ZyXEL MAX-206M1R User's Manual
Contents
1. STANDARD DESCRIPTION RFC 2104 HMAC Keyed Hashing for Message Authentication RFC 2131 Dynamic Host Configuration Protocol RFC 2401 Security Architecture for the Internet Protocol RFC 2409 Internet Key Exchange RFC 2475 Architecture for Differentiated Services Diffserv RFC 2617 Hypertext Transfer Protocol HTTP Authentication Basic and Digest Access Authentication RFC 2782 A DNS RR for specifying the location of services DNS SRV RFC 2833 Real time Transport Protocol Payload for DTMF Digits Telephony Tones and Telephony Signals RFC 2976 The SIP INFO Method RFC 3261 Session Initiation Protocol SIP version 2 RFC 3262 Reliability of Provisional Responses in the Session Initiation Protocol SIP RFC 3263 Session Initiation Protocol SIP Locating SIP Servers RFC 3264 An Offer Answer Model with the Session Description Protocol SDP RFC 3265 Session Initiation Protocol SIP Specific Event Notification RFC 3323 A Privacy Mechanism for SIP RFC 3325 Private Extensions to the Session Initiation Protocol SIP for Asserted Identity within Trusted Networks RFC 3550 RTP A Real Time Protocol for Real Time Applications RFC 3581 An Extension to the Session Initiation Protocol SIP for Symmetric Response Routing RFC 3611 RTP Control Protocol Extended Reports RTCP XR XR RFC 3715 IP Sec NAT Compatibility RFC 3842 A Message Summary and Message Waiting2. Network Card Network Settings Overview Obtain an overview of installed network cards Global Options Overview Hostname DNS Routing Additionally edit their nsnm z configuration Name IP Address AMD PCnet Fast 79C971 DHCP Adding a Network Card Press Add to configure a new network card manually Configuring or Deleting Choose a network card to change or remove Then press Configure or Delete as desired AMD PCnet Fast 79C971 MAC 08 00 27 96 ed 3d Device Name eth etho Started automatically at boot IP address assigned using DHCP User s Guide Appendix B Setting Up Your Computer s IP Address 5 When the Network Card Setup window opens click the Address tab Figure 130 openSUSE 10 3 Network Card Setup YaST2 linux h20z Address Setup Select No Address Setup if you do not want any IP address for this device This is particularly useful for bonding ethernet devices Select Dynamic address if you do not have a static IP address assigned by the system administrator or your cable or DSL provider You can choose one of the dynamic address assignment method Select DHCP if you have a DHCP server running on your local network Network addresses are then obtained automatically from the server To automatically search for free IP and then assign it statically select Zeroconf
3. User Name myuser asb com Password ssesaeana Anonymous Identity anonymous asb com PKM PKMV2 A Authentication TTLS F TTLS Inner EAP CHAP req Certificate auto generated self signed cert H ET lt Back Next gt Close The following table describes the labels in this screen Table6 Internet Connection Wizard gt Authentication Settings Screen LABEL DESCRIPTION Authentication User Name Use this field to enter the username associated with your Internet access account You can enter up to 61 printable ASCII characters Password Use this field to enter the password associated with your Internet access account You can enter up to 47 printable ASCII characters Anonymous Identity Enter the anonymous identity provided by your Internet Service Provider Anonymous identity also known as outer identity is used with EAP TTLS encryption The anonymous identity is used to route your authentication request to the correct authentication server and does not reveal your real user name Your real user name and password are encrypted in the TLS tunnel and only the anonymous identity can be seen Leave this field blank if your ISP did not give you an anonymous identity to use User s Guide Chapter 3 Internet Connection Wizard Table6 Internet Connection Wizard gt Authentication Settings Screen continued LABEL DESCRIPTION
4. SUBNET MASK HOST ID SIZE PSI DUM EC EROR 8 bits 255 0 0 0 24 bits 9 T 09 16777214 16 bits 255 255 0 0 16 bits 216 2 65534 24 bits 255 255 255 0 8 bits 28 2 254 29 bits 255 255 255 2 3 bits 23 2 6 48 User s Guide Appendix D IP Addresses and Subnetting Notation Since the mask is always a continuous number of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks using both notations Table 117 Alternative Subnet Mask Notation 2 SUBNET ALTERNATIVE LAST OCTET LAST OCTET MASK NOTATION BINARY DECIMAL 255 255 255 0 24 0000 0000 0 255 255 255 12 25 1000 0000 128 8 255 255 255 19 26 1100 0000 192 2 255 255 255 22 27 1110 0000 224 4 255 255 255 24 28 1111 0000 240 0 255 255 255 24 29 1111 1000 248 8 255 255 255 25 30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the comp
5. RF Approvals EN 302326 Table 103 Radio Specifications FEATURE DESCRIPTION Media Access Protocol IEEE 802 16e WiMAX Bandwidth MAX 216M1R 5MHz 7MHz 10MHz MAX 206M1R 5MHz 10MHz MAX 236M1R 5MHz 8 75MHz 10MHz Data Rate Download Maximum 15 Mbps Average 6 Mbps Upload Maximum 5 Mbps Modulation QPSK uplink and downlink 16 QAM uplink and downlink 64 QAM downlink only Output Power Typically 27dBm with internal antenna Duplex mode Time Division Duplex TDD Security PKMv2 EAP CCMP 128 bit AES Table 104 Firmware Spe cifications FEATURE DESCRIPTION Web based Configuration and Management Tool Also known as the web configurator this is a firmware based management solution for the WiMAX Modem You must connect using a compatible web browser in order to use it High Speed Wireless Internet Access The WiMAX Modem is ideal for high speed wireless Internet browsing WiMAX Worldwide Interoperability for Microwave Access is a wireless networking standard providing high bandwidth wide range secured wireless service The WiMAX Modem is a WiMAX mobile station MS compatible with the IEEE 802 16e standard Firewall The WiMAX Modem is a stateful inspection firewall with DoS Denial of Service protection By default when the firewall is activated all incoming traffic from the WAN to the LAN is blocked
6. User s Guide Appendix E Importing Certificates 3 Inthe Certificates manager select the Authorities tab select the certificate that you want to remove and then click Delete Figure 189 Opera 9 Certificate manager Certificate manager Certificate authorities 172 20 37 202 AAA Certificate Services Actalis Root CA AddTrust Class 1 CA Root AddTrust External CA Root AddTrust Public CA Root AddTrust Qualified CA Root Baltimore CyberTrust Code Signing Root Baltimore CyberTrust Mobile Root Baltimore CyberTrust Root Certum CA Certum CA Level I Certum CA Level II Certum CA Level III Certum CA Level IV Class 1 Public Primary Certification Authority Class 1 Public Primary Certification Authority G2 c 1998 VeriSig Class 2 Public Primary Certification Authority 4 The next time you go to the web site that issued the public key certificate you just removed a certification error appears Note There is no confirmation when you delete a certificate authority so be absolutely certain that you want to go through with it before clicking the button User s Guide Appendix E Importing Certificates Konqueror The following example uses Konqueror 3 5 on openSUSE 10 3 however the screens apply to Konqueror 3 5 on all Linux KDE distributions If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification erro
7. Configuring IP Addresses Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 The Internet Assigned Number Authority I ANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the WiMAX Modem Once you have decided on the network number pick an IP address for your WiMAX Modem that is easy to remember for instance 192 168 1 1 but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your WiMAX Modem will compute the subnet mask automatically based on the IP User s Guide 307 Appendix D IP Addresses and Subnetting address that you entered You don t need to change the subnet mask computed by the WiMAX Modem unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique a
8. User s Guide 287 Appendix B Setting Up Your Computer s IP Address 288 User s Guide Pop up Windows JavaScripts and Java Permissions In order to use the web configurator you need to allow Web browser pop up windows from your device JavaScripts enabled by default Java permissions enabled by default Note Internet Explorer 6 screens are used here Screens for other Internet Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 134 Pop up Blocker Mail and News Pop up Blocker Manage Add ons Synchronize Windows Update Windows Messenger Internet Options You can also check if pop up blocking is disabled in the Pop up Blocker section in the Privacy tab User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions 1 In Internet Explorer select Tools Internet Options Privacy 2 Clear the Block pop ups check box in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 135 Internet Options Privacy Internet Options PIR General Sec
9. ntpl sp se timel stupi se tick stdtime gov tw tock stdtime gov tw time stdtime gov tw 5 4 2 Resetting the Time The WiMAX Modem automatically resets the time in the following circumstances When the device starts up such as when you press the Power button When you click Apply in the SETUP Time Setting screen Once every 24 hours after starting up User s Guide ART IH Advanced Screens The LAN Configuration Screens 65 The WAN Configuration Screens 77 The NAT Configuration Screens 89 The System Configuration Screens 99 The LAN Configuration Screens 6 1 Overview Use the ADVANCED gt LAN Configuration screens to set up the WiMAX Modem on the LAN You can configure its IP address and subnet mask DHCP services and other subnets You can also control how the WiMAX Modem sends routing information using RIP A Local Area Network LAN is a shared communication system to which many computers are attached A LAN is usually a computer network limited to the immediate area such as the same building or floor of a building 6 1 1 What You Can Do in This Chapter The DHCP Setup screen Section 6 2 on page 66 lets you enable disable and configure the DHCP server in the WiMAX Modem The Static DHCP screen Section 6 3 on page 68 lets you assign specific IP addresses to specific computers on the LAN The IP Static Route screen Section 6 4 on page 69
10. User s Guide Chapter 13 The Certificates Screens 13 4 1 Certificate Authorities When using public key cryptology for authentication each host has two keys One key is public and can be made openly available The other key is private and must be kept secure These keys work like a handwritten signature in fact certificates are often referred to as digital signatures Only you can write your signature exactly as it ought to look When people know what your signature ought to look like they can verify whether something was signed by you or by someone else In the same way your private key writes your digital signature and your public key allows people to verify whether data was signed by you or by someone else This process works as follows Tim wants to send a message to Jenny He needs her to be sure that it comes from him and that the message content has not been altered by anyone else along the way Tim generates a public key pair one public key and one private key Tim keeps the private key and makes the public key openly available This means that anyone who receives a message seeming to come from Tim can read it and verify whether it is really from him or not Tim uses his private key to sign the message and sends it to Jenny Jenny receives the message and uses Tim s public key to verify it Jenny knows that the message is from Tim and she knows that although other people may have been able to read the messa
11. Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide Chapter 8 The NAT Configuration Screens 8 3 2 Port Forwarding Rule Setup Click a port forwarding rule s Edit icon in the ADVANCED gt NAT Configuration gt Port Forwarding screen to activate deactivate or edit it Figure 36 ADVANCED gt NAT Configuration gt Port Forwarding gt Rule Setup Rule Setup C Active Service Name Start Port End Port Server IP Address 0 0 0 0 The following table describes the labels in this screen Table 28 ADVANCED gt NAT Configuration gt Port Forwarding gt Rule Setup LABEL DESCRIPTION Active Select this to enable this rule Clear this to disable this rule Service Name Enter a name to identify this rule You can use 1 31 printable ASCII characters or you can leave this field blank It does not have to be a unique name Start Port Enter the port number or range of port numbers you want to forward to the specified server End Port To forward one port number enter the port number in the Start Port and End Port fields To forward a range of ports enter the port number at the beginning of the range in the Start Port field enter the port number at the end of the range in the End Port field Server IP Enter the IP address of the server to which to forward packets for the Address selec
12. Click to return to the previous screen without saving your changes User s Guide Chapter 13 The Certificates Screens 13 2 3 My Certificate Import Click TOOLS gt Certificates gt My Certificates gt Import to access this screen Use this screen to import a certificate that matches a corresponding certification request that was generated by the WiMAX Modem You must remove any spaces from the certificate s filename before you can import it Figure 62 TOOLS gt Certificates gt My Certificates gt Import Import Please specify the location of the certificate file to be imported The certificate file must be in one of the following formats Binary X 509 PEM Base 64 encoded X 509 Binary PKCS 7 PEM Base 64 encoded PKCS 7 Binary PKCS 12 PEM Base 64 encoded PKCS 12 For my certificate importation to be successful a certification request corresponding to the imported certificate must already exist on WiMAX CPE After the importation the certification request will automatically be deleted File Path Browse Apply Cancel The following table describes the labels in this screen Table 54 TOOLS gt Certificates gt My Certificates gt Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it You cannot import a certificate with the same name as a certificate that is already in the WiMAX Mode
13. Figure 169 Firefox 2 Website Certified by an Unknown Authority Website Certified by an Unknown Authority Unable to verify the identity of 172 20 37 202 as a trusted site aA Possible reasons for this error Your browser does not recognize the Certificate Authority that issued the site s certificate The site s certificate is incomplete due to a server misconfiguration You are connected to a site pretending to be 172 20 37 202 possibly to obtain your confidential information Please notify the site s webmaster about this problem Before accepting this certificate you should examine this site s certificate carefully Are you willing to to accept this certificate for the purpose of identifying the Web site 172 20 37 202 Examine Certificate Accept this certificate permanently Wf this session Do not accept this certificate and do not connect to this Web site Ce User s Guide Appendix E Importing Certificates The certificate is stored and you can now connect securely to the web configurator A sealed padlock appears in the address bar which you can click to open the Page Info Security window to view the web page s security information Figure 170 Firefox 2 Page Info Page Info DER General Forms Links Media ity Web Site Identity Verified The web site 172 20 37 202 supports authentication for the page you are viewing The identity of this web site has been verified b
14. In addition to the servers for specified services NAT supports a default server A service request that does not have a server explicitly designated for it is forwarded to the default server If the default is not defined the service request is simply discarded User s Guide Chapter 8 The NAT Configuration Screens For example let s say you want to assign ports 21 25 to one FTP Telnet and SMTP server A in the example port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 34 Multiple Servers Behind NAT Example A 192 168 1 33 192 168 1 1 8 3 1 Port Forwarding Options Click ADVANCED gt NAT Configuration gt Port Forwarding to look at the current port forwarding rules in the WiMAX Modem and to enable disable activate and deactivate each one You can also set up a default server to handle ports not covered by rules Figure 35 ADVANCED gt NAT Configuration gt Port Forwarding Default Server Setup Default Server 0 00 0 Port Forwarding Active Name Start Port End Port Server IP Address Action 1 0 0 g 2 0 0 EP A 3 0 0 gA eT User s Guide Chapter 8 The NAT Configuration Screens The following table describes the icons in this screen Table 26 Advanced V
15. af mmmh i L I L I L a a ap EB Eee eee m m m m m 9 How much of the IP address is the network number and how much is the host ID varies according to the subnet mask Subnet Masks A subnet mask is used to determine which bits are part of the network number and which bits are part of the host ID using a logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal Table 114 IP Address Network Number and Host ID Example 1ST 2ND 3RD 4TH OCTET OCTET OCTET OCTET 192 168 1 2 IP Address Binary 11000000 10101000 00000001 00000010 Subnet Mask Binary 11111111 11111111 11111111 00000000 Network Number 11000000 10101000 00000001 Host ID 00000010 User s Guide Appendix D IP Addresses and Subnetting By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Subnet masks can be referred to
16. Put a current call on hold to answer an incoming call Flash 983t Transfer the call to another phone USA Call Hold allows you to put a call A on hold by pressing the flash key If you have another call press the flash key to switch back and forth between caller A and B by putting either one on hold If you hang up the phone but a caller is still on hold there will be a remind ring USA Call Waiting allows you to place a call on hold while you answer another incoming call on the same telephone directory number If there is a second call to your telephone number you will hear a call waiting tone Press the flash key to put the first call on hold and answer the second call USA Call Transfer allows you to transfer an incoming call that you have answered to another phone To do so Press the flash key to put the caller on hold When you hear the dial tone dial 98 followed by the number to which you want to transfer the call to operate the Intercom User s Guide Chapter 11 The Phone Screens After you hear the ring signal or the second party answers it hang up the phone USA Three Way Conference allows you to make three way conference calls To do so When you are making a call press the flash key to put the call on hold and get a dial tone Dial a phone number to make a second call When the second call is answered press the flash key to create a three way conversation
17. Refer to the included CD for support documents User s Guide ES About This User s Guide ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications User s Guide Feedback Help us help you Send all User s Guide related comments questions or suggestions for improvement to the following address or use e mail instead Thank you The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan E mail techwriters zyxel com tw 4 User s Guide Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User s Guide Warnings tell you about things that could harm you or your WiMAX Modem Note Notes tell you other important information for example other things you may need to configure or helpful tips or recommendations Syntax Conventions The product s described in this book may be referred to as the WiMAX Modem the device the system or the product in this User s Guide Product labels screen names field labels and field choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for y
18. on webpages and suggests matches for you Feeds provide updated content from websites that can be read in Internet Explorer and other programs User s Guide Appendix E Importing Certificates 3 Inthe Certificates dialog box click the Trusted Root Certificates Authorities tab select the certificate that you want to delete and then click Remove Figure 166 Internet Explorer 7 Certificates Certificates Intended purpose lt lt All gt Intermediate Certification Authoriti Trusted Root Certification Authorities Trusted Root Certification Authorities Certification Authorities Listed Publ Issued By Expiratio Friendly Name E3 172 20 37 202 172 20 37 202 5 21 2011 ABA ECOM RootCA X ABA ECOM Root CA 7 10 2009 DST ABA ECOM EJautoridad Certifica Autoridad Certificador 6 29 2009 Autoridad Certifi Autoridad Certifica Autoridad Certificador 6 30 2009 Autoridad Certifi aaltimore Ez byDST Baltimore EZ by DST 7 4 2009 DST Baltimore E JBelgacom E TrustP Belgacom E Trust Prim 1 21 2010 BelgacomE Trus E caw HKT SecureN C amp W HKT SecureNet 10 16 2009 CW HKT Secure Ecaw HKT SecureN C amp W HKT SecureNet 10 16 2009 CW HKT Secure Ecaw HKT SecureN C amp W HKT SecureNet 10 16 2010 CW HKT Secure mera Certificate intended purposes lt All gt 4 Inthe Certificates confirmation click Yes Figure 167
19. 0 0 0 0 FireWire k d Not Connected Subnet Mask AirPort A 9 or Router DNS Server Jj Search Domains UU Mee TA rS M 6 id Click the lock to prevent further changes 6 Click Apply and close the window User s Guide 275 Appendix B Setting Up Your Computer s IP Address Verifying Settings Check your TCP IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network interface from the Info tab Figure 118 Mac OS X 10 5 Network Utility OOO NewokUlity o Netstat AppleTalk Ping Lookup Traceroute Whois Finger PortScan Please aterface for information Network Interface en1 Sn EXER L Transfer Statistics Hardware Address 00 30 65 25 6a b3 Sent Packets 1230 IP Address es 10 0 2 2 Send Errors 0 Link Speed 11 Mbit s Recv Packets 1197 Link Status Active Recv Errors 0 Vendor Apple Collisions 0 Model Wireless Network Adapter 802 11 Linux Ubuntu 8 GNOME This section shows you how to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default Ubuntu 8 installation Note Make sure you are logged in as the root administrator Follow the ste
20. 1 1 MN 147 T TOVON o aa M 147 18 1 1 What You Can Do im This Chapter cccisciccteesseacasctecesicaras coinasgeneoseesaesedeuaaarseackecnieoces 147 Tod What yog Needto BEIGE oannes pb d a ae al Ewa Fab baa i i at 147 ed ES Ie NEIN REI TM 148 1221 My Cerilicales i um m 150 Taaa My Geriicaie EOI rosis aE ATENA meee 154 pec quee uieidu on OL 157 Pe WISTS EN eee 158 Too T De cu eee trc E 160 Tooc maed CA IMPO rr 163 TA IDEs ID LL TITLE 163 13 4 1 Certificate Authorities uiae eerta reed tank ener ea ciini ads deua Rake nequ ak kx aa ta n 164 19 4 2 Verlying a COFUTIGSIe ieissa naia E EAEAN ANE DUREE DR RENE ERIS 166 Chapter 14 ll P O 169 Oe EY oioenenviieen vid se re CL e FREE aA pe Cd Rd Vd E aa pd EY ep CR Ran a a tue d A bd 169 14 1 1 What You Can Do in This Chapter 1 oor dc iter I tab oet rp nente Pra Eh SR eiai 169 141 2 What You Need to OE usa torpbasi eec r tango nir aeta LE pF Rd cepta rae kaaa 169 yr gos E NOI 170 T4221 Perewrall Rule Directions m 170 PAR Digne POHDS ios sace risa pe ra ee bla eeu Reb daqe KV HIR ERR Hd RT Md ER TR GRN RA Tr RARR eas wd TA o Firewall upra Ree EET 172 p OERIDCISU o eT 179 PL onmes HeIerelleB cass ra bau beer eec EB rp apu aab a ba e aa aa RA baa vl ad 174 1444 Siateiul Inspection Firewall aates ened 174 14 4 2 Guidelines For Enhancing Security With Your Firewall sessssss 175 14 4 3 The T
21. G 711 provides high voice quality but requires more bandwidth 64 kbps e G 711A is typically used in Europe G 711uistypically used in North America and Japan G 723 provides good voice quality and requires 20 or 40 kbps G 729 requires only 8 kbps The WiMAX Modem must use the same codec as the peer When two SIP devices start a SIP session they must agree on a codec For more on voice compression see Voice Coding on page 115 DTMF Mode Control how the WiMAX Modem handles the tones that your telephone makes when you push its buttons You should use the same mode your VoIP service provider uses e RFC 2833 send the DTMF tones in RTP packets PCM send the DTMF tones in the voice data stream This method works best when you are using a codec that does not use compression like G 711 Codecs that use compression like G 729 can distort the tones SIP INFO send the DTMF tones in SIP messages User s Guide Chapter 10 The Service Configuration Screens Table 37 VOICE gt Service Configuration gt SIP Settings gt Advanced continued LABEL DESCRIPTION STUN Active Select this if all of the following conditions are satisfied There is a NAT router between the WiMAX Modem and the SIP server The NAT router is not a SIP ALG Your VoIP service provider gave you an IP address or domain name for a STUN server Otherwise clear this field Server Address E
22. This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network Windows Vista XP 2000 Mac OS 9 OS X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure that your network s computers have IP addresses that place them in the same subnet In this appendix you can set up an IP address for Windows XP NT 2000 on page 262 e Windows Vista on page 265 Mac OS X 10 3 and 10 4 on page 269 Mac OS X 10 5 on page 273 Linux Ubuntu 8 GNOME on page 276 Linux openSUSE 10 3 KDE on page 282 User s Guide Appendix B Setting Up Your Computer s IP Address Windows XP NT 2000 The following example uses the default Windows XP display theme but can also 2 apply to Windows 2000 and Windows NT Click Start gt Control Panel Figure 96 Windows XP Start Menu e Internet Explorer 7 My Documents 3 Outlook Express V Paint 2 My Recent Documents gt My Pictures Files and Settings Transfer W c Bj x BY Command Prompt c My Music El Acrobat Reader 4 0 My Computer Tour Windows xP Windows Movie Maker tg Printers and Faxes Q9 Help and Support po Search All Programs gt Run B Log Off Io Turn Off Computer untitled Paint In t
23. depending on the Condition Condition Select the situations in which you want to forward incoming calls from the Incoming Call Number or select an alternative action Unconditional The WiMAX Modem immediately forwards any calls from the Incoming Call Number to the Forward to Number Busy The WiMAX Modem forwards any calls from the Incoming Call Number to the Forward to Number when your SIP account already has a call connected No Answer The WiMAX Modem forwards any calls from the Incoming Call Number to the Forward to Number when the call is unanswered See No Answer Waiting Time Block The WiMAX Modem rejects calls from the Incoming Call Number orks The WiMAX Modem allows calls from the Incoming Call Number You might create a rule with this condition if you do not want incoming calls from someone to be forwarded by rules in the Forward to Number section Apply Click to save your changes Reset Click to restore your previously saved settings Note The WiMAX Modem checks the Advanced rules first before checking the Forward to Number rules All rules are checked in order from top to bottom User s Guide Chapter 12 The Phone Book Screens 12 3 Speed Dial Click VOICE Phone Book Speed Dial to add edit or remove speed dial entries You must create speed dial entries if you want to make peer to peer calls or call SI P numbers that use letters You can also creat
24. fields Figure 67 Certificate Details Certificate General Details Certification Path Show lt All gt Field Value E Subject nsa2401 ZyXEL E Public key RSA 1024 Bits Falsubject Key Identifier 04 21 66 cc a4 f6 4d 02 ff dc 9 FalAuthority Key Identifier KeyID 04 21 66 cc a4 f6 4d 0 I Thumbprint algorithm 4c 3c 5d 03 76 7d 8b 97 39 eb de 9a 07 2a 72 ef c2 la 6a 16 Copy to File 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields The secure method may very based on your situation Possible examples would be over the telephone or through an HTTPS connection 167 User s Guide Chapter 13 The Certificates Screens User s Guide The Firewall Screens 14 1 Overview 14 1 1 14 1 2 Use the TOOLS gt Firewall screens to manage WiMAX Modem s firewall security measures Originally the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another The networking term firewall is a system or group of systems that enforces an access control policy between two networks It may also be defined as a mechanism used to protect a trusted network from an untrusted network Of course firewalls cannot solve every security problem A firewall is one of the mechanisms used to establish a network security perimeter in support of a network security p
25. Edinburgh Lisbon London CI Daylight Savings Start Date 2008 01 06 at o clock End Date 2008 01 06 at o clock The following table describes the labels in this screen Table 11 SETUP gt Time Setting LABEL DESCRIPTION Current Time and Date Current Time Displays the current time according to the WiMAX Modem User s Guide Chapter 5 The Setup Screens Table 11 SETUP gt Time Setting continued LABEL DESCRIPTION Current Date Displays the current time according to the WiMAX Modem Time and Date Setup Manual Select this if you want to specify the current date and time in the fields below New Time Enter the new time in this field and click Apply New Date Enter the new date in this field and click Apply Get from Time Server Select this if you want to use a time server to update the current date and time in the WiMAX Modem Time Protocol Select the time service protocol that your time server uses Check with your ISP or network administrator or use trial and error to find a protocol that works Daytime RFC 867 This format is day month year time zone Time RFC 868 This format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 This format is similar to Time RFC 868 Time Server Address Enter the IP address or URL of your time server Check with your ISP or network ad
26. IPv4 and then select Properties Figure 106 Windows Vista Local Area Connection Properties Networking Connect using La Intel R PRO 1000 MT Desktop Connection This connection uses the following items vi Client for Microsoft Networks vi d Network Monitor3 Driver ivi 5 File and Printer Sharing for Microsoft Networks wee ntemet Protocol Version 4 TCP IF v4 pee M Link Layer Topology Discovery Mapper I O Driver M Link Layer Topology Discovery Responder v p X i Uninstall Properties 2 Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks OK Cancel User s Guide 267 Appendix B Setting Up Your Computer s IP Address The I nternet Protocol Version 4 TCP IPv4 Properties window opens Figure 107 Windows Vista Internet Protocol Version 4 TCP IPv4 Properties Internet Protocol Version 4 TCP IPv4 Properties Ez E General Alternate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Use the Following IP address Obtain DNS server address automatically Use the following DNS server addresses Advanced cancel Select Obtain an I P address automatically if y
27. If you want to separate the three way conference into two individual calls one call is online the other is on hold press the flash key The first call is online and the second call is on hold Pressing the flash key again will recreate the three way conversation The next time you press the flash key the second call is online and the first call is on hold Hang up the phone to drop the connection User s Guide 137 Chapter 11 The Phone Screens User s Guide 12 1 12 1 1 12 1 2 The Phone Book Screens Overview The VOICE gt Phone Book screens allow you to configure the WiMAX Modem s phone book for making VoIP calls What You Can Do in This Chapter The Incoming Call Policy screen Section 12 2 on page 140 lets you maintain rules for handling incoming calls You can block redirect or accept them The Speed Dial screen Section 12 3 on page 142 lets you add edit or remove speed dial entries What You Need to Know The following terms and concepts may help as you read through this chapter Speed Dial and Peer to Peer Calling Speed dial provides shortcuts for dialing frequently used VoIP phone numbers It is also required if you want to make peer to peer calls In peer to peer calls you call another VoIP device directly without going through a SIP server In the WiMAX Modem you must set up a speed dial entry in the phone book in order to do this Select Non Proxy Use IP or URL in the
28. LAN amp WAN v Secured Client IP Address 9 Al Selected 0 0 0 0 Apply Reset The following table describes the labels in this screen Table 68 TOOLS gt Remote Management gt SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community which is the password for the incoming Get and GetNext requests from the management station The default is public and allows all requests Set Community Enter the Set community which is the password for incoming Set requests from the management station The default is public and allows all requests Trap Community Enter the trap community which is the password sent with each trap to the SNMP manager The default is public and allows all requests Trap Destination Enter the IP address of the station to send your SNMP traps to SNMP Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Access Status Select the interface s through which a computer may access the WiMAX Modem using this service User s Guide Chapter 16 The Remote Management Screens Table 68 TOOLS Remote Management SNMP continued LABEL DESCRIPTION Secured Client IP A secured client is a trusted computer that is allowed to communicate with the WiMAX Modem using this service Select All to allow any compute
29. List of Figures Figure 1 Mobile Station and Base Slaton i eser re ebrei ab ag bra atc Lada a Rr d C a RR Ra ul da 32 Figure 2 WiMAX Modem s VoIP Features Peer to Peer Calls seen 33 Figure 3 WiMAX Modem s VoIP Features Calls via VoIP Service Provider sseessss 33 Figure d The WIMAX Modom S LEDS rai rr boat Etpe prada FR ido ERE REX EE Rp a E RE bra E Rab d Co Ga a P 34 Piure 5 Mon a dee uus io det vdqd ton t Mite HIN dE es tEAdU Rec Ul ed ubDI dde Did p mcer ird dat ebda UE Lt adeb EE UR IDE ASEdS 41 Figure 6 Select a soe EET 45 Figure 7 Internet Connection Wizard gt System Information esssssssseeeeeneene 46 Figure 8 Internet Connection Wizard gt Authentication Settings Screen sesssssssss 47 Figure 9 Internet Connection Wizard gt IP Address sssssssssssseseeee eene nennen 49 Figure 10 Internet Connection Wizard gt Complete iussu ec dsakt ansam edisk baud dara ed 50 Figure Ti electa dj Heu 51 Figure 12 VolP Connection gt First Voice Account Settings ssssssssseeeeeeennnn 52 Figure 13 VolP Connection SIP Registration Test iere tota past potui pane Gnd Ege Sees ERE erei 53 Figure 14 vol Gannsotiono SIP Registration Pall inicr sieut pne pera e pne rece apte aia 54 FR 15 vaP Connection s FMRI aaisan ngs kane scia boni bean dae lundi d den c d 54 Figure TB SETUE s Sar IP Pee anirien iie EEES 58 Fiume 17 SET
30. Sales E mail sales zyxel es Telephone 34 902 195 420 Fax 34 913 005 345 Web www zyxel es e Regular Mail ZyXEL Communications Arte 21 52 planta 28033 Madrid Spain User s Guide 357 Appendix Customer Support Sweden Support E mail support zyxel se Sales E mail sales zyxel se Telephone 46 31 744 7700 Fax 46 31 744 7701 Web www zyxel se Regular Mail ZyXEL Communications A S Sj porten 4 41764 G teborg Sweden Taiwan Support E mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 2 27399889 Fax 886 2 27353220 Web http www zyxel com tw Address Room B 21F No 333 Sec 2 Dunhua S Rd Da an District Taipei Thailand Support E mail support zyxel co th Sales E mail sales zyxel co th Telephone 662 831 5315 Fax 662 831 5395 Web http www zyxel co th Regular Mail ZyXEL Thailand Co Ltd 1 1 Moo 2 Ratchaphruk Road Bangrak Noi Muang Nonthaburi 11000 Thailand Turkey Support E mail cso zyxel com tr Telephone 90 212 222 55 22 Fax 90 212 220 2526 Web http www zyxel com tr Address Kaptanpasa Mahallesi Piyalepasa Bulvari Ortadogu Plaza N 14 13 K 6 Okmeydani Sisli Istanbul Turkey Ukraine Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 User s Guide Appendix Customer Support Fax 380 44 494 49 32 Web www ua zyxel com Regular Mail ZyXEL Ukraine 13 Pimon
31. Select the Antenna Switch Mode use Internal Antenna Ouse External Antenna The following table describes the labels in this screen Table 23 ADVANCED gt WAN Configuration gt Advanced LABEL DESCRIPTION Select the Antenna Switch Mode Use Internal Select this to use the device s internal antenna Antenna Use External Select this to use the device s external antenna If you select this Antenna option but do not have external antennas attached you may experience poor reception External antennas are optional and not required User s Guide Chapter 7 The WAN Configuration Screens Table 23 ADVANCED gt WAN Configuration gt Advanced continued LABEL DESCRIPTION Apply Click to save your changes Reset Click to restore your previously saved settings 7 5 Advanced Click ADVANCED gt WAN Configuration gt Advanced to configure your DNS server RIP Multicast and Windows Networking settings Figure 32 ADVANCED gt WAN Configuration gt Advanced DNS Servers First DNS Server From ISP v 0 0 0 0 Second DNS Server From ISP vi 0 0 0 0 Third DNS Server FromISP 0 0 0 0 RIP amp Multicast Setup RIP Direction Noe v RIP Version RIP 1 vi Multicast None s6 Windows Networking NetBIOS over TCP IP Allow between LAN and WAN You also need to create a firewall rule C Allow Trigger Dial User s Guide Chapter 7 The WAN C
32. lets you examine the static routes configured in the WiMAX Modem The Other Settings screen Section 6 5 on page 71 lets you control the routing information that is sent and received by each subnet assign specific IP addresses to specific computers on the LAN 6 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter IP Address P addresses identify individual devices on a network Every networking device including computers servers routers printers etc needs an IP address to communicate across the network These networking devices are also known as hosts User s Guide Chapter 6 The LAN Configuration Screens Subnet Masks Subnet masks determine the maximum number of possible hosts on a network You can also use subnet masks to divide one network into multiple sub networks DNS DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a networking device before you can access it DHCP A DHCP Dynamic Host Configuration Protocol server can assign your WiMAX Modem an IP address subnet mask DNS and other routing information when it s turned on 6 2 DHCP Setup Click ADVANCED gt LAN Configuration gt DHCP Setup to enable disable and configure the DHCP server in the WiMAX Modem Figure 19 ADVANCED gt LAN Configuration
33. thumbprints 167 base station used for authentication 164 see BS verification 259 BS 77 78 verifying fingerprints 166 links 78 certification BYE request 124 authority see CA notices 351 requests 147 151 152 viewing 351 C chaining 259 chaining message authentication CA 147 164 User s Guide Index see CCMP circuit switched telephone networks 111 Class of Service CoS 126 client server protocol 124 SIP 124 CMAC see MAC codec 115 249 comfort noise 129 generation 246 contact information 353 copyright 349 CoS 126 counter mode see CCMP country code 248 coverage area 77 cryptography 257 customer support 353 D data 257 259 decryption 257 encryption 257 flow 259 rate 244 DHCP 66 100 102 245 client 100 245 relay 245 server 66 245 diameter 79 Differentiated Services see DiffServ DiffServ 126 DiffServ Code Point DSCP 126 marking rule 127 digital ID 257 dimensions 244 DL frequency 85 86 DnD 248 do not disturb 248 domain name 100 download frequency see DL frequency DS field 127 DSCP see DiffServ DTMF 249 detection and generation 249 duplex 244 dynamic DNS 102 245 Dynamic Host Configuration Protocol see DHCP dynamic jitter buffer 246 E EAP 79 echo cancellation 129 246 encryption 257 259 traffic 259 environmental specifications 243 244 Ethernet 244 encapsulation 90 Europe type call service mode 134 Extensible Authorization Protocol see E
34. 02 e3 56 16 9d Refresh Each field is described in the following table Table 99 DHCP Table LABEL DESCRIPTION The number of the item in this list IP Address This field displays the IP address the WiMAX Modem assigned to a computer in the network Host Name This field displays the system name of the computer to which the WiMAX Modem assigned the IP address MAC Address This field displays the MAC address of the computer to which the WiMAX Modem assigned the IP address Refresh Click this button to update the table data 222 User s Guide Chapter 19 The Status Screen 19 2 4 VoIP Statistics Click Status DHCP Table to open this screen This read only screen shows SIP registration information status of calls and VoIP traffic statistics These settings can be configured in the VOICE gt Service Configuration gt SIP Setting screen Figure 94 VoIP Statistics SIP Status Last Message Last Incoming Last Outgonig Port Status Registration URE Protocol Waiting Number Number SIP1 ic cand N A changeme 127 0 0 1 UDP No N A N A Call Statistics Phone Hook Status Codec Peer Number Duration TxPkts RxPkts Tx B s Rx B s Phone 1 On N A N A N A 0 00 00 0 0 0 0 Poll Interval 5 sec Set Interval Each field is described in the following table Table 100 VolP Statistics Registration LABEL DESCRIPTION SIP Status Port This column displays each SIP
35. 10 4 6 NAT and SIP 10 4 7 The WiMAX Modem must register its public IP address with a SIP register server If there is a NAT router between the WiMAX Modem and the SIP register server the WiMAX Modem probably has a private IP address The WiMAX Modem lists its IP address in the SIP message that it sends to the SIP register server NAT does not translate this IP address in the SIP message The SIP register server gets the WiMAX Modem s IP address from inside the SIP message and maps it to your SIP identity If the WiMAX Modem has a private IP address listed in the SIP message the SIP server cannot map it to your SIP identity See Chapter 8 The NAT Configuration Screens for more information Use a SIP ALG Application Layer Gateway Use NAT STUN or outbound proxy to allow the WiMAX Modem to list its public IP address in the SIP messages DiffServ DiffServ is a class of service CoS model that marks packets so that they receive specific per hop treatment at DiffServ compliant network devices along the route based on the application types and traffic flow Packets are marked with DiffServ Code Points DSCPs indicating the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced not
36. 20 65535 sec 180 165535 sec 180 30 3600 sec 30 20 1800 sec 4000 1025 65535 65535 1025 65535 G 711A v 6 729 v 6 7110 v RFC 2883 v 3478 1025 65535 5060 1025 65535 Outbound Proxy C Active Server Address 478 Server Port 1025 65535 NAT Keep Alive El Active O Keep Alive With SIP Proxy O Keep Alive With Outbound Proxy Keep Alive Interval 120 30 65535 sec MWI Message Waiting Indication C Enable Expiration Time 1800 1 65535 sec Fax Option G 711 Fax Passthrough 7 38 Fax Relay Call Forward Call Forward Table Tablei w Caller Ringing CI Enable Caller Ringing Tone Default v On Hold CI Enable On Hold Tone Default v The following table describes the labels in this screen Table 37 VOICE gt Service Configuration gt SIP Settings gt Advanced LABEL DESCRIPTION SIP Server Settings URL Type Select whether or not to include the SIP service domain name when the WiMAX Modem sends the SIP number e SIP include the SIP service domain name e TEL do not include the SIP service domain name User s Guide 117 Chapter 10 The Service Configuration Screens Table 37 VOICE gt Service Configuration gt SIP Settings gt Advanced continued LABEL DESCRIPTION Expiration Enter the number of seconds your SIP account is registered with the Duration SIP register server be
37. 2600000 kHz 7 3 3 Using the WiMAX Frequency Screen In this example your Internet service provider has given you a list of supported frequencies 2 51 2 525 2 6 and 2 625 1 Inthe DL Frequency 1 field enter 2510000 2510000 kilohertz kHz is equal to 2 51 gigahertz 2 Inthe DL Frequency 2 field enter 2525000 3 Inthe DL Frequency 3 field enter 2600000 User s Guide Chapter 7 The WAN Configuration Screens 4 In the DL Frequency 4 field enter 2625000 Leave the rest of the DL Frequency fields at zero The screen appears as follows Figure 30 Completing the WiMAX Frequency Screen DL Frequency 1 2510000 kHz DL Frequency 2 2525000 kHz DL Frequency 3 2600000 kHz DL Frequency 4 2625000 kHz Click Apply The WiMAX Modem stores your settings When the WiMAX Modem searches for available frequencies it scans all frequencies from DL Frequency 1 to DL Frequency 4 When it finds an available connection the fields in this screen will be automatically set to use that frequency 7 4 Antenna Selection Click ADVANCED gt WAN Configuration gt Antenna Selection to switch between the WiMAX Modem s internal antenna and the optinoal external antennas if they are installed Note This screen only pertains to the MAX 216M1R plus Other devices in this series do not support external antennas Figure 31 ADVANCED gt WAN Configuration gt Antenna Selection
38. Bab IP Address sorei aaa aa cssc hp aE AIA Ee RUE aO ad 58 EC PIE NAR RR UU RITE 59 24 6 CERTE on tania pear cf gens Dep aod oo pa aa ta pod Cle dba ong 60 5 4 1 Pre Defined NTP Time Servers List c cccccccccccccsscsesseseceeceecececeseeessaasaaeeeceeeeeeeees 61 54 2 RESON ING Ie ME cuunsibiscsdeetisssulietisce ee tas d Mer tasas irent cba vances hig sce UM pen XR I cuin td 62 Part Ill Advanced Screens ecce creer eee 63 Chapter 6 The LAN Configuration Sr ies isaac ssa aita natn aaaea reaa baiiian 65 Res I II TR 65 E T1 What You Gan Doin This Chapter ucissseteeuiacatentk vid dece tugesu ebbe that onte tn de SEM e 65 612 vba vog Ned qo AMO WY uuusxoi basate ra EM reEc NU Eu mr EET nated Ar EM e csi sam b edes 65 Bs EH SS IU curtis scutes ant a uU et cadet Gat up GUN asc eo d Uu ut e CERO DH Gud Refuge 66 cm SN MUSE d Cem 68 B4 IPOSESBCS PRI na PR petet c aa ERR a c EST ett od d aget E and 69 B TIPP SIC Mate SEUD inini monaci pax eure Fonero sai Pa ano palos b 70 SE Pip eu Em 23 6 6 Techo Peter GR 2 copo o d ei pb ga Rcs e RA 72 8 8 1 IP Address and Subnet Mask Lists en t perm EM oerte cS reae ue Ya be Ox am E IR bL VOUS 72 6 2 DHCP SOUD arrana e a aE Eais 73 Sage TR Be sc coe rece crew wet enter NEN MUT MS 73 6 0 4 DNS Sarver Addi SE co deoa tiei bt isqua alae aaia 74 12 User s Guide Table of Contents DES RIP ep ases epp a Ha e pbbctan bathe peut b
39. Configuration Saree Ne Loc mde n RO eas Lp P a re CD RET TOR ARE Metts 65 The WAN Configuration Screens c ecexic m opor cuna epPEK DRAN o PEEV DN UELLE OUR anna KOGAR iiaa 77 The NAT Configuration SABRE aues conan ae oda epo ERG aepo eno od nba roo viaa ec 89 The System Coniiguration SOV BOIS su saco vordere cll Prades cc caa a 99 VOO SCIRBDS assem Im FETRIIET Irsa AEEA rA BEN tense RISE TA EKRU SER E DIR EE A 109 The Service Configuration Screens sssssssssssssssssseesee nennen nnne nens nnne nnn 111 The PROS Greeg o i2csaccchicetecioeatie a a ora Era iad E EE UN epe f aS 129 The Phones Book SOIBBIB aie rnt tor nda Eee ie as oux edi abc adaa 139 TOG STUDIERT TE DT 145 Hi Le quei ET LI S E ETT TET TRO T 147 Blame kid EET Tm 169 CBIe BE FIN saccctctactecciacoatcae atra dabo t Ed ic np DEO LIUC toni S canes E dicU co Led Ds yee iad odageanciceosaree LODGE Ced Dec RUE M DUE 179 The Remote Management Selle uissnsuecaaniade eiii resis kata beni brin seda d aD ba a EK 183 doc C 195 TU UN cec DU 199 The Salus SOROS 2 uueteccasa Etro dunk Eo ca Sonar di uaeaw trully seqq ca a Kore rad i aa eta pepe Maa Ex co as unk v me aM Kai 215 Troubleshooting and Specifications eese eeeeeeeeeeee nennen nennen nnn 227 TOUDE ALTE e ILU 229 giishrtaecs cr je eee cM 237 Appendices and IBOQX ee 255 User s Guide 9 Contents Overview User s Guide Table of Contents Tab
40. Configurator Table 3 Main gt Icons continued ICON DESCRIPTION VOICE Click to go to the Voice screen where you can configure your voice service and phone settings TOOLS Click to go the Tools screen where you can configure your firewall QoS and content filter among other things STATUS Click to go to the Status screen where you can view status and statistical information for all connections and interfaces Strength Indicator Displays a visual representation of the quality of your WiMAX connection Disconnected Zero bars Poor reception One bar Good reception Two bars Excellent reception Three bars The following table describes the labels in this screen Table 4 Main LABEL DESCRIPTION Help Click to open the web configurator s online help Wizard Click to run the Internet Connection and VolP Connection Setup Wizard All of the settings that you can configure in this wizard are also available in these web configurator screens Logout Click to log out of the web configurator Note This does not log you off the WiMAX network it simply logs you out of the WiMAX Modem s browser based configuration interface WiMAX Connection Status This field indicates the current status of your WiMAX connection Status messages are as follows Connected Indicates that the WiMAX Modem is connected to the WiMAX network Use the Strength Indicato
41. Description Protocol 249 Session Initiation Protocol see SIP silence suppression 129 246 silent packets 129 Simple Certificate Enrollment Protocol SCEP 152 SIP 111 account 112 245 ACK message 123 ALG 96 126 246 249 Application Layer Gateway see ALG authentication 52 authentication password 52 BYE request 124 call progression 123 client 124 client server 124 identities 112 INVITE request 123 number 52 112 OK response 123 outbound proxy 115 proxy server 124 redirect server 125 register server 112 server address 52 servers 124 service domain 52 112 URI 112 user agent 124 version 2 249 SNMP 185 manager 187 sound quality 116 specifications physical and environmental 243 244 speed dial 139 SS 77 78 stateful inspection 174 storage humidity 244 storage temperature 243 STUN 115 126 subnet 299 mask 300 subnetting 302 subscriber station see SS supplementary phone services 130 syntax conventions 5 system timeout 184 T tampering TCP IP configuration 66 TDD 244 TEK 259 temperature 243 TFTP restrictions 184 three way conference 135 137 TLS 48 81 257 transport encryption key see TEK transport layer security see TLS triangle route problem 175 solutions 176 trigger port forwarding process 95 TTLS 48 81 257 260 tunneled TLS see TTLS User s Guide Index U Wireless Metropolitan Area Network see MAN unauthorized device 257 wireless network access 77 uniform resource
42. E Importing Certificates 2 In Preferences click ADVANCED gt Security gt Manage certificates Figure 182 Opera 9 Preferences Preferences Choose a master password to protect personal certificates Browsing Notifications Set master password Content Fonts Downloads Programs Every time needed Ask for password History Security Enable Fraud Protection User s Guide Appendix E Importing Certificates 3 In the Certificates Manager click Authorities gt Import Figure 183 Opera 9 Certificate manager Certificate manager AAA Certificate Serv Actalis Root CA AddTrust Class 1 CA Root AddTrust External CA Root AddTrust Public CA Root AddTrust Qualified CA Root Baltimore CyberTrust Code Signing Root Baltimore CyberTrust Mobile Root Baltimore CyberTrust Root Certum CA Certum CA Level I Certum CA Level II Certum CA Level III Certum CA Level IV Class 1 Public Primary Certification Authority Class 1 Public Primary Certification Authority G2 c 1998 VeriSig Class 2 Public Primary Certification Authority Class 2 Public Primary Certification Authority G2 c 1998 VeriSig v 4 Usethe Import certificate dialog box to locate the certificate and then click Open Figure 184 Opera 9 Import certificate Import certificate Desktop X My Computer B My Documents amp My Network Places User s Guide Appendix
43. E Importing Certificates 5 In the Install authority certificate dialog box click Install Figure 185 Opera 9 Install authority certificate Install authority certificate Install this certificate authority s certificate chain in the database 1 172 20 37 202 vew 6 Next click OK Figure 186 Opera 9 Install authority certificate Install authority certificate i Are you sure you want to trust this issuer 7 The next time you visit the web site click the padlock in the address bar to open the Security information window to view the web page s security details User s Guide Appendix E Importing Certificates Removing a Certificate in Opera This section shows you how to remove a public key certificate in Opera 9 1 Open Opera and click TOOLS Preferences Figure 187 Opera 9 Tools Menu Mail and chat accounts Delete private data Notes Ctrl Alt4E Transfers Ctrl Alt T Ctrl Alt H Links Ctrl Alt L Advanced gt Quick preferences F12 gt Appearance Shift F 12 Preferences Ctrl F12 X 2 In Preferences ADVANCED gt Security gt Manage certificates Figure 188 Opera 9 Preferences Preferences Tabs Choose a master password to protect personal certificates Browsing Notifications Set master password Content Fonts Downloads Programs History aes Enable Fraud Protection Manage certificates Toolbars Shortcuts Voice
44. ICMP CMP access matched or didn t match a firewall rule denoted by its number and was blocked or forwarded according to the rule Triangle route packet forwarded ICMP The firewall allowed a triangle route session to pass through Packet without a NAT table entry blocked ICMP The router blocked a packet that didn t have a corresponding NAT table entry Unsupported out of order ICMP The firewall does not support this kind of ICMP ICMP packets or the I CMP packets are out of order Router reply ICMP packet ICMP The router sent an ICMP reply packet to the sender Table 85 PPP Logs LOG MESSAGE DESCRIPTION ppp LCP Starting The PPP connection s Link Control Protocol stage has started ppp LCP Opening The PPP connection s Link Control Protocol stage is opening ppp CHAP Opening The PPP connection s Challenge Handshake Authentication Protocol stage is opening ppp IPCP Starting starting The PPP connection s Internet Protocol Control Protocol stage is ppp IPCP Opening opening The PPP connection s Internet Protocol Control Protocol stage is ppp LCP Closing The PPP connection s Link Control Protocol stage is closing ppp IPCP Closing closing The PPP connection s Internet Protocol Control Protocol stage is Table 86 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can
45. JavaScripts and Java Permissions Please see Appendix C on page 289 User s Guide 235 Chapter 20 Troubleshooting User s Guide Product Specifications This chapter gives details about your WiMAX Modem s hardware and firmware features Table 102 Environmental and Hardware Specifications FEATURE DESCRIPTION Operating Temperature 0 C to 45 C Storage Temperature 25 C to 55 C Operating Humidity 10 90 non condensing Storage Humidity 10 to 95 non condensing Power Supply 12V DC 2A Power Consumption 18W Ethernet Interface One auto negotiating auto MDI MDI X NWay 10 100 Mbps RJ 45 Ethernet port Telephony Interface One analog ATA interfaces for standard telephones through RJ 11 FXS Foreign Exchange Subscriber analog connector Antennas Two internal omnidirectional 7dBi WiMAX antenna for MAX 216M1R Two optional SMA external antenna connectors for MAX 216M1R plus Two internal omnidirectional 6dBi WiMAX antenna for MAX 206M1R amp MAx 236M1R Weight 400g Dimensions 260mm H x 165mm W x 25mm D Safety Approvals UL 60950 1 CAN CSA C22 2 No 60950 1 03 EN 60950 1 IEC 60950 1 EMI Approvals EN 301489 1 v1 6 1 EN 61000 3 2 EN 61000 3 3 237 Chapter 21 Product Specifications Table 102 Environmental and Hardware Specifications continued EMS Approvals EN 301489 4 v1 3 1
46. PKM This field displays the Privacy Key Management version number PKM provides security between the WiMAX Modem and the base station At the time of writing the WiMAX Modem supports PKMv2 only See the WiMAX security appendix for more information Authentication This field displays the user authentication method Authentication is the process of confirming the identity of a mobile station by means of a username and password for example Check with your service provider if you are unsure of the correct setting for your account Choose from the following user authentication methods TTLS Tunnelled Transport Layer Security TLS Transport Layer Security Note Not all WiMAX Modems support TLS authentication Check with your service provider for details TTLS Inner EAP This field displays the type of secondary authentication method Once a secure EAP TTLS connection is established the inner EAP is the protocol used to exchange security information between the mobile station the base station and the AAA server to authenticate the mobile station See the WiMAX security appendix for more details The WiMAX Modem supports the following inner authentication types CHAP Challenge Handshake Authentication Protocol MSCHAP Microsoft CHAP e MSCHAPV2 Microsoft CHAP version 2 PAP Password Authentication Protocol Certificate This is the security certificate the WiMAX Modem uses to aut
47. Path Certification information Type Version Serial Number Subject Issuer Signature Algorithm Valid From Valid To Key Algorithm Subject Alternative Name Key Usage Basic Constraint MD5 Fingerprint SHA1 Fingerprint BEGIN CERTIFICATE Name auto_generated_self_signed_cert v Default self signed certificate which signs the imported remote host certificates CN MAX 206M2 0019CB00000 1 Certificate in PEM Base 64 Encoded Format QVgtMjAZTTIgMDAxOUNCMDAWMDAxMB4XDTAWMDEwMTAwMDAWMFoXDTMwMDEWMTAw MDAWMFowITEfMBOGA 1UEAXMWTUFYLTIWNkO yIDAWMTIDQJAWMDAWMTCEnzANBakq hkiGSWOBAQEFAAOBjQAwgYkCgYEArtszQj7aCO82h2b 4py 3GMgROkeGF J95zYhld gMLShIYgLk8qQB7 uk JMemaDBeR 4edYWTGwPvCSETin60CjWxDkQmB3M4YYBY8k 2Mzhz4el fp 4 UUMWosPKP 4y9mbNCwUjH TIXXKDvkkZVXbmNuujUfJwZpQPlbhX M RSSjUCAWEAAaNNMEswDgYDVROPAQEABAQDAgKKMCUGA 1UdEQQeMByBGjAWMTID QjAwMDAwMUEhdXRvL mdlbi5j2X30MBIGA 1UdEwEBAAQIMAYBAf8CAQEwDQY JKoZI T i MIICCDCCAXGgAwIBAgIEOG2SXjANBgkqhkiGSWwOBAQUFADAhMRSwWHQYDVQQDExZN Self signed X 509 Certificate v3 946711646 CN MAX 206M2 0019CB000001 CN MAX 206M2 0019CB000001 rsa pkcsi shai 2000 Jan 1st 00 00 00 GMT 2030 Jan 1st 00 00 00 GMT rsaEncryption 1024 bits EMAIL 0019CB000001 Gauto gen cert DigitalSignature KeyEncipherment KeyCertSign Subject Type CA Path Length Constraint 1 e1 35 6d 3d 8a b8 de 04 d2 37 98 c5 45 bd 14 a1 d1 bb e2 fd 9c 99 7b 59 ed 33 0c 96 1b c7 a4 47
48. Preferences 4 Show All tal Personal ore m a o Q Appearance Dashboard amp Desktop amp Dock International Security Spotlight Expos Screen Saver Hardware i gt bt a Q S mw Y 0 m Bluetooth CDs amp DVDs Displays Energy Keyboard amp Print amp Fax Sound Saver Mouse Internet amp Ne Mac QuickTime Sharing System 1 za a Accounts Date amp Time Software Speech Startup Disk Universal Update Access User s Guide Appendix B Setting Up Your Computer s IP Address 3 When the Network preferences pane opens select Built in Ethernet from the network connection type list and then click Configure Figure 110 Mac OS X 10 4 Network Preferences eo Network 4 Show All Q i Location Automatic HJ Show Network Status Hm Built in Ethernet is currently active and has the IP address Built in Ethernet 10 0 1 2 You are connected to the internet via Built in Ethernet 1 Internet Sharing is on and is using AirPort to share the 6 AirPort connection sconnect Configure 9 d lt S a Click the lock to prevent further changes Assist me Apply Now 4 For dynamically assigned settings select Using DHCP from the Configure IPv4 list in the TCP IP tab Figure 111 Mac OS X 10 4 Network Preferences TCP IP Tab e eo Network 4 Show All Q Location Automatic HJ Show Built in Ethernet HJ AppleTalk
49. SNMP Management Model a e rere prb e eda ama e Rea ti aeri qaad ud la eu 187 Figure 80 TOOLS gt Remate Management SNMP 1 nani ee tt Eee heben ku nab eaii sepa o EE Eran 189 Figure 81 TOOLS gt Remote Management DNS cir nicer taret hme pce tur cbe c ae ea paeu DER EDCES 190 User s Guide List of Figures Figure 82 TOOLS gt Remote Management gt Security nennen 191 Foue co TP DBS EE OU rieira aaie desc cda Seeds x Do mad Ed Rx dass RDUM E dax Ra baF ER Rd agi EU 192 Figure 84 TOOLS gt Remote Management gt TROBO eiie ie cette eren serie Eee naina 193 Powe io 45 000 TP 195 Pious 86 Oos s Class SOND Rem E 196 Figure BF QoS gt Class Setup gt Class ContguratiONi ccce eni us tee ecce anaa ia 197 Foute o8 TOOLS boga o VIEW LOJE uci iunddacasntis az Fade OG antur aa a aE Evae DO Baie 201 Figure 89 TODLS Logs gt Leg Seltinds sae iid sitesbi qoe RR QUUD aee dst oet dist bnc Ub da itpe id Neghebe qul dd Due dd 203 gil RAPI UPC I IO 215 FROST uie Cierre EE E LO T DOT 219 Foute 92 WIMAX Site lusus mc 221 gf SDHCGP TE V 222 Foure c VoIP SGT 35 235 sas jadesce sae ui E eaa zb Er d Rbe ate Qidoab Lap Sud qu bep QD eee 223 Foura OS WIMAN POTS c 225 Figure gG Windons XP Start Men eus ovni pO aa a aa aa Ri du E aa 262 Pare OF Windons AF Control Panal em 262 Figure 98 Windows XP Control Panel gt Network Connections gt Properties n 263 Figure 99 Windo
50. Subnet 2 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address Lowest Host ID 192 168 1 65 192 168 1 64 Broadcast Address Highest Host ID 192 168 1 126 192 168 1 127 Table 120 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address Lowest Host ID 192 168 1 129 192 168 1 128 Broadcast Address Highest Host ID 192 168 1 190 192 168 1 191 Table 121 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 192 IP Address Binary 11000000 10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 User s Guide Appendix D IP Addresses and Subnetting Table 121 Subnet 4 continued IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE Subnet Address Lowest Host ID 192 168 1 193 192 168 1 192 Broadcast Address Highest Host ID 192 168 1 254 192 168 1 255 Example Eight Subnets Similarly use a 27 bit mask to create eight subnets 000 001 010 011 100 101 110 and 111 The following table shows IP address last octet values for each subnet Table 122 Eight Subnets SUBNET SUBNET FIRST
51. TTE EET 99 98 1 1 What You Gan Do In This Chaplet osi ostetprxitg ae oU RE Pe Aa Sia 99 BENI You N sd Io KOME sasuke oat ab aa carp a eec apa aea OCC E A D ap ond 99 SRARCUII S Mem rc oc TM A 101 cR ENCDID DAE Ret 102 I IN acu Eee pte pephi abord danses bbnai sp vede uu s aa odia ad iment dunn 104 94 1 The Fimwae CLEP e Re 105 zo wes ee C 106 9 5 1 The Restore Configuration Process iius inidaterisrt blc badked dex cad aan d 107 20 Re Rapper ET a DEDISSET 107 SOLTO pee POCO TETTE TIT 108 User s Guide 13 Table of Contents x n4 zh 109 Chapter 10 The Service Configuration Screens ueeeeeeeeeee ee eeann nnn nnne anna 111 pxEer JO m 111 10 1 1 What You Can Do in This Chapel sissisota 111 1L PRUE i Nl Te RION C 111 10 5 eM SU EGO eis es osixes E E ncc asp a Dodd inr das fad 113 iee ec iio p e ER 118 T0051 Avanad SP Songs nsi reci Rc a e oa rati b dia n Pd ante MR 115 pcr m 122 104 echnical GTI GCS auci ope testa rb ias eae toners tecseas geneepeasuaniede CAS RUR aN RN USE 123 T0553 TON CALPE IN a cisci nDorebas aE EE N bec asp ira ae ea OR d 123 104 2 SIP Ollem L T o I DL 124 TAS SP USSR cp We EM 124 TOA ASP PEOR SENE icouiiiaagek E cor aan xu ER eade oda eatin ad uL AR UL ap UE Ge D UG Cz 124 J040 SIF Rediet DEVE oce oerateqo n pat pnt bidoec Du E ERE RR RP LAN QR ER REM r 125 TOGLO NAT and SI
52. The Certificates Screens Table 51 TOOLS gt Certificates gt My Certificates continued LABEL DESCRIPTION Name This field displays the name used to identify this certificate It is recommended that you give each certificate a unique name Type This field displays what kind of certificate this is REQ represents a certification request and is not yet a valid certificate Send a certification request to a certification authority which then issues a certificate Use the My Certificate I mport screen to import the certificate and replace the request SELF represents a self signed certificate SELF represents the default self signed certificate which signs the imported remote host certificates CERT represents a certificate issued by a certification authority Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or company and country With self signed certificates this is the same information as in the Subject field Valid From This field displays the date that the certificate becomes applicable
53. WiMAX Modem to enroll a certificate online User s Guide Chapter 13 The Certificates Screens 13 2 2 My Certificate Edit Click TOOLS Certificates My Certificates then the Edit icon to access this screen Use this screen to view in depth certificate information and change the certificate s name Figure 61 TOOLS gt Certificates gt My Certificates gt Edit Name auto generated self signed cert Property v Default self signed certificate which signs the imported remote host certificates Certification Path CN MAX 206M2 0019CB00000 1 Certification information Type Self signed X 509 Certificate Version v3 Serial Number 946711646 Subject CN MAX 206M2 0019CB000001 Issuer CN MAX 206M2 0019CB000001 Signature Algorithm rsa pkcs1 sha1 Valid From 2000 Jan 1st 00 00 00 GMT Valid To 2030 Jan 1st 00 00 00 GMT Key Algorithm rsaEncryption 1024 bits Subject Alternative Name EMAIL 0019CB000001 Gauto gen cert Key Usage DigitalSignature KeyEncipherment KeyCertSign Basic Constraint Subject Type CA Path Length Constraint 1 MD5 Fingerprint e1 35 6d 3d 8a b8 de 94 d2 37 98 c5 45 bd 14 31 SHA1 Fingerprint d1 bb e2 fd 9c 99 7b 59 ed 33 0c 96 1b c7 a4 47 ce a8 1b 7c Certificate in PEM Base 64 Encoded Format L BEGIN CERTIFICATE MIICCDCCAXGgAwIBAgIEOG2sXjANBakahkiG9wOBAQUFADAhMRB8wWHQYDVQQDExZN QVgtMjAZTTIgMDAxOUNCMDAWMDAxMB4XDTAWMDEwMTAwMDAWMFoXDTMwMDEWMTAw MDAWMFowITEfMBOGA
54. Wizard Certificate Import Wizard Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust lists and certificate revocation lists from your disk to a certificate store A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are kept To continue click Next 6 If you want Internet Explorer to Automatically select certificate store based on the type of certificate click Next again and then go to step 9 Figure 155 Internet Explorer 7 Certificate Import Wizard Certificate Import Wizard Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for Automatically select the certificate store based on the type of certificate Place all certificates in the following store User s Guide Appendix E Importing Certificates 7 Otherwise select Place all certificates in the following store and then click Browse Figure 156 Internet Explorer 7 Certificate Import Wizard Place all certificates in the following store Certificate store Browse 8 Inthe Select Certificate Store dialog box choose a location in which to save the certificate and then
55. account in the WiMAX Modem Status This field displays the current registration status of the SIP account You can change this in the Status screen Registered The SIP account is registered with a SIP server Register Fail The last time the WiMAX Modem tried to register the SIP account with the SIP server the attempt failed The WiMAX Modem automatically tries to register the SIP account when you turn on the WiMAX Modem or when you activate it Inactive The SIP account is not active You can activate it in VOICE gt SIP gt SIP Settings Last This field displays the last time you successfully registered the SIP account It displays N A if you never successfully registered this account URI This field displays the account number and service domain of the SIP account You can change these in VOICE gt SIP gt SIP Settings Protocol This field displays the transport protocol the SIP account uses SIP accounts always use UDP Message This field indicates whether or not there are any messages waiting for Waiting the SIP account Last Incoming Number This field displays the last number that called the SIP account It displays N A if no number has ever dialed the SIP account User s Guide E Chapter 19 The Status Screen Table 100 VolP Statistics LABEL DESCRIPTION Last Outgoing This field displays the last number the SIP account called It displays Number N A if the SIP account has
56. assignment from the actual real DHCP server to the clients IP Alias IP alias allows you to partition a physical network into logical networks over the same Ethernet interface Your device supports three logical LAN interfaces via its single physical Ethernet interface with the your device itself as the gateway for each LAN network Multiple SIP Accounts You can configure multiple voice SIP accounts User s Guide Chapter 21 Product Specifications Table 110 Firmware Specifications continued FEATURE DESCRIPTION SIP ALG Your device is a SIP Application Layer Gateway ALG It allows VoIP calls to pass through NAT for devices behind it such as a SIP based VoIP software application on a computer Dynamic Jitter Buffer The built in adaptive buffer helps to smooth out the variations in delay jitter for voice traffic up to 60 ms This helps ensure good voice quality for your conversations Voice Activity Detection Silence Suppression Voice Activity Detection VAD reduces the bandwidth that a call uses by not transmitting when you are not speaking Comfort Noise Generation Your device generates background noise to fill moments of silence when the other device in a call stops transmitting because the other party is not speaking as total silence could easily be mistaken for a lost connection Echo Cancellation You device supports G 168 of at least 24 ms This an
57. by the size of the network number part the bits with a 1 value For example an 8 bit mask means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes Subnet masks are expressed in dotted decimal notation just like IP addresses The following examples show the binary and decimal notation for 8 bit 16 bit 24 bit and 29 bit subnet masks Table 115 Subnet Masks BINARY 1ST 2ND 3RD 4TH DECIMAL OCTET OCTET OCTET OCTET 8 bit mask 11111111 00000000 00000000 00000000 255 0 0 0 16 bit 11111111 11111111 00000000 00000000 255 255 0 0 mask 24 bit 11111111 11111111 11111111 00000000 255 255 255 0 mask 29 bit 11111111 11111111 11111111 11111000 255 255 255 24 mask 8 Network Size The size of the network number determines the maximum number of possible hosts you can have on your network The larger the number of network number bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address with host IDs of all ones is the broadcast address for that network 192 168 1 255 with a 24 bit subnet mask for example As these two IP addresses cannot be used for individual hosts calculate the maximum number of possible hosts in a network as follows Table 116 Maximum Host Numbers
58. com 352 User s Guide Customer Support In the event of problems that cannot be solved by using this manual you should contact your vendor If you cannot contact your vendor then contact a ZyXEL office for the region in which you bought the device Regional offices are listed below see also http www zyxel com web contact us php Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it is the prefix number you dial to make an international telephone call Corporate Headquarters Worldwide Support E mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com e Regular Mail ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan China ZyXEL Communications Beijing Corp Support E mail cso zycn zyxel cn Sales E mail sales zyxel cn Telephone 86 010 82800646 Fax 86 010 82800587 Address 902 Unit B Horizon Building No 6 Zhichun Str Haidian District Beijing Web http www zyxel cn User s Guide EJ Appendix Customer Support China ZyXEL Communications Shanghai Corp Support E mail cso zycn zyxel cn Sales E mail sales zyxel cn Telep
59. conference connection Flash 98 Transfer the call to another phone European Call Hold allows you to put a call A on hold by pressing the flash key User s Guide Chapter 11 The Phone Screens If you have another call press the flash key and then 2 to switch back and forth between caller A and B by putting either one on hold Press the flash key and then 0 to disconnect the call presently on hold and keep the current call on line Press the flash key and then 1 to disconnect the current call and resume the call on hold If you hang up the phone but a caller is still on hold there will be a remind ring European Call Waiting allows you to place a call on hold while you answer another incoming call on the same telephone directory number If there is a second call to a telephone number you will hear a call waiting tone Take one of the following actions Reject the second call Press the flash key and then press 0 Disconnect the first call and answer the second call Either press the flash key and press 1 or just hang up the phone and then answer the phone after it rings Put the first call on hold and answer the second call Press the flash key and then 2 European Call Transfer allows you to transfer an incoming call that you have answered to another phone To do so 1 Press the flash key to put the caller on hold 2 When you hear the dial tone dial 98 fol
60. current call The rate is the average number of bytes transmitted per second Poll Interval s Enter how often you want the WiMAX Modem to update this screen and click Set I nterval Set Interval Click this to make the WiMAX Modem update the screen based on the amount of time you specified in Poll I nterval Stop Click this to make the WiMAX Modem stop updating the screen User s Guide Chapter 19 The Status Screen 19 2 5 WiMAX Profile Click Status WiMAX Profile to open this screen This read only screen displays information about the security settings you are using To configure these settings go to the ADVANCED gt WAN Configuration gt Internet Connection screen Note Not all WiMAX Modem models have all the fields shown here Figure 95 WiMAX Profile WiMAX Profile User Name Password Anonymous Identity PKM Authentication TTLS Inner EAP Certificate The following table describes the labels in this screen Table 101 The WiMAX Profile Screen LABEL DESCRIPTION User Name This is the username for your Internet access account Password This is the password for your Internet access account The password displays as a row of asterisks for security purposes Anonymous Identity This is the anonymous identity provided by your Internet Service Provider Anonymous identity also known as outer identity is used with EAP TTLS encryption PKM This field di
61. describes the labels in this screen Table 33 ADVANCED gt System Configuration gt Firmware LABEL DESCRIPTION File Path Enter the location of the bin file you want to upload or click Browse to find it You must decompress compressed zip files before you can upload them Browse Click this to find the bin file you want to upload Upload Click this to begin uploading the selected file This may take up to two minutes Note Do not turn off the device while firmware upload is in progress 9 4 1 The Firmware Upload Process When the WiMAX Modem uploads new firmware the process usually takes about two minutes The device also automatically restarts in this time This causes a temporary network disconnect Note Do not turn off the device while firmware upload is in progress After two minutes log in again and check your new firmware version in the Status screen You might have to open a new browser window to log in If the upload is not successful you will be notified by error message Click Return to go back to the Firmware screen User s Guide Chapter 9 The System Configuration Screens 9 5 Configuration Click ADVANCED gt System Configuration gt Configuration to back up or restore the configuration of the WiMAX Modem You can also use this screen to reset the WiMAX Modem to the factory default settings Figure 43 ADVANCED gt System Configuration gt Con
62. entries are sent by e mail Leave this field blank if you do not want to send logs by e mail Send Alerts to Enter the e mail address to which alerts are sent by e mail Leave this field blank if you do not want to send alerts by e mail Log Schedule Select the frequency with which the WiMAX Modem should send log messages by e mail Daily Weekly Hourly When Log is Full None If the Weekly or the Daily option is selected specify a time of day when the E mail should be sent If the Weekly option is selected then also specify which day of the week the E mail should be sent If the When Log is Full option is selected an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log This field is only available when you select Weekly in the Log Schedule field Select which day of the week to send the logs Time for Sending Log This field is only available when you select Daily or Weekly in the Log Schedule field Enter the time of day in 24 hour format for example 23 00 equals 11 00 pm to send the logs Clear log after sending mail Select this to clear all logs and alert messages after logs are sent by e mail Syslog Logging Active Select this to enable syslog logging Syslog Server P Address Enter the server name or IP address of the syslog server that logs the selected categories of logs Log Facility Sele
63. fail RTP connect fail A VoIP phone call failed because the RTP session could not be established Error RTP connection cannot close The termination of an RTP session failed User s Guide Chapter 18 The Logs Screens Table 93 FSM Logs Caller Side LOG MESSAGE DESCRIPTION Call Number VoIP Call Start Ph Phone Port Number Outgoing Someone used a phone connected to the listed phone port to initiate a VoIP call to the listed destination VoIP Call Established Ph Phone Port Outgoing Call Number Someone used a phone connected to the listed phone port to make a VoIP call to the listed destination Port VoIP Call End Phone Phone A VoIP phone call made from a phone connected to the listed phone port has terminated Table 94 FSM Logs Callee Side LOG MESSAGE DESCRIPTION VoIP Call Start from SIP SIP Port Number A VoIP phone call came to the WiMAX Modem from the listed SIP number VoIP Call Established Ph Phone Port Outgoing Call Number A VoIP phone call was set up from the listed SIP number to the WiMAX Modem VoIP Call End Phone Phone Port A VoIP phone call that came into the WiMAX Modem has terminated Table 95 Lifeline Logs LOG MESSAGE DESCRIPTION PSTN Call Start A PSTN call has been initiated PSTN Call End A PSTN call has terminated PSTN Call Es
64. find out if a user is logged on FTP TCP 20 File Transfer Program a program to enable fast transfer of files including TCP 21 large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce CMP User Defined 1 Internet Control Message Protocol is often used for diagnostic or routing purposes ICQ UDP 4000 This is a popular Internet chat program IGMP User Defined 2 Internet Group Management Protocol MULTI CAST is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management IRC TCP UDP 6667 This is another popular Internet chat program MSN Messenger TCP 1863 Microsoft Networks messenger service uses this protocol NEW ICQ TCP 5190 An Internet chat program NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides transparent file sharing for network environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet I Nternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 let
65. for Real Time Applications RFC 3581 An Extension to the Session Initiation Protocol SIP for Symmetric Response Routing RFC 3611 RTP Control Protocol Extended Reports RTCP XR XR RFC 3715 IP Sec NAT Compatibility RFC 3842 A Message Summary and Message Waiting Indication Event Package for the Session Initiation Protocol SIP IEEE 802 3 10BASE5 10 Mbit s 1 25 MB s IEEE 802 3u 100BASE TX LOOBASE T4 100BASE FX Fast Ethernet at 100 Mbit s 12 5 MB s with auto negotiation Table 106 Voice Features Call Park and Call park and pickup lets you put a call on hold park and then Pickup continue the call pickup The caller must still pay while the call is parked When you park the call you enter a number of your choice up to eight digits which you must enter again when you pick up the call If you do not enter the correct number you cannot pickup the call This means that only someone who knows the number you have chosen can pick up the call You can have more than one call on hold at the same time but you must give each call a different number Call Return With call return you can place a call to the last number that called you either answered or missed The last incoming call can be through either SIP or PSTN Country Code Phone standards and settings differ from one country to another so the settings on your WiMAX Modem must be configured to match those of the country you are in The country code feature a
66. identifier 112 standard 77 UPnP 245 l wireless security 244 257 USA type call service mode 136 f wizard setup 45 use NAT 126 use NAT feature 112 user agent SIP 124 user authentication 257 user ID 52 user name 103 V VAD 129 246 verification 259 virtual local area network see VLAN VLAN 122 group 122 ID tags 122 tags 122 VLAN ID 122 voice activity detection 129 246 coding 115 mail 111 Voice over IP see VolP VolP 111 standards compliance 245 W waveform codec 116 weight 244 WiMAX 77 78 244 bandwidth 244 security 259 WiMAX Forum 77 Wireless Interoperability for Microwave Access see WiMAX User s Guide
67. inde puit e M e enhn a 172 Table 00 TOOLS gt Firewall s Geria DOE aussotstizanciusanndssrae mskedtaa a derivan dati camada glue RS Eua 173 Table 61 TOOLS sonent Filip PRISE lt sascssatecoieieabereraien ter e dicito sini qug pee Vledas bean is b esuds 181 Table 62 TOOLS gt Content Filler gt SohBdala esee e ehtci des ae aden en etia FR LER ies 182 Table 63 Remote Management eT M 183 Table 64 TOOLS gt Remote Management gt WWW uu cceeccccesecceeeneeeeeeeceeeaeeceeeeeeeeaaeeseeeaaesnaaeeeeneaanens 185 Table 65 TOOLS gt Remote Management gt Telnet entente 186 Table 66 TOOLS Remote Management s FIP sssiccsisacctesccassisniccedecsdanscougucsebransesscubiasivigertessietassehaneds 187 THEG ONMP TADS emm 188 Table 68 TOOLS gt Remote Management gt SNMP sss nennen nnne tentent s innen 189 Table 68 TOOLS gt Remote Management DNS sssesete tinte an Pea ape nth andae E epka x Ad ke e EV BR Fe reHn 190 Table 70 TOOLS gt Remote Management gt Security enne nnne 191 Table 71 TOOLS Remote Management s TROGO suse icd da ar duc rne dd dn rk dtc 193 Table 72 TOOLS gt Remote Management gt Security eeseessssssssssssssesee een nnen tnter 195 Bri 73 00S CASS C ID D E 196 TN a te ip cm 197 Ur FS SHO LOS 200 Table 76 HPC 2408 IGAKMP Payload Types sacesssi issu ras usa duxasinkk shed cts a cada ada nd te
68. information so that it cannot be read by anyone who does not know the code WiMAX uses PKMv2 Privacy Key Management version 2 for authentication and CCMP Counter Mode with Cipher Block Chaining Message Authentication Protocol for data encryption WiMAX supports EAP Extensible Authentication Protocol RFC 2486 which allows additional authentication methods to be deployed with no changes to the base station or the mobile or subscriber stations PKMv2 is a procedure that allows authentication of a mobile or subscriber station and negotiation of a public key to encrypt traffic between the MS SS and the base station PKMv2 uses standard EAP methods such as Transport Layer Security EAP TLS or Tunneled TLS EAP TTLS for secure communication In cryptography a key is a piece of information typically a string of random numbers and letters that can be used to lock encrypt or unlock decrypt a message Public key encryption uses key pairs which consist of a public freely available key and a private secret key The public key is used for encryption and the private key is used for decryption You can decrypt a message only if you have the private key Public key certificates or digital IDs allow users to verify each other s identity User s Guide 257 Appendix A WiMAX Security RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The base station is the clie
69. logs and alerts are sent or recorded What You Need to Know The following terms and concepts may help as you read through this chapter Alerts An alert is a type of log that warrants more serious attention Some categories such as System Errors consist of both logs and alerts Syslog Logs There are two types of syslog event logs and traffic logs The device generates an event log when a system event occurs for example when a user logs in or the device is under attack The device generates a traffic log when a session is terminated A traffic log summarizes the session s type when it started and stopped the amount of traffic that was sent and received and so on An external log analyzer User s Guide Chapter 18 The Logs Screens can reconstruct and analyze the traffic flowing through the device after collecting the traffic logs Table 75 Syslog Logs LOG MESSAGE DESCRIPTION Event Log Facility 8 Severity Mon dd hr mm ss hostname src lt srcIP srcPort gt dst lt dstIP dstPort gt msg lt msg gt note lt note gt devID lt mac address gt cat lt category gt This message is sent by the system RAS displays as the system name if you haven t configured one when the router generates a syslog The facility is defined in the Log Settings screen The severity is the log s syslog class The definition of messages and notes are defined in the various log charts throughout this
70. never dialed a number Call Statistics Phone This field displays the WiMAX Modem s phone port number Hook This field indicates whether the phone is on the hook or off the hook On The phone is hanging up or already hung up Off The phone is dialing calling or connected Status This field displays the current state of the phone call N A There are no current VoIP calls incoming calls or outgoing calls being made DIAL The callee s phone is ringing RING The phone is ringing for an incoming VoIP call Process There is a VoIP call in progress DISC The callee s line is busy the callee hung up or your phone was left off the hook Codec This field displays what voice codec is being used for a current VoIP call through a phone port Peer Number This field displays the SIP number of the party that is currently engaged in a VoIP call through a phone port Duration This field displays how long the current call has lasted Tx Pkts This field displays the number of packets the WiMAX Modem has transmitted in the current call Rx Pkts This field displays the number of packets the WiMAX Modem has received in the current call Tx B s This field displays how quickly the WiMAX Modem has transmitted packets in the current call The rate is the average number of bytes transmitted per second Rx B s This field displays how quickly the WiMAX Modem has received packets in the
71. of electric shock from lightning Connect ONLY suitable accessories to the device Do NOT open the device or unit Opening or removing covers can expose you to dangerous high voltage points or other risks ONLY qualified service personnel should service or disassemble this device Please contact your vendor for further information Make sure to connect the cables to the correct ports Place connecting cables carefully so that no one will step on them or stumble over them Always disconnect all cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT remove the plug and connect it to a power outlet by itself always attach the plug to the power adaptor first before connecting it to a power outlet Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the device and the power source Do NOT attempt to repair the power adaptor or cord Contact your local vendor to order a new one Do not use the device outside and make sure all the connections are indoors There is a remote risk of electric shock from lightning Do NOT obstruct t
72. port to the Blocked Services field A custom port is a service that is not available in the pre defined Available Services list You must define it using the Type and Port User s Guide 173 Chapter 14 The Firewall Screens Table 60 TOOLS gt Firewall gt Service Setting continued LABEL DESCRIPTION Blocked This is a list of services ports that are inaccessible to computers on Services your LAN when service blocking is effective To remove a service from this list select the service and click Delete Type Select TCP or UDP based on which one the custom port uses Port Number Enter the range of port numbers that defines the service For example suppose you want to define the Gnutella service Select TCP type and enter a port range of 6345 6349 Add Click this to add the selected service in Available Services to the Blocked Services list Delete Select a service in the Blocked Services and click this to remove the service from the list Clear All Click this to remove all the services in the Blocked Services list Schedule to Block Day to Block Select which days of the week you want the service blocking to be effective Time of Day to Select what time each day you want service blocking to be effective Block Enter times in 24 hour format for example 3 00pm should be entered as 15 00 Apply Click to save your changes Reset Click to restore your previo
73. registered and has a voice message on the SIP server Yellow Blinking A SIP account is registered and has a voice message on the SIP server and the phone attached to the LINE port is in use off the hook WiMAN Link Off The WiMAX Modem is not connected to a wireless WiMAX network Green The WiMAX Modem is successfully connected to a wireless WiMAX network Green Blinking The WiMAX Modem is searching for a wireless Slowly WiMAX network Green Blinking The WiMAX Modem has found a wireless WiMAX Quickly network and is connecting Strength The Strength Indicator LEDs display the Received Signal Strength Indicator Indication RSSI of the wireless WiMAX connection 3 Signal LEDs The signal strength is greater than or equal to 70 dBm 2 Signal LEDs The signal strength is between 70 and 80 dBm 1 Signal LED The signal strength is between 80 and 90 dBm 0 Signal LEDs The signal strength is les than 90 dBm User s Guide 35 Chapter 1 Getting Started 1 3 Good Habits for Managing the Device Do the following things regularly to make the WiMAX Modem more secure and to manage the WiMAX Modem more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place Back up the configuration and make sure you know how to r
74. send fax messages as UDP or TCP IP packets through IP networks This provides better quality but it may have inter operability problems The peer devices must also use T 38 Call Forward Call Forward Select which call forwarding table you want the WiMAX Modem to use Table for incoming calls You set up these tables in VOICE gt Phone Book gt Incoming Call Policy Caller Ringing Enable Check this box if you want people to hear a customized recording when they call you Caller Ringing Select the tone you want people to hear when they call you See Tone Custom Tones IVR on page 120 for information on how to record these tones On Hold Enable Check this box if you want people to hear a customized recording when you put them on hold On Hold Tone Select the tone you want people to hear when you put them on hold See Custom Tones IVR on page 120 for information on how to record these tones Back Click this to return to the SIP Settings screen without saving your changes Apply Click to save your changes Reset Click to restore your previously saved settings 10 2 1 6 Custom Tones IVR IVR Interactive Voice Response is a feature that allows you to use your telephone to interact with the WiMAX Modem The WiMAX Modem allows you to record custom tones for the Caller Ringing Tone and On Hold Tone functions The same recordings apply to both the caller ringing and on hold tones Ta
75. sessions per host sd The device blocked a session because the host s connections exceeded the maximum sessions per host Firewall allowed a packet that matched a NAT session TCP UDP A packet from the WAN TCP or UDP matched a cone NAT session and the device forwarded it to the LAN User s Guide Chapter 18 The Logs Screens Table 82 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack sent TCP RST The router sent a TCP reset packet when a host was under a SYN flood attack the TCP incomplete count is per destination host Exceed TCP MAX incomplete sent TCP RST The router sent a TCP reset packet when the number of TCP incomplete connections exceeded the user configured threshold the TCP incomplete count is per destination host Peer TCP state out of order sent TCP RST The router sent a TCP reset packet when a TCP connection state was out of order Note The firewall refers to RFC793 Figure 6 to check the TCP state Firewall session time out sent TCP RST The router sent a TCP reset packet when a dynamic firewall session timed out The default timeout values are as follows ICMP idle timeout 3 minutes UDP idle timeout 3 minutes TCP connection three way handshaking timeout 270 seconds TCP FIN wait timeout 2 MSL Maximum Segment Lifetime set in the TCP header TCP idle established timeout s 150 minutes TCP reset time
76. subnet mask specifies the network number portion of an IP address Your device will compute the subnet mask automatically based on the IP Address that User s Guide Chapter 5 The Setup Screens you entered You do not need to change the computer subnet mask unless you are instructed to do so Daytime A network protocol used by devices for debugging and time measurement A computer can use this protocol to set its internal clock but only if it knows in which order the year month and day are returned by the server Not all servers use the same format Time A network protocol for retrieving the current time from a server The computer issuing the command compares the time on its clock to the information returned by the server adjusts itself automatically for time zone differences then calculates the difference and corrects itself if there has been any temporal drift NTP NTP stands for Network Time Protocol It is employed by devices connected to the Internet in order to obtain a precise time setting from an official time server These time servers are accurate to within 200 microseconds 5 1 3 Before You Begin Make sure that you have made all the appropriate hardware connections to the WiMAX Modem as described in the Quick Start Guide Make sure that you have logged in to the web configurator at least one time and changed your password from the default as described in the Quick Start Guide 5 2 Set IP Address
77. tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this device does cause harmful interference to radio television reception which can be determined by turning the device off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and the receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Av FCC Radiation Exposure Statement This transmitter must not be co located or operating in conjunction with any other antenna or transmitter To comply with FCC RF exposure compliance requirements a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons WIR EUIS EUER ar I TT EEEE PHA
78. the WiMAX Modem cannot access the other two servers Once the WiMAX Modem receives its configuration settings and implements them it can connect to the other servers If the settings change it will once again be unable to connect until it receives its updates from the ACS The WiMAX Modem can be configured to periodically check for updates from the auto configuration server so that the end user need not be worried about it User s Guide Chapter 16 The Remote Management Screens Click TOOLS gt Remote Management gt TRO69 to access this screen Use this screen to open WiMAX Modem s auto configuration and dynamic service configuration options Figure 84 TOOLS gt Remote Management gt TRO69 O Active ACS URL http 172 89 76 1 User Name alcsprn 1045 Password 180945767fa 102395601 Connection Request User Name uio 14601 Connection Request Password ZxER87qqMOarUNubZ C Periodic Inform Enable Periodic Inform Interval 86400 sec Range 30 2147483647 Periodic Inform Time yyyy mm dd Thh mm ss 2012 01 01T03 30 00 Lappy The following table describes the labels in this screen Table 71 TOOLS gt Remote Management gt TRO69 LABEL DESCRIPTION Active Select this option to turn on the WiMAX Modem s TR 069 feature Note If this feature is not enabled then the WiMAX Modem cannot be managed remotely ACS URL Enter the URL or IP address of the auto configuration server User Name Enter the user
79. the following example computer A has a static or fixed IP address that is the same as the IP address that a DHCP server assigns to computer B which is a DHCP client Neither can access the Internet This problem can be solved by assigning a different static IP User s Guide Appendix D IP Addresses and Subnetting address to computer A or setting computer A to obtain an IP address automatically Figure 147 Conflicting Computer IP Addresses Example r a A a i ENS i a I 192 168 1 33 RES lt Internet t y i fi p N Ws vn u I 192 168 1 33 i i a Conflicting Router IP Addresses Example Since a router connects different networks it must have interfaces using different network numbers For example if a router is set between a LAN and the Internet WAN the router s LAN and WAN addresses must be on different subnets In the following example the LAN and WAN are on the same subnet The LAN computers cannot access the Internet because the router cannot route between networks 0m um um um Em Em Um um um Figure 148 Conflicting Computer IP Addresses Example LAN i WAN E uu NS i 192 168 1 88 T s r Internet Seem eee ee Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address In the following example the computer and the router s LAN port both use 192 168 1 1 as the IP
80. their connection User s Guide Chapter 7 The WAN Configuration Screens from one base station to another base station handover while subscriber stations use other standards that do not have this capability IEEE 802 16 2004 for example The following figure shows an MS equipped notebook computer MS1 moving from base station BS1 s coverage area and connecting to BS2 Figure 24 WiMax Mobile Station WiMAX technology uses radio signals around 2 to 10 GHz to connect subscriber stations and mobile stations to local base stations Numerous subscriber stations and mobile stations connect to the network through a single base station BS as in the following figure A base station s coverage area can extend over many hundreds of meters even under poor conditions A base station provides network access to subscriber stations and mobile stations and communicates with other base stations The radio frequency and bandwidth of the link between the WiMAX Modem and the base station are controlled by the base station The WiMAX Modem follows the base station s configuration User s Guide Chapter 7 The WAN Configuration Screens Authentication When authenticating a user the base station uses a third party RADIUS or Diameter server known as an AAA Authentication Authorization and Accounting server to authenticate the mobile or subscriber stations The following figure shows a base station using an AAA server to auth
81. to Know The following terms and concepts may help as you read through this chapter System Name The System Name is often used for identification purposes Because some ISPs check this name you should enter your computer s Computer Name In Windows 2000 Click Start gt Settings gt Control Panel and then double click the System icon Select the Network Identification tab and then click the Properties button Note the entry for the Computer Name field and enter it as the System Name User s Guide Chapter 9 The System Configuration Screens n Windows XP Click Start gt My Computer gt View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the WiMAX Modem System Name Domain Name The Domain Name entry is what is propagated to the DHCP clients on the LAN If you leave this blank the domain name obtained by DHCP from the ISP is used While you must enter the host name System Name on each individual computer the domain name can be assigned from the WiMAX Modem via DHCP DNS Server Address Assignment Use DNS Domain Name System to map a domain name to its corresponding IP address and vice versa for instance the IP address of www zyxel com is 204 217 0 2 The DNS server is extremely important because without it you must know the IP address of a computer before you can access it The WiMAX Modem can get the DNS server addresses in the followi
82. to accept the certificate Figure 179 Opera 9 Certificate signer not found Certificate signer not found The root certificate for this server is not registered You may install this certificate Accept install The root certificate from 172 20 37 202 is not known to Opera Opera cannot decide if this certificate can be trusted User s Guide Appendix E Importing Certificates 3 The next time you visit the web site click the padlock in the address bar to open the Security information window to view the web page s security details Figure 180 Opera 9 Security information The connection to 172 20 37 202 is secure Certificate summary Holder 172 20 37 202 ZyXEL Issuer 172 20 37 202 ZyXEL Expires 05 21 2011 Encryption protocol TLS v1 0 256 bit AES 1024 bit DHE_RSA SHA User s Guide Appendix E Importing Certificates Installing a Stand Alone Certificate File in Opera 1 Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you Open Opera and click TOOLS Preferences Figure 181 Opera 9 Tools Menu Mail and chat accounts Delete private data Notes Ctrl Alt E Transfers Ctrl Alt T History Ctrl Alt H Links Ctrl amp Alt4L Advanced gt Quick preferences F12 gt Appearance Shift F 12 Preferences k Ctrl AF 12 User s Guide Appendix
83. to restore your previously saved settings User s Guide Chapter 14 The Firewall Screens 14 3 Services Click TOOLS Firewall Services to enable service blocking set up the date and time service blocking is effective and to maintain the list of services you want to block Figure 71 TOOLS gt Firewall gt Service Setting Service Setup Enable Services Blocking Custom Port Any TCP Any UDP IPSEC TUNNEL ESP 0 MULTICAST IGMP 0 PING ICMP 0 PPTP TUNNEL GRE 0 BGP TCP 179 v Select Custom Port you can give new port range for blocking Schedule to Block Day to Block Everyday O sun O Mon O Tue O wed O Thu O fi O sat Time of Day to Block 24 Hour Format All day From Start o hour o min End o Available Services Blocked Services Type TCP w Port Number o hour 0 o min The following table describes the labels in this screen Table 60 TOOLS gt Firewall gt Service Setting LABEL DESCRIPTION Service Setup Enable Services Select this to activate service blocking The Schedule to Block section Number fields Blocking controls what days and what times service blocking is actually effective however Available This is a list of pre defined services destination ports you may prohibit Services your LAN computers from using Select the port you want to block and click Add to add the
84. unless it is initiated from the LAN The WiMAX Modem s firewall supports TCP UDP inspection DoS detection and prevention real time alerts reports and logs User s Guide Chapter 21 Product Specifications Table 104 Firmware Specifications continued FEATURE DESCRIPTION Content Filtering The WiMAX Modem can block access to web sites containing specified keywords You can define time periods and days during which content filtering is enabled and include or exclude a range of users on the LAN from content filtering Network Address Translation NAT Network Address Translation NAT allows the translation of an Internet protocol address used within one network for example a private IP address used in a local network to a different IP address known within another network for example a public IP address used on the Internet Universal Plug and Play UPnP Your device and other UPnP enabled devices can use the standard TCP IP protocol to dynamically join a network obtain an IP address and convey their capabilities to each other Dynamic DNS Support With Dynamic DNS support you can have a static hostname alias for a dynamic IP address allowing the host to be more easily accessible from various locations on the Internet You must register for this service with a Dynamic DNS service provider DHCP DHCP Dynamic Host Configuration Protocol allows the individual clients compute
85. up Blocker Prevent most pop up windows from appearing i 3 Typethe IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites Figure 137 Pop up Blocker Settings Pop up Blocker Settings Exceptions Pop ups are currently blocked You can allow pop ups from specific Web sites by adding the site to the list below Address of Web site to allow http 192 168 1 1 Allowed sites Notifications and Filter Level Play a sound when a pop up is blocked Show Information Bar when a pop up is blocked Filter Level Medium Block most automatic pop ups Pop up Blocker FAQ 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that J avaScripts are allowed User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 138 Internet Options Security AE General Security Privacy Content Connections Programs Advanced Select a Web content zone to specify its security settings 0o Intemet Local intranet Trusted sites Restric
86. which a computer may access the WiMAX Modem using this service Secured Client Select All to allow any computer to access the WiMAX Modem using this IP Address service Select Selected to only allow the computer with the IP address that you specify to access the WiMAX Modem using this service Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide Chapter 16 The Remote Management Screens 16 3 Telnet Click TOOLS Remote Management Telnet to control Telnet access to your WiMAX Modem Figure 77 TOOLS gt Remote Management gt Telnet Server Port Server Access Secured Client IP Address G All Selected 0 0 0 0 23 LAN amp WAN v The following table describes the labels in this screen Table 65 TOOLS gt Remote Management gt Telnet LABEL DESCRIPTION Server Port Enter the port number this service can use to access the WiMAX Modem The computer must use the same port number Server Access Select the interface s through which a computer may access the WiMAX Modem using this service Secured Client IP Address Select All to allow any computer to access the WiMAX Modem using this service Select Selected to only allow the computer with the IP address that you specify to access the WiMAX Modem using this service Apply Click to save your changes Reset Click to resto
87. 0 Hz 1 GHz 1000 MHz 1000000 kHz Figure 28 ADVANCED gt WAN Configuration WiMAX Configuration DL Frequency 1 0 kHz DL Frequency 2 0 kHz DL Frequency 3 0 kHz DL Frequency 4 0 kHz DL Frequency 5 0 kHz DL Frequency 6 0 kHz DL Frequency 7 0 kHz DL Frequency 8 0 kHz DL Frequency 9 0 kHz DL Frequency 10 0 kHz DL Frequency 11 0 kHz DL Frequency 12 0 kHz DL Frequency 13 0 kHz DL Frequency 14 0 kHz DL Frequency 15 0 kHz DL Frequency 16 0 kHz DL Frequency 17 0 kHz DL Frequency 18 0 kHz DL Frequency 19 0 kHz Bandwidth 10000 KHz The following table describes the labels in this screen Table 21 ADVANCED gt WAN Configuration WiMAX Configuration LABEL DESCRIPTION DL Frequency These fields show the downlink frequency settings in kilohertz KHz Bandwidth Enter values in these fields to have the WiMAX Modem scan these frequencies for available channels in ascending numerical order Note The Bandwidth field is not user configurable when the WiMAX Modem finds a WiMAX connection its frequency is displayed in this field Contact your service provider for details of supported frequencies Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide Chapter 7 The WAN Configuration Screens 7 3 1 Frequency Ranges The following figure shows the WiMAX Modem searching a range of frequencies to find a connection t
88. 1UEAXMWTUFYLTIWNkO yIDAWMTIDQJAWMDAWMTCEnzANBakq hkiGSWOBAQEFAAOBjQAwgYkCgYEArtszQj7aCO82h2b 4py 3GMgROkeGF J95zYhld gMLShIYgLk8qQB7 uk JMemaDBeR 4edYWTGwPvCSETin60CjWxDkQmB3M4YYBY8k zMzhz4eL fp 4 UUMWosPKP4y9mbNCwUjH TIxXKDvkkZVXbmNuujUfJwZpQPlbhX M RSSjUCAWEAAaNNMEswDgYDVROPAQEABAQDAGKKMCUGA IUdEQQeMBYyBGjAWMTID QjAwMDAwMUBhdXRvLmdlbi5jZXJOMBIGA 1UdEwEBAAQIMAYBAfBCAQEwDQY JKoZI The following table describes the labels in this screen Table 53 TOOLS gt Certificates gt My Certificates gt Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate You can use up to 31 alphanumeric and amp _ characters Property Select Default self signed certificate which signs the imported remote host certificates to use this certificate to sign the remote host certificates you upload in the TOOLS gt Certificates gt Trusted CAs screen User s Guide Chapter 13 The Certificates Screens Table 53 TOOLS gt Certificates gt My Certificates gt Edit LABEL DESCRIPTION Certification Path This field displays for a certificate not a certification request Click the Refresh button to have this read only text box display the hierarchy of certification authorities that validate the certificate and the certificate itself If the issuing certification authority is one that you have imported as a trusted certification authority it m
89. 3 00pm should be entered as 15 00 Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide 16 1 16 1 1 The Remote Management Screens Overview Use the TOOLS gt Remote Management screens to control which computers can use which services to access the WiMAX Modem on each interface Remote management allows you to determine which services protocols can access which WiMAX Modem interface if any from which computers You may manage your WiMAX Modem from a remote location via Table 63 Remote Management nternet WAN only ALL LAN and WAN LAN only Neither Disable To disable remote management of a service select Disable in the corresponding Server Access field You may only have one remote management session running at a time The WiMAX Modem automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts The priorities for the different types of remote management sessions are as follows Telnet HTTP What You Can Do in This Chapter The WWW screen Section 16 2 on page 185 lets you control HTTP access to your WiMAX Modem The Telnet screen Section 16 3 on page 186 lets you control Telnet access to your WiMAX Modem The FTP screen Section 16 4 on page 186 lets you control FTP access to your User s Guide WiMAX Modem Chapter 16 T
90. 3 3 on page 85 for an example of using the WiMAX Frequency screen User s Guide Chapter 7 The WAN Configuration Screens Note It may take several minutes for the WiMAX Modem to find a connection The WiMAX Modem searches the DL Frequency settings in ascending numerical order from 1 to 9 Note The Bandwidth field is not user configurable when the WiMAX Modem finds a WiMAX connection its frequency is displayed in this field f you enter a 0 in a DL Frequency field the WiMAX Modem immediately moves on to the next DL Frequency field When the WiMAX Modem connects to a base station the values in this screen are automatically set to the base station s frequency The next time the WiMAX Modem searches for a connection it searches only this frequency If you want the WiMAX Modem to search other frequencies enter them in the DL Frequency fields The following table describes some examples of DL Frequency settings Table 22 DL Frequency Example Settings EXAMPLE 1 EXAMPLE 2 Bandwidth 2500000 2500000 DL Frequency 2550000 2550000 1 DL Frequency 2 0 2600000 DL Frequency 0 0 3 DL Frequency 0 0 4 The WiMAX Modem The WiMAX Modem searches at 2500000 searches at 2500000 kHz kHz and then searches and then at 2550000 kHz if at 2550000 kHz if it has it has not found an not found a connection available connection If it still does not find an available connection it searches at
91. ADDRESS ST ADDRESS 7 1 30 31 zm 33 62 63 3 64 65 iih 2 2 T 97 126 127 5 128 129 Pu SUE 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24 bit network number Table 123 24 bit Network Number Subnet Planning NOST ESO ED SUBNET MASK NO SUBNETS NO HOSTS PER 1 255 255 255 128 25 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 User s Guide Appendix D IP Addresses and Subnetting The following table is a summary for subnet planning on a network with a 16 bit network number Table 124 16 bit Network Number Subnet Planning HOST BITS SUBNET MASK SUBNETS SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 3 255 255 224 0 19 8 8190 4 255 255 240 0 20 16 4094 5 255 255 248 0 21 32 2046 6 255 255 252 0 22 64 1022 7 255 255 254 0 23 128 510 8 255 255 255 0 24 256 254 9 255 255 255 128 25 512 126 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 14 13 255 255 255 248 29 8192 6 14 255 255 255 252 30 16384 2 15 255 255 255 254 31 32768 1
92. AP F FCC interference statement 350 firewall 169 174 175 flash key 134 flashing 134 frequency band 86 ranges 85 86 scanning 86 FTP 102 184 restrictions 184 User s Guide Index G G 168 129 246 G 711 116 249 G 726 249 G 729 116 249 H humidity 244 hybrid waveform codec 116 IANA 308 identity 79 257 idle timeout 184 IEEE 802 16 77 257 IEEE 802 16e 77 IEEE 802 1Q VLAN 122 inner authentication 260 interface 244 Internet access 79 245 Internet Assigned Numbers Authority see ANA 308 Internet Telephony Service Provider see ITSP interoperability 77 IP alias 245 IP PBX 111 ITSP 111 ITU T 129 J jitter buffer 246 K key 48 81 257 request and reply 259 L listening port 119 MAC 259 MAN 77 Management Information Base MI B 188 manual site survey 85 86 Media Access Protocol 244 Message Authentication Code see MAC message integrity 259 message waiting indication 116 Metropolitan Area Network see MAN microwave 77 78 mobile station see MS modulation 244 MS 78 multimedia 112 multiple SIP accounts 245 MWI 116 My Certificates 148 see also certificates N NAT 115 307 and remote management 184 routers 115 server sets 90 network activity 79 User s Guide Index services 79 Network Address Translation see NAT O OK response 123 operating humidity 244 operating temperature 243 outbound proxy 115 126 server 115 S
93. CP clients You can specify these IP addresses two ways From ISP provide the DNS servers provided by the ISP on the WAN port User Defined enter a static IP address DNS Relay this setting will relay DNS information from the DNS server obtained by the WiMAX Modem None no DNS service will be provided by the WiMAX Modem Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide Chapter 6 The LAN Configuration Screens 6 3 Static DHCP Click ADVANCED gt LAN Configuration gt Static DHCP to assign specific IP addresses to specific computers on the LAN Note This screen has no effect if the DHCP server is not enabled You can enable it in ADVANCED gt LAN Configuration gt DHCP Setup Figure 20 ADVANCED gt LAN Configuration gt Static DHCP on an an WN amp MAC Address IP Address 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 The following table describes the labels in this screen Table 14 ADVANCED gt LAN Configuration gt Static DHCP LABEL DESCRIPTION The number of the item in this list MAC Address Enter the MAC address of the computer to which you want the WiMAX Modem to assign the same IP address IP Address Enter the IP address you want the WiMAX Modem to assign to the computer Apply Click to save your changes Reset Click t
94. Cancel Click this button to begin configuring this screen afresh User s Guide Chapter 17 QoS 17 3 1 Class Configuration Click the Create New Class button or the edit icon in the Class Setup screen to configure a classifier Figure 87 QoS Class Setup Class Configuration Class Configuration O Active Index Name Interface From WAN DSCP 0 Filter Configuration Source Address Subnet Mask Port Range Destination Address Subnet Mask Exclude Port Range Exclude Others Service Protocol Exclude The following table describes the labels in this screen Table 74 QoS Class Setup LABEL DESCRIPTION Class Configuration Active Select this to make a class active Index Enter an index number for the class Similar classes are processed in order of index number from lowest to highest Name Enter a descriptive name of up to 20 printable English keyboard characters including spaces Interface Select an interface to which the class will apply From WAN The class is applied to all packets incoming from the WAN Wide Area Network From LAN The class is applied to all packets outgoing from the LAN Local Area Network DSCP Enter a DSCP value with which the WiMAX Modem replaces the DSCP field in the packets Filter Configuration User s Guide 1 97 Chapter 17 QoS Table 74 QoS Class Setup continued LABEL DE
95. Click the SETUP icon in the navigation bar to set up the WiMAX Modem s IP address and subnet mask This screen displays this screen by default If you are in any other sub screen you can simply choose Set I P Address from the navigation menu on the left to open it again Figure 16 SETUP gt Set IP Address IP Address 192 168 100 1 IP Subnet Mask 255 255 255 0 User s Guide Chapter 5 The Setup Screens The following table describes the labels in this screen Table 9 SETUP gt Set IP Address LABEL DESCRIPTION IP Address Enter the IP address of the WiMAX Modem on the LAN Note This field is the IP address you use to access the WiMAX Modem on the LAN If the web configurator is running on a computer on the LAN you lose access to it as soon as you change this field and click Apply You can access the web configurator again by typing the new IP address in the browser IP Subnet Mask Enter the subnet mask of the LAN Apply Click to save your changes Reset Click to restore your previously saved settings 5 3 DHCP Client Click the SETUP gt DHCP Client to view connection information for all clients that have been configured by the WiMAX Modem s internal DHCP server Figure 17 SETUP gt Set IP Address DHCP Client IP Address Host Name MAC Address 1 192 168 1 33 Coffee Bean 00 1f 5b ed 6c 7a 2 192 168 1 34 twpc13435 00 21 85 0c 44 1a Apply Refresh The following table descr
96. Counter mode avoids the security weakness of repeated identical blocks of encrypted text that makes encrypted data vulnerable to pattern spotting Cipher Block Chaining Message Authentication also known as CBC MAC ensures message integrity by encrypting each block of plain text in such a way that its encryption is dependent on the block before it This series of chained blocks creates a message authentication code MAC or CMAC that ensures the encrypted data has not been tampered with User s Guide Appendix A WiMAX Security Authentication The WiMAX Modem supports EAP TTLS authentication EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the server side authentications to establish a secure connection with EAP TLS digital certifications are needed by both the server and the wireless clients for mutual authentication Client authentication is then done by sending username and password through the secure connection thus client identity is protected For client authentication EAP TTLS supports EAP methods and legacy authentication methods such as PAP CHAP MS CHAP and MS CHAP v2 User s Guide Setting Up Your Computer s IP Address Note Your specific ZyXEL device may not support all of the operating systems described in this appendix See the product specifications for more information about which operating systems are supported
97. E series nines acordado aab bae an aao etat Lb gc ER 126 1047 DI lp oniranu nia 126 10 4 8 DSCP and Per Hop BOhgVlgl ucciso tociina a Havent al oa a aaa aa 127 Chapter 11 The Phone 129 MEE o a o OROA cb d er T 129 TL Wiat vou Can Do in Tie Chapter steep eccte tr E EE esce bet oetcoiemdt as eR pesa 129 TELLE NB Yos NES 13 ISBOW assesses Ee DURER ER REREE REDI ES ER pA DIRE RE SR RM RE ER Ma RR RUE 129 Te PROG PIONIE AE E o eee ee 130 11 2 Auvanced Analog Phone Sol uuisensieeteneue ciec trepida ce poe rho o HEU ecc pM doce uis ERIS 131 DECEDERE TNmEMM M M B 9B 132 IRE SICCO EEUU E E E 133 11 TES AU GT e UR 134 ENNIO chon o eer e INE P 134 11 5 2 Europe Type Supplementary Phone Services sssssssessseene 134 11 5 3 USA Type Supplementary ServibBs 122p pd erac er ERR a 136 Chapter 12 lh oS 4 0 4 SBPM 139 pce ns mr 139 12 1 1 What You Can Do in This Chapter i2 icc etae pate c cte pene x hte thc ce tme beca ede cpRu neis 139 12 1 2 What You Negd TO KNOW sssrinin eb nazione Remix ds ne edu x ub Re xm cubes Rua teda Fedex up ad uba 139 deos Ingens OA PSOE ooeeisie Didot tdeo dea bo cet ip e Em duos aide iain 140 pps rt eT REED E T T 142 User s Guide Table of Contents Part V Tools amp Status Screens eeeeeeeeeeeeeee 145 Chapter 13 lli 1 6 1
98. Figure 115 Mac OS X 10 5 Systems Preferehegs ssssasen direc base ka Dat ks ordla tit c ba anaa 273 Figure 116 Mac OS X 10 5 Network Preferences gt Ethernet ssssssssseeeeeet 274 Figure 117 Mac OS X 10 5 Network Preferences gt Ethernet ssssssssssseeeeeeee 275 Figure 115 Mac OS A TOS Network UD nainis tatu bres edet etx a Udo PEE ber EORR NEdUS 276 Figure 119 Ubuntu 8 System s Administration Menu i e ctr puccce tuse e Retenir pekr seen epu RR RAE EcE 277 Figure 120 Ubuntu 8 Network Settings gt Connections sssssssssssssseenneeee enne 277 Figure 121 Ubuntu 8 Administrator Account Authentication eseeeen 278 Figure 122 Ubuntu 8 Network Settings gt Connections ssssssssssesee eene 278 Figure 123 Ubuntu 8 Network Settings gt Properties cc e ccs ieee essen tsnsieteeenderteneeseaeneeceeeeatanees 279 Figure 124 Ubuntu S Network Satins DNG csccccd casctiaiedcecsacivcaniedaasconnted Sactanesadantatedassuantenssccetsaneecas 280 User s Guide a List of Figures Figure 125 WIG S Network TOIS 2usscssprecisasseetod dus Hbro E ER DIS Eae ruga aaa S axan sg tr Rcs Ru adotta Adan ax 281 Figure 126 openSUSE 10 3 K Menu gt Computer MENU uua intct sannous eae iaa 282 Figure 127 openSUSE 10 3 K Menu gt Computer MENU 1icciacue cerne renis erre brut ciii pna eret RR REEUS 283 Figure 126 openSUSE 10 3 YaST Control Genter sais pet
99. I Bypass Triangle Route Make sure this check box is selected to have the firewall protect your LAN from Denial of Service DoS attacks Max NAT Firewall Session Per User 2048 Log No Log N No Log v The following table describes the labels in this screen Table 59 TOOLS gt Firewall gt Firewall Setting LABEL DESCRIPTION Enable Firewall Select this to activate the firewall The WiMAX Modem controls access and protects against Denial of Service DoS attacks when the firewall is activated Bypass Triangle Route Select this if you want to let some traffic from the WAN go directly to a computer in the LAN without passing through the WiMAX Modem Max NAT Firewall Session Per User Select the maximum number of NAT rules and firewall rules the WiMAX Modem enforces at one time The WiMAX Modem automatically allocates memory for the maximum number of rules regardless of whether or not there is a rule to enforce This is the same number you enter in ADVANCED gt NAT Configuration gt General Packet Direction Log Select the situations in which you want to create log entries for firewall events No Log do not create any log entries Log Blocked LAN to WAN only create log entries when packets are blocked Log Forwarded WAN to LAN only create log entries when packets are forwarded Log All create log entries for every packet Apply Click to save your changes Reset Click
100. IGMP version 2 RFC 2236 is an improvement over version 1 RFC 1112 but IGMP version 1 is still in wide use If you would like to read more detailed information about interoperability between IGMP version 2 and version 1 please see sections 4 and 5 of RFC 2236 The class D IP address is used to identify host groups and can be in the range 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast computers The address 224 0 0 1 is used for query messages and is assigned to the permanent group of all IP hosts including gateways All hosts must join the 224 0 0 1 group in order to participate in IGMP The address 224 0 0 2 is assigned to the multicast routers group The WiMAX Modem supports both IGMP version 1 I GMP v1 and IGMP version 2 I GMP v2 At start up the WiMAX Modem queries all directly connected networks to gather group membership After that the WiMAX Modem periodically updates this information IP multicasting can be enabled disabled on the WiMAX Modem LAN and or WAN interfaces in the web configurator LAN WAN Select None to disable IP multicasting on these interfaces User s Guide Chapter 6 The LAN Configuration Screens User s Guide The WAN Configuration Screens 7 1 Overview Use the ADVANCED gt WAN Configuration screens to set up your WiMAX Modem s Wide Area Network WAN or Internet features A Wide Area Network or WAN links geographically dis
101. IP 115 P park 248 pattern spotting 259 PBX services 111 PCM 116 peer to peer calls 139 per hop behavior 127 PHB per hop behavior 127 phone configuration 248 services 130 physical specifications 243 244 pickup 248 PKMv2 48 79 81 257 260 plain text encryption 259 point to point calls 249 power 244 output 244 supply 244 Privacy Key Management see PKM private key 257 product registration 352 proxy server SIP 124 public certificate 259 public key 48 81 257 Public Key Infrastructure PKI 165 public private key pairs 147 164 pulse code modulation 116 Q QoS 195 249 Quality of Service 249 see QoS Quality of Service see QoS quick dialing 249 R RADIUS 79 258 Message Types 258 Messages 258 Shared Secret Key 258 Real time Transport Protocol see RTP redirect server SIP 125 region 248 register server SIP 112 registration product 352 related documentation 3 remote management and NAT 184 remote management limitations 184 REN 249 required bandwidth 116 RFC 1889 112 249 RFC 1890 249 RFC 2327 249 RFC 2510 See Certificate Management Protocol RFC 3261 249 RFC 3489 115 RFC 3842 116 Ringer Equivalence Number 249 RTCP 249 RTP 112 249 User s Guide Index S safety warnings 7 SDP 249 secure communication 48 81 257 secure connection 79 security 244 257 security association 259 see SA server outbound proxy 115 services 79 Session
102. IP Address 5 Thelnternet Protocol TCP IP Properties window opens 6 7 Figure 100 Windows XP Internet Protocol TCP IP Properties Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses Advanced Select Obtain an I P address automatically if your network administrator or ISP assigns your IP address dynamically Select Use the following I P Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click OK to close the Internet Protocol TCP IP Properties window Click OK to close the Local Area Connection Properties window Verifying Settings 1 2 Click Start gt All Programs gt Accessories gt Command Prompt In the Command Prompt window type ipconfig and then press ENTER You can also go to Start gt Control Panel gt Network Connections right click a network connection click Status and then click the Su
103. ITU T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk Time and Date Get the current time and date from an external server when you turn on your WiMAX Modem You can also set the time manually Logging Use the WiMAX Modem s logging feature to view connection history surveillance logs and error messages Codecs Enhanced Variable Rate Codec EVRC G 711 PCM p law and a law G 729a and G 723 1 Fax Support T 38 FAX relay FAX over UDP G 711 fax relay for fax calls and be able to renegotiate codec to G 711 if a fax call is detected Ring Tones Supports different distinctive ring tones on each line Call Prioritization Prioritize VoIP traffic originating from the RJ 11 ports over any other traffic Table 111 Standards Supported STANDARD DESCRIPTION RFC 768 User Datagram Protocol RFC 791 Internet Protocol v4 RFC 792 Internet Control Message Protocol RFC 792 Transmission Control Protocol RFC 826 Address Resolution Protocol RFC 854 Telnet Protocol RFC 1349 Type of Service Protocol RFC 1706 DNS NSAP Resource Records RFC 1889 Real time Transport Protocol RTP RFC 1890 Real time Transport Control Protocol RTCP RFC 2030 Simple Network Time Protocol User s Guide Chapter 21 Product Specifications Table 111 Standards Supported continued
104. If you change this field the screen automatically refreshes SIP Settings Active SIP Select this if you want the WiMAX Modem to use this account Clear it if Account you do not want the WiMAX Modem to use this account Number Enter your SIP number In the full SIP URI this is the part before the 9 symbol You can use up to 127 printable ASCII characters SIP Local Enter the WiMAX Modem s listening port number if your VoIP service Port provider gave you one Otherwise keep the default value SIP Server Enter the IP address or domain name of the SIP server provided by Address your VolP service provider You can use up to 95 printable ASCII characters t does not matter whether the SIP server is a proxy redirect or register server SIP Server Enter the SIP server s listening port number if your VoIP service Port provider gave you one Otherwise keep the default value REGISTER Enter the IP address or domain name of the SIP register server if your Server VoIP service provider gave you one Otherwise enter the same address Address you entered in the SIP Server Address field You can use up to 95 printable ASCII characters REGISTER Enter the SIP register server s listening port number if your VoIP Server Port service provider gave you one Otherwise enter the same port number you entered in the SIP Server Port field SIP Service Domain Enter the SIP service domain name In the full SIP URI this is the part after the symbol
105. Indication Event Package for the Session Initiation Protocol SIP IEEE 802 3 10BASE5 10 Mbit s 1 25 MB s IEEE 802 3u 100BASE TX LOOBASE T4 100BASE FX Fast Ethernet at 100 Mbit s 12 5 MB s with auto negotiation User s Guide 247 Chapter 21 Product Specifications Table 112 Voice Features Call Park and Pickup Call park and pickup lets you put a call on hold park and then continue the call pickup The caller must still pay while the call is parked When you park the call you enter a number of your choice up to eight digits which you must enter again when you pick up the call If you do not enter the correct number you cannot pickup the call This means that only someone who knows the number you have chosen can pick up the call You can have more than one call on hold at the same time but you must give each call a different number Call Return With call return you can place a call to the last number that called you either answered or missed The last incoming call can be through either SIP or PSTN Country Code Phone standards and settings differ from one country to another so the settings on your WiMAX Modem must be configured to match those of the country you are in The country code feature allows you to do this by selecting the country from a list rather than changing each setting manually Configure the country code feature when you move the WiMAX Modem from one country to another D
106. Internet Explorer 7 Certificates Certificates Deleting system root certificates might prevent some Windows components from working properly If Update Root Certificates is installed any deleted third party root certificates will be restored automatically but the system root certificates will not Do you want to delete the selected certificate s 5 Inthe Root Certificate Store dialog box click Yes Figure 168 Internet Explorer 7 Root Certificate Store Root Certificate Store A Do you want to DELETE the following certificate from the Root Store Subject 172 20 37 202 ZyXEL Issuer Self Issued Time Validity Wednesday May 21 2008 through Saturday May 21 2011 Serial Number 00846BC7 48BF7C2E CB Thumbprint sha 1 DC44635D 10FE2D0D E76A72ED 002B9AF7 677EBOE9 Thumbprint md5 65 5E948 F0BC9598 50803387 C6A 18384 User s Guide Appendix E Importing Certificates 6 The next time you go to the web site that issued the public key certificate you just removed a certification error appears User s Guide 321 Appendix E Importing Certificates Firefox The following example uses Mozilla Firefox 2 on Windows XP Professional however the screens can also apply to Firefox 2 on all platforms 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Select Accept this certificate permanently and click OK
107. MAX 206M1R Series WiMAX MIMO Indoor Simple CPE Default Login Details IP Address http 192 168 1 1 User Name admin Password 1234 Firmware Version 3 70 Edition 2 07 2009 www zyxel com Copyright 2009 ZyXEL Communications Corporation About This User s Guide About This User s Guide The following devices are covered in this book MODEL FEATURES MAX 206M1R 1 VoIP Port MAX 216M1R eet MAX 236M1R MAX 216M1R plus 2 External Antennas 1 VoIP Port 1 LAN Port MAX 216MR 1 LAN Port All graphics and Web Configurator screens shown in this book are based on the MAX 206M1R unless otherwise noted Intended Audience This manual is intended for people who want to configure the ZyXEL WiMAX Modem using the web configurator You should have at least a basic knowledge of TCP IP networking concepts and topology Related Documentation Quick Start Guide The Quick Start Guide is designed to help you get up and running right away It contains information on setting up your network and configuring for Internet access Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information Command Reference Guide The Command Reference Guide explains how to use the Command Line Interface CLI and CLI commands to configure the WiMAX Modem Note It is recommended you use the web configurator to configure the WIMAX Modem Support Disc
108. MAX Modem A sends SIP packets to the STUN server B 2 The STUN server B finds the public IP address and port number that the NAT router used on the WiMAX Modem s SIP packets and sends them to the WiMAX Modem 3 The WiMAX Modem uses the public IP address and port number in the SIP packets that it sends to the SIP server C Figure 46 STUN Example 10 2 1 2 Outbound Proxy Your VoIP service provider may host a SIP outbound proxy server to handle all of the WiMAX Modem s VoIP traffic This allows the WiMAX Modem to work with any type of NAT router and eliminates the need for STUN or a SIP ALG Turn off a SIP ALG on a NAT router in front of the WiMAX Modem to keep it from re translating the IP address since this is already handled by the outbound proxy server 10 2 1 3 Voice Coding A codec coder decoder codes analog voice signals into digital signals and decodes the digital signals back into voice signals The WiMAX Modem supports the following codecs User s Guide 115 Chapter 10 The Service Configuration Screens G 711 is a Pulse Code Modulation PCM waveform codec PCM measures analog signal amplitudes at regular time intervals sampling and converts them into digital bits quantization Quantization reads the analog signal and then writes it to the nearest digital value For this reason a digital sample is usually slightly different from its analog original this difference is known as quantization n
109. MAX Modem has one Ethernet LAN port The LAN Local Area Network port attaches to a network of computers which needs security from the outside world These computers will have access to Internet services such as e mail FTP and the World Wide Web However inbound access is not allowed by default unless the remote host is authorized to use a specific service 14 2 Firewall Setting 14 2 1 This section describes firewalls and the built in WiMAX Modem s firewall features Firewall Rule Directions Figure 68 Firewall Rule Directions LAN to WAN rules are local network to Internet firewall rules The default is to forward all traffic from your local network to the Internet You can block certain LAN to WAN traffic in the Services screen click the Services tab All services displayed in the Blocked Services list box are LAN to WAN firewall rules that block those services originating from the LAN Blocked LAN to WAN packets are considered alerts Alerts are higher priority logs that include system errors attacks and attempted access to blocked web sites Alerts appear in red in the View Log screen You may choose to have alerts e mailed immediately in the Log Settings screen 170 User s Guide Chapter 14 The Firewall Screens LAN to LAN WiMAX Modem means the LAN to the WiMAX Modem LAN interface This is always allowed as this is how you manage the WiMAX Modem from your local computer WAN to LAN rules are Interne
110. N 9R CA 1 PN O Re 02 CN CA Cert Signing Authority EMAlL supp CN CA Cert Signing A 00 CN D TRUST Qualified Root CA 1 2006 PN CN D TRUST Qualifie OOB9SF CN D TRUST Qualified Root CA 2 2006 PN CN D TRUST Qualifie 00B9 CN S TRUST Qualified Root CA 2006 001 P CN S TRUST Qualifie OODF User s Guide Appendix E Importing Certificates 3 The next time you visit the web site click the padlock in the address bar to open the KDE SSL I nformation window to view the web page s security details User s Guide Appendix E Importing Certificates Removing a Certificate in Konqueror This section shows you how to remove a public key certificate in Konqueror 3 5 1 Open Konqueror and click Settings Configure Konqueror Figure 196 Konqueror 3 5 Settings Menu ri Hide Menubar Ctrl M Toolbars 1 Full Screen Mode Ctrl Shift F Load View Profile Save View Profile Web Browsing Configure View Profiles Configure Extensions E Configure Spell Checking amp amp Configure Shortcuts Configure Toolbars 2 Configure Konqueror 2 Inthe Configure dialog box select Crypto 3 On the Peer SSL Certificates tab select the certificate you want to delete and then click Remove Figure 197 Konqueror 3 5 Configure Configure Konqueror EA a Configure SSL manage certificates and other cryptography settings Cookies SSL OpenSSL Your Certificates VER Q Organi
111. PN Transport Customer Interface ICON DESCRIPTION g Edit Click to edit this item dur Delete Click to delete this item The following table describes the labels in this screen Table 27 ADVANCED gt NAT Configuration gt Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server Enter the IP address of the server to which the WiMAX Modem should forward packets for ports that are not specified in the Port Forwarding section below or in the TOOLS Remote MGMT screens Enter 0 0 0 0 if you want the WiMAX Modem to discard these packets instead Port Forwarding The number of the item in this list Active Select this to enable this rule Clear this to disable this rule Name This field displays the name of the rule It does not have to be unique Start Port This field displays the beginning of the range of port numbers forwarded by this rule End Port This field displays the end of the range of port numbers forwarded by this rule If it is the same as the Start Port only one port number is forwarded Server IP Address This field displays the IP address of the server to which packet for the selected port s are forwarded Action Click the Edit icon to set up a port forwarding rule or alter the configuration of an existing port forwarding rule Click the Delete icon to remove an existing port forwarding rule
112. PTION Display Select a category whose log entries you want to view To view all logs select All Logs The list of categories depends on what log categories are selected in the Log Settings page Email Log Now Click this to send the log screen to the e mail address specified in the Log Settings page Refresh Click to renew the log screen Clear Log Click to clear all the log entries regardless of what is shown on the log screen User s Guide Chapter 18 The Logs Screens Table 77 TOOLS gt Logs gt View Logs continued LABEL DESCRIPTION The number of the item in this list Time This field displays the time the log entry was recorded Message This field displays the reason for the log entry See Section 18 4 on page 205 Source This field displays the source IP address and the port number of the incoming packet In many cases some or all of this information may not be available Destination This field lists the destination IP address and the port number of the incoming packet In many cases some or all of this information may not be available Note This field displays additional information about the log entry User s Guide Chapter 18 The Logs Screens 18 3 Log Settings Click TOOLS gt Logs gt Log Settings to configure where the WiMAX Modem sends logs and alerts the schedule for sending logs and which logs and alerts are sent or recor
113. Port End Port Enter the outgoing port number or range of port numbers that makes the WiMAX Modem record the source IP address and assign it to the selected incoming port number s To select one port number enter the port number in the Start Port and End Port fields To select a range of ports enter the port number at the beginning of the range in the Start Port field enter the port number at the end of the range in the End Port field If you want to delete this rule enter zero in the Start Port and End Port fields Apply Click to save your changes Cancel Click to return to the previous screen without saving your changes 8 4 1 Trigger Port Forwarding Example The following is an example of trigger port forwarding In this example J is Jane s computer and S is the Real Audio server Figure 38 Trigger Port Forwarding Example User s Guide Chapter 8 The NAT Configuration Screens 1 Janerequests a file from the Real Audio server port 7070 2 Port 7070 is a trigger port and causes the WiMAX Modem to record Jane s computer IP address The WiMAX Modem associates Jane s computer IP address with the incoming port range of 6970 7170 3 The Real Audio server responds using a port number ranging between 6970 7170 4 The WiMAX Modem forwards the traffic to Jane s computer IP address 5 Only Jane can connect to the Real Audio server until the connection is closed or times out The WiMA
114. Proxies Ethernet n PPPoE Using DHCP Configure IPv4 IP Address 0 0 0 0 Renew DHCP Lease Subnet Mask DHCP Client ID If required Router DNS Servers Search Domains Optional IPv6 Address ee a aa he 8 Configure IPv6 Click the lock to prevent further changes Assist me Apply Now 9 270 User s Guide Appendix B Setting Up Your Computer s IP Address For statically assigned settings do the following From the Configure IPv4 list select Manually n the IP Address field type your IP address n the Subnet Mask field type your subnet mask In the Router field type the IP address of your device Figure 112 Mac OS X 10 4 Network Preferences Ethernet ea Network a Showall Q Location Automatic HN Show Built in Ethernet E TCP IP PPPoE AppleTalk Proxies Ethernet Configure IPv4 Manually HJ IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Router 0 0 0 0 DNS Servers Search Domains Optional IPv6 Address Configure IPv6 Q M Click the lock to prevent further changes Assist me Apply Now User s Guide 271 Appendix B Setting Up Your Computer s IP Address Click Apply Now and close the window Verifying Settings 272 Check your TCP IP properties by clicking Applications Utilities Network Utilities and then selecting th
115. R AUS at ah ZR ES JERSE RI AE ERE BIE Mae Be EES TIA TSS es EH rl se ZEEE User s Guide Appendix H Legal Information B TUR BARAER BE T FRACTO LAE CT C alf RAR PEARS EISH 3EUGE E RSE De BE TAG EEREN REL AREE ESSA SE REUS rf CLR EUR Be eee Fd IBC ST E Ra OZ TER gt MZN sie E REN FEE AET PERO E PEE PSE SAMOS a ZOE AL ae ar Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This Class B digital apparatus complies with Canadian I CES 003 Cet appareil num rique de la classe B est conforme la norme NMB 003 du Canada Viewing Certifications 1 Goto http www zyxel com 2 Select your product on the ZyXEL home page to go to that product s page 3 Select the certification you wish to view from this page ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase During
116. RFC 1349 Type of Service Protocol RFC 1706 DNS NSAP Resource Records RFC 1889 Real time Transport Protocol RTP RFC 1890 Real time Transport Control Protocol RTCP RFC 2030 Simple Network Time Protocol RFC 2104 HMAC Keyed Hashing for Message Authentication RFC 2131 Dynamic Host Configuration Protocol RFC 2401 Security Architecture for the Internet Protocol RFC 2409 Internet Key Exchange RFC 2475 Architecture for Differentiated Services Diffserv RFC 2617 Hypertext Transfer Protocol HTTP Authentication Basic and Digest Access Authentication RFC 2782 A DNS RR for specifying the location of services DNS SRV RFC 2833 Real time Transport Protocol Payload for DTMF Digits Telephony Tones and Telephony Signals RFC 2976 The SIP INFO Method RFC 3261 Session Initiation Protocol SIP version 2 RFC 3262 Reliability of Provisional Responses in the Session Initiation Protocol SIP User s Guide Chapter 21 Product Specifications Table 105 Standards Supported continued STANDARD DESCRIPTION RFC 3263 Session Initiation Protocol SIP Locating SIP Servers RFC 3264 An Offer Answer Model with the Session Description Protocol SDP RFC 3265 Session Initiation Protocol SIP Specific Event Notification RFC 3323 A Privacy Mechanism for SIP RFC 3325 Private Extensions to the Session Initiation Protocol SIP for Asserted Identity within Trusted Networks RFC 3550 RTP A Real Time Protocol
117. S Priority Setting 5 0 255 RTP TOS Priority Setting 5 0 255 VLAN Taging C Voice VLAN ID 5 0 4095 The following table describes the labels in this screen Table 39 VOICE gt Service Configuration gt QoS LABEL DESCRIPTION TDS SIP TOS Priority Enter the priority for SIP voice transmissions The WiMAX Modem Setting creates Type of Service priority tags with this priority to voice traffic that it transmits RTP TOS Enter the priority for RTP voice transmissions The WiMAX Modem Priority Setting creates Type of Service priority tags with this priority to RTP traffic that it transmits VLAN Tagging 122 User s Guide Chapter 10 The Service Configuration Screens Table 39 VOICE gt Service Configuration gt QoS LABEL DESCRIPTION Voice VLAN ID Select this if the WiMAX Modem has to be a member of a VLAN to communicate with the SIP server Ask your network administrator if you are not sure Enter the VLAN ID provided by your network administrator in the field on the right Your LAN and gateway must be configured to use VLAN tags Otherwise clear this field Apply Click to save your changes Reset Click to restore your previously saved settings 10 4 Technical Reference The following section contains additional technical information about the WiMAX Modem features described in this chapter 10 4 1 SIP Call Progression The following figure
118. SCRIPTION Source Destination Address Enter the source IP address in dotted decimal notation Subnet Mask Enter the source subnet mask Port Range Enter the beginning and ending port numbers You can use the same number in both fields to indicate a single port or you can enter 0 in both fields to indicate all ports Exclude Select this to use the class to exclude packets based on these settings Others Service Select a pre configured service for this class Options are SI P FTP and H 323 This loads pre configured values specifically for these service types Protocol Select a protocol Options are TCP UDP and User Defined Exclude Select this to use the class to exclude packets based on these settings Apply Click this button to save your changes back to the WiMAX Modem Cancel Click this button to begin configuring this screen afresh User s Guide 18 1 18 1 1 18 1 2 The Logs Screens Overview Use the TOOLS gt Logs screens to look at log entries and alerts and to configure the WiMAX Modem s s log and alert settings For a list of log messages see Section 18 4 on page 205 What You Can Do in This Chapter The View Logs screen Section 18 2 on page 201 lets you look at log entries and alerts The Log Settings screen Section 18 3 on page 203 lets you configure where the WiMAX Modem sends logs and alerts the schedule for sending logs and which
119. Sac Eee aD Tes tassa 40 2 T Ml OOBSBIN aaria ceci E sU debut pce UBqei e Lem manto cie a e a Opa o dad Ane e a Cae eec OS ERE PIS PSOE 41 Chapter 3 Internet Connection Wizard ee eieeeeee eene ee nennen run h unma auk unn aaa RR a RR ERR Rm nnmnnn nnn 45 S CREER tcs stus ee ee Rey ee RE uu MM d SIL IM M M IUE EM EI M ME 45 3 1 1 Welcome to the ZyXEL Setup Wizard 12 etie terr Lak ett eiiiai 45 ml mS MOERS i a a erbob Ga aegri epoca baba aaNet 46 2 1 9 Auhen aton OO rassisid eaaa tura bod oxi Onda e bad AR can e 47 Seba Ip JACI IS S ciuis tracdiba m Lege oat E oria Oe recto ad venido Ea Cote ace or Ene ccce oe Cocco rc Onde Cose 49 User s Guide Table of Contents cH Er us OONO PN TT 50 Chapter 4 VolP Connection VIZ d iiam sess e cena ee ee ae aaa a EREA aa S 51 AN RIV IA RO RU UU TEUER 51 212 Welcome to the ZyXEL Setup Wizard i iuiiiicseeisicese nicis ume i tese cei eRe pe Aa EA 51 42 1 DRESD Voie Account Songs auxoaasissuixitusdkbvxmbd adu Rr in aeaa dE Rena aA UNE NSA Eaa 52 122 op COMPIE cu a 54 Pari li Basie SOTE cg T I Aidaa 55 Chapter 5 The i I 57 MEE i PERS E E dobre E HER 57 5 1 3 What You Can Do in This NSIS sison accu ila edadura ai sac iai A 57 5 12 Whal Yog Need io KNOW i2 Linen oto teint tels rias ei dash Fels cded bebes d idpss nien dad ecl dU 57 SL BONO TUBON ora TM UE 58 5 4
120. Security Certificate From D Documents and Settings 13435 Desktop Always ask before opening this file potentially harm your computer If you do not trust the source do not 9 While files from the Intemet can be useful this file type can open this software What s the risk 3 Refer to steps 4 12 in the Internet Explorer procedure beginning on page 312 to complete the installation process User s Guide Appendix E Importing Certificates Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7 1 Open Internet Explorer and click TOOLS gt Internet Options Figure 164 Internet Explorer 7 Tools Menu t iz Page MES Delete Browsing History Pop up Blocker Phishing Filter Manage Add ons Work Offline Windows Update Full Screen Menu Bar Toolbars Windows Messenger Diagnose Connection Problems Sun Java Console Internet Options 2 Inthe Internet Options dialog box click Content gt Certificates Figure 165 Internet Explorer 7 Internet Options Internet Options PR General Security Priva Content Qpnnections Programs Advanced t Content Advisor Ratings help you control the Internet content that can be viewed on this computer Certificates Use certificates for encrypted connections and identification Clear SSL state V Certificates Publishers AutoComplete AutoComplete stores previous entries
121. TCP ESP GRE no routing UDP IGMP OSPF The firewall classified a packet with no source routing entry as an IP spoofing attack ip spoofing no routing The firewall classified an ICMP packet with no source TGR entry ICMP type d routing entry as an IP spoofing attack code d vulnerability ICMP The firewall detected an ICMP vulnerability attack type d code d traceroute ICMP type d The firewall detected an ICMP traceroute attack code d ports scan UDP The firewall detected a UDP port scan attack Firewall sent TCP packet The firewall sent TCP packet in response to a DoS attack in response to DoS attack ICMP Source Quench ICMP The firewall detected an ICMP Source Quench attack ICMP Time Exceed ICMP The firewall detected an ICMP Time Exceed attack ICMP Destination Unreachable ICMP The firewall detected an ICMP Destination Unreachable attack ping of death ICMP The firewall detected an ICMP ping of death attack smurf ICMP The firewall detected an I CMP smurf attack Table 89 Remote Management Logs LOG MESSAGE DESCRIPTION UPnP denied Remote Management FTP denied Attempted use of FTP service was blocked according to remote management settings Remote Management TELNET Attempted use of TELNET service was blocked denied according to remote management settings Remo
122. To use iy Network Card Setup General configuration Name Ethernet D No IP Address for Bonding Devices _ Dynamic Address Statically assigned IP Address IP Address DHCP Subnet Mask Hostname 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address if you have a static IP address Fill in the I P address Subnet mask and Hostname fields 7 Click Next to save the changes and close the Network Card Setup window User s Guide Appendix B Setting Up Your Computer s IP Address 8 If you know your DNS server IP address es click the Hostname DNS tab in Network Settings and then enter the DNS server information in the fields provided Figure 131 openSUSE 10 3 Network Settings B YaST 2 linux h20z Enter the name for DNS domain that it belongs to Optionally enter the name server list and domain search list Note that the hostname is global it applies to all interfaces not just this one The domain is especially important if this computer is a mail server If you are using DHCP to get an IP address check whether to get a hostname via DHCP The hostname of your host which can be seen by issuing the hostname command will be set automatically by the DHCP client You may want to disable this option if you connect to different networks m th
123. Type column and enter the callee s IP address or domain name The WiMAX Modem sends SIP INVITE requests to the peer VolP device when you use the speed dial entry You do not need to configure a SIP account in order to make a peer to peer VoIP call User s Guide Chapter 12 The Phone Book Screens 12 2 Incoming Call Policy Click VOI CE gt Phone Book gt Incoming Call Policy to maintain rules for handling incoming calls You can block redirect or accept them Figure 57 VOICE gt Phone Book gt Incoming Call Policy Table Number Table 1 v Forward to Number Setup CI Unconditional Forward to Number C Busy Forward to Number C No Answer Forward to Number No Answer Waiting Time 5 Second Advanced Setup Incoming Call Number Forward to Number Condition 1 Unconditional v 2 Unconditional Unconditional v Unconditional v Unconditional v Unconditional v Unconditional v Unconditional Unconditional v 4 noone ooo 10 Unconditional v The following table describes the labels in this screen Table 47 VOICE gt Phone Book gt Incoming Call Policy LABEL DESCRIPTION Table Number Select the call forwarding table you want to see in this screen If you change this field the screen automatically refreshes Forward to Number Setup Unconditional Select this if you want the WiMAX Modem to forward all incoming calls Forward to to the specified phone number reg
124. UP met IP ea teste dedii etre deba tan ramas a a M legge aie tali tuas 59 Figure DS SETLIP s TMe SENJ auccesstisuidonbeskEee n Onibou MORE Fete Sivan tain iueuds aUi ud aA 60 Figure 19 ADVANCED gt LAN Configuration DHCP Setup uices rcnt metere thee pethk enun ceea 66 Figure 20 ADVANCED gt LAN Configuration gt Static DHCP ssssssssssesseeeeenneens 68 Figure 21 Advanced LAN Configuration gt IP Static Route essssssseeeeeeeennneens 69 Figure 22 Advanced LAN Configuration gt IP Static Route Setup ssssssssssess 70 Figure 23 ADVANCED gt LAN Configuration gt Advanced sse n Figure 24 WIMaX Mobile SANON muimme NET 78 Figure 25 WIMAX Multiple Mobile Stations uiuis esc rrt rrr te nike ER aac a tds 78 Figuic 26 UD BU AAA DENET is catenins n inre baxi uad OD ta dom dci oa niae tad drauf vdd da da Y 79 Figure 27 ADVANCED gt WAN Configuration gt Internet Connection sssssseeene 80 Figure 28 ADVANCED gt WAN Configuration WiMAX Configuration sssssseeee 83 Fus 2s FIBOUEIGY DIBERISB Sutimtiedtestulicoistm vim teet Ud sasentr ane ord d enka pneu ots iece etre onu one Corr em ie eoe 84 Figure 30 Completing the WIMAX Frequency Screen iiuiiisuceeece eene eere ena e there agere Ip Dv EDuE annin 86 Figure 31 ADVANCED gt WAN Configuration gt Antenna Selection sssssseeees 86 Figure 32 ADVANCED gt WAN Co
125. Valid To This field displays the date that the certificate expires The text displays in red and includes an Expired message if the certificate has expired Action Click the Edit icon to open a screen with an in depth list of information about the certificate Click the Export icon to save a copy of the certificate without its private key Browse to the location you want to use and click Save Click the Delete icon to remove a certificate A window displays asking you to confirm that you want to delete the certificate Subsequent certificates move up by one when you take this action The WiMAX Modem keeps all of your certificates unless you specifically delete them Uploading new firmware or default configuration file does not delete your certificates You cannot delete certificates that any of the WiMAX Modem s features are configured to use Import Click to a certificate into the WiMAX Modem Create Click to go to the screen where you can have the WiMAX Modem generate a certificate or a certification request Refresh Click to display the current validity status of the certificates User s Guide Chapter 13 The Certificates Screens 13 2 1 My Certificates Create Click TOOLS Certificates My Certificates and then the Create icon to open the My Certificates Create screen Use this screen to have the WiMAX Modem create a self signed certificate enroll a certificate with a certi
126. Vol P or PSTN phones Figure 3 WiMAX Modem s VoIP Features Calls via VoIP Service Provider User s Guide 33 Chapter 1 Getting Started 1 2 WiMAX Modem Hardware Follow the instructions in the Quick Start Guide to make hardware connections 1 2 1 LEDs The following figure shows the LEDs lights on the WiMAX Modem Figure4 The WiMAX Modem s LEDs NNNNNNNNNNNNNWENNNNNN POWER WI MAX LI NK STRENGTH I NDI CATORS VOI CE The following table describes your WiMAX Modem s LEDs from right to left Table2 The WiMAX Modem LED STATE DESCRIPTION Power Off The WiMAX Modem is not receiving power Red The WiMAX Modem is receiving power but has been unable to start up correctly or is not receiving enough power See the Troubleshooting section for more information Green The WiMAX Modem is receiving power and functioning correctly User s Guide Chapter 1 Getting Started Table2 The WiMAX Modem LED STATE DESCRIPTION LAN Off The LAN is not connected Green The WiMAX Modem has a successful Local Area Network Ethernet connection and is active during modem activity Voice Off No SIP account is registered or the WiMAX Modem is not receiving power Green A SIP account is registered Green Blinking A SIP account is registered and the phone attached to the LINE port is in use off the hook Yellow A SIP account is
127. X Modem times out in three minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control Protocol I nternet Protocol Two points to remember about trigger ports 1 Trigger events only happen on data that is coming from inside the WiMAX Modem and going to the outside 2 If an application needs a continuous data stream that port range will be tied up so that another computer on the LAN can t trigger it 8 5 ALG Some applications such as SIP cannot operate through NAT are NAT un friendly because they embed IP addresses and port numbers in their packets data payload Some NAT routers may include a SIP Application Layer Gateway ALG An Application Layer Gateway ALG manages a specific protocol such as SIP H 323 or FTP at the application layer A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream User s Guide Chapter 8 The NAT Configuration Screens Click ADVANCED gt NAT Configuration gt ALG to enable and disable SIP Vol P FTP file transfer and H 323 audio visual ALG in the WiMAX Modem Figure 39 ADVANCED gt NAT Configuration gt ALG Enable SIP ALG Enable FTP ALG Enable H 323 ALG ih The following table describes the labels in this screen Table 30 ADVANCED gt NAT Configuration gt ALG LABEL DESCRIPTION Enable SIP ALG Select this to make sure SIP VoIP works correctly wi
128. X frequency information for the WiMAX Modem These settings can be configured in the ADVANCED gt WAN Configuration gt WiMAX Configuration screen Figure 92 WiMAX Site Information DL Frequency L Frequency L Frequency L Frequency g L Frequency Bandwidth L Frequency L Frequency D D D DL Frequency D Di DL Frequency DL Frequency 10 DL Frequency DL Frequency DL Frequency DL Frequency DL Frequency DL Frequency DL Frequency DL Frequency DL Frequency WiMAX Site Information 1 2 8 kHz kHz kHz kHz kHz kHz kHz kHz kHz kHz kHz kHz kHz kHz kHz kHz kHz kHz kHz KHz The following table describes the labels in this screen Table 98 WiMAX Site Information LABEL DESCRIPTION 1 119 DL Frequency These fields show the downlink frequency settings in kilohertz kHz These settings determine how the WiMAX Modem searches for an available wireless connection User s Guide Lr Chapter 19 The Status Screen 19 2 3 DHCP Table Click Status DHCP Table to open this screen This read only screen shows the IP addresses Host Names and MAC addresses of the devices currently connected to the WiMAX Modem These settings can be configured in the ADVANCED gt LAN Configuration DHCP Setup screen Figure 93 DHCP Table DHCP Table z IP Address Host Name MAC Address 1 192 168 100 33 TWPC13435 XP 00
129. You can use up to 127 printable ASCII Extended set characters Send Caller ID Select this if you want to send identification when you make Vol P phone calls Clear this if you do not want to send identification Authentication User Name Enter the user name for registering this SIP account exactly as it was given to you You can use up to 95 printable ASCII characters Password Enter the user name for registering this SIP account exactly as it was given to you You can use up to 95 printable ASCII Extended set characters Apply Click to save your changes Reset Click to restore your previously saved settings Advanced Click this to edit the advanced settings for this SIP account The Advanced SI P Settings screen appears User s Guide Chapter 10 The Service Configuration Screens 10 2 1 Advanced SIP Settings This section describes the features of the Advanced SIP settings screen 10 2 1 1 STUN STUN Simple Traversal of User Datagram Protocol UDP through Network Address Translators allows the WiMAX Modem to find the presence and types of NAT routers and or firewalls between it and the public Internet STUN also allows the WiMAX Modem to find the public IP address that NAT assigned so the WiMAX Modem can embed it in the SIP data stream STUN does not work with symmetric NAT routers or firewalls See RFC 3489 for details on STUN The following figure shows how STUN works 1 The Wi
130. ZyXEL Malaysia Sdn Bhd 1 02 amp 1 03 Jalan Kenari 17F Bandar Puchong J aya 47100 Puchong Selangor Darul Ehsan Malaysia North America Support E mail support zyxel com Support Telephone 4 1 800 978 7222 Sales E mail sales zyxel com Sales Telephone 1 714 632 0882 Fax 1 714 632 0858 Web www zyxel com Regular Mail ZyXEL Communications Inc 1130 N Miller St Anaheim CA 92806 2001 U S A Norway Support E mail support zyxel no User s Guide Appendix Customer Support Sales E mail sales zyxel no Telephone 47 22 80 61 80 Fax 47 22 80 61 81 Web www zyxel no Regular Mail ZyXEL Communications A S Nils Hansens vei 13 0667 Oslo Norway Poland E mail info pl zyxel com Telephone 48 22 333 8250 Fax 48 22 333 8251 Web www pl zyxel com Regular Mail ZyXEL Communications ul Okrzei 1A 03 715 Warszawa Poland Russia Support http zyxel ru support Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovityanova 37a Str Moscow 117279 Russia Singapore Support E mail support zyxel com sg Sales E mail sales zyxel com sg Telephone 65 6899 6678 Fax 65 6899 8887 e Web http www zyxel com sg Regular Mail ZyXEL Singapore Pte Ltd No 2 International Business Park The Strategy 03 28 Singapore 609930 Spain Support E mail support zyxel es
131. a network View network computers and devices Add a device to the network Set up file sharing System and Maintenance Security Network and Internet lt 7 Internet Options Hardware and Sound Connecttotheinternet Changeycurhomepage Manage browser add ons Programs Delete browsing history and cookies User s Guide Appendix B Setting Up Your Computer s IP Address 4 Click Manage network connections Figure 104 Windows Vista Network and Sharing Center QU nt Network and Internet Network and Sharing Center v File Edit View Tools Help Tasks 1 Network and Sharing Center View computers and devices Connect to a network Set un a ranna tian or network A t i 3 T Manage network connections TWPC99111 Internet Diagnose ana repair This computer Not connected 5 Right click Local Area Connection and then select Properties Figure 105 Windows Vista Network and Sharing Center LAN or High Sessd Tntarnat TT 1 w em Collapse group Left Arrow Conne X er Expand all groups ud nue Collapse all groups Disable Status Diagnose Bridge Connections Create Shortcut Delete Rename Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue 266 User s Guide Appendix B Setting Up Your Computer s IP Address 6 Select Internet Protocol Version 4 TCP
132. able VoIP Status Account Registration URI Voice 1 Failed changeme 127 0 0 1 User s Guide Chapter 19 The Status Screen The following tables describe the labels in this screen Table 96 Status LABEL DESCRIPTION Refresh Interval Select how often you want the WiMAX Modem to update this screen Refresh Now Click this to update this screen immediately Device Information System Name This field displays the WiMAX Modem system name It is used for identification You can change this in the ADVANCED gt System Configuration gt General screen s System Name field Firmware Version This field displays the current version of the firmware inside the device It also shows the date the firmware version was created You can change the firmware version by uploading new firmware in ADVANCED gt System Configuration gt Firmware WAN Information IP Address This field displays the current IP address of the WiMAX Modem in the WAN IP Subnet Mask This field displays the current subnet mask on the WAN DHCP This field displays what DHCP services the WiMAX Modem is using in the WAN Choices are Client The WiMAX Modem is a DHCP client in the WAN Its IP address comes from a DHCP server on the WAN None The WiMAX Modem is not using any DHCP services in the WAN It has a static IP address LAN Information IP Address This field displays the c
133. ace this field displays the port speed and duplex setting when the WiMAX Modem is connected to a WiMAX network and Down when the WiMAX Modem is not connected to a WiMAX network For the LAN interface this field displays the port speed and duplex setting when the WiMAX Modem is using the interface and Down when the WiMAX Modem is not using the interface For the WLAN interface it displays the transmission rate when WLAN is enabled or Down when WLAN is disabled TxPkts This field displays the number of packets transmitted on this interface RxPkts This field displays the number of packets received on this interface Collisions This field displays the number of collisions on this port Tx B s This field displays the number of bytes transmitted in the last second Rx B s This field displays the number of bytes received in the last second Up Time This field displays the elapsed time this interface has been connected System up Time This is the elapsed time the system has been on Poll Interval s Type the time interval for the browser to refresh system statistics Set Interval Click this button to apply the new poll interval you entered in the Poll Interval field above Stop Click this button to halt the refreshing of the system statistics User s Guide Chapter 19 The Status Screen 19 2 2 WIMAX Site Information Click Status WiMAX Site I nformation to open this screen This read only screen shows WiMA
134. address User s Guide Appendix D IP Addresses and Subnetting The computer cannot access the Internet This problem can be solved by assigning a different IP address to the computer or the router s LAN port Figure 149 Conflicting Computer and Router IP Addresses Example 20mm um um um um Um Um m Wo a 1192 168 1 1 1 dx i 1 CPG D o 3 ee fi D E i i 192 168 1 1 Internet 3 7 Rem e eee eee User s Guide Importing Certificates This appendix shows you how to import public key certificates into your web browser Public key certificates are used by web browsers to ensure that a secure web site is legitimate When a certificate authority such as VeriSign Comodo or Network Solutions to name a few receives a certificate request from a website operator they confirm that the web domain and contact information in the request match those on public record with a domain name registrar If they match then the certificate is issued to the website operator who then places it on the site to be issued to all visiting web browsers to let them know that the site is legitimate Many ZyXEL products such as the NSA 2401 issue their own public key certificates These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it However because the certificates were not issued by one of the several organizations of
135. ain The following table describes the labels in this screen Table 35 ADVANCED gt System Configuration gt Firmware LABEL DESCRIPTION Restart Click this button to have the device perform a software restart The Power LED blinks as it restarts and the shines steadily if the restart is successful Note Wait one minute before logging back into the WiMAX Modem after a restart User s Guide 1 07 Chapter 9 The System Configuration Screens 9 6 1 The Restart Process When you click Restart the the process usually takes about two minutes Once the restart is complete you can log in again User s Guide PART IV Voice Screens The Service Configuration Screens 111 The Phone Screens 129 The Phone Book Screens 139 10 1 The Service Configuration Screens Overview The VOICE Service Configuration screens allow you to set up your voice accounts and configure your QoS settings VolP Voice over IP is the sending of voice signals over the Internet Protocol This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit switched telephone network You can also use servers to run telephone service applications like PBX services and voice mail Internet Telephony Service Provider ITSP companies provide VoIP service A company could alternatively set up an IP PBX and provide it s own VoIP service Circu
136. alue depends on the Protocol Please refer to RFC 1700 for further information about port numbers f the Protocol is TCP UDP or TCP UDP this is the IP port number f the Protocol is USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 125 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH User Defined 51 The IPSEC AH Authentication IPSEC TUNNEL Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some servers BGP TCP 179 Border Gateway Protocol BOOTP CLIENT UDP 68 DHCP Client BOOTP SERVER UDP 67 DHCP Server CU SEEME TCP 7648 A popular videoconferencing solution from White Pines Software UDP 24032 DNS TCP UDP 53 Domain Name Server a service that matches web names for example www zyxel com to IP numbers User s Guide Appendix G Common Services Table 125 Commonly Used Services continued NAME PROTOCOL PORT S DESCRIPTION ESP User Defined 50 The IPSEC ESP Encapsulation IPSEC TUNNEL Security Protocol tunneling protocol uses this service FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to
137. anse 306 User s Guide List of Tables Table 124 16 bit Network Number Subnet Planning esssssseseseeeeeeeennen enne 307 Table 125 Commonly Used Services User s Guide ART Introduction and Getting Started 31 Introducing the Web Configurator 37 Internet Connection Wizard 45 VolP Connection Wizard 51 Getting Started The following devices are covered in this book MODEL FEATURES MAX 206M1R 1 VoIP Port MAX 216M1R MEER MAX 236M1R MAX 216M1R plus 2 External Antennas 1 VoIP Port 1 LAN Port MAX 216MR 1 LAN Port All graphics and Web Configurator screens shown in this book are based on the MAX 206M1R unless otherwise noted 1 1 About Your WiMAX Modem The WiMAX Modem has a built in switch and one phone port It allows you to access the Internet by connecting to a WiMAX wireless network You can use a traditional analog telephone to make Internet calls using the WiMAX Modem s Voice over IP Vol P communication capabilities You can configure firewall and content filtering as well as a host of other features The web browser based Graphical User Interface GUI also known as the web configurator provides easy management See Chapter 21 on page 237 for a complete list of features for your model User s Guide 31 Chapter 1 Getting Started 1 1 1 WiMAX Internet Access Connect your computer or network to the WiMAX Modem for W
138. any network for security reasons In this example the company network address is 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is the host ID allowing a maximum of 28 2 or 254 possible hosts User s Guide Appendix D IP Addresses and Subnetting The following figure shows the company network before subnetting Figure 145 Subnetting Example Before Subnetting qmm mm Bm Em Em mm ES EN EN EN EN EN EN NN OE d i I i i I i i Internet I I l H i I 1 i E I I y 192 168 1 0 24 4 4 eee eee ee um umm m m m m um You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either O or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 User s Guide Appendix D IP Addresses and Subnetting The following figure shows the company network after subnetting There are now two sub networks A and B Figure 146 Subnetting Example After Subnetting B if h hb2 s e D 2 D et 1192 168 1 0 25 4 192 168 1 128 251 eee eee um um um PP eom um um um um um umo In a 25 bit subnet the host ID has 7 bits so each sub network has a maximum of 2 2 or 126 possible hosts a host ID of all zeroes is the subnet s a
139. appendix The devi D is the MAC address of the router s LAN port The cat is the same as the category in the router s logs Traffic Log Facility 8 Severity Mon dd hr mm ss hostname src lt srcIP srcPort gt dst lt dstIP dstPort gt msg Traffic Log note Traffic Log devID lt mac address gt cat Traffic Log duration seconds sent sent Bytes rcvd receiveBytes dir from to protoID IPProtocolID proto serviceName trans IPSec Normal This message is sent by the device when the connection session is closed The facility is defined in the Log Settings screen The severity is the traffic log type The message and note always display Traffic Log The proto field lists the service name The dir field lists the incoming and outgoing interfaces LAN LAN LAN WAN LAN DEV for example The following table shows RFC 2408 ISAKMP payload types that the log displays Please refer to the RFC for detailed information on each type Table 76 RFC 2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE SA Security Association PROP Proposal TRANS Transform KE Key Exchange ID Identification CER Certificate CER REQ Certificate Request HASH Hash SIG Signature NONCE Nonce NOTFY Notification DEL Delete VID Vendor ID User s Guide Chapter 18 The Logs Screens 18 2 View Logs Click TOOLS gt Logs gt V
140. ardless of other rules in the Number Forward to Number section Specify the phone number in the field on the right Busy Forward Select this if you want the WiMAX Modem to forward incoming calls to to Number the specified phone number if the phone port is busy Specify the phone number in the field on the right If you have call waiting the incoming call is forwarded to the specified phone number if you reject or ignore the second incoming call User s Guide Chapter 12 The Phone Book Screens Table 47 VOICE gt Phone Book gt Incoming Call Policy LABEL DESCRIPTION No Answer Select this if you want the WiMAX Modem to forward incoming calls to Forward to the specified phone number if the call is unanswered See No Answer Number Waiting Time Specify the phone number in the field on the right No Answer This field is used by the No Answer Forward to Number feature and Waiting Time No Answer conditions below Enter the number of seconds the WiMAX Modem should wait for you to answer an incoming call before it considers the call is unanswered Advanced Setup The number of the item in this list Activate Select this to enable this rule Clear this to disable this rule Incoming Call Enter the phone number to which this rule applies Number Forward to Enter the phone number to which you want to forward incoming calls Number from the Incoming Call Number You may leave this field blank
141. as 200 Tabe TOOLS gt Logs a MI UIos Ae adheres biased earacediem telntaceiedatreincagieeds 201 Jabipe 78 TOOLS 9 Long cL pr Sti abc HEC pte p DAE do n DP eb pada x d ad a Edu 204 Ne cx cric Es MUT I UU I T T TT 205 Tabie 80 System Ipse LOIS mE 205 User s Guide List of Tables Table ST AGOBES Conirol Logs siiani giat Rabe oc a nott peat d bonia boca P bL Ra pb AFER 206 HAR SOS TE P BESTES ane sacar tse edad anc bonatiarcemn uenis T AEA D dr zs d duret DN aite dU RI 207 Table 83 Packet Filter LOGS ee 207 Br c DTE 208 Tubi S5 PPP DUE atsetsbuissstunieseteiq uet Ren Ug Ea Bedam arbe nE GbR eachother oats 208 Table S0 UPIP LOUS e M 208 Tabie 87 Coment PESE LOCI acess inant edades eux saeia a a aa ENEAS den gaude 209 Uri rms wis qeu T 209 Table 59 Heirpie Management Logs diserte npa rU adag er Dao Ee vas res Kd dias ey dt ee ad IER Reda 210 TDI OD NO ME BICI niosepicteiia t gu EX abet eeelesieh a FUSE R XR ad Fata dU daa Fu diae 211 E caddmo Aem 212 Excmo d NS 212 Table OS FSM Logs Caler SIUE emm ETE 213 Tabe Bee FSM Logs Caleg GGE em 213 Noc MN nde qe T MN 213 B cio Ar n EET 216 TUES POL SIUS UPS his arctan derienni Prbogsta x dodi bap acta nen ape o a eap uet b UR E 220 TIG O8 VOTER Saito IECIT aisian paw pcr ation bui acad baa xd s Dad da Rig a 221 PAS OS DHCP TADIG cm Em 222 TOETO YAP E a prec er eer NE i rer Terre 223 BE cA UNIES zii i o M 225 Tabl
142. aults Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears Figure 142 Mozilla Firefox TOOLS gt Options IEEE Help Web Search Ctrl K Downloads Add ons Ctrl Web Developer Error Console Adblock Plus Page Info Ctrl Shift 4 FireFTP Clear Private Data Session Manager Ctrl Shift Del Tab Mix Plus Options User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions Click Content to show the screen below Select the check boxes as shown in the following screen Figure 143 Mozilla Firefox Content Security x qa mm wa Privacy Security Advanced Block pop up windows Exceptions IV Load images automatically Exceptions IV Enable JavaScript Advanced IV Enable Java r Fonts amp Colors Default Font Times New Roman Size 16 v Advanced Colors r File Types Configure how Firefox handles certain types of Files Manage NN User s Guide 297 Appendix C Pop up Windows JavaScripts and Java Permissions User s Guide IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks IP addresses identify individual devices on a network Every networking device including computers servers rout
143. ause the other party is not speaking as total silence could easily be mistaken for a lost connection Echo Cancellation You device supports G 168 of at least 24 ms This an ITU T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver User s Guide while you talk Chapter 21 Product Specifications Table 104 Firmware Specifications continued FEATURE DESCRIPTION Time and Date Get the current time and date from an external server when you turn on your WiMAX Modem You can also set the time manually Logging Use the WiMAX Modem s logging feature to view connection history surveillance logs and error messages Codecs Enhanced Variable Rate Codec EVRC G 711 PCM p law and a law G 729a and G 723 1 Fax Support T 38 FAX relay FAX over UDP G 711 fax relay for fax calls and be able to renegotiate codec to G 711 if a fax call is detected Ring Tones Supports different distinctive ring tones on each line Call Prioritization Prioritize VoIP traffic originating from the RJ 11 ports over any other traffic Table 105 Standards Supported STANDARD DESCRIPTION RFC 768 User Datagram Protocol RFC 791 Internet Protocol v4 RFC 792 Internet Control Message Protocol RFC 792 Transmission Control Protocol RFC 826 Address Resolution Protocol RFC 854 Telnet Protocol
144. ay be the only certification authority in the list along with the certificate itself If the certificate is a self signed certificate the certificate itself is the only one in the list The WiMAX Modem does not trust the certificate and displays Not trusted in this field if any certificate on the path has expired or been revoked Refresh Click to display the certification path Certification Information Type This field displays general information about the certificate CA signed means that a Certification Authority signed the certificate Self signed means that the certificate s owner signed the certificate not a certification authority X 509 means that this certificate was created and signed according to the ITU T X 509 recommendation that defines the formats for public key certificates Version u This field displays the X 509 version number Serial Number This field displays the certificate s identification number given by the certification authority or generated by the WiMAX Modem Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Issuer This field displays identifying information about the certificate s issuing certification authority such as Common Name Organizational Unit Organization and Country With self signed certificates this is the same as the Subj
145. b rere eig R Ebr Use eS Cu pps Udo pio URN da UpDUM Teme Ferrer rr retry 115 Figure 47 VOICE gt Service Configuration gt SIP Settings gt Advanced sss 117 Figure 48 VOICE gt Service Configuration CIO osse por uaa nc koxbe uq da aai at usan 122 gviuR fedi uei 124 Fade S0 SI PP PELOP eel iraa rna Cate rotat Derbi boob Lob cai qb prag Pa dots P POUR DM abra n et 125 Foue STSP Rediet Saer E o SE UO S SLE 126 Figure 52 Diffserv Dilterentiated Service Fiel cie neat peres on e EE ren aai ene em REUS 127 Figure 53 VOICE Phone s Analog POP arerioa aaia aias 130 Figure 54 VOICE gt Phone gt Analog Phone gt Advanced esee 131 Figure 55 VOICE Phone gt Gomma quias Pod uo aa oda epoca ce a eod ap oca pe La a bt 132 Figure 56 VOICE lt Phone REGION eM 133 Figure 57 VOICE Phone Book Incoming Gall Polity 2 iaeioen tee toco terae tre ton Rieti Re brat ERE EEcIS 140 Figure 55 VOICE w Phone Book speed Dial 5 arcas i pel ecin dnd er cud d d a pPC d T rea 142 Figure 59 TOOLS Garllficates My Cemificates cccsydausisvianconnteniyinuctwanieunatnanodi etie abere eq pnus 148 Figure 60 TOOLS gt Certificates gt My Certificates gt Create ooo ee eeceecceeeneeeeeeeterereeeeeeeeseeeeenneneneeees 150 Figure 61 TOOLS gt Certificates gt My Certificates gt Edit sicerisuiissariu irsinin anaana 154 Figure 62 TOOLS gt Certificates gt My Certificates gt Import ss
146. ble 38 Custom Tones Details LABEL DESCRIPTION Total Time for All Tones 128 seconds for all custom tones combined User s Guide Chapter 10 The Service Configuration Screens Table 38 Custom Tones Details LABEL DESCRIPTION Maximum Time per 20 seconds Individual Tone Total Number of Tones 8 Recordable You can record up to eight different custom tones but the total time must be 128 seconds or less Use the following steps if you would like to create new tones or change your tones 1 Pick up the phone and press on your phone s keypad and wait for the message that says you are in the configuration menu 2 Press a number from 1101 1108 on your phone followed by the key 3 Play your desired music or voice recording into the receiver s mouthpiece Press the key 4 You can continue to add listen to or delete tones or you can hang up the receiver when you are done Do the following to listen to a custom tone 1 Pick up the phone and press on your phone s keypad and wait for the message that says you are in the configuration menu 2 Press a number from 1201 1208 followed by the key to listen to the tone 3 You can continue to add listen to or delete tones or you can hang up the receiver when you are done Do the following to delete a custom tone 1 Pick up the phone and press on your phone s keypad and wait for the message that says you are i
147. calls you You can then either reject the new incoming call put your current call on hold and receive the new incoming call or end the current call and receive the new incoming call Call forwarding With this feature you can set the WiMAX Modem to forward calls to a specified number either unconditionally always when your number is busy or when you do not answer You can also forward incoming calls from one specified number to another User s Guide Chapter 21 Product Specifications Table 112 Voice Features Caller ID The WiMAX Modem supports caller ID which allows you to see the originating number of an incoming call on a phone with a suitable display REN A Ringer Equivalence Number REN is used to determine the number of devices like telephones or fax machines that may be connected to the telephone line Your device has a REN of three so it can support three devices per telephone port QoS Quality of Quality of Service QoS mechanisms help to provide better service Service on a per flow basis Your device supports Type of Service ToS tagging and Differentiated Services DiffServ tagging This allows the device to tag voice frames so they can be prioritized over the network SIP ALG Your device is a SIP Application Layer Gateway ALG It allows VolP calls to pass through NAT for devices behind it such as a SIP based VoIP software application on a computer Other Voice SIP
148. ccess Protocol IEEE 802 16e WiMAX Bandwidth 2 5 GHz Data Rate Download Maximum 20 Mbps Average 6 Mbps Upload Maximum 4 Mbps Average 3 Mbps Modulation QPSK uplink and downlink 16 QAM uplink and downlink 64 QAM downlink only Output Power 27dBm with external antennas attached Duplex mode Time Division Duplex TDD Security PKMv2 EAP CCMP 128 bit AES User s Guide Chapter 21 Product Specifications Table 110 Firmware Specifications FEATURE DESCRIPTION Web based Configuration Also known as the web configurator this is a firmware and Management Tool based management solution for the WiMAX Modem You must connect using a compatible web browser in order to use it High Speed Wireless The WiMAX Modem is ideal for high speed wireless Internet Internet Access browsing WiMAX Worldwide Interoperability for Microwave Access is a wireless networking standard providing high bandwidth wide range secured wireless service The WiMAX Modem is a WiMAX mobile station MS compatible with the IEEE 802 16e standard Firewall The WiMAX Modem is a stateful inspection firewall with DoS Denial of Service protection By default when the firewall is activated all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN The WiMAX Modem s firewall supports TCP UDP inspection DoS detection and prevention real time alerts reports and logs C
149. ce 38 1b 7c The following table describes the labels in this screen Table 57 TOOLS gt Certificates gt Trusted CAs gt Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate You can use up to 31 alphanumeric and amp _ characters Property Select Default self signed certificate which signs the imported remote host certificates to use this certificate to sign the remote host certificates you upload in the TOOLS gt Certificates gt Trusted CAs screen User s Guide Chapter 13 The Certificates Screens Table 57 TOOLS gt Certificates gt Trusted CAs gt Edit continued LABEL DESCRIPTION Certification Path This field displays for a certificate not a certification request Click the Refresh button to have this read only text box display the hierarchy of certification authorities that validate the certificate and the certificate itself If the issuing certification authority is one that you have imported as a trusted certification authority it may be the only certification authority in the list along with the certificate itself If the certificate is a self signed certificate the certificate itself is the only one in the list The WiMAX Modem does not trust the certificate and displays Not trusted in this field if any certificate on the path has expired or been revoked Refresh Click Refresh to di
150. cess all Internet resources Computer IP without the restrictions you set in these screens Enter the IP address of Address the trusted computer Restrict Web Select the web features you want to disable If a user downloads a page Features with a restricted feature that part of the web page appears blank or grayed out ActiveX This is a tool for building dynamic and active Web pages and distributed object applications When you visit an ActiveX Web site ActiveX controls are downloaded to your browser where they remain in case you visit the site again Java This is used to build downloadable Web components or Internet and intranet business applications of all kinds Cookies This is used by Web servers to track usage and to provide service based on ID Web Proxy This is a server that acts as an intermediary between a user and the Internet to provide security administrative control and caching service When a proxy server is located on the WAN it is possible for LAN users to avoid content filtering restrictions Keyword Blocking Enable URL Select this if you want the WiMAX Modem to block Web sites based on Keyword words in the web site address For example if you block the keyword Blocking bad http www website com bad html is blocked Keyword Type a keyword you want to block in this field You can use up to 128 printable ASCII characters There is no wildcard character however Add Click this to add the spe
151. cified Keyword to the Keyword List You can enter up to 128 keywords Keyword List This field displays the keywords that are blocked when Enable URL Keyword Blocking is selected To delete a keyword select it click Delete and click Apply Delete Click Delete to remove the selected keyword in the Keyword List The keyword disappears after you click Apply Clear All Click this button to remove all of the keywords in the Keyword List Denied Access Enter the message that is displayed when the WiMAX Modem s content Message filter feature blocks access to a web site Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide Chapter 15 Content Filter 15 3 Schedule Click TOOLS Content Filter Schedule to schedule content filtering Figure 75 TOOLS gt Content Filter gt Schedule Day to Block Everyday All day C sun O Mon O Tue O Wed O Thu O Fi O sat Time of Day to Block 24 Hour Format From Start o hour o min End 0 hour 0 min C The following table describes the labels in this screen Table 62 TOOLS gt Content Filter gt Schedule LABEL DESCRIPTION Day to Block Select which days of the week you want content filtering to be effective Time of Day to Block Select what time each day you want content filtering to be effective Enter times in 24 hour format for example
152. click OK Figure 157 Internet Explorer 7 Select Certificate Store Select Certificate Store Select the certificate store you want to use s w Trusted Root Certification Authorities H Enterprise Trust H Intermediate Certification Authorities J Active Directory User Object PA Triieted Di ihlichers lt Show physical stores User s Guide Appendix E Importing Certificates 9 Inthe Completing the Certificate I mport Wizard screen click Finish Figure 158 Internet Explorer 7 Certificate Import Wizard Certificate Import Wizard Completing the Certificate Import Wizard You have successfully completed the Certificate Import wizard You have specified the following settings Certificate Store Selected Automatically determined by 1 Content Certificate 10 If you are presented with another Security Warning click Yes Figure 159 Internet Explorer 7 Security Warning Security Warning You are about to install a certificate from a certification authority CA daiming to represent nsa2401 Windows cannot validate that the certificate is actually from nsa2401 You should confirm its origin by contacting nsa2401 The following number will assist you in this process Thumbprint sha1 35D 1C9AC DBCOE654 FE327C71 464D154B 242E5B93 Warning If you install this root certificate Windows will automatically trust any certificate issued by this CA Installing a certificate with an unconf
153. creens 10 1 3 Before you Begin Ensure that you have all of your voice account information on hand If not contact your voice account service provider to find out which settings in this chapter you should configure in order to use your telephone with the WiMAX Modem Connect your WiMAX Modem to the Internet as described in the Quick Start Guide If you have not already done so then you will not be able to test your Vol P settings 10 2 SIP Settings Click VOICE gt Service Configuration gt SIP Setting to setup and maintain your SIP account s in the WiMAX Modem Your VoIP or Internet service provider should provide you with your account information You can also enable and disable each SIP account Figure 45 VOICE gt Service Configuration gt SIP Setting SIP Account SIP1 SIP Settings Active SIP Account Number changeme SIP Local Port 5060 1025 65535 SIP Server Address 127 0 0 1 SIP Server Port 5060 1 65535 REGISTER Server Address 127 0 0 1 REGISTER Server Port 5060 1 65535 SIP Service Domain 127 0 0 1 Send Caller 1D Authentication User Name changeme Password CILLI User s Guide 113 Chapter 10 The Service Configuration Screens The following table describes the labels in this screen Table 36 VOICE gt Service Configuration gt SIP Setting LABEL DESCRIPTION SIP Account Select the SIP account you want to see in this screen
154. ct a location The log facility allows you to log the messages in different files in the syslog server See the documentation of your syslog for more details Active Log and Alert Log Select the categories of logs that you want to record Send immediate alert Select the categories of alerts that you want the WiMAX Modem to send immediately User s Guide Chapter 18 The Logs Screens Table 78 TOOLS gt Logs gt Log Settings LABEL DESCRIPTION Apply Click to save your changes Cancel Click to return to the previous screen without saving your changes 18 4 Log Message Descriptions The following tables provide descriptions of example log messages Table 79 System Error Logs LOG MESSAGE DESCRIPTION WAN connection is down The WAN connection is down You cannot access the network through this interface s exceeds the max number of session per host This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be created per host Table 80 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The device has adjusted its time based on information from the time server Time calibration failed The device failed to get information from the time server WAN interface gets IP s The WAN interface got a new IP address from the DHCP or PPPoE s
155. ction that you want to configure then click Properties Figure 122 Ubuntu 8 Network Settings Connections ir Network Settings E Point to point connec This network interface is not c 278 User s Guide Appendix B Setting Up Your Computer s IP Address 5 The Properties dialog box opens Figure 123 Ubuntu 8 Network Settings gt Properties t eO Propernes Ea Connection Settings Configuration lt IP address Subnet mask Gateway address Q cancel n the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address n the Configuration list select Static IP address if you have a static IP address Fill in the IP address Subnet mask and Gateway address fields 6 Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen User s Guide 279 Appendix B Setting Up Your Computer s IP Address 7 f you know your DNS server IP address es click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided Figure 124 Ubuntu 8 Network Settings DNS Ej Network Settings Be Location d Connections General DNS Hosts DNS Servers Search Domains Help Ed close 8 Click the Close button to apply the changes Verifying Settings Ch
156. d if you selected the Active checkbox on this screen Periodic Inform Interval Enter the time interval in seconds at which the WiMAX Modem connects to the auto configuration server Periodic Inform Time Enter a time interval that the WiMAX Modem will trigger a periodic inform interval This works in tandem with the Periodic I nform Interval and is not mutually exclusive of it The Periodic I nform Time must be in the following format yyyy mm ddThh mm ss where yyyy is a four digit year 2009 mm is a two digit month 01 12 dd is a two digit day 01 28 hh is a two digit hour in 24 hour format 01 24 mm is a two digit minutes value 01 60 and ss is a two digit seconds value 01 60 Note You must separate the day information from the hour information with a T This feature gives the WiMAX Modem a baseline from which to begin calculating when each periodic inform happens If the inform time is set for some point in the past the WiMAX Modem interpolates the inform interval forward to the current time and begins its periodic inform at the appropriate time based on this interpolation If the inform time is set for some point in the future then the WiMAX Modem interpolates backwards to the current time and actually begins at the appropriate time based on this interpolation Apply Click to save your changes Reset Click to restore your previously saved settings User s G
157. ddress If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks e 10 0 0 0 10 255 255 255 e 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space IP Address Conflicts Each device on a network must have a unique IP address Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources The devices may also be unreachable through the network Conflicting Computer IP Addresses Example More than one device can not use the same IP address In
158. ddress itself all ones is the subnet s broadcast address 192 168 1 0 with mask 255 255 255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 User s Guide Appendix D IP Addresses and Subnetting Each subnet contains 6 host ID bits giving 29 2 or 62 hosts for each subnet a host ID of all zeroes is the subnet itself all ones is the subnet s broadcast address Table 118 Subnet 1 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address Decimal 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address Lowest Host ID 192 168 1 1 192 168 1 0 Broadcast Address Highest Host ID 192 168 1 62 192 168 1 63 Table 119
159. ded Figure 89 TOOLS gt Logs gt Log Settings E mail Log Settings Mail Server Mail Subject Send Log to Send Alerts to Log Schedule Day for Sending Log Time for Sending Log C Clear log after sending mail Syslog Logging O Active Syslog Server IP Address Log Facility Active Log and Alert Log System Maintenance System Errors C Access Control Cl TCP Reset C Packet Filter O icmp C Remote Management CDR PPP CI Forward Web Sites CI Blocked Web Sites C Blocked Java etc C Attacks O PKI O SSL TLS SIP Outgoing SMTP Server NAME or IP Address E Mail Address E Mail Address When Log is Full v Monday v b hour fo minute _ Server NAME or IP Address Local 1 v Send immediate alert C System Errors CI Access Control C Blocked Web Sites C Blocked Java etc C Attacks O PKI Cancel User s Guide Chapter 18 The Logs Screens The following table describes the labels in this screen Table 78 TOOLS gt Logs gt Log Settings LABEL DESCRIPTION E mail Log Settings Mail Server Enter the server name or the IP address of the mail server the WiMAX Modem should use to e mail logs and alerts Leave this field blank if you do not want to send logs or alerts by e mail Mail Subject Enter the subject line used in e mail messages the WiMAX Modem sends Send Log to Enter the e mail address to which log
160. dem and the DDNS server address Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the WiMAX Modem and the DDNS server Use specified IP address Select this if you want to use the specified IP address with the host name s Then specify the IP address Use this option if you have a static IP address Apply Click to save your changes Reset Click to restore your previously saved settings 9 4 Firmware Click ADVANCED gt System Configuration gt Firmware to upload new firmware to the WiMAX Modem Firmware files usually use the system model name with a bin extension such as WiMAX Modem bin The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the system will reboot Contact your service provider for information on available firmware upgrades Note Only use firmware for your WiMAX Modem s specific model Figure 42 ADVANCED gt System Configuration gt Firmware File Path To upgrade the internal device s firmware browse to the location of the binary BIN upgrade file and click Upload Upgrade files can be downloaded from website If the upgrade file is compressed ZIP file you must first extract the binary BIN file In some cases you may need to reconfigure User s Guide Chapter 9 The System Configuration Screens The following table
161. difficulty accessing ISP services you may need to enter the Domain Name manually in the field below This field is normally left blank Domain Name lt Back Next f Close The following table describes the labels in this screen Table 5 Internet Connection Wizard gt System Information LABEL DESCRIPTION System Name System Name is a unique name to identify the WiMAX Modem in an Ethernet network Enter a descriptive name This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores are accepted Domain Name Type the domain name if you know it here If you leave this field blank the ISP may assign a domain name via DHCP The domain name entered by you is given priority over the ISP assigned domain name Back Click to display the previous screen Next Click to proceed to the next screen Exit Click to close the wizard without saving User s Guide Chapter 3 Internet Connection Wizard 3 1 3 Authentication Settings This Internet Connection Wizard screen allows you to configure your Internet access settings The settings here correspond to the ADVANCED WAN Configuration Internet Connection screen see Section 7 2 on page 80 for more information Figure8 Internet Connection Wizard Authentication Settings Screen Authentication Settings Enter the required settings as issued by your ISP
162. displays the basic steps in the setup and tear down of a SIP call A calls B Table 40 SIP Call Progression A B 1 INVITE 2 Ringing 3 OK 4 ACK 5 Dialogue voice traffic 6 BYE 7 OK 1 A sends a SIP INVITE request to B This message is an invitation for B to participate in a SIP telephone call 2 B sends a response indicating that the telephone is ringing 3 B sends an OK response after the call is answered 4 Athen sends an ACK message to acknowledge that B has answered the call 5 Now A and B exchange voice media talk User s Guide 123 Chapter 10 The Service Configuration Screens 10 4 2 10 4 3 10 4 4 1 After talking A hangs up and sends a BYE request B replies with an OK response confirming receipt of the BYE request and the call is terminated SIP Client Server SIP is a client server protocol A SIP client is an application program or device that sends SIP requests A SIP server responds to the SIP requests When you use SIP to make a VoIP call it originates at a client and terminates at a server A SIP client could be a computer or a SIP phone One device can act as both a SIP client and a SIP server SIP User Agent A SIP user agent can make and receive VoIP telephone calls This means that SIP can be used for peer to peer communications even though it is a client server protocol In the following figure either A or B can act as a SIP u
163. dix C on page 289 4 Ifthere is a DHCP server on your network make sure your computer is using a dynamic IP address Your WiMAX Modem is a DHCP server by default If there is no DHCP server on your network make sure your computer s IP address is in the same subnet as the WiMAX Modem See Appendix D on page 299 5 Reset the WiMAX Modem to its factory defaults and try to access the WiMAX Modem with the default IP address See Section 9 6 on page 107 6 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Try to access the WiMAX Modem using another service such as Telnet If you can access the WiMAX Modem check the remote management settings and firewall rules to find out why the WiMAX Modem does not respond to HTTP f your computer is connected wirelessly use a computer that is connected to a LAN ETHERNET port can see the Login screen but cannot log in to the WiMAX Modem 1 Make sure you have entered the user name and password correctly The default user name is admin and the default password is 1234 These fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the WiMAX Modem Log out of the WiMAX Modem in the other session or ask the person who is logged in to log out 3 Disconnect and re connect the power adapter or cord to the WiMAX Mod
164. e 102 Environmental and Hardware Specifications cccceecsceeeeceeceeeceeeeeeeeeeaeeeeeeeeeeeeeeeeneeenee 237 Taole 109 Radio SDERSIDIG UOTIS Lauadeensniadkenandssk nna bua ador abso dada nsi ata da 238 Table 104 Pinttvyiah ee e vie eL 238 Tabe 105 sandas ART diiin R eR He I a GA nb od Pre S Lad te dne 240 Tales TOG Vowa FO GIES ee ested 241 Table 107 Siar ane Pound Hey Code SUPPOR disscccxcncesee tenue aeree e saientintes lovebauntraictonedcensuamnsaay 243 Table 108 Environmental and Hardware Specifications ccccccccceeesseeeeeeeeeeeeeeeceeaeeeeeaaeeseeeeeeeeaeeeee 243 Tele 109 Rado SOCAN dec TE 244 Tabie TIO Fiimware GPEGIHCANONS ccccicscerencsrcenes eici e e e E 245 Tabe TI Sandars SUPPONGA MP UENIT EU 246 TETO Vos FOTS e EET 248 Table 113 Star Fand Pound A Code Support 2e ser tnr ln Ra a aeri a ga 249 Table 114 IP Address Network Number and Host ID Example seem 300 Tabe TIO SUBMIT GIS e 301 Toe ne Maimun RISE IMGT IS ETE 301 Table 117 Alternative Subnet Mask Notation i e torret tee tn ao secessienneborssedenshceinideaessuveadsnenies 302 TARE TT pri E M 305 He TNE MR E UU T 305 EIS CN i orc ces EU 305 Tab TI SSUDIFIBL A acce vpa Tepe Tree te Ur ree rrr on er Ha rA ebd we pL ER rera A rte Tee E Mea terre S 305 Ne edv er T DS T 306 Table 123 24 bi Network Number Subnet PIgriil cscs cadens atre aecenseccceasndeeyanvebnavercaaivanerscuaseniede
165. e 130 lets you control which SIP accounts each phone uses The Common screen Section 11 3 on page 132 lets you activate and deactivate immediate dialing The Region screen Section 11 4 on page 133 lets you maintain settings that often depend on the region of the world in which the WiMAX Modem is located What You Need to Know The following terms and concepts may help as you read through this chapter Voice Activity Detection Silence Suppression Comfort Noise Voice Activity Detection VAD detects whether or not speech is present This lets the WiMAX Modem reduce the bandwidth that a call uses by not transmitting silent packets when you are not speaking When using VAD the WiMAX Modem generates comfort noise when the other party is not speaking The comfort noise lets you know that the line is still connected as total silence could easily be mistaken for a lost connection Echo Cancellation G 168 is an ITU T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk User s Guide Chapter 11 The Phone Screens Supplementary Phone Services Overview Supplementary services such as call hold call waiting call transfer etc are generally available from your VoIP service provider The WiMAX Modem supports t he following services Call Hold Call Waiting Making a Second Call Call Transfer Call Forwarding Three Way Conference Interna
166. e 18 ADVANCED gt LAN Configuration gt Other Settings LABEL DESCRIPTION RIP amp Multicast Setup RIP Direction Use this field to control how much routing information the WiMAX Modem sends and receives on the subnet None The WiMAX Modem does not send or receive routing information on the subnet Both The WiMAX Modem sends and receives routing information on the subnet In Only The WiMAX Modem only receives routing information on the subnet e Out Only The WiMAX Modem only sends routing information on the subnet RIP Version Select which version of RIP the WiMAX Modem uses when it sends or receives information on the subnet e RIP 1 The WiMAX Modem uses RIPv1 to exchange routing information RIP 2B The WiMAX Modem broadcasts RIPv2 to exchange routing information e RIP 2M The WiMAX Modem multicasts RIPv2 to exchange routing information User s Guide Chapter 6 The LAN Configuration Screens Table 18 ADVANCED gt LAN Configuration gt Other Settings continued LABEL DESCRIPTION Multicast You do not have to enable multicasting to use RI P 2M See RIP Version Select which version of IGMP the WiMAX Modem uses to support multicasting on the LAN Multicasting sends packets to some computers on the LAN and is an alternative to unicasting sending packets to one computer and broadcasting sending packets to every computer None The WiMAX Modem does not support multicas
167. e ISP assigns you a different one automatically from the network Default each time you connect to the Internet Use Fixed IP Address A static IP address is a fixed IP that your ISP gives you Back Click to display the previous screen Next Click to proceed to the next screen Exit Click to close the wizard screen without saving User s Guide Chapter 3 Internet Connection Wizard 3 1 5 Setup Complete Click Close to complete and save the Internet Connection Wizard settings Figure 10 Internet Connection Wizard Complete Setup Complete You have completed configuring your Internet connection Click the Close button to close the ZyXEL Setup Wizard and go to the main web configurator screen Close Launch your web browser and navigate to www zyxel com If everything was configured properly the web page should display You can now surf the Internet Refer to the rest of this guide for more detailed information on the complete range of WiMAX Modem features available in the more advanced web configurator Note If you cannot access the Internet open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct User s Guide VolP Connection Wizard 4 1 Overview This chapter shows you how to use the wizard to set up your voice account s The WiMAX Modem has Voice over IP VoIP communication capabilities that allow yo
168. e SIP account in a way similar to the way an e mail address identifies an e mail account The format of a SIP identity is SIP Number 5SI P Service Domain SIP Number The SIP number is the part of the SIP URI that comes before the symbol A SIP number can use letters like in an e mail address johndoe your ITSP com for example or numbers like a telephone number 1122334455 9 Vol P provider com for example SIP Service Domain The SIP service domain of the VoIP service provider the company that lets you make phone calls over the Internet is the domain name in a SIP URI For example if the SIP address is 1122334455 VolP provider com then Vol P provider com is the SIP service domain SIP Register Server A SIP register server maintains a database of SIP identity to IP address or domain name mapping The register server checks your user name and password when you register RTP When you make a VolP call using SIP the RTP Real time Transport Protocol is used to handle voice data transfer See RFC 1889 for details on RTP Use NAT If you know the NAT router s public IP address and SIP port number you can use the Use NAT feature to manually configure the WiMAX Modem to use a them in the SIP messages This eliminates the need for STUN or a SIP ALG You must also configure the NAT router to forward traffic with this port number to the WiMAX Modem 112 User s Guide Chapter 10 The Service Configuration S
169. e appropriate Network I nterface from the I nfo tab Figure 113 Mac OS X 10 4 Network Utility e e e Network Utility Finfo Netstat AppleTalk Ping Lookup Traceroute Whois Finger Port Scan erface for information Network Interface enO E Hardware Address 00 16 cb 8b 50 2e IP Address es 118 169 44 203 Link Speed 100 Mb Link Status Active Vendor Marvell Model Yukon Gigabit Adapter 88E8053 Transfer Statistics Sent Packets 20607 Send Errors 0 Recv Packets 22626 Recv Errors 0 Collisions 0 User s Guide Appendix B Setting Up Your Computer s IP Address Mac OS X 10 5 The screens in this section are from Mac OS X 10 5 1 Click Apple gt System Preferences Figure 114 Mac OS X 10 5 Apple Menu Finder File Edit Vie About This Mac Software Update Mac OS X Software SS System Preferences y R Recent Items b Force Quit X38 Sleep Restart Shut Down 2 In System Preferences click the Network icon Figure 115 Mac OS X 10 5 Systems Preferences eo System Preferences Personal Appearance Desktop amp Expos amp International Spotlight Screen Saver Spaces Hardware O P A M o CDs amp DVDs Displays Energy Keyboard amp Print amp Fax Sound Saver Mouse Internet amp N e eyaqQ a QuickTime Sharing System YI Ju u c 9 Accounts Date amp Time Parental Software Speech Startup Disk Time Machine Univer
170. e bes ANR 62 Table 13 ADVANCED gt LAN Configuration gt DHCP Setup esses 67 Table 14 ADVANCED gt LAN Configuration gt Static DHOP coeurs reae 68 Table 15 Advanced LAN Configuration gt IP Static Route sse 69 Table 16 Advanced LAN Configuration gt IP Static Route essent 69 Table 17 Management gt Static Route gt IP Static Route gt Edit 70 Table 18 ADVANCED gt LAN Configuration gt Other Settings sess 71 Table 19 ADVANCED WAN Configuration Internet Connection ISP Parameters for Internet Access 80 Table 20 Radio Freguenpy Conversion uasteoorsssae et oepuct ca secos o n FRUI pae eene dada Fun eU dae iiaae eae dae 83 Table 21 ADVANCED gt WAN Configuration WiMAX Configuration 83 Table 22 DL Predushpey Example Selle ausuiasenueteuidsresequinidbpezudidnint xenon cda dade aer tad ad 85 Table 23 ADVANCED gt WAN Configuration gt Advanced ssssssssssseeeeeeeeeen nennen nnns 86 Table 24 ADVANCED gt WAN Configuration gt Advanced sssssssssssseeeeeeeennenne nnns 88 Table 25 ADVANCED gt NAT Configuration gt General sssssssssseeeeeneee eene 90 Table 26 Advanced VPN Transport gt Customer Interface eessssssssssssseseenen nnns 92 Table 27 ADVANCED gt NAT Configuration gt Port Forwarding sssssssssseeeeenenns 92 Table 28 ADVANCED gt NAT Configurat
171. e device was not able to connect to the Time server Connect to NTP server fail The device was not able to connect to the NTP server Too large ICMP packet has been dropped The device dropped an ICMP packet that was too large Configuration Change PC Ox x Task ID Ox x The device is saving configuration changes Table 81 Access Control Logs LOG MESSAGE DESCRIPTION Packet Direction lt rule d gt Firewall default policy TCP Attempted TCP UDP I GMP ESP GRE OSPF access UDP IGMP ESP GRE OSPF matched the default policy and was blocked or Packet Direction forwarded according to the default policy s setting Firewall rule NOT match TCP Attempted TCP UDP I GMP ESP GRE OSPF access UDP IGMP ESP GRE OSPF matched or did not match a configured firewall rule denoted by its number and was blocked or forwarded according to the rule Triangle route packet forwarded The firewall allowed a triangle route session to message TCP TCP UDP IGMP ESP GRE pass through OSPF Packet without a NAT table entry The router blocked a packet that didn t have a blocked TCP UDP IGMP corresponding NAT table entry ESP GRE OSPF Router sent blocked web site The router sent a message to notify a user that the router blocked access to a web site that the user requested Exceed maximum
172. e have unique subject information Common Name Select a radio button to identify the certificate s owner by IP address domain name or e mail address Type the IP address in dotted decimal notation domain name or e mail address in the field provided The domain name or e mail address is for identification purposes only and can be any string A domain name can be up to 255 characters You can use alphanumeric characters the hyphen and periods An e mail address can be up to 63 characters You can use alphanumeric characters the hyphen the symbol periods and the underscore Organizational Unit Identify the organizational unit or department to which the certificate owner belongs You can use up to 63 characters You can use alphanumeric characters the hyphen and the underscore Organization Identify the company or group to which the certificate owner belongs You can use up to 63 characters You can use alphanumeric characters the hyphen and the underscore Country Identify the state in which the certificate owner is located You can use up to 31 characters You can use alphanumeric characters the hyphen and the underscore Key Length Select a number from the drop down list box to determine how many bits the key should use 512 to 2048 The longer the key the more secure it is A longer key also uses more PKI storage space Enrollment Options These radio buttons deal with how and when the cert
173. e is available User s Guide PART VI oun sh ooti ng 227 Troubleshooting This chapter offers some suggestions to solve problems you might encounter The potential problems are divided into the following categories Power Hardware Connections and LEDs WiMAX Modem Access and Login Internet Access Phone Calls and VoIP Reset the WiMAX Modem to Its Factory Defaults 20 1 Power Hardware Connections and LEDs The WiMAX Modem does not turn on None of the LEDs turn on 1 Make sure you are using the power adapter or cord included with the WiMAX Modem 2 Make sure the power adapter or cord is connected to the WiMAX Modem and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adapter or cord to the WiMAX Modem 4 Ifthe problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See Section 1 2 1 on page 34 for more information User s Guide Chapter 20 Troubleshooting 2 Check the hardware connections See the Quick Start Guide 3 Inspect your cables for damage Contact the vendor to replace any damaged cables 4 Disconnect and re connect the power adapter to the WiMAX Modem 5 Ifthe problem continues contact the vendor 20 2 WiMAX Modem Access and Login forgot the IP address for the WiMAX Modem 1 T
174. e lesa mu tedadesaelesmeniendadeais 326 igs Ei dus grag dri aa E rer eet rer rere rer Tre 326 Figure 177 Firefox 2 Cenificate ManagBt saima toas eodd kane isi eua cdd Rd QU Eas RUE YA GRE nbn dod 327 Figure 178 Firefox 2 Delete Web Site Certificates uuccaescecsucuesese ceres eucesi ore ERra n pac rpckru eR EDU E pK ERIS 327 Figure 178 Opera 9 Certificate signer Dot found usse decir rec err ia d ene Lip LER na C RD et 328 Figure 18D Opera 9 Security IIOETSEDIT 25isisseeb ek tiagueous qaae beo dinh Feb dada qee cue visa ph b aa uuu PE CUIN 329 Figure TET Opera 9 Toole MENU qussueeisesitieicustiitsstese te prets a 330 Figure 182 Opera 9 PROIOOUIORE c ocucdexcu an td a a o BG aa 331 Figure 153 Opsra B Cerica Managot ramennen e a A 332 Moure 1834 Opera 9 ImporesrdB be nosnim np atc ire a E E E a atc aa 332 Figure 185 Opera 9 Install authertt ericales 333 Figure 186 Opera 9 Inetall authority certificate iiec ee tiep rere ERR testet UE eieaa 333 Faune 107 Opara o IDale MENU aasisovep do ero b a Bed s oa Dus Free T da 334 Foure 188 Opera 9 ui chop cM ttr TT 334 Figure 189 Opera 9 Certificate Manage m 335 Figure 190 Kongueror 3 5 Server AuthenticatlOh siarsio ana ia a aa aa 336 Figure 191 Kongueror 3 5 Server Authentication ciscccsisscsieteiedesscrsnuiadecsecedaladecraterccedneseiaiaceebasaieneainianrds 336 Figure 192 Kongueror 3 5 KDE SSL Ios DH 2nisienuetoGe o pra tinted a a er Gd plus 337 Figure 193 Konqueror 3 5 Public Key Certificate Fi
175. e phone call The value depends on how quickly you dial phone numbers If you select Active Immediate Dial in VOICE gt Phone gt Common you can press the pound key to tell the WiMAX Modem to make the phone call immediately regardless of this setting VAD Support Select this if the WiMAX Modem should stop transmitting when you are not speaking This reduces the bandwidth the WiMAX Modem uses Back Click this to return to the Analog Phone screen without saving your changes Apply Click to save your changes Reset Click to restore your previously saved settings 11 3 Common Click VOICE gt Phone gt Common to activate and deactivate immediate dialing Figure 55 VOICE gt Phone gt Common Active Immediate Dial 132 User s Guide Chapter 11 The Phone Screens The following table describes the labels in this screen Table 43 VOICE gt Phone gt Common LABEL DESCRIPTION Active Select this if you want to use the pound key to tell the WiMAX Immediate Dial Modem to make the phone call immediately instead of waiting the number of seconds you selected in the Dialing I nterval Select in VOICE gt Phone gt Analog Phone If you select this dial the phone number and then press the pound key if you do not want to wait The WiMAX Modem makes the call immediately Apply Click to save your changes Reset Click to restore your previously saved sett
176. e speed dial entries for frequently used SIP phone numbers Figure 58 VOICE gt Phone Book gt Speed Dial Speed Dial Setup Speed Dial 01 Number Name Type 9 Use Proxy O Non Proxy Use IP or URL Phone Book Number Name Destination Action 01 Tij 02 T 03 Tj 04 Tij 05 fiij 06 Tij 07 fiij 08 fiij 09 wi 10 Tj dea The following table describes the icons in this screen Table 48 Advanced LAN Configuration IP Static Route ICON DESCRIPTION imi Delete Click to delete this item User s Guide Chapter 12 The Phone Book Screens The following table describes the labels in this screen Table 49 VOICE gt Phone Book gt Speed Dial LABEL DESCRIPTION Speed Dial Select the speed dial number you want to use for this phone number Number Enter the SIP number you want the WiMAX Modem to call when you dial the speed dial number Name Enter a name to identify the party you call when you dial the speed dial number You can use up to 127 printable ASCII characters Type Select Use Proxy if you want to use one of your SIP accounts to call this phone number Select Non Proxy Use IP or URL if you want to use a different SIP server or if you want to make a peer to peer call In this case enter the IP address or domain name of the SIP server or the other party in the field below Add Click to add the
177. eb proxies The WiMAX Modem also allows you to define time periods and days during which the WiMAX Modem performs content filtering What You Can Do in This Chapter The Filter screen Section 15 2 on page 180 lets you set up a trusted IP address which web features are restricted and which keywords are blocked when content filtering is effective The Schedule screen Section 15 3 on page 182 lets you schedule content filtering User s Guide 1 79 Chapter 15 Content Filter 15 2 Filter Click TOOLS gt Content Filter gt Filter to set up a trusted IP address which web features are restricted and which keywords are blocked when content filtering is effective Figure 74 TOOLS gt Content Filter gt Filter Trusted IP Setup A trusted computer has full access to all blocked resources 0 0 0 0 means there is no trusted computer Trusted Computer IP Address 0 0 0 0 Restrict Web Features CI Activex Java Cookies 7 Web Proxy Keyword Blocking Enable URL Keyword Blocking Keyword Keyword List Spam wankle 20rotary 20engine Cara Message to display when a site is blocked Denied Access Message 180 User s Guide Chapter 15 Content Filter The following table describes the labels in this screen Table 61 TOOLS gt Content Filter gt Filter LABEL DESCRIPTION Trusted IP Setup Trusted You can allow a specific computer to ac
178. ecific peers and protect by configuring rules to block packets for the services at specific interfaces Protect against IP spoofing by making sure the firewall is active Keep the firewall in a secured locked room The Triangle Route Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices You may have more than one connection to the Internet through one or more ISPs If an alternate gateway is on the LAN and its IP address is in the same subnet as the WiMAX Modem s LAN IP address the triangle route also called asymmetrical route problem may occur The steps below describe the triangle route problem A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on the WAN The WiMAX Modem reroutes the SYN packet through Gateway A on the LAN to the WAN The reply from the WAN goes directly to the computer on the LAN without going through the WiMAX Modem User s Guide 175 Chapter 14 The Firewall Screens As a result the WiMAX Modem resets the connection as the connection has not been acknowledged Figure 72 Triangle Route Problem LAN 14 4 3 1 Solving the Triangle Route Problem If you have the WiMAX Modem allow triangle route sessions traffic from the WAN can go directly to a LAN computer without passing through the WiMAX Modem and its firewall protection Another solution is to use IP alias IP alias allows yo
179. eck your TCP IP properties by clicking System gt Administration gt Network Tools and then selecting the appropriate Network device from the Devices User s Guide Appendix B Setting Up Your Computer s IP Address tab The Interface Statistics column shows data if your connection is working properly Figure 125 Ubuntu 8 Network Tools cal Devices Network Tools meme Tool Edit Help Network device Ie B Configure IP Information Protocol IP Address Netmask Prefix Broadcast Scope IPv4 10 0 2 15 255 255 255 0 10 0 2 255 IPv6 fe80 a00 27ff fe30 el6c 64 Link Interface Information Interface Statistics Hardware address 08 00 27 30 e1 6c debacle 684 6 KiB Multicast Enabled Transmitted d pacati 1425 MTU 1500 Transmission errors 0 Link speed not available Received bytes 219 5 KiB State Active Received packets 1426 Reception errors 0 Collisions 0 User s Guide Appendix B Setting Up Your Computer s IP Address Linux openSUSE 10 3 KDE This section shows you how to configure your computer s TCP IP settings in the K Desktop Environment KDE using the openSUSE 10 3 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default openSUSE 10 3 installation Note Make sure you are logged in as the root administrator Follow the steps below t
180. econd SIP account that you want to use You will need to configure the same fields for the second SIP account Back Click to return to the previous screen Apply Click to complete the wizard setup and save your configuration Exit Click to close the wizard without saving your settings After you enter your voice account settings and click Next the WiMAX Modem attempts to register your SIP account with the SIP server Figure 13 VoIP Connection gt SIP Registration Test SIP Registration Test in Process Please wait a moment About 4 seconds This screen displays if SIP account registration fails Check your WiMAX connection using the WiMAX Link and Strength Indicator LEDs on the front of the WiMAX Modem then wait a few seconds and click Register Again If your User s Guide Chapter 4 VoIP Connection Wizard Internet connection was already working you can click Back and try re entering your SIP account settings Figure 14 VoIP Connection gt SIP Registration Fail VoIP Configuration Voice 1 Registered Fail SIP Registration Failed Please make sure the ethernet cable is connected You can press Register Again button to do SIP Registration again or press Close button to exit this wizard 4 2 2 Setup Complete Click Close to complete and save the VoIP Connection settings Figure 15 VoIP Connection gt Finish Setup Complete You have completed configuring your Inte
181. ect Name field none displays for a certification request Signature Algorithm This field displays the type of algorithm that was used to sign the certificate The WiMAX Modem uses rsa pkcs1 shal RSA public private key encryption algorithm and the SHA1 hash algorithm Some certification authorities may use rsa pkcs1 md5 RSA public private key encryption algorithm and the MD5 hash algorithm Valid From This field displays the date that the certificate becomes applicable none displays for a certification request Valid To This field displays the date that the certificate expires The text displays in red and includes an Expired message if the certificate has expired none displays for a certification request Key Algorithm This field displays the type of algorithm that was used to generate the certificate s key pair the WiMAX Modem uses RSA encryption and the length of the key set in bits 1024 bits for example Subject Alternative Name This field displays the certificate owner s IP address IP domain name DNS or e mail address EMAIL User s Guide 188 Chapter 13 The Certificates Screens Table 53 TOOLS gt Certificates gt My Certificates gt Edit LABEL DESCRIPTION Key Usage This field displays for what functions the certificate s key can be used For example DigitalSignature means that the key can be used to sign certificates and KeyEnciph
182. ed eaten 74 B E UH diac deep duran uiua Sa N E use iade EN Lunes c dada ela cud E 75 Chapter 7 The WAN Configuration SCFG6ns iiueueieu ciiin eacc utra nac rane inta inet k kann nn atas ra nae aa saeE Dada Eae 77 HESS mem tans 77 LAA What You Can De in This Chap iceus ana sae tct gau 77 FERRE ane I ate TK I sae sce engi OE 0 SEES 77 FE dure I cel MEE o D I tre terre 80 ENCLOSED a 82 Tage FREQUENCY Ranges m 84 79 2 Configuring Fregusney SNOS rions aad aa ed Dar ebonep uaa ovd 84 73 0 Using the WIMAX Frequamncy Screen ce reritasae atat eie pere thao dr FP ei sepe Vade eain 85 y PUVA i i m Rm 86 CEST uper NP TUNE UNE NETTEN 87 Chapter 8 The NAT Configuration Screens eeeeeeeeeeeeeseeeeeeeeeeeee nennen enne nani ntn nans n nnne anser 89 Eq 1 S 89 6 1 1 What You Can Do in TRIS CHAPE iis streets tice canberra mind manne eis 89 Rut nc M 89 Oo FON FONA AON t 90 poa Por Pob ng OPUNE assasin aii Taa S aaRS RA 91 83 2 Pon Porwardimo Rule dpt rerainane is Taea erai 93 Tbe PON mee E 94 8 4 1 Trigger Port Forwarding Example i uneia Qr raani e topics ER specus ab mrt i 95 ROT cd 96 Chapter 9 The System Configuration Screens eeeeeeeesieeeee eee eeeee esee eene nenne nnn nannten nnn nnnn 99 SABES ENT
183. em 4 Ifthis does not work you have to reset the WiMAX Modem to its factory defaults See Section 9 5 on page 106 User s Guide 231 Chapter 20 Troubleshooting cannot Telnet to the WiMAX Modem See the troubleshooting suggestions for cannot see or access the Login screen in the web configurator Ignore the suggestions about your browser 20 3 Internet Access cannot access the Internet 1 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 2 1 on page 34 2 Make sure you entered your ISP account information correctly in the wizard These fields are case sensitive so make sure Caps Lock is not on 3 Check your security settings In the web configurator go to the Status screen Click the WiMAX Profile link in the Summary box and make sure that you are using the correct security settings for your Internet account 4 Check your WiMAX settings The WiMAX Modem may have been set to search the wrong frequencies for a wireless connection In the web configurator go to the Status screen Click the WiMAX Site I nformation link in the Summary box and ensure that the values are correct If the values are incorrect enter the correct frequency settings in the ADVANCED gt WAN Configuration gt WiMAX Configuration screen If you are unsure of the correct values contact your service provider 5 If you are trying to access the Internet wirele
184. encryption algorithm and the MD5 hash algorithm Valid From This field displays the date that the certificate becomes applicable none displays for a certification request Valid To This field displays the date that the certificate expires The text displays in red and includes an Expired message if the certificate has expired none displays for a certification request Key Algorithm This field displays the type of algorithm that was used to generate the certificate s key pair the WiMAX Modem uses RSA encryption and the length of the key set in bits 1024 bits for example Subject Alternative Name This field displays the certificate owner s IP address IP domain name DNS or e mail address EMAIL User s Guide Chapter 13 The Certificates Screens Table 57 TOOLS gt Certificates gt Trusted CAs gt Edit continued LABEL DESCRIPTION Key Usage This field displays for what functions the certificate s key can be used For example DigitalSignature means that the key can be used to sign certificates and KeyEncipherment means that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For example Subject TypezCA means that this is a certification authority s certificate and Path Length Constraint 1 means that there can only be one certification authority in the certificate s path This field d
185. enko Str Kiev 04050 Ukraine United Kingdom Support E mail support zyxel co uk Sales E mail sales zyxel co uk Telephone 44 1344 303044 0845 122 0301 UK only Fax 44 1344 303034 Web www zyxel co uk Regular Mail ZyXEL Communications UK Ltd 11 The Courtyard Eastern Road Bracknell Berkshire RG12 2XB United Kingdom UK User s Guide Appendix Customer Support User s Guide Index A AAA 79 AbS 116 accounting server see AAA ACK message 123 activity 79 Advanced Encryption Standard see AES AES 259 ALG 96 246 249 alternative subnet mask notation 302 analysis by synthesis 116 antenna 244 Application Layer Gateway see ALG authentication 48 79 81 257 inner 260 key server 79 types 260 authorization 257 request and reply 259 server 79 auto dial 248 Index and certificates 165 call Europe type service mode 134 forwarding 248 hold 134 136 park and pickup 248 return 248 service mode 134 136 transfer 135 136 waiting 135 136 248 caller ID 249 CBC MAC 259 CCMP 257 259 cell 77 Certificate Management Protocol CMP 152 Certificate Revocation List CRL 165 certificates 147 257 advantages 165 and CA 165 certification path 155 161 164 expired 164 factory default 165 file formats 165 fingerprints 156 162 importing 149 not used for encryption 164 revoked 164 self signed 151 serial number 155 161 storage space 148 B thumbprint algorithms 167
186. enticate mobile station MS allowing it to access the Internet Figure 26 Using an AAA Server In this figure the dashed arrow shows the PKM Privacy Key Management secured connection between the mobile station and the base station and the solid arrow shows the EAP secured connection between the mobile station the base station and the AAA server See the WiMAX security appendix for more details User s Guide Chapter 7 The WAN Configuration Screens 7 2 Internet Connection Click ADVANCED gt WAN Configuration to set up your WiMAX Modem s Internet settings Note Not all WiMAX Modem models have all the fields shown here Figure 27 ADVANCED gt WAN Configuration gt Internet Connection ISP Parameters for Internet Access User Name myuser amp asb com Password 999999299 Anonymous Identity anonymous Gasb com PKM PKMV2 v Authentication TTS v TTLS Inner EAP CHAP v Certificate auto generated self signed cert v WAN IP Address Assignment 9 Get automatically from ISP Default O Use Fixed IP Address IP Address 0 0 0 0 IP Subnet Mask 0 0 0 0 Gateway IP Address 0 0 0 0 The following table describes the labels in this screen Table 19 ADVANCED gt WAN Configuration gt Internet Connection gt ISP Parameters for Internet Access LABEL DESCRIPTION ISP Parameters for Internet Access User Name Use this field to enter the username associated with your Internet access accou
187. ephone 49 2405 6909 69 Fax 49 2405 6909 99 Web www zyxel de Regular Mail ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germany Hungary Support E mail support zyxel hu Sales E mail info zyxel hu Telephone 36 1 3361649 Fax 36 1 3259100 Web www zyxel hu Regular Mail ZyXEL Hungary 48 Zoldlomb Str H 1025 Budapest Hungary India Support E mail support zyxel in Sales E mail sales zyxel in Telephone 91 11 30888144 to 91 11 30888153 Fax 91 11 30888149 91 11 26810715 Web http www zyxel in e Regular Mail India ZyXEL Technology India Pvt Ltd II Floor F2 9 Okhla Phase 1 New Delhi 110020 India User s Guide 355 Appendix Customer Support Japan Support E mail support zyxel co jp Sales E mail zyp zyxel co jp Telephone 81 3 6847 3700 Fax 81 3 6847 3705 Web www zyxel co jp Regular Mail ZyXEL Japan 3F Office T amp U 1 10 10 Higashi Gotanda Shinagawa ku Tokyo 141 0022 Japan Kazakhstan Support http zyxel kz support Sales E mail sales zyxel kz Telephone 7 3272 590 698 Fax 7 3272 590 689 Web www zyxel kz Regular Mail ZyXEL Kazakhstan 43 Dostyk Ave Office 414 Dostyk Business Centre 050010 Almaty Republic of Kazakhstan Malaysia Support E mail support zyxel com my Sales E mail sales zyxel com my Telephone 603 8076 9933 Fax 603 8076 9833 Web http www zyxel com my Regular Mail
188. er the network User s Guide Chapter 21 Product Specifications Table 106 Voice Features SIP ALG Your device is a SIP Application Layer Gateway ALG It allows VolP calls to pass through NAT for devices behind it such as a SIP based VoIP software application on a computer Other Voice SIP version 2 Session Initiating Protocol RFC 3261 Features SDP Session Description Protocol RFC 2327 RTP RFC 1889 RTCP RFC 1890 Voice codecs coder decoders G 711 G 726 G 729 Fax and data modem discrimination DTMF Detection and Generation DTMF In band and Out band traffic RFC 2833 PCM SIP INFO Point to point call establishment between two ADs Quick dialing through predefined phone book which maps the phone dialing number and destination URL Flexible Dial Plan RFC3525 section 7 1 14 Table 107 Star and Pound Code Support 0 Wireless Operator Services 2 Customer Care Access 66 Repeat Dialing 67 Plus the 10 digit phone number to block Caller ID on a single call basis 69 Return last call received 70 Followed by the 10 digit phone number to cancel Call Waiting on a single call basis 72 Activate Call Forwarding 72 followed by the 10 digit phone number that is requesting call forwarding service 720 Activate Call Forwarding 720 followed by the 10 digit phone number that is requesting deactivation of call forwarding service 73 P
189. erment means that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For example Subject TypezCA means that this is a certification authority s certificate and Path Length Constraint 1 means that there can only be one certification authority in the certificate s path This field does not display for a certification request MD5 Fingerprint This is the certificate s message digest that the WiMAX Modem calculated using the MD5 algorithm SHA1 Fingerprint This is the certificate s message digest that the WiMAX Modem calculated using the SHA1 algorithm Certificate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses lowercase letters uppercase letters and numerals to convert the binary certificate into a printable form You can copy and paste a certification request into a certification authority s web page an e mail that you send to the certification authority or a text editor and save the file on a management computer for later manual enrollment You can copy and paste a certificate into an e mail to send to friends or colleagues or you can copy and paste a certificate into a text editor and save the file on a management computer for later distribution via floppy disk for example Apply Click to save your changes Cancel
190. ers printers etc needs an IP address to communicate across the network These networking devices are also known as hosts Subnet masks determine the maximum number of possible hosts on a network You can also use subnet masks to divide one network into multiple sub networks Introduction to IP Addresses One part of the IP address is the network number and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up of four parts written in dotted decimal notation for example 192 168 1 1 Each of these four parts is known as an octet An octet is an eight digit binary number for example 11000000 which is 192 in decimal notation Therefore each octet has a possible range of 00000000 to 11111111 in binary or O to 255 in decimal User s Guide Appendix D IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets 192 168 1 are the network number and the fourth octet 16 is the host ID Figure 144 Network Number and Host ID 192 168 1 16 i at i p
191. ertificates 3 In the Certificate Manager dialog box click Web Sites gt Import Figure 173 Firefox 2 Certificate Manager EER Certificate Manager r Your Certificates Other Peopldis Web Sites Alithorities You have certificates on file that identify these web sites Purposes Certificate Name 4 Usethe Select File dialog box to locate the certificate and then click Open Figure 174 Firefox 2 Select File PR Select File containing Web Site certificate to import in 8 Desktop E My Computer i My Documents my Network Places ES CA cer My Network Places Files of type Cettficate Files 5 The next time you visit the web site click the padlock in the address bar to open the Page Info gt Security window to see the web page s security information E User s Guide Appendix E Importing Certificates Removing a Certificate in Firefox 1 2 This section shows you how to remove a public key certificate in Firefox 2 Open Firefox and click TOOLS gt Options Figure 175 Firefox 2 Tools Menu Web Search Downloads Add ons Java Console Error Console Page Info Clear Private Data Ctrl Shift Del N Options In the Options dialog box click ADVANCED gt Encryption gt View Certificates Figure 176 Firefox 2 Options Options w G 9 B a amp i9 Main Tabs Content Feeds Privacy Security Advanced General N
192. erver DHCP client gets s A DHCP client got a new IP address from the DHCP server DHCP client IP expired A DHCP client s IP address has expired DHCP server assigns s The DHCP server assigned an IP address to a client Successful WEB login Someone has logged on to the device s web configurator interface WEB login failed Someone has failed to log on to the device s web configurator interface ELNET Login Successfully Someone has logged on to the router via telnet ELNET Login Fail Someone has failed to log on to the router via telnet Successful FTP login Someone has logged on to the device via ftp FTP login failed Someone has failed to log on to the device via ftp NAT Session Table is Full The maximum number of NAT session table entries has been exceeded and the table is full Time initialized by Daytime Server The device got the time and date from the Daytime User s Guide server Chapter 18 The Logs Screens Table 80 System Maintenance Logs continued LOG MESSAGE DESCRIPTION Time initialized by Time The device got the time and date from the time server server Time initialized by NTP server The device got the time and date from the NTP server Connect to Daytime server fail The device was not able to connect to the Daytime server Connect to Time server fail Th
193. esssesssseseseeeeen enne 157 Figure 63 TOOLS gt Gartilicates gt Trusted CAS rerien aa 158 Figure 64 TOOLS gt Certificates gt Trusted CAS gt Edit iraniani eaaa aena 160 Figure 65 TOOLS Certificates gt Trusted CAS gt Import 1 oeuccscceeer temere retreat etes tevrapenaa 163 Figure 66 Remote Host COPI EE 5iorcsco scit men nb eod a aber ne PR TRIN A RE ER Dn BR PUDE Hb 166 Figure 67 rept BDalallS 4 ddbeei ED acs cncesenees nied secs Un dite Mo a UD be nO Nen 167 Figure 09 Firewall Rule Prep oc secssctsccedesiacticcscesstreccscantpcccreshuetneaenshionenes chute Eaa EA 170 Foure B9 6a Firewall SAUD sessonriaiiiriasei ua a aaa eb d E e 171 Figure 70 TOOLS Firewall gt Firewall Setting inei perinde trot dat enoi EAA 172 Figure 71 TOOLS Firewall gt Service Seting simerosinsnesi iinr ad A 173 Figure 72 Thang Route Problem uiidtexpeidatenbid setup idauke Dr eE anaE aN EEA AE 176 Figure T3 IF ANES scissors a aaa AA SC 177 Foure 74 TOOLS Coment Fiter gt FINGI s secae e pays ROI VOIR a AT VIRER S UR TE II TURA Rd 180 Figure 75 TOOLS Content Filter Schedule i pedidos eap eae n PR aie ERR Bo eu ORE Fh CNS 182 Figure 76 TOOLS gt Remote Management VIV uiuis cseee texit coc pneu ck isinen 185 Figure 77 TOOLS gt Remote Management gt Telnet eceessssceeeseienetenst tnn tta nne tk unen 186 Figure 79 TOOLS Remote Management F TP aeos eikte petite ida bae YO Re pIdE teet tel addo ee 186 Figure 79
194. estore it Restoring an earlier working configuration may be useful if the WiMAX Modem becomes unstable or even crashes If you forget your password you will have to reset the WiMAX Modem to its factory default settings If you backed up an earlier configuration file you would not have to totally re configure the WiMAX Modem You could simply restore your last configuration User s Guide Introducing the Web Configurator 2 1 Overview The web configurator is an HTML based management interface that allows easy device set up and management via any web browser that supports HTML 4 0 CSS 2 0 and JavaScript 1 5 and higher The recommended screen resolution for using the web configurator is 1024 by 768 pixels and 16 bit color or higher In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in many operating systems and web browsers JavaScript enabled by default in most web browsers Java permissions enabled by default in most web browsers See the Appendix C on page 289 for more information on configuring your web browser 2 1 1 Accessing the Web Configurator Make sure your WiMAX Modem hardware is properly connected refer to the Quick Start Guide for more information 2 Launch your web browser 3 Enter 192 168 1 1 as the URL User s Guide Chapter 2 Introducing the Web Configurator 4 A password screen disp
195. etwork WiMAX State This field displays the status of the WiMAX Modem s current connection INIT the WiMAX Modem is starting up DL SYN The WiMAX Modem is unable to connect to a base station RANGING the WiMAX Modem and the base station are transmitting and receiving information about the distance between them Ranging allows the WiMAX Modem to use a lower transmission power level when communicating with a nearby base station and a higher transmission power level when communicating with a distant base station CAP NEGO the WiMAX Modem and the base station are exchanging information about their capabilities AUTH the WiMAX Modem and the base station are exchanging security information e REGIST the WiMAX Modem is registering with a RADIUS server OPERATI ONAL the WiMAX Modem has successfully registered with the base station Traffic can now flow between the WiMAX Modem and the base station IDLE the WiMAX Modem is in power saving mode but can connect when a base station alerts it that there is traffic waiting Bandwidth This field shows the size of the bandwidth step the WiMAX Modem uses to connect to a base station in megahertz MHz CINR mean This field shows the average Carrier to Interference plus Noise Ratio of the current connection This value is an indication of overall radio signal quality A higher value indicates a higher signal quality and a lower value indicates a lower signal q
196. etwork Upda e Encryption Protocols Use SSL 3 0 Use TLS 1 0 Certificates When a web site requires a certificate Select one automatically Ask me every time User s Guide Appendix E Importing Certificates 3 Inthe Certificate Manager dialog box select the Web Sites tab select the certificate that you want to remove and then click Delete Figure 177 Firefox 2 Certificate Manager Certificate Manager TER Your Certificates Other Peopl s Web Sites Affthorities You have certificates on file that identify these web sites Certificate Name Purposes Client Server Status Responder 4 In the Delete Web Site Certificates dialog box click OK Figure 178 Firefox 2 Delete Web Site Certificates Delete Web Site Certificates Are you sure you want to delete these web site certificates 172 20 37 202 If you delete a web site certificate you will be asked to accept it again the nex 5 The next time you go to the web site that issued the public key certificate you just removed a certification error appears User s Guide 327 Appendix E Importing Certificates Opera The following example uses Opera 9 on Windows XP Professional however the screens can apply to Opera 9 on all platforms 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Click Install
197. ferent numbers to use enter them instead If you enter the code to not upgrade you can make a call as normal You will hear the recording again each time you pick up the phone until you upgrade Call waiting This feature allows you to hear an alert when you are already using the phone and another person calls you You can then either reject the new incoming call put your current call on hold and receive the new incoming call or end the current call and receive the new incoming call Call forwarding With this feature you can set the WiMAX Modem to forward calls to a specified number either unconditionally always when your number is busy or when you do not answer You can also forward incoming calls from one specified number to another Caller ID The WiMAX Modem supports caller ID which allows you to see the originating number of an incoming call on a phone with a suitable display REN A Ringer Equivalence Number REN is used to determine the number of devices like telephones or fax machines that may be connected to the telephone line Your device has a REN of three so it can support three devices per telephone port QoS Quality of Service Quality of Service QoS mechanisms help to provide better service on a per flow basis Your device supports Type of Service ToS tagging and Differentiated Services DiffServ tagging This allows the device to tag voice frames so they can be prioritized ov
198. ficate PEM Base 64 encoded PKCS 77 This Privacy Enhanced Mail PEM format uses lowercase letters uppercase letters and numerals to convert a binary PKCS 7 certificate into a printable form Note Be careful to not convert a binary file to text during the transfer process It is easy for this to occur since many programs use text files by default User s Guide Chapter 13 The Certificates Screens 13 4 2 Verifying a Certificate Before you import a certificate into the WiMAX Modem you should verify that you have the correct certificate This is especially true of trusted certificates since the WiMAX Modem also trusts any valid certificate signed by any of the imported trusted certificates 13 4 2 1 Checking the Fingerprint of a Certificate on Your Computer A certificate s fingerprints are message digests calculated using the MD5 or SHA1 algorithms The following procedure describes how to check a certificate s fingerprint to verify that you have the actual certificate Browse to where you have the certificate saved on your computer Make sure that the certificate has a cer or crt file name extension On some Linux distributions the file extension may be der Figure 66 Remote Host Certificates User s Guide Chapter 13 The Certificates Screens 3 Double click the certificate s icon to open the Certificate window Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint
199. fication authority or generate a certification request Figure 60 TOOLS gt Certificates gt My Certificates gt Create Certificate Name Subject Information Common Name 9 Host IP Address 0 Host Domain Name O E Mail e Organizational Unit Organization Country Key Length 1024 Enrollment Options Create a self signed certificate L Create a certification request and save it locally for later manual enrollment Create a certification request and enroll for a certificate immediately online Enrollment Protocol Simple Certificate Enrollment Protocol SCEP CA Server Address CA Certificate v See Trusted CAs Request Authentication Key User s Guide Chapter 13 The Certificates Screens The following table describes the labels in this screen Table 52 TOOLS gt Certificates gt My Certificates gt Create LABEL DESCRIPTION Certificate Name Type a name to identify this certificate You can use up to 31 alphanumeric and amp characters Subject Information Use these fields to record information that identifies the owner of the certificate You do not have to fill in every field although the Common Name is mandatory The certification authority may add fields Such as a serial number to the subject information when it issues a certificate It is recommended that each certificat
200. ficially recognized by the most common web browsers you will need to import the ZyXEL created certificate into your web browser and flag that certificate as a trusted authority Note You can see if you are browsing on a secure website if the URL in your web browser s address bar begins with nttps orthere is a sealed padlock icon amp somewhere in the main browser window not all browsers show the padlock in the same location In this appendix you can import a public key certificate for Internet Explorer on page 312 Firefox on page 322 Opera on page 328 Konqueror on page 336 User s Guide 311 Appendix E Importing Certificates Internet Explorer The following example uses Microsoft Internet Explorer 7 on Windows XP Professional however they can also apply to Internet Explorer on Windows Vista 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error Figure 150 Internet Explorer 7 Certification Error VE a i Certificate Error Navigation Blocked 9 There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you
201. figuration Backup Configuration Click Backup to save the current configuration of your system to your computer Backup Restore Configuration To restore a previously saved configuration file to your system browse to the location of the configuration file and click Upload File Path Browse Upload Back to Factory Defaults Click Reset to clear all user entered configuration information and return to factory defaults After resetting the Password will be 1234 LAN IP address will be 192 168 1 1 DHCP will be reset to server The following table describes the labels in this screen Table 34 ADVANCED gt System Configuration gt Configuration LABEL DESCRIPTION Backup Configuration Backup Click this to save the WiMAX Modem s current configuration to a file on your computer Once your device is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup configuration file is useful if you need to return to your previous settings Restore Configuration File Path Enter the location of the file you want to upload or click Browse to find it Browse Click this to find the file you want to upload Upload Click this to restore the selected configuration file Note Do not turn off the device while configuration file upload is in progress Back to Factory Defaults Reset Cl
202. fore it is deleted The WiMAX Modem automatically tries to re register your SIP account when one half of this time has passed The SIP register server might have a different expiration Register Re Enter the number of seconds the WiMAX Modem waits before it tries send timer again to register the SIP account if the first try failed or if there is no response Session Expires Enter the number of seconds the conversation can last before the call is automatically disconnected Usually when one half of this time has passed the WiMAX Modem or the other party updates this timer to prevent this from happening Min SE Enter the minimum number of seconds the WiMAX Modem accepts for a session expiration time when it receives a request to start a SIP session If the request has a shorter time the WiMAX Modem rejects it RTP Port Range Start Port End Port Enter the listening port number s for RTP traffic if your VolP service provider gave you this information Otherwise keep the default values To enter one port number enter the port number in the Start Port and End Port fields To enter a range of ports Type tne port number at the beginning of the range in the Start Port fiel Type the port number at the end of the range in the End Port field Voice Compression Primary Secondary and Third Compression Select the type of voice coder decoder codec that you want the WiMAX Modem to use
203. g firewall session Use this field to limit the number of NAT firewall sessions each client computer can establish through the WiMAX Modem If your network has a small number of clients using peer to peer applications you can raise this number to ensure that their performance is not degraded by the number of NAT sessions they can establish If your network has a large number of users using peer to peer applications you can lower this number to ensure no single client is using all of the available NAT sessions Apply Click to save your changes Cancel Click to return to the previous screen without saving your changes 8 3 Port Forwarding A NAT server set is a list of inside behind NAT on the LAN servers for example web or FTP that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world Use the ADVANCED gt NAT Configuration gt Port Forwarding screen to forward incoming service requests to the server s on your local network You may enter a single port number or a range of port numbers to be forwarded and the local IP address of the desired server The port number identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers
204. gateway helps forward packets to their destinations Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide Chapter 6 The LAN Configuration Screens 6 4 1 IP Static Route Setup Click an Edit icon in ADVANCED gt LAN Configuration gt IP Static Route to edit a static route in the WiMAX Modem Figure 22 Advanced LAN Configuration IP Static Route Setup Static Route Setup Route Name C Active CI Private Destination IP Address 0 0 0 0 IP Subnet Mask 0 0 0 0 Gateway IP Address 0 0 0 0 Metric 2 The following table describes the labels in this screen Table 17 Management Static Route IP Static Route Edit LABEL DESCRIPTION Route Name Enter the name of the static route Active Select this if you want the static route to be used Clear this if you do not want the static route to be used Private Select this if you do not want the WiMAX Modem to tell other routers about this static route For example you might select this if the static route is in your LAN Clear this if you want the WiMAX Modem to tell other routers about this static route Destination IP Address Enter one of the destination IP addresses that this static route affects IP Subnet Mask Enter the subnet mask that defines the range of destination IP addresses that this static route affects If this static route affects o
205. ge no one can have altered it because they cannot re sign the message with Tim s private key Additionally Jenny uses her own private key to sign a message and Tim uses Jenny s public key to verify the message The WiMAX Modem uses certificates based on public key cryptology to authenticate users attempting to establish a connection not to encrypt the data that you send after establishing a connection The method used to secure the data that you send through an established connection depends on the type of connection For example a VPN tunnel might use the triple DES encryption algorithm The certification authority uses its private key to sign certificates Anyone can then use the certification authority s public key to verify the certificates A certification path is the hierarchy of certification authority certificates that validate a certificate The WiMAX Modem does not trust a certificate if any certificate on its path has expired or been revoked User s Guide Chapter 13 The Certificates Screens Certification authorities maintain directory servers with databases of valid and revoked certificates A directory of certificates that have been revoked before the scheduled expiration is called a CRL Certificate Revocation List The WiMAX Modem can check a peer s certificate against a directory server s list of revoked certificates The framework of servers software procedures and policies that handles keys is called PKI pub
206. ged device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices User s Guide 187 Chapter 16 The Remote Management Screens The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects The WiMAX Modem supports MIB II that is defined in RFC 1213 and RFC 1215 The focus of the MIBs is to let administrators collect statistical data and monitor status and performance SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations Get Allows the manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations Set Allows the manager to set values for object variables within an agent Trap Used b
207. gt DHCP Setup DHCP Setup Enable DHCP Server IP Pool Starting Address 192 168 100 33 Pool Size 32 DNS Server DNS Servers Assigned by DHCP Server First DNS Server From ISP v Second DNS Server From ISP v Third DNS Server FromIP v Apply User s Guide Chapter 6 The LAN Configuration Screens The following table describes the labels in this screen Table 13 ADVANCED gt LAN Configuration gt DHCP Setup LABEL DESCRIPTION DHCP Setup Enable DHCP Select this if you want the WiMAX Modem to be the DHCP server on the Server LAN As a DHCP server the WiMAX Modem assigns IP addresses to DHCP clients on the LAN and provides the subnet mask and DNS server information P Pool Starting Address Enter the IP address from which the WiMAX Modem begins allocating IP addresses if you have not specified an IP address for this computer in ADVANCED gt LAN Configuration gt Static DHCP Pool Size Enter the number of IP addresses to allocate This number must be at least one and is limited by a subnet mask of 255 255 255 0 regardless of the subnet the WiMAX Modem is in For example if the IP Pool Start Address is 10 10 10 10 the WiMAX Modem can allocate up to 10 10 10 254 or 245 IP addresses DNS Server First Second and Third DNS Server Specify the IP addresses of a maximum of three DNS servers that the network can use The WiMAX Modem provides these IP addresses to DH
208. gurator and it contains conveniently placed shortcuts to all of the other screens Note Some features in the web configurator may not be available depending on your firmware version and or configuration Figure 5 Main Screen wa TOOLS STATUS WiMAX Connection Status DL SYN V3 70 BIT 0 370BITb1 20090303 Voice 1 changeme On Hook Software Version 03 03 2009 Version Date Mar 3 2009 16 56 00 System Uptime 68 49 45 Wimax Uptime 00 00 00 e SETUP mc ADVANCED ge VOICE The Setup section allows you to configure LAN The Advanced section allows you to configure The Voice section allows you to configure your DHCP Time Setting features like Port Forwarding Port Triggering and voice service and phone settings WAN settings v t TOOLS be STATUS The Tools section allows you to configure your The Status section displays status and statistical certificates firewall content filter remote information for all connections and interfaces management logs among other things The following table describes the icons in this screen Table 3 Main gt Icons ICON DESCRIPTION MAIN Click to return to the Main screen SETUP Click to go the Setup screen where you can configure LAN DHCP and WAN settings ADVANCED Click to go to the Advanced screen where you can configure features like Port Forwarding and Triggering SNTP and so on User s Guide LEN Chapter 2 Introducing the Web
209. gure a new IP address each time you want a different LAN computer to use the application Click ADVANCED gt NAT Configuration gt Trigger Port to maintain trigger port forwarding rules for the WiMAX Modem Figure 37 ADVANCED gt NAT Configuration gt Trigger Port Incoming Trigger Name Start Port End Port Start Port End Port 1 D D 0 0 2 0 0 0 0 3 0 0 0 0 Apply Cancel The following table describes the labels in this screen Table 29 ADVANCED gt NAT Configuration gt Trigger Port LABEL DESCRIPTION The number of the item in this list Name Enter a name to identify this rule You can use 1 15 printable ASCII characters or you can leave this field blank It does not have to be a unique name Incoming User s Guide Chapter 8 The NAT Configuration Screens Table 29 ADVANCED gt NAT Configuration gt Trigger Port continued LABEL DESCRIPTION Start Port End Port Enter the incoming port number or range of port numbers you want to forward to the IP address the WiMAX Modem records To forward one port number enter the port number in the Start Port and End Port fields To forward a range of ports enter the port number at the beginning of the range in the Start Port field enter the port number at the end of the range in the End Port field If you want to delete this rule enter zero in the Start Port and End Port fields Trigger Start
210. h IGMP version 1 IGMP v1 and I GMP v2 Select None to disable it Windows Networking NetBIOS over TCP IP Allow between LAN and WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN If your firewall is enabled with the default policy set to block WAN to LAN traffic you also need to enable the default WAN to LAN firewall rule that forwards NetBIOS traffic Clear this check box to block all NetBIOS packets going from the LAN to the WAN and from the WAN to the LAN Allow Trigger Dial Select this option to allow NetBIOS packets to initiate calls Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide The NAT Configuration Screens 8 1 Overview Use these screens to configure port forwarding and trigger ports for the WiMAX Modem You can also enable and disable SIP FTP and H 323 ALG Network Address Translation NAT maps a host s IP address within one network to a different IP address in another network For example you can use a NAT router to map one IP address from your ISP to multiple private IP addresses for the devices in your home network 8 1 1 What You Can Do in This Chapter The General screen Section 8 2 on page 89 lets you enable or disable NAT and to allocate memory for NAT and firewall rules The Port Forwarding screen Section 8 3 on page 90 lets you look at t
211. hat a secure web site is legitimate When a certificate authority such as VeriSign Comodo or Network Solutions to name a few receives a certificate request from a website operator they confirm that the web domain and contact information in the request match those on public record with a domain name registrar If they match then the certificate is issued to the website operator who then places it on his site to be issued to all visiting web browsers to let them know that the site is legitimate What You Can Do in This Chapter The My Certificates screen Section 13 2 on page 148 lets you generate and export self signed certificates or certification requests and import the WiMAX Modem s CA signed certificates The Trusted CAs screen Section 13 3 on page 158 lets you display a summary list of certificates of the certification authorities that you have set the WiMAX Modem to accept as trusted What You Need to Know The following terms and concepts may help as you read through this chapter Certificate Authorities A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities You can use the User s Guide 147 Chapter 13 The Certificates Screens WiMAX Modem to generate certification requests that contain identifying information and public keys and then send the cer
212. he current port forwarding rules in the WiMAX Modem and to enable disable activate and deactivate each one The Trigger Port screen Section 8 4 on page 94 lets you maintain trigger port forwarding rules for the WiMAX Modem The ALG screen Section 8 5 on page 96 lets you enable and disable SIP Vol P FTP file transfer and H 323 audio visual ALG in the WiMAX Modem 8 2 General Click ADVANCED gt NAT Configuration gt General to enable or disable NAT and to allocate memory for NAT and firewall rules Figure 33 ADVANCED gt NAT Configuration gt General C Enable Network Address Translation Max NAT Firewall Session Per User 2048 C User s Guide Chapter 8 The NAT Configuration Screens The following table describes the labels in this screen Table 25 ADVANCED gt NAT Configuration gt General LABEL DESCRIPTION Enable Network Select this if you want to use port forwarding trigger ports or any Address Translation of the ALG Max NAT Firewall When computers use peer to peer applications such as file Session Per User sharing applications they may use a large number of NAT sessions If you do not limit the number of NAT sessions a single client can establish this can result in all of the available NAT sessions being used In this case no additional NAT sessions can be established and users may not be able to access the Internet Each NAT session establishes a correspondin
213. he Control Panel click the Network Connections icon Figure 97 Windows XP Control Panel E Control Panel File Q M P Search E Folders fz G Control Panel Edit View Favorites Tools Help Address V Control Panel a Network G Switch to Category View Connections See Also Game Controllers A Windows Update User s Guide Appendix B Setting Up Your Computer s IP Address 3 Right click Local Area Connection and then select Properties Figure 98 Windows XP Control Panel Network Connections Properties ocal Area Connection Standard PCI Fast Ethernet Adapte Disable Status Repair Bridge Connections Create Shortcut Rename 4 On the General tab select Internet Protocol TCP IP and then click Properties Figure 99 Windows XP Local Area Connection Properties Area Connection Properties General Authentication Advanced Connect using BE Accton EN1207D TX PCI Fast Ethernet Adapter This connection uses the following items M E Client for Microsoft Networks v 5 File and Printer Sharing for Microsoft Networks Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected User s Guide 263 Appendix B Setting Up Your Computer s
214. he Remote Management Screens The SNMP screen Section 16 5 on page 187 lets you control SNMP access to your WiMAX Modem The DNS screen Section 16 6 on page 190 lets you control DNS access to your WiMAX Modem The Security screen Section 16 7 on page 191 lets you control how your WiMAX Modem responds to other types of requests e The TRO69 screen Section 16 8 on page 192 lets you configure the WiMAX Modem s auto configuration and dynamic service configuration options 16 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter Remote Management Limitations Remote management over LAN or WAN will not work when A filter in SMT menu 3 1 LAN or in menu 11 5 WAN is applied to block a Telnet FTP or Web service You have disabled that service in one of the remote management screens The IP address in the Secured Client IP field does not match the client IP address If it does not match the WiMAX Modem will disconnect the session immediately There is already another remote management session with an equal or higher priority running You may only have one remote management session running at one time Remote Management and NAT When NAT is enabled Use the WiMAX Modem s WAN IP address when configuring from the WAN Use the WiMAX Modem s LAN IP address when configuring from the LAN System Timeout There is a default system management idle timeout of five m
215. he default IP address is http 192 168 1 1 2 Ifyou changed the IP address and have forgotten it you might get the IP address of the WiMAX Modem by looking up the IP address of the default gateway for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP address of the WiMAX Modem it depends on the network so enter this IP address in your Internet browser 3 If this does not work you have to reset the WiMAX Modem to its factory defaults See Section 20 1 on page 229 forgot the password 1 The default password is 1234 2 If this does not work you have to reset the WiMAX Modem to its factory defaults See Section 9 5 on page 106 cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is http 192 168 1 1 User s Guide Chapter 20 Troubleshooting f you changed the IP address Section 5 2 on page 58 use the new IP address f you changed the IP address and have forgotten it see the troubleshooting suggestions for forgot the IP address for the WiMAX Modem 2 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 2 1 on page 34 3 Make sure your Internet browser does not block pop up windows and has JavaScript and Java enabled See Appen
216. he device ventilation slots as insufficient airflow may harm your device Use only No 26 AWG American Wire Gauge or larger telecommunication line cord Antenna Warning This device meets ETSI and FCC certification requirements when using the included antenna s Only use the included antenna s If you wall mount your device make sure that no electrical lines gas or water User s Guide pipes will be damaged Safety Warnings Make sure that the cable system is grounded so as to provide some protection against voltage surges Your product is marked with this symbol which is known as the WEEE mark WEEE stands for Waste Electronics and Electrical Equipment It means that used electrical and electronic products should not be mixed with general waste Used electrical and electronic equipment should be treated separately User s Guide Contents Overview Contents Overview introduction and Wizards ios iE pu aai on RS GR i CR Rune ERU Ec Ru Ru E tides e i C Rd cB RA 29 Saa HER USELBGLisaasosst monies deep EE b a doa anne Dare 31 DWE ihe Web NUE oidiuru daas exibunt uda vmi n dad Cae ca ndi ebd 37 intemmet Connection Wizard sacco icone Enos eap Foe eor te eur eo ark v oin v Boe tems Odor toad EO et cde DAT ooo son ertani 45 Lui regii el 8 NN ee eT mi Base SEGONS Scire GR OD ERR ROI em E a dE cp ME MI eer aa 55 Uie ep MENTI C TIU 57 Agvanced SCPC ING pearaama EA ANE ARARA AARE ANTAA REAA DN PME US HERE EE 63 The LAN
217. henticate the AAA server Use the TOOLS gt Certificates gt Trusted CA screen to import certificates to the WiMAX Modem Back Click to display the previous screen Next Click to proceed to the next screen Exit Click to close the wizard without saving User s Guide Chapter 3 Internet Connection Wizard 3 1 4 IP Address This Internet Connection Wizard screen allows you to configure your IP address The settings here correspond to the SETUP Set IP Address screen see Section 5 2 on page 58 A fixed IP address is a static IP that your ISP gives you An automatic dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Internet Figure 9 Internet Connection Wizard gt IP Address IP Address An IP address identifies you to the network and you must have one to browse a local area network or surf the Internet Your IP address is generally assigned by a network administrator or ISP Select the option that is appropriate for your connection type 9 My computer or device gets its IP address automatically from the network Use fixed IP address Back Next gt Close The following table describes the labels in this screen Table 7 Internet Connection Wizard gt IP Address LABEL DESCRIPTION P Address My computer or device Select this if you have a dynamic IP address A dynamic IP gets its IP address address is not fixed th
218. here you can view and manage the WiMAX Modem s list of certificates of trusted certification authorities Request Authentication When you select Create a certification request and enroll for a certificate immediately online the certification authority may want you to include a reference number and key to identify you when you send a certification request Fill in both the Reference Number and the Key fields if your certification authority uses CMP enrollment protocol J ust the Key field displays if your certification authority uses the SCEP enrollment protocol For the reference number use 0 to 99999999 For the key use up to 31 of the following characters a zA Z0 9 GX 96 amp 4 lt gt User s Guide Chapter 13 The Certificates Screens Table 52 TOOLS gt Certificates gt My Certificates gt Create LABEL DESCRIPTION Apply Click to save your changes Cancel Click to return to the previous screen without saving your changes If you configured the My Certificate Create screen to have the WiMAX Modem enroll a certificate and the certificate enrollment is not successful you see a screen with a Return button that takes you back to the My Certificate Create screen Click Return and check your information in the My Certificate Create screen Make sure that the certification authority information is correct and that your Internet connection is working properly if you want the
219. his screen Table 32 ADVANCED gt System Configuration gt Dynamic DNS LABEL DESCRIPTION Dynamic DNS Se tup Enable Dynamic DNS Select this to use dynamic DNS Service Select the name of your Dynamic DNS service provider Provider Dynamic DNS Select the type of service that you are registered for from your Dynamic Type DNS service provider Host Name Enter the host name You can specify up to two host names separated by a comma User Name Enter your user name Password Enter the password assigned to you Enable Wildcard Option Select this to enable the DynDNS Wildcard feature User s Guide Chapter 9 The System Configuration Screens Table 32 ADVANCED gt System Configuration gt Dynamic DNS continued LABEL DESCRIPTION Enable offline option This field is available when CustomDNS is selected in the DDNS Type field Select this if your Dynamic DNS service provider redirects traffic to a URL that you can specify while you are off line Check with your Dynamic DNS service provider P Address Update Policy Use WAN IP Select this if you want the WiMAX Modem to update the domain name Address with the WAN port s IP address Dynamic DNS Select this if you want the DDNS server to update the IP address of the server auto host name s automatically Select this option when there are one or detect IP more NAT routers between the WiMAX Mo
220. hone 86 021 61199055 Fax 86 021 52069033 Address 1005F ShengGao International Tower No 137 XianXia Rd Shanghai Web http www zyxel cn Costa Rica Support E mail soporte zyxel co cr Sales E mail sales zyxel co cr Telephone 506 2017878 Fax 506 2015098 Web www zyxel co cr Regular Mail ZyXEL Costa Rica Plaza Roble Escazu Etapa El Patio Tercer Piso San Jos Costa Rica Czech Republic E mail info cz zyxel com Telephone 420 241 091 350 Fax 420 241 091 359 Web www zyxel cz Regular Mail ZyXEL Communications Czech s r o Modransk 621 143 01 Praha 4 Modrany Cesk Republika Denmark Support E mail support zyxel dk Sales E mail sales zyxel dk Telephone 45 39 55 07 00 Fax 45 39 55 07 07 Web www zyxel dk Regular Mail ZyXEL Communications A S Columbusvej 2860 Soeborg Denmark Finland Support E mail support zyxel fi Sales E mail sales zyxel fi Telephone 358 9 4780 8411 User s Guide Appendix Customer Support Fax 358 9 4780 8448 Web www zyxel fi Regular Mail ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web www zyxel fr Regular Mail ZyXEL France 1 rue des Vergers Bat 1 C 69760 Limonest France Germany Support E mail support zyxel de Sales E mail sales zyxel de Tel
221. i ERI Dr kd ERR trad Mb RR a due E Ra RM RS 283 Figure 129 openSUSE 10 3 Network Sete cuoio reos n re pIc apr Ee n eI EGRE E Sean dGRE Fee epa da E eid aiani 284 Figure 130 openSUSE 10 3 Network Card Setup ucioccaniu rece o pant Lesen bep tu ai Ep Le anne Ete RR EDU ERR EEE seu 285 Figure 131 openSUSE 10 9 Network Settings 1usicensunsadasure deren icbx eniro d rand ticdu a 286 Figure 132 openSUSE 10 3 KNetwork Manager 2 otaenee tese tbn tendon tnt ln dare aeta ve RU Ee UR o sR nendin niaan 287 Figure 133 openSUSE Connection Status KNetwork Manager sese 287 gsm FOAD BOO ge TIN Er E 289 Figura 195 Intemet Options PEISIDV icipici innein Sene enea e ana a eR DIN DM EP E MR DU DUREE EE eas 290 Figure 136 Inberet Options PIYAY uoo Ganpasxe tps Hola eda Ponga AL n aac a Du eon indt aad ot 291 Figure 137 Popup Blocker SEMIS issescecsindiette vigo eda best in guber eed hdd dut Les vnd dado E CUN 292 Figure 136 Imereti Opions eT a eR ee arene Gene hee 293 Figure 139 Security Settings Java Sorplilig 22e eee reta ene tanzen desided ra dank ka cx tu uE ek 294 Figure 140 Sacurib Settings cs ER occiiacsc pbetado p pon Oda pes RES PER qa abt REC Reo to pu CUR RoRA ERSE S ER QUEE eR 295 ED ELI OEC ILE Umm 296 Figure 142 Mozilla Fuslos TOOLS gt OPONE uu uiae cubdsbadaad icone idend dac adc dear disait 296 Figure 143 Mozilla Firefox Content SOOBIT occiiuceckeeivccic En Eon Rue tanto Ere ee EL aaa Potes EE E aaa 297 Figure 144 Netwo
222. i auc bad dsl ci a a UR di ada 197 Chapter 18 jj 3245 3 2 9 199 MEE T c RE E 199 18 3 1 What You Gan Do in This Chapter iussis cente dire ad and bna ed ela acd 199 18 1 2 What YOU Need to KNOW iuis obrdst cte dede tee qUbd ae npe ind er obe vid dubie Uode pv dede pe qU de hice 199 TO Toy ymo UN 201 Te a EO o eN cR EO LL TEN 203 18 4 Log Message Descriptions amp iuuseccceeeseeccon eben os n reset a EES 205 Chapter 19 Th SION POONA aui Een EEROCHARIEE A RAE MIA EEE akin iene ala nie eee 215 PW I cc EE TT NE T 215 TA eae oO BIN iapa a R enim 215 TEE T Packet tol WD hanorina oa E dat REDI Ea a bc EA 219 19 2 2 WIMAX Ske Monna OI s cai sun sis xnie ix baa dca uk etna Dead ux Edi pr aaa cede 221 TAO DPCP TIE qo T 222 pss elle rii cs aie Tm TS 223 1825 INI PERIERE teo RES EE DRE Re Papa cot e aede Bin iet x oi duis tds 225 Part VI Troubleshooting and Specifications 227 Chapter 20 Hjcessn m T 229 User s Guide Table of Contents 20 1 Power Hardware Connections and LEDS er rene nent annia 229 20 2 WIMAX Modem Access and LO QUT 25 siccis ss mara ceran Re anut x hd k22asE b dnt ca aun ER DERE Rand RR 230 Vica i gll Rm 232 20 4 Phone Calls and VolP ass aive br Faso pudo Odd ON KI RUE tak RD EA OE Ru Vd a d 234 20 5 Reset the WiMAX Modem to Its Factory Defau
223. iMAX Internet access See the Quick Start Guide for instructions on hardware connection In a wireless metropolitan area network MAN the WiMAX Modem connects to a WiMAX base station BS for Internet access The following diagram shows a notebook computer equipped with the WiMAX Modem connecting to the Internet through a WiMAX base station marked BS Figure 1 Mobile Station and Base Station When the firewall is on all incoming traffic from the Internet to your network is blocked unless it is initiated from your network Use content filtering to block access to web sites with URLs containing keywords that you specify You can define time periods and days during which content filtering is enabled and include or exclude particular computers on your network from content filtering For example you could block access to certain web sites for the kids 32 User s Guide Chapter 1 Getting Started 1 1 2 Make Calls via Internet Telephony Service Provider In a home or small office environment you can use the WiMAX Modem to make and receive the following types of VolP telephone calls Peer to Peer calls Use the WiMAX Modem to make a call directly to the recipient s IP address without using a SIP proxy server Figure 2 WiMAX Modem s VoIP Features Peer to Peer Calls Calls via a VoIP service provider The WiMAX Modem sends your call to a VoIP service provider s SIP server which forwards your calls to either
224. ibes the labels in this screen Table 10 SETUP gt Set IP Address LABEL DESCRIPTION This indicates the number of the item in this list IP Address This indicates the IP address of a connected client device Host Name This indicates the host name of a connected client device If the device is computer then the host name is the computer name MAC Address This indicates the MAC address of a connected client device User s Guide Chapter 5 The Setup Screens Table 10 SETUP gt Set IP Address continued LABEL DESCRIPTION Reserve This indicates whether the IP address for the connected client device is reserved When the DHCP server issues IP addresses reserved IPs are assigned to specific client devices If the IP address is reserved the client device identified by its MAC address will always receive this IP address from the DHCP server Apply Click to save your changes Refresh Click to refresh the information in the screen 5 4 Time Setting Click SETUP Time Setting to set the date time and time zone for the WiMAX Modem Figure 18 SETUP gt Time Setting Current Time and Date Current Time 01 36 28 Current Date 2008 07 08 Time and Date Setup Manual New Time hh mm ss 1 36 20 New Date yyyy mm dd 2008 7 8 O Get from Time Server Time Protocol Time Server Address Time Zone Setup Time Zone GMT Greenwich Mean Time Dublin
225. ically If the flash key is not available you can tap press and immediately release the hook by hand to achieve the same effect However using the flash key is preferred since the timing is much more precise The WiMAX Modem may interpret manual tapping as hanging up if the duration is too long You can invoke all the supplementary services by using the flash key 11 5 2 Europe Type Supplementary Phone Services This section describes how to use supplementary phone services with the Europe Type Call Service Mode Commands for supplementary services are listed in the table below After pressing the flash key if you do not issue the sub command before the default sub command timeout 2 seconds expires or issue an invalid sub command the current operation will be aborted Table 45 European Type Flash Key Commands COMMAND SUE M AND DESCRIPTION Flash Put a current call on hold to place a second call Switch back to the call if there is no second call Flash 0 Drop the call presently on hold or reject an incoming call which is waiting for answer Flash 1 Disconnect the current phone connection and answer the incoming call or resume with caller presently on hold Flash 2 1 Switch back and forth between two calls 2 Put a current call on hold to answer an incoming call 3 Separate the current three way conference call into two individual calls one is on line the other is on hold Flash 3 Create three way
226. ice of where the traffic is going User s Guide Chapter 10 The Service Configuration Screens 10 4 8 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field Figure 52 DiffServ Differentiated Service Field DSCP Unused 6 bit 2 bit DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ network Based on the marking rule different kinds of traffic can be marked for different priorities of forwarding Resources can then be allocated according to the DSCP values and the configured policies User s Guide 1 27 Chapter 10 The Service Configuration Screens User s Guide 11 1 11 1 1 11 1 2 The Phone Screens Overview Use the VOICE Phone screens to configure the volume echo cancellation VAD settings and custom tones for the phone port on the WiMAX Modem You can also select which SIP account to use for making outgoing calls What You Can Do in This Chapter The Analog Phone screen Section 11 2 on pag
227. ick this to clear all user entered configuration information and return the WiMAX Modem to its factory defaults There is no warning screen User s Guide Chapter 9 The System Configuration Screens 9 5 1 The Restore Configuration Process When the WiMAX Modem restores a configuration file the device automatically restarts This causes a temporary network disconnect Note Do not turn off the device while configuration file upload is in progress If the WiMAX Modem s IP address is different in the configuration file you selected you may need to change the IP address of your computer to be in the same subnet as that of the default management IP address 192 168 5 1 See the Quick Start Guide or the appendices for details on how to set up your computer s IP address You might have to open a new browser to log in again If the upload was not successful you are notified by Configuration Upload Error message Click Return to go back to the Configuration screen 9 6 Restart Click ADVANCED gt System Configuration gt Restart to reboot the WiMAX Modem without turning the power off Note Restarting the WiMAX Modem does not affect its configuration Figure 44 ADVANCED gt System Configuration gt Restart Click Restart to have the device perform a software restart The power LED blinks as the device restarts and then shines steadyily if the restart is successful Wait a minute before logging into the device ag
228. ide Chapter 7 The WAN Configuration Screens Table 19 ADVANCED gt WAN Configuration gt Internet Connection gt ISP Parameters for Internet Access continued LABEL DESCRIPTION Get Select this if you have a dynamic IP address A dynamic IP address automatically is not fixed the ISP assigns you a different one each time you from ISP connect to the Internet Default Use Fixed IP A static IP address is a fixed IP that your ISP gives you Type your Address ISP assigned IP address in the I P Address field below IP Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendices to calculate a subnet mask If you are implementing subnetting Gateway IP Specify a gateway IP address supplied by your ISP Address Apply Click to save your changes Reset Click to restore your previously saved settings 7 3 WiMAX Configuration Click ADVANCED gt WAN Configuration gt WiMAX Configuration to set up the frequencies used by your WiMAX Modem In a WiMAX network a mobile or subscriber station must use a radio frequency supported by the base station to communicate When the WiMAX Modem looks for a connection to a base station it can search a range of frequencies User s Guide Chapter 7 The WAN Configuration Screens Radio frequency is measured in Hertz Hz Table 20 Radio Frequency Conversion 1 kHz 1000 Hz 1 MHz 1000 kHz 100000
229. iew Log to access this screen Use this screen to look at log entries and alerts Alerts are written in red Figure 88 TOOLS Logs View Logs Dispaly All Logs v Email Log Now Refresh Clear Log Time Message Source Destination Note 07 08 2008 A 1 05 09 30 Successful HTTP login 192 168 1 34 User admin 07 08 2008 pages 2 02 15 39 Successful HTTP login 192 168 1 34 User admin 07 08 2008 p 3 02 09 00 Successful HTTP login 192 168 1 34 User admin 07 08 2008 4 01 57 20 Successful HTTP login 192 168 1 34 User admin 07 08 2008 E 5 01 34 07 Successful HTTP login 192 168 1 34 User admin 6 07 08 2008 Successful HTTP login 192 168 1 34 User admin 01 10 45 07 08 2008 m 7 00 49 27 Successful HTTP login 192 168 1 34 User admin 07 08 2008 oe 8 00 08 10 Successful HTTP login 192 168 1 34 User admin 9 07 08 2008 DHCP server assigns 192 168 1 33 to 00 07 37 TWPC13435 XP 10 07 08 2008 00 07 37 11 07 08 2008 DHCP server assigns 192 168 1 33 to 00 07 34 TWPC13435 XP 12 07 08 2008 00 07 34 13 07 08 2008 00 07 34 14 07 08 2008 00 05 14 Click a column header to sort log entries in descending later to earlier order Click again to sort in ascending order The small triangle next to a column header indicates how the table is currently sorted pointing downward is descending pointing upward is ascending The following table describes the labels in this screen Table 77 TOOLS gt Logs gt View Logs LABEL DESCRI
230. ificate is to be generated Create a self signed certificate Select Create a self signed certificate to have the WiMAX Modem generate the certificate and act as the Certification Authority CA itself This way you do not need to apply to a certification authority for certificates Create a certification request and save it locally for later manual enrollment Select Create a certification request and save it locally for later manual enrollment to have the WiMAX Modem generate and store a request for a certificate Use the My Certificate Details screen to view the certification request and copy it to send to the certification authority Copy the certification request from the My Certificate Details screen and then send it to the certification authority User s Guide Chapter 13 The Certificates Screens Table 52 TOOLS gt Certificates gt My Certificates gt Create LABEL DESCRIPTION Create a certification request and enroll for a certificate immediately online Select Create a certification request and enroll for a certificate immediately online to have the WiMAX Modem generate a request for a certificate and apply to a certification authority for a certificate You must have the certification authority s certificate already imported in the Trusted CAs screen When you select this option you must select the certification authority s enrollment protocol and the certification authori
231. ings 11 4 Region Click VOICE gt Phone gt Region to maintain settings that often depend on the region of the world in which the WiMAX Modem is located Figure 56 VOICE gt Phone gt Region Region Settings United States v Call Service Mode USAType The following table describes the labels in this screen Table 44 VOICE gt Phone gt Region LABEL DESCRIPTION Region Settings Select the place in which the WiMAX Modem is located Do not select Default Call Service Select the mode for supplementary phone services call hold call Mode waiting call transfer and three way conference calls that your VoIP service provider supports Europe Type use supplementary phone services in European mode USA Type use supplementary phone services American mode You might have to subscribe to these services to use them Contact your VoIP service provider Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide 133 Chapter 11 The Phone Screens 11 5 Technical Reference The following section contains additional technical information about the WiMAX Modem features described in this chapter 11 5 1 The Flash Key Flashing means to press the hook for a short period of time a few hundred milliseconds before releasing it On newer telephones there should be a flash key button that generates the signal electron
232. inutes three hundred seconds The WiMAX Modem automatically logs you out if the management session remains idle for longer than this timeout period The management session does not time out when a statistics screen is polling You can change the timeout period in the Maintenance gt System gt General screen User s Guide Chapter 16 The Remote Management Screens SNMP Simple Network Management Protocol SNMP is a protocol used for exchanging management information between network devices SNMP is a member of the TCP IP protocol suite Your WiMAX Modem supports SNMP agent functionality which allows a manager station to manage and monitor the WiMAX Modem through the network The WiMAX Modem supports SNMP version one SNMPv1 and version two SNMPv2 The next figure illustrates an SNMP management operation Note SNMP is only available if TCP IP is configured 16 2 WWW Click TOOLS Remote Management WWW to control HTTP access to your WiMAX Modem Figure 76 TOOLS gt Remote Management gt WWW Server Port 80 Server Access LAN amp WAN Secured Client IP Address 9 Al Selected 0 0 0 0 rm The following table describes the labels in this screen Table 64 TOOLS gt Remote Management gt WWW LABEL DESCRIPTION Server Port Enter the port number this service can use to access the WiMAX Modem The computer must use the same port number Server Access Select the interface s through
233. ion gt Port Forwarding gt Rule Setup sessssss 93 Table 29 ADVANCED gt NAT Configuration gt Trigger Port 94 Table 30 ADVANCED gt MAT Config ration s ALG auissuseeeceseaeeiceiteude Eomae paint nh kanns pnus acera 97 Table 31 ADVANCED gt System Configuration gt General sess 101 Table 32 ADVANCED gt System Configuration gt Dynamic DNS sse 103 Table 33 ADVANCED gt System Configuration gt Firmware sss 105 Table 34 ADVANCED gt System Configuration gt Configuration 106 Table 35 ADVANCED gt System Configuration gt Firmware sse 107 Table 36 VOICE gt Service Configuration gt SIP Setting 1 tenni tta teet nte keen nonae Re keaia 114 Table 37 VOICE gt Service Configuration gt SIP Settings gt Advanced ssssssessss 117 User s Guide 25 List of Tables Tete 35 Custom Tones ESI asisevciasoien a ion a pr OG aub poca arbi oes P pL aaa a b 120 Tabie 39 YOICE gt Servite COTE s DS suuustussdcdaese nuni kim bons se dcr dag Rd dad cua dan Rua 122 Tabe AD SIP al Hoo me mt 123 Table 41 YOICE Phone Analog PRONE 2 5 o i eiae eS bodPu ren Eie ep NO etus GAL dnce iri aan doen 131 Table 42 VOICE gt Phone gt Analog Phone gt Advanced essent 132 Tabe AS VOICE PONE gt COMMO Gorrian naaa qc de cA RN Eee NUN Md Seceeantedeas 193 Tabe OS YOGE gt Phone gt Redio os
234. ions Corporation All rights reserved Disclaimers ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Your use of the WiMAX Modem is subject to the terms and conditions of any related service providers Do not use the WiMAX Modem for illegal purposes Illegal downloading or sharing of files can result in severe civil and criminal penalties You are subject to the restrictions of copyright laws and any other applicable laws and will bear the consequences of any infringements thereof ZyXEL bears NO responsibility or liability for your use of the download service feature Trademarks Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners User s Guide Appendix H Legal Information Certifications Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operations This device has been
235. irmed thumbprint is a security risk If you dick Yes you acknowledge this risk Do you want to install this certificate 316 User s Guide Appendix E Importing Certificates 11 Finally click OK when presented with the successful certificate installation message Figure 160 Internet Explorer 7 Certificate Import Wizard Certificate Import Wizard e L The import was successful Lox 12 The next time you start Internet Explorer and go to a ZyXEL web configurator page a sealed padlock icon appears in the address bar Click it to view the page s Website Identification information EE Website Identification 172 20 37 202 has identified t 172 20 37 202 This connection to the server is encrypted Should trust this site View certificates User s Guide 31 7 Appendix E Importing Certificates Installing a Stand Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Double click the public key certificate file Figure 162 Internet Explorer 7 Public Key Certificate File Rie S5 TET 2 In the security warning dialog box click Open Figure 163 Internet Explorer 7 Open File Security Warning Open File Security Warning Do you want to open this file Name CA cer Publisher Unknown Publisher Type
236. is computer and the Network Settings Global Options Overview Hostname DNS Routing A Hostname and Domain Name Hostname Domain Name linux h2oz J site _ Change Hostname via DHCP _ Write Hostname to etc hosts X Change etc resolv conf manually Name Servers and Domain Search List Name Server 1 Domain Search 10 0 2 3 Name Server 2 Name Server 3 _ Update DNS data via DHCP 9 Click Finish to save your settings and close the window User s Guide Appendix B Setting Up Your Computer s IP Address Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP IP properties From the Options sub menu select Show Connection I nformation Figure 132 openSUSE 10 3 KNetwork Manager i Disable Wireless 134 KNetworkManager a Wired Devices v 3 Switch to Offline Mode X Wired Network 4 Show Connection Information E Dial Up Connections Configure Xl Options When the Connection Status KNetwork Manager window opens click the Statistics tab to see if your connection is working properly Figure 133 openSUSE Connection Status KNetwork Manager A M e TITITSTe EDT S 8 161 41 318779 8 SOLES TELS TS 330 a Device Addresse Statistics J Received Transmitted Bytes 2317441 841875 MBytes 2 2 0 8 Packets 3621 3140 Errors 0 0 Dropped 0 0 KBytes s 0 0 0 0
237. it switched telephone networks require 64 kilobits per second kbps in each direction to handle a telephone call Vol P can use advanced voice coding techniques with compression to reduce the required bandwidth 10 1 1 What You Can Do in This Chapter The SIP Settings screen Section 10 2 on page 113 lets you setup and maintain your SIP account s in the WiMAX Modem The Advanced SIP Settings screen Section 10 2 1 on page 115 lets you set up and maintain advanced settings for each SIP account The QoS screen Section 10 3 on page 122 lets you set up and maintain ToS and VLAN settings for the WiMAX Modem 10 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter SIP The Session Initiation Protocol SIP is an application layer control signaling protocol that handles the setting up altering and tearing down of voice and User s Guide EJ Chapter 10 The Service Configuration Screens multimedia sessions over the Internet SIP signaling is separate from the media for which it handles sessions The media that is exchanged during the session can use a different path from that of the signaling SIP handles telephone calls and can interface with traditional circuit switched telephone networks SIP Identities A SIP account uses an identity sometimes referred to as a SIP address A complete SIP identity is called a SIP URI Uniform Resource Identifier A SIP account s URI identifies th
238. l Calls Caller ID CLIP Calling Line Identification Presentation CLIR Calling Line Identification Restriction Note To take full advantage of the supplementary phone services available though the WiMAX Modem s phone port you may need to subscribe to the services from your VoIP service provider 11 2 Analog Phone Click VOI CE gt Phone gt Analog Phone to control which SIP accounts each phone uses Figure 53 VOICE gt Phone gt Analog Phone Phone Port Settings Phonei Outgoing Call Use SIP1 Incoming Call apply to SIP1 User s Guide Chapter 11 The Phone Screens The following table describes the labels in this screen Table 41 VOICE gt Phone gt Analog Phone LABEL DESCRIPTION Phone Port Select the phone port you want to see in this screen If you change this Settings field the screen automatically refreshes Phone Port Displays the phone port number Settings Outgoing Call Use SIP1 Select this if you want this phone port to use the SIP1 account when it makes calls If you select both SIP accounts the WiMAX Modem tries to use SIP2 first Incoming Call apply to SIP1 Select this if you want to receive phone calls for the SIP1 account on this phone port If you select more than one source for incoming calls there is no way to distinguish between them when you receive phone calls Apply Click to save your changes Reset Click to restore your
239. lays The default password 1234 displays in non readable characters If you haven t changed the password yet you can just click Login Click Cancel to revert to the default password in the password field If you have changed the password enter your password and click Login MAX 206M1R Welcome to the ZyXEL Web Configurator Enter your user name password and click Login amp User Name admin a Password secs Your user name and password may contain up to 2 maximum of 30 letters numerals and any printable character found on a typical English language keyboard English Note Please turn on the Javascript and ActiveX control setting on Internet Explorer when operating system is Windows XP and service pack is SP2 5 The following screen displays if you have not yet changed your password It is highly recommended you change the default password Enter a new password retype it to confirm and click Apply alternatively click I gnore to proceed to the main menu if you do not want to change the password now MAX 206M1R Enter a New Password Your device is currently using the factory default password To protect your network from unauthorized access you should change your password at this time Select a new password that is easy for you to remember yet difficult for would be intruders to guess We suggest that you combine text with numbers to make it even more difficult to crack Your new password may contain up to a maxi
240. le eeseessssesessssssseseeeee eene nennt 338 Figure 194 Konqueror 3 5 Certificate Import PesbM uiii esecesosuetasecireeeuces suce e Rr cki acd pe Lesern epe RAE GEIES 338 Figure 125 Kongueror 3 5 IS IBODEU B oasssssspoecisier ttes kan pc acr oa a dan Ea a Su bua adaab Ua 338 Figure 196 Kongueror 3 5 Sethe Menu nesisiniisianinesiie tanes aS EEE ia a 340 Figure 197 Kongueror 3 9 COMMING sisisi 340 User s Guide 23 List of Figures User s Guide List of Tables List of Tables Bs NEIN ERSTE EE N A 6 Toloz The Der RE S oL iE 34 Table 3 Mam ICONS e 41 jr TRAIL aea A eORIAS 42 Table 5 Internet Connection Wizard gt System Information seesssssseeeeennne 46 Table 6 Internet Connection Wizard gt Authentication Settings Screen sssssssssssss 47 Table 7 Internet Connection Wizard gt IP Address sssssssssssssseeseseeeeeen nnne 49 Table 8 VoIP Connection gt First Voice Account Settings sssssssssssseesseseneeene nnns 52 Tabe oO SETUP Ser IP AGIS 11e oca pias eboapita Gat AY C GR en ERR cR a ere ka iH eames 59 TROIS TO SETUP sat MU AUNES ioiaren a asc gama aaa dat bota ndi onse dun b adi brc ec 59 Table 11 SETUP Tine STUN ansdecsdieetsccoctte cade eae aereo AE eet en uetus eens 60 Table 17 Pre datined NTP Tire Servers 112 eie idonee ete ad E
241. le of Contents Fe M25 estia I tum 3 Document GOnNvVentio INTE EOD 5 RO i1 7 GContenis Oa ge De rT I ELI D Deme MED LM errr ee eee 9 Aes ey C re p GOMO NES E LL E D m 11 4 19 REGES NIE el TOTO E acces cuceanvautaueeaueevasealsateensadediacassacvevcanvas ences 25 Part I Introduction and Wizards eeeeeeeeeeeee enne nnn nnn 29 Chapter 1 Gelting Stared 31 121 About Your WIMAX NT 2222 55 piedi pasti eate EDI ade va ta abet t n pa RE E pe o te PARED Feb Ep bodde 21 Edo VINE Intr ACCESS 20s risit d eda aai 32 1 1 2 Make Calls via Internet Telephony Service Provider ssssssee 33 1 2 WIMAX Modem FAV WANE ii costar dr drea d bcd Oct x sra dadr sc icr bat OAA cries 34 ON se AW AER he cde ache H 34 12 Good Habits for Managing the Device 2o poi asda Errore be iie a RA PD ERU e DR nines 36 Chapter 2 Introducing the Web Configurator eeeeeeceeeeeeeeee esses nennen nnne nennen nannten nnns 37 ca EE EUCH RE D PTUS UE DUE ENT 37 21 1 Abpcessing Me Wab Gang SIel ce aa pecie baie o RE aaa ER d nt Eod a rues 37 2 12 The Reset BUNOT uai er saute cta reta nias rior ioc tr E oet ar E Y
242. lic key infrastructure 13 4 1 1 Advantages of Certificates Certificates offer the following benefits The WiMAX Modem only has to store the certificates of the certification authorities that you decide to trust no matter how many devices you need to authenticate Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys 13 4 1 2 Self signed Certificates You can have the WiMAX Modem act as a certification authority and sign its own certificates 13 4 1 3 Factory Default Certificate The WiMAX Modem generates its own unique self signed certificate when you first turn it on This certificate is referred to in the GUI as the factory default certificate 13 4 1 4 Certificate File Formats Any certificate that you want to import has to be in one of these file formats Binary X 509 This is an ITU T recommendation that defines the formats for X 509 certificates PEM Base 64 encoded X 509 This Privacy Enhanced Mail format uses lowercase letters uppercase letters and numerals to convert a binary X 509 certificate into a printable form Binary PKCS 7 This is a standard that defines the general syntax for data including digital signatures that may be encrypted A PKCS 7 file is used to transfer a public key certificate The private key is not included The WiMAX Modem currently allows the importation of a PKS 7 file that contains a single certi
243. ll Forwarding Busy no VM service plan 911 911 Emergency phone number same as dialing 911 411 411 Wireless Information Services Note To take full advantage of the supplementary phone services available through the WiMAX Modem s phone port you may need to subscribe to the services from your voice account service provider Not all features are supported by all service providers Consult your service provider for more information User s Guide Chapter 21 Product Specifications 21 1 Wall Mounting This section shows you how to mount your WiMAX Modem on a wall using the ZyXEL Wall Mounting kit not included 21 1 1 The Wall Mounting Kit The wall mounting kit contains the following parts 1 Two Mortar Plugs M4 L30 mm 2 Two Screws M4 L30 mm 3 Wall Mounting Chassis If any parts are missing contact your vendor 21 1 2 Instructions To mount the WiMAX Modem on a wall 1 Select a position free of obstructions on a sturdy wall 2 Drill two holes in the wall exactly 70 mm apart The holes should be 6 mm wide and at least 30 mm deep Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws User s Guide 251 Chapter 21 Product Specifications 3 Attach the wall mounting chassis with the plugs and screws as shown below 4 Connect the MAX 216M1 to the wall mounting chassis by snapping the chassis two upper chassis hooks int
244. llows you to do this by selecting the country from a list rather than changing each setting manually Configure the country code feature when you move the WiMAX Modem from one country to another Do not Disturb This feature allows you to set your phone not to ring when someone DnD calls you You can set each phone independently using its keypad or configure global settings for all phones using the command line interpreter Auto Dial You can set the WiMAX Modem to automatically dial a specified number immediately whenever you lift a phone off the hook Use the Web Configurator to set the specified number Use the command line interpreter to have the WiMAX Modem wait a specified length of time before dialing the number User s Guide Chapter 21 Product Specifications Table 106 Voice Features Phone config The phone configuration table allows you to customize the phone keypad combinations you use to access certain features on the WiMAX Modem such as call waiting call return call forward etc The phone configuration table is configurable in command interpreter mode Firmware update enable disable If your service provider uses this feature you hear a recorded message when you pick up the phone when new firmware is available for your WiMAX Modem Enter 99 in your phone s keypad to have the WiMAX Modem upgrade the firmware or enter 99 to not upgrade If your service provider gave you dif
245. lowed by the number to which you want to transfer the call to operate the Intercom 3 After you hear the ring signal or the second party answers it hang up the phone European Three Way Conference allows you to make three way conference calls To do so 1 When you are on the phone talking to someone place the flash key to put the caller on hold and get a dial tone 2 Dial a phone number directly to make another call 3 When the second call is answered press the flash key and press 3 to create a three way conversation User s Guide 135 Chapter 11 The Phone Screens 4 5 11 5 3 Hang up the phone to drop the connection If you want to separate the activated three way conference into two individual connections one is on line the other is on hold press the flash key and press 42 USA Type Supplementary Services This section describes how to use supplementary phone services with the USA Type Call Service Mode Commands for supplementary services are listed in the table below After pressing the flash key if you do not issue the sub command before the default sub command timeout 2 seconds expires or issue an invalid sub command the current operation will be aborted Table 46 USA Type Flash Key Commands SUB COMMAND COMMAND DESCRIPTION Flash Put a current call on hold to place a second call After the second call is successful press the flash key again to have a three way conference call
246. lts eseseeeeeeee 235 20 5 1 Pop up Windows JavaScripts and Java Permissions cccccceeesseeeeeeeesteeeeeeeees 235 Chapter 21 PROGUCT SPO HICAU ONG 7YX 237 21 9 ee el iaa Eeer ern emer ere b bota eer eer rer ier rr eee rome rer arn enter errr tener rrr etry 251 211 1 The Wal Mouning o 251 2i NS ES araa A EA Ea 251 Part VII Appendices and Index ceseeeeeseeeeeeeeeeeeeeeeeeeeeeeeseees 255 Appendix A WIMAX OBEUP BE a paie iid inibi b a Rt a SR LER TCR d A iE 257 Appendix B Setting Up Your Computer s IP Address eeeeseseeeeeeeeeeene 261 Appendix C Pop up Windows JavaScripts and Java Permissions ssusss 289 Appendix D IP Addresses and Subnetting sesseesseeeneeenne 299 Appendix E Importing Certificates cuuieiscusodacitka ieid kii del Ed Fe edi a URS Tu PARLE RR diia 311 Appendix F SIP PassthioUgh uu eran pkaig Lon IRI ARA DAC UR CER AERA DAR ae DAT DE D p EAR ln 343 Appendix G Common Services Laien dM FERRI D ERRORI A aUa RR UR RIEN OR tS 345 Appendix H Legal IS VR ssaiecris omnla Tini MR FOURUR RD ORGAN La BED d DERE Ad FTD D 349 Appendix 1 Customer DUBIO aria ar EGRE RIDERE NUERI Re CAL EUN Pi ART f REA A 353 Lj 361 User s Guide Table of Contents User s Guide List of Figures
247. lus the forward to phone number to activate Call Forwarding No Answer no VM service plan 730 Deactivate Call Forwarding No Answer 740 Plus the forward to phone number to activate Call Forwarding Busy no VM service plan 911 911 Emergency phone number same as dialing 911 411 411 Wireless Information Services Table 108 Environmental and Hardware Specifications FEATURE DESCRIPTION Operating Temperature 0 C to 45 C Storage Temperature 25 C to 55 C User s Guide Chapter 21 Product Specifications Table 108 Environmental and Hardware Specifications continued Operating Humidity 2096 9096 non condensing Storage Humidity 1096 to 9596 non condensing Power Supply 12V DC 2A Power consumption 18W Ethernet Interface Two auto negotiating auto MDI MDI X NWay 10 100 Mbps RJ 45 Ethernet ports Telephony Interface Two analog ATA interfaces for standard telephones through RJ 11 FXS Foreign Exchange Subscriber analog connector Antennas Two internal 5dBi WiMAX antennas Weight 480g Dimensions 160mm W x 118mm D x 167mm H Safety Approvals UL 60950 1 CAN CSA C22 2 No 60950 1 03 EN 60950 1 IEC 60950 1 EMI Approvals EN 301489 1 v1 6 1 EN 61000 3 2 EN 61000 3 3 EMS Approvals EN 301489 4 v1 3 1 RF Approvals EN 302326 Table 109 Radio Specifications FEATURE DESCRIPTION Media A
248. m Browse Click to find the certificate file you want to upload Apply Click to save your changes Cancel Click to return to the previous screen without saving your changes User s Guide 1 57 Chapter 13 The Certificates Screens 13 3 Trusted CAs Click TOOLS gt Certificates gt Trusted CAs access this screen Use this screen to display a summary list of certificates of the certification authorities that you have set the WiMAX Modem to accept as trusted The WiMAX Modem accepts any valid certificate signed by a certification authority on this list as being trustworthy thus you do not need to import any certificate that is signed by one of these certification authorities Figure 63 TOOLS gt Certificates gt Trusted CAs PKI Storage Space in Use o MENNNENNEN 10096 Trusted CA Certificates 1896 CRL Name Subject Issuer Valid From Valid To ai Action inpar The following table describes the icons in this screen Table 55 TOOLS gt Certificates gt Trusted CAs ICON DESCRIPTION EP Edit Click to edit this item as Export Click to export an item im Delete Click to delete this item The following table describes the labels in this screen Table 56 TOOLS gt Certificates gt Trusted CAs LABEL DESCRIPTION PKI Storage This bar displays the percentage of the WiMAX Modem s PKI storage Space in Use space that is currently in use When the storage s
249. me obtained from the ISP is used Use up to 38 alphanumeric characters Spaces are not allowed but dashes and periods are accepted Administrator Enter the number of minutes a management session can be left idle Inactivity Timer before the session times out After it times out you have to log in again A value of 0 means a management session never times out no matter how long it has been left idle This is not recommended Long idle timeouts may have security risks The default is five minutes Password Setup Old Password Enter the current password you use to access the WiMAX Modem New Password Enter the new password for the WiMAX Modem You can use up to 30 characters As you type the password the screen displays an asterisk for each character you type User s Guide Chapter 9 The System Configuration Screens Table 31 ADVANCED System Configuration General continued LABEL DESCRIPTION Retype to Enter the new password again Confirm Apply Click to save your changes Reset Click to restore your previously saved settings 9 3 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you in NetMeeting CU SeeMe etc You can also access your FTP server or Web site on your own computer using a domain name for instance myhost dhs org where myhost is a name of you
250. ministrator if you are unsure of this information Time Zone Setup Time Zone Select the time zone at your location Daylight Savings Select this if your location uses daylight savings time Daylight savings is a period from late spring to early fall when many places set their clocks ahead of normal local time by one hour to give more daytime light in the evening Start Date Enter which hour on which day of which week of which month daylight savings time starts End Date Enter which hour on the which day of which week of which month daylight savings time ends Apply Click to save your changes Reset Click to restore your previously saved settings 5 4 1 Pre Defined NTP Time Servers List The WiMAX Modem uses a pre defined list of NTP time servers if you do not specify a time server or it cannot synchronize with the time server you specified It can use this list regardless of the time protocol you select When the WiMAX Modem uses the list it randomly selects one server and tries to synchronize with it If the synchronization fails then it goes through the rest of User s Guide Chapter 5 The Setup Screens the list in order until either it is successful or all the pre defined NTP time servers have been tried Table 12 Pre defined NTP Time Servers ntp1 cs wisc edu ntp1 gbg netnod se ntp2 cs wisc edu tock usno navy mil ntp3 cs wisc edu ntp cs strath ac uk
251. mum of 30 letters numerals and any printable character found on a typical English language keyboard Confirm Password max 30 alphanumeric printable characters and no spaces User s Guide Chapter 2 Introducing the Web Configurator 6 Click Apply in the next screen to create a certificate using your WiMAX Modem s MAC address that will be specific to this device This certificate is used for authentication when using a secure HTTPS connection over the Internet MAX 206M1R Public Key Certificate This ZyXEL device currently uses the default public key certificate common to all ZyXEL products Click Apply to create a new certificate that is unique to your device If you wish to continue using the default certificate click Ignore Apply Ignore 7 A screen displays to let you choose to go to the Wizard or the Advanced screens Click Go to Wizard setup if you are logging in for the first time or if you want to make basic changes The wizard selection screen appears after you click Apply See Chapter 3 on page 45 for more information Click Go to Advanced setup if you want to configure features that are not available in the wizards The main screen appears after you click Apply See Section 3 on page 40 for more information Click Exit if you want to log out MAX 206M1R Select a Mode Use the ZyXEL Setup Wizard to quickly and easily configure your Internet connection or VoIP account server settings If thi
252. n User Name changeme Password eccseces lt Back Apply Close The following table describes the labels in this screen Table8 VoIP Connection First Voice Account Settings LABEL DESCRIPTION SIP Number Enter your SIP number in this field use the number or text that comes before the 9 symbol in a SIP account like 1234 9Vol P provider com You can use up to 127 ASCII characters SIP Server Address Type the IP address or domain name of the SIP server in this field It doesn t matter whether the SIP server is a proxy redirect or register server You can use up to 95 ASCII characters SIP Service Domain Enter the SIP service domain name in this field the domain name that comes after the 9 symbol in a SIP account like 1234 Q Vol P provider com You can use up to 127 ASCII Extended set characters User Name This is the user name for registering this SIP account with the SIP register server Type the user name exactly as it was given to you You can use up to 95 ASCII characters Password Type the password associated with the user name above You can use up to 95 ASCII Extended set characters 52 User s Guide Chapter 4 VoIP Connection Wizard Table 8 VoIP Connection gt First Voice Account Settings continued LABEL DESCRIPTION Check here to set up SIP2 settings This screen configures SIP account 1 Select the check box if you have a s
253. n information sheet when s he signs up If your ISP gives you the DNS server addresses enter them in the DNS Server fields in DHCP Setup otherwise leave them blank Some ISPs choose to pass the DNS servers using the DNS server extensions of PPP IPCP IP Control Protocol after the connection is up If your ISP did not give you explicit DNS servers chances are the DNS servers are conveyed through PCP negotiation The WiMAX Modem supports the IPCP DNS server extensions through the DNS proxy feature If the Primary and Secondary DNS Server fields in the LAN Setup screen are not specified for instance left as 0 0 0 0 the WiMAX Modem tells the DHCP clients that it itself is the DNS server When a computer sends a DNS query to the WiMAX Modem the WiMAX Modem forwards the query to the real DNS server learned through IPCP and relays the response back to the computer Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances If your ISP gives you explicit DNS servers make sure that you enter their IP addresses in the LAN Setup screen This way the WiMAX Modem can pass the DNS servers to the computers and the computers can query the DNS server directly without the WiMAX Modems s intervention 6 6 5 RIP Setup RIP Routing Information Protocol allows a router to exchange routing information with other routers The RIP Di
254. n the configuration menu 2 Press a number from 1301 1308 followed by the key to delete the tone of your choice Press 14 followed by the key if you wish to clear all your custom tones 3 You can continue to add listen to or delete tones or you can hang up the receiver when you are done User s Guide 121 Chapter 10 The Service Configuration Screens 10 3 QoS Network traffic can be classified by setting the ToS Type Of Service values at the data source for example at the WiMAX Modem so a server can decide the best method of delivery that is the least cost fastest route and so on Virtual Local Area Network VLAN allows a physical network to be partitioned into multiple logical networks Only stations within the same group can communicate with each other Your WiMAX Modem can add IEEE 802 1Q VLAN ID tags to voice frames that it sends to the network This allows the WiMAX Modem to communicate with a SIP server that is a member of the same VLAN group Some ISPs use the VLAN tag to identify voice traffic and give it priority over other traffic Click VOI CE gt Service Configuration gt QoS to set up and maintain ToS and VLAN settings for the WiMAX Modem QoS Quality of Service refers to both a network s ability to deliver data with minimum delay and the networking methods used to provide bandwidth for real time multimedia applications Figure 48 VOICE gt Service Configuration gt QoS TOS SIP TO
255. name sent when the WiMAX Modem connects to the ACS and which is used for authentication You can enter up to 31 alphanumeric characters a z A Z 0 9 and underscores but spaces are not allowed Password Enter the password sent when the WiMAX Modem connects to an ACS and which is used for authentication You can enter up to 31 alphanumeric characters a z A Z 0 9 and underscores but spaces are not allowed Connection Enter the connection request user name that the ACS must send to the Request WiMAX Modem when it requests a connection User Name You can enter up to 31 alphanumeric characters a z A Z 0 9 and underscores but spaces are not allowed Note This must be provided by the ACS administrator Connection Enter the connection request password that the ACS must send to the Request WiMAX Modem when it requests a connection Password You can enter up to 31 alphanumeric characters a z A Z 0 9 and underscores but spaces are not allowed Note This must be provided by the ACS administrator User s Guide Chapter 16 The Remote Management Screens Table 71 TOOLS gt Remote Management gt TRO69 LABEL DESCRIPTION Periodic Inform Enable Select this to allow the WiMAX Modem to periodically connect to the ACS and check for configuration updates If you do not enable this feature then the WiMAX Modem can only be updated automatically when the ACS initiates contact with it an
256. new number to the list below This is a list of speed dial numbers Number This is the SIP number the WiMAX Modem calls when you use this speed dial number Name This is the name of the party associated with this speed dial number Type This indicates whether this speed dial number uses a proxy or not when placing a call to the phone number associated with it Destination This indicates if the speed dial entry uses one of your SIP accounts or uses the IP address or domain name of the SIP server Action Click the Delete icon to erase this speed dial entry Apply Click to save your changes Clear Click to clear all fields on the screen and begin anew User s Guide Chapter 12 The Phone Book Screens User s Guide Status The Certificates Screens 147 The Firewall Screens 169 Content Filter 179 The Remote Management Screens 183 QoS 195 The Logs Screens 199 The Status Screen 215 The Certificates Screens 13 1 Overview 13 1 1 13 1 2 Use the TOOLS gt Certificates screens to manage public key certificates on the WiMAX Modem The WiMAX Modem can use public key certificates also sometimes called digital IDs to authenticate users Certificates are based on public private key pairs A certificate contains the certificate owner s identity and public key Certificates provide a way to exchange public keys for use in authentication Public key certificates are used by web browsers to ensure t
257. nfiguration gt Advanced sesseeeeeeen enne 87 Figure 33 ADVANCED gt NAT Configuration gt General sse 89 Figure 34 Multiple Servers Behind NAT Example sss ene tene nennen nennen nnne 91 Figure 35 ADVANCED gt NAT Configuration gt Port Forwarding oaeeeciiuecen reete ertet 91 Figure 36 ADVANCED gt NAT Configuration gt Port Forwarding gt Rule Setup sssssss 93 Figure 37 ADVANCED gt NAT Configuration gt Trigger Port cc0 cccisscceesesessstccesescessnsesesicseransnensaneaneasaee 94 Figure 38 Trigger Port Forwarding EXeIVplg coe oto tne etuer eemper eemper enne obse ER Repo ek rane uin 95 User s Guide List of Figures Figure 39 ADVANCED gt NAT Configuration gt ALG ius cesse rrr m ek ecc da ken n nri Pid 97 Figure 40 ADVANCED gt System Configuration gt General sse enne 101 Figure 41 ADVANCED gt System Configuration gt Dynamic DNS sse 103 Figure 42 ADVANCED gt System Configuration gt Firmware ssssesesssseseneeneen enne 104 Figure 43 ADVANCED gt System Configuration gt Configuration sssssseeeenene 106 Figure 44 ADVANCED gt System Configuration gt Restart ssssssssssssseseeeeeeren nene 107 Figure 45 VOICE gt Service Configuration gt SIP Setting eesssessseseeee 113 Faure 46 STUN ENPE a tiec a
258. ng ways The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses enter them in the DNS Server fields in the SYSTEM General screen If the ISP did not give you DNS server information leave the DNS Server fields in the SYSTEM General screen set to 0 0 0 0 for the ISP to dynamically assign the DNS server IP addresses User s Guide Chapter 9 The System Configuration Screens 9 2 General Click ADVANCED gt System Configuration gt General to change the WiMAX Modem s mode set up its system name domain name idle timeout and administrator password Figure 40 ADVANCED gt System Configuration gt General System Setup System Name Domain Name Administrator Inactivity Timer 0 minutes 0 means no timeout Password Setup Old Password oes New Password Retype to Confirm rm The following table describes the labels in this screen Table 31 ADVANCED gt System Configuration gt General LABEL DESCRIPTION System Setup System Name Enter your computer s Computer Name This is for identification purposes but some ISPs also check this field This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores are accepted Domain Name Enter the domain name entry that is propagated to DHCP clients on the LAN If you leave this blank the domain na
259. nly one IP address enter 255 255 255 255 Gateway IP Address Enter the IP address of the gateway to which the WiMAX Modem should send packets for the specified Destination The gateway is a router or a switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Metric Usually you should keep the default value This field is related to RIP The metric represents the cost of transmission A router determines the best route for transmission by choosing a path with the lowest cost The smaller the metric the lower the cost RIP uses hop count as the measurement of cost where 1 is for a directly connected network The metric must be 1 15 if you use a value higher than 15 the routers assume the link is down User s Guide Chapter 6 The LAN Configuration Screens Table 17 Management Static Route IP Static Route Edit continued LABEL DESCRIPTION Apply Click to save your changes Cancel Click to return to the previous screen without saving your changes 6 5 Other Sett Click ADVANCE ings D gt LAN Configuration gt Other Settings to set the RIP and Multicast options Figure 23 ADVANCED gt LAN Configuration gt Advanced RIP Direction RIP Version Multicast RIP amp Multicast Setup Both v RIP 1 None wv The following table describes the labels in this screen Tabl
260. nt You can enter up to 61 printable ASCII characters Password Use this field to enter the password associated with your Internet access account You can enter up to 47 printable ASCII characters Anonymous Enter the anonymous identity provided by your Internet Service Identity Provider Anonymous identity also known as outer identity is used with EAP TTLS encryption The anonymous identity is used to route your authentication request to the correct authentication server and does not reveal your real user name Your real user name and password are encrypted in the TLS tunnel and only the anonymous identity can be seen Leave this field blank if your ISP did not give you an anonymous identity to use User s Guide Chapter 7 The WAN Configuration Screens Table 19 ADVANCED gt WAN Configuration gt Internet Connection gt ISP Parameters for Internet Access continued LABEL DESCRIPTION PKM This field displays the Privacy Key Management version number PKM provides security between the WiMAX Modem and the base station At the time of writing the WiMAX Modem supports PKMv2 only See the WiMAX security appendix for more information Authentication This field displays the user authentication method Authentication is the process of confirming the identity of a mobile station by means of a username and password for example Check with your service provider if you are unsure of the correct setting for you
261. nt and the server is the RADIUS server The RADIUS server handles the following tasks Authentication Determines the identity of the users Authorization Determines the network services available to authenticated users once they are connected to the network Accounting Keeps track of the client s network activity RADIUS is a simple package exchange in which your base station acts as a message relay between the MS SS and the network RADIUS server Types of RADIUS Messages The following types of RADIUS messages are exchanged between the base station and the RADIUS server for user authentication Access Request Sent by an base station requesting authentication Access Reject Sent by a RADIUS server rejecting access Access Accept Sent by a RADIUS server allowing access e Access Challenge Sent by a RADIUS server requesting more information in order to allow access The base station sends a proper response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the base station and the RADIUS server for user accounting Accounting Request Sent by the base station requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent ove
262. nt priorities to traffic that the WiMAX Modem forwards out through the WAN interface Give high priority to voice and video to make them run more smoothly Similarly give low priority to many large file downloads so that they do not reduce the quality of other applications Click TOOLS QoS Class Setup to open the following screen Figure 86 QoS gt Class Setup Create New Class Name Interface Class Index Default Class From LAN 99 Default Class From WAN 99 The following table describes the labels in this screen Table 73 QoS Class Setup LABEL DESCRIPTION Create New Class Click this button to create a new class This field displays the index number of the class Active This field indicates whether the QoS class is enabled or not Name This field indicates the name of the class Interface This field indicates the Ethernet port on which traffic is being monitored and prioritized DSCP This field indicates the Differentiated Services Code Point DSCP value for the associated class Class Index This field indicates the index for this QoS class Classes are implemented based on index number from lowest to highest Action Click the Edit icon to go to the screen where you can edit the rule Click the Delete icon to delete an existing rule Note that subsequent rules move up by one when you take this action Apply Click this button to save your changes back to the WiMAX Modem
263. nter the IP address or domain name of the STUN server provided by your VoIP service provider Server Port Enter the STUN server s listening port if your VolP service provider gave you one Otherwise keep the default value Use NAT Active Select this if you want the WiMAX Modem to send SIP traffic to a specific NAT router You must also configure the NAT router to forward traffic with the specified port to the WiMAX Modem This eliminates the need for STUN or a SIP ALG Server Address Enter the public IP address or domain name of the NAT router Server Port Enter the port number that your SIP sessions use with the public IP address of the NAT router Outbound Proxy Active Select this if your VoIP service provider has a SIP outbound server to handle voice calls This allows the WiMAX Modem to work with any type of NAT router and eliminates the need for STUN or a SIP ALG Turn off any SIP ALG on a NAT router in front of the WiMAX Modem to keep it from re translating the IP address since this is already handled by the outbound proxy server Server Address Enter the IP address or domain name of the SIP outbound proxy server Server Port Enter the SIP outbound proxy server s listening port if your VoIP service provider gave you one Otherwise keep the default value NAT Keep Alive Active Select this to stop NAT routers between the WiMAX Modem and SIP server a SIP prox
264. nts DHCP Pool See the product specifications in the appendices Do not assign static IP addresses from the DHCP pool to your LAN computers These parameters should work for the majority of installations If your ISP gives you explicit DNS server address es see Section 6 3 on page 68 6 6 3 LAN TCP IP The WiMAX Modem has built in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability The LAN parameters of the WiMAX Modem are preset in the factory with the following values P address of 192 168 1 1 with subnet mask of 255 255 255 0 24 bits DHCP server enabled with 32 client IP addresses starting from 192 168 1 33 These parameters should work for the majority of installations If your ISP gives you explicit DNS server address es see Section 6 3 on page 68 User s Guide Chapter 6 The LAN Configuration Screens 6 6 4 DNS Server Address DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a machine before you can access it The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask There are two ways that an ISP disseminates the DNS server addresses The first is for an ISP to tell a customer the DNS server addresses usually in the form of a
265. o a base station Figure 29 Frequency Ranges B C Cc C C C C C C C P In this figure A is the WiMAX frequency range WiMAX frequency range refers to the entire range of frequencies the WiMAX Modem is capable of using to transmit and receive see the Product Specifications appendix for details In the figure B shows the operator frequency range This is the range of frequencies within the WiMAX frequency range supported by your operator service provider The operator range is subdivided into bandwidth steps In the figure each C is a bandwidth step The arrow D shows the WiMAX Modem searching for a connection Have the WiMAX Modem search only certain frequencies by configuring the downlink frequencies Your operator can give you information on the supported frequencies The downlink frequencies are points of the frequency range your WiMAX Modem searches for an available connection Use the Site Survey screen to set these bands You can set the downlink frequencies anywhere within the WiMAX frequency range In this example the downlink frequencies have been set to search all of the operator range for a connection 7 3 2 Configuring Frequency Settings You need to set the WiMAX Modem to scan one or more specific radio frequencies to find an available connection to a WiMAX base station Use the WiMAX Frequency screen to define the radio frequencies to be searched for available wireless connections See Section 7
266. o configure your computer IP address in the KDE Click K Menu gt Computer gt Administrator Settings YaST Figure 126 openSUSE 10 3 K Menu gt Computer Menu a Administrator Settings Install Software a System Information A Home Folder A Ls ZB My Documents rv Network Folders Eu Favorites Applications Computer History Leave User zyxel on linux h20z openSUSE User s Guide Appendix B Setting Up Your Computer s IP Address 2 When the Run as Root KDE su dialog opens enter the admin password and click OK Figure 127 openSUSE 10 3 K Menu Computer Menu Run as root KDE su lay Please enter the Administrator root y password to continue s W Command sbin yast2 Password Ignore 3 When the YaST Control Center window opens select Network Devices and then click the Network Card icon Figure 128 openSUSE 10 3 YaST Control Center YaST Control Center linux h20z File Edit Help D Software FE Hardware E System f d Network Devices ad fal Network Services Novell AppArmor Security and Users Miscellaneous S earch User s Guide Appendix B Setting Up Your Computer s IP Address 4 When the Network Settings window opens click the Overview tab select the appropriate connection Name from the list and then click the Configure button Figure 129 openSUSE 10 3 Network Settings vasr2Glinux h2oz
267. o not Disturb DnD This feature allows you to set your phone not to ring when someone calls you You can set each phone independently using its keypad or configure global settings for all phones using the command line interpreter Auto Dial You can set the WiMAX Modem to automatically dial a specified number immediately whenever you lift a phone off the hook Use the Web Configurator to set the specified number Use the command line interpreter to have the WiMAX Modem wait a specified length of time before dialing the number Phone config The phone config table allows you to customize the phone keypad combinations you use to access certain features on the WiMAX Modem such as call waiting call return call forward etc The phone config table is configurable in command interpreter mode Firmware update enable disable If your service provider uses this feature you hear a recorded message when you pick up the phone when new firmware is available for your WiMAX Modem Enter 99 in your phone s keypad to have the WiMAX Modem upgrade the firmware or enter 99 to not upgrade If your service provider gave you different numbers to use enter them instead If you enter the code to not upgrade you can make a call as normal You will hear the recording again each time you pick up the phone until you upgrade Call waiting This feature allows you to hear an alert when you are already using the phone and another person
268. o restore your previously saved settings User s Guide Chapter 6 The LAN Configuration Screens 6 4 IP Static Route Click ADVANCED gt LAN Configuration gt IP Static Route to look at the static routes configured in the WiMAX Modem Note The first static route is the default route and cannot be modified or deleted Figure 21 Advanced LAN Configuration gt IP Static Route Name Active Destination Gateway Action 1 z en pd gu 2 gui 3 amp i 4 aus Tn amp i 5 Gg uj 6 G tul Apply Rewt J The following table describes the icons in this screen Table 15 Advanced LAN Configuration gt IP Static Route ICON DESCRIPTION g Edit Click to edit this item m Delete Click to delete this item The following table describes the labels in this screen Table 16 Advanced LAN Configuration IP Static Route LABEL DESCRIPTION The number of the item in this list Name This field displays the name that describes the static route Active This field shows whether this static route is active Yes or not No Destination This field displays the destination IP address es that this static route affects Gateway This field displays the IP address of the gateway to which the WiMAX Modem should send packets for the specified Destination The gateway is a router or a switch on the same network segment as the device s LAN or WAN port The
269. o the matching holes on the WiMAX Modem Do not pinch or server the cable connections between the wall mounting chassis the WiMAX Modem 252 User s Guide Chapter 21 Product Specifications 5 Snap the lower chassis hooks into the matching holes on the WiMAX Modem The cable connections should come out either the left or right gaps between the wall mounting chassis and the WiMAX Modem 6 Once you have snapped the wall mounting chassis in place the WiMAX Modem is securely fastened to the wall User s Guide 253 Chapter 21 Product Specifications User s Guide ART Index WiMAX Security 257 Setting Up Your Computer s IP Address Pop up Windows JavaScripts and Java Permissions 289 IP Addresses and Subnetting 299 Importing Certificates 311 SIP Passthrough 343 Common Services 345 Legal Information 349 Customer Support 353 WiMAX Security Wireless security is vital to protect your wireless communications Without it information transmitted over the wireless network would be accessible to any networking device within range User Authentication and Data Encryption PKMv2 The WiMAX IEEE 802 16 standard employs user authentication and encryption to ensure secured communication at all times User authentication is the process of confirming a user s identity and level of authorization Data encryption is the process of encoding
270. odem is not connected to a base station For the WLAN interface it displays the transmission rate when WLAN is enabled or N A when WLAN is disabled Summary Packet Click this link to view port status and packet specific statistics Statistics WiMAX Site Click this link to view details of the radio frequencies used by the Information WiMAX Modem to connect to a base station DHCP Table Click this link to see details of computers to which the WiMAX Modem has given an IP address VoIP Statistics Click this link to view statistics about your VolP usage WiMAX Profile Click this link to view details of the current wireless security settings VoIP Status Account This column displays each SIP account in the WiMAX Modem User s Guide Chapter 19 The Status Screen Table 96 Status continued LABEL DESCRIPTION Registration This field displays the current registration status of the SIP account You have to register SIP accounts with a SIP server to use VoIP If the SIP account is already registered with the SIP server Click Unregister to delete the SIP account s registration in the SIP server This does not cancel your SIP account but it deletes the mapping between your SIP identity and your IP address or domain name The second field displays Registered If the SIP account is not registered with the SIP server Click Register to have the WiMAX Modem attempt to register the SIP acc
271. oes not display for a certification request MD5 Fingerprint This is the certificate s message digest that the WiMAX Modem calculated using the MD5 algorithm SHA1 Fingerprint This is the certificate s message digest that the WiMAX Modem calculated using the SHA1 algorithm Certificate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses lowercase letters uppercase letters and numerals to convert the binary certificate into a printable form You can copy and paste a certification request into a certification authority s web page an e mail that you send to the certification authority or a text editor and save the file on a management computer for later manual enrollment You can copy and paste a certificate into an e mail to send to friends or colleagues or you can copy and paste a certificate into a text editor and save the file on a management computer for later distribution via floppy disk for example Apply Click to save your changes Cancel Click to return to the previous screen without saving your changes User s Guide Chapter 13 The Certificates Screens 13 3 2 Trusted CA Import Click TOOLS gt Certificates gt Trusted CAs and then click Import to open the Trusted CA Import screen Follow the instructions in this screen to save a trusted certification authority s ce
272. oise G 711 provides excellent sound quality but requires 64kbps of bandwidth G 723 is an Adaptive Differential Pulse Code Modulation ADPCM waveform codec Differential or Delta PCM is similar to PCM but encodes the audio signal based on the difference between one sample and a prediction based on previous samples rather than encoding the sample s actual quantized value Many thousands of samples are taken each second and the differences between consecutive samples are usually quite small so this saves space and reduces the bandwidth necessary However DPCM produces a high quality signal high signal to noise ratio or SNR for high difference signals where the actual signal is very different from what was predicted but a poor quality signal low SNR for low difference signals where the actual signal is very similar to what was predicted This is because the level of quantization noise is the same at all signal levels Adaptive DPCM solves this problem by adapting the difference signal s level of quantization according to the audio signal s strength A low difference signal is given a higher quantization level increasing its signal to noise ratio This provides a similar sound quality at all signal levels G 723 provides high quality sound and requires 20 or 40 kbps G 729 is an Analysis by Synthesis AbS hybrid waveform codec It uses a filter based on information about how the human vocal tract produces sounds The codec analy
273. olicy It should never be the only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be implemented within the firewall itself What You Can Do in This Chapter The Firewall Setting screen Section 14 2 on page 170 lets you configure the basic settings for your firewall The Service Setting screen Section 14 3 on page 173 lets you enable service blocking set up the date and time service blocking is effective and to maintain the list of services you want to block What You Need to Know The following terms and concepts may help as you read through this chapter About the WiMAX Modem Firewall The WiMAX Modem firewall is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated The WiMAX Modem s purpose is to allow a private Local Area Network LAN to be securely connected to User s Guide Chapter 14 The Firewall Screens the Internet The WiMAX Modem can be used to prevent theft destruction and modification of data as well as log events which may be important to the security of your network The WiMAX Modem is installed between the LAN and a WiMAX base station connecting to the Internet This allows it to act as a secure gateway for all data passing between the Internet and the LAN The Wi
274. onfiguration Screens The following table describes the labels in this screen Table 24 ADVANCED gt WAN Configuration gt Advanced LABEL DESCRIPTION DNS Servers First Second and Third DNS Server Select Obtained from ISP if your ISP dynamically assigns DNS server information and the WiMAX Modem s WAN IP address Use the drop down list box to select a DNS server IP address that the ISP assigns in the field to the right Select UserDefined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the right If you chose UserDefined but leave the IP address set to 0 0 0 0 UserDefined changes to None after you click Apply If you set a second choice to UserDefined and enter the same IP address the second UserDefined changes to None after you click Apply Select None if you do not want to configure DNS servers You must have another DHCP server on your LAN or else the computers must have their DNS server addresses manually configured If you do not configure a DNS server you must know the IP address of a computer in order to access it RIP amp Multicast Setup RIP Direction Select the RIP direction from None Both I n Only and Out Only RIP Version Select the RIP version from RI P 1 RIP 2B and RI P 2M Multicast IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a multicast group The WiMAX Modem supports bot
275. ontent Filtering The WiMAX Modem can block access to web sites containing specified keywords You can define time periods and days during which content filtering is enabled and include or exclude a range of users on the LAN from content filtering Network Address Network Address Translation NAT allows the translation of Translation NAT an Internet protocol address used within one network for example a private IP address used in a local network to a different IP address known within another network for example a public IP address used on the Internet Universal Plug and Play Your device and other UPnP enabled devices can use the UPnP standard TCP IP protocol to dynamically join a network obtain an IP address and convey their capabilities to each other Dynamic DNS Support With Dynamic DNS support you can have a static hostname alias for a dynamic IP address allowing the host to be more easily accessible from various locations on the Internet You must register for this service with a Dynamic DNS service provider DHCP DHCP Dynamic Host Configuration Protocol allows the individual clients computers to obtain the TCP IP configuration at start up from a centralized DHCP server Your device has built in DHCP server capability enabled by default It can assign IP addresses an IP default gateway and DNS servers to DHCP clients Your device can also act as a surrogate DHCP server DHCP Relay where it relays IP address
276. ory Usage This field displays what percentage of the WiMAX Modem s memory is currently used The higher the memory usage the more likely the WiMAX Modem is to slow down Some memory is required just to start the WiMAX Modem and to run the web configurator You can reduce the memory usage by disabling some services see CPU Usage by reducing the amount of memory allocated to NAT and firewall rules you may have to reduce the number of NAT rules or firewall rules to do so or by deleting rules in functions such as incoming call policies speed dial entries and static routes IVR Usage This field displays what percentage of the WiMAX Modem s IVR memory is currently used IVR Interactive Voice Response refers to the customizable ring tone and on hold music you set Interface Status Interface This column displays each interface of the WiMAX Modem Status This field indicates whether or not the WiMAX Modem is using the interface For the WAN interface this field displays Up when the WiMAX Modem is connected to a WiMAX network and Down when the WiMAX Modem is not connected to a WiMAX network For the LAN interface this field displays Up when the WiMAX Modem is using the interface and Down when the WiMAX Modem is not using the interface Rate For the LAN ports this displays the port speed and duplex setting For the WAN interface it displays the downstream and upstream transmission rate or N A if the WiMAX M
277. ou to use one of the predefined choices A right angle bracket gt within a screen name denotes a mouse click For example TOOLS gt Logs gt Log Settings means you first click Tools in the navigation panel then the Logs sub menu and finally the Log Settings tab to get to that screen Units of measurement may denote the metric value or the scientific value For example k for kilo may denote 1000 or 1024 M for mega may denote 1000000 or 1048576 and so on e g is a Shorthand for for instance and i e means that is or in other words User s Guide Document Conventions Icons Used in Figures Figures in this User s Guide may use the following generic icons The WiMAX Modem icon is not an exact representation of your WiMAX Modem Table 1 Common Icons WiMAX Access Point Computer Wireless Signal Notebook Server WiMAX Base Station EJ Telephone Switch Router Internet Cloud I SES EST Internet WiMAX Cloud User s Guide Safety Warnings Safety Warnings For your safety be sure to read and follow all warning notices and instructions Do NOT use this product near water for example in a wet basement or near a swimming pool Do NOT expose your device to dampness dust or corrosive liquids Do NOT store things on the device Do NOT install use or service this device during a thunderstorm There is a remote risk
278. ount with the SIP server The second field displays the reason the account is not registered Inactive The SIP account is not active You can activate it in VOI CE gt SIP gt SIP Settings Register Fail The last time the WiMAX Modem tried to register the SIP account with the SIP server the attempt failed The WiMAX Modem automatically tries to register the SIP account when you turn on the WiMAX Modem or when you activate it URI This field displays the account number and service domain of the SIP account You can change these in VOICE gt SIP gt SIP Settings 19 2 1 Packet Statistics Click Status gt Packet Statistics to open this screen This read only screen displays information about the data transmission through the WiMAX Modem To configure these settings go to the corresponding area in the Advanced screens Figure 91 Packet Statistics Packet Statistics Port Status TxPkts RxPkts Collisions Tx B s Rx B s Up Time WAN Down 0 0 0 0 0 00 00 00 LAN 100M Full 11091 9262 0 64 593 5 58 17 System Up Time 6 00 02 Poll Interval 500 sec Set Interval User s Guide Chapter 19 The Status Screen The following table describes the fields in this screen Table 97 Packet Statistics LABEL DESCRIPTION Port This column displays each interface of the WiMAX Modem Status This field indicates whether or not the WiMAX Modem is using the interface For the WAN interf
279. our network administrator or ISP assigns your IP address dynamically Select Use the following I P Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced Click OK to close the Internet Protocol TCP IP Properties window Click OK to close the Local Area Connection Properties window Verifying Settings Click Start gt All Programs gt Accessories gt Command Prompt In the Command Prompt window type ipconfig and then press ENTER You can also go to Start gt Control Panel gt Network Connections right click a network connection click Status and then click the Support tab to view your IP address and connection information User s Guide Appendix B Setting Up Your Computer s IP Address Mac OS X 10 3 and 10 4 The screens in this section are from Mac OS X 10 4 but can also apply to 10 3 1 Click Apple gt System Preferences Figure 108 Mac OS X 10 4 Apple Menu C Finder File Edit Vie About This Mac Software Update Mac OS X Software System Preferences Dock Location Recent Items Force Quit Sleep Restart Shut Down 2 Inthe System Preferences window click the Network icon Figure 109 Mac OS X 10 4 System Preferences eo System
280. out 10 seconds Exceed MAX incomplete sent TCP RST The router sent a TCP reset packet when the number of incomplete connections TCP and UDP exceeded the user configured threshold Incomplete count is for all TCP and UDP connections through the firewall Note When the number of incomplete connections TCP UDP gt Maximum Incomplete High the router sends TCP RST packets for TCP connections and destroys TOS firewall dynamic sessions until incomplete connections lt Maximum Incomplete Low Access block sent TCP RST The router sends a TCP RST packet and generates this log if you turn on the firewall TCP reset mechanism via Cl command sys firewall tcprst Table 83 Packet Filter Logs LOG MESSAGE DESCRIPTION TCP UDP ICMP IGMP Generic packet filter matched set d rule d Attempted access matched a configured filter rule denoted by its set and rule number and was blocked or forwarded according to the rule User s Guide 207 Chapter 18 The Logs Screens For type and code details see Table 90 on page 211 Table 84 ICMP Logs LOG MESSAGE DESCRIPTION Packet Direction lt rule d gt type d lt code d gt Firewall default policy ICMP CMP access matched the default policy and was Packet Direction type d blocked or forwarded according to the user s code d setting Firewall rule NOT match
281. pace is almost full you should consider deleting expired or unnecessary certificates before adding more certificates The number of the item in this list Name This field displays the name used to identify this certificate Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information User s Guide Chapter 13 The Certificates Screens Table 56 TOOLS gt Certificates gt Trusted CAs continued LABEL DESCRIPTION Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or company and country With self signed certificates this is the same information as in the Subject field Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Expiring or Expired message if the certificate is about to expire or has already expired CRL Issuer This field displays Yes if the certification authority issues CRL Certificate Revocation Lists for the cer
282. pass through the firewall User s Guide Chapter 18 The Logs Screens Table 87 Content Filtering Logs LOG MESSAGE DESCRIPTION 851 Keyword blocking The content of a requested web page matched a user defined keyword Not in trusted web LISE The web site is not in a trusted domain and the router blocks all traffic except trusted domain sites Forbidden Web site Ss The web site is in the forbidden web site list Contains ActiveX 9 The web site contains ActiveX o s Contains Java applet The web site contains a Java applet Contains cookie Ss The web site contains a cookie Ss Proxy mode detected The router detected proxy mode in the packet Trusted Web site Ss The web site is in a trusted domain oe S When the content filter is not on according to the time schedule Waiting content filter server timeout The external content filtering server did not respond within the timeout period DNS resolving failed The WiMAX Modem cannot get the IP address of the external content filtering via DNS query Creating socket failed The WiMAX Modem cannot issue a query because TCP UDP Socket creation failed port port number Connecting to content filter server fail The connection to the external content filtering server failed License key is invalid The external content filtering license key i
283. pecially peer to peer applications 4 Disconnect and re connect the power adapter to the WiMAX Modem 5 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions The Internet connection disconnects 1 Check your WiMAX link and signal strength using the WiMAX Link and Strength I ndicator LEDs on the device 2 Contact your ISP if the problem persists 20 4 Phone Calls and VoIP The telephone port won t work or the telephone lacks a dial tone User s Guide 233 Chapter 20 Troubleshooting 1 Check the telephone connections and telephone wire 2 Make sure you have the VOICE gt Service Configuration gt SIP Settings screen properly configured Chapter 10 on page 111 can access the Internet but cannot make VolP calls 1 Make sure you have the VOICE Service Configuration SIP Settings screen properly configured Chapter 10 on page 111 2 The VolP LED should come on Make sure that your telephone is connected to the Vol P port see the Quick Start Guide for information on connecting telephone cables to the these ports 3 You can also check the VoIP status in the Status screen 4 Ifthe VoIP settings are correct use speed dial to make peer to peer calls If you cannot make a call using speed dial there may be something wrong with the SIP server Contact your VoIP service provider Problems With Multiple SIP Accounts You can
284. persed locations to other networks or the Internet A WAN configuration can include switched and permanent telephone circuits terrestrial radio systems and satellite systems 7 1 1 What You Can Do in This Chapter The Internet Connection screen Section 7 2 on page 80 lets you set up your WiMAX Modem s Internet settings The WiMAX Configuration screen Section 7 3 on page 82 lets set up the frequencies used by your WiMAX Modem The Antenna Selection screen Section 7 4 on page 86 to switch between the WiMAX Modem s internal antenna and the external antennas MAX 216M1R plus only other models do not support this option The Advanced screen Section 7 5 on page 87 lets configure your DNS server RIP Multicast and Windows Networking settings 7 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter WiMAX WiMAX Worldwide Interoperability for Microwave Access is the IEEE 802 16 wireless networking standard which provides high bandwidth wide range wireless service across wireless Metropolitan Area Networks MANs ZyXEL is a member of the WiMAX Forum the industry group dedicated to promoting and certifying interoperability of wireless broadband products In a wireless MAN a wireless equipped computer is known either as a mobile station MS or a subscriber station SS Mobile stations use the IEEE 802 16e standard and are able to maintain connectivity while switching
285. pher strength 256 bits used of a 256 bit cipher Cryptography Configuration User s Guide 337 Appendix E Importing Certificates Installing a Stand Alone Certificate File in Konqueror Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Double click the public key certificate file Figure 193 Konqueror 3 5 Public Key Certificate File 2 Inthe Certificate Import Result Kleopatra dialog box click OK Figure 194 Konqueror 3 5 Certificate Import Result lg Certificate Import Result Kleop Detailed results of importing CA der ed Total number processed 1 Imported 1 The public key certificate appears in the KDE certificate manager Kleopatra Figure 195 Konqueror 3 5 Kleopatra Kleopatra File View Certificates CRLs Tools Settings Help search ______________________ ntecalcerestes Subject Issuer Serial CN 10R CA 1 PN O Bundesnetzagentur C CN 10R CA 1 PN O B 2A CN 11R CA 1 PN O Bundesnetzagentur C CN 11R CA 1 PN O B 2D CN2172 20 37 202 0U XYZ200 0 ZyXEL CN 172 20 37 202 0 CN 6R Ca 1 PN NAMEDISTINGUISHER 1 0 CN 6R Ca 1 PN NAME CN 7R CA 1 PN NAMEDISTINGUISHER 1 0 CN 7R CA 1 PN NAME CN 8R CA 1 PN O Regulierungsbeh rde f CN 8R CA 1 PN O Re 01 CN 9R CA 1 PN O Regulierungsbeh rde f C
286. pport tab to view your IP address and connection information User s Guide Appendix B Setting Up Your Computer s IP Address Windows Vista This section shows screens from Windows Vista Professional 1 Click Start gt Control Panel Figure 101 Windows Vista Start Menu Dr eye 7 0 Professional Connect To ES Media Player Classic gt All Programs ae Se 7 2 Inthe Control Panel click the Network and Internet icon Figure 102 Windows Vista Control Panel Fere ees g gt Control Panel v 5 l Pp File Edit View Tools Help Control Panel Home Vues System and Maintenance User Accounts SIC EM Get started with Windows e Change account type Back up your computer R Appearance and Security a Pesara us em Personalization Check for updates 2 Change desktop background Allow a program through Windows 7 Firewall Change the color scheme Adjust screen resolution etwork and Internet Connect to the Internet Clock Language and Region View network status and tasks I Change keyboards or other input methods Set up file sharin is Change display language 3 Click the Network and Sharing Center icon Figure 103 Windows Vista Network And Internet Qu E Control Panel p Network and Internet p v 4 Search P File Edit View Tools Help Control Panel Home i Network and Sharing Center aa 2d Mnect to
287. previously saved settings Advanced Setup Click this to edit the advanced settings for this phone port The Advanced Analog Phone Setup screen appears 11 2 1 Advanced Analog Phone Setup Click the Advanced button in VOICE gt Phone gt Analog Phone to edit advanced settings for each phone port Figure 54 VOIC E Phone Analog Phone Advanced Speaking Volume Listening Volume Echo Cancellation G 168 Active Dialing Interval Sele C VAD Support Voice Volume Control Dialing Interval Select l Min 1 Min ct 3 wl User s Guide Chapter 11 The Phone Screens The following table describes the labels in this screen Table 42 VOICE gt Phone gt Analog Phone gt Advanced LABEL DESCRIPTION Voice Volume Control Speaking Enter the loudness that the WiMAX Modem uses for speech that it sends Volume to the peer device 14 is the quietest and 14 is the loudest Listening Enter the loudness that the WiMAX Modem uses for speech that it Volume receives from the peer device 14 is the quietest and 14 is the loudest Echo Cancellation G 168 Active Select this if you want to eliminate the echo caused by the sound of your voice reverberating in the telephone receiver while you talk Dialing Interval Select Dialing Interval Enter the number of seconds the WiMAX Modem should wait after you Select stop dialing numbers before it makes th
288. ps below to configure your computer IP address in GNOME 276 User s Guide Appendix B Setting Up Your Computer s IP Address 1 Click System Administration Network Ww Preferences Help ands z E Hardware Drivers elp and Support n Hardware Testing About GNOME Language Support G About Ubuntu m sus m 53 Network Tools 2 When the Network Settings window opens click Unlock to open the Authenticate window By default the Unlock button is greyed out until clicked You cannot make changes to your configuration unless you first enter your admin password Figure 120 Ubuntu 8 Network Settings Connections Fal ISSUES Settings x Location lt Connections General DNS Hosts Eg ds Properties Point to point connec This network interface is not c User s Guide 277 Appendix B Setting Up Your Computer s IP Address 3 Inthe Authenticate window enter your admin account name and password then click the Authenticate button Figure 121 Ubuntu 8 Administrator Account Authentication e Authenticate x gt System policy prevents modifying the configuration An application is attempting to perform an action that requires privileges Authentication as one of the users below is required to perform this action amp CJ chris gt Details 4 Inthe Network Settings window select the conne
289. pts and Java Permissions 5 Click OK to close the window Figure 140 Security Settings Java Security Settings Settings Q Disable 9 Enable 3 Font download Disable 9 Enable p Prompt 3 Microsoft VM 3 Java permissions custom Qora Jav 9 High safety Q Low safety m Reset custom settings j Reset to Medium Reset TN JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions 3 Click OK to close the window Figure 141 Java Sun General Security Privacy Content Connections Programs Advanced Settings O Use inline AutoComplete O Use Passive FTP for firewall and DSL modem compatibility i Use smooth scrolling HTTP 1 1 settings v Use HTTP 1 1 O Use HTTP 1 1 through proxy connections 2 Java E d Use Java 2 141 07 fr copo equites eii 2 v1 4 1 07 for d Use Java 2 141 07 fr copo equites eii requires restart 5 Microso se Java m enabled requires restart O Java logging enabled JIT compiler for virtual machine enabled requires restart Multimedia O Always show Internet Explorer 5 0 or later Radio toolbar O Don t display online media content in the media bar Enable Automatic Image Resizing Mozilla Firefox A 2 gt Restore Def
290. r User s Guide Appendix A WiMAX Security the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access Diameter Diameter RFC 3588 is a type of AAA server that provides several improvements over RADIUS in efficiency security and support for roaming Security Association The set of information about user authentication and data encryption between two computers is known as a security association SA In a WiMAX network the process of security association has three stages Authorization request and reply The MS SS presents its public certificate to the base station The base station verifies the certificate and sends an authentication key AK to the MS SS Key request and reply The MS SS requests a transport encryption key TEK which the base station generates and encrypts using the authentication key Encrypted traffic The MS SS decrypts the TEK using the authentication key Both stations can now securely encrypt and decrypt the data flow CCMP All traffic in a WiMAX network is encrypted using CCMP Counter Mode with Cipher Block Chaining Message Authentication Protocol CCMP is based on the 128 bit Advanced Encryption Standard AES algorithm Counter mode refers to the encryption of each block of plain text with an arbitrary number known as the counter This number changes each time a block of plain text is encrypted
291. r Click Continue Figure 190 Konqueror 3 5 Server Authentication 3X Server Authentication Konqueror The server certificate failed the authenticity test 172 20 37 202 x cancel Click Forever when prompted to accept the certificate Figure 191 Konqueror 3 5 Server Authentication 3X Server Authentication Konqueror Would you like to accept this certificate forever without being prompted Eorever User s Guide Appendix E Importing Certificates 4 Click the padlock in the address bar to open the KDE SSL Information window and view the web page s security details Figure 192 Konqueror 3 5 KDE SSL Information amp J amp KDE SSL Information Konqueror Current connection is secured with SSL Chain Peer certificate Issuer Organization ZyXEL Organization ZyXEL Organizational unit XYZ200 Organizational unit XYZ200 Country Us Country US Common name 172 23 37 202 Common name 172 23 37 202 IP address 172 23 37 202 URL https 172 23 37 202 loginwrap html Certificate state Certificate is self signed and thus may not be trustworthy Valid from Wednesday 21 May 2008 06 42 35 am GMT Valid until Saturday 21 May 2011 06 42 35 am GMT Serial number 11139321193569894228 MD5 digest 3F 9A 76 6E A9 F5 07 41 BE 4C 8B 8B A2 D3 F0 2F Cipher in use DHE RSA AES256 SHA Details DHE RSA AES256 SHA SSLv3 Kx DH Au RSA Enc AES 256 Mac SHA1 SSL version TLSv1 SSLv3 Ci
292. r WiMAX Modem replies with an ICMP Port Unreachable packet for a port probe on unused UDP ports and with a TCP Reset packet for a port probe on unused TCP ports Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide Chapter 16 The Remote Management Screens 16 8 TRO 69 TR 069 is an abbreviation of Technical Reference 069 a protocol designed to facilitate the remote management of Customer Premise Equipement CPE such as the WiMAX Modem It can be managed over a WAN by means of an Auto Configuration Server ACS TR 069 is based on sending Remote Procedure Calls RPCs between the ACS and the client device RPCs are sent in Extensible Markup Language XML format over HTTP or HTTPS An administrator can use an ACS to remotely set up the WiMAX Modem modify its settings perform firmware upgrades and monitor and diagnose it In order to do so you must enable the TR 069 feature on your WiMAX Modem and then configure it appropriately The ACS server which it will use must also be configured by its administrator Figure 83 TR 069 Example In this example the WiMAX Modem receives data from at least 3 sources A SIP server for handling voice calls an HTTP server for handling web services and an ACS for configuring the WiMAX Modem remotely All three servers are owned and operated by the client s Internet Service Provider However without the configuration settings from the ACS
293. r account Choose from the following user authentication methods TTLS Tunnelled Transport Layer Security TLS Transport Layer Security Note Not all WiMAX Modems support TLS authentication Check with your service provider for details TTLS Inner EAP This field displays the type of secondary authentication method Once a secure EAP TTLS connection is established the inner EAP is the protocol used to exchange security information between the mobile station the base station and the AAA server to authenticate the mobile station See the WiMAX security appendix for more details This field is available only when TTLS is selected in the Authentication field The WiMAX Modem supports the following inner authentication types CHAP Challenge Handshake Authentication Protocol MSCHAP Microsoft CHAP e MSCHAPV2 Microsoft CHAP version 2 PAP Password Authentication Protocol Auth Mode Select the authentication mode from the drop down list box This field is not available in all WiMAX Modems Check with your service provider for details The WiMAX Modem supports the following authentication modes User Only Device Only with Cert e Certs and User Authentication Certificate This is the security certificate the WiMAX Modem uses to authenticate the AAA server Use the TOOLS gt gt Trusted CAs screen to import certificates to the WiMAX Modem WAN IP Address Assignment User s Gu
294. r choice that will never change instead of using an IP address that changes each time you reconnect Your friends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key Enabling the wildcard feature for your host causes yourhost dyndns org to be aliased to the same IP address as yourhost dyndns org This feature is useful if you want to be able to use for example www yourhost dyndns org and still reach your hostname Note If you have a private WAN IP address then you cannot use Dynamic DNS User s Guide Chapter 9 The System Configuration Screens Click ADVANCED gt System Configuration gt Dynamic DNS to set up the WiMAX Modem as a dynamic DNS client Figure 41 ADVANCED gt System Configuration gt Dynamic DNS Dynamic DNS Setup C Enable Dynamic DNS Service Provider Dynamic DNS Type Host Name User Name Password C Enable Wildcard Option CI Enable off line option Only applies to custom DNS IP Address Update Policy 9 Use WAN IP Address Dynamic DNS server auto detect IP Address Use specified IP Address WWW DynDNS ORG Dynamic DNS Ni The following table describes the labels in t
295. r icon to determine the quality of your network connection Disconnected Indicates that the WiMAX Modem is not connected to the WiMAX network DL SYN Indicates a download synchronization is in progress This means the firmware is checking with the server for any updates or settings alterations User s Guide Chapter 2 Introducing the Web Configurator Table 4 Main continued LABEL DESCRIPTION Software Version This field indicates the version number of the WiMAX Modem s firmware The version number takes the form of Version Build release status candidate Version Release Date For example V3 60 BCC 0 c4 07 08 2008 indicates that the firmware is 3 60 build BCC 0 candidate4 released on July 08 2008 Version Date This field indicates the exact date and time the current firmware was compiled System Uptime This field indicates how long the WiMAX Modem has been on This resets every time you shut the device down or restart it WiMAX Uptime This field indicates how long the WiMAX Modem has been connected to the WiMAX network This resets every time you disconnect from the WiMAX network shut the device down or restart it Voice 1 This field indicates the number and receiver status of the first voice account User s Guide Chapter 2 Introducing the Web Configurator User s Guide Internet Connection Wizard 3 1 Overview This chap
296. r to access the WiMAX Modem using this service Choose Selected to just allow the computer with the IP address that you specify to access the WiMAX Modem using this service Apply Click to save your changes Reset Click to restore your previously saved settings 16 6 DNS Click TOOLS gt Remote Management gt DNS to access this screen Use this screen to control DNS access to your WiMAX Modem Figure 81 TOOLS Remote Management DNS Server Port 53 Server Access LAN amp WAN v Secured Client IP Address 9 Al Selected 0 0 0 0 The following table describes the labels in this screen Table 69 TOOLS gt Remote Management gt DNS LABEL DESCRIPTION Server Port This field is read only This field displays the port number this service uses to access the WiMAX Modem The computer must use the same port number Server Access Select the interface s through which a computer may access the WiMAX Modem using this service Secured Client Select All to allow any computer to access the WiMAX Modem using this IP Address service Select Selected to only allow the computer with the IP address that you specify to access the WiMAX Modem using this service Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide Chapter 16 The Remote Management Screens 16 7 Security Click TOOLS gt Remo
297. rams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 Timestamp User s Guide Chapter 18 The Logs Screens Table 90 ICMP Notes continued TYPE CODE DESCRIPTION 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Table 91 SIP Logs LOG MESSAGE DESCRIPTION SIP Registration Success by SIP SIP Phone Number The listed SIP account was successfully registered with a SIP register server SIP Registration Fail by SIP SIP Phone Number An attempt to register the listed SIP account with a SIP register server was not successful SIP UnRegistration Success by SIP SIP Phone Number The listed SIP account s registration was deleted from the SIP register server SIP UnRegistration Fail by SIP SIP Phone Number An attempt to delete the listed SIP account s registration from the SIP register server failed Table 92 RTP Logs LOG MESSAGE DESCRIPTION Error RTP init fail The initialization of an RTP session failed Error Call
298. re your previously saved settings 16 4 FTP Click TOOLS Remote Management FTP to control FTP access to your WiMAX Modem Figure 78 TOOLS gt Remote Management gt FTP Server Port 21 Server Access LAN amp WAN Secured Client IP Address 9 Al Selected 0 0 0 0 User s Guide Chapter 16 The Remote Management Screens The following table describes the labels in this screen Table 66 TOOLS gt Remote Management gt FTP LABEL DESCRIPTION Server Port Enter the port number this service can use to access the WiMAX Modem The computer must use the same port number Server Access Select the interface s through which a computer may access the WiMAX Modem using this service Secured Client Select All to allow any computer to access the WiMAX Modem using this P Address service Select Selected to only allow the computer with the IP address that you specify to access the WiMAX Modem using this service Apply Click to save your changes Reset Click to restore your previously saved settings 16 5 SNMP An SNMP managed network consists of two main types of component agents and a manager Figure 79 SNMP Management Model MANAGER Managed Device Managed Device Managed Device An agent is a management software module that resides in a managed device the WiMAX Modem An agent translates the local management information from the mana
299. rection field controls the sending and receiving of RIP packets When set to Both the WiMAX Modem will broadcast its routing table periodically and incorporate the RIP information that it receives n Only the WiMAX Modem will not send any RIP packets but will accept all RIP packets received Out Only the WiMAX Modem will send out RIP packets but will not accept any RIP packets received User s Guide Chapter 6 The LAN Configuration Screens None the WiMAX Modem will not send any RIP packets and will ignore any RIP packets received The Version field controls the format and the broadcasting method of the RIP packets that the WiMAX Modem sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting 6 6 6 Multicast Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry user data
300. riangle Route Problem Lui eia dac veni vs ene ornat Perna aka 175 Chapter 15 n A A Y O 179 jose 1 ty gee pecs erent Petes pce remit a 179 1511 What You Cam Dein This Chapter us eere Ma en Rebel etia 179 dg gae mE 180 To 5 ipo mee 182 Chapter 16 The Remote Management Screens eeeeeeeeeeeseeeees esiste enne nenne nnne annu nnmnnn nnmnnn nna 183 UU ELE ota at oie ene ETT CT OUT 183 User s Guide 15 Table of Contents 16 1 1 What You Can Do in This DESDE aiiis berg eie aqoa Na epo nga rnc aaa ra ead 183 IO L8 wena TOU NEEG tO ROME 2usdaecuscdpaixsaa ua eed ud bue fita are ud un cuivre E RERA 184 joi b s cs ep 185 J Nr p pass cs M 186 IS EE TEE icem teo teu tomi tits ust e ED LM M IU AE tU Te E Ead 186 T POPU Aem T 187 oUm NT Pep ES 188 10 5 2 SIME ODORE usb edita tedislec Ubi eb Epid a qudd Lt nda ora terre rr 189 ps qs RENT LT D I UNUTNMUTEMT 190 ae el IE E r mere I E Trtr 191 TO WHOS p 192 Chapter 17 I I E 195 pWwBe s y NI TENUTI E 195 REAGEC D E 195 PS lS eB a T 196 13 93 lee OT AID Gi oa iibi vobia dca nada amor d
301. rk Number and Host ID oui queixn Rida ve RO REERERREDREEM UI d AER RE du KR a va dex 300 Figure 145 Subnetting Example Before Subnetting sess 303 Figure 146 Subnefling Example After SUDROli f iuuentutis tte ER ck sannana ca Rus EEeEa 304 Figure 147 Conflicting Computer IP Addresses Example sss 309 Figure 148 Conflicting Computer IP Addresses Example sss 309 Figure 149 Conflicting Computer and Router IP Addresses Example sse 310 Figure 150 Internet Explorer 7 Certification Emr 2 encuentras kann nah pna Knie cech aka 312 Figure 151 Intemet Explorer 7 Certification Emon sssrinin 312 Figure 152 Internet Explorer 7 Certificate EITOF Liuius rn tnnt en rk kin or i a Ha 313 Figure 153 Iimternet Explorer 7 Crime Liesciieiedostex viddebbt e ioen iia UA dae Ere EY abb EE eni 313 Figure 154 Internet Explorer 7 Certificate Import Wizard sessssssssseeneeeeenennn 314 Figure 155 Internet Explorer 7 Certificate Import Wizard sessssssssssseneenennnenn 314 Figure 156 Internet Explorer 7 Certificate Import Wizard sssssseseeneeenennnenn 315 Figure 157 Internet Explorer 7 Select Certificate Store ssssssssseeeenee 315 Figure 158 Internet Explorer 7 Certificate Import Wizard esesssssssssssseeeeneneeenn 316 Figure 159 Internet Explorer 7 Security Warming acu
302. rnet connection Click the Close button to close the ZyXEL Setup Wizard and go to the main web configurator screen Laose This screen displays if your SIP account registration was successful User s Guide PART Il Basic Screens The Setup Screens 5 1 Overview Use these screens to configure or view LAN DHCP Client and WAN settings 5 1 1 What You Can Do in This Chapter The Set IP Address screen Section 5 2 on page 58 lets you configure the WiMAX Modem s IP address and subnet mask The DHCP Client screen Section 5 3 on page 59 to view connection information for clients configured by the WiMAX Modem s internal DHCP server The Time Setting screen Section 5 4 on page 60 lets you configure your WiMAX Modem s time and date keeping settings 5 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter LAN A Local Area Network or a shared communication system to which many computers are attached A LAN as its name implies is limited to a local area such as a home or office environment LANs have different topologies the most common being the linear bus and the star configuration IP Address P addresses identify individual devices on a network Every networking device including computers servers routers printers etc needs an IP address to communicate across the network These networking devices are also known as hosts Subnet Mask The
303. rs to obtain the TCP IP configuration at start up from a centralized DHCP server Your device has built in DHCP server capability enabled by default It can assign IP addresses an IP default gateway and DNS servers to DHCP clients Your device can also act as a surrogate DHCP server DHCP Relay where it relays IP address assignment from the actual real DHCP server to the clients IP Alias IP alias allows you to partition a physical network into logical networks over the same Ethernet interface Your device supports three logical LAN interfaces via its single physical Ethernet interface with the your device itself as the gateway for each LAN network Multiple SIP Accounts You can configure multiple voice SIP accounts SIP ALG Your device is a SIP Application Layer Gateway ALG It allows VoIP calls to pass through NAT for devices behind it such as a SIP based VoIP software application on a computer Dynamic Jitter Buffer The built in adaptive buffer helps to smooth out the variations in delay jitter for voice traffic up to 60 ms This helps ensure good voice quality for your conversations Voice Activity Detection Silence Suppression Voice Activity Detection VAD reduces the bandwidth that a call uses by not transmitting when you are not speaking Comfort Noise Generation Your device generates background noise to fill moments of silence when the other device in a call stops transmitting bec
304. rtificate from a computer to the WiMAX Modem The WiMAX Modem trusts any valid certificate signed by any of the imported trusted CA certificates Note You must remove any spaces from the certificate s filename before you can import the certificate Figure 65 TOOLS gt Certificates gt Trusted CAs gt Import Import Please specify the location of the certificate file to be imported The certificate file must be in one of the following formats e Binary X 509 e PEM Base 64 encoded X 509 e Binary PKCS 7 e PEM Base 64 encoded PKCS 7 e Binary PKCS 12 e PEM Base 64 encoded PKCS 12 For my certificate importation to be successful a certification request corresponding to the imported certificate must already exist on WiMAX CPE After the importation the certification request will automatically be deleted File Path Browse The following table describes the labels in this screen Table 58 TOOLS gt Certificates gt Trusted CAs Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it Choose Click to find the certificate file you want to upload Apply Click to save your changes Cancel Click to return to the previous screen without saving your changes 13 4 Technical Reference The following section contains additional technical information about the WiMAX Modem features described in this chapter
305. s a client computer get e mail from a POP3 server through a temporary connection TCP IP or other User s Guide Appendix G Common Services Table 125 Commonly Used Services continued NAME PROTOCOL PORT S DESCRIPTION PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP TUNNEL User Defined 47 PPTP Point to Point Tunneling GRE Protocol enables secure transfer of data over public networks This is the data channel RCMD TCP 512 Remote Command Service REAL AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login RTELNET TCP 107 Remote Telnet RTSP TCP UDP 554 The Real Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 Simple File Transfer Protocol SMTP TCP 25 Simple Mail Transfer Protocol is the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for use with the SNMP RFC 1215 SQL NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems including mainframes midrange systems UNIX sy
306. s invalid For type and code details see Table 90 on page 211 Table 88 Attack Logs LOG MESSAGE DESCRIPTION attack TCP UDP IGMP The firewall detected a TCP UDP I GMP ESP GRE OSPF ESP GRE OSPF attack attack ICMP type d The firewall detected an ICMP attack code d land TCP UDP IGMP The firewall detected a TCP UDP I GMP ESP GRE OSPF ESP GRE OSPF land attack land ICMP type d The firewall detected an ICMP land attack code d ip spoofing WAN TCP The firewall detected an IP spoofing attack on the WAN UDP IGMP ESP GRE port OSPF User s Guide Chapter 18 The Logs Screens Table 88 Attack Logs continued LOG MESSAGE DESCRIPTION code d ip spoofing WAN ICMP The firewall detected an ICMP IP spoofing attack on the type d code d WAN port icmp echo ICMP The firewall detected an ICMP echo attack type d code d syn flood TCP The firewall detected a TCP syn flood attack ports scan TCP The firewall detected a TCP port scan attack teardrop TCP The firewall detected a TCP teardrop attack teardrop UDP The firewall detected an UDP teardrop attack teardrop ICMP type 3d The firewall detected an ICMP teardrop attack illegal command TCP The firewall detected a TCP illegal command attack NetBIOS TCP The firewall detected a TCP NetBIOS attack ip spoofing entry
307. s is your first time using the web configurator we suggest that you use this mode Use the Advanced mode if you want to configure all possible settings for your device Go to Wizard setup Go to Advanced setup Note For security reasons the WiMAX Modem automatically logs you out if you do not use the Web Configurator for five minutes If this happens log in again User s Guide Chapter 2 Introducing the Web Configurator 2 1 2 The Reset Button 2 1 2 1 If you forget your password or cannot access the web configurator you will need to use the Reset button to reload the factory default configuration file This means that you will lose all configurations that you had previously and the password will be reset to 1234 Using The Reset Button Make sure the Power light is on not blinking To set the device back to the factory default settings press the Reset button for ten seconds or until the Power light begins to blink and then release it When the Power light begins to blink the defaults have been restored and the device restarts Reconfigure the WiMAX Modem following the steps in your Quick Start Guide User s Guide Chapter 2 Introducing the Web Configurator 2 2 The Main Screen When you first log into the web configurator and by pass the wizard the Main screen appears Here you can view a summary of your WiMAX Modem connection status This is also the default home page for the ZyXEL web confi
308. sa ine perte bie ercee b tbe ee etd tte cousine rue to Ent cnr n EOS 316 Figure 160 Internet Explorer 7 Certificate Import Wizard ssssessseeneeennen n 317 Figure 161 Internet Explorer 7 Website Identification eeeeseseseeeeeeeeeenne 317 Figure 162 Internet Explorer 7 Public Key Certificate File sssessessseeeeneeeeen 318 Figure 163 Internet Explorer 7 Open File Security Warning essseeeeeeen 318 Figure 164 Intemet Explorer 7 Tools Menu 251irrro dette dea qae ott dq d quB rpta QUIS UP tnt adl aa 319 Figure 165 Internet Explorer 7 Intemat ODDS ss capri nire xar cdd dac e a c CLR D RR i 319 Figure 166 Internet Explorer 7 Certificates ssssssssssssssseseeseesee nennen enne three 320 Figure 167 Intermet Explorer TCI CBE S rroaren aaeanoa nuca EE nOn pp Rs PN EE DEREN CLER 320 22 User s Guide List of Figures Figure 168 Internet Explorer 7 Root Certificate Store sessssssssssseseeeeeee enne 320 Figure 169 Firefox 2 Website Certified by an Unknown Authority sse 322 Figure 170 Freio 2 Page Mio c 323 PS 171 PIX 2 TO MI aA 324 Pius 17a A Sh NE adeb tati Er Cete PRG Rad du dco eise ra tcs en bope vau aate ord OR Det OB Ped 324 Figure 173 Firefox 2 Ceribonto Managet 12cm uou telen uitae nici t aa AEA 325 EU iroi Ue 0 uj RN ES 325 Foue 173 Frelo 2 DoS MonU pee nin tadatdsan
309. sal Controls Update Access User s Guide 273 Appendix B Setting Up Your Computer s IP Address 3 When the Network preferences pane opens select Ethernet from the list of available connection types Figure 116 Mac OS X 10 5 Network Preferences gt Ethernet eoo Network Location Automatic E 3 A e Internal Modem us Not Connected Status Not Connected The cable for Ethernet is connected but bim AD your computer does not have an IP address Not Connected Ethernet ZN Noc iera lt Configure Using DHCP B FireWire Not Connected e AirPort Off DNS Server Search Domains 802 1X WPA ZyXELO4 M id Click the lock to prevent further changes Apply 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings do the following From the Configure list select Manually In the IP Address field enter your IP address n the Subnet Mask field enter your subnet mask 274 User s Guide Appendix B Setting Up Your Computer s IP Address n the Router field enter the IP address of your WiMAX Modem Figure 117 Mac OS X 10 5 Network Preferences Ethernet ec r Location Automatic E e Internal Modem QS Not Connected Status Not Connected The cable for Ethernet is connected but PPPoE Qe your computer does not have an IP address Not Connected Ethernet f ane IP Address
310. send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage 8 Continue to this website not recommended More information 2 Click Continue to this website not recommended Figure 151 Internet Explorer 7 Certification Error Q Continue to this website not recommended User s Guide Appendix E Importing Certificates 3 Inthe Address Bar click Certificate Error gt View certificates Figure 152 Internet Explorer 7 Certificate Error v ER Certificate Error Q Certificate Invalid The security certificate presented by this website has errors This problem may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage About certificate errors View certificates 4 Inthe Certificate dialog box click I nstall Certificate Figure 153 Internet Explorer 7 Certificate Certificate I General Details Certification Path Certificate Information This CA Root certificate is not trusted To enable trust install this certificate in the Trusted Root Certification Authorities store Issued to nsa2401 Issued by nsa2401 Valid from 5 20 2008 to 5 20 2011 User s Guide Appendix E Importing Certificates 5 In the Certificate Import Wizard click Next Figure 154 Internet Explorer 7 Certificate Import
311. ser agent client to initiate a call A and B can also both act as a SIP user agent to receive the call Figure 49 SIP User Agent SIP Proxy Server A SIP proxy server receives requests from clients and forwards them to another server In the following example you want to use client device A to call someone who is using client device C The client device A in the figure sends a call invitation to the SIP proxy server B User s Guide Chapter 10 The Service Configuration Screens 2 The SIP proxy server forwards the call invitation to C Figure 50 SIP Proxy Server 10 4 5 SIP Redirect Server A SIP redirect server accepts SIP requests translates the destination address to an IP address and sends the translated P address back to the device that sent the request Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server Redirect servers do not initiate SIP requests In the following example you want to use client device A to call someone who is using client device C 1 Client device A sends a call invitation for C to the SIP redirect server B 2 The SIP redirect server sends the invitation back to A with C s IP address or domain name User s Guide 125 Chapter 10 The Service Configuration Screens 3 Client device A then sends the call invitation to client device C Figure 51 SIP Redirect Server
312. set up two SIP accounts on your WiMAX Modem By default your WiMAX Modem uses SIP account 1 for outgoing calls and it uses SIP accounts 1 and 2 for incoming calls With this setting you always use SIP account 1 for your outgoing calls and you cannot distinguish which SIP account the calls are coming in through If you want to control the use of different dialing plans for accounting purposes or other reasons you need to configure your phone port in order to control which SIP account you are using when placing or receiving calls 20 5 Reset the WiMAX Modem to Its Factory Defaults If you reset the WiMAX Modem you lose all of the changes you have made The WiMAX Modem re loads its default settings and the password resets to 1234 You have to make all of your changes again User s Guide Chapter 20 Troubleshooting You will lose all of your changes when you push the Reset button To reset the WiMAX Modem 1 Make sure the Power LED is on and not blinking 2 Press and hold the Reset button for five to ten seconds Release the Reset button when the Power LED begins to blink The default settings have been restored If the WiMAX Modem restarts automatically wait for the WiMAX Modem to finish restarting and log in to the web configurator The password is 1234 If the WiMAX Modem does not restart automatically disconnect and reconnect the WiMAX Modem s power Then follow the directions above again 20 5 1 Pop up Windows
313. sia ducenda beskz bua Fes ads aad i pag ence K vae ed bn KE 133 Table 45 European Type Flash Key Commands esses eene nenne nennen nnn nennen 134 Table 46 USA Type Flash Key CODI SIOS 1r i per eite ace ae Rex ci Erie Dd ve ded ER Red 136 Table 47 VOICE Phone Book Incoming Call PoliQy usce ceret tnn centu ned tinae nanc 140 Table 48 Advanced LAN Configuration gt IP Static Route ssssssseseeeeeeennnnetn 142 Table 48 VOICE gt Phone Book Speed Dial i mta sni oi E rbd n ep a t ed 143 Table 50 TOOLS gt Certificates gt My Certificates cissccccesscecsecsdetscneracecccsetecsdoicssetatssedactiasisiccnebetevesstnersis 148 Table 51 TOOLS gt Certificates My Certifigales ies cancer inaa aiaei 148 Table 52 TOOLS gt Certificates gt My Certificates gt Create sssssssssssseseeeeennnete 151 Table 53 TOOLS gt Certificates gt My Certificates gt Edit 154 Table 54 TOOLS gt Certificates gt My Certificates gt Import 157 Tabie 55 TOOLS Certificates gt TUSE CAS saiisine aa Ende daa kn prata 158 Table 56 TOOLS gt Certificates Trusted CAS iucundeecsuteisesien sue oree aE A ae ni 158 Table 57 TOOLS gt Certilicates gt Trusted GAS Edit 1 eie ete octo bride Det cda ERR Re 160 Table 58 TOOLS gt Certificates gt Trusted CAS Import 11er inerte benedi nb pu niega eue aain 163 Table 59 TOOLS gt Firewall gt Firewall Seting 2 ccccoiseo pete phe pc cuk pu eo had ane Saut e
314. splay the certification path Certification Information Type This field displays general information about the certificate CA signed means that a Certification Authority signed the certificate Self signed means that the certificate s owner signed the certificate not a certification authority X 509 means that this certificate was created and signed according to the ITU T X 509 recommendation that defines the formats for public key certificates Version u This field displays the X 509 version number Serial Number This field displays the certificate s identification number given by the certification authority or generated by the WiMAX Modem Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Issuer This field displays identifying information about the certificate s issuing certification authority such as Common Name Organizational Unit Organization and Country With self signed certificates this is the same as the Subject Name field none displays for a certification request Signature Algorithm This field displays the type of algorithm that was used to sign the certificate The WiMAX Modem uses rsa pkcs1 shal RSA public private key encryption algorithm and the SHA1 hash algorithm Some certification authorities may use rsa pkcs1 md5 RSA public private key
315. splays the Privacy Key Management version number PKM provides security between the WiMAX Modem and the base station See the WiMAX security appendix for more information Authentication This field displays the user authentication method Authentication is the process of confirming the identity of a user by means of a username and password for example EAP TTLS allows an MS SS and a base station to establish a secure link or tunnel with an AAA Authentication Authorization and Accounting server in order to exchange authentication information See the WiMAX security appendix for more details User s Guide 225 Chapter 19 The Status Screen Table 101 The WiMAX Profile Screen continued LABEL DESCRIPTION TTLS Inner EAP This field displays the type of secondary authentication method Once a secure EAP TTLS connection is established the inner EAP is the protocol used to exchange security information between the mobile station the base station and the AAA server to authenticate the mobile station See the WiMAX security appendix for more details The WiMAX Modem supports the following inner authentication types CHAP Challenge Handshake Authentication Protocol MSCHAP Microsoft CHAP e MSCHAPV2 Microsoft CHAP version 2 PAP Password Authentication Protocol Certificate This is the security certificate the WiMAX Modem uses to authenticate the AAA server if on
316. ssly make sure the wireless settings in the wireless client are the same as the settings in the AP 6 Disconnect all the cables from your WiMAX Modem and follow the directions in the Quick Start Guide again 7 Ifthe problem continues contact your ISP cannot access the Internet any more had access to the Internet with the WiMAX Modem but my Internet connection is not available any more 232 User s Guide Chapter 20 Troubleshooting 1 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 2 1 on page 34 2 Disconnect and re connect the power adapter to the WiMAX Modem 3 If the problem continues contact your ISP The Internet connection is slow or intermittent 1 The quality of the WiMAX Modem s wireless connection to the base station may be poor Poor signal reception may be improved by moving the WiMAX Modem away from thick walls and other obstructions or to a higher floor in your building 2 There may be radio interference caused by nearby electrical devices such as microwave ovens and radio transmitters Move the WiMAX Modem away or switch the other devices off Weather conditions may also affect signal quality 3 There might be a lot of traffic on the network Look at the LEDs and check Section 1 2 1 on page 34 If the WiMAX Modem is sending or receiving a lot of information try closing some programs that use the Internet es
317. stems and network servers SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNI X server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems User s Guide 347 Appendix G Common Services Table 125 Commonly Used Services continued NAME PROTOCOL PORT S DESCRIPTION TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLI VE TCP 7000 Another videoconferencing solution User s Guide Legal Information Copyright Copyright 2008 by ZyXEL Communications Corporation The contents of this publication may not be reproduced in any part or as a whole transcribed stored in a retrieval system translated into any language or transmitted in any form or by any means electronic mechanical magnetic optical chemical photocopying manual or otherwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communicat
318. t to your local network firewall rules The default is to block all traffic from the Internet to your local network How can you forward certain WAN to LAN traffic You may allow traffic originating from the WAN to be forwarded to the LAN by Configuring NAT port forwarding rules Configuring WAN or LAN amp WAN access for services in the Remote MGMT screens or SMT menus When you allow remote management from the WAN you are actually configuring WAN to WAN WiMAX Modem firewall rules WAN to WAN WiMAX Modem firewall rules are Internet to the WiMAX Modem WAN interface firewall rules The default is to block all such traffic When you decide what WAN to LAN packets to log you are in fact deciding what WAN to LAN and WAN to WAN WiMAX Modem packets to log Forwarded WAN to LAN packets are not considered alerts 14 2 2 Triangle Route When the firewall is on your WiMAX Modem acts as a secure gateway between your LAN and the Internet In an ideal network topology all incoming and outgoing network traffic passes through the WiMAX Modem to protect your LAN against attacks Figure 69 Ideal Firewall Setup User s Guide 1 71 Chapter 14 The Firewall Screens 14 2 3 Firewall Setting Options 172 Click TOOLS gt Firewall gt Firewall Setting to configure the basic settings for your firewall Figure 70 TOOLS gt Firewall gt Firewall Setting C Enable Firewall Packet Direction LAN to WAN WAN to LAN C
319. tablished A PSTN call has been set up User s Guide Chapter 18 The Logs Screens User s Guide 19 1 Overview The Status Screen Use this screen to view a complete summary of your WiMAX Modem connection status 19 2 Status Screen Click the STATUS icon in the navigation bar to go to this screen where you can view the current status of the device system resources interfaces LAN and WAN and SIP accounts You can also register and un register SIP accounts as well as view detailed information from DHCP and statistics from WiMAX Vol P bandwidth management and traffic Figure 90 Status Device Information System Name MAX 236M1R V3 70 BIT 0 370BITb1 20090303 03 03 2009 Firmware Version WAN Information IP Address IP Subnet Mask DHCP LAN Information IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 DHCP Server WiMAX Information Sequans Firmware 4 6 1 0 trunk 17129 Patch for ALU Version Auth issue Operator ID BSID Frequency MAC Address WiMAX State DL SYN Bandwidth 10MHz CINR Mean dB CINR Deviation dB RSSI dBm UL Data Rate DL Data Rate Tx Power Refresh Interval None v System Status System Uptime 70 29 22 Current Date Time 2009 03 05 22 29 19 System Resource Memory Usage pne 3995 IVR Usage I 1 of 128Sec Interface Status Interface Status Rate WAN Down N A LAN Up 100M Full Summary WiMAX Profile DHCP T
320. te Management HTTP or Attempted use of HTTP or UPnP service was blocked according to remote management settings User s Guide Chapter 18 The Logs Screens Table 89 Remote Management Logs LOG MESSAGE DESCRIPTION Remote Management WWW denied Attempted use of WWW service was blocked according to remote management settings Remote Management HTTPS Attempted use of HTTPS service was blocked denied according to remote management settings Remote Management SSH denied Attempted use of SSH service was blocked according to remote management settings Remote Management ICMP Ping Attempted use of ICMP service was blocked response denied according to remote management settings Remote Management DNS denied Attempted use of DNS service was blocked according to remote management settings Table 90 ICMP Notes TYPE CODE DESCRIPTION 0 Echo Reply 0 Echo reply message 3 Destination Unreachable 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don t Fragment DF 5 Source route failed 4 Source Quench 0 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network 5 Redirect 0 Redirect datag
321. te Management gt Security to access this screen Use this screen to control how your WiMAX Modem responds to other types of requests Figure 82 TOOLS gt Remote Management gt Security Respond to Ping on LAN amp WAN C Do not respond to requests for unauthorized services The following table describes the labels in this screen Table 70 TOOLS gt Remote Management gt Security LABEL DESCRIPTION Respond to Ping Select the interface s on which the WiMAX Modem should respond to on incoming ping requests Disable the WiMAX Modem does not respond to any ping requests LAN the WiMAX Modem only responds to ping requests received from the LAN WAN the WiMAX Modem only responds to ping requests received from the WAN LAN amp WAN the WiMAX Modem responds to ping requests received from the LAN or the WAN Do not respond to requests for unauthorized Select this to prevent outsiders from discovering your WiMAX Modem by sending requests to unsupported port numbers If an outside user attempts to probe an unsupported port on your WiMAX Modem an services ICMP response packet is automatically returned This allows the outside user to know the WiMAX Modem exists Your WiMAX Modem supports anti probing which prevents the I CMP response packet from being sent This keeps outsiders from discovering your WiMAX Modem when unsupported ports are probed If you clear this you
322. ted sites This zone contains all Web sites you BE haven t placed in other zones m Security level for this zone Move the slider to set the security level for this zone 5 Medium Safe browsing and still functional Prompts before downloading potentially unsafe content Unsigned ActiveX controls will not be downloaded Appropriate for most Internet sites C Custom Level Default Level OK Cancel Apply 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions 6 Click OK to close the window Figure 139 Security Settings Java Scripting Security Settings d 1 KT x Settings 5 Scripting B Active scripting Grom 3 Allow paste operations via script Q Disable 9 Enable Q Prompt E Scripting of Java applets Q Disable Q Prompt v Llenar Anukhankie skinn af m Reset custom settings Reset to Medium Reset ced Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 UnderJava permissions make sure that a safety level is selected User s Guide Appendix C Pop up Windows JavaScri
323. ted port number s This server is usually on the LAN Apply Click to save your changes Cancel Click to return to the previous screen without saving your changes User s Guide Chapter 8 The NAT Configuration Screens 8 4 Trigger Port Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side With regular port forwarding you set a forwarding port in NAT to forward a service coming in from the server on the WAN to the IP address of a computer on the client side LAN The problem is that port forwarding only forwards a service to a single LAN IP address In order to use the same service on a different LAN computer you have to manually replace the LAN computer s IP address in the forwarding port with another LAN computer s IP address Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service The WiMAX Modem records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol a trigger port When the WiMAX Modem s WAN port receives a response with a specific port number and protocol incoming port the WiMAX Modem forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes another computer on the LAN can use the service in the same manner This way you do not need to confi
324. ter provides information on the ZyXEL Setup Wizard screens The wizard guides you through several steps where you can configure your Internet and VolP settings 3 1 1 Welcome to the ZyXEL Setup Wizard This is the welcome screen for the ZyXEL Setup Wizard You can choose to either configure your Internet connection or your VolP connection The Internet Connection Wizard screens are described in detail in the following sections Figure 6 Select a Mode ZyXEL Welcome to the ZyXEL Wizard Setup Internet Connection Wizard This wizard helps you configure the settings necessary for connecting to the Internet VoIP Connection Wizard This wizard helps you configure your Voice over Internet Protocol VoIP settings so that you can use a IP phone with this ZyXEL device User s Guide Chapter 3 Internet Connection Wizard 3 1 2 System Information This Internet Connection Wizard screen allows you to configure your WiMAX Modem s system information The settings here correspond to the ADVANCED gt System Configuration General screen see Section 9 2 on page 101 for more Figure 7 Internet Connection Wizard System Information System Information Enter a name to help you identify your router on the network This information is optional and you may safely leave this field blank System Name MAX 236M1R The ISP s domain name is often sent automatically by the ISP to the router If you are having
325. th port forwarding and port triggering rules Enable FTP ALG Select this to make sure FTP file transfer works correctly with port forwarding and port triggering rules Enable H 323 Select this to make sure H 323 audio visual programs such as ALG NetMeeting works correctly with port forwarding and port triggering rules Apply Click to save your changes Cancel Click to return to the previous screen without saving your changes User s Guide Chapter 8 The NAT Configuration Screens User s Guide The System Configuration Screens 9 1 Overview Click ADVANCED gt System Configuration to set up general system settings change the system mode change the password configure the DDNS server settings and set the current date and time 9 1 1 What You Can Do in This Chapter The General screen Section 9 2 on page 101 lets you change the WiMAX Modem s mode set up its system name domain name idle timeout and administrator password The Dynamic DNS screen Section 9 3 on page 102 lets you set up the WiMAX Modem as a dynamic DNS client The Firmware screen Section 9 4 on page 104 lets you upload new firmware to the WiMAX Modem The Configuration screen Section 9 5 on page 106 lets you back up or restore the configuration of the WiMAX Modem The Restart screen Section 9 6 on page 107 lets you restart your WiMAX Modem from within the web configurator 9 1 2 What You Need
326. the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or User s Guide 351 Appendix H Legal Information implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact your vendor You may also refer to the warranty policy for the region in which you bought the device at http WWVW Zyxel com web support warranty info php Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel
327. tificates that it has issued and you have selected the Check incoming certificates issued by this CA against a CRL check box in the certificate s details screen to have the WiMAX Modem check the CRL before trusting any certificates issued by the certification authority Otherwise the field displays No Action Click the Edit icon to open a screen with an in depth list of information about the certificate Use the Export icon to save the certificate to a computer Click the icon and then Save in the File Download screen The Save As screen opens browse to the location that you want to use and click Save Click the Delete icon to remove the certificate A window displays asking you to confirm that you want to delete the certificate Note that subsequent certificates move up by one when you take this action Import Click I mport to open a screen where you can save the certificate of a certification authority that you trust from your computer to the WiMAX Modem Refresh Click this button to display the current validity status of the certificates User s Guide Chapter 13 The Certificates Screens 13 3 1 Trusted CA Edit Click TOOLS gt Certificates gt Trusted CAs and then click the Edit icon to open the Trusted CAs screen Use this screen to view in depth certificate information and change the certificate s name Figure 64 TOOLS gt Certificates gt Trusted CAs gt Edit Property Certification
328. tification requests to a certification authority 13 2 My Certificates Click TOOLS Certificates My Certificates to access this screen Use this screen to generate and export self signed certificates or certification requests and import the WiMAX Modem s CA signed certificates Figure 59 TOOLS gt Certificates gt My Certificates PKI Storage Space in Use My Certificates Name ooo NENNEN 10096 1896 Type Subject Issuer Valid From Valid To Action CN MAX 200M1 cN MAx 200Mi 2000Jan 2030 Jan 1st 1st 1 auto generated self signed cert SELF Factory Default Factory Default 00 00 00 00 00 00 EXE Certificate Certificate GMT GMT LT The following table describes the icons in this screen Table 50 TOOLS gt Certificates gt My Certificates ICON DESCRIPTION EP Edit Click to edit this item ga Import Click to import an item dur Delete Click to delete this item The following table describes the labels in this screen Table 51 TOOLS gt Certificates gt My Certificates LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the WiMAX Modem s PKI storage space that is currently in use When the storage space is almost full you should consider deleting expired or unnecessary certificates before adding more certificates The number of the item in this list User s Guide Chapter 13
329. ting e IGMP v1 The WiMAX Modem supports IGMP version 1 e IGMP v2 The WiMAX Modem supports IGMP version 2 Multicasting can improve overall network performance However it requires extra processing and generates more network traffic In addition other computers on the LAN have to support the same version of IGMP Apply Click to save your changes Reset Click to restore your previously saved settings 6 6 Technical Reference The following section contains additional technical information about the WiMAX Modem features described in this chapter 6 6 1 IP Address and Subnet Mask Similar to the way houses on a street share a common street name computers on a LAN share one common network number Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 and you must enable the Network Address Translation NAT feature of the WiMAX Modem The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private
330. ty s certificate from the drop down list boxes and enter the certification authority s server address You also need to fill in the Reference Number and Key if the certification authority requires them Enrollment Protocol This field applies when you select Create a certification request and enroll for a certificate immediately online Select the certification authority s enrollment protocol from the drop down list box Simple Certificate Enrollment Protocol SCEP is a TCP based enrollment protocol that was developed by VeriSign and Cisco Certificate Management Protocol CMP is a TCP based enrollment protocol that was developed by the Public Key Infrastructure X 509 working group of the Internet Engineering Task Force IETF and is specified in RFC 2510 CA Server Address This field applies when you select Create a certification request and enroll for a certificate immediately online Enter the IP address or URL of the certification authority server For a URL you can use up to 511 of the following characters a zA ZO 9 _ CA Certificate This field applies when you select Create a certification request and enroll for a certificate immediately online Select the certification authority s certificate from the CA Certificate drop down list box You must have the certification authority s certificate already imported in the Trusted CAs screen Click Trusted CAs to go to the Trusted CAs screen w
331. u to partition your network into logical sections over the same Ethernet interface Your WiMAX Modem supports up to three logical LAN interfaces with the WiMAX Modem being the gateway for each logical network It s like having multiple LAN networks that actually use the same physical cables and ports By putting your LAN and Gateway A in different subnets all returning network traffic must pass through the WiMAX Modem to your LAN The following steps describe such a scenario 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN 2 The WiMAX Modem reroutes the packet to Gateway A which is in Subnet 2 3 The reply from the WAN goes to the WiMAX Modem 1 76 User s Guide Chapter 14 The Firewall Screens 4 The WiMAX Modem then sends it to the computer on the LAN in Subnet 1 Figure 73 IP Alias LAN Subnet 1 WAN Subnet 2 3 A User s Guide 1 77 Chapter 14 The Firewall Screens 178 User s Guide Content Filter 15 1 Overview 15 1 1 Use the TOOLS gt Content Filter screens to create and enforce policies that restrict access to the Internet based on content Internet content filtering allows you to create and enforce Internet access policies tailored to their needs Content filtering is the ability to block certain web features or specific URL keywords The WiMAX Modem can block web features such as ActiveX controls Java applets cookies and disable w
332. u to use a traditional analog telephone to make Internet calls You can configure the WiMAX Modem to use up to two SIP based VoIP accounts 4 2 Welcome to the ZyXEL Setup Wizard This is the welcome screen for the ZyXEL Setup Wizard You can choose to either configure your Internet connection or your VolP connection The VoIP Connection Wizard screens are described in detail in the following sections Figure 11 Select a Mode ZyXEL Welcome to the ZyXEL Setup Wizard Internet Connection Wizard m This wizard helps you configure the settings necessary for connecting to Se the Internet VoIP Connection Wizard This wizard helps you configure your Voice over Internet Protocol VoIP settings so that you can use a IP phone with this ZyXEL device User s Guide Chapter 4 VoIP Connection Wizard 4 2 1 First Voice Account Settings This VolP Connection Wizard screen allows you to configure your voice account The settings here correspond to the VOI CE gt Service Configuration gt SIP Setting screen see Section 10 2 on page 113 for more information Figure 12 VolP Connection gt First Voice Account Settings First Voice Account Settings The VoIP feature in this device requires that you have an active voice account Enter your account information below as issued by your voice account provider SIP Number changeme SIP Server Address 127 0 0 1 SIP Service Domain 127 0 0 1 Authenticatio
333. uality CINR deviation This field shows the amount of change in the CINR level This value is an indication of radio signal stability A lower number indicates a more stable signal and a higher number indicates a less stable signal RSSI This field shows the Received Signal Strength Indication This value is a measurement of overall radio signal strength A higher RSSI level indicates a stronger signal and a lower RSSI level indicates a weaker signal A strong signal does not necessarily indicate a good signal a strong signal may have a low signal to noise ratio SNR UL Data Rate This field shows the number of data packets uploaded from the WiMAX Modem to the base station each second DL Data Rate This field shows the number of data packets downloaded to the WiMAX Modem from the base station each second Tx Power This field shows the output transmission Tx level of the WiMAX Modem System Status User s Guide 21 7 Chapter 19 The Status Screen Table 96 Status continued LABEL DESCRIPTION System Uptime This field displays how long the WiMAX Modem has been running since it last started up The WiMAX Modem starts up when you plug it in when you restart it ADVANCED gt System Configuration gt Restart or when you reset it Current Date Time This field displays the current date and time in the WiMAX Modem You can change this in SETUP Time Setting Mem
334. uide QoS 17 1 Overview Quality of Service QoS refers to both a network s ability to deliver data with minimum delay and the networking methods used to control the use of bandwidth Without QoS all traffic data is equally likely to be dropped when the network is congested This can cause a reduction in network performance and make the network inadequate for time critical application such as video on demand 17 2 General Click TOOLS gt QoS to open the screen as shown next Use this screen to enable or disable QoS Figure 85 QoS gt General C Active QoS The following table describes the labels in this screen Table 72 TOOLS Remote Management Security LABEL DESCRIPTION Active QoS Select this to enable QoS for the WiMAX Modem Selecting this may improve network performance especially if you are using VoIP applications or are playing online video games Apply Click to save your changes Reset Click to restore your previously saved settings User s Guide Chapter 17 QoS 17 3 Class Setup Use this screen to add edit or delete QoS classifiers A classifier groups traffic into data flows according to specific criteria such as the source address destination address source port number destination port number or incoming interface For example you can configure a classifier to select traffic from the same protocol port such as Telnet to form a flow You can give differe
335. urity Privacy Content Connections Programs Advanced Settings Move the slider to select a privacy setting for the Internet zone Medium Blocks third party cookies that do not have a compact privacy policy Blocks third party cookies that use personally identifiable information without your implicit consent Restricts first party cookies that use personally identifiable information without implicit consent Pop up Blocker Prevent most pop up windows from appearing _ Block pop ups 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab User s Guide Appendix C Pop up Windows JavaScripts and Java Permissions 2 Select Settings to open the Pop up Blocker Settings screen Figure 136 Internet Options Privacy Internet Options General Security Privacy Content Connections Programs Advanced Settings Move the slider to select a privacy setting for the Internet zone Medium Blocks third party cookies that do not have a compact privacy policy Blocks third party cookies that use personally identifiable LJ information without your implicit consent Restricts first party cookies that use personally identifiable information without implicit consent Pop
336. urrent IP address of the WiMAX Modem in the LAN IP Subnet Mask This field displays the current subnet mask in the LAN DHCP This field displays what DHCP services the WiMAX Modem is providing to the LAN Choices are Server The WiMAX Modem is a DHCP server in the LAN It assigns IP addresses to other computers in the LAN Relay The WiMAX Modem is routing DHCP requests to one or more DHCP servers The DHCP server s may be on another network None The WiMAX Modem is not providing any DHCP services to the LAN You can change this in ADVANCED gt LAN Configuration gt DHCP Setup WiMAX Information Operator ID Every WiMAX service provider has a unique Operator ID number which is broadcast by each base station it owns You can only connect to the Internet through base stations belonging to your service provider s network BSID This field displays the identification number of the wireless base station to which the WiMAX Modem is connected Every base station transmits a unique BSID which identifies it across the network User s Guide Chapter 19 The Status Screen Table 96 Status continued LABEL DESCRIPTION Frequency This field displays the radio frequency of the WiMAX Modem s wireless connection to a base station MAC address This field displays the Media Access Control address of the WiMAX Modem Every network device has a unique MAC address which identifies it across the n
337. use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168 1 1 to 192 168 1 254 zero and 255 are reserved In other words the first three numbers specify the network number while the last number identifies an individual computer on that network User s Guide Chapter 6 The LAN Configuration Screens Once you have decided on the network number pick an IP address that is easy to remember for instance 192 168 1 1 for your WiMAX Modem but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your WiMAX Modem will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the WiMAX Modem unless you are instructed to do otherwise 6 6 2 DHCP Setup DHCP Dynamic Host Configuration Protocol RFC 2131 and RFC 2132 allows individual clients to obtain TCP IP configuration at start up from a server You can configure the WiMAX Modem as a DHCP server or disable it When configured as a server the WiMAX Modem provides the TCP IP configuration for the clients If DHCP service is disabled you must have another DHCP server on your LAN or else each computer must be manually configured The WiMAX Modem is pre configured with a pool of IP addresses for the DHCP clie
338. usly saved settings 14 4 Technical Reference The following section contains additional technical information about the WiMAX Modem features described in this chapter 14 4 1 Stateful Inspection Firewall 174 Stateful inspection firewalls restrict access by screening data packets against defined access rules They make access control decisions based on IP address and protocol They also inspect the session data to assure the integrity of the connection and to adapt to dynamic protocols These firewalls generally provide the best speed and transparency however they may lack the granular application level access control or caching that some proxies support Firewalls of one type or another have become an integral part of standard security solutions for enterprises User s Guide Chapter 14 The Firewall Screens 14 4 2 14 4 3 Guidelines For Enhancing Security With Your Firewall Change the default password via web configurator Think about access control before you connect to the network in any way Limit who can access your router Don t enable any local service such as telnet or FTP that you don t use Any enabled service could present a potential security risk A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network For local services that are enabled protect against misuse Protect by configuring the services to communicate only with sp
339. version 2 Session Initiating Protocol RFC 3261 Features SDP Session Description Protocol RFC 2327 RTP RFC 1889 RTCP RFC 1890 Voice codecs coder decoders G 711 G 726 G 729 Fax and data modem discrimination DTMF Detection and Generation DTMF In band and Out band traffic RFC 2833 PCM SIP INFO Point to point call establishment between two IADs Quick dialing through predefined phone book which maps the phone dialing number and destination URL Flexible Dial Plan RFC3525 section 7 1 14 Table 113 Star and Pound Code Support 0 Wireless Operator Services 2 Customer Care Access 66 Repeat Dialing 67 Plus the 10 digit phone number to block Caller ID on a single call basis 69 Return last call received 70 Followed by the 10 digit phone number to cancel Call Waiting on a single call basis 72 Activate Call Forwarding 72 followed by the 10 digit phone number that is requesting call forwarding service 720 Activate Call Forwarding 720 followed by the 10 digit phone number that is requesting deactivation of call forwarding service 73 Plus the forward to phone number to activate Call Forwarding No Answer no VM service plan User s Guide Chapter 21 Product Specifications Table 113 Star and Pound Code Support 730 Deactivate Call Forwarding No Answer 740 Plus the forward to phone number to activate Ca
340. ws XP Local Area Connection Properties sessssssssseeeeennnnnene 263 Figure 100 Windows XP Internet Protocol TCP IP Properties esseseeenee 264 Figure 101 WIS Vista Sart MEMI uad c eR esc i Rd ete aa 265 Figure 102 Windows Vista Conto Panel 42 etae tres diae tuc in i euto ed ELO poH uet eer naa et bed tae eU T DRM ENDE 265 Figure 103 Windows Vista Network And InferTigl i e retentu eer n ttn n au EP tena a eph ca omauEE cues 265 Figure 104 Windows Vista Network and Sharing Center ssssssssssseeeeeennen 266 Figure 105 Windows Vista Network and Sharing Center ssssssseeeeeeenn 266 Figure 106 Windows Vista Local Area Connection Properties ssse 267 Figure 107 Windows Vista Internet Protocol Version 4 TCP IPv4 Properties sssssss 268 Figura 108 Mat OS X 104 ROS MENU cisscccideorcaiacncanmedcccrcneendicdanutaasuialandloielantetakedaeiehowabiededdictamniens 269 Figure 109 Mac OS X 10 4 System Preferences naa 269 Figure 110 Mac OS X 10 4 Network Preferences cc c cciessssncesesccsesscesesscnetanesedsctscnnssccrenacedassnneeeensessnsaneds 270 Figure 111 Mac OS X 10 4 Network Preferences gt TCP IP Tab 270 Figure 112 Mac OS X 10 4 Network Preferences gt Ethernet sss 271 Figure 113 Mac OS X TOA cu i NI m 272 Figure 114 Mac OSA 105 Apple Menu srren Ren abt AAAA 273
341. xpire mechanism indicating the lifetime of signaling sessions The SIP UA sends registration packets to the SIP server periodically and keeps the session alive in the WiMAX Modem If the SIP client does not have this mechanism and makes no call during the WiMAX Modem SIP timeout default 60 minutes the WiMAX Modem SIP ALG drops any incoming calls after the timeout period You can use the ip alg siptimeout command to change the timeout value Audio Session Timeout If no voice packets go through the SIP ALG before the timeout period default 5 minutes expires the SIP ALG does not drop the call but blocks all voice traffic and deletes the audio session You cannot hear anything and you will need to make a new call to continue your conversation User s Guide Appendix F SIP Passthrough User s Guide Common Services The following table lists some commonly used services and their associated protocols and port numbers For a comprehensive list of port numbers ICMP type code numbers and services visit the IANA Internet Assigned Number Authority web site Name This is a short descriptive name for the service You can use this one or create a different one if you like Protocol This is the type of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFI NED the Port s is the IP protocol number not the port number Port s This v
342. y ZyXEL a certificate authority you trust for this purpose Vi View the security certificate that verifies this web site s sew identity Connection Encrypted High grade Encryption AES 256 256 bit The page you are viewing was encrypted before being transmitted over the Internet Encryption makes it very difficult for unauthorized people to view information traveling between computers It is therefore very unlikely that anyone read this page as it traveled across the network User s Guide Appendix E Importing Certificates Installing a Stand Alone Certificate File in Firefox Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Open Firefox and click TOOLS Options Figure 171 Firefox 2 Tools Menu Web Search Downloads Add ons Java Console Error Console Page Info Clear Private Data Ctrl Shift Del N Options 2 Inthe Options dialog box click ADVANCED gt Encryption gt View Certificates Figure 172 Firefox 2 Options Options Tabs Content Feeds Privacy Security Advanced General Network Upda e Encryption Protocols Use SSL 3 0 Use TLS 1 0 Certificates When a web site requires a certificate Select one automatically Ask me every time View Certificates 1 Revocation Lists User s Guide Appendix E Importing C
343. y server or outbound proxy server from dropping the SIP session The WiMAX Modem does this by sending SIP notify messages to the SIP server based on the specified interval Keep Alive with SIP Proxy Select this if the SIP server is a SIP proxy server Keep Alive with Outbound Proxy Select this if the SIP server is an outbound proxy server You must enable Outbound Proxy to use this Keep Alive Interval Enter how often in seconds the WiMAX Modem should send SIP notify messages to the SIP server MWI Message Waiting Indication Enable Select this if you want to hear a waiting beeping dial tone on your phone when you have at least one voice message Your VoIP service User s Guide provider must support this feature Chapter 10 The Service Configuration Screens Table 37 VOICE gt Service Configuration gt SIP Settings gt Advanced continued LABEL DESCRIPTION Expiration Time Keep the default value unless your VoIP service provider tells you to change it Enter the number of seconds the SIP server should provide the message waiting service each time the WiMAX Modem subscribes to the service Before this time passes the WiMAX Modem automatically subscribes again Fax Option G 711 Fax Select this if the WiMAX Modem should use G 711 to send fax Passthrough messages The peer devices must also use G 711 T 38 Fax Relay Select this if the WiMAX Modem should
344. y the agent to inform the manager of some events 16 5 1 SNMP Traps 188 The WiMAX Modem sends traps to the SNMP manager when any of the following events occurs Table 67 SNMP Traps TRAP TRAP NAME DESCRIPTION 0 coldStart defined in RFC A trap is sent after booting power on 1215 1 warmStart defined in RFC A trap is sent after booting software reboot 1215 4 authenticationFailure defined A trap is sent to the manager when receiving in RFC 1215 any SNMP get or set requirements with the wrong community password 6 whyReboot defined in A trap is sent with the reason of restart before ZYXEL MIB rebooting when the system is going to restart warm start 6a For intentional reboot A trap is sent with the message System reboot by user if reboot is done intentionally for example download new files Cl command sys reboot etc 6b For fatal error A trap is sent with the message of the fatal code if the system reboots because of fatal errors User s Guide Chapter 16 The Remote Management Screens 16 5 2 SNMP Options Click TOOLS gt Remote Management gt SNMP to access this screen Use SNMP options to control SNMP access to your WiMAX Modem Figure 80 TOOLS gt Remote Management gt SNMP SNMP Configuration Get Community public Set Community public Trap Community public Trap Destination 0 0 0 0 SNMP Server Port 161 Server Access
345. zation Common Name ul Do Cache J D Proxy Stylesheets DU PS ZyXEL Organization ZyX4 Organization ai al Organizational unit XYZ200 Oraanizational unit eiygto EAT ue EZ j KT Valid from Wednesday 21 May 2008 06 42 35 am GMT d Valid until Saturday 21 May 2011 06 42 35 am GMT r Cache Policy s Permanently Accept A gt until O Reject Plugins z Prompt Browser Identification MDS digest 3F 9A 76 6E A9 F5 07 41 BE 4C 8B 8B A2 D3 F0 2F Performance Help Defaults iw ok X Cancel 4 The next time you go to the web site that issued the public key certificate you just removed a certification error appears User s Guide Appendix E Importing Certificates Note There is no confirmation when you remove a certificate authority so be absolutely certain you want to go through with it before clicking the button User s Guide Appendix E Importing Certificates User s Guide SIP Passthrough Enabling Disabling the SIP ALG You can turn off the WiMAX Modem SIP ALG to avoid retranslating the IP address of an existing SIP device that is using STUN If you want to use STUN with a SIP client device a SIP phone or IP phone for example behind the WiMAX Modem use the ip alg disable ALG SIP command to turn off the SIP ALG Signaling Session Timeout Most SIP clients have an e
346. zes the incoming voice signal and attempts to synthesize it using its list of voice elements It tests the synthesized signal against the original and if it is acceptable transmits details of the voice elements it used to make the synthesis Because the codec at the receiving end has the same list it can exactly recreate the synthesized audio signal G 729 provides good sound quality and reduces the required bandwidth to 8kbps 10 2 1 4 MWI Message Waiting Indication Enable Message Waiting Indication MWI enables your phone to give you a message waiting beeping dial tone when you have one or more voice messages Your VoIP service provider must have a messaging system that sends message waiting status SIP packets as defined in RFC 3842 User s Guide Chapter 10 The Service Configuration Screens 10 2 1 5 Advanced SIP Settings Options Click Advanced in VOICE Service Configuration SIP Settings to set up and maintain advanced settings for each SIP account Figure 47 VOICE Service Configuration SIP Settings Advanced SIP Server Settings URL Type Expiration Duration Register Re send timer Session Expires Min SE RTP Port Range Start Port End Port Voice Compression Primary Compression Type Secondary Compression Type Third Compression Type DTMF Mode STUN C Active Server Address Server Port Use NAT CI Active Server Address Server Port sP w 3600
Download Pdf Manuals
Related Search