network Setting > NAT > Port Triggering
LABEL DESCRIPTION
Add New Rule Click this to create a new rule.
#This is the index number of the entry.
Status This field displays whether the port triggering rule is active or not. A yellow bulb signifies that this
rule is active. A gray bulb signifies that this rule is not active.
Service Name This field displays the name of the service used by this rule.
WAN Interface This field shows the WAN interface through which the service is forwarded.
Trigger Start Port The trigger port is a port (or a range of ports) that causes (or triggers) the XMG to record the IP
address of the LAN computer that sent the traffic to a server on the WAN.
This is the first port number that identifies a service.
Trigger End Port This is the last port number that identifies a service.
Trigger Proto. This is the trigger transport layer protocol.
Open Start Port The open port is a port (or a range of ports) that a server on the WAN uses when it sends out a
particular service. The XMG forwards the traffic with this port (or range of ports) to the client
computer on the LAN that requested the service.
This is the first port number that identifies a service.
Open End Port This is the last port number that identifies a service.
Open Protocol This is the open transport layer protocol.
Modify Click the Edit icon to edit this rule.
Click the Delete icon to remove an existing rule.
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
159
The following table describes the labels in this screen.
11.5 The DMZ Screen
In addition to the servers for specified services, NAT supports a default server IP address. A default server
receives packets from ports that are not specified in the NAT Port Forwarding Setup screen.
Figure 83 Network Setting > NAT > DMZ
The following table describes the fields in this screen.
Table 58 Port Triggering: Configuration Add/Edit
LABEL DESCRIPTION
Active Select to enable or disable this rule.
Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on).
WAN Interface Select a WAN interface for which you want to configure port triggering rules.
Trigger Start Port The trigger port is a port (or a range of ports) that causes (or triggers) the XMG to record the IP
address of the LAN computer that sent the traffic to a server on the WAN.
Type a port number or the starting port number in a range of port numbers.
Trigger End Port Type a port number or the ending port number in a range of port numbers.
Trigger Protocol Select the transport layer protocol from TCP, UDP, or TCP/UDP.
Open Start Port The open port is a port (or a range of ports) that a server on the WAN uses when it sends out a
particular service. The XMG forwards the traffic with this port (or range of ports) to the client
computer on the LAN that requested the service.
Type a port number or the starting port number in a range of port numbers.
Open End Port Type a port number or the ending port number in a range of port numbers.
Open Protocol Select the transport layer protocol from TCP, UDP, or TCP/UDP.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
Table 59 Network Setting > NAT > DMZ
LABEL DESCRIPTION
Default Server
Address
Enter the IP address of the default server which receives packets from ports that are not
specified in the NAT Port Forwarding screen.
Note: If you do not assign a Default Server Address, the XMG discards all packets
received for ports that are not specified in the NAT Port Forwarding screen.
Apply Click Apply to save your changes.
Cancel Click Cancel to restore your previously saved settings.
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
160
11.6 The ALG Screen
Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to pass
through NAT by examining and translating IP addresses embedded in the data stream. When the XMG
registers with the SIP register server, the SIP ALG translates the XMG’s private IP address inside the SIP
data stream to a public IP address. You do not need to use STUN or an outbound proxy if your XMG is
behind a SIP ALG.
Use this screen to enable and disable the ALGs in the XMG. To access this screen, click Network Setting >
NAT > ALG.
Figure 84 Network Setting > NAT > ALG
The following table describes the fields in this screen.
11.7 The Address Mapping Screen
Ordering your rules is important because the XMG applies the rules in the order that you specify. When a
rule matches the current packet, the XMG takes the corresponding action and the remaining rules are
ignored.
Click Network Setting > NAT > Address Mapping to display the following screen.
Table 60 Network Setting > NAT > ALG
LABEL DESCRIPTION
NAT ALG Enable this to make sure applications such as FTP and file transfer in IM applications work
correctly with port-forwarding and address-mapping rules.
SIP ALG Enable this to make sure SIP (VoIP) works correctly with port-forwarding and address-mapping
rules.
RTSP ALG Enable this to have the XMG detect RTSP traffic and help build RTSP sessions through its NAT. The
Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the
Internet.
PPTP ALG Enable this to turn on the PPTP ALG on the XMG to detect PPTP traffic and help build PPTP
sessions through the XMG’s NAT.
IPSEC ALG Enable this to turn on the IPsec ALG on the XMG to detect IPsec traffic and help build IPsec
sessions through the XMG’s NAT.
Apply Click Apply to save your changes.
Cancel Click Cancel to restore your previously saved settings.
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
161
Figure 85 Network Setting > NAT > Address Mapping
The following table describes the fields in this screen.
11.7.1 Add/Edit Address Mapping Rule
To add or edit an address mapping rule, click Add new rule or the rule’s edit icon in the Address
Mapping screen to display the screen shown next.
Table 61 Network Setting > NAT > Address Mapping
LABEL DESCRIPTION
Add New Rule Click this to create a new rule.
Rule Name This shows the descriptive name to identify this rule.
Local Start IP This is the starting Inside Local IP Address (ILA).
Local End IP This is the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field
displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This
field is blank for One-to-One mapping types.
Global Start IP This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP
address from your ISP. You can only do this for the Many-to-One mapping type.
Global End IP This is the ending Inside Global IP Address (IGA). This field is blank for One-to-One and Many-to-
One mapping types.
Type This is the address mapping type.
One-to-One: This mode maps one local IP address to one global IP address. Note that port
numbers do not change for the One-to-one NAT mapping type.
Many-to-One: This mode maps multiple local IP addresses to one global IP address. This is
equivalent to SUA (i.e., PAT, port address translation), the XMG's Single User Account feature that
previous routers supported only.
Many-to-Many: This mode maps multiple local IP addresses to shared global IP addresses.
WAN Interface
Name
This is the WAN interface to which the address mapping rule applies.
Modify Click the Edit icon to go to the screen where you can edit the address mapping rule.
Click the Delete icon to delete an existing address mapping rule. Note that subsequent address
mapping rules move up by one when you take this action.
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
162
Figure 86 Address Mapping: Add/Edit
The following table describes the fields in this screen.
11.8 The Sessions Screen
Use this screen to limit the number of concurrent NAT sessions a client can use. Click Network Setting >
NAT > Sessions to display the following screen.
Table 62 Address Mapping: Add/Edit
LABEL DESCRIPTION
Rule Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on).
Type Choose the IP/port mapping type from one of the following.
One-to-One: This mode maps one local IP address to one global IP address. Note that port
numbers do not change for the One-to-one NAT mapping type.
Many-to-One: This mode maps multiple local IP addresses to one global IP address. This is
equivalent to SUA (i.e., PAT, port address translation), the XMG's Single User Account feature
that previous routers supported only.
Many-to-Many: This mode maps multiple local IP addresses to shared global IP addresses.
Local Start IP Enter the starting Inside Local IP Address (ILA).
Local End IP Enter the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field
displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This
field is blank for One-to-One mapping types.
Global Start IP Enter the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP
address from your ISP. You can only do this for the Many-to-One mapping type.
Global End IP Enter the ending Inside Global IP Address (IGA). This field is blank for One-to-One and Many-to-
One mapping types.
WAN Interface Select a WAN interface to which the address mapping rule applies.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
163
Figure 87 Network Setting > NAT > Sessions
The following table describes the fields in this screen.
11.9 Technical Reference
This part contains more information regarding NAT.
11.9.1 NAT Definitions
Inside/outside denotes where a host is located relative to the XMG, for example, the computers of your
subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example,
the local address refers to the IP address of a host when the packet is in the local network, while the
global address refers to the IP address of the host when the same packet is traveling in the WAN side.
Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a
host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet
when the packet is still in the local network, while an inside global address (IGA) is the IP address of the
same inside host when the packet is on the WAN side. The following table summarizes this information.
NAT never changes the IP address (either local or global) of an outside host.
Table 63 Network Setting > NAT > Sessions
LABEL DESCRIPTION
MAX NAT
Session Per Host
Use this field to set a limit to the number of concurrent NAT sessions each client host can have.
If only a few clients use peer to peer applications, you can raise this number to improve their
performance. With heavy peer-to-peer application use, lower this number to ensure no single
client uses too many of the available NAT sessions.
Apply Click this to save your changes on this screen.
Cancel Click this to exit this screen without saving any changes.
Table 64 NAT Definitions
ITEM DESCRIPTION
Inside This refers to the host on the LAN.
Outside This refers to the host on the WAN.
Local This refers to the packet address (source or destination) as the packet travels on the LAN.
Global This refers to the packet address (source or destination) as the packet travels on the WAN.
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
164
11.9.2 What NAT Does
In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the
inside local address) to another (the inside global address) before forwarding the packet to the WAN
side. When the response comes back, NAT translates the destination address (the inside global address)
back to the inside local address before forwarding it to the original inside host. Note that the IP address
(either local or global) of an outside host is never changed.
The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In
addition, you can designate servers, for example, a web server and a telnet server, on your local
network and make them accessible to the outside world. If you do not define any servers (for Many-to-
One and Many-to-Many Overload mapping), NAT offers the additional benefit of firewall protection.
With no servers defined, your XMG filters out all incoming inquiries, thus preventing intruders from probing
your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address
Translator (NAT).
11.9.3 How NAT Works
Each packet has two addresses – a source address and a destination address. For outgoing packets,
the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is
the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN,
and the IGA is the destination address on the WAN. NAT maps private (local) IP addresses to globally
unique ones required for communication with hosts on other networks. It replaces the original IP source
address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT
mapping) in each packet and then forwards it to the Internet. The XMG keeps track of the original
addresses and port numbers so incoming reply packets can have their original values restored. The
following figure illustrates this.
Figure 88 How NAT Works
11.9.4 NAT Application
The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP
alias) behind the XMG can communicate with three distinct WAN networks.
DSL
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
165
Figure 89 NAT Application With IP Alias
Port Forwarding: Services and Port Numbers
The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further
information about port numbers. Please also refer to the Supporting CD for more examples and details
on port forwarding and NAT.
Port Forwarding Example
Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to
another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the
example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network
appears as a single host on the Internet.
Table 65 Services and Port Numbers
SERVICES PORT NUMBER
ECHO 7
FTP (File Transfer Protocol) 21
SMTP (Simple Mail Transfer Protocol) 25
DNS (Domain Name System) 53
Finger 79
HTTP (Hyper Text Transfer protocol or WWW, Web) 80
POP3 (Post Office Protocol) 110
NNTP (Network News Transport Protocol) 119
SNMP (Simple Network Management Protocol) 161
SNMP trap 162
PPTP (Point-to-Point Tunneling Protocol) 1723
DSL
Chapter 11 Network Address Translation (NAT)
XMG3563-B10A User’s Guide
166
Figure 90 Multiple Servers Behind NAT Example
DSL
XMG3563-B10A User’s Guide
167
CHAPTER 12
DNS
12.1 Overview
DNS
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice
versa. The DNS server is extremely important because without it, you must know the IP address of a
machine before you can access it.
In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or
dynamic DNS server list. You can configure a DNS static route to forward DNS queries for certain domain
names through a specific WAN interface to its DNS server(s). The XMG uses a system DNS server (in the
order you specify in the Broadband screen) to resolve domain names that do not match any DNS
routing entry. After the XMG receives a DNS reply from a DNS server, it creates a new entry for the
resolved IP address in the routing table.
Dynamic DNS
Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS
services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your
FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where
myhost is a name of your choice) that will never change instead of using an IP address that changes
each time you reconnect. Your friends or relatives will always be able to call you even if they don't know
your IP address.
First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is for people
with a dynamic IP from their ISP or DHCP server that would still like to have a domain name. The Dynamic
DNS service provider will give you a password or key.
12.1.1 What You Can Do in this Chapter
• Use the DNS Entry screen to view, configure, or remove DNS routes (Section 12.2 on page 168).
• Use the Dynamic DNS screen to enable DDNS and configure the DDNS settings on the XMG (Section
12.3 on page 169).
12.1.2 What You Need To Know
DYNDNS Wildcard
Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP
address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example,
www.yourhost.dyndns.org and still reach your hostname.
Chapter 12 DNS
XMG3563-B10A User’s Guide
168
If you have a private WAN IP address, then you cannot use Dynamic DNS.
12.2 The DNS Entry Screen
Use this screen to view and configure DNS routes on the XMG. Click Network Setting > DNS to open the
DNS Entry screen.
Figure 91 Network Setting > DNS > DNS Entry
The following table describes the fields in this screen.
12.2.1 Add/Edit DNS Entry
You can manually add or edit the XMG’s DNS name and IP address entry. Click Add New DNS Entry in
the DNS Entry screen or the Edit icon next to the entry you want to edit. The screen shown next appears.
Figure 92 DNS Entry: Add/Edit
Table 66 Network Setting > DNS > DNS Entry
LABEL DESCRIPTION
Add New DNS
Entry
Click this to create a new DNS entry.
#This is the index number of the entry.
Hostname This indicates the host name or domain name.
IP Address This indicates the IP address assigned to this computer.
Modify Click the Edit icon to edit the rule.
Click the Delete icon to delete an existing rule.
Chapter 12 DNS
XMG3563-B10A User’s Guide
169
The following table describes the labels in this screen.
12.3 The Dynamic DNS Screen
Use this screen to change your XMG’s DDNS. Click Network Setting > DNS > Dynamic DNS. The screen
appears as shown.
Figure 93 Network Setting > DNS > Dynamic DNS
The following table describes the fields in this screen.
Table 67 DNS Entry: Add/Edit
LABEL DESCRIPTION
Host Name Enter the host name of the DNS entry.
IPv4 Address Enter the IPv4 address of the DNS entry.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
Table 68 Network Setting > DNS > > Dynamic DNS
LABEL DESCRIPTION
Dynamic DNS Setup
Dynamic DNS Select Enable to use dynamic DNS.
Service Provider Select your Dynamic DNS service provider from the drop-down list box.
Host Name Type the domain name assigned to your XMG by your Dynamic DNS provider.
You can specify up to two host names in the field separated by a comma (",").
Host/Domain
Name Type the domain name the XMG can route.
Username Type your user name.
Password Type the password assigned to you.
Dynamic DNS Status
User
Authentication
Result
This shows Success if the account is correctly set up with the Dynamic DNS provider
account.
Chapter 12 DNS
XMG3563-B10A User’s Guide
170
Last Updated Time This shows the last time the IP address the Dynamic DNS provider has associated with the
hostname was updated.
Current Dynamic
IP This shows the IP address your Dynamic DNS provider has currently associated with the
hostname.
Apply Click Apply to save your changes.
Cancel Click Cancel to exit this screen without saving.
Table 68 Network Setting > DNS > > Dynamic DNS (continued)
LABEL DESCRIPTION
XMG3563-B10A User’s Guide
171
CHAPTER 13
IGMP/MLD
13.1 Overview
Use the IGMP/MLD screen to configure IGMP/MLD protocols.
13.2 The IGMP/MLD Screen
Click Network Setting > IGMP/MLD to open the following screen.
Figure 94 Network Setting > IGMP/MLD
Chapter 13 IGMP/MLD
XMG3563-B10A User’s Guide
172
The following table describes the labels in this screen.
Table 69 Network Setting > IGMP/MLD
LABEL DESCRIPTION
IGMP Configuration/MLD Configuration
Default Version Enter the version (1~3) of the IGMP/MLD packets that the XMG should use.
Query Interval Specify the amount of time in seconds (1~30000) between general query messages
sent by the router.
Query Response Interval Specify the amount of time in seconds (1~30000) the router waits for a response to a
general query message.
Last Member Query Interval Specify the amount of time in seconds (1~30000) the router waits for a response to a
group specific query message.
Robustness Value Specify how susceptible (1~7) the subnet is to lost packets.
Maximum Multicast Groups Enter a number to limit the number of multicast groups of an interface on the XMG is
allowed to join. Once a multicast member is registered in the specified number of
multicast groups, any new IGMP or MLD join report frames are dropped by the
interface.
Maximum Multicast Data
Sources (for IGMPv3/mldv2)
Enter a number to limit the number of multicast data sources (1-24) a multicast
group is allowed to have.
Note: The setting only works for IGMPv3 and MLDv2.
Maximum Multicast Group
Members
Enter a number to limit the number of multicast members a multicast group can
have.
Fast Leave Enable Select this option to set the XMG to remove a port from the multicast tree
immediately (without sending an IGMP or MLD membership query message) once it
receives an IGMP or MLD message. This is helpful if a user wants to quickly change a
TV channel (multicast group change) especially for IPTV applications.
LAN to LAN (Intra LAN)
Multicast Enable
Select this to enable LAN to LAN IGMP snooping capability.
Membership Join
Immediate (IPTV)
Select this to have the XMG add a host to a multicast group immediately once the
XMG receives an IGMP or MLD join messages.
Apply Click Apply to save your changes.
Cancel Click Cancel to exit this screen without saving.
XMG3563-B10A User’s Guide
173
CHAPTER 14
VLAN Group
14.1 Overview
Virtual LAN IDs are used to identify different traffic types over the same physical link.
In the following example, the XMG (DSL) can use VLAN IDs (VID) 100 and 200 to identify Video-on-
Demand and IPTV traffic respectively coming from the two VoD and IPTV multicast servers. The XMG
(DSL) can also tag outgoing requests to these servers with these VLAN IDs.
Figure 95 VLAN Group Example
14.1.1 What You Can Do in this Chapter
Use these screens to group separate VLAN groups together to be treated as one VLAN group.
14.2 The VLAN Group Screen
Click Network Setting > Vlan Group to open the following screen.
Figure 96 Network Setting > Vlan Group
DSL
Chapter 14 VLAN Group
XMG3563-B10A User’s Guide
174
The following table describes the fields in this screen.
14.2.1 Add/Edit a VLAN Group
Click the Add New VLAN Group button in the Vlan Group screen to open the following screen. Use this
screen to create a new VLAN group.
Figure 97 Add/Edit VLAN Group
The following table describes the fields in this screen.
Table 70 Network Setting > Vlan Group
LABEL DESCRIPTION
Add New Vlan
Group
Click this button to create a new VLAN group.
#This is the index number of the VLAN group.
Group Name This shows the descriptive name of the VLAN group.
VLAN ID This shows the unique ID number that identifies the VLAN group.
Interfaces This shows the LAN ports included in the VLAN group and if traffic leaving the port will be tagged
with the VLAN ID.
Modify Click the Edit icon to change an existing VLAN group setting or click the Delete icon to remove
the VLAN group.
Table 71 Add/Edit VLAN Group
LABEL DESCRIPTION
VLAN Group
Name
Enter a name to identify this group. You can enter up to 30 characters. You can use letters,
numbers, hyphens (-) and underscores (_). Spaces are not allowed.
VLAN ID Enter a unique ID number, from 1 to 4,094, to identify this VLAN group. Outgoing traffic is tagged
with this ID if Tx Tagging is selected below.
LAN 1~5 Select Include to add the associated LAN interface to this VLAN group.
Select Tx Tagging to tag outgoing traffic from the associated LAN port with the VLAN ID number
entered above.
OK Click OK to save your changes back to the XMG.
Cancel Click Cancel to exit this screen without saving.
XMG3563-B10A User’s Guide
175
CHAPTER 15
Interface Grouping
15.1 Overview
By default, all LAN and WAN interfaces on the XMG are in the same group and can communicate with
each other. Create interface groups to have the XMG assign the IP addresses in different domains to
different groups. Each group acts as an independent network on the XMG. This lets devices connected
to an interface group’s LAN interfaces communicate through the interface group’s WAN or LAN
interfaces but not other WAN or LAN interfaces.
15.1.1 What You Can Do in this Chapter
The Interface Grouping screens let you create multiple networks on the XMG (Section 15.2 on page 175).
15.2 The Interface Grouping Screen
You can manually add a LAN interface to a new group. Alternatively, you can have the XMG
automatically add the incoming traffic and the LAN interface on which traffic is received to an
interface group when its DHCP Vendor ID option information matches one listed for the interface group.
Use the LAN screen to configure the private IP addresses the DHCP server on the XMG assigns to the
clients in the default and/or user-defined groups. If you set the XMG to assign IP addresses based on the
client’s DHCP Vendor ID option information, you must enable DHCP server and configure LAN TCP/IP
settings for both the default and user-defined groups. See Chapter 8 on page 111 for more information.
In the following example, the client that sends packets with the DHCP Vendor ID option set to MSFT 5.0
(meaning it is a Windows 2000 DHCP client) is assigned the IP address 192.168.2.2 and uses the WAN
VDSL_PoE/ppp0.1 interface.
Figure 98 Interface Grouping Application
DSL
Chapter 15 Interface Grouping
XMG3563-B10A User’s Guide
176
Click Network Setting > Interface Grouping to open the following screen.
Figure 99 Network Setting > Interface Grouping
The following table describes the fields in this screen.
15.2.1 Interface Group Configuration
Click the Add New Interface Group button in the Interface Grouping screen to open the following
screen. Use this screen to create a new interface group.
Note: An interface can belong to only one group at a time.
Table 72 Network Setting > Interface Grouping
LABEL DESCRIPTION
Add New
Interface Group
Click this button to create a new interface group.
Group Name This shows the descriptive name of the group.
WAN Interface This shows the WAN interfaces in the group.
LAN Interfaces This shows the LAN interfaces in the group.
Criteria This shows the filtering criteria for the group.
Modify Click the Delete icon to remove the group.
Chapter 15 Interface Grouping
XMG3563-B10A User’s Guide
177
Figure 100 Interface Group Configuration
The following table describes the fields in this screen.
Table 73 Interface Group Configuration
LABEL DESCRIPTION
Group Name Enter a name to identify this group. You can enter up to 30 characters. You can use letters,
numbers, hyphens (-) and underscores (_). Spaces are not allowed.
WAN Interfaces
used in the
grouping
Select the WAN interface this group uses. The group can have up to one PTM interface, up to
one ATM interface, up to one ETH interface, and and up to one WWAN interface.
Select None to not add a WAN interface to this group.
Selected LAN
Interfaces
Available LAN
Interfaces
Select one or more LAN interfaces (Ethernet LAN, HPNA or wireless LAN) on the Available LAN
Interfaces list and use the left arrow to move them to the interface list on the left to add the
interfaces to this group.
To remove a LAN or wireless LAN interface from the interface list on the left, use the right-facing
arrow.
Automatically
Add Clients With
the following
DHCP Vendor
IDs
Click Add to identify LAN hosts to add to the interface group by criteria such as the type of the
hardware or firmware. See Section 15.2.2 on page 178 for more information.
#This shows the index number of the rule.
Chapter 15 Interface Grouping
XMG3563-B10A User’s Guide
178
15.2.2 Interface Grouping Criteria
Click the Add button in the Interface Grouping Configuration screen to open the following screen.
Figure 101 Interface Grouping Criteria
The following table describes the fields in this screen.
Filter Criteria This shows the filtering criteria. The LAN interface on which the matched traffic is received will
belong to this group automatically.
WildCard
Support
This shows if wildcard on DHCP option 60 is enabled.
Modify Click the Modify icon to edit this rule on the XMG.
OK Click OK to save your changes back to the XMG.
Cancel Click Cancel to exit this screen without saving.
Table 73 Interface Group Configuration (continued)
LABEL DESCRIPTION
Table 74 Interface Grouping Criteria
LABEL DESCRIPTION
Source MAC
Address
Select this option and enter the source MAC address of the packet.
DHCP Option 60 Select this option and enter the Vendor Class Identifier (Option 60) of the matched traffic, such
as the type of the hardware or firmware.
Enable
wildcard Select this option to be able to use wildcards in the Vendor Class Identifier configured for DHCP
option 60.
DHCP Option 61 Select this and enter the device identity of the matched traffic.
DHCP Option
125
Select this and enter vendor specific information of the matched traffic.
Enterprise
Number Enter the vendor’s 32-bit enterprise number registered with the IANA (Internet Assigned Numbers
Authority).
Manufactur
er OUI Specify the vendor’s OUI (Organization Unique Identifier). It is usually the first three bytes of the
MAC address.
Chapter 15 Interface Grouping
XMG3563-B10A User’s Guide
179
Serial
Number Enter the serial number of the device.
Product
Class Enter the product class of the device.
VLAN Group Select this and the VLAN group of the matched traffic from the drop-down list box.
OK Click OK to save your changes back to the XMG.
Cancel Click Cancel to exit this screen without saving.
Table 74 Interface Grouping Criteria (continued)
LABEL DESCRIPTION
XMG3563-B10A User’s Guide
180
CHAPTER 16
USB Service
16.1 Overview
You can share files on a USB memory stick or hard drive connected to your XMG with users on your
network.
The following figure is an overview of the XMG’s file server feature. Computers A and B can access files
on a USB device (C) which is connected to the XMG.
Figure 102 File Sharing Overview
The XMG will not be able to join the workgroup if your local area network has restrictions set up
that do not allow devices to join a workgroup. In this case, contact your network administrator.
16.1.1 What You Can Do in this Chapter
• Use the File Sharing screen to enable file-sharing server (Section 16.1.3 on page 181).
• Use the Media Server screen to enable or disable the sharing of media files (Section 16.3 on page
182).
16.1.2 What You Need To Know
The following terms and concepts may help as you read this chapter.
DSL
Chapter 16 USB Service
XMG3563-B10A User’s Guide
181
16.1.2.1 About File Sharing
Workgroup name
This is the name given to a set of computers that are connected on a network and share resources such
as a printer or files. Windows automatically assigns the workgroup name when you set up a network.
Shares
When settings are set to default, each USB device connected to the XMG is given a folder, called a
“share”. If a USB hard drive connected to the XMG has more than one partition, then each partition will
be allocated a share. You can also configure a “share” to be a sub-folder or file on the USB device.
File Systems
A file system is a way of storing and organizing files on your hard drive and storage device. Often
different operating systems such as Windows or Linux have different file systems. The file sharing feature
on your XMG supports File Allocation Table (FAT) and FAT32.
Common Internet File System
The XMG uses Common Internet File System (CIFS) protocol for its file sharing functions. CIFS compatible
computers can access the USB file storage devices connected to the XMG. CIFS protocol is supported
on Microsoft Windows, Linux Samba and other operating systems (refer to your systems specifications for
CIFS compatibility).
16.1.3 Before You Begin
Make sure the XMG is connected to your network and turned on.
1Connect the USB device to one of the XMG’s USB port. Make sure the XMG is connected to your
network.
2The XMG detects the USB device and makes its contents available for browsing. If you are connecting a
USB hard drive that comes with an external power supply, make sure it is connected to an appropriate
power source that is on.
Note: If your USB device cannot be detected by the XMG, see the troubleshooting for
suggestions.
16.2 The File Sharing Screen
Use this screen to set up file sharing through the XMG. The XMG’s LAN users can access the shared folder
(or share) from the USB device inserted in the XMG. To access this screen, click Network Setting > USB
Service > File Sharing.
Chapter 16 USB Service
XMG3563-B10A User’s Guide
182
Figure 103 Network Setting > USB Service > File Sharing
Each field is described in the following table.
16.3 The Media Server Screen
The media server feature lets anyone on your network play video, music, and photos from the USB
storage device connected to your XMG (without having to copy them to another computer). The XMG
can function as a DLNA-compliant media server. The XMG streams files to DLNA-compliant media
Table 75 Network Setting > USB Service > File Sharing
LABEL DESCRIPTION
Information
Volume This is the volume name the XMG gives to an inserted USB device.
Capacity This is the total available memory size (in megabytes) on the USB device.
Used Space This is the memory size (in megabytes) already used on the USB device.
Server Configuration
File Sharing
Services
Select Enable to activate file sharing through the XMG.
Account Management
Add New User Click this button to access the User Account screen, use this screen to create a new user
account to access the secured shared. For more information see Section 31.2 on page 256.
Active Select this to allow the user to access the secured shares.
Status This field shows the status of the user.
: The user account is not activated for the share.
: The user account is activated for the share.
User Name This is the name of a user who is allowed to access the secured shares on the USB device.
Modify Click the Edit icon to modify the user account.
Click the Delete icon to remove the user account from the XMG.
Apply Click this to save your changes to the XMG.
Cancel Click this to restore your previously saved settings.
Chapter 16 USB Service
XMG3563-B10A User’s Guide
183
clients (like Windows Media Player). The Digital Living Network Alliance (DLNA) is a group of personal
computer and electronics companies that works to make products compatible in a home network.
The XMG media server enables you to:
• Publish all shares for everyone to play media files in the USB storage device connected to the XMG.
• Use hardware-based media clients like the DMA-2500 to play the files.
Note: Anyone on your network can play the media files in the published shares. No user name
and password or other form of security is used. The media server is enabled by default
with the video, photo, and music shares published.
To change your XMG’s media server settings, click Network Setting > USB Service > Media Server. The
screen appears as shown.
Figure 104 Network Setting > USB Service > Media Server
The following table describes the labels in this menu.
Table 76 Network Setting > USB Service > Media Server
LABEL DESCRIPTION
Media Server Select Enable to have the XMG function as a DLNA-compliant media server.
Enable the media server to let (DLNA-compliant) media clients on your network play media files
located in the shares.
Interface Select an interface on which you want to enable the media server function.
Media Library
Path
Enter the path clients use to access the media files on a USB storage device connected to the
XMG.
Apply Click Apply to save your changes.
Cancel Click Cancel to restore your previously saved settings.
XMG3563-B10A User’s Guide
184
CHAPTER 17
Firewall
17.1 Overview
This chapter shows you how to enable and configure the XMG’s security settings. Use the firewall to
protect your XMG and network from attacks by hackers on the Internet and control access to it. By
default the firewall:
• allows traffic that originates from your LAN computers to go to all other networks.
• blocks traffic that originates on other networks from going to the LAN.
The following figure illustrates the default firewall action. User A can initiate an IM (Instant Messaging)
session from the LAN to the WAN (1). Return traffic for this session is also allowed (2). However other traffic
initiated from the WAN is blocked (3 and 4).
Figure 105 Default Firewall Action
17.1.1 What You Can Do in this Chapter
• Use the General screen to configure the security level of the firewall on the XMG (Section 17.2 on
page 185).
• Use the Protocol screen to add or remove predefined Internet services and configure firewall rules
(Section 17.3 on page 186).
• Use the Access Control screen to view and configure incoming/outgoing filtering rules (Section 17.4
on page 188).
• Use the DoS screen to activate protection against Denial of Service (DoS) attacks (.Section 17.5 on
page 190).
DSL
Chapter 17 Firewall
XMG3563-B10A User’s Guide
185
17.1.2 What You Need to Know
SYN Attack
A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted
system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-
ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are moved off the
queue only when an ACK comes back or when an internal timer terminates the three-way handshake.
Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable
for legitimate users.
DoS
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet.
Their goal is not to steal information, but to disable a device or network so users no longer have access
to network resources. The XMG is pre-configured to automatically detect and thwart all known DoS
attacks.
DDoS
A DDoS attack is one in which multiple compromised systems attack a single target, thereby causing
denial of service for users of the targeted system.
LAND Attack
In a LAND attack, hackers flood SYN packets into the network with a spoofed source IP address of the
target system. This makes it appear as if the host computer sent the packets to itself, making the system
unavailable while the target system tries to respond to itself.
Ping of Death
Ping of Death uses a "ping" utility to create and send an IP packet that exceeds the maximum 65,536
bytes of data allowed by the IP specification. This may cause systems to crash, hang or reboot.
SPI
Stateful Packet Inspection (SPI) tracks each connection crossing the firewall and makes sure it is valid.
Filtering decisions are based not only on rules but also context. For example, traffic from the WAN may
only be allowed to cross the firewall in response to a request from the LAN.
17.2 The Firewall Screen
Use this screen to set the security level of the firewall on the XMG. Firewall rules are grouped based on
the direction of travel of packets to which they apply.
Click Security > Firewall to display the General screen.
Chapter 17 Firewall
XMG3563-B10A User’s Guide
186
Figure 106 Security > Firewall > General
The following table describes the labels in this screen.
17.3 The Protocol Screen
You can configure customized services and port numbers in the Protocol screen. For a comprehensive
list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. See
Appendix C on page 308 for some examples.
Click Security > Firewall > Protocol to display the following screen.
Figure 107 Security > Firewall > Protocol
Table 77 Security > Firewall > General
LABEL DESCRIPTION
IPv4/IPv6
Firewall
Select Enable to activate the firewall feature on the XMG.
Low Select Low to allow LAN to WAN and WAN to LAN packet directions.
Medium Select Medium to allow LAN to WAN but deny WAN to LAN packet directions.
High Select High to deny LAN to WAN and WAN to LAN packet directions.
Apply Click Apply to save your changes.
Cancel Click Cancel to restore your previously saved settings.
Chapter 17 Firewall
XMG3563-B10A User’s Guide
187
The following table describes the labels in this screen.
17.3.1 Add/Edit a Service
Use this screen to add a customized service rule that you can use in the firewall’s ACL rule configuration.
Click Add New Protocol Entry or the edit icon next to an existing service rule in the Protocol screen to
display the following screen.
Figure 108 Security > Firewall > Protocol: Add/Edit
The following table describes the labels in this screen.
Table 78 Security > Firewall > Protocol
LABEL DESCRIPTION
Add New
Protocol Entry
Click this to add a new service.
Name This is the name of your customized service.
Description This is the description of your customized service.
Ports/Protocol
Number
This shows the IP protocol (TCP, UDP, ICMP, or TCP/UDP) and the port number or range of ports
that defines your customized service. Other and the protocol number displays if the service uses
another IP protocol.
Modify Click the Edit icon to edit the entry.
Click the Delete icon to remove this entry.
Table 79 Security > Firewall > Protocol: Add/Edit
LABEL DESCRIPTION
Service Name Enter a unique name (up to 32 printable English keyboard characters, including spaces) for your
customized port.
Description Enter a description for your customized port.
Protocol Choose the IP protocol (TCP, UDP, ICMP, ICMPv6 or Other) that defines your customized port
from the drop-down list box. Select Other to be able to enter a protocol number.
Source/
Destination Port
These fields are displayed if you select TCP or UDP as the IP port.
Select Single to specify one port only or Range to specify a span of ports that define your
customized service. If you select Any, the service is applied to all ports.
Type a single port number or the range of port numbers that define your customized service.
Protocol
Number
This field is displayed if you select Other as the protocol.
Enter the protocol number of your customized port.
ICMPv6 Type This field is displayed if you select ICMPv6 as the protocol.
Enter the type value for the ICMPv6 messages.
Chapter 17 Firewall
XMG3563-B10A User’s Guide
188
17.4 The Access Control Screen
Click Security > Firewall > Access Control to display the following screen. This screen displays a list of the
configured incoming or outgoing filtering rules.
Figure 109 Security > Firewall > Access Control
The following table describes the labels in this screen.
17.4.1 Add/Edit an ACL Rule
Click Add new ACL rule or the Edit icon next to an existing ACL rule in the Access Control screen. The
following screen displays.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
Table 79 Security > Firewall > Protocol: Add/Edit (continued)
LABEL DESCRIPTION
Table 80 Security > Firewall > Access Control
LABEL DESCRIPTION
Add New ACL
Rule
Click this to go to add a filter rule for incoming or outgoing IP traffic.
#This is the index number of the entry.
Name This displays the name of the rule.
Src IP This displays the source IP addresses to which this rule applies. Please note that a blank source
address is equivalent to Any.
Dst IP This displays the destination IP addresses to which this rule applies. Please note that a blank
destination address is equivalent to Any.
Service This displays the transport layer protocol that defines the service and the direction of traffic to
which this rule applies.
Action This field displays whether the rule silently discards packets (DROP), discards packets and sends a
TCP reset packet or an ICMP destination-unreachable message to the sender (REJECT) or allows
the passage of packets (ACCEPT).
Modify Click the Edit icon to edit the rule.
Click the Delete icon to delete an existing rule. Note that subsequent rules move up by one
when you take this action.
Click the Move To icon to change the order of the rule. Enter the number in the # field.
Chapter 17 Firewall
XMG3563-B10A User’s Guide
189
Figure 110 Access Control: Add/Edit
The following table describes the labels in this screen.
Table 81 Access Control: Add/Edit
LABEL DESCRIPTION
Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces,
underscores, and dashes.
You must enter the filter name to add an ACL rule. This field is read-only if you are editing the
ACL rule.
Order Select the order of the ACL rule.
Select Source
Device
Select the source device to which the ACL rule applies. If you select Specific IP Address, enter
the source IP address in the field below.
Source IP
Address
Enter the source IP address.
Select
Destination
Device
Select the destination device to which the ACL rule applies. If you select Specific IP Address,
enter the destiniation IP address in the field below.
Destination IP
Address
Enter the destination IP address.
IP Type Select whether your IP type is IPv4 or IPv6.
Select Service Select the transport layer protocol that defines your customized port from the drop-down list
box. The specific protocol rule sets you add in the Security > Firewall > Service > Add screen
display in this list.
If you want to configure a customized protocol, select Specific Service.
Protocol This field is displayed only when you select Specific Protocol in Select Protocol.
Choose the IP port (TCP/UDP, TCP, UDP, ICMP, or ICMPv6) that defines your customized port from
the drop-down list box.
Chapter 17 Firewall
XMG3563-B10A User’s Guide
190
17.5 The DoS Screen
DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and connection
requests, using so much bandwidth and so many resources that Internet access becomes unavailable.
Use the DoS screen to activate protection against DoS attacks. Click Security > Firewall > DoS to display
the following screen.
Figure 111 Security > Firewall > DoS
The following table describes the labels in this screen.
Custom Source
Port
This field is displayed only when you select Specific Protocol in Select Protocol.
Enter a single port number or the range of port numbers of the source.
Custom
Destination Port
This field is displayed only when you select Specific Protocol in Select Protocol.
Enter a single port number or the range of port numbers of the destination.
Policy Use the drop-down list box to select whether to discard (DROP), deny and send an ICMP
destination-unreachable message to the sender of (REJECT) or allow the passage of (ACCEPT)
packets that match this rule.
Direction Use the drop-down list box to select the direction of traffic to which this rule applies.
Enable Rate
Limit
Select Enable to set a limit on the upstream/downstream transmission rate for the specified
protocol.
Specify how many packets per minute or second the transmission rate is.
Scheduler Rules Select a schedule rule for this ACL rule form the drop-down list box. You can configure a new
schedule rule by click Add New Rule. This will bring you to the Security > Scheduler Rules screen.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
Table 81 Access Control: Add/Edit (continued)
LABEL DESCRIPTION
Table 82 Security > Firewall > DoS
LABEL DESCRIPTION
DoS Protection
Blocking
Select Enable to enable protection against DoS attacks.
Apply Click Apply to save your changes.
Cancel Click Cancel to exit this screen without saving.
XMG3563-B10A User’s Guide
191
CHAPTER 18
MAC Filter
18.1 Overview
You can configure the XMG to permit access to clients based on their MAC addresses in the MAC Filter
screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media
Access Control) address. The MAC address is assigned at the factory and consists of six pairs of
hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the
devices to configure this screen.
18.2 The MAC Filter Screen
Use this screen to allow wireless and LAN clients access to the XMG. Click Security > MAC Filter. The
screen appears as shown.
Figure 112 Security > MAC Filter
Chapter 18 MAC Filter
XMG3563-B10A User’s Guide
192
The following table describes the labels in this screen.
Table 83 Security > MAC Filter
LABEL DESCRIPTION
MAC Address Filter Select Enable to activate the MAC filter function.
MAC Restrict Mode Select Allow to only permit the listed MAC addresses access to the XMG. Select Deny to
permit anyone access to the XMG except the listed MAC addresses.
Set This is the index number of the MAC address.
Active Select Active to enable the MAC filter rule. . The rule will not be applied if Active is not
selected.
Host Name Enter the host name of the wireless or LAN clients that are allowed access to the XMG.
MAC Address Enter the MAC addresses of the wireless or LAN clients that are allowed access to the XMG
in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six
hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
Apply Click Apply to save your changes.
Cancel Click Cancel to restore your previously saved settings.
XMG3563-B10A User’s Guide
193
CHAPTER 19
Parental Control
19.1 Overview
Parental control allows you to block web sites with the specific URL. You can also define time periods
and days during which the XMG performs parental control on a specific user.
19.2 The Parental Control Screen
Use this screen to enable parental control, view the parental control rules and schedules.
Click Security > Parental Control to open the following screen.
Figure 113 Security > Parental Control
The following table describes the fields in this screen.
Table 84 Security > Parental Control
LABEL DESCRIPTION
General
Parental Control Select Enable to activate parental control.
Parental Control Profile (PCP)
Add New PCP Click this if you want to configure a new Parental Control Profile.
#This shows the index number of the rule.
Status This indicates whether the rule is active or not.
A yellow bulb signifies that this rule is active. A gray bulb signifies that this rule is not active.
PCP Name This shows the name of the rule.
Home Network
User MAC
This shows the MAC address of the LAN user’s computer to which this rule applies.
Internet Access
Schedule
This shows the day(s) and time on which parental control is enabled.
Network Service This shows whether the network service is configured. If not, None will be shown.
Chapter 19 Parental Control
XMG3563-B10A User’s Guide
194
19.2.1 Add/Edit a Parental Control Profile
Click Add New PCP in the Parental Control screen to add a new rule or click the Edit icon next to an
existing rule to edit it. Use this screen to configure a restricted access schedule and/or URL filtering
settings to block the users on your network from accessing certain web sites.
Figure 114 Parental Control Rule: Add/Edit Rule
Website
Blocked
This shows whether the website block is configured. If not, None will be shown.
Modify Click the Edit icon to go to the screen where you can edit the rule.
Click the Delete icon to delete an existing rule.
Apply Click Apply to save your changes.
Cancel Click Cancel to restore your previously saved settings.
Table 84 Security > Parental Control (continued)
LABEL DESCRIPTION
Chapter 19 Parental Control
XMG3563-B10A User’s Guide
195
The following table describes the fields in this screen.
Table 85 Parental Control Rule: Add/Edit
LABEL DESCRIPTION
General
Active Select to enable or disable this parental control rule.
Parental Control
Profile Name
Enter a descriptive name for the rule.
Home Network
User
Select the LAN user that you want to apply this rule to from the drop-down list box. If you select
Custom, enter the LAN user’s MAC address. If you select All, the rule applies to all LAN users.
Rule List In Home Network User, select Custom, enter the LAN user’s MAC address, then click the Add
icon to enter a computer MAC address for this PCP. Up to five are allowed. Click the Delete icon
to remove one.
Internet Access Schedule
Day Select check boxes for the days that you want the XMG to perform parental control.
Time Drag the time bar to define the time that the LAN user is allowed access (Authorized access) or
denied access (No access). Click the Add icon above the time bar to add a new time bar. Up
to three are allowed.
Network Service
Network Service
Setting
If you select Block, the XMG prohibits the users from viewing the Web sites with the URLs listed
below.
If you select Allow, the XMG blocks access to all URLs except ones listed below.
Add New
Service
Click this to show a screen in which you can add a new service rule. You can configure the
Service Name, Protocol, and Name of the new rule.
#This shows the index number of the rule.
Service Name This shows the name of the rule.
Protocol:Port This shows the protocol and the port of the rule.
Modify Click the Edit icon to go to the screen where you can edit the rule.
Click the Delete icon to delete an existing rule.
Site/URL Keyword
Block or Allow
the Web Site
If you select Block the Web URLs, the XMG prohibits the users from viewing the Web sites with the
URLs listed below.
If you select Allow the Web URLs, the XMG blocks access to all URLs except ones listed below.
Add Click Add to show a screen to enter the URL of web site or URL keyword to which the XMG blocks
or allows access.
#This shows the index number of the rule.
WebSite This shows the URL of web site or URL keyword to which the XMG blocks or allows access.
Modify Click the Edit icon to go to the screen where you can edit the rule.
Click the Delete icon to delete an existing rule.
Chapter 19 Parental Control
XMG3563-B10A User’s Guide
196
Click Security > Parental Control > Add/Edit Rule > Add New Service to open the following screen.
Figure 116 Parental Control Rule: Add/Edit Rule > Add New Service
The following table describes the fields in this screen.
Click Security > Parental Control > Add/Edit Rule > Add Keyword to open the following screen.
Redirect
blocked site to
Zyxel Family
Safety page
Select this to redirect users who access any blocked websites listed above to the Zyxel Family
Safety page as shown next.
Figure 115 Zyxel Family Safety Page Example
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
Table 86 Parental Control Rule: Add/Edit Rule > Add New Service
LABEL DESCRIPTION
Service Name Select the name of the service. Otherwise, select User Define and manualy specify
the protocol and the port of the service.
If you have chosen a pre-defined service in the Service Name field, this field will not
be configurable.
Protocol Select the transport layer protocol used for the service. Choices are TCP, UDP, or TCP
& UDP.
Port Enter the port of the service.
If you have chosen a pre-defined service in the Service Name field, this field will not
be configurable.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
Table 85 Parental Control Rule: Add/Edit (continued)
LABEL DESCRIPTION
Chapter 19 Parental Control
XMG3563-B10A User’s Guide
197
Figure 117 Parental Control Rule: Add/Edit Rule > Add Keyword
The following table describes the fields in this screen.
Table 87 Parental Control Rule: Add/Edit Rule > Add Keyword
LABEL DESCRIPTION
Site/URL Keyword Enter a keyword and click OK to have the XMG to block access to the website URLs
that contain the keyword
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
XMG3563-B10A User’s Guide
198
CHAPTER 20
Scheduler Rule
20.1 Overview
You can define time periods and days during which the XMG performs scheduled rules of certain
features (such as Firewall Access Control) in the Scheduler Rule screen.
20.2 The Scheduler Rule Screen
Use this screen to view, add, or edit time schedule rules.
Click Security > Scheduler Rule to open the following screen.
Figure 118 Security > Scheduler Rule
The following table describes the fields in this screen.
20.2.1 Add/Edit a Schedule
Click the Add New Rule button in the Scheduler Rule screen or click the Edit icon next to a schedule rule
to open the following screen. Use this screen to configure a restricted access schedule.
Table 88 Security > Scheduler Rule
LABEL DESCRIPTION
Add New Rule Click this to create a new rule.
#This is the index number of the entry.
Rule Name This shows the name of the rule.
Day This shows the day(s) on which this rule is enabled.
Time This shows the period of time on which this rule is enabled.
Description This shows the description of this rule.
Modify Click the Edit icon to edit the schedule.
Click the Delete icon to delete a scheduler rule.
Note: You cannot delete a scheduler rule once it is applied to a certain feature.
Chapter 20 Scheduler Rule
XMG3563-B10A User’s Guide
199
Figure 119 Scheduler Rule: Add/Edit
The following table describes the fields in this screen.
Table 89 Scheduler Rule: Add/Edit
LABEL DESCRIPTION
Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this
schedule.
Day Select check boxes for the days that you want the XMG to perform this scheduler rule.
Time of Day
Range
Enter the time period of each day, in 24-hour format, during which the rule will be enforced.
Description Enter a description for this scheduler rule.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
XMG3563-B10A User’s Guide
200
CHAPTER 21
Certificates
21.1 Overview
The XMG can use certificates (also called digital IDs) to authenticate users. Certificates are based on
public-private key pairs. A certificate contains the certificate owner’s identity and public key.
Certificates provide a way to exchange public keys for use in authentication.
21.2 What You Can Do in this Chapter
• Use the Local Certificates screen to generate certification requests and import the XMG's CA-signed
certificates (Section 21.5 on page 204).
• Use the Trusted CA screen to save the certificates of trusted CAs to the XMG (Section 21.5 on page
204).
21.3 What You Need to Know
The following terms and concepts may help as you read through this chapter.
Certification Authority
A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner.
There are commercial certification authorities like CyberTrust or VeriSign and government certification
authorities. The certification authority uses its private key to sign certificates. Anyone can then use the
certification authority's public key to verify the certificates. You can use the XMG to generate
certification requests that contain identifying information and public keys and then send the
certification requests to a certification authority.
21.4 The Local Certificates Screen
Click Security > Certificates to open the Local Certificates screen. This is the XMG’s summary list of
certificates and certification requests.
Chapter 21 Certificates
XMG3563-B10A User’s Guide
201
Figure 120 Security > Certificates > Local Certificates
The following table describes the labels in this screen.
21.4.1 Create Certificate Request
Click Security > Certificates > Local Certificates and then Create Certificate Request to open the
following screen. Use this screen to have the XMG generate a certification request.
Table 90 Security > Certificates > Local Certificates
LABEL DESCRIPTION
Private Key is
protected by a
password
Select the checkbox and enter the private key into the text box to store it on the XMG. The
private key should not exceed 63 ASCII characters (not including spaces).
Choose File Click this to find the certificate file you want to upload.
Import Certificate Click this button to save the certificate that you have enrolled from a certification authority
from your computer to the XMG.
Create Certificate
Request
Click this button to go to the screen where you can have the XMG generate a certification
request.
Current File This field displays the name used to identify this certificate. It is recommended that you give
each certificate a unique name.
Subject This field displays identifying information about the certificate’s owner, such as CN (Common
Name), OU (Organizational Unit or department), O (Organization or company) and C
(Country). It is recommended that each certificate have unique subject information.
Issuer This field displays identifying information about the certificate’s issuing certification authority,
such as a common name, organizational unit or department, organization or company and
country.
Valid From This field displays the date that the certificate becomes applicable. The text displays in red
and includes a Not Yet Valid! message if the certificate has not yet become applicable.
Valid To This field displays the date that the certificate expires. The text displays in red and includes an
Expiring! or Expired! message if the certificate is about to expire or has already expired.
Modify Click the View icon to open a screen with an in-depth list of information about the certificate
(or certification request).
For a certification request, click Load Signed to import the signed certificate.
Click the Remove icon to delete the certificate (or certification request). You cannot delete a
certificate that one or more features is configured to use.
Chapter 21 Certificates
XMG3563-B10A User’s Guide
202
Figure 121 Create Certificate Request
The following table describes the labels in this screen.
After you click Apply, the following screen displays to notify you that you need to get the certificate
request signed by a Certificate Authority. If you already have, click Load_Signed to import the signed
certificate into the XMG. Otherwise click Back to return to the Local Certificates screen.
Table 91 Create Certificate Request
LABEL DESCRIPTION
Certificate
Name
Type up to 63 ASCII characters (not including spaces) to identify this certificate.
Common Name Select Auto to have the XMG configure this field automatically. Or select Customize to enter it
manually.
Type the IP address (in dotted decimal notation), domain name or e-mail address in the field
provided. The domain name or e-mail address can be up to 63 ASCII characters. The domain
name or e-mail address is for identification purposes only and can be any string.
Organization
Name
Type up to 63 characters to identify the company or group to which the certificate owner
belongs. You may use any character, including spaces, but the XMG drops trailing spaces.
State/Province
Name
Type up to 32 characters to identify the state or province where the certificate owner is located.
You may use any character, including spaces, but the XMG drops trailing spaces.
Country/Region
Name
Select a country to identify the nation where the certificate owner is located.
Apply Click Apply to save your changes.
Cancel Click Cancel to exit this screen without saving.
Chapter 21 Certificates
XMG3563-B10A User’s Guide
203
Figure 122 Certificate Request Created
21.4.2 Load Signed Certificate
After you create a certificate request and have it signed by a Certificate Authority, in the Local
Certificates screen click the certificate request’s Load Signed icon to import the signed certificate into
the XMG.
Note: You must remove any spaces from the certificate’s filename before you can import it.
Figure 123 Load Signed Certificate
Chapter 21 Certificates
XMG3563-B10A User’s Guide
204
The following table describes the labels in this screen.
21.5 The Trusted CA Screen
Click Security > Certificates > Trusted CA to open the following screen. This screen displays a summary list
of certificates of the certification authorities that you have set the XMG to accept as trusted. The XMG
accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you
do not need to import any certificate that is signed by one of these certification authorities.
Figure 124 Security > Certificates > Trusted CA
The following table describes the fields in this screen.
21.5.1 View Trusted CA Certificate
Click the View icon in the Trusted CA screen to open the following screen. Use this screen to view in-
depth information about the certification authority’s certificate.
Table 92 Load Signed Certificate
LABEL DESCRIPTION
Certificate
Name
This is the name of the signed certificate.
Certificate Copy and paste the signed certificate into the text box to store it on the XMG.
Apply Click Apply to save your changes.
Cancel Click Cancel to exit this screen without saving.
Table 93 Security > Certificates > Trusted CA
LABEL DESCRIPTION
Import
Certificate
Click this button to open a screen where you can save the certificate of a certification authority
that you trust to the XMG.
# This is the index number of the entry.
Name This field displays the name used to identify this certificate.
Subject This field displays information that identifies the owner of the certificate, such as Common Name
(CN), OU (Organizational Unit or department), Organization (O), State (ST) and Country (C). It is
recommended that each certificate have unique subject information.
Type This field displays general information about the certificate. ca means that a Certification
Authority signed the certificate.
Modify Click the View icon to open a screen with an in-depth list of information about the certificate (or
certification request).
Click the Remove button to delete the certificate (or certification request). You cannot delete a
certificate that one or more features is configured to use.
Chapter 21 Certificates
XMG3563-B10A User’s Guide
205
Figure 125 Trusted CA: View
The following table describes the fields in this screen.
21.5.2 Import Trusted CA Certificate
Click the Import Certificate button in the Trusted CA screen to open the following screen. The XMG trusts
any valid certificate signed by any of the imported trusted CA certificates.
Table 94 Trusted CA: View
LABEL DESCRIPTION
Name This field displays the identifying name of this certificate.
Type This field displays general information about the certificate. ca means that a Certification
Authority signed the certificate.
Subject This field displays information that identifies the owner of the certificate, such as Common Name
(CN), Organizational Unit (OU), Organization (O) and Country (C).
Certificate This read-only text box displays the certificate in Privacy Enhanced Mail (PEM) format. PEM uses
base 64 to convert the binary certificate into a printable form.
You can copy and paste the certificate into an e-mail to send to friends or colleagues or you
can copy and paste the certificate into a text editor and save the file on a management
computer for later distribution (via floppy disk for example).
Back Click Back to return to the previous screen.
Chapter 21 Certificates
XMG3563-B10A User’s Guide
206
Figure 126 Trusted CA: Import Certificate
The following table describes the fields in this screen.
Table 95 Trusted CA: Import Certificate
LABEL DESCRIPTION
Certificate File
Path
Type in the location of the certificate you want to upload in this field or click Choose File to find
it.
Apply Click Apply to save your changes.
Cancel Click Cancel to exit this screen without saving.
XMG3563-B10A User’s Guide
207
CHAPTER 22
VoIP
22.1 Overview
Use this chapter to:
• Connect an analog phone to the XMG.
• Make phone calls over the Internet, as well as the regular phone network.
• Configure settings such as speed dial.
• Configure network settings to optimize the voice quality of your phone calls.
22.1.1 What You Can Do in this Chapter
These screens allow you to configure your XMG to make phone calls over the Internet and your regular
phone line, and to set up the phones you connect to the XMG.
• Use the SIP Account screen () to set up information about your SIP account, control which SIP
accounts the phones connected to the XMG use and configure audio settings such as volume levels
for the phones connected to the XMG.
• Use the SIP Service Provider screen () to configure the SIP server information, QoS for VoIP calls, the
numbers for certain phone functions, and dialing plan.
• Use the Phone Device screen () to view detailed information of the XMG’s phone ports.
• Use the Region screen () to change settings that depend on the country you are in.
• Use the Call Rule screen () to set up shortcuts for dialing frequently-used (VoIP) phone numbers.
You don’t necessarily need to use all these screens to set up your account. In fact, if your service
provider did not supply information on a particular field in a screen, it is usually best to leave it at its
default setting.
22.1.2 What You Need to Know About VoIP
VoIP
VoIP stands for Voice over IP. IP is the Internet Protocol, which is the message-carrying standard the
Internet runs on. So, Voice over IP is the sending of voice signals (speech) over the Internet (or another
network that uses the Internet Protocol).
SIP
SIP stands for Session Initiation Protocol. SIP is a signalling standard that lets one network device (like a
computer or the XMG) send messages to another. In VoIP, these messages are about phone calls over
Chapter 22 VoIP
XMG3563-B10A User’s Guide
208
the network. For example, when you dial a number on your XMG, it sends a SIP message over the
network asking the other device (the number you dialed) to take part in the call.
SIP Accounts
A SIP account is a type of VoIP account. It is an arrangement with a service provider that lets you make
phone calls over the Internet. When you set the XMG to use your SIP account to make calls, the XMG is
able to send all the information about the phone call to your service provider on the Internet. Strictly
speaking, you don’t need a SIP account. It is possible for one SIP device (like the XMG) to call another
without involving a SIP service provider. However, the networking difficulties involved in doing this make
it tremendously impractical under normal circumstances. Your SIP account provider removes these
difficulties by taking care of the call routing and setup - figuring out how to get your call to the right
place in a way that you and the other person can talk to one another.
22.2 Before You Begin
• Before you can use these screens, you need to have a VoIP account already set up. If you don’t
have one yet, you can sign up with a VoIP service provider over the Internet.
• You should have the information your VoIP service provider gave you ready, before you start to
configure the XMG.
22.3 The SIP Account Screen
The XMG uses a SIP account to make outgoing VoIP calls and check if an incoming call’s destination
number matches your SIP account’s SIP number. In order to make or receive a VoIP call, you need to
enable and configure a SIP account, and map it to a phone port. The SIP account contains information
that allows your VMG to connect to your VoIP service provider.
See Section 21.3.1 on page 219 for how to map a SIP account to a phone port.
Use this screen to view SIP account information. You can also enable and disable each SIP account. To
access this screen, click VoIP > SIP > SIP Account.
Figure 127 VoIP > SIP > SIP Account
The following table describes the labels in this screen.
Table 96 VoIP > SIP > SIP Account
LABEL DESCRIPTION
Add New Account Click this to configure a SIP account.
# This is the index number of the entry.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
209
22.3.1 The SIP Account Add/Edit Screen
Use this screen to configure a SIP account and map it to a phone port. To access this screen, click the
Add New Account button or click the Edit icon of an entry in the VoIP > SIP > SIP Account screen.
Enable This shows whether the SIP account is activated or not.
A yellow bulb signifies that this SIP account is activated. A gray bulb signifies that this
SIP account is not activated.
SIP Account This shows the name of the SIP account.
Service Provider This shows the name of the SIP service provider.
Account Number This shows the SIP number.
Modify Click the Edit icon to configure the SIP account.
Click the Delete icon to delete this SIP account from the XMG.
Table 96 VoIP > SIP > SIP Account
LABEL DESCRIPTION
Chapter 22 VoIP
XMG3563-B10A User’s Guide
210
Figure 128 VoIP > SIP > SIP Account > Add New Account/Edit
Chapter 22 VoIP
XMG3563-B10A User’s Guide
211
Each field is described in the following table.
Table 97 VoIP > SIP > SIP Account > Add New Account/Edit
LABEL DESCRIPTION
SIP Account Selection
SIP Account
Selection
This field displays ADD_NEW if you are creating a new SIP account or the SIP account you are
modifying.
SIP Service Provider Association
SIP Account
Associated with
Select the SIP service provider profile to use for the SIP account you are configuring in this
screen. This field is read-only when you are modifying a SIP account.
General
Enable SIP
Account
Select this if you want the XMG to use this account. Clear it if you do not want the XMG to use
this account.
SIP Account
Number
Enter your SIP number. In the full SIP URI, this is the part before the @ symbol. You can use up to
127 printable ASCII characters.
Authentication
Username Enter the user name for registering this SIP account, exactly as it was given to you. You can use
up to 95 printable ASCII characters.
Password Enter the user name for registering this SIP account, exactly as it was given to you. You can use
up to 95 printable ASCII Extended set characters.
URL Type
URL Type Select whether or not to include the SIP service domain name when the XMG sends the SIP
number.
SIP - include the SIP service domain name.
TEL - do not include the SIP service domain name.
Voice Features
Primary
Compression Type
Secondary
Compression Type
Third Compression
Type
Select the type of voice coder/decoder (codec) that you want the XMG to use.
G.711 provides high voice quality but requires more bandwidth (64 kbps). G.711 is the default
codec used by phone companies and digital handsets.
•G.711a is typically used in Europe.
•G.711u is typically used in North America and Japan.
G.726-24 operates at 24 kbps.
G.726-32 operates at 32 kbps.
G.722 is a 7 KHz wideband voice codec that operates at 48, 56 and 64 kbps. By using a
sample rate of 16 kHz, G.722 can provide higher fidelity and better audio quality than
narrowband codecs like G.711, in which the voice signal is sampled at 8 KHz.
The XMG must use the same codec as the peer. When two SIP devices start a SIP session, they
must agree on a codec.
Select the XMG’s first choice for voice coder/decoder.
Select the XMG’s second choice for voice coder/decoder. Select None if you only want the
XMG to accept the first choice.
Select the XMG’s third choice for voice coder/decoder. Select None if you only want the
XMG to accept the first or second choice.
Speaking Volume
Control
Select the loudness that the XMG uses for speech that it sends to the peer device.
-12 is the quietest, and 12 is the loudest.
Listening Volume
Control
Select the loudness that the XMG uses for speech that it receives from the peer device.
-12 is the quietest, and 12 is the loudest.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
212
Enable G.168
(Echo
Cancellation)
Select this if you want to eliminate the echo caused by the sound of your voice reverberating
in the telephone receiver while you talk.
Enable VAD
(Voice Active
Detector)
Select this if the XMG should stop transmitting when you are not speaking. This reduces the
bandwidth the XMG uses.
Call Features
Send Caller ID Select this if you want to send identification when you make VoIP phone calls. Clear this if you
do not want to send identification.
Enable Call
Transfer
Select this to enable call transfer on the XMG. This allows you to transfer an incoming call (that
you have answered) to another phone.
Enable Call
Waiting
Select this to enable call waiting on the XMG. This allows you to place a call on hold while you
answer another incoming call on the same telephone number.
Call Waiting
Reject Timer
Specify a time of seconds that the XMG waits before rejecting the second call if you do not
answer it.
Enable
Unconditional
Forward
Select this if you want the XMG to forward all incoming calls to the specified phone number.
Specify the phone number in the To Number field on the right.
Enable Busy
Forward
Select this if you want the XMG to forward incoming calls to the specified phone number if the
phone port is busy.
Specify the phone number in the To Number field on the right.
If you have call waiting, the incoming call is forwarded to the specified phone number if you
reject or ignore the second incoming call.
Enable No Answer
Forward
Select this if you want the XMG to forward incoming calls to the specified phone number if the
call is unanswered. (See No Answer Time.)
Specify the phone number in the To Number field on the right.
No Answer Time This field is used by the Active No Answer Forward feature.
Enter the number of seconds the XMG should wait for you to answer an incoming call before it
considers the call is unanswered.
Enable Do Not
Disturb (DND)
Select this to set your phone to not ring when someone calls you.
Active Incoming
Anonymous Call
Block
Select this if you do not want the phone to ring when someone tries to call you with caller ID
deactivated.
Enable MWI
(Message Waiting
Indication)
Select this if you want to hear a waiting (beeping) dial tone on your phone when you have at
least one voice message. Your VoIP service provider must support this feature.
MWI Subscribe
Expiration Time
Keep the default value for this field, unless your VoIP service provider tells you to change it.
Enter the number of seconds the SIP server should provide the message waiting service each
time the XMG subscribes to the service. Before this time passes, the XMG automatically
subscribes again.
Hot Line / Warm
Line Number
Select this to enable the hot line or warm line feature on the XMG.
Warm Line Select this to have the XMG dial the specified warm line number after you pick up the
telephone and do not press any keys on the keypad for a period of time.
Hot Line Select this to have the XMG dial the specified hot line number immediately when you pick up
the telephone.
Hot Line / Warm
Line Number
Enter the number of the hot line or warm line that you want the XMG to dial.
Table 97 VoIP > SIP > SIP Account > Add New Account/Edit (continued)
LABEL DESCRIPTION
Chapter 22 VoIP
XMG3563-B10A User’s Guide
213
22.4 The SIP Service Provider Screen
Use this screen to view the SIP service provider information on the XMG. Click VoIP > SIP > SIP Service
Provider to open the following screen.
Figure 129 VoIP > SIP > SIP Service Provider
Each field is described in the following table.
Warm Line Timer Enter a number of seconds that the XMG waits before dialing the warm line number if you pick
up the telephone and do not press any keys on the keypad.
Enable Missed Call
E-mail Notification
Select this option to have the XMG e-mail you a notification when there is a missed call.
Mail Account Select a mail account for the e-mail address specified below. If you select None here, e-mail
notifications will not be sent via e-mail.
You must have configured a mail account already in the E-mail Notification screen.
Send
Notification to
E-mail
Notifications are sent to the e-mail address specified in this field. If this field is left blank,
notifications will not be sent via e-mail.
Missed Call E-
mail Title Type a title that you want to be in the subject line of the e-mail notifications that the XMG
sends.
Early Media Select this option if you want people to hear a customized recording when they call you.
IVR Play Index Select the tone you want people to hear when they call you.
This field is configurable only when you select Early Media. See Section 22.10 on page 222 for
information on how to record these tones.
Music On Hold Select this option to play a customized recording when you put people on hold.
IVR Play Index Select the tone to play when you put someone on hold.
This field is configurable only when you select Music On Hold. See Section 22.10 on page 222
for information on how to record these tones.
Apply Click this to save your changes and to apply them to the XMG.
Cancel Click this to set every field in this screen to its last-saved value.
Table 97 VoIP > SIP > SIP Account > Add New Account/Edit (continued)
LABEL DESCRIPTION
Table 98 VoIP > SIP > SIP Service Provider
LABEL DESCRIPTION
Add New Provider Click this to configure a new service provider on the XMG.
# This is the index number of the entry.
SIP Service
Provider Name
This shows the name of the SIP service provider.
SIP Proxy Server
Address
This shows the IP address or domain name of the SIP server.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
214
22.4.1 The SIP Service Provider Add/Edit Screen
Use this screen to configure a SIP service provider on the XMG. Click the Add New Provider button or an
Edit icon in the VoIP > SIP > SIP Service Provider to open the following screen.
Note: Click more to see all the fields in the screen. You don’t necessarily need to use all these
fields to set up your account. Click less to see and configure only the fields needed for
this feature.
REGISTER Server
Address
This shows the IP address or domain name of the SIP register server.
SIP Service
Domain
This shows the SIP service domain name.
Modify Click the Edit icon to configure the SIP service provider.
Click the Delete icon to delete this SIP service provider from the XMG.
Table 98 VoIP > SIP > SIP Service Provider (continued)
LABEL DESCRIPTION
Chapter 22 VoIP
XMG3563-B10A User’s Guide
215
Figure 130 VoIP > SIP > SIP Service Provider > Add New Provider/Edit
Chapter 22 VoIP
XMG3563-B10A User’s Guide
216
Each field is described in the following table.
Table 99 VoIP > SIP > SIP Service Provider > Add New Provider/Edit
LABEL DESCRIPTION
SIP Service Provider Selection
Service Provider
Selection
Select the SIP service provider profile you want to use for the SIP account you configure in this
screen. If you change this field, the screen automatically refreshes.
General
SIP Service
Provider
Select this to enable the SIP service provider.
SIP Service
Provider Name
Enter the name of your SIP service provider.
SIP Local Port Enter the XMG’s listening port number, if your VoIP service provider gave you one. Otherwise,
keep the default value.
SIP Proxy Server
Address
Enter the IP address or domain name of the SIP server provided by your VoIP service provider.
You can use up to 95 printable ASCII characters. It does not matter whether the SIP server is a
proxy, redirect or register server.
SIP Proxy Server
Port
Enter the SIP server’s listening port number, if your VoIP service provider gave you one.
Otherwise, keep the default value.
SIP REGISTRAR
Server Address
Enter the IP address or domain name of the SIP register server, if your VoIP service provider gave
you one. Otherwise, enter the same address you entered in the SIP Server Address field. You can
use up to 95 printable ASCII characters.
SIP REGISTRAR
Server Port
Enter the SIP register server’s listening port number, if your VoIP service provider gave you one.
Otherwise, enter the same port number you entered in the SIP Server Port field.
SIP Service
Domain
Enter the SIP service domain name. In the full SIP URI, this is the part after the @ symbol. You can
use up to 127 printable ASCII Extended set characters.
RFC Support
PRACK (RFC
3262, Require:
100rel)
PRACK (RFC 3262) defines a mechanism to provide reliable transmission of SIP provisional
response messages, which convey information on the processing progress of the request. This
uses the option tag 100rel and the Provisional Response ACKnowledgement (PRACK) method.
Select this to have the the peer device require the option tag 100rel to send provisional
responses reliably.
VoIP IOP Flags Select the VoIP inter-operability settings you want to activate.
Replace dial
digit '#' to '%23'
in SIP messages
Replace a dial digit “#” with “%23” in the INVITE messages.
Remove the
'Route' header
in SIP messages
Remove the 'Route' header in SIP packets.
Bound Interface Name
Bound Interface
Name
If you select Any_WAN, the XMG automatically activates the VoIP service when any WAN
connection is up.
If you select MultiWAN, you also need to select two or more pre-configured WAN interfaces. The
VoIP service is activated only when one of the selected WAN connections is up.
Outbound Proxy
Outbound Proxy
Address
Enter the IP address or domain name of the SIP outbound proxy server if your VoIP service
provider has a SIP outbound server to handle voice calls. This allows the XMG to work with any
type of NAT router and eliminates the need for STUN or a SIP ALG. Turn off any SIP ALG on a NAT
router in front of the XMG to keep it from re-translating the IP address (since this is already
handled by the outbound proxy server).
Outbound Proxy
Port
Enter the SIP outbound proxy server’s listening port, if your VoIP service provider gave you one.
Otherwise, keep the default value.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
217
Use DHCP
Option 120 First
Select this to enable the SIP server via DHCP option 120.
RTP Port Range
Start Port
End Port
Enter the listening port number(s) for RTP traffic, if your VoIP service provider gave you this
information. Otherwise, keep the default values.
To enter one port number, enter the port number in the Start Port and End Port fields.
To enter a range of ports,
• enter the port number at the beginning of the range in the Start Port field.
• enter the port number at the end of the range in the End Port field.
SRTP Support
SRTP Support When you make a VoIP call using SIP, the Real-time Transport Protocol (RTP) is used to handle
voice data transfer. The Secure Real-time Transport Protocol (SRTP) is a security profile of RTP. It is
designed to provide encryption and authentication for the RTP data in both unicast and
multicast applications.
The XMG supports encryption using AES with a 128-bit key. To protect data integrity, SRTP uses a
Hash-based Message Authentication Code (HMAC) calculation with Secure Hash Algorithm
(SHA)-1 to authenticate data. HMAC SHA-1 produces a 80 or 32-bit authentication tag that is
appended to the packet.
Both the caller and callee should use the same algorithms to establish an SRTP session.
Crypto Suite Select the encryption and authentication algorithm set used by the XMG to set up an SRTP
media session with the peer device.
Select AES_CM_128_HMAC_SHA1_80 or AES_CM_128_HMAC_SHA1_32 to enable both data
encryption and authentication for voice data.
Select AES_CM_128_NULL to use 128-bit data encryption but disable data authentication.
Select NULL_CIPHER_HMAC_SHA1_80 to disable encryption but require authentication using the
default 80-bit tag.
DTMF Mode
DTMF Mode Control how the XMG handles the tones that your telephone makes when you push its buttons.
You should use the same mode your VoIP service provider uses.
RFC2833 - send the DTMF tones in RTP packets.
PCM - send the DTMF tones in the voice data stream. This method works best when you are using
a codec that does not use compression (like G.711). Codecs that use compression (like G.729
and G.726) can distort the tones.
SIP INFO - send the DTMF tones in SIP messages.
Transport Type
Transport Type Select the transport layer protocol UDP or TCP (usually UDP) used for SIP.
Ignore Direct IP Select Enable to have the connected CPE devices accept SIP requests only from the SIP proxy/
register server specified above. SIP requests sent from other IP addresses will be ignored.
FAX Option This field controls how the XMG handles fax messages.
G711 Fax
Passthrough
Select this if the XMG should use G.711 to send fax messages. You have to also select which
operating codec (G.711Mulaw or G.711Alaw) to use for encoding/decoding FAX data. The
peer devices must use the same settings.
T38 Fax Relay Select this if the XMG should send fax messages as UDP or TCP/IP packets through IP networks.
This provides better quality, but it may have inter-operability problems. The peer devices must
also use T.38.
QoS Tag
Table 99 VoIP > SIP > SIP Service Provider > Add New Provider/Edit (continued)
LABEL DESCRIPTION
Chapter 22 VoIP
XMG3563-B10A User’s Guide
218
22.5 The Phone Device Screen
Use this screen to view detailed information of the XMG’s phone ports. To access this screen, click VoIP >
Phone > Phone Device.
Figure 131 VoIP > Phone > Phone Device
SIP DSCP Mark
Setting
Enter the DSCP (DiffServ Code Point) number for SIP message transmissions. The XMG creates
Class of Service (CoS) priority tags with this number to SIP traffic that it transmits.
RTP DSCP Mark
Setting
Enter the DSCP (DiffServ Code Point) number for RTP voice transmissions. The XMG creates Class
of Service (CoS) priority tags with this number to RTP traffic that it transmits.
Timer Setting
SIP Register
Expiration
Duration
Enter the number of seconds your SIP account is registered with the SIP register server before it is
deleted. The XMG automatically tries to re-register your SIP account when one-half of this time
has passed. (The SIP register server might have a different expiration.)
SIP Register Fail
Re-try timer
Enter the number of seconds the XMG waits before it tries again to register the SIP account, if the
first try failed or if there is no response.
Session Expires
(SE)
Enter the number of seconds the XMG lets a SIP session remain idle (without traffic) before it
automatically disconnects the session.
Min-SE Enter the minimum number of seconds the XMG lets a SIP session remain idle (without traffic)
before it automatically disconnects the session. When two SIP devices start a SIP session, they
must agree on an expiration time for idle sessions. This field is the shortest expiration time that the
XMG accepts.
Dialing Interval Selection
Dialing Interval
Selection
Enter the number of seconds the XMG should wait after you stop dialing numbers before it
makes the phone call. The value depends on how quickly you dial phone numbers.
DNS SRV
Enable DNS SRV Select this to have the XMG use DNS procedures to resolve the SIP domain and find the SIP
server’s IP address, port number and supported transport protocol(s).
The XMG first uses DNS Name Authority Pointer (NAPTR) records to determine the transport
protocols supported by the SIP server. It then performs DNS Service (SRV) query to determine the
port number for the protocol. The XMG resolves the SIP server’s IP address by a standard DNS
address record lookup.
The SIP Server Port and REGISTER Server Port fields in the General section above are grayed out
and not applicable and the Transport Type can also be set to AUTO if you enable this option.
Apply Click Apply to save your changes.
Cancel Click Cancel to restore your previously saved settings.
Table 99 VoIP > SIP > SIP Service Provider > Add New Provider/Edit (continued)
LABEL DESCRIPTION
Chapter 22 VoIP
XMG3563-B10A User’s Guide
219
Each field is described in the following table.
22.5.1 The Phone Device Edit Screen
Use this screen to control which SIP account and PSTN line each phone uses. Click an Edit icon in the
VoIP > Phone > Phone Device to open the following screen.
Figure 132 VoIP > Phone > Phone Device > Edit
Each field is described in the following table.
Table 100 VoIP > Phone > Phone Device
LABEL DESCRIPTION
#This displays the index number of the phone device.
Phone ID This field displays the name of a phone port on the XMG.
Internal Number This field displays the internal call prefix of a phone port on the XMG.
Incoming SIP
Number
This field displays the SIP number that you use to receive calls on this phone port.
Outgoing SIP
Number
This field displays the SIP number that you use to make calls on this phone port.
Modify Click the Edit icon to configure the SIP account.
Table 101 VoIP > Phone > Phone Device > Edit
LABEL DESCRIPTION
SIP Account to
Make Outgoing
Call
Select the SIP account you want to use when making outgoing calls with the analog phone
connected to this phone port.
SIP Account(s) to
Receive
Incomming Call
Select a SIP account if you want to receive phone calls for the selected SIP account on this
phone port.
If you select more than one SIP account for incoming calls, there is no way to distinguish
between them when you receive phone calls. If you do not select a source for incoming calls,
you cannot receive any calls on this phone port.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
220
22.6 The Region Screen
Use this screen to maintain settings that depend on which region of the world the XMG is in. To access
this screen, click VoIP > Region.
Figure 133 VoIP > Region
Each field is described in the following table.
22.7 The Call Rule Screen
Use this screen to add, edit, or remove speed-dial numbers for outgoing calls. Speed dial provides
shortcuts for dialing frequently-used (VoIP) phone numbers. You also have to create speed-dial entries if
you want to call SIP numbers that contain letters. Once you have configured a speed dial rule, you can
use a shortcut (the speed dial number, #01 for example) on your phone's keypad to call the phone
number.
Immediate Dial
Enable
Select this if you want to use the pound key (#) to tell the XMG to make the phone call
immediately, instead of waiting the number of seconds you selected in the Dialing Interval
Selection field of the VoIP > SIP > SIP Service Provider > Add New Provider/Edit screen.
If you select this, dial the phone number, and then press the pound key. The XMG makes the
call immediately, instead of waiting. You can still wait, if you want.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
Table 101 VoIP > Phone > Phone Device > Edit
LABEL DESCRIPTION
Table 102 VoIP > Region
LABEL DESCRIPTION
Region Settings Select the place in which the XMG is located.
Call Service Mode Select the mode for supplementary phone services (call hold, call waiting, call transfer and
three-way conference calls) that your VoIP service provider supports.
Europe Type - use supplementary phone services in European mode
USA Type - use supplementary phone services American mode
You might have to subscribe to these services to use them. Contact your VoIP service
provider.
Apply Click this to save your changes and to apply them to the XMG.
Cancel Click this to set every field in this screen to its last-saved value.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
221
Figure 134 VoIP > Call Rule
Each field is described in the following table.
22.8 The Call History Screen
Use this screen to see detailed information for each outgoing call made. Click VoIP > Call History to
open the following screen.
Figure 135 VoIP > Call History
Table 103 VoIP > Call Rule
LABEL DESCRIPTION
Clear All Speed
Dials
Click this to erase all the speed-dial entries on this screen.
Keys This field displays the speed-dial number you should dial to use this entry.
Number Enter the SIP number you want the XMG to call when you dial the speed-dial number.
Description Enter a name to identify the party you call when you dial the speed-dial number. You can use
up to 127 printable ASCII characters.
Apply Click this to save your changes and to apply them to the XMG.
Cancel Click this to set every field in this screen to its last-saved value.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
222
The following table describes the labels in this screen.
22.9 The Call Summary Screen
The XMG logs calls from or to your SIP numbers. This screen allows you to view the summary of received,
dialed and missed calls. Click VoIP > Call History > Call Summary to open the following screen.
Figure 136 VoIP > Call History > Call Summary
The following table describes the labels in this screen.
22.10 Technical Reference
This section contains background material relevant to the VoIP screens.
Table 104 VoIP > Call History
LABEL DESCRIPTION
Classify Select the type of calls you want to view in the dialed called list.
Clear List Click this button to remove all entries from the dialed called list.
Refresh Click this button to renew the dialed called list.
Type This displays the type of call it is: Incoming, Outgoing, or Missed.
Date This is the date when the call was made.
Name
Number This displays the phone number from which the call was made.
Phone Device
Outgoing Number This displays the phone number to which the call was made.
Duration (hh:mm:ss) This displays how long the call lasted.
Modify Click the Export button to extract a document containing the dialed called list.
Table 105 VoIP > Call History > Call Summary
LABEL DESCRIPTION
Refresh Click this button to renew the call history list.
Clear All Click this button to remove all entries from the call history list.
Date This is the date when the calls were made.
Total Calls This displays the total number of calls from or to your SIP numbers that day.
Outgoing Calls This displays how many calls originated from you that day.
Incoming Calls This displays how many calls you received that day.
Missing Calls This displays how many incoming calls were not answered that day.
Total Duration (hh:mm:ss) This displays how long all calls lasted that day,
Chapter 22 VoIP
XMG3563-B10A User’s Guide
223
VoIP
VoIP is the sending of voice signals over Internet Protocol. This allows you to make phone calls and send
faxes over the Internet at a fraction of the cost of using the traditional circuit-switched telephone
network. You can also use servers to run telephone service applications like PBX services and voice mail.
Internet Telephony Service Provider (ITSP) companies provide VoIP service.
Circuit-switched telephone networks require 64 kilobits per second (Kbps) in each direction to handle a
telephone call. VoIP can use advanced voice coding techniques with compression to reduce the
required bandwidth.
SIP
The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol that handles the
setting up, altering and tearing down of voice and multimedia sessions over the Internet.
SIP signaling is separate from the media for which it handles sessions. The media that is exchanged
during the session can use a different path from that of the signaling. SIP handles telephone calls and
can interface with traditional circuit-switched telephone networks.
SIP Identities
A SIP account uses an identity (sometimes referred to as a SIP address). A complete SIP identity is called
a SIP URI (Uniform Resource Identifier). A SIP account's URI identifies the SIP account in a way similar to
the way an e-mail address identifies an e-mail account. The format of a SIP identity is SIP-Number@SIP-
Service-Domain.
SIP Number
The SIP number is the part of the SIP URI that comes before the “@” symbol. A SIP number can use letters
like in an e-mail address (johndoe@your-ITSP.com for example) or numbers like a telephone number
(1122334455@VoIP-provider.com for example).
SIP Service Domain
The SIP service domain of the VoIP service provider is the domain name in a SIP URI. For example, if the
SIP address is 1122334455@VoIP-provider.com, then “VoIP-provider.com” is the SIP service domain.
SIP Registration
Each XMG is an individual SIP User Agent (UA). To provide voice service, it has a public IP address for SIP
and RTP protocols to communicate with other servers.
A SIP user agent has to register with the SIP registrar and must provide information about the users it
represents, as well as its current IP address (for the routing of incoming SIP requests). After successful
registration, the SIP server knows that the users (identified by their dedicated SIP URIs) are represented by
the UA, and knows the IP address to which the SIP requests and responses should be sent.
Registration is initiated by the User Agent Client (UAC) running in the VoIP gateway (the XMG). The
gateway must be configured with information letting it know where to send the REGISTER message, as
well as the relevant user and authorization data.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
224
A SIP registration has a limited lifespan. The User Agent Client must renew its registration within this
lifespan. If it does not do so, the registration data will be deleted from the SIP registrar's database and
the connection broken.
The XMG attempts to register all enabled subscriber ports when it is switched on. When you enable a
subscriber port that was previously disabled, the XMG attempts to register the port immediately.
Authorization Requirements
SIP registrations (and subsequent SIP requests) require a username and password for authorization. These
credentials are validated via a challenge / response system using the HTTP digest mechanism (as
detailed in RFC 3261, "SIP: Session Initiation Protocol").
SIP Servers
SIP is a client-server protocol. A SIP client is an application program or device that sends SIP requests. A
SIP server responds to the SIP requests.
When you use SIP to make a VoIP call, it originates at a client and terminates at a server. A SIP client
could be a computer or a SIP phone. One device can act as both a SIP client and a SIP server.
SIP User Agent
A SIP user agent can make and receive VoIP telephone calls. This means that SIP can be used for peer-
to-peer communications even though it is a client-server protocol. In the following figure, either A or B
can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent to
receive the call.
Figure 137 SIP User Agent
SIP Proxy Server
A SIP proxy server receives requests from clients and forwards them to another server.
In the following example, you want to use client device A to call someone who is using client device C.
1The client device (A in the figure) sends a call invitation to the SIP proxy server (B).
2The SIP proxy server forwards the call invitation to C.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
225
Figure 138 SIP Proxy Server
SIP Redirect Server
A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends
the translated IP address back to the device that sent the request. Then the client device that originally
sent the request can send requests to the IP address that it received back from the redirect server.
Redirect servers do not initiate SIP requests.
In the following example, you want to use client device A to call someone who is using client device C.
1Client device A sends a call invitation for C to the SIP redirect server (B).
2The SIP redirect server sends the invitation back to A with C’s IP address (or domain name).
3Client device A then sends the call invitation to client device C.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
226
Figure 139 SIP Redirect Server
SIP Register Server
A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The
register server checks your user name and password when you register.
RTP
When you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is used to handle voice data
transfer. See RFC 1889 for details on RTP.
Pulse Code Modulation
Pulse Code Modulation (PCM) measures analog signal amplitudes at regular time intervals and converts
them into bits.
SIP Call Progression
The following figure displays the basic steps in the setup and tear down of a SIP call. A calls B.
Table 106 SIP Call Progression
A B
1. INVITE
2. Ringing
3. OK
4. ACK
Chapter 22 VoIP
XMG3563-B10A User’s Guide
227
1A sends a SIP INVITE request to B. This message is an invitation for B to participate in a SIP telephone call.
2B sends a response indicating that the telephone is ringing.
3B sends an OK response after the call is answered.
4A then sends an ACK message to acknowledge that B has answered the call.
5Now A and B exchange voice media (talk).
6After talking, A hangs up and sends a BYE request.
7B replies with an OK response confirming receipt of the BYE request and the call is terminated.
SIP Call Progression Through Proxy Servers
Usually, the SIP UAC sets up a phone call by sending a request to the SIP proxy server. Then, the proxy
server looks up the destination to which the call should be forwarded (according to the URI requested
by the SIP UAC). The request may be forwarded to more than one proxy server before arriving at its
destination.
The response to the request goes to all the proxy servers through which the request passed, in reverse
sequence. Once the session is set up, session traffic is sent between the UAs directly, bypassing all the
proxy servers in between.
The following figure shows the SIP and session traffic flow between the user agents (UA 1 and UA 2) and
the proxy servers (this example shows two proxy servers, PROXY 1 and PROXY 2).
Figure 140 SIP Call Through Proxy Servers
5.Dialogue (voice traffic)
6. BYE
7. OK
Table 106 SIP Call Progression (continued)
A B
DSL DSL
UA1 UA2
Proxy 1 Proxy 2
Chapter 22 VoIP
XMG3563-B10A User’s Guide
228
The following table shows the SIP call progression.
1User Agent 1 sends a SIP INVITE request to Proxy 1. This message is an invitation to User Agent 2 to
participate in a SIP telephone call. Proxy 1 sends a response indicating that it is trying to complete the
request.
2Proxy 1 sends a SIP INVITE request to Proxy 2. Proxy 2 sends a response indicating that it is trying to
complete the request.
3Proxy 2 sends a SIP INVITE request to User Agent 2.
4User Agent 2 sends a response back to Proxy 2 indicating that the phone is ringing. The response is
relayed back to User Agent 1 via Proxy 1.
5User Agent 2 sends an OK response to Proxy 2 after the call is answered. This is also relayed back to User
Agent 1 via Proxy 1.
6User Agent 1 and User Agent 2 exchange RTP packets containing voice data directly, without involving
the proxies.
7When User Agent 2 hangs up, he sends a BYE request.
8User Agent 1 replies with an OK response confirming receipt of the BYE request, and the call is
terminated.
Voice Coding
A codec (coder/decoder) codes analog voice signals into digital signals and decodes the digital
signals back into analog voice signals. The XMG supports the following codecs.
• G.711 is a Pulse Code Modulation (PCM) waveform codec. PCM measures analog signal amplitudes
at regular time intervals and converts them into digital samples. G.711 provides very good sound
quality but requires 64 kbps of bandwidth.
Table 107 SIP Call Progression
UA 1 PROXY 1 PROXY 2 UA 2
Invite
Invite
100 Trying Invite
100 Trying
180 Ringing
180 Ringing
180 Ringing
200 OK
200 OK
200 OK
ACK
RTP RTP
BYE
200 OK
Chapter 22 VoIP
XMG3563-B10A User’s Guide
229
• G.726 is an Adaptive Differential PCM (ADPCM) waveform codec that uses a lower bitrate than
standard PCM conversion. ADPCM converts analog audio into digital signals based on the difference
between each audio sample and a prediction based on previous samples. The more similar the
audio sample is to the prediction, the less space needed to describe it. G.726 operates at 16, 24, 32 or
40 kbps.
• G.729 is an Analysis-by-Synthesis (AbS) hybrid waveform codec that uses a filter based on information
about how the human vocal tract produces sounds. G.729 provides good sound quality and reduces
the required bandwidth to 8 kbps.
Voice Activity Detection/Silence Suppression
Voice Activity Detection (VAD) detects whether or not speech is present. This lets the XMG reduce the
bandwidth that a call uses by not transmitting “silent packets” when you are not speaking.
Comfort Noise Generation
When using VAD, the XMG generates comfort noise when the other party is not speaking. The comfort
noise lets you know that the line is still connected as total silence could easily be mistaken for a lost
connection.
Echo Cancellation
G.168 is an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in
the telephone receiver while you talk.
MWI (Message Waiting Indication)
Enable Message Waiting Indication (MWI) enables your phone to give you a message–waiting
(beeping) dial tone when you have a voice message(s). Your VoIP service provider must have a
messaging system that sends message waiting status SIP packets as defined in RFC 3842.
Custom Tones (IVR)
IVR (Interactive Voice Response) is a feature that allows you to use your telephone to interact with the
XMG. The XMG allows you to record custom tones for the Early Media and Music On Hold functions. The
same recordings apply to both the caller ringing and on hold tones.
Recording Custom Tones
Use the following steps if you would like to create new tones or change your tones:
Table 108 Custom Tones Details
LABEL DESCRIPTION
Total Time for All Tones 900 seconds for all custom tones combined
Maximum Time per Individual
Tone
180 seconds
Total Number of Tones
Recordable
5
You can record up to 5 different custom tones but the total time must be 900
seconds or less.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
230
1Pick up the phone and press “****” on your phone’s keypad and wait for the message that says you are
in the configuration menu.
2Press a number from 1101~1105 on your phone followed by the “#” key.
3Play your desired music or voice recording into the receiver’s mouthpiece. Press the “#” key.
4You can continue to add, listen to, or delete tones, or you can hang up the receiver when you are
done.
Listening to Custom Tones
Do the following to listen to a custom tone:
1Pick up the phone and press “****” on your phone’s keypad and wait for the message that says you are
in the configuration menu.
2Press a number from 1201~1208 followed by the “#” key to listen to the tone.
3You can continue to add, listen to, or delete tones, or you can hang up the receiver when you are
done.
Deleting Custom Tones
Do the following to delete a custom tone:
1Pick up the phone and press “****” on your phone’s keypad and wait for the message that says you are
in the configuration menu.
2Press a number from 1301~1308 followed by the “#” key to delete the tone of your choice. Press 14
followed by the “#” key if you wish to clear all your custom tones.
You can continue to add, listen to, or delete tones, or you can hang up the receiver when you are
done.
22.10.1 Quality of Service (QoS)
Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the
networking methods used to provide bandwidth for real-time multimedia applications.
Type of Service (ToS)
Network traffic can be classified by setting the ToS (Type of Service) values at the data source (for
example, at the XMG) so a server can decide the best method of delivery, that is the least cost, fastest
route and so on.
DiffServ
DiffServ is a class of service (CoS) model that marks packets so that they receive specific per-hop
treatment at DiffServ-compliant network devices along the route based on the application types and
traffic flow. Packets are marked with DiffServ Code Points (DSCP) indicating the level of service desired.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
231
This allows the intermediary DiffServ-compliant network devices to handle the packets differently
depending on the code points without the need to negotiate paths or remember state information for
every flow. In addition, applications do not have to request a particular service or give advanced
notice of where the traffic is going.3
DSCP and Per-Hop Behavior
DiffServ defines a new DS (Differentiated Services) field to replace the Type of Service (TOS) field in the IP
header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64
service levels. The following figure illustrates the DS field.
DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ
compliant, ToS-enabled network device will not conflict with the DSCP mapping.
Figure 141 DiffServ: Differentiated Service Field
The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet
gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for
different priorities of forwarding. Resources can then be allocated according to the DSCP values and
the configured policies.
22.10.2 Phone Services Overview
Supplementary services such as call hold, call waiting, and call transfer. are generally available from
your VoIP service provider. The XMG supports the following services:
• Call Return
• Call Hold
• Call Waiting
• Making a Second Call
• Call Transfer
• Call Forwarding
• Three-Way Conference
• Internal Calls
• Call Park and Pickup
• Do not Disturb
•IVR
• Call Completion
•CCBS
• Outgoing SIP
3. The XMG does not support DiffServ at the time of writing.
DSCP
(6-bit)
Unused
(2-bit)
Chapter 22 VoIP
XMG3563-B10A User’s Guide
232
Note: To take full advantage of the supplementary phone services available through the
XMG's phone ports, you may need to subscribe to the services from your VoIP service
provider.
22.10.2.1 The Flash Key
Flashing means to press the hook for a short period of time (a few hundred milliseconds) before releasing
it. On newer telephones, there should be a "flash" key (button) that generates the signal electronically. If
the flash key is not available, you can tap (press and immediately release) the hook by hand to achieve
the same effect. However, using the flash key is preferred since the timing is much more precise. With
manual tapping, if the duration is too long, it may be interpreted as hanging up by the XMG.
You can invoke all the supplementary services by using the flash key.
22.10.2.2 Europe Type Supplementary Phone Services
This section describes how to use supplementary phone services with the Europe Type Call Service
Mode. Commands for supplementary services are listed in the table below.
After pressing the flash key, if you do not issue the sub-command before the default sub-command
timeout (2 seconds) expires or issue an invalid sub-command, the current operation will be aborted.
European Call Hold
Call hold allows you to put a call (A) on hold by pressing the flash key.
If you have another call, press the flash key and then “2” to switch back and forth between caller A and
B by putting either one on hold.
Press the flash key and then “0” to disconnect the call presently on hold and keep the current call on
line.
Press the flash key and then “1” to disconnect the current call and resume the call on hold.
If you hang up the phone but a caller is still on hold, there will be a remind ring.
Table 109 European Flash Key Commands
COMMAND SUB-COMMAND DESCRIPTION
Flash Put a current call on hold to place a second call.
Switch back to the call (if there is no second call).
Flash 0 Drop the call presently on hold or reject an incoming call which is waiting for
answer.
Flash 1 Disconnect the current phone connection and answer the incoming call or
resume with caller presently on hold.
Flash 2 1. Switch back and forth between two calls.
2. Put a current call on hold to answer an incoming call.
3. Separate the current three-way conference call into two individual calls
(one is on-line, the other is on hold).
Flash 3 Create three-way conference connection.
Flash *98# Transfer the call to another phone.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
233
European Call Waiting
This allows you to place a call on hold while you answer another incoming call on the same telephone
(directory) number.
If there is a second call to a telephone number, you will hear a call waiting tone. Take one of the
following actions.
• Reject the second call.
Press the flash key and then press “0”.
• Disconnect the first call and answer the second call.
Either press the flash key and press “1”, or just hang up the phone and then answer the phone after it
rings.
• Put the first call on hold and answer the second call.
Press the flash key and then “2”.
European Call Transfer
Do the following to transfer an incoming call (that you have answered) to another phone.
1Press the flash key to put the caller on hold.
2When you hear the dial tone, dial “*98#” followed by the number to which you want to transfer the call.
3After you hear the ring signal or the second party answers it, hang up the phone.
European Three-Way Conference
Use the following steps to make three-way conference calls.
1When you are on the phone talking to someone, press the flash key to put the caller on hold and get a
dial tone.
2Dial a phone number directly to make another call.
3When the second call is answered, press the flash key and press “3” to create a three-way conversation.
4Hang up the phone to drop the connection.
5If you want to separate the activated three-way conference into two individual connections (one is on-
line, the other is on hold), press the flash key and press “2”.
22.10.2.3 USA Type Supplementary Services
This section describes how to use supplementary phone services with the USA Type Call Service Mode.
Commands for supplementary services are listed in the table below.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
234
After pressing the flash key, if you do not issue the sub-command before the default sub-command
timeout (2 seconds) expires or issue an invalid sub-command, the current operation will be aborted.
USA Call Hold
Call hold allows you to put a call (A) on hold by pressing the flash key.
If you have another call, press the flash key to switch back and forth between caller A and B by putting
either one on hold.
If you hang up the phone but a caller is still on hold, there will be a remind ring.
USA Call Waiting
This allows you to place a call on hold while you answer another incoming call on the same telephone
(directory) number.
If there is a second call to your telephone number, you will hear a call waiting tone.
Press the flash key to put the first call on hold and answer the second call.
USA Call Transfer
Do the following to transfer an incoming call (that you have answered) to another phone.
1Press the flash key to put the caller on hold.
2When you hear the dial tone, dial “*98#” followed by the number to which you want to transfer the call.
3After you hear the ring signal or the second party answers it, hang up the phone.
USA Three-Way Conference
Use the following steps to make three-way conference calls.
1When you are on the phone talking to someone (party A), press the flash key to put the caller on hold
and get a dial tone.
2Dial a phone number directly to make another call (to party B).
3When party B answers the second call, press the flash key to create a three-way conversation.
4Hang up the phone to drop the connection.
Table 110 USA Flash Key Commands
COMMAND SUB-COMMAND DESCRIPTION
Flash Put a current call on hold to place a second call. After the second call is
successful, press the flash key again to have a three-way conference call.
Put a current call on hold to answer an incoming call.
Flash *98# Transfer the call to another phone.
Chapter 22 VoIP
XMG3563-B10A User’s Guide
235
5If you want to separate the activated three-way conference into two individual connections (with party
A on-line and party B on hold), press the flash key.
6If you want to go back to the three-way conversation, press the flash key again.
7If you want to separate the activated three-way conference into two individual connections again,
press the flash key. This time the party B is on-line and party A is on hold.
22.10.2.4 Phone Functions Summary
The following table shows the key combinations you can enter on your phone’s keypad to use certain
features.
Table 111 Phone Functions Summary
ACTION FUNCTION DESCRIPTION
*98# Call transfer Transfer a call to another phone. See Section 22.10.2.2 on page 232
(Europe type) and Section 22.10.2.3 on page 233 (USA type).
*66# Call return Place a call to the last person who called you.
*95# Enable Do Not Disturb Use these to set your phone not to ring when someone calls you, or to
turn this function off.
#95# Disable Do Not Disturb
*41# Enable Call Waiting Use these to allow you to put a call on hold when you are answering
another, or to turn this function off.
#41# Disable Call Waiting
**** IVR Use these to set up Interactive Voice Response (IVR). IVR allows you to
record custom caller ringing tones (the sound a caller hears before you
pick up the phone) and on hold tones (the sound someone hears when
you put their call on hold).
#### Internal Call Call the phone(s) connected to the XMG.
*82 One Shot Caller Display Call Activate or deactivate caller ID for the next call only.
*67 One Shot Caller Hidden Call
XMG3563-B10A User’s Guide
236
CHAPTER 23
Log
23.1 Overview
The web configurator allows you to choose which categories of events and/or alerts to have the XMG
log and then display the logs or have the XMG send them to an administrator (as e-mail) or to a syslog
server.
23.1.1 What You Can Do in this Chapter
• Use the System Log screen to see the system logs (Section 23.2 on page 237).
• Use the Security Log screen to see the security-related logs for the categories that you select (Section
23.3 on page 237).
23.1.2 What You Need To Know
The following terms and concepts may help as you read this chapter.
Alerts and Logs
An alert is a type of log that warrants more serious attention. They include system errors, attacks (access
control) and attempted access to blocked web sites. Some categories such as System Errors consist of
both logs and alerts. You may differentiate them by their color in the View Log screen. Alerts display in
red and logs display in black.
Syslog Overview
The syslog protocol allows devices to send event notification messages across an IP network to syslog
servers that collect the event messages. A syslog-enabled device can generate a syslog message and
send it to a syslog server.
Syslog is defined in RFC 3164. The RFC defines the packet format, content and system log related
information of syslog messages. Each syslog message has a facility and severity level. The syslog facility
identifies a file in the syslog server. Refer to the documentation of your syslog program for details. The
following table describes the syslog severity levels.
Table 112 Syslog Severity Levels
CODE SEVERITY
0 Emergency: The system is unusable.
1 Alert: Action must be taken immediately.
2 Critical: The system condition is critical.
3 Error: There is an error condition on the system.
4 Warning: There is a warning condition on the system.
Chapter 23 Log
XMG3563-B10A User’s Guide
237
23.2 The System Log Screen
Use the System Log screen to see the system logs. Click System Monitor > Log to open the System Log
screen.
Figure 142 System Monitor > Log > System Log
The following table describes the fields in this screen.
23.3 The Security Log Screen
Use the Security Log screen to see the security-related logs for the categories that you select. Click
System Monitor > Log > Security Log to open the following screen.
5 Notice: There is a normal but significant condition on the system.
6 Informational: The syslog contains an informational message.
7 Debug: The message is intended for debug-level purposes.
Table 112 Syslog Severity Levels
CODE SEVERITY
Table 113 System Monitor > Log > System Log
LABEL DESCRIPTION
Level Select a severity level from the drop-down list box. This filters search results according to the
severity level you have selected. When you select a severity, the XMG searches through all logs
of that severity or higher.
Category Select the type of logs to display.
Clear Log Click this to delete all the logs.
Refresh Click this to renew the log screen.
Export Log Click this to export the selected log(s).
Email Log Now Click this to send the log file(s) to the E-mail address you specify in the Maintenance > Logs
Setting screen.
#This field is a sequential value and is not associated with a specific entry.
Time This field displays the time the log was recorded.
Facility The log facility allows you to send logs to different files in the syslog server. Refer to the
documentation of your syslog program for more details.
Level This field displays the severity level of the log that the device is to send to this syslog server.
Category This field displays the type of the log.
Messages This field states the reason for the log.
Chapter 23 Log
XMG3563-B10A User’s Guide
238
Figure 143 System Monitor > Log > Security Log
The following table describes the fields in this screen.
Table 114 System Monitor > Log > Security Log
LABEL DESCRIPTION
Level Select a severity level from the drop-down list box. This filters search results according to the
severity level you have selected. When you select a severity, the XMG searches through all logs
of that severity or higher.
Category Select the type of logs to display.
Clear Log Click this to delete all the logs.
Refresh Click this to renew the log screen.
Export Log Click this to export the selected log(s).
E-mail Log Now Click this to send the log file(s) to the E-mail address you specify in the Maintenance > Logs
Setting screen.
#This field is a sequential value and is not associated with a specific entry.
Time This field displays the time the log was recorded.
Facility The log facility allows you to send logs to different files in the syslog server. Refer to the
documentation of your syslog program for more details.
Level This field displays the severity level of the log that the device is to send to this syslog server.
Category This field displays the type of the log.
Messages This field states the reason for the log.
XMG3563-B10A User’s Guide
239
CHAPTER 24
Traffic Status
24.1 Overview
Use the Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces
and NAT.
24.1.1 What You Can Do in this Chapter
• Use the WAN screen to view the WAN traffic statistics (Section 24.2 on page 239).
• Use the LAN screen to view the LAN traffic statistics (Section 24.3 on page 240).
• Use the NAT screen to view the NAT status of the XMG’s client(s) (Section 24.4 on page 241)
24.2 The WAN Status Screen
Click System Monitor > Traffic Status to open the WAN screen. The figure in this screen shows the number
of bytes received and sent on the XMG.
Figure 144 System Monitor > Traffic Status > WAN
Chapter 24 Traffic Status
XMG3563-B10A User’s Guide
240
The following table describes the fields in this screen.
24.3 The LAN Status Screen
Click System Monitor > Traffic Status > LAN to open the following screen. The figure in this screen shows
the interface that is currently connected on the XMG.
Figure 145 System Monitor > Traffic Status > LAN
Table 115 System Monitor > Traffic Status > WAN
LABEL DESCRIPTION
Refresh Interval Select how often you want the XMG to update this screen.
Connected
Interface
This shows the name of the WAN interface that is currently connected.
Packets Sent
Data This indicates the number of transmitted packets on this interface.
Error This indicates the number of frames with errors transmitted on this interface.
Drop This indicates the number of outgoing packets dropped on this interface.
Packets Received
Data This indicates the number of received packets on this interface.
Error This indicates the number of frames with errors received on this interface.
Drop This indicates the number of received packets dropped on this interface.
Click more... to show more information. Click hide more to hide them.
Disabled
Interface
This shows the name of the WAN interface that is currently disconnected.
Packets Sent
Data This indicates the number of transmitted packets on this interface.
Error This indicates the number of frames with errors transmitted on this interface.
Drop This indicates the number of outgoing packets dropped on this interface.
Packets Received
Data This indicates the number of received packets on this interface.
Error This indicates the number of frames with errors received on this interface.
Drop This indicates the number of received packets dropped on this interface.
Chapter 24 Traffic Status
XMG3563-B10A User’s Guide
241
The following table describes the fields in this screen.
24.4 The NAT Status Screen
Click System Monitor > Traffic Status > NAT to open the following screen. The figure in this screen shows
the NAT session statistics for hosts currently connected on the XMG.
Figure 146 System Monitor > Traffic Status > NAT
The following table describes the fields in this screen.
Table 116 System Monitor > Traffic Status > LAN
LABEL DESCRIPTION
Refresh Interval Select how often you want the XMG to update this screen.
Interface This shows the LAN or WLAN interface.
Bytes Sent This indicates the number of bytes transmitted on this interface.
Bytes Received This indicates the number of bytes received on this interface.
Interface This shows the LAN or WLAN interfaces.
Sent (Packets)
Data This indicates the number of transmitted packets on this interface.
Error This indicates the number of frames with errors transmitted on this interface.
Drop This indicates the number of outgoing packets dropped on this interface.
Received (Packets)
Data This indicates the number of received packets on this interface.
Error This indicates the number of frames with errors received on this interface.
Drop This indicates the number of received packets dropped on this interface.
Table 117 System Monitor > Traffic Status > NAT
LABEL DESCRIPTION
Refresh Interval Select how often you want the XMG to update this screen.
Device Name This displays the name of the connected host.
IPv4 Address This displays the IPv4 address of the connected host.
MAC Address This displays the MAC address of the connected host.
No. of Open
Session
This displays the number of NAT sessions currently opened for the connected host.
Total This displays what percentage of NAT sessions the XMG can support is currently being used by
all connected hosts. You can also see the number of active NAT sessions and the maximum
number of NAT sessions the XMG can support.
Chapter 25 VoIP Status
XMG3563-B10A User’s Guide
242
CHAPTER 25
VoIP Status
25.1 The VoIP Status Screen
Click System Monitor > VoIP Status to open the following screen. You can view the VoIP registration,
current call status and phone numbers in this screen.
Figure 147 System Monitor > VoIP Status
The following table describes the labels in this screen.
Table 118 System Monitor > VoIP Status
LABEL DESCRIPTION
Poll Interval(s) Enter the number of seconds the XMG needs to wait before updating this screen and then click
Set Interval. Click Stop to have the XMG stop updating this screen.
SIP Status
Account This column displays the index of each SIP account that has already configured in the XMG.
Chapter 25 VoIP Status
XMG3563-B10A User’s Guide
243
Registration This field displays the current registration status of the SIP account.Registered - The SIP account is
activated and has registered with a SIP server.
Unregistered - The XMG is activated and triesto register the SIP account with the SIP server, the
attempt fails. A registration auto-recovery mechanism should be activated so that the XMG will
automatically try to register the SIP account again after a period of time, and you can activate
it in VoIP > SIP > SIP Service Provider > Edit > SIP Register Fail Re-Try Timer. The XMG will recover to
Registered state until the Register button in the Connection Status > Status page is pressed.
Disabled - The SIP account is not active. You have to make sure the corresponding SIP Service
Provider and SIP Account are both enabled for proper activation. You can activate them in
VoIP > SIP > SIP Service Provider > Edit > Enable SIP Service Provider and VoIP > SIP > SIP Account
> Edit > Enable SIP Account.
Registration
Time
This field displays the last time the XMG successfully registered the SIP account on the SIP server.
The field is blank if the SIP has not yet successfully registered this account.
URI This field displays the account number and service domain of the SIP account, which is used to
identify the SIP account on the SIP server. You can change these in the VoIP > SIP > SIP Service
Provider > Edit > SIP Service Domain and VoIP > SIP > SIP Account > Edit > SIP Account Number.
Message
Waiting
This field indicates whether or not (Yes or No is displayed here, respectively) there are any new
voice messages leaving on the SIP server and waiting to be read. You have to enable the MWI
function in the VoIP >SIP > SIP Account > Edit > Enable MWI, and the SIP server should also
support the voice mailbox function.
Last Incoming
Number
Regardless of the status of the incoming call to this local SIP account, this field will display the SIP
account number of the remote peer at the last incoming VoIP call.
Last Outgoing
Number
Regardless of the status of the outgoing call, this field will display the last phone number you
dialed to make an outgoing VoIP call via this SIP account,
Note: The dialed number is recorded in this field only during the outgoing (SIP-based)
call setup signaling procedure. If you dial numbers and on-hook quickly as well
as making the outgoing call before the outgoing (SIP-based) call signaling
procedure starts, the numbers you dial here will not be recorded.
Call Status (This table displays the status of all active and ongoing calls. If there are no active or ongoing calls, this
table will be blank.)
Account For the current VoIP call categorized as Outgoing Call or Incoming Call in the Call Type field, this
field displays the SIP account number used in the current VoIP call. For the current VoIP call
categorized as Internal Call, this field displays the local internal phone number of the call-
originating phone port.
Duration This field displays how long the current VoIP call has lasted.
Note: The time calculation starts from the beginning of the call setup signaling
procedure, rather than the moment when the call is successfully established.
Table 118 System Monitor > VoIP Status (continued)
LABEL DESCRIPTION
Chapter 25 VoIP Status
XMG3563-B10A User’s Guide
244
Status This field displays the current call progress or call process state of the VoIP phone call.
Calling - This state is only associated with the call categorized as Outgoing Call or Internal Call in
the Call Type field. For the Outgoing Call, it means the SIP account has issued a (SIP-based) call
setup signal to the SIP server, tries to make an outgoing VoIP call to the SIP account of remote
peers. As for the Internal Call, it means the call-originating local phone port has issued a
(Internal and Non-SIP) call setup signal to other target local phone ports, and the phones
attached to the target local phone ports will be ringing.
Ringing - The state is only associated with the call categorized as Incoming Call in the Call Type
field. This state indicates that there is an incoming VoIP call setup signaling coming to the SIP
account, and the phone ports configured to receive the incoming call from the SIP account will
be ringing.
InCall - Whichever type is in the Call Type field, this state will indicate that the call setup signaling
procedure has finished, and thus the call has been successfully established. The users of both
peers can begin to converse on the phone.
OnHold - This state is only associated with the call categorized as Outgoing Call or Incoming Call
in the Call Type field. This state indicates that the current call is connecting to the SIP account,
and the remote peer is in the OnHold state. This situation happens under the following two
scenarios: (a) the remote peer put the call on hold, or (b) the local user put the call on hold.
Call Type This field displays the call direction type of the current VoIP call.
Outgoing Call - It’s a SIP VoIP call made by local phone ports, and this SIP account is able to
issue a (SIP-based) call setup to the SIP account of remote peers for a VoIP call establishment.
This (SIP-based) call setup signal is sent to the SIP server first, and then the SIP server would relay it
to the target peer after correctly resolving and locating the target peer. During the call setup
(signaling) phase, Calling state is displayed in the Status field, and it turns to InCall state once
the call is successfully established.
Incoming Call - It’s a SIP VoIP call made or originated by remote SIP accounts to connect to this
local SIP account. One or more local phone ports can be configured to receive this type of call,
see the Incoming Number below, and all of them should begin to ring during the call setup
(signaling phase), see the Status above. Once some remote SIP accounts start to ring one local
phone, answer by off-hook to the call, and the call is successfully established. The other ringing
local phone ports will stop ringing and turning to InCall state in the Status field.
Internal Call - It’s a local VoIP call between two different local phone ports. No SIP signaling is
needed and thus no SIP server is involved to establish this type of call. This type of call is
established via the Internal and Non-SIP local setup signaling procedure between the call-
originating and call-terminating local phone ports. In general, one or more local phone ports
can be designed to receive this type of call, and once any of the ringing phones answer the
call, the other ringing ones will stop ringing. During the call setup phase (signaling phase),
Calling state is displayed in Status field, and turns to InCall state once the call is successfully
established.
Codec This field displays what voice codec is being used for a current VoIP call through a phone port.
Note: Before the call is established, meaning when it’s Calling or Ringing state
in Status, the state of this codec field will be Unknown, since the codec
hasn’t been determined during the call setup (signaling) phase.
From Phone Port
Type
This field displays the phone ports type used to originate, start, or create the current VoIP call.
Two possible type values will be displayed here:
SIP - For the current call which is categorized as Incoming Call in the Call Type filed, this field will
show the type SIP.
FXS - As for the other cases: Outgoing Call and Internal Call, this field will show the
corresponding local phone port type: FXS, the legacy analog phone port on the device.
Table 118 System Monitor > VoIP Status (continued)
LABEL DESCRIPTION
Chapter 25 VoIP Status
XMG3563-B10A User’s Guide
245
To Phone Port
Type
This field displays the phone ports type used to receive the current VoIP call. Three possible type
values will be displayed here:
SIP - For the current call which is categorized as Outgoing Call in the Call Type field, this field will
show the type SIP.
FXS and Unknown - As for the other cases: Incoming Call and Internal Call, this field will show the
corresponding local phone port type: FXS, the legacy analog phone port on the device. While
the call is established, this field shows Unknown during the call setup phase (signaling phase).
This is because one or more local phone ports can be configured or designed to receive these
two types of calls, see the Call Type above, and the local phone port will answer the call that
hasn’t been determined yet at that time.
Peer Number This field displays the phone Number for the Outgoing Call and Internal Call cases or the SIP
account number for the Incoming Call case of the remote party that’s engaged in the current
VoIP call.
Phone Status (This table displays the name and the SIP account binding relationship of different local phone ports.
The SIP account binding relationship can be configured in VoIP > Phone > Phone Device.)
Phone This field displays the name of each local phone port on the XMG.
Outgoing
Number
This field displays the single SIP account number that you use to make outgoing calls on this
phone port.
Incoming
Number
This field displays the SIP account number that you use to receive incoming calls on this phone
port.
Table 118 System Monitor > VoIP Status (continued)
LABEL DESCRIPTION
XMG3563-B10A User’s Guide
246
CHAPTER 26
ARP Table
26.1 Overview
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to
a physical machine address, also known as a Media Access Control or MAC address, on the local area
network.
An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP
Table maintains an association between each MAC address and its corresponding IP address.
26.1.1 How ARP Works
When an incoming packet destined for a host device on a local area network arrives at the device, the
device's ARP program looks in the ARP Table and, if it finds the address, sends it to the device.
If no entry is found for the IP address, ARP broadcasts the request to all the devices on the LAN. The
device fills in its own MAC and IP address in the sender address fields, and puts the known IP address of
the target in the target IP address field. In addition, the device puts all ones in the target MAC field
(FF.FF.FF.FF.FF.FF is the Ethernet broadcast address). The replying device (which is either the IP address of
the device being sought or the router that knows the way) replaces the broadcast address with the
target's MAC address, swaps the sender and target pairs, and unicasts the answer directly back to the
requesting machine. ARP updates the ARP Table for future reference and then sends the packet to the
MAC address that replied.
26.2 ARP Table Screen
Use the ARP table to view IP-to-MAC address mapping(s). To open this screen, click System Monitor >
ARP Table.
Figure 148 System Monitor > ARP Table
Chapter 26 ARP Table
XMG3563-B10A User’s Guide
247
The following table describes the labels in this screen.
Table 119 System Monitor > ARP Table
LABEL DESCRIPTION
# This is the ARP table entry number.
IPv4/IPv6
Address
This is the learned IPv4 or IPv6 address of a device connected to a port.
MAC Address This is the MAC address of the device with the listed IP address.
Device This is the type of interface used by the device.
XMG3563-B10A User’s Guide
248
CHAPTER 27
Routing Table
27.1 Overview
Routing is based on the destination address only and the XMG takes the shortest path to forward a
packet.
27.2 The Routing Table Screen
Click System Monitor > Routing Table to open the following screen.
Figure 149 System Monitor > Routing Table
The following table describes the labels in this screen.
Table 120 System Monitor > Routing Table
LABEL DESCRIPTION
IPv4/IPv6 Routing Table
Destination This indicates the destination IPv4 address or IPv6 address and prefix of this route.
Chapter 27 Routing Table
XMG3563-B10A User’s Guide
249
Gateway This indicates the IPv4 address or IPv6 address of the gateway that helps forward this route’s
traffic.
Subnet Mask This indicates the destination subnet mask of the IPv4 route.
Flag This indicates the route status.
U-Up: The route is up.
!-Reject: The route is blocked and will force a route lookup to fail.
G-Gateway: The route uses a gateway to forward traffic.
H-Host: The target of the route is a host.
R-Reinstate: The route is reinstated for dynamic routing.
D-Dynamic (redirect): The route is dynamically installed by a routing daemon or redirect.
M-Modified (redirect): The route is modified from a routing daemon or redirect.
Metric The metric represents the "cost of transmission". A router determines the best route for
transmission by choosing a path with the lowest "cost". The smaller the number, the lower the
"cost".
Interface This indicates the name of the interface through which the route is forwarded.
brx indicates a LAN interface where x can be 0~3 to represent LAN1 to LAN4 respectively.
ptm0 indicates a DSL WAN interface using IPoE, IPoA or in bridge mode.
ethx indicates an Ethernet WAN interface using IPoE or in bridge mode.
ppp0 indicates a WAN interface using PPPoE or PPPoA.
Table 120 System Monitor > Routing Table (continued)
LABEL DESCRIPTION
XMG3563-B10A User’s Guide
250
CHAPTER 28
Multicast Status
28.1 Overview
Use the Multicast Status screens to look at IGMP/MLD group status and traffic statistics.
28.2 The IGMP Status Screen
Use this screen to look at the current list of multicast groups the XMG has joined and which ports have
joined it. To open this screen, click System Monitor > Multicast Status > IGMP Status.
Figure 150 System Monitor > Multicast Status > IGMP Status
The following table describes the labels in this screen.
28.3 The MLD Status Screen
Use this screen to look at the current list of multicast groups the XMG has joined and which ports have
joined it. To open this screen, click System Monitor > Multicast Status > MLD Status.
Table 121 System Monitor > Multicast Status > IGMP Status
LABEL DESCRIPTION
Refresh Click this button to update the information on this screen.
Interface This field displays the name of an interface on the XMG that belongs to an IGMP multicast group.
Multicast Group This field displays the name of the IGMP multicast group to which the interface belongs.
Filter Mode INCLUDE means that only the IP addresses in the Source List get to receive the multicast group’s
traffic.
EXCLUDE means that the IP addresses in the Source List are not allowed to receive the multicast
group’s traffic but other IP addresses can.
Source List This is the list of IP addresses that are allowed or not allowed to receive the multicast group’s
traffic depending on the filter mode.
Member This is the list of the members of the multicast group.
Chapter 28 Multicast Status
XMG3563-B10A User’s Guide
251
Figure 151 System Monitor > Multicast Status > MLD Status
The following table describes the labels in this screen.
Table 122 System Monitor > Multicast Status > MLD Status
LABEL DESCRIPTION
Refresh Click this button to update the status on this screen.
Interface This field displays the name of an interface on the XMG that belongs to an MLD multicast group.
Multicast Group This field displays the name of the MLD multicast group to which the interface belongs.
Filter Mode INCLUDE means that only the IP addresses in the Source List get to receive the multicast group’s
traffic.
EXCLUDE means that the IP addresses in the Source List are not allowed to receive the multicast
group’s traffic but other IP addresses can.
Source List This is the list of IP addresses that are allowed or not allowed to receive the multicast group’s
traffic depending on the filter mode.
Member This is the list of members in the multicast group.
XMG3563-B10A User’s Guide
252
CHAPTER 29
xDSL Statistics
29.1 The xDSL Statistics Screen
Use this screen to view detailed DSL statistics. Click System Monitor > xDSL Statistics to open the following
screen.
Figure 152 System Monitor > xDSL Statistics
The following table describes the labels in this screen.
Table 123 Status > xDSL Statistics
LABEL DESCRIPTION
Refresh Interval Select the time interval for refreshing statistics.
Line Select which DSL line’s statistics you want to display.
xDSL Training
Status
This displays the current state of setting up the DSL connection.
Mode This displays the ITU standard used for this connection.
Traffic Type This displays the type of traffic the DSL port is sending and receiving. Inactive displays if the DSL
port is not currently sending or receiving traffic.
Chapter 29 xDSL Statistics
XMG3563-B10A User’s Guide
253
Link Uptime This displays how long the port has been running (or connected) since the last time it was
started.
xDSL Port Details
Upstream These are the statistics for the traffic direction going out from the port to the service provider.
Downstream These are the statistics for the traffic direction coming into the port from the service provider.
Line Rate These are the data transfer rates at which the port is sending and receiving data.
Actual Net Data
Rate
These are the rates at which the port is sending and receiving the payload data without
transport layer protocol headers and traffic.
Trellis Coding This displays whether or not the port is using Trellis coding for traffic it is sending and receiving.
Trellis coding helps to reduce the noise in ADSL transmissions. Trellis may reduce throughput but
it makes the connection more stable.
SNR Margin This is the upstream and downstream Signal-to-Noise Ratio margin (in dB). A DMT sub-carrier’s
SNR is the ratio between the received signal power and the received noise power. The signal-
to-noise ratio margin is the maximum that the received noise power could increase with the
system still being able to meet its transmission targets.
Actual Delay This is the upstream and downstream interleave delay. It is the wait (in milliseconds) that
determines the size of a single block of data to be interleaved (assembled) and then
transmitted. Interleave delay is used when transmission error correction (Reed- Solomon) is
necessary due to a less than ideal telephone line. The bigger the delay, the bigger the data
block size, allowing better error correction to be performed.
Transmit Power This is the upstream and downstream far end actual aggregate transmit power (in dBm).
Upstream is how much power the port is using to transmit to the service provider. Downstream is
how much port the service provider is using to transmit to the port.
Receive Power Upstream is how much power the service provider is receiving from the port. Downstream is
how much power the port is receiving from the service provider.
Actual INP Sudden spikes in the line’s level of external noise (impulse noise) can cause errors and result in
lost packets. This could especially impact the quality of multimedia traffic such as voice or
video. Impulse noise protection (INP) provides a buffer to allow for correction of errors caused
by error correction to deal with this. The number of DMT (Discrete Multi-Tone) symbols shows the
level of impulse noise protection for the upstream and downstream traffic. A higher symbol
value provides higher error correction capability, but it causes overhead and higher delay
which may increase error rates in received multimedia data.
Total Attenuation This is the upstream and downstream line attenuation, measured in decibels (dB). This
attenuation is the difference between the power transmitted at the near-end and the power
received at the far-end. Attenuation is affected by the channel characteristics (wire gauge,
quality, condition and length of the physical line).
Attainable Net
Data Rate
These are the highest theoretically possible transfer rates at which the port could send and
receive payload data without transport layer protocol headers and traffic.
xDSL Counters
Downstream These are the statistics for the traffic direction coming into the port from the service provider.
Upstream These are the statistics for the traffic direction going out from the port to the service provider.
FEC This is the number of Far End Corrected blocks.
CRC This is the number of Cyclic Redundancy Checks.
ES This is the number of Errored Seconds meaning the number of seconds containing at least one
errored block or at least one defect.
SES This is the number of Severely Errored Seconds meaning the number of seconds containing 30%
or more errored blocks or at least one defect. This is a subset of ES.
UAS This is the number of UnAvailable Seconds.
LOS This is the number of Loss Of Signal seconds.
Table 123 Status > xDSL Statistics (continued)
LABEL DESCRIPTION
Chapter 29 xDSL Statistics
XMG3563-B10A User’s Guide
254
LOF This is the number of Loss Of Frame seconds.
LOM This is the number of Loss of Margin seconds.
Table 123 Status > xDSL Statistics (continued)
LABEL DESCRIPTION
XMG3563-B10A User’s Guide
255
CHAPTER 30
System
30.1 Overview
In the System screen, you can name your XMG (Host) and give it an associated domain name for
identification purposes.
30.2 The System Screen
Click Maintenance > System to open the following screen.
Figure 153 Maintenance > System
The following table describes the labels in this screen.
Table 124 Maintenance > System
LABEL DESCRIPTION
Host Name Type a hostname for your XMG. Enter a descriptive name of up to 16 alphanumeric characters,
not including spaces, underscores, and dashes.
Domain Name Type a Domain name for your host XMG.
Apply Click Apply to save your changes.
Cancel Click Cancel to abandon this screen without saving.
XMG3563-B10A User’s Guide
256
CHAPTER 31
User Account
31.1 Overview
In the User Account screen, you can view the settings of the “admin” and other user accounts that you
used to log in the XMG.
31.2 The User Account Screen
Click Maintenance > User Account to open the following screen.
Figure 154 Maintenance > User Account
The following table describes the labels in this screen.
Table 125 Maintenance > User Account
LABEL DESCRIPTION
Add New
Account
Click this button to add a new user account.
#This is the index number
Active Select the check box to enable a user account.
User Name This field displays the name of the account used to log into the XMG web configurator.
Retry Times This field displays the number of times consecutive wrong passwords can be entered for this
account. 0 means there is no limit.
Idle Timeout This field displays the length of inactive time before the XMG will automatically log the user out of
the web configurator.
Lock Period This field displays the length of time a user must wait before attempting to log in again after a
number of consecutive wrong passwords have been entered as defined in Retry Times.
Group This field displays whether this user has Administrator or User privileges.
Modify Click the Edit icon to configure the entry.
Click the Delete icon to remove the entry.
Chapter 31 User Account
XMG3563-B10A User’s Guide
257
31.2.1 The User Account Add/Edit Screen
Click Add New Account or the Edit icon of an existing account in the Maintenance > User Account to
open the following screen.
Figure 155 Maintenance > User Account > Add/Edit
The following table describes the labels in this screen.
Table 126 Maintenance > User Account > Add/Edit
LABEL DESCRIPTION
Active Select Enable to activate a user account.
User Name Enter a new name for the account. This field displays the name of an existing account.
Old Password Type the default password or the existing password used to access the XMG web configurator.
Password/New
Password
Type your new system password (up to 256 characters). Note that as you type a password, the
screen displays a (*) for each character you type. After you change the password, use the new
password to access the XMG.
Verify Password/
Verify New
Password
Type the new password again for confirmation.
Retry Times Enter the number of times consecutive wrong passwords can be entered for this account. 0
means there is no limit.
Idle Timeout Enter the length of inactive time before the XMG will automatically log the user out of the web
configurator.
Lock Period Enter the length of time a user must wait before attempting to log in again after a number if
consecutive wrong passwords have been entered as defined in Retry Times.
Group Specify whether this user will have Administrator or User privleges.
OK Click OK to save your changes.
Cancel Click Cancel to exit this screen without saving.
XMG3563-B10A User’s Guide
258
CHAPTER 32
Remote Management
32.1 Overview
Remote management controls through which interface(s), which services can access the XMG.
Note: The XMG is managed using the Web Configurator.
32.2 The MGMT Services Screen
Use this screen to configure through which interface(s), which services can access the XMG. You can
also specify the port numbers the services must use to connect to the XMG. Click Maintenance >
Remote Management > MGMT Services to open the following screen.
Figure 156 Maintenance > Remote Management > MGMT Services
The following table describes the fields in this screen.
Table 127 Maintenance > Remote Management > MGMT Services
LABEL DESCRIPTION
WAN Interface
used for services
Select Any_WAN to have the XMG automatically activate the remote management service
when any WAN connection is up.
Select Multi_WAN and then select one or more WAN connections to have the XMG activate the
remote management service when the selected WAN connections are up.
service This is the service you may use to access the XMG.
Chapter 32 Remote Management
XMG3563-B10A User’s Guide
259
32.3 The Trust Domain Screen
Use this screen to view a list of public IP addresses which are allowed to access the XMG through the
services configured in the Maintenance > Remote Management screen. Click Maintenance > Remote
Management > Trust Domain to open the following screen.
Note: If this list is empty, all public IP addresses can access the XMG from the WAN through
the specified services.
Figure 157 Maintenance > Remote Management > Trust Domain
The following table describes the fields in this screen.
32.3.1 The Add Trust Domain Screen
Use this screen to configure a public IP address which is allowed to access the XMG. Click the Add Trust
Domain button in the Maintenance > Remote Management > Turst Domain screen to open the following
screen.
LAN/WLAN Select the Enable check box for the corresponding services that you want to allow access to the
XMG from the LAN/WLAN.
WAN Select the Enable check box for the corresponding services that you want to allow access to the
XMG from all WAN connections.
Trust Domain Select the Enable check box for the corresponding services that you want to allow access to the
XMG from the trusted hosts configured in the Maintenance > Remote MGMT > Trust Domain
screen.
If you only want certain WAN connections to have access to the XMG using the corresponding
services, then clear WAN, select Trust Domain and configure the allowed IP address(es) in the
Trust Domain screen.
Port You may change the server port number for a service if needed, however you must use the
same port number in order to use that service for remote management.
Apply Click Apply to save your changes back to the XMG.
Cancel Click Cancel to restore your previously saved settings.
Table 127 Maintenance > Remote Management > MGMT Services (continued)
LABEL DESCRIPTION
Table 128 Maintenance > Remote Management > Trust Domain
LABEL DESCRIPTION
Add Trust
Domain
Click this to add a trusted host IP address.
IP Address This field shows a trusted host IP address.
Delete Click the Delete icon to remove the trust IP address.
Chapter 32 Remote Management
XMG3563-B10A User’s Guide
260
Figure 158 Maintenance > Remote Management > Trust Domain > Add Trust Domain
The following table describes the fields in this screen.
Table 129 Maintenance > Remote Management > Trust Domain > Add Trust Domain
LABEL DESCRIPTION
IP Address Enter a public IPv4 IP address which is allowed to access the service on the XMG from the WAN.
Apply Click Apply to save your changes back to the XMG.
Cancel Click Cancel to exit this screen without saving.
XMG3563-B10A User’s Guide
261
CHAPTER 33
TR-069 Client
33.1 Overview
This chapter explains how to configure the XMG’s TR-069 auto-configuration settings.
33.2 The TR-069 Client Screen
TR-069 defines how Customer Premise Equipment (CPE), for example your XMG, can be managed over
the WAN by an Auto Configuration Server (ACS). TR-069 is based on sending Remote Procedure Calls
(RPCs) between an ACS and a client device. RPCs are sent in Extensible Markup Language (XML)
format over HTTP or HTTPS.
An administrator can use an ACS to remotely set up the XMG, modify settings, perform firmware
upgrades as well as monitor and diagnose the XMG. You have to enable the device to be managed by
the ACS and specify the ACS IP address or domain name and username and password.
Click Maintenance > TR-069 Client to open the following screen. Use this screen to configure your XMG
to be managed by an ACS.
Figure 159 Maintenance > TR-069 Client
Chapter 33 TR-069 Client
XMG3563-B10A User’s Guide
262
The following table describes the fields in this screen.
Table 130 Maintenance > TR-069 Client
LABEL DESCRIPTION
CWMP Active Select Enable to activate CWMP (CPE WAN Management Protocol) and allow the XMG to be
managed by a management server.
Inform Select Enable for the XMG to send periodic inform via TR-069 on the WAN. Otherwise, select
Disable.
Inform Interval Enter the time interval (in seconds) at which the XMG sends information to the auto-
configuration server.
IP Protocol Select the protocol on which you want to TR-069 to be used.
ACS URL Enter the URL or IP address of the auto-configuration server.
ACS User Name Enter the TR-069 user name for authentication with the auto-configuration server.
ACS Password Enter the TR-069 password for authentication with the auto-configuration server.
WAN Interface
used by TR-069
client
Select a WAN interface through which the TR-069 traffic passes.
If you select Any_WAN, you should also select the pre-configured WAN connection(s).
Display SOAP
messages on
serial console
Select Enable to show the SOAP messages on the console.
Connection
Request
Authentication
Select this option to enable authentication when there is a connection request from the ACS.
Connection
Request User
Name
Enter the connection request user name.
When the ACS makes a connection request to the XMG, this user name is used to authenticate
the ACS.
Connection
Request
Password
Enter the connection request password.
When the ACS makes a connection request to the XMG, this password is used to authenticate
the ACS.
Connection
Request URL
This shows the connection request URL.
The ACS can use this URL to make a connection request to the XMG.
Local certificate
used by TR-069
client
You can choose a local certificate used by TR-069 client. The local certificate should be
imported in the Security > Certificates > Local Certificates screen.
Apply Click Apply to save your changes.
Cancel Click Cancel to exit this screen without saving.
XMG3563-B10A User’s Guide
263
CHAPTER 34
SNMP
34.1 Overview
This chapter explains how to configure the SNMP settings on the XMG.
34.2 The SNMP Screen
Simple Network Management Protocol is a protocol used for exchanging management information
between network devices. Your XMG supports SNMP agent functionality, which allows a manager
station to manage and monitor the XMG through the network. The XMG supports SNMP version one
(SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation.
Figure 160 SNMP Management Model
An SNMP managed network consists of two main types of component: agents and a manager.
An agent is a management software module that resides in a managed device (the XMG). An agent
translates the local management information from the managed device into a form compatible with
SNMP. The manager is the console through which network administrators perform network management
functions. It executes applications that control and monitor managed devices.
The managed devices contain object variables/managed objects that define each piece of
information to be collected about a device. Examples of variables include such as number of packets
received, node port status etc. A Management Information Base (MIB) is a collection of managed
objects. SNMP allows a manager and agents to communicate for the purpose of accessing these
objects.
Chapter 34 SNMP
XMG3563-B10A User’s Guide
264
SNMP itself is a simple request/response protocol based on the manager/agent model. The manager
issues a request and the agent returns responses using the following protocol operations:
• Get - Allows the manager to retrieve an object variable from the agent.
• GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent.
In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get
operation, followed by a series of GetNext operations.
• Set - Allows the manager to set values for object variables within an agent.
• Trap - Used by the agent to inform the manager of some events.
Click Maintenance > SNMP to open the following screen. Use this screen to configure the XMG SNMP
settings.
Figure 161 Maintenance > SNMP
The following table describes the fields in this screen.
Table 131 Maintenance > SNMP
LABEL DESCRIPTION
SNMP Agent Select Enable to let the XMG act as an SNMP agent, which allows a manager station to
manage and monitor the XMG through the network. Select Disable to turn this feature off.
Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests
from the management station.
Set Community Enter the Set community, which is the password for incoming Set requests from the
management station.
Trap Community Enter the Trap Community, which is the password sent with each trap to the SNMP manager.
The default is public and allows all requests.
System Name Enter the SNMP system name.
System Location Enter the SNMP system location.
System Contact Enter the SNMP system contact.
Trap Destination Type the IP address of the station to send your SNMP traps to.
Apply Click this to save your changes back to the XMG.
Cancel Click this to restore your previously saved settings.
XMG3563-B10A User’s Guide
265
CHAPTER 35
Time Settings
35.1 Overview
This chapter shows you how to configure system related settings, such as system time, password, name,
the domain name and the inactivity timeout interval.
35.2 The Time Screen
To change your XMG’s time and date, click Maintenance > Time. The screen appears as shown. Use this
screen to configure the XMG’s time based on your local time zone.
Figure 162 Maintenance > Time
The following table describes the fields in this screen.
Table 132 Maintenance > Time
LABEL DESCRIPTION
Current Date/Time
Current Time This field displays the time of your XMG.
Each time you reload this page, the XMG synchronizes the time with the time server.
Current Date This field displays the date of your XMG.
Each time you reload this page, the XMG synchronizes the date with the time server.
Time and Date Setup
Chapter 35 Time Settings
XMG3563-B10A User’s Guide
266
First ~ Fifth Time
Server Address
Select an NTP time server from the drop-down list box.
Otherwise, select Other and enter the IP address or URL (up to 29 extended ASCII characters
in length) of your time server.
Select None if you don’t want to configure the time server.
Check with your ISP/network administrator if you are unsure of this information.
Time Zone
Time Protocol This displays the time protocol used by the XMG.
First ~ Fifth Time
Server Address
Select an NTP time server from the drop-down list box.
Otherwise, select Other and enter the IP address or URL (up to 29 extended ASCII characters
in length) of your time server.
Select None if you don’t want to configure the time server.
Check with your ISP/network administrator if you are unsure of this information.
Time zone Choose the time zone of your location. This will set the time difference between your time
zone and Greenwich Mean Time (GMT).
Daylight Savings Daylight Saving Time is a period from late spring to early fall when many countries set their
clocks ahead of normal local time by one hour to give more daytime light in the evening.
Active Select Enable if you use Daylight Saving Time.
Start Rule Configure the day and time when Daylight Saving Time starts if you enabled Daylight Saving.
You can select a specific date in a particular month or a specific day of a specific week in a
particular month. The Hour field uses the 24 hour format. Here are a couple of examples:
Daylight Saving Time starts in most parts of the United States on the second Sunday of March.
Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time. So in
the United States, set the day to Second, Sunday, the month to March and the time to 2 in the
Hour field.
Daylight Saving Time starts in the European Union on the last Sunday of March. All of the time
zones in the European Union start using Daylight Saving Time at the same moment (1 A.M.
GMT or UTC). So in the European Union you would set the day to Last, Sunday and the month
to March. The time you select depends on your time zone. In Germany for instance, you
would select 2 in the Hour field because Germany's time zone is one hour ahead of GMT or
UTC (GMT+1).
End Rule Configure the day and time when Daylight Saving Time ends if you enabled Daylight Saving.
You can select a specific date in a particular month or a specific day of a specific week in a
particular month. The Time field uses the 24 hour format. Here are a couple of examples:
Daylight Saving Time ends in the United States on the first Sunday of November. Each time
zone in the United States stops using Daylight Saving Time at 2 A.M. local time. So in the United
States you would set the day to First, Sunday, the month to November and the time to 2 in the
Time field.
Daylight Saving Time ends in the European Union on the last Sunday of October. All of the
time zones in the European Union stop using Daylight Saving Time at the same moment (1
A.M. GMT or UTC). So in the European Union you would set the day to Last, Sunday, and the
month to October. The time you select depends on your time zone. In Germany for instance,
you would select 2 in the Time field because Germany's time zone is one hour ahead of GMT
or UTC (GMT+1).
Apply Click Apply to save your changes.
Cancel Click Cancel to restore your previously saved settings.
Table 132 Maintenance > Time (continued)
LABEL DESCRIPTION
XMG3563-B10A User’s Guide
267
CHAPTER 36
E-mail Notification
36.1 Overview
A mail server is an application or a computer that runs such an application to receive, forward and
deliver e-mail messages.
To have the XMG send reports, logs or notifications via e-mail, you must specify an e-mail server and the
e-mail addresses of the sender and receiver.
36.2 The E-mail Notification Screen
Click Maintenance > E-mail Notification to open the E-mail Notification screen. Use this screen to view,
remove and add mail server information on the XMG.
Figure 163 Maintenance > E-mail Notification
The following table describes the labels in this screen.
36.2.1 E-mail Notification Edit
Click the Add button in the E-mail Notification screen. Use this screen to configure the required
information for sending e-mail via a mail server.
Table 133 Maintenance > E-mail Notification
LABEL DESCRIPTION
Add New E-mail Click this button to create a new entry.
Mail Server
Address
This field displays the server name or the IP address of the mail server.
Username This field displays the user name of the sender’s mail account.
Port This field displays the port number of the mail server.
Security This field displays the protocol used for encryption.
E-mail Address This field displays the e-mail address that you want to be in the from/sender line of the e-mail
that the XMG sends.
Remove Click this button to delete the selected entry(ies).
Chapter 36 E-mail Notification
XMG3563-B10A User’s Guide
268
Figure 164 Email Notification > Add
The following table describes the labels in this screen.
Table 134 Email Notification > Add
LABEL DESCRIPTION
Mail Server
Address
Enter the server name or the IP address of the mail server for the e-mail address specified in the
Account Email Address field.
If this field is left blank, reports, logs or notifications will not be sent via e-mail.
Port Enter the same port number here as is on the mail server for mail traffic.
Authentication
Username
Enter the user name (up to 32 characters). This is usually the user name of a mail account you
specified in the Account Email Address field.
Authentication
Password
Enter the password associated with the user name above.
Account E-mail
Address
Enter the e-mail address that you want to be in the from/sender line of the e-mail notification
that the XMG sends.
If you activate SSL/TLS authentication, the e-mail address must be able to be authenticated by
the mail server as well.
Connection
Security
Select SSL to use Secure Sockets Layer (SSL) or Transport Layer Security (TLS) if you want
encrypted communications between the mail server and the XMG.
Select STARTTLS to upgrade a plain text connection to a secure connection using SSL/TLS.
OK Click this button to save your changes and return to the previous screen.
Cancel Click this button to exit this screen without saving.
XMG3563-B10A User’s Guide
269
CHAPTER 37
Log Setting
37.1 Overview
You can configure where the XMG sends logs and which logs and/or immediate alerts the XMG records
in the Logs Setting screen.
37.2 The Log Settings Screen
To change your XMG’s log settings, click Maintenance > Logs Setting. The screen appears as shown.
Figure 165 Maintenance > Logs Setting
Chapter 37 Log Setting
XMG3563-B10A User’s Guide
270
The following table describes the fields in this screen.
37.2.1 Example E-mail Log
An "End of Log" message displays for each mail in which a complete log has been sent. The following is
an example of a log sent by e-mail.
• You may edit the subject title.
• The date format here is Day-Month-Year.
• The date format here is Month-Day-Year. The time format is Hour-Minute-Second.
•"End of Log" message shows that a complete log has been sent.
Table 135 Maintenance > Logs Setting
LABEL DESCRIPTION
Syslog Setting
Syslog Logging The XMG sends a log to an external syslog server. Select Enable to enable syslog logging.
Mode Select the syslog destination from the drop-down list box.
If you select Remote, the log(s) will be sent to a remote syslog server. If you select Local File, the
log(s) will be saved in a local file. If you want to send the log(s) to a remote syslog server and
save it in a local file, select Local File and Remote.
Syslog Server Enter the server name or IP address of the syslog server that will log the selected categories of
logs.
UDP Port Enter the port number used by the syslog server.
E-mail Log Settings
E-mail Log
Settings
Select Enable to have the XMG send logs and alarm messages to the configured e-mail
addresses.
Mail
Account This section is available only when you select Enable in the E-mail Log Settings field.
Select a mail account from which you want to send logs. You can configure mail accounts in
the Maintenance > E-mail Notification screen.
System Log
Mail Subject Type a title that you want to be in the subject line of the system log e-mail message that the
XMG sends.
Security Log
Mail Subject Type a title that you want to be in the subject line of the security log e-mail message that the
XMG sends.
Send Log to The XMG sends logs to the e-mail address specified in this field. If this field is left blank, the XMG
does not send logs via E-mail.
Send Alarm
to Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system
error, or forbidden web access attempt occurs. Enter the E-mail address where the alert
messages will be sent. Alerts include system errors, attacks and attempted access to blocked
web sites. If this field is left blank, alert messages will not be sent via E-mail.
Alarm
Interval Specify how often the alarm should be updated.
Active Log
System Log Select the categories of system logs that you want to record.
Security Log Select the categories of security logs that you want to record.
Apply Click Apply to save your changes.
Cancel Click Cancel to restore your previously saved settings.
Chapter 37 Log Setting
XMG3563-B10A User’s Guide
271
Figure 166 E-mail Log Example
Subject:
Firewall Alert From
Date:
Fri, 07 Apr 2000 10:05:42
From:
user@zyxel.com
To:
user@zyxel.com
1|Apr 7 00 |From:192.168.200.1 To:192.168.1.255 |default policy |forward
| 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> |
2|Apr 7 00 |From:192.168.200.131 To:192.168.1.255 |default policy |forward
| 09:54:17 |UDP src port:00520 dest port:00520 |<1,00> |
3|Apr 7 00 |From:192.168.200.6 To:10.10.10.10 |match |forward
| 09:54:19 |UDP src port:03516 dest port:00053 |<1,01> |
……………………………..{snip}…………………………………..
……………………………..{snip}…………………………………..
126|Apr 7 00 |From:192.168.200.1 To:192.168.1.255 |match |forward
| 10:05:00 |UDP src port:00520 dest port:00520 |<1,02> |
127|Apr 7 00 |From:192.168.200.131 To:192.168.1.255 |match |forward
| 10:05:17 |UDP src port:00520 dest port:00520 |<1,02> |
128|Apr 7 00 |From:192.168.200.1 To:192.168.1.255 |match |forward
| 10:05:30 |UDP src port:00520 dest port:00520 |<1,02> |
End of Firewall Log
XMG3563-B10A User’s Guide
272
CHAPTER 38
Firmware Upgrade
38.1 Overview
This chapter explains how to upload new firmware to your XMG. You can download new firmware
releases from your nearest Zyxel FTP site (or www.zyxel.com) to use to upgrade your device’s
performance.
Only use firmware for your device’s specific model. Refer to the label on
the bottom of your XMG.
38.2 The Firmware Screen
Click Maintenance > Firmware Upgrade to open the following screen. The upload process uses HTTP
(Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will
reboot.
Do NOT turn off the XMG while firmware upload is in progress!
Figure 167 Maintenance > Firmware Upgrade
The following table describes the labels in this screen. After you see the firmware updating screen, wait
two minutes before logging into the XMG again.
Table 136 Maintenance > Firmware Upgrade
LABEL DESCRIPTION
Upgrade Firmware
Restore Default
Settings After
Firmware
Upgrade
Click the check box to have the XMG automatically reset itself after the new firmware is
uploaded.
Current
Firmware
Version
This is the present Firmware version and the date created.
File Path Type in the location of the file you wasnt to upload in this field or click Choose File to find it.
Chapter 38 Firmware Upgrade
XMG3563-B10A User’s Guide
273
Figure 168 Firmware Uploading
The XMG automatically restarts in this time causing a temporary network disconnect. In some operating
systems, you may see the following icon on your desktop.
Figure 169 Network Temporarily Disconnected
After two minutes, log in again and check your new firmware version in the Status screen.
Choose File Click this to find the .bin file you want to upload. Remember that you must decompress
compressed (.zip) files before you can upload them.
Upload Click this to begin the upload process. This process may take up to two minutes.
Table 136 Maintenance > Firmware Upgrade
LABEL DESCRIPTION
XMG3563-B10A User’s Guide
274
CHAPTER 39
Backup/Restore
39.1 Overview
The Backup/Restore screen allows you to backup and restore device configurations. You can also reset
your device settings back to the factory default.
39.2 The Backup/Restore Screen
Click Maintenance > Backup/Restore. Information related to factory defaults, backup configuration,
and restoring configuration appears in this screen, as shown next.
Figure 170 Maintenance > Backup/Restore
Backup Configuration
Backup Configuration allows you to back up (save) the XMG’s current configuration to a file on your
computer. Once your XMG is configured and functioning properly, it is highly recommended that you
back up your configuration file before making configuration changes. The backup configuration file will
be useful in case you need to return to your previous settings.
Click Backup to save the XMG’s current configuration to your computer.
Chapter 39 Backup/Restore
XMG3563-B10A User’s Guide
275
Restore Configuration
Restore Configuration allows you to upload a new or previously saved configuration file from your
computer to your XMG.
Do not turn off the XMG while configuration file upload is in progress.
After the XMG configuration has been restored successfully, the login screen appears. Login again to
restart the XMG.
The XMG automatically restarts in this time causing a temporary network disconnect. In some operating
systems, you may see the following icon on your desktop.
Figure 171 Network Temporarily Disconnected
If you uploaded the default configuration file you may need to change the IP address of your computer
to be in the same subnet as that of the default device IP address (192.168.200.1).
If the upload was not successful, the following screen will appear. Click OK to go back to the
Configuration screen.
Figure 172 Configuration Upload Error
Reset to Factory Defaults
Click the Reset button to clear all user-entered configuration information and return the XMG to its
factory defaults. The following warning screen appears.
Table 137 Restore Configuration
LABEL DESCRIPTION
File Path Type in the location of the file you want to upload in this field or click Choose File to find it.
Choose File Click this to find the file you want to upload. Remember that you must decompress compressed
(.ZIP) files before you can upload them.
Upload Click this to begin the upload process.
Chapter 39 Backup/Restore
XMG3563-B10A User’s Guide
276
Figure 173 Reset Warning Message
Figure 174 Reset In Process Message
You can also press the RESET button on the rear panel to reset the factory defaults of your XMG. Refer to
Section 1.5 on page 23 for more information on the RESET button.
39.3 The Reboot Screen
System restart allows you to reboot the XMG remotely without turning the power off. You may need to
do this if the XMG hangs, for example.
Click Maintenance > Reboot. Click Reboot to have the XMG reboot. This does not affect the XMG's
configuration.
Figure 175 Maintenance > Reboot
XMG3563-B10A User’s Guide
277
CHAPTER 40
Diagnostic
40.1 Overview
The Diagnostic screens display information to help you identify problems with the XMG.
The route between a CO VDSL switch and one of its CPE may go through switches owned by
independent organizations. A connectivity fault point generally takes time to discover and impacts
subscriber’s network access. In order to eliminate the management and maintenance efforts, IEEE
802.1ag is a Connectivity Fault Management (CFM) specification which allows network administrators to
identify and manage connection faults. Through discovery and verification of the path, CFM can
detect, analyze and isolate connectivity faults in bridged LANs.
40.1.1 What You Can Do in this Chapter
• The Ping & TraceRoute & NsLookup screen lets you ping an IP address or trace the route packets take
to a host (Section 40.3 on page 278).
• The 802.1ag screen lets you perform CFM actions (Section 40.4 on page 278).
• The OAM Ping screen lets you send an ATM OAM (Operation, Administration and Maintenance)
packet to verify the connectivity of a specific PVC. (Section 40.5 on page 279).
40.2 What You Need to Know
The following terms and concepts may help as you read through this chapter.
How CFM Works
A Maintenance Association (MA) defines a VLAN and associated Maintenance End Point (MEP) ports
on the device under a Maintenance Domain (MD) level. An MEP port has the ability to send
Connectivity Check Messages (CCMs) and get other MEP ports information from neighbor devices’
CCMs within an MA.
CFM provides two tests to discover connectivity faults.
• Loopback test - checks if the MEP port receives its Loop Back Response (LBR) from its target after it
sends the Loop Back Message (LBM). If no response is received, there might be a connectivity fault
between them.
• Link trace test - provides additional connectivity fault analysis to get more information on where the
fault is. If an MEP port does not respond to the source MEP, this may indicate a fault. Administrators
can take further action to check and resume services from the fault according to the line
connectivity status report.
Chapter 40 Diagnostic
XMG3563-B10A User’s Guide
278
40.3 Ping & TraceRoute & NsLookup
Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance > Diagnostic >
Ping&TraceRoute&NsLookup to open the screen shown next.
Figure 176 Maintenance > Diagnostic > Ping & Traceroute & Nslookup
The following table describes the fields in this screen.
40.4 802.1ag
Click Maintenance > Diagnostic > 802.1ag to open the following screen. Use this screen to perform CFM
actions.
Table 138 Maintenance > Diagnostic > Ping & TraceRoute & NsLookup
LABEL DESCRIPTION
URL or IP
Address
Type the IP address of a computer that you want to perform ping, traceroute, or nslookup in
order to test a connection.
Ping Click this to ping the IPv4 address that you entered.
Ping Click this to ping the IPv6 address that you entered.
TraceRoute Click this to display the route path and transmission delays between the XMG to the IPv4
address that you entered.
TraceRoute Click this to display the route path and transmission delays between the XMG to the IPv6
address that you entered.
Nslookup Click this button to perform a DNS lookup on the IP address of a computer you enter.
Chapter 40 Diagnostic
XMG3563-B10A User’s Guide
279
Figure 177 Maintenance > Diagnostic > 802.1ag
The following table describes the fields in this screen.
40.5 OAM Ping
Click Maintenance > Diagnostic > OAM Ping to open the screen shown next. Use this screen to perform
an OAM (Operation, Administration and Maintenance) F4 or F5 loopback test on a PVC. The XMG sends
an OAM F4 or F5 packet to the DSLAM or ATM switch and then returns it to the XMG. The test result then
displays in the text box.
Table 139 Maintenance > Diagnostic > 802.1ag
LABEL DESCRIPTION
802.1ag Connectivity Fault Management
Maintenance
Domain (MD)
Level
Select a level (0-7) under which you want to create an MA.
Destination
MAC Address
Enter the target device’s MAC address to which the XMG performs a CFM loopback test.
802.1Q VLAN ID Type a VLAN ID (0-4095) for this MA.
VDSL Traffic
Type
This shows whether the VDSL traffic is activated.
Loopback
Message (LBM)
This shows how many Loop Back Messages (LBMs) are sent and if there is any inorder or outorder
Loop Back Response (LBR) received from a remote MEP.
Linktrace
Message (LTM)
This shows the destination MAC address in the Link Trace Response (LTR).
Set MD Level Click this button to configure the MD (Maintenance Domain) level.
Send Loopback Click this button to have the selected MEP send the LBM (Loop Back Message) to a specified
remote end point.
Send Linktrace Click this button to have the selected MEP send the LTMs (Link Trace Messages) to a specified
remote end point.
Chapter 40 Diagnostic
XMG3563-B10A User’s Guide
280
ATM sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as
follows:
Figure 178 Virtual Circuit Topology
Think of a virtual path as a cable that contains a bundle of wires. The cable connects two points and
wires within the cable provide individual circuits between the two points. In an ATM cell header, a VPI
(Virtual Path Identifier) identifies a link formed by a virtual path; a VCI (Virtual Channel Identifier)
identifies a channel within a virtual path. A series of virtual paths make up a virtual circuit.
F4 cells operate at the virtual path (VP) level, while F5 cells operate at the virtual channel (VC) level. F4
cells use the same VPI as the user data cells on VP connections, but use different predefined VCI values.
F5 cells use the same VPI and VCI as the user data cells on the VC connections, and are distinguished
from data cells by a predefinded Payload Type Identifier (PTI) in the cell header. Both F4 flows and F5
flows are bidirectional and have two types.
• segment F4 flows (VCI=3)
• end-to-end F4 flows (VCI=4)
• segment F5 flows (PTI=100)
• end-to-end F5 flows (PTI=101)
OAM F4 or F5 tests are used to check virtual path or virtual channel availability between two DSL
devices. Segment flows are terminated at the connecting point which terminates a VP or VC segment.
End-to-end flows are terminated at the end point of a VP or VC connection, where an ATM link is
terminated. Segment loopback tests allow you to verify integrity of a PVC to the nearest neighboring
ATM device. End-to-end loopback tests allow you to verify integrity of an end-to-end PVC.
Note: The DSLAM to which the XMG is connected must also support ATM F4 and/or F5 to use
this test.
Note: This screen is available only when you configure an ATM layer-2 interface.
• Virtual Channel (VC) Logical connections between ATM devices
• Virtual Path (VP) A bundle of virtual channels
• Virtual Circuits A series of virtual paths between circuit end points
Chapter 40 Diagnostic
XMG3563-B10A User’s Guide
281
Figure 179 Maintenance > Diagnostic > OAM Ping
The following table describes the fields in this screen.
Table 140 Maintenance > Diagnostic > OAM Ping
LABEL DESCRIPTION
Select a PVC on which you want to perform the loopback test.
F4 segment Press this to perform an OAM F4 segment loopback test.
F4 end-end Press this to perform an OAM F4 end-to-end loopback test.
F5 segment Press this to perform an OAM F5 segment loopback test.
F5 end-end Press this to perform an OAM F5 end-to-end loopback test.
XMG3563-B10A User’s Guide
282
CHAPTER 41
Troubleshooting
This chapter offers some suggestions to solve problems you might encounter. The potential problems are
divided into the following categories.
•Power, Hardware Connections, and LEDs
•XMG Access and Login
•Internet Access
•Wireless Internet Access
•USB Device Connection
•UPnP
41.1 Power, Hardware Connections, and LEDs
The XMG does not turn on. None of the LEDs turn on.
1Make sure the XMG is turned on.
2Make sure you are using the power adaptor or cord included with the XMG.
3Make sure the power adaptor or cord is connected to the XMG and plugged in to an appropriate
power source. Make sure the power source is turned on.
4Turn the XMG off and on.
5If the problem continues, contact the vendor.
One of the LEDs does not behave as expected.
1Make sure you understand the normal behavior of the LED. See Section 1.4 on page 21.
2Check the hardware connections.
3Inspect your cables for damage. Contact the vendor to replace any damaged cables.
4Turn the XMG off and on.
Chapter 41 Troubleshooting
XMG3563-B10A User’s Guide
283
5If the problem continues, contact the vendor.
41.2 XMG Access and Login
I forgot the IP address for the XMG.
1The default LAN IP address is 192.168.200.1.
2If you changed the IP address and have forgotten it, you might get the IP address of the XMG by looking
up the IP address of the default gateway for your computer. To do this in most Windows computers, click
Start > Run, enter cmd, and then enter ipconfig. The IP address of the Default Gateway might be the IP
address of the XMG (it depends on the network), so enter this IP address in your Internet browser.
3If this does not work, you have to reset the device to its factory defaults. See Section 1.5 on page 23.
I forgot the password.
1See the cover page for the default login names and associated passwords.
2If those do not work, you have to reset the device to its factory defaults. See Section 1.5 on page 23.
I cannot see or access the Login screen in the web configurator.
1Make sure you are using the correct IP address.
• The default IP address is 192.168.200.1.
• If you changed the IP address (Section 8.2 on page 113), use the new IP address.
• If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I
forgot the IP address for the XMG.
2Check the hardware connections, and make sure the LEDs are behaving as expected. See Section 1.4
on page 21.
3Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java
enabled.
4If it is possible to log in from another interface, check the service control settings for HTTP and HTTPS
(Maintenance > Remote MGMT).
5Reset the device to its factory defaults, and try to access the XMG with the default IP address. See
Section 1.5 on page 23.
Chapter 41 Troubleshooting
XMG3563-B10A User’s Guide
284
6If the problem continues, contact the network administrator or vendor, or try one of the advanced
suggestions.
Advanced Suggestions
• Make sure you have logged out of any earlier management sessions using the same user account
even if they were through a different interface or using a different browser.
• Try to access the XMG using another service, such as Telnet. If you can access the XMG, check the
remote management settings and firewall rules to find out why the XMG does not respond to HTTP.
I can see the Login screen, but I cannot log in to the XMG.
1Make sure you have entered the password correctly. See the cover page for the default login names
and associated passwords. The field is case-sensitive, so make sure [Caps Lock] is not on.
2You cannot log in to the web configurator while someone is using Telnet to access the XMG. Log out of
the XMG in the other session, or ask the person who is logged in to log out.
3Turn the XMG off and on.
4If this does not work, you have to reset the device to its factory defaults. See Section 41.1 on page 282.
I cannot Telnet to the XMG.
See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator.
Ignore the suggestions about your browser.
I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload new
firmware.
See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator.
Ignore the suggestions about your browser.
41.3 Internet Access
I cannot access the Internet.
1Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick
Start Guide and Section 1.4 on page 21.
Chapter 41 Troubleshooting
XMG3563-B10A User’s Guide
285
2Make sure you entered your ISP account information correctly in the Network Setting > Broadband
screen. These fields are case-sensitive, so make sure [Caps Lock] is not on.
3If you are trying to access the Internet wirelessly, make sure that you enabled the wireless LAN in the
XMG and your wireless client and that the wireless settings in the wireless client are the same as the
settings in the XMG.
4Disconnect all the cables from your device and reconnect them.
5If the problem continues, contact your ISP.
I cannot access the Internet through a DSL connection.
1Make sure you have the DSL WAN port connected to a telephone jack (or the DSL or modem jack on a
splitter if you have one).
2Make sure you configured a proper DSL WAN interface (Network Setting > Broadband screen) with the
Internet account information provided by your ISP and that it is enabled.
3Check that the LAN interface you are connected to is in the same interface group as the DSL
connection (Network Setting > Interface Grouping).
4If you set up a WAN connection using bridging service, make sure you turn off the DHCP feature in the
LAN screen to have the clients get WAN IP addresses directly from your ISP’s DHCP server.
I cannot connect to the Internet using a second DSL connection.
ADSL and VDSL connections cannot work at the same time. You can only use one type of DSL
connection, either ADSL or VDSL connection at one time.
I cannot connect to the Internet using an Ethernet connection.
1Make sure you have the Ethernet WAN port connected to a modem or router.
2Make sure you converted LAN port number four as WAN. Click Enable in Network Setting > Broadband >
Ethernet WAN screen.
3Make sure you configured a proper Ethernet WAN interface (Network Setting > Broadband screen) with
the Internet account information provided by your ISP and that it is enabled.
4Check that the LAN interface you are connected to is in the same interface group as the Ethernet WAN
connection (Network Setting > Interface Grouping).
5If you set up a WAN connection using bridging service, make sure you turn off the DHCP feature in the
LAN screen to have the clients get WAN IP addresses directly from your ISP’s DHCP server.
Chapter 41 Troubleshooting
XMG3563-B10A User’s Guide
286
I cannot access the XMG anymore. I had access to the XMG, but my connection is not available
anymore.
1Your session with the XMG may have expired. Try logging into the XMG again.
2Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick
Start Guide and Section 1.4 on page 21.
3Turn the XMG off and on.
4If the problem continues, contact your vendor.
41.4 Wireless Internet Access
What factors may cause intermittent or unstabled wireless connection? How can I solve this
problem?
The following factors may cause interference:
• Obstacles: walls, ceilings, furniture, and so on.
• Building Materials: metal doors, aluminum studs.
• Electrical devices: microwaves, monitors, electric motors, cordless phones, and other wireless devices.
To optimize the speed and quality of your wireless connection, you can:
• Move your wireless device closer to the AP if the signal strength is low.
• Reduce wireless interference that may be caused by other wireless networks or surrounding wireless
electronics such as cordless phones.
• Place the AP where there are minimum obstacles (such as walls and ceilings) between the AP and
the wireless client.
• Reduce the number of wireless clients connecting to the same AP simultaneously, or add additional
APs if necessary.
• Try closing some programs that use the Internet, especially peer-to-peer applications. If the wireless
client is sending or receiving a lot of information, it may have too many programs open that use the
Internet.
What is a Server Set ID (SSID)?
An SSID is a name that uniquely identifies a wireless network. The AP and all the clients within a wireless
network must use the same SSID.
Chapter 41 Troubleshooting
XMG3563-B10A User’s Guide
287
41.5 USB Device Connection
The XMG fails to detect my USB device.
1Disconnect the USB device.
2Reboot the XMG.
3If you are connecting a USB hard drive that comes with an external power supply, make sure it is
connected to an appropriate power source that is on.
4Re-connect your USB device to the XMG.
41.6 UPnP
When using UPnP and the XMG reboots, my computer cannot detect UPnP and refresh My
Network Places > Local Network.
1Disconnect the Ethernet cable from the XMG’s LAN port or from your computer.
2Re-connect the Ethernet cable.
The Local Area Connection icon for UPnP disappears in the screen.
Restart your computer.
288
PART III
Appendices
Appendices contain general information. Some information may not apply to your device.
XMG3563-B10A User’s Guide
289
APPENDIX A
Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your vendor. If
you cannot contact your vendor, then contact a Zyxel office for the region in which you bought the
device.
See http://www.zyxel.com/homepage.shtml and also
http://www.zyxel.com/about_zyxel/zyxel_worldwide.shtml for the latest information.
Please have the following information ready when you contact an office.
Required Information
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
Corporate Headquarters (Worldwide)
Taiwan
• Zyxel Communications Corporation
• http://www.zyxel.com
Asia
China
• Zyxel Communications (Shanghai) Corp.
Zyxel Communications (Beijing) Corp.
Zyxel Communications (Tianjin) Corp.
• http://www.zyxel.cn
India
•Zyxel Technology India Pvt Ltd
• http://www.zyxel.in
Kazakhstan
•Zyxel Kazakhstan
• http://www.zyxel.kz
Appendix A Customer Support
XMG3563-B10A User’s Guide
290
Korea
• Zyxel Korea Corp.
• http://www.zyxel.kr
Malaysia
• Zyxel Malaysia Sdn Bhd.
• http://www.zyxel.com.my
Pakistan
• Zyxel Pakistan (Pvt.) Ltd.
• http://www.zyxel.com.pk
Philippines
• Zyxel Philippines
• http://www.zyxel.com.ph
Singapore
• Zyxel Singapore Pte Ltd.
• http://www.zyxel.com.sg
Taiwan
• Zyxel Communications Corporation
• http://www.zyxel.com/tw/zh/
Thailand
• Zyxel Thailand Co., Ltd
• http://www.zyxel.co.th
Vietnam
• Zyxel Communications Corporation-Vietnam Office
• http://www.zyxel.com/vn/vi
Europe
Austria
•Zyxel Deutschland GmbH
• http://www.zyxel.de
Belarus
•Zyxel BY
• http://www.zyxel.by
Appendix A Customer Support
XMG3563-B10A User’s Guide
291
Belgium
• Zyxel Communications B.V.
• http://www.zyxel.com/be/nl/
• http://www.zyxel.com/be/fr/
Bulgaria
•Zyxel България
• http://www.zyxel.com/bg/bg/
Czech Republic
• Zyxel Communications Czech s.r.o
• http://www.zyxel.cz
Denmark
• Zyxel Communications A/S
• http://www.zyxel.dk
Estonia
• Zyxel Estonia
• http://www.zyxel.com/ee/et/
Finland
• Zyxel Communications
• http://www.zyxel.fi
France
•Zyxel France
• http://www.zyxel.fr
Germany
•Zyxel Deutschland GmbH
• http://www.zyxel.de
Hungary
• Zyxel Hungary & SEE
• http://www.zyxel.hu
Italy
• Zyxel Communications Italy
• http://www.zyxel.it/
Appendix A Customer Support
XMG3563-B10A User’s Guide
292
Latvia
•Zyxel Latvia
• http://www.zyxel.com/lv/lv/homepage.shtml
Lithuania
•Zyxel Lithuania
• http://www.zyxel.com/lt/lt/homepage.shtml
Netherlands
• Zyxel Benelux
• http://www.zyxel.nl
Norway
• Zyxel Communications
• http://www.zyxel.no
Poland
• Zyxel Communications Poland
• http://www.zyxel.pl
Romania
• Zyxel Romania
• http://www.zyxel.com/ro/ro
Russia
• Zyxel Russia
• http://www.zyxel.ru
Slovakia
• Zyxel Communications Czech s.r.o. organizacna zlozka
• http://www.zyxel.sk
Spain
• Zyxel Communications ES Ltd
• http://www.zyxel.es
Sweden
• Zyxel Communications
• http://www.zyxel.se
Switzerland
•Studerus AG
Appendix A Customer Support
XMG3563-B10A User’s Guide
293
• http://www.zyxel.ch/
Turkey
• Zyxel Turkey A.S.
• http://www.zyxel.com.tr
UK
• Zyxel Communications UK Ltd.
• http://www.zyxel.co.uk
Ukraine
•Zyxel Ukraine
• http://www.ua.zyxel.com
Latin America
Argentina
• Zyxel Communication Corporation
• http://www.zyxel.com/ec/es/
Brazil
• Zyxel Communications Brasil Ltda.
• https://www.zyxel.com/br/pt/
Ecuador
• Zyxel Communication Corporation
• http://www.zyxel.com/ec/es/
Middle East
Israel
• Zyxel Communication Corporation
• http://il.zyxel.com/homepage.shtml
Middle East
• Zyxel Communication Corporation
• http://www.zyxel.com/me/en/
Appendix A Customer Support
XMG3563-B10A User’s Guide
294
North America
USA
• Zyxel Communications, Inc. - North America Headquarters
• http://www.zyxel.com/us/en/
Oceania
Australia
• Zyxel Communications Corporation
• http://www.zyxel.com/au/en/
Africa
South Africa
• Nology (Pty) Ltd.
• http://www.zyxel.co.za
XMG3563-B10A User’s Guide
295
APPENDIX B
Wireless LANs
Wireless LAN Topologies
This section discusses ad-hoc and infrastructure wireless LAN topologies.
Ad-hoc Wireless LAN Configuration
The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers
with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other,
they can set up an independent network, which is commonly referred to as an ad-hoc network or
Independent Basic Service Set (IBSS). The following diagram shows an example of notebook computers
using wireless adapters to form an ad-hoc wireless LAN.
Figure 180 Peer-to-Peer Communication in an Ad-hoc Network
BSS
A Basic Service Set (BSS) exists when all communications between wireless clients or between a wireless
client and a wired network client go through one access point (AP).
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A
and B can access the wired network and communicate with each other. When Intra-BSS is disabled,
wireless client A and B can still access the wired network but cannot communicate with each other.
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
296
Figure 181 Basic Service Set
ESS
An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point,
with each access point connected together by a wired network. This wired connection between APs is
called a Distribution System (DS).
This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide
communication with the wired network but also mediate wireless network traffic in the immediate
neighborhood.
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless
clients within the same ESS must have the same ESSID in order to communicate.
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
297
Figure 182 Infrastructure WLAN
Channel
A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels
available depend on your geographical area. You may have a choice of channels (for your region) so
you should use a channel different from an adjacent AP (access point) to reduce interference.
Interference occurs when radio signals from different access points overlap causing interference and
degrading performance.
Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should be
on a channel at least five channels away from a channel that an adjacent AP is using. For example, if
your region has 11 channels and an adjacent AP is using channel 1, then you need to select a channel
between 6 or 11.
RTS/CTS
A hidden node occurs when two stations are within range of the same access point, but are not within
range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range
of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear"
each other, that is they do not know if the channel is currently being used. Therefore, they are
considered hidden from each other.
DSL DSL
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
298
Figure 183 RTS/CTS
When station A sends data to the AP, it might not know that the station B is already using the channel. If
these two stations send data at the same time, collisions may occur when both sets of data arrive at the
AP at the same time, resulting in a loss of messages for both stations.
RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest size data
frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked.
When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station that wants
to transmit this frame must first send an RTS (Request To Send) message to the AP for permission to send
it. The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify
them to defer their transmission. It also reserves and confirms with the requesting station the time frame
for the requested transmission.
Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS (Request
To Send)/CTS (Clear to Send) handshake.
You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the "cost"
of resending large frames is more than the extra network overhead involved in the RTS (Request To
Send)/CTS (Clear to Send) handshake.
If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request
To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before
they reach RTS/CTS size.
Note: Enabling the RTS Threshold causes redundant network overhead that could negatively
affect the throughput performance instead of providing a remedy.
Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can
be sent in the wireless network before the AP will fragment the packet into smaller data frames.
A large Fragmentation Threshold is recommended for networks not prone to interference while you
should set a smaller threshold for busy networks or networks that are prone to interference.
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be
fragmented before they reach RTS/CTS size.
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
299
IEEE 802.11g Wireless LAN
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can
interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on
range. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data
rates. The IEEE 802.11g data rate and modulation are as follows:
Wireless Security Overview
Wireless security is vital to your network to protect wireless communication between wireless clients,
access points and the wired network.
Wireless security methods available on the XMG are data encryption, wireless client authentication,
restricting access by device MAC address and hiding the XMG identity.
The following figure shows the relative effectiveness of these wireless security methods available on your
XMG.
Note: You must enable the same wireless security settings on the XMG and on all wireless
clients that you want to associate with it.
IEEE 802.1x
In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support
extended authentication as well as providing additional accounting and control features. It is
supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are:
• User based identification that allows for roaming.
• Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user
profile and accounting management on a network RADIUS server.
Table 141 IEEE 802.11g
DATA RATE (MBPS) MODULATION
1 DBPSK (Differential Binary Phase Shift Keyed)
2 DQPSK (Differential Quadrature Phase Shift Keying)
5.5 / 11 CCK (Complementary Code Keying)
6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)
Table 142 Wireless Security Levels
SECURITY
LEVEL SECURITY TYPE
Least Secure
Most Secure
Unique SSID (Default)
Unique SSID with Hide SSID Enabled
MAC Address Filtering
WEP Encryption
IEEE802.1x EAP with RADIUS Server Authentication
Wi-Fi Protected Access (WPA)
WPA2
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
300
• Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication
methods to be deployed with no changes to the access point or the wireless clients.
RADIUS
RADIUS is based on a client-server model that supports authentication, authorization and accounting.
The access point is the client and the server is the RADIUS server. The RADIUS server handles the following
tasks:
• Authentication
Determines the identity of the users.
•Authorization
Determines the network services available to authenticated users once they are connected to the
network.
• Accounting
Keeps track of the client’s network activity.
RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless
client and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the RADIUS
server for user authentication:
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The access point sends
a proper response from the user and then sends another Access-Request message.
The following types of RADIUS messages are exchanged between the access point and the RADIUS
server for user accounting:
• Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared secret key,
which is a password, they both know. The key is not sent over the network. In addition to the shared key,
password information exchanged is also encrypted to protect the network from unauthorized access.
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
301
Types of EAP Authentication
This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP.
Your wireless LAN device may not support all authentication types.
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x
transport mechanism in order to support multiple types of user authentication. By using EAP to interact
with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server
perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that
supports IEEE 802.1x.
For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the
certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to
authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server sends a
challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the
password with the challenge and sends back the information. Password is not sent in plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to get the
plaintext passwords, the passwords must be stored. Thus someone other than the authentication server
may access the password file. In addition, it is possible to impersonate an authentication server as MD5
authentication method does not perform mutual authentication. Finally, MD5 authentication method
does not support data encryption with dynamic session key. You must configure WEP encryption keys for
data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for mutual
authentication. The server presents a certificate to the client. After validating the identity of the server,
the client sends a different certificate to the server. The exchange of certificates is done in the open
before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital
certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-
TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management
overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side
authentications to establish a secure connection. Client authentication is then done by sending
username and password through the secure connection, thus client identity is protected. For client
authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP,
MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use
simple username and password methods through the secured connection to authenticate the clients,
thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
302
and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by
Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless
connection times out, disconnects or reauthentication times out. A new WEP key is generated each
time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security
configuration screen. You may still configure and store keys, but they will not be used while dynamic
WEP is enabled.
Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for
data encryption. They are often deployed in corporate environments, but for public deployment, a
simple user name and password pair is more practical. The following table is a comparison of the
features of authentication types.
WPA and WPA2
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless
security standard that defines stronger encryption, authentication and key management than WPA.
Key differences between WPA or WPA2 and WEP are improved data encryption and user
authentication.
If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2
for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2-PSK
(WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point,
wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted
access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether
you have an external RADIUS server or not.
Table 143 Comparison of EAP Authentication Types
EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP
Mutual Authentication No Yes Yes Yes Yes
Certificate – Client No Yes Optional Optional No
Certificate – Server No Yes Yes Yes No
Dynamic Key Exchange No Yes Yes Yes Yes
Credential Integrity None Strong Strong Strong Moderate
Deployment Difficulty Easy Hard Moderate Moderate Moderate
Client Identity Protection No No Yes Yes No
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
303
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure
than WPA or WPA2.
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check
(MIC) and IEEE 802.1x. WPA2 also uses TKIP when required for compatibility reasons, but offers stronger
encryption than TKIP with Advanced Encryption Standard (AES) in the Counter mode with Cipher block
chaining Message authentication code Protocol (CCMP).
TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. AES
(Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm called
Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named
Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is
never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy
and management system, using the PMK to dynamically generate unique data encryption keys to
encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This
all happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets,
altering them and resending them. The MIC provides a strong mathematical function in which the
receiver and the transmitter each compute and then compare the MIC. If they do not match, it is
assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi network than
WEP and difficult for an intruder to break into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference
between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-
guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric
password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all
wireless devices sharing the same encryption keys. (a weakness of WEP)
User Authentication
WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless
clients using an external RADIUS database. WPA2 reduces the number of key exchange messages from
six to four (CCMP 4-way handshake) and shortens the time required to connect to a network. Other
WPA2 authentication features that are different from WPA include key caching and pre-authentication.
These two features are optional and may not be supported in all wireless devices.
Key caching allows a wireless client to store the PMK it derived through a successful authentication with
an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go
with the authentication process again.
Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to
perform IEEE 802.1x authentication with another AP before connecting to it.
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
304
Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the wireless client
how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for
Windows XP, Funk Software's Odyssey client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero
Configuration" wireless client. However, you must run Windows XP to use it.
WPA(2) with RADIUS Application Example
To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the
RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A"
is the RADIUS server. "DS" is the distribution system.
1The AP passes the wireless client's authentication request to the RADIUS server.
2The RADIUS server then checks the user's identification against its database and grants or denies
network access accordingly.
3A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and
the client.
4The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and management
system, using the PMK to dynamically generate unique data encryption keys. The keys are used to
encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.
Figure 184 WPA(2) with RADIUS Application Example
WPA(2)-PSK Application Example
A WPA(2)-PSK application looks as follows.
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
305
1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist
of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols).
2The AP checks each wireless client's password and allows it to join the network only if the password
matches.
3The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over
the network, but is derived from the PSK and the SSID.
4The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged
in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged
between them.
Figure 185 WPA(2)-PSK Authentication
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each authentication
method or key management protocol type. MAC address filters are not dependent on how you
configure these security features.
Table 144 Wireless Security Relational Matrix
AUTHENTICATION METHOD/
KEY MANAGEMENT
PROTOCOL ENCRYPTION
METHOD ENTER MANUAL
KEY IEEE 802.1X
Open None No Disable
Enable without Dynamic WEP Key
Open WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable
Shared WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable
WPA TKIP/AES No Enable
WPA-PSK TKIP/AES Yes Disable
WPA2 TKIP/AES No Enable
WPA2-PSK TKIP/AES Yes Disable
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
306
Antenna Overview
An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the
antenna, which propagates the signal through the air. The antenna also operates in reverse by
capturing RF signals from the air.
Positioning the antennas properly increases the range and coverage area of a wireless LAN.
Antenna Characteristics
Frequency
An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.11a) is needed
to communicate efficiently in a wireless LAN
Radiation Pattern
A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area.
Antenna Gain
Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width. Higher
antenna gain improves the range of the signal for better communications.
For an indoor site, each 1 dB increase in antenna gain results in a range increase of approximately 2.5%.
For an unobstructed outdoor site, each 1dB increase in gain results in a range increase of approximately
5%. Actual results may vary depending on the network environment.
Antenna gain is sometimes specified in dBi, which is how much the antenna increases the signal power
compared to using an isotropic antenna. An isotropic antenna is a theoretical perfect antenna that
sends out radio signals equally well in all directions. dBi represents the true gain that the antenna
provides.
Types of Antennas for WLAN
There are two types of antennas used for wireless LAN applications.
• Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage
area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a
wide coverage area, it is possible to make circular overlapping coverage areas with multiple access
points.
• Directional antennas concentrate the RF signal in a beam, like a flashlight does with the light from its
bulb. The angle of the beam determines the width of the coverage pattern. Angles typically range
from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for
hallways and outdoor point-to-point applications.
Positioning Antennas
In general, antennas should be mounted as high as practically possible and free of obstructions. In
point-to–point application, position both antennas at the same height and in a direct line of sight to
each other to attain the best performance.
Appendix B Wireless LANs
XMG3563-B10A User’s Guide
307
For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For omni-
directional antennas mounted on a wall or ceiling, point the antenna down. For a single AP application,
place omni-directional antennas as close to the center of the coverage area as possible.
For directional antennas, point the antenna in the direction of the desired coverage area.
XMG3563-B10A User’s Guide
308
APPENDIX C
Services
The following table lists some commonly-used services and their associated protocols and port numbers.
•Name: This is a short, descriptive name for the service. You can use this one or create a different one,
if you like.
•Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the
same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not
the port number.
•Port(s): This value depends on the Protocol.
•If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.
•If the Protocol is USER, this is the IP protocol number.
•Description: This is a brief explanation of the applications that use this service or the situations in which
this service is used.
Appendix C Services
XMG3563-B10A User’s Guide
309
Table 145 Examples of Services
NAME PROTOCOL PORT(S) DESCRIPTION
AH (IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication Header) tunneling
protocol uses this service.
AIM TCP 5190 AOL’s Internet Messenger service.
AUTH TCP 113 Authentication protocol used by some servers.
BGP TCP 179 Border Gateway Protocol.
BOOTP_CLIENT UDP 68 DHCP Client.
BOOTP_SERVER UDP 67 DHCP Server.
CU-SEEME TCP/UDP
TCP/UDP
7648
24032
A popular videoconferencing solution from White
Pines Software.
DNS TCP/UDP 53 Domain Name Server, a service that matches web
names (for instance www.zyxel.com) to IP numbers.
ESP (IPSEC_TUNNEL) User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol)
tunneling protocol uses this service.
FINGER TCP 79 Finger is a UNIX or Internet related command that can
be used to find out if a user is logged on.
FTP TCP
TCP
20
21
File Transfer Protocol, a program to enable fast
transfer of files, including large files that may not be
possible by e-mail.
H.323 TCP 1720 NetMeeting uses this protocol.
HTTP TCP 80 Hyper Text Transfer Protocol - a client/server protocol
for the world wide web.
HTTPS TCP 443 HTTPS is a secured http session often used in e-
commerce.
ICMP User-Defined 1Internet Control Message Protocol is often used for
diagnostic purposes.
ICQ UDP 4000 This is a popular Internet chat program.
IGMP (MULTICAST) User-Defined 2Internet Group Multicast Protocol is used when
sending packets to a specific group of hosts.
IKE UDP 500 The Internet Key Exchange algorithm is used for key
distribution and management.
IMAP4 TCP 143 The Internet Message Access Protocol is used for e-
mail.
IMAP4S TCP 993 This is a more secure version of IMAP4 that runs over
SSL.
IRC TCP/UDP 6667 This is another popular Internet chat program.
MSN Messenger TCP 1863 Microsoft Networks’ messenger service uses this
protocol.
NetBIOS TCP/UDP
TCP/UDP
TCP/UDP
TCP/UDP
137
138
139
445
The Network Basic Input/Output System is used for
communication between computers in a LAN.
NEW-ICQ TCP 5190 An Internet chat program.
NEWS TCP 144 A protocol for news groups.
Appendix C Services
XMG3563-B10A User’s Guide
310
NFS UDP 2049 Network File System - NFS is a client/server distributed
file service that provides transparent file sharing for
network environments.
NNTP TCP 119 Network News Transport Protocol is the delivery
mechanism for the USENET newsgroup service.
PING User-Defined 1Packet INternet Groper is a protocol that sends out
ICMP echo requests to test whether or not a remote
host is reachable.
POP3 TCP 110 Post Office Protocol version 3 lets a client computer
get e-mail from a POP3 server through a temporary
connection (TCP/IP or other).
POP3S TCP 995 This is a more secure version of POP3 that runs over
SSL.
PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure
transfer of data over public networks. This is the
control channel.
PPTP_TUNNEL (GRE) User-Defined 47 PPTP (Point-to-Point Tunneling Protocol) enables
secure transfer of data over public networks. This is the
data channel.
RCMD TCP 512 Remote Command Service.
REAL_AUDIO TCP 7070 A streaming audio service that enables real time
sound over the web.
REXEC TCP 514 Remote Execution Daemon.
RLOGIN TCP 513 Remote Login.
ROADRUNNER TCP/UDP 1026 This is an ISP that provides services mainly for cable
modems.
RTELNET TCP 107 Remote Telnet.
RTSP TCP/UDP 554 The Real Time Streaming (media control) Protocol
(RTSP) is a remote control for multimedia on the
Internet.
SFTP TCP 115 The Simple File Transfer Protocol is an old way of
transferring files between computers.
SMTP TCP 25 Simple Mail Transfer Protocol is the message-
exchange standard for the Internet. SMTP enables
you to move messages from one e-mail server to
another.
SMTPS TCP 465 This is a more secure version of SMTP that runs over SSL.
SNMP TCP/UDP 161 Simple Network Management Program.
SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).
SQL-NET TCP 1521 Structured Query Language is an interface to access
data on many different types of database systems,
including mainframes, midrange systems, UNIX
systems and network servers.
SSDP UDP 1900 The Simple Service Discovery Protocol supports
Universal Plug-and-Play (UPnP).
SSH TCP/UDP 22 Secure Shell Remote Login Program.
STRM WORKS UDP 1558 Stream Works Protocol.
SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server.
Table 145 Examples of Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
Appendix C Services
XMG3563-B10A User’s Guide
311
TACACS UDP 49 Login Host Protocol used for (Terminal Access
Controller Access Control System).
TELNET TCP 23 Telnet is the login and terminal emulation protocol
common on the Internet and in UNIX environments. It
operates over TCP/IP networks. Its primary function is
to allow users to log into remote host systems.
VDOLIVE TCP
UDP
7000
user-
defined
A videoconferencing solution. The UDP port number is
specified in the application.
Table 145 Examples of Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
XMG3563-B10A User’s Guide
312
APPENDIX D
Legal Information
Copyright
Copyright © 2017 by Zyxel Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any
language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of Zyxel Communications Corporation.
Published by Zyxel Communications Corporation. All rights reserved.
Disclaimer
Zyxel does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any
license under its patent rights nor the patent rights of others. Zyxel further reserves the right to make changes in any products described herein
without notice. This publication is subject to change without notice.
Regulatory Notice and Statement
UNITED STATES of AMERICA
The following information applies if you use the product within USA area.
FCC EMC Statement
• The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
(1) This device may not cause harmful interference, and
(2) This device must accept any interference received, including interference that may cause undesired operation.
• Changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the
device.
• This product has been tested and complies with the specifications for a Class B digital device, pursuant to Part 15 of the FCC Rules. These
limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and
can radiate radio frequency energy and, if not installed and used according to the instructions, may cause harmful interference to radio
communications. However, there is no guarantee that interference will not occur in a particular installation.
• If this device does cause harmful interference to radio or television reception, which is found by turning the device off and on, the user is
encouraged to try to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving antenna
• Increase the separation between the devices
• Connect the equipment to an outlet other than the receiver’s
• Consult a dealer or an experienced radio/TV technician for assistance
• Operation of this device is restricted to indoor use only
The following information applies if you use the product with RF function within USA area.
FCC Radiation Exposure Statement
• This device complies with FCC RF radiation exposure limits set forth for an uncontrolled environment.
• This transmitter must be at least 20 cm from the user and must not be co-located or operating in conjunction with any other antenna or
transmitter.
FCC Part 68 Statement
a) This equipment complies with Part 68 of the FCC rules and the requirements adopted by the ACTA. On the back of this equipment is a label
that contains, among other information, a product identifier in the format US: 1RODL01AXMG3512. If requested, this number must be provided to
the telephone company.
b) List all applicable certification jack Universal Service Order Codes (“USOC”) for the equipment. USOC JACK: RJ14C(Depend on EUT interface)
c) A plug and jack used to connect this equipment to the premises wiring and telephone network must comply with the applicable FCC Part 68
rules and requirements adopted by the ACTA. A compliant telephone cord and modular plug is provided with this product. It is designed to be
connected to a compatible modular jack that is also compliant. See installation instructions for details.
d) The REN is used to determine the number of devices that may be connected to a telephone line. Excessive RENs on a telephone line may
result in the devices not ringing in response to an incoming call. In most but not all areas, the sum of RENs should not exceed five (5.0). To be
Appendix D Legal Information
XMG3563-B10A User’s Guide
313
certain of the number of devices that may be connected to a line, as determined by the total RENs, contact the local telephone company. For
products approved after July 23, 2001, the REN for this product is part of the product identifier that has the format US:AAAEQ##TXXXX. The digits
represented by ## are the REN without a decimal point (e.g., 03 is a REN of 0.3). For earlier products, the REN is separately shown on the label.
e) If this equipment US: 1RODL01AXMG3512(part 68 ID) causes harm to the telephone network, the telephone company will notify you in
advance that temporary discontinuance of service may be required. But if advance notice isn't practical, the telephone company will notify
the customer as soon as possible. Also, you will be advised of your right to file a complaint with the FCC if you believe it is necessary.
f) The telephone company may make changes in its facilities, equipment, operations or procedures that could affect the operation of the
equipment. If this happens the telephone company will provide advance notice in order for you to make necessary modifications to maintain
uninterrupted service.
g) If trouble is experienced with this equipment US: 1RODL01AXMG3512, for repair or warranty information, please contact Zyxel Communication
Inc.; 1130 N Miller street Anaheim, CA 92806-2001, USA ;TEL: 002 +1 714-6320882. If the equipment is causing harm to the telephone network, the
telephone company may request that you disconnect the equipment until the problem is resolved.
h) Connection to party line service is subject to state tariffs. Contact the state public utility commission, public service commission or corporation
commission for information.
i) If your home has specially wired alarm equipment connected to the telephone line, ensure the installation of this US: 1RODL01AXMG3512 does
not disable your alarm equipment. If you have questions about what will disable alarm equipment, consult your telephone company or a
qualified installer.
CANADA
The following information applies if you use the product within Canada area.
Industry Canada ICES Statement
CAN ICES-3 (B)/NMB-3(B)
Industry Canada CS-03 Statement
• This product meets the applicable Innovation, Science and Economic Development Canada technical specifications.
• The Ringer Equivalence Number (REN) indicates the maximum number of devices allowed to be connected to a telephone interface. The
termination of an interface may consist of any combination of devices subject only to the requirement that the sum of the RENs of all the
devices not exceed five.
Déclaration de conformité
• Le présent produit est conforme aux spécifications techniques applicables d'Innovation, Sciences et Développement économique Canada.
• L'indice d'équivalence de la sonnerie (IES) sert à indiquer le nombre maximal de dispositifs qui peuvent être raccordés à une interface
téléphonique. La terminaison d'une interface peut consister en une combinaison quelconque de dispositifs, à la seule condition que la
somme des IES de tous les dispositifs n'excède pas cinq.
Industry Canada RSS-GEN & RSS-247 statement
• This device complies with Industry Canada license-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this
device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired
operation of the device.
• This radio transmitter has been approved by Industry Canada to operate with the antenna types listed below with the maximum permissible
gain and required antenna impedance for each antenna type indicated. Antenna types not included in this list, having a gain greater than
the maximum gain indicated for that type, are strictly prohibited for use with this device.
Antenna Information
If the product with 5G wireless function operating in 5150-5250 MHz and 5725-5850 MHz, the following attention must be paid,
• The device for operation in the band 5150-5250 MHz is only for indoor use to reduce the potential for harmful interference to co-channel
mobile satellite systems.
• For devices with detachable antenna(s), the maximum antenna gain permitted for devices in the band 5725-5850 MHz shall be such that the
equipment still complies with the e.i.r.p. limits specified for point-to-point and non-point-to-point operation as appropriate; and
• The worst-case tilt angle(s) necessary to remain compliant with the e.i.r.p. elevation mask requirement set forth in Section 6.2.2(3) of RSS 247
shall be clearly indicated.
If the product with 5G wireless function operating in 5250-5350 MHz and 5470-5725 MHz , the following attention must be paid.
• For devices with detachable antenna(s), the maximum antenna gain permitted for devices in the bands 5250-5350 MHz and 5470-5725 MHz
shall be such that the equipment still complies with the e.i.r.p. limit.
• Le présent appareil est conforme aux CNR d’Industrie Canada applicables aux appareils radio exempts de licence. L’exploitation est
autorisée aux deux conditions suivantes : (1) l’appareil ne doit pas produire de brouillage, et (2) l’utilisateur de l’appareil doit accepter tout
brouillage radioélectrique subi, même si le brouillage est susceptible d’en compromettre le fonctionnement.
• Le présent émetteur radio de modèle s'il fait partie du matériel de catégorieI) a été approuvé par Industrie Canada pour fonctionner avec
les types d'antenne énumérés ci-dessous et ayant un gain admissible maximal et l'impédance requise pour chaque type d'antenne. Les
types d'antenne non inclus dans cette liste, ou dont le gain est supérieur au gain maximal indiqué, sont strictement interdits pour l'exploitation
de l'émetteur.
TYPE MANUFACTURER GAIN CONNECTOR
Dipole ACON -0.54 Ipex
Appendix D Legal Information
XMG3563-B10A User’s Guide
314
Informations Antenne
Lorsque la fonction sans fil 5G fonctionnant en 5150-5250 MHz and 5725-5850 MHz est activée pour ce produit , il est nécessaire de porter une
attention particulière aux choses suivantes
• Les dispositifs fonctionnant dans la bande 5150-5250 MHz sont réservés uniquement pour une utilisation à l’intérieur afin de réduire les risques
de brouillage préjudiciable aux systèmes de satellites mobiles utilisant les mêmes canaux;
• Pour les dispositifs munis d’antennes amovibles, le gain maximal d'antenne permis (pour les dispositifs utilisant la bande de 5 725 à 5 850 MHz)
doit être conforme à la limite de la p.i.r.e. spécifiée pour l'exploitation point à point et l’exploitation non point à point, selon le cas;
• Les pires angles d’inclinaison nécessaires pour rester conforme à l’exigence de la p.i.r.e. applicable au masque d’élévation, et énoncée à la
section 6.2.2 3) du CNR-247, doivent être clairement indiqués.
Lorsque la fonction sans fil 5G fonctionnant en 5250-5350 MHz et 5470-5725 MHz est activée pour ce produit , il est nécessaire de porter une
attention particulière aux choses suivantes.
• Pour les dispositifs munis d’antennes amovibles, le gain maximal d'antenne permis pour les dispositifs utilisant les bandes de 5 250 à 5 350 MHz
et de 5 470 à 5 725 MHz doit être conforme à la limite de la p.i.r.e.
Industry Canada radiation exposure statement
This device complies with IC radiation exposure limits set forth for an uncontrolled environment. This device should be installed and operated
with a minimum distance of 20 cm between the radiator and your body.
Déclaration d’exposition aux radiations:
Cet équipement est conforme aux limites d’exposition aux rayonnements IC établies pour un environnement non contrôlé. Cet équipement doit
être installé et utilisé avec un minimum de 20 cm de distance entre la source de rayonnement et votre corps.
EUROPEAN UNION
The following information applies if you use the product within the European Union.
Declaration of Conformity with Regard to EU Directive 2014/53/EU (Radio Equipment Directive, RED)
• Compliance information for 2.4GHz and/or 5GHz wireless products relevant to the EU and other Countries following the EU Directive 2014/53/
EU (RED). And this product may be used in all EU countries (and other countries following the EU Directive 2014/53/EU) without any limitation
except for the countries mentioned below table:
• In the majority of the EU and other European countries, the 5GHz bands have been made available for the use of wireless local area
networks (LANs). Later in this document you will find an overview of countries in which additional restrictions or requirements or both are
applicable. The requirements for any country may evolve. Zyxel recommends that you check with the local authorities for the latest status of
their national regulations for the 5GHz wireless LANs.
• If this device for operation in the band 5150-5350 MHz, it is for indoor use only.
• This equipment should be installed and operated with a minimum distance of 20cm between the radio equipment and your body.
•
TYPE FABRICANT GAIN CONNECTEUR
Dipole ACON -0.54 Ipex
Български
(Bulgarian)
С настоящото Zyxel декларира, че това оборудване е в съответствие със съществените изисквания и другите
приложими разпоредбите на Директива 2014/53/ЕC.
National Restrictions
• The Belgian Institute for Postal Services and Telecommunications (BIPT) must be notified of any outdoor wireless link
having a range exceeding 300 meters. Please check http://www.bipt.be for more details.
• Draadloze verbindingen voor buitengebruik en met een reikwijdte van meer dan 300 meter dienen aangemeld te
worden bij het Belgisch Instituut voor postdiensten en telecommunicatie (BIPT). Zie http://www.bipt.be voor meer
gegevens.
• Les liaisons sans fil pour une utilisation en extérieur d’une distance supérieure à 300 mètres doivent être notifiées à
l’Institut Belge des services Postaux et des Télécommunications (IBPT). Visitez http://www.ibpt.be pour de plus amples
détails.
Español
(Spanish)
Por medio de la presente Zyxel declara que el equipo cumple con los requisitos esenciales y cualesquiera otras
disposiciones aplicables o exigibles de la Directiva 2014/53/UE..
Čeština
(Czech)
Zyxel tímto prohlašuje, že tento zařízení je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice
2014/53/EU.
Appendix D Legal Information
XMG3563-B10A User’s Guide
315
Notes:
1. Although Norway, Switzerland and Liechtenstein are not EU member states, the EU Directive 2014/53/EU has also been implemented in those
countries.
Dansk (Danish) Undertegnede Zyxel erklærer herved, at følgende udstyr udstyr overholder de væsentlige krav og øvrige relevante krav i
direktiv 2014/53/EU.
National Restrictions
• In Denmark, the band 5150 - 5350 MHz is also allowed for outdoor usage.
• I Danmark må frekvensbåndet 5150 - 5350 også anvendes udendørs.
Deutsch
(German)
Hiermit erklärt Zyxel, dass sich das Gerät Ausstattung in Übereinstimmung mit den grundlegenden Anforderungen und den
übrigen einschlägigen Bestimmungen der Richtlinie 2014/53/EU befindet.
Eesti keel
(Estonian)
Käesolevaga kinnitab Zyxel seadme seadmed vastavust direktiivi 2014/53/EL põhinõuetele ja nimetatud direktiivist
tulenevatele teistele asjakohastele sätetele.
Ελληνικά
(Greek)
ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ Zyxel ∆ΗΛΩΝΕΙ ΟΤΙ εξοπλισμός ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩ∆ΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ
∆ΙΑΤΑΞΕΙΣ ΤΗΣ Ο∆ΗΓΙΑΣ 2014/53/EE.
English Hereby, Zyxel declares that this device is in compliance with the essential requirements and other relevant provisions of
Directive 2014/53/EU.
Français
(French)
Par la présente Zyxel déclare que l'appareil équipements est conforme aux exigences essentielles et aux autres dispositions
pertinentes de la directive 2014/53/UE.
Hrvatski
(Croatian)
Zyxel ovime izjavljuje da je radijska oprema tipa u skladu s Direktivom 2014/53/UE.
Íslenska
(Icelandic)
Hér með lýsir, Zyxel því yfir að þessi búnaður er í samræmi við grunnkröfur og önnur viðeigandi ákvæði tilskipunar 2014/53/
UE.
Italiano (Italian) Con la presente Zyxel dichiara che questo attrezzatura è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti
stabilite dalla direttiva 2014/53/UE.
National Restrictions
• This product meets the National Radio Interface and the requirements specified in the National Frequency Allocation
Table for Italy. Unless this wireless LAN product is operating within the boundaries of the owner's property, its use requires
a “general authorization.” Please check http://www.sviluppoeconomico.gov.it/ for more details.
• Questo prodotto è conforme alla specifiche di Interfaccia Radio Nazionali e rispetta il Piano Nazionale di ripartizione
delle frequenze in Italia. Se non viene installato all 'interno del proprio fondo, l'utilizzo di prodotti Wireless LAN richiede
una “Autorizzazione Generale”. Consultare http://www.sviluppoeconomico.gov.it/ per maggiori dettagli.
Latviešu valoda
(Latvian)
Ar šo Zyxel deklarē, ka iekārtas atbilst Direktīvas 2014/53/ES būtiskajām prasībām un citiem ar to saistītajiem noteikumiem.
National Restrictions
• The outdoor usage of the 2.4 GHz band requires an authorization from the Electronic Communications Office. Please
check http://www.esd.lv for more details.
• 2.4 GHz frekvenèu joslas izmantoðanai ârpus telpâm nepiecieðama atïauja no Elektronisko sakaru direkcijas. Vairâk
informâcijas: http://www.esd.lv.
Lietuvių kalba
(Lithuanian)
Šiuo Zyxel deklaruoja, kad šis įranga atitinka esminius reikalavimus ir kitas 2014/53/ES Direktyvos nuostatas.
Magyar
(Hungarian)
Alulírott, Zyxel nyilatkozom, hogy a berendezés megfelel a vonatkozó alapvetõ követelményeknek és az 2014/53/EU
irányelv egyéb elõírásainak.
Malti (Maltese) Hawnhekk, Zyxel, jiddikjara li dan tagħmir jikkonforma mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm
fid-Dirrettiva 2014/53/UE.
Nederlands
(Dutch)
Hierbij verklaart Zyxel dat het toestel uitrusting in overeenstemming is met de essentiële eisen en de andere relevante
bepalingen van richtlijn 2014/53/EU.
Polski (Polish) Niniejszym Zyxel oświadcza, że sprzęt jest zgodny z zasadniczymi wymogami oraz pozostałymi stosownymi postanowieniami
Dyrektywy 2014/53/UE.
Português
(Portuguese)
Zyxel declara que este equipamento está conforme com os requisitos essenciais e outras disposições da Directiva 2014/53/
UE.
Română
(Romanian)
Prin prezenta, Zyxel declară că acest echipament este în conformitate cu cerinţele esenţiale şi alte prevederi relevante ale
Directivei 2014/53/UE.
Slovenčina
(Slovak)
Zyxel týmto vyhlasuje, že zariadenia spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 2014/53/EÚ.
Slovenščina
(Slovene)
Zyxel izjavlja, da je ta oprema v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 2014/53/EU.
Suomi (Finnish) Zyxel vakuuttaa täten että laitteet tyyppinen laite on direktiivin 2014/53/EU oleellisten vaatimusten ja sitä koskevien
direktiivin muiden ehtojen mukainen.
Svenska
(Swedish)
Härmed intygar Zyxel att denna utrustning står I överensstämmelse med de väsentliga egenskapskrav och övriga relevanta
bestämmelser som framgår av direktiv 2014/53/EU.
Norsk
(Norwegian)
Erklærer herved Zyxel at dette utstyret er I samsvar med de grunnleggende kravene og andre relevante bestemmelser I
direktiv 2014/53/EU.
Appendix D Legal Information
XMG3563-B10A User’s Guide
316
2. The regulatory limits for maximum output power are specified in EIRP. The EIRP level (in dBm) of a device can be calculated by adding the
gain of the antenna used (specified in dBi) to the output power available at the connector (specified in dBm).
List of national codes
Safety Warnings
• Do not use this product near water, for example, in a wet basement or near a swimming pool.
• Do not expose your device to dampness, dust or corrosive liquids.
• Do not store things on the device.
• Do not obstruct the device ventilation slots as insufficient airflow may harm your device. For example, do not place the device in an
enclosed space such as a box or on a very soft surface such as a bed or sofa.
• Do not install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
• Connect ONLY suitable accessories to the device.
• Do not open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks.
• Only qualified service personnel should service or disassemble this device. Please contact your vendor for further information.
• Make sure to connect the cables to the correct ports.
• Place connecting cables carefully so that no one will step on them or stumble over them.
• Always disconnect all cables from this device before servicing or disassembling.
• Do not remove the plug and connect it to a power outlet by itself; always attach the plug to the power adaptor first before connecting it to
a power outlet.
• Do not allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor
or cord.
• Please use the provided or designated connection cables/power cables/ adaptors. Connect it to the right supply voltage (for example,
110V AC in North America or 230V AC in Europe). If the power adaptor or cord is damaged, it might cause electrocution. Remove it from the
device and the power source, repairing the power adapter or cord is prohibited. Contact your local vendor to order a new one.
• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.
• CAUTION: Risk of explosion if battery is replaced by an incorrect type, dispose of used batteries according to the instruction. Dispose them at
the applicable collection point for the recycling of electrical and electronic devices. For detailed information about recycling of this
product, please contact your local city office, your household waste disposal service or the store where you purchased the product.
• The following warning statements apply, where the disconnect device is not incorporated in the device or where the plug on the power
supply cord is intended to serve as the disconnect device,
- For permanently connected devices, a readily accessible disconnect device shall be incorporated external to the device;
- For pluggable devices, the socket-outlet shall be installed near the device and shall be easily accessible.
Environment Statement
ErP (Energy-related Products)
Zyxel products put on the EU market in compliance with the requirement of the European Parliament and the Council published Directive 2009/
125/EC establishing a framework for the setting of ecodesign requirements for energy-related products (recast), so called as "ErP Directive
(Energy-related Products directive) as well as ecodesign requirement laid down in applicable implementing measures, power consumption has
satisfied regulation requirements which are:
• Network standby power consumption < 8W, and/or
• Off mode power consumption < 0.5W, and/or
• Standby mode power consumption < 0.5W.
(Wireless setting, please refer to "Wireless" chapter for more detail.)
COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE
Austria AT Liechtenstein LI
Belgium BE Lithuania LT
Bulgaria BG Luxembourg LU
Croatia HR Malta MT
Cyprus CY Netherlands NL
Czech Republic CZ Norway NO
Denmark DK Poland PL
Estonia EE Portugal PT
Finland FI Romania RO
France FR Serbia RS
Germany DE Slovakia SK
Greece GR Slovenia SI
Hungary HU Spain ES
Iceland IS Switzerland CH
Ireland IE Sweden SE
Italy IT Turkey TR
Latvia LV United Kingdom GB
Appendix D Legal Information
XMG3563-B10A User’s Guide
317
European Union - Disposal and Recycling Information
The symbol below means that according to local regulations your product and/or its battery shall be disposed of separately from domestic
waste. If this product is end of life, take it to a recycling station designated by local authorities. At the time of disposal, the separate collection of
your product and/or its battery will help save natural resources and ensure that the environment is sustainable development.
Die folgende Symbol bedeutet, dass Ihr Produkt und/oder seine Batterie gemäß den örtlichen Bestimmungen getrennt vom Hausmüll entsorgt
werden muss. Wenden Sie sich an eine Recyclingstation, wenn dieses Produkt das Ende seiner Lebensdauer erreicht hat. Zum Zeitpunkt der
Entsorgung wird die getrennte Sammlung von Produkt und/oder seiner Batterie dazu beitragen, natürliche Ressourcen zu sparen und die Umwelt
und die menschliche Gesundheit zu schützen.
El símbolo de abajo indica que según las regulaciones locales, su producto y/o su batería deberán depositarse como basura separada de la
doméstica. Cuando este producto alcance el final de su vida útil, llévelo a un punto limpio. Cuando llegue el momento de desechar el
producto, la recogida por separado éste y/o su batería ayudará a salvar los recursos naturales y a proteger la salud humana y
medioambiental.
Le symbole ci-dessous signifie que selon les réglementations locales votre produit et/ou sa batterie doivent être éliminés séparément des ordures
ménagères. Lorsque ce produit atteint sa fin de vie, amenez-le à un centre de recyclage. Au moment de la mise au rebut, la collecte séparée
de votre produit et/ou de sa batterie aidera à économiser les ressources naturelles et protéger l'environnement et la santé humaine.
Il simbolo sotto significa che secondo i regolamenti locali il vostro prodotto e/o batteria deve essere smaltito separatamente dai rifiuti domestici.
Quando questo prodotto raggiunge la fine della vita di servizio portarlo a una stazione di riciclaggio. Al momento dello smaltimento, la raccolta
separata del vostro prodotto e/o della sua batteria aiuta a risparmiare risorse naturali e a proteggere l'ambiente e la salute umana.
Symbolen innebär att enligt lokal lagstiftning ska produkten och/eller dess batteri kastas separat från hushållsavfallet. När den här produkten når
slutet av sin livslängd ska du ta den till en återvinningsstation. Vid tiden för kasseringen bidrar du till en bättre miljö och mänsklig hälsa genom att
göra dig av med den på ett återvinningsställe.
台灣
以下訊息僅適用於產品具有無線功能且銷售至台灣地區
• 第十二條 經型式認證合格之低功率射頻電機,非經許可,公司,商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。
• 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。
前項合法通信,指依電信法規定作業之無線電通信。 低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
•
• 無線資訊傳輸設備忍受合法通信之干擾且不得干擾合法通信;如造成干擾,應立即停用, 俟無干擾之虞,始得繼續使用。
• 無線資訊傳設備的製造廠商應確保頻率穩定性,如依製造廠商使用手冊上所述正常操作, 發射的信號應維持於操作頻帶中
以下訊息僅適用於產品操作於 5.25-5.35 秭赫頻帶內並銷售至台灣地區
• 在 5.25-5.35 秭赫頻帶內操作之無線資訊傳輸設備,限於室內使用。
以下訊息僅適用於產品屬於專業安裝並銷售至台灣地區
• 本器材須經專業工程人員安裝及設定,始得設置使用,且不得直接販售給一般消費者。
安全警告 - 為了您的安全,請先閱讀以下警告及指示 :
• 請勿將此產品接近水、火焰或放置在高溫的環境。
• 避免設備接觸 :
- 任何液體 - 切勿讓設備接觸水、雨水、高濕度、污水腐蝕性的液體或其他水份。
- 灰塵及污物 - 切勿接觸灰塵、污物、沙土、食物或其他不合適的材料。
• 雷雨天氣時,不要安裝,使用或維修此設備。有遭受電擊的風險。
• 切勿重摔或撞擊設備,並勿使用不正確的電源變壓器。
• 若接上不正確的電源變壓器會有爆炸的風險。
Appendix D Legal Information
XMG3563-B10A User’s Guide
318
• 請勿隨意更換產品內的電池。
• 如果更換不正確之電池型式,會有爆炸的風險,請依製造商說明書處理使用過之電池。
• 請將廢電池丟棄在適當的電器或電子設備回收處。
• 請勿將設備解體。
• 請勿阻礙設備的散熱孔,空氣對流不足將會造成設備損害。
• 請插在正確的電壓供給插座 ( 如 : 北美 / 台灣電壓 110V AC,歐洲是 230V AC)。
• 假若電源變壓器或電源變壓器的纜線損壞,請從插座拔除,若您還繼續插電使用,會有觸電死亡的風險。
• 請勿試圖修理電源變壓器或電源變壓器的纜線,若有毀損,請直接聯絡您購買的店家,購買一個新的電源變壓器。
• 請勿將此設備安裝於室外,此設備僅適合放置於室內。
• 請勿隨一般垃圾丟棄。
• 請參閱產品背貼上的設備額定功率。
• 請參考產品型錄或是彩盒上的作業溫度。
• 產品沒有斷電裝置或者採用電源線的插頭視為斷電裝置的一部分,以下警語將適用 :
- 對永久連接之設備, 在設備外部須安裝可觸及之斷電裝置;
- 對插接式之設備, 插座必須接近安裝之地點而且是易於觸及的。
About the Symbols
Various symbols are used in this product to ensure correct usage, to prevent danger to the user and others, and to prevent property damage.
The meaning of these symbols are described below. It is important that you read these descriptions thoroughly and fully understand the
contents.
Explanation of the Symbols
Viewing Certifications
Go to http://www.zyxel.com to view this product’s documentation and certifications.
Zyxel Limited Warranty
Zyxel warrants to the original end user (purchaser) that this product is free from any defects in material or workmanship for a specific period (the
Warranty Period) from the date of purchase. The Warranty Period varies by region. Check with your vendor and/or the authorized Zyxel local
distributor for details about the Warranty Period of this product. During the warranty period, and upon proof of purchase, should the product
have indications of failure due to faulty workmanship and/or materials, Zyxel will, at its discretion, repair or replace the defective products or
components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to
proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value,
and will be solely at the discretion of Zyxel. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by
an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties,
express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. Zyxel shall in no event be held
liable for indirect or consequential damages of any kind to the purchaser.
To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the
device at http://www.zyxel.com/web/support_warranty_info.php.
Registration
Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at
www.us.zyxel.com for North American products.
SYMBOL EXPLANATION
Alternating current (AC):
AC is an electric current in which the flow of electric charge periodically reverses direction.
Direct current (DC):
DC if the unidirectional flow or movement of electric charge carriers.
Earth; ground:
A wiring terminal intended for connection of a Protective Earthing Conductor.
Class II equipment:
The method of protection against electric shock in the case of class II equipment is either double insulation or
reinforced insulation.
Appendix D Legal Information
XMG3563-B10A User’s Guide
319
Open Source Licenses
This product contains in part some free software distributed under GPL license terms and/or GPL like licenses. Open source licenses are provided
with the firmware package. You can download the latest firmware at www.zyxel.com. To obtain the source code covered under those Licenses,
please contact support@zyxel.com.tw to get it.
Index
XMG3563-B10A User’s Guide
320
Index
A
ACK message 227
ACL rule 188
ACS 261
activation
firewalls 185
media server 183
SIP ALG 160
SSID 89
Address Resolution Protocol 246
administrator password 26
antenna
directional 306
gain 306
omni-directional 306
AP (access point) 297
applications
Internet access 17
media server 182
activation 183
iTunes server 182
applications, NAT 164
ARP Table 246, 248
authentication 100, 101
RADIUS server 101
Auto Configuration Server, see ACS 261
B
backup
configuration 274
Basic Service Set, See BSS 295
Basic Service Set, see BSS
blinking LEDs 22
Broadband 64
broadcast 83
BSS 102, 295
Index
XMG3563-B10A User’s Guide
321
example 103
BYE request 227
C
CA 200, 301
call hold 232, 234
call service mode 232, 233
call transfer 233, 234
call waiting 233, 234
Canonical Format Indicator See CFI
CCMs 277
certificate
factory default 201
Certificate Authority
See CA.
certificates 200
authentication 200
CA
creating 201
public key 200
replacing 201
storage space 201
Certification Authority 200
Certification Authority. see CA
certifications 316
viewing 318
CFI 83
CFM 277
CCMs 277
link trace test 277
loopback test 277
MA 277
MD 277
MEP 277
MIP 277
channel 297
interference 297
channel, wireless LAN 99
Class of Service 230
Class of Service, see CoS
client list 117
client-server protocol 224
comfort noise generation 229
Index
XMG3563-B10A User’s Guide
322
configuration
backup 274
firewalls 185
reset 275
restoring 275
static route 127, 129, 168
Connectivity Check Messages, see CCMs
contact information 289
copyright 312
CoS 147, 230
CoS technologies 134
creating certificates 201
CTS (Clear to Send) 298
CTS threshold 96, 100
customer support 289
D
data fragment threshold 96, 100
DDoS 185
default server address 159
Denials of Service, see DoS
DHCP 112, 124
DHCP option 43 70
DHCP option 60 70
DHCP option 61
DUID 70
IAD 70
differentiated services 231
Differentiated Services, see DiffServ 147
DiffServ 147
marking rule 147
DiffServ (Differentiated Services) 230
code points 230
marking rule 231
digital IDs 200
disclaimer 312
DLNA 182
DMZ 159
DNS 112, 124
DNS server address assignment 83
Domain Name 165
Domain Name System, see DNS
Index
XMG3563-B10A User’s Guide
323
Domain Name System. See DNS.
DoS 185
DS field 147, 231
DS, dee differentiated services
DSCP 147, 230
dynamic DNS 167
wildcard 167
Dynamic Host Configuration Protocol, see DHCP
dynamic WEP key exchange 302
DYNDNS wildcard 167
E
EAP Authentication 301
ECHO 165
echo cancellation 229
e-mail
log example 270
Encapsulation 79
MER 79
PPP over Ethernet 80
encapsulation
RFC 1483 80
encryption 102, 303
ESS 296
Europe type call service mode 232
Extended Service Set IDentification 87, 91
Extended Service Set, See ESS 296
F
file sharing 19
filters
MAC address 92, 101
Finger 165
firewalls 184
add protocols 186
configuration 185
DDoS 185
DoS 185
LAND attack 185
Ping of Death 185
SYN attack 185
Index
XMG3563-B10A User’s Guide
324
firmware 272
version 61
flash key 232
flashing 232
forwarding ports 152
fragmentation threshold 96, 100, 298
FTP 152, 165
G
G.168 229
General wireless LAN screen 86
H
hidden node 297
HTTP 165
I
IBSS 295
IEEE 802.11g 299
IEEE 802.1Q 82
IGA 163
IGMP 83
multicast group list 250
version 83
ILA 163
Independent Basic Service Set
See IBSS 295
initialization vector (IV) 303
Inside Global Address, see IGA
Inside Local Address, see ILA
interface group 175
Internet
wizard setup 33
Internet access 17
wizard setup 33
Internet Protocol version 6 65
IP address 112
ping 278
Index
XMG3563-B10A User’s Guide
325
WAN 65
IP Address Assignment 82
IP alias
NAT applications 165
IPv6 65
addressing 66, 83
prefix 66, 84
prefix delegation 67
prefix length 66, 84
iTunes server 182
ITU-T 229
K
key combinations 235
keypad 235
L
LAN 111
client list 117
DHCP 112, 124
DNS 112, 124
IP address 112, 113
MAC address 117
status 62
subnet mask 112, 113
LAND attack 185
LBR 277
limitations
wireless LAN 102
WPS 109
link trace 277
Link Trace Message, see LTM
Link Trace Response, see LTR
listening port 216
login 26
passwords 26
logs 236, 239, 250, 269
Loop Back Response, see LBR
loopback 277
LTM 277
LTR 277
Index
XMG3563-B10A User’s Guide
326
M
MA 277
MAC address 93, 117
filter 92, 101
MAC authentication 92
Mac filter 191
Maintenance Association, see MA
Maintenance Domain, see MD
Maintenance End Point, see MEP
Management Information Base (MIB) 263
managing the device
good habits 20
Maximum Burst Size (MBS) 81
MBSSID 103
MD 277
media server 182
activation 183
iTunes server 182
MEP 277
MTU (Multi-Tenant Unit) 82
multicast 83
multimedia 223
Multiple BSS, see MBSSID
multiplexing 80
LLC-based 80
VC-based 80
multiprotocol encapsulation 80
N
NAT 151, 152, 153, 163, 164
applications 164
IP alias 165
example 164
global 163
IGA 163
ILA 163
inside 163
local 163
outside 163
port forwarding 152
port number 165
services 165
SIP ALG 160
Index
XMG3563-B10A User’s Guide
327
activation 160
NAT example 166
Network Address Translation, see NAT
Network Map 59
network map 29
NNTP 165
non-proxy calls 220
O
OK response 227, 228
P
Pairwise Master Key (PMK) 303, 305
passwords 26
PBC 104
Peak Cell Rate (PCR) 81
peer-to-peer calls 220
Per-Hop Behavior, see PHB 147
PHB 147, 231
phone book
speed dial 220
phone functions 235
PIN, WPS 105
Ping of Death 185
Point-to-Point Tunneling Protocol, see PPTP
POP3 165
port forwarding 152
ports 22
PPPoE 80
Benefits 80
PPTP 165
preamble 97, 100
preamble mode 103
prefix delegation 67
PSK 303
Push Button Configuration, see PBC
push button, WPS 104
Index
XMG3563-B10A User’s Guide
328
Q
QoS 133, 147, 230
marking 134
setup 133
tagging 134
versus CoS 134
Quality of Service, see QoS
R
RADIUS 300
message types 300
messages 300
shared secret key 300
RADIUS server 101
Real time Transport Protocol, see RTP
remote management
TR-069 261
Remote Procedure Calls, see RPCs 261
reset 23, 275
restart 276
restoring configuration 275
RFC 1058. See RIP.
RFC 1389. See RIP.
RFC 1483 80
RFC 1889 226
RFC 3164 236
RIP 131
router features 17
Routing Information Protocol. See RIP
RPPCs 261
RTP 226
RTS (Request To Send) 298
threshold 297, 298
RTS threshold 96, 100
S
security
wireless LAN 100
Security Log 237
Index
XMG3563-B10A User’s Guide
329
Security Parameter Index, see SPI
service access control 258, 259
Service Set 87, 91
Services 165
Session Initiation Protocol, see SIP
setup
firewalls 185
static route 127, 129, 168
silence suppression 229
Simple Network Management Protocol, see SNMP
Single Rate Three Color Marker, see srTCM
SIP 223
account 223
call progression 226
client 224
identities 223
INVITE request 227, 228
number 223
OK response 228
proxy server 224
redirect server 225
register server 226
servers 224
service domain 223
URI 223
user agent 224
SIP ALG 160
activation 160
SMTP 165
SNMP 165, 263, 264
agents 263
Get 264
GetNext 264
Manager 263
managers 263
MIB 263
network components 263
Set 264
Trap 264
versions 263
SNMP trap 165
speed dial 220
SPI 185
srTCM 149
SSID 101
activation 89
MBSSID 103
Index
XMG3563-B10A User’s Guide
330
static route 126, 131, 267
configuration 127, 129, 168
example 126
static VLAN
status 59
firmware version 61
LAN 62
WAN 61
wireless LAN 62
status indicators 22
subnet mask 112
supplementary services 231
Sustained Cell Rate (SCR) 81
SYN attack 185
syslog
protocol 236
severity levels 236
system
firmware 272
version 61
passwords 26
reset 23
status 59
LAN 62
WAN 61
wireless LAN 62
time 265
T
Tag Control Information See TCI
Tag Protocol Identifier See TPID
TCI
The 65
three-way conference 233, 234
thresholds
data fragment 96, 100
RTS/CTS 96, 100
time 265
ToS 230
TPID 82
TR-069 261
ACS setup 261
authentication 262
traffic shaping 81
Index
XMG3563-B10A User’s Guide
331
trTCM 150
Two Rate Three Color Marker, see trTCM
Type of Service, see ToS
U
unicast 83
Uniform Resource Identifier 223
Universal Plug and Play, see UPnP
upgrading firmware 272
UPnP 118
cautions 113
NAT traversal 112
USA type call service mode 233
USB features 19
V
VAD 229
Vendor ID 122
VID
Virtual Circuit (VC) 80
Virtual Local Area Network See VLAN
VLAN 82
Introduction 82
number of possible VIDs
priority frame
static
VLAN ID 82
VLAN Identifier See VID
VLAN tag 82
voice activity detection 229
voice coding 228
VoIP 223
peer-to-peer calls 220
W
Wake on LAN 122
WAN
status 61
Index
XMG3563-B10A User’s Guide
332
Wide Area Network, see WAN 64
warranty 318
note 318
web configurator 26
login 26
passwords 26
WEP Encryption 89
Wi-Fi Protected Access 302
wireless client WPA supplicants 304
wireless LAN 85, 98
authentication 100, 101
BSS 102
example 103
channel 99
encryption 102
example 99
fragmentation threshold 96, 100
limitations 102
MAC address filter 92, 101
MBSSID 103
preamble 97, 100
RADIUS server 101
RTS/CTS threshold 96, 100
security 100
SSID 101
activation 89
status 62
WPA 102
WPA-PSK 102
WPS 104, 106
example 107
limitations 109
PIN 105
push button 104
wireless security 299
Wireless tutorial 40
wizard setup
Internet 33
WLAN
interference 297
security parameters 305
WPA 102, 302
key caching 303
pre-authentication 303
user authentication 303
vs WPA-PSK 303
wireless client supplicant 304
with RADIUS application example 304
Index
XMG3563-B10A User’s Guide
333
WPA2 302
user authentication 303
vs WPA2-PSK 303
wireless client supplicant 304
with RADIUS application example 304
WPA2-Pre-Shared Key 302
WPA2-PSK 302, 303
application example 304
WPA-PSK 102, 302, 303
application example 304
WPS 104, 106
example 107
limitations 109
PIN 105
push button 104
Z
ZyXEL Family Safety page 196