Page 1 P-2602R/RL-DxA Series ADSL2+ VoIP IAD User’s Guide Version 3.40 6/2006 Edition 1...
Page 4: Certifications
P-2602R/RL-DxA Series User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 5 P-2602R/RL-DxA Series User’s Guide Certifications...
Page 6: Safety Warnings
P-2602R/RL-DxA Series User’s Guide For your safety, be sure to read and follow all warning notices and instructions. • To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks.
Page 7: Zyxel Limited Warranty
P-2602R/RL-DxA Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
Page 8: Customer Support
+7-3272-590-689 1-800-255-4101 www.us.zyxel.com +1-714-632-0882 +1-714-632-0858 ftp.us.zyxel.com +47-22-80-61-80 www.zyxel.no +47-22-80-61-81 REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika ZyXEL Communications A/S...
Page 9 Poland ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279 Russia ZyXEL Communications Arte, 21 5ª planta 28033 Madrid Spain ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg Sweden ZyXEL Ukraine 13, Pimonenko Str. Kiev, 04050 Ukraine ZyXEL Communications UK Ltd.,11 The Courtyard,...
Page 10 P-2602R/RL-DxA Series User’s Guide Customer Support...
Page 11: Table Of Contents
Copyright ... 3 Certifications ... 4 Safety Warnings ... 6 ZyXEL Limited Warranty... 7 Customer Support... 8 Table of Contents ... 11 List of Figures ... 23 List of Tables ... 29 Preface ... 33 Chapter 1 Getting To Know the ZyXEL Device... 35 1.1 Introducing the P-2602RL-DxA Series ...35 1.2 Features ...36 1.3 Applications for the ZyXEL Device ...40...
Page 12 P-2602R/RL-DxA Series User’s Guide Chapter 3 Internet Setup Wizard ... 53 3.1 Introduction ...53 3.2 Internet Access Wizard Setup ...53 3.2.1 Manual Configuration ...55 Chapter 4 VoIP Wizard And Example ... 61 4.1 Introduction ...61 4.2 VoIP Wizard Setup ...61 Chapter 5 Bandwidth Management Wizard ...
Page 13 7.3 Traffic Shaping ...84 7.3.1 ATM Traffic Classes ...85 7.3.1.1 Constant Bit Rate (CBR) ...85 7.3.1.2 Variable Bit Rate (VBR) ...85 7.3.1.3 Unspecified Bit Rate (UBR) ...86 7.4 Zero Configuration Internet Access ...86 7.5 Internet Access Setup ...86 7.5.1 Advanced Internet Access Setup...89 7.6 WAN More Connections ...90 7.7 Traffic Redirect ...91 7.8 WAN Backup Setup ...93...
Page 14 P-2602R/RL-DxA Series User’s Guide 9.4 Port Forwarding ...113 9.4.1 Default Server IP Address ...114 9.4.2 Port Forwarding: Services and Port Numbers ...114 9.4.3 Configuring Servers Behind Port Forwarding (Example) ...115 9.5 Configuring Port Forwarding ...115 9.5.1 Port Forwarding Rule Edit ...116 9.5.2 SIP ALG ...117 Chapter 10 Voice ...
Page 15 10.11.2 Voice Activity Detection/Silence Suppression ...133 10.11.3 Comfort Noise Generation ...133 10.11.4 Echo Cancellation ...134 10.12 Analog Phone ...134 10.13 Advanced Analog Phone Setup Screen ...135 10.13.1 Common Phone Settings Screen ...136 10.14 Supplementary Phone Services Overview ...137 10.14.1 The Flash Key ...138 10.14.2 Europe Type Supplementary Phone Services ...138 10.14.2.1 European Call Hold ...138 10.14.2.2 European Call Waiting ...139...
Page 16 P-2602R/RL-DxA Series User’s Guide 12.4.1 Basics ...151 12.4.2 Types of DoS Attacks ...152 12.4.2.1 ICMP Vulnerability ...154 12.4.2.2 Illegal Commands (NetBIOS and SMTP) ...154 12.4.2.3 Traceroute ...155 12.5 Stateful Inspection ...155 12.5.1 Stateful Inspection Process ...156 12.5.2 Stateful Inspection on Your ZyXEL Device ...156 12.5.3 TCP Security ...157 12.5.4 UDP/ICMP Security ...157 12.5.5 Upper Layer Protocols ...158...
Page 17 13.8.2.1 TCP Maximum Incomplete and Blocking Time ...176 13.8.3 Configuring Firewall Thresholds ...177 Chapter 14 Content Filtering ... 179 14.1 Content Filtering Overview ...179 14.2 Configuring Keyword Blocking ...179 14.3 Configuring the Schedule ...180 14.4 Configuring Trusted Computers ...181 Chapter 15 Static Route ...
Page 18 P-2602R/RL-DxA Series User’s Guide Chapter 18 Remote Management Configuration ... 201 18.1 Remote Management Overview ...201 18.1.1 Remote Management Limitations ...201 18.1.2 Remote Management and NAT ...202 18.1.3 System Timeout ...202 18.2 WWW ...202 18.3 Telnet ...203 18.4 Configuring Telnet ...203 18.5 Configuring FTP ...204 18.6 SNMP ...205 18.6.1 Supported MIBs ...207...
Page 19 Chapter 22 Tools ... 235 22.1 Introduction ...235 22.2 Filename Conventions ...235 22.3 File Maintenance Over WAN ...236 22.4 Firmware Upgrade Screen ...236 22.5 Backup and Restore ...238 22.5.1 Backup Configuration ...239 22.5.2 Restore Configuration ...239 22.5.3 Reset to Factory Defaults ...240 22.6 Restart ...241 22.7 Using FTP or TFTP to Back Up Configuration ...241 22.7.1 Using the FTP Commands to Back Up Configuration ...241...
Page 20 P-2602R/RL-DxA Series User’s Guide 24.6.1 Outgoing Calls ...264 24.6.2 Incoming Calls ...265 Appendix A Product Specifications ... 267 Appendix B Splitters and Microfilters ... 271 Connecting a POTS Splitter ... 271 Telephone Microfilters ... 271 Appendix C Setting up Your Computer’s IP Address... 273 Windows 95/98/Me...
Page 21 The Ideal Setup... 299 The “Triangle Route” Problem... 299 The “Triangle Route” Solutions ... 300 IP Aliasing ... 300 Gateways on the WAN Side... 301 Appendix H Log Descriptions... 303 Log Commands... 312 Configuring What You Want the ZyXEL Device to Log... 312 Displaying Logs ...
Page 22 P-2602R/RL-DxA Series User’s Guide Table of Contents...
Page 23: List Of Figures
P-2602R/RL-DxA Series User’s Guide List of Figures Figure 1 Internet Access Application ... 40 Figure 2 Internet Telephony Service Provider Application ... 41 Figure 3 Peer-to-peer Calling ... 41 Figure 4 Firewall Application ... 42 Figure 5 LEDs ... 42 Figure 6 Password Screen ...
Page 24 P-2602R/RL-DxA Series User’s Guide Figure 39 Advanced Internet Access Setup ... 89 Figure 40 WAN More Connections ... 91 Figure 41 Traffic Redirect Example ... 92 Figure 42 Traffic Redirect LAN Setup ... 93 Figure 43 LAN and WAN IP Addresses ... 95 Figure 44 Any IP Example ...
Page 25 P-2602R/RL-DxA Series User’s Guide Figure 82 Firewall Example: Rules ... 172 Figure 83 Edit Custom Port Example ... 172 Figure 84 Firewall Example: Edit Rule: Destination Address ... 173 Figure 85 Firewall Example: Edit Rule: Select Customized Services ... 174 Figure 86 Firewall Example: Rules: MyService ...
Page 26 P-2602R/RL-DxA Series User’s Guide Figure 124 System Time Setting ... 225 Figure 125 View Log ... 230 Figure 126 Log Settings ... 231 Figure 127 E-mail Log Example ... 234 Figure 128 Firmware Upgrade ... 237 Figure 129 Firmware Upload In Progress ... 237 Figure 130 Network Temporarily Disconnected ...
Page 27 P-2602R/RL-DxA Series User’s Guide Figure 167 Macintosh OS 8/9: TCP/IP ... 282 Figure 168 Macintosh OS X: Apple Menu ... 283 Figure 169 Macintosh OS X: Network ... 283 Figure 170 Ideal Setup ... 299 Figure 171 “Triangle Route” Problem ... 300 Figure 172 IP Alias ...
Page 28 P-2602R/RL-DxA Series User’s Guide List of Figures...
Page 29: List Of Tables
P-2602R/RL-DxA Series User’s Guide List of Tables Table 1 Models Covered ... 35 Table 2 ADSL Standards ... 36 Table 3 LEDs ... 43 Table 4 Web Configurator Icons in the Title Bar ... 49 Table 5 Navigation Panel Summary ... 49 Table 6 Internet Access Wizard Setup: ISP Parameters ...
Page 30 P-2602R/RL-DxA Series User’s Guide Table 39 VoIP > SIP Settings > Advanced ... 129 Table 40 SIP > QoS ... 132 Table 41 Phone > Analog Phone ... 134 Table 42 Phone > Analog Phone > Advanced ... 135 Table 43 Phone > Common ... 137 Table 44 European Flash Key Commands ...
Page 31 P-2602R/RL-DxA Series User’s Guide Table 80 Remote Management: ICMP ... 210 Table 81 Configuring UPnP ... 213 Table 82 System General Setup ... 224 Table 83 System Time Setting ... 225 Table 84 View Log ... 230 Table 85 Log Settings ... 231 Table 86 SMTP Error Messages ...
Page 32 P-2602R/RL-DxA Series User’s Guide Table 123 ICMP Logs ... 305 Table 124 CDR Logs ... 306 Table 125 PPP Logs ... 306 Table 126 UPnP Logs ... 307 Table 127 Content Filtering Logs ... 307 Table 128 Attack Logs ... 307 Table 129 802.1X Logs ...
Page 33: Preface
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to [email protected] or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 34 P-2602R/RL-DxA Series User’s Guide • The P-2602R/RL-DxA may be referred to as the ZyXEL Device in this user’s guide. Graphics Icons Key ZyXEL Device Server Telephone Firewall Computer Notebook computer Switch Router DSLAM Trunking gateway Wireless signal Preface...
Page 35: Getting To Know The Zyxel Device
Getting To Know the ZyXEL This chapter describes the key features and applications of your device Introducing the P-2602RL-DxA Series The P-2602R/RL-DxA series are Integrated Access Devices (IADs) that combine an ADSL2+ router with Voice over IP (VoIP) communication capabilities to allow you to use a traditional analog telephone to make Internet calls.
Page 36: Features
P-2602R/RL-DxA Series User’s Guide The web browser-based Graphical User Interface (GUI) provides easy management. 1.2 Features The following sections introduce your device’s key features. Ethernet Port The 10/100 Mbps auto-negotiating Ethernet port allows the device to detect the speed of incoming transmissions and adjust appropriately without manual intervention.
Page 37: Auto Firmware Upgrade
Zero Configuration Internet Access Once you connect and turn on the device, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes. In cases where additional account information (such as an Internet account user name and password) is required or the ZyXEL Device cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting.
Page 38 P-2602R/RL-DxA Series User’s Guide Multiple SIP Accounts You can simultaneously use multiple voice (SIP) accounts and assign them to one or both telephone ports. Multiple Voice Channels Your device can simultaneously handle multiple voice channels (telephone calls). Additionally you can answer an incoming phone call on a VoIP account, even while someone else is using the account for a phone call.
Page 39: Dynamic Dns Support
Other PPPoE Features • PPPoE idle time out • PPPoE dial on demand Dynamic DNS Support With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.
Page 40: Applications For The Zyxel Device
P-2602R/RL-DxA Series User’s Guide 1.3 Applications for the ZyXEL Device Here are some example uses for which the ZyXEL Device is well suited. 1.3.1 Internet Access Your device is the ideal high-speed Internet access solution. It supports the TCP/IP protocol, which the Internet uses exclusively.
Page 41: Make Peer-To-Peer Calls
Figure 2 Internet Telephony Service Provider Application 1.3.3 Make Peer-to-peer Calls You can call directly to someone’s IP address without using a SIP proxy server. Peer-to-peer calls are also called “Point to Point” or “IP-to-IP” calls. You must know the peer’s IP address in order to do this.
Page 42: Leds
P-2602R/RL-DxA Series User’s Guide Figure 4 Firewall Application 1.3.5 LEDs The LED display can help you determine the status of your ZyXEL Device. Look on either side of your ZyXEL Device to see the LEDs. Figure 5 LEDs Chapter 1 Getting To Know the ZyXEL Device...
Page 43: Table 3 Leds
The following table describes your device’s LEDs. Table 3 LEDs COLOR POWER Green None ETHERNET Green None Green None INTERNET Green None PHONE 1, 2 Green Orange None Refer to the Quick Start Guide for information on hardware connections. Chapter 1 Getting To Know the ZyXEL Device P-2602R/RL-DxA Series User’s Guide STATUS DESCRIPTION...
Page 44 P-2602R/RL-DxA Series User’s Guide Chapter 1 Getting To Know the ZyXEL Device...
Page 45: Introducing The Web Configurator
This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
Page 46: Figure 6 Password Screen
P-2602R/RL-DxA Series User’s Guide Figure 6 Password Screen 5 The following screen displays if you have not yet changed your password. It is highly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.
Page 47: The Reset Button
Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes. If this happens, log in again. Figure 8 Wizard or Advanced Screen 2.1.2 The RESET Button If you forget your password or cannot access the web configurator, you will need to use the RESET button to reload the factory-default configuration file.
Page 48: Web Configurator Main Screen
P-2602R/RL-DxA Series User’s Guide 2.2 Web Configurator Main Screen Figure 9 Main Screen As illustrated above, the main screen is divided into these parts: • A - title bar • B - navigation panel • C - main window • D - status bar 2.2.1 Title Bar The title bar allows you to change the language and provides some icons in the upper right corner.
Page 49: Navigation Panel
The icons provide the following functions. Table 4 Web Configurator Icons in the Title Bar ICON DESCRIPTION Wizards: Click this icon to go to the configuration wizards. See for more information. Logout: Click this icon to log out of the web configurator. 2.2.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL Device features.
Page 50 P-2602R/RL-DxA Series User’s Guide Table 5 Navigation Panel Summary LINK Phone Book Speed Dial Incoming Call Policy PSTN Line General Security Firewall General Rules Anti Probing Threshold Content Filter Keyword Schedule Trusted Advanced Static Route Static Route Bandwidth Summary MGMT Rule Setup Monitor Dynamic DNS...
Page 51: Main Window
Table 5 Navigation Panel Summary LINK System General Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart Diagnostic General DSL Line 2.2.3 Main Window The main window displays information and configuration fields. It is discussed in the rest of this document.
Page 52 P-2602R/RL-DxA Series User’s Guide Chapter 2 Introducing the Web Configurator...
Page 53: Internet Setup Wizard
This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields. 3.2 Internet Access Wizard Setup 1 After you enter the password to access the web configurator, select Go to Wizard setup and click Apply.
Page 54: Figure 11 Wizard Welcome
P-2602R/RL-DxA Series User’s Guide Figure 11 Wizard Welcome 3 Your ZyXEL device attempts to detect your DSL connection and your connection type. The following screen appears if a connection is not detected. Check your hardware connections and click Restart the Internet/Wireless Setup Wizard to return to the wizard welcome screen.
Page 55: Manual Configuration
Figure 13 Auto-Detection: PPPoE The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to how to manually configure the ZyXEL Device for Internet access. Figure 14 Auto Detection: Failed 3.2.1 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen exactly as your...
Page 56: Figure 15 Internet Access Wizard Setup: Isp Parameters
P-2602R/RL-DxA Series User’s Guide Figure 15 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 6 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account.
Page 57: Figure 16 Internet Connection With Pppoe
2 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Apply to continue. Figure 16 Internet Connection with PPPoE The following table describes the fields in this screen. Table 7 Internet Connection with PPPoE LABEL...
Page 58: Figure 17 Internet Connection With Rfc 1483
P-2602R/RL-DxA Series User’s Guide Figure 17 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 8 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field.
Page 59: Figure 19 Internet Connection With Pppoa
The following table describes the fields in this screen. Table 9 Internet Connection with ENET ENCAP LABEL DESCRIPTION Obtain an IP A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not Address fixed;...
Page 60: Figure 20 Connection Test Failed-2
P-2602R/RL-DxA Series User’s Guide Table 10 Internet Connection with PPPoA (continued) LABEL DESCRIPTION Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. •...
Page 61: Voip Wizard And Example
VoIP Wizard And Example This chapter shows you how to configure your SIP account(s) and make a VoIP phone call. 4.1 Introduction The ZyXEL Device has Voice over IP (VoIP) communication capabilities that allow you to use a traditional analog telephone to make Internet calls. You can configure the ZyXEL Device to use up to two SIP based VoIP accounts.
Page 62: Figure 22 Select A Mode
P-2602R/RL-DxA Series User’s Guide Figure 22 Select a Mode 2 Click VOICE OVER INTERNET SETUP to configure your SIP settings. Figure 23 Wizard: Welcome Chapter 4 VoIP Wizard And Example...
Page 63: Figure 24 Voip Wizard Configuration
3 Fill in the VOICE OVER INTERNET SETUP wizard screen with the information provided by your VoIP service provider. Your VoIP service provider supplies you with the following information. When you are finished, click Apply. Table 11 Sample SIP Account Information INFORMATION FROM VOIP SERVICE PROVIDER...
Page 64: Figure 25 Sip Registration Test
P-2602R/RL-DxA Series User’s Guide Table 12 VoIP Wizard Configuration LABEL SIP Service Domain User Name Password Check here to set up SIP2 settings. Back Apply Exit 4 Your ZyXEL Device will attempt to register your SIP account with your VoIP service provider.
Page 65: Figure 26 Voip Wizard Fail
Figure 26 VoIP Wizard Fail 6 This screen displays if your SIP account registration was successful. Click Return to Wizard Main Page if you want to use another configuration wizard. Click Go to Advanced Setup page or Finish to close the wizard and go to the main web configurator screens.
Page 66 P-2602R/RL-DxA Series User’s Guide Chapter 4 VoIP Wizard And Example...
Page 67: Bandwidth Management Wizard
Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 5.1 Introduction Bandwidth management allows you to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements.
Page 68: Bandwidth Management Wizard Setup
P-2602R/RL-DxA Series User’s Guide Table 13 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION NetMeeting A multimedia communications product from Microsoft that enables groups to (H.323) teleconference and videoconference over the Internet. NetMeeting supports VoIP, text chat sessions, a whiteboard, and file transfers and application sharing. NetMeeting uses H.323.
Page 69: Figure 28 Select A Mode
Figure 28 Select a Mode 2 Click BANDWIDTH MANAGEMENT SETUP. Figure 29 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the packet size or services. Figure 30 Bandwidth Management Wizard: General Information Chapter 5 Bandwidth Management Wizard P-2602R/RL-DxA Series User’s Guide...
Page 70: Figure 31 Bandwidth Management Wizard: Service Configuration
P-2602R/RL-DxA Series User’s Guide The following fields describe the label in this screen. Table 14 Bandwidth Management Wizard: General Information LABEL DESCRIPTION Active Select the Active check box to have the ZyXEL Device apply bandwidth management to traffic going out through the ZyXEL Device’s WAN or LAN port. Select Auto Classifier to automatically allocate bandwidth to packets based on the packet size or Services Setup to allocate bandwidth based on the service requirements.
Page 71: Figure 32 Bandwidth Management Wizard: Complete
Table 15 Bandwidth Management Wizard: Service Configuration LABEL DESCRIPTION Priority Select High, Mid or Low priority for each service to have your ZyXEL Device use a priority for traffic that matches that service. A service with High priority is given as much bandwidth as it needs. If you select services as having the same priority, then bandwidth is divided equally amongst those services.
Page 72 P-2602R/RL-DxA Series User’s Guide Chapter 5 Bandwidth Management Wizard...
Page 73: Chapter 6 Status Screens
Use the Status screens to look at the current status of the device, system resources, interfaces (LAN and WAN), and SIP accounts. You can also register and unregister SIP accounts. The Status screen also provides detailed information from Any IP and DHCP and statistics from VoIP, bandwidth management, and traffic.
Page 74: Table 16 Status Screen
P-2602R/RL-DxA Series User’s Guide Each field is described in the following table. Table 16 Status Screen LABEL DESCRIPTION Refresh Interval Enter how often you want the ZyXEL Device to update this screen. Apply Click this to update this screen immediately. Device Information Host Name This field displays the ZyXEL Device system name.
Page 75 Table 16 Status Screen LABEL DESCRIPTION System This field displays how long the ZyXEL Device has been running since it last Uptime started up. The ZyXEL Device starts up when you plug it in, when you restart it (Maintenance > Tools > Restart), or when you reset it (see 47).
Page 76: Any Ip Table
P-2602R/RL-DxA Series User’s Guide Table 16 Status Screen LABEL DESCRIPTION Registration This field displays the current registration status of the SIP account. You have to register SIP accounts with a SIP server to use VoIP. If the SIP account is already registered with the SIP server, •...
Page 77: Packet Statistics
Table 17 Any IP Table LABEL DESCRIPTION MAC Address This field displays the MAC address of the computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device. Refresh Click this to update this screen. 6.3 Packet Statistics Click Status >...
Page 78: Voip Statistics
P-2602R/RL-DxA Series User’s Guide Table 18 Packet Statistics (continued) LABEL DESCRIPTION WAN IP Address This is the IP address of the ZyXEL Device’s WAN port. Upstream Speed This is the upstream speed of your ZyXEL Device. Downstream Speed This is the downstream speed of your ZyXEL Device. Node-Link This field displays the remote node index number and link type.
Page 79: Figure 36 Voip Statistics
Figure 36 VoIP Statistics Each field is described in the following table. Table 19 VoIP Statistics LABEL DESCRIPTION SIP Status Account This column displays each SIP account in the ZyXEL Device. Registration This field displays the current registration status of the SIP account. You can change this in the Status screen.
Page 80 P-2602R/RL-DxA Series User’s Guide Table 19 VoIP Statistics LABEL DESCRIPTION Phone This field displays each phone port in the ZyXEL Device. Hook This field indicates whether the phone is on the hook or off the hook. On - The phone is hanging up or already hung up. Off - The phone is dialing, calling, or connected.
Page 81: Chapter 7 Wan Setup
This chapter describes how to configure WAN settings. 7.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 7.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods.
Page 82: Pppoa
P-2602R/RL-DxA Series User’s Guide By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 83: Ip Address Assignment
7.1.4 IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP.
Page 84: Metric
P-2602R/RL-DxA Series User’s Guide 7.2 Metric The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected networks. The number must be between "1"...
Page 85: Atm Traffic Classes
Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again. If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate.
Page 86: Unspecified Bit Rate (Ubr)
P-2602R/RL-DxA Series User’s Guide The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level.
Page 87: Figure 38 Internet Access Setup (Pppoe)
Figure 38 Internet Access Setup (PPPoE) The following table describes the labels in this screen. Table 20 Internet Access Setup LABEL General Mode Encapsulation User Name Password Chapter 7 WAN Setup DESCRIPTION Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Page 88 P-2602R/RL-DxA Series User’s Guide Table 20 Internet Access Setup (continued) LABEL Service Name Multiplexing Virtual Circuit ID IP Address IP Address Subnet Mask (ENET ENCAP encapsulation only) Gateway IP address (ENET ENCAP encapsulation only) DNS Server First DNS Server Second DNS Server Third DNS Server Connection (PPPoA and PPPoE...
Page 89: Advanced Internet Access Setup
Table 20 Internet Access Setup (continued) LABEL Connect on Demand Select Connect on Demand when you don't want the connection up all the time Max Idle Timeout Apply Cancel Advanced Setup 7.5.1 Advanced Internet Access Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the Internet Access Setup screen.
Page 90: Wan More Connections
P-2602R/RL-DxA Series User’s Guide Table 21 Advanced Internet Access Setup (continued) LABEL DESCRIPTION ATM QoS Type Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail.
Page 91: Traffic Redirect
Figure 40 WAN More Connections The following table describes the labels in this screen. Table 22 Advanced Internet Access Setup LABEL DESCRIPTION This is an index number indicating the number of the corresponding connection. Active This field indicates whether the connection is active or not. Name This is the name you gave to the Internet connection.
Page 92: Figure 41 Traffic Redirect Example
P-2602R/RL-DxA Series User’s Guide Figure 41 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network.
Page 93: Wan Backup Setup
Figure 42 Traffic Redirect LAN Setup 7.8 WAN Backup Setup To configure your ZyXEL Device’s WAN backup, click Network > WAN > WAN Backup Setup. Chapter 7 WAN Setup P-2602R/RL-DxA Series User’s Guide...
Page 94: Table 23 Wan Backup Setup
P-2602R/RL-DxA Series User’s Guide The following table describes the labels in this screen. Table 23 WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
Page 95: Chapter 8 Lan Setup
This chapter describes how to configure LAN settings. 8.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 96: Dhcp Setup
P-2602R/RL-DxA Series User’s Guide 8.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients.
Page 97: Dns Server Address Assignment
8.1.4 DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. There are two ways that an ISP disseminates the DNS server addresses.
Page 98: Private Ip Addresses
P-2602R/RL-DxA Series User’s Guide 8.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: •...
Page 99: Multicast
8.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Page 100: How Any Ip Works
P-2602R/RL-DxA Series User’s Guide Figure 44 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the ZyXEL Device’s IP address. Note: You must enable NAT/SUA to use the Any IP feature on the ZyXEL Device.
Page 101: Configuring Lan Ip
After all the routing information is updated, the computer can access the ZyXEL Device and the Internet as if it is in the same subnet as the ZyXEL Device. 8.3 Configuring LAN IP Click Network > LAN to open the IP screen. See information.
Page 102: Figure 46 Advanced Lan Setup
P-2602R/RL-DxA Series User’s Guide Figure 46 Advanced LAN Setup The following table describes the labels in this screen. Table 25 Advanced LAN Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.
Page 103: Dhcp Setup
8.4 DHCP Setup Click Network > DHCP Setup to open this screen. Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 47 DHCP Setup The following table describes the labels in this screen. Table 26 DHCP Setup LABEL DHCP Setup...
Page 104: Lan Client List
P-2602R/RL-DxA Series User’s Guide Table 26 DHCP Setup LABEL First DNS Server Second DNS Server Third DNS Server Apply Cancel 8.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address.
Page 105: Figure 48 Lan Client List
Figure 48 LAN Client List The following table describes the labels in this screen. Table 27 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify.
Page 106: Lan Ip Alias
P-2602R/RL-DxA Series User’s Guide 8.6 LAN IP Alias IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The ZyXEL Device supports three logical LAN interfaces via its single physical Ethernet interface with the ZyXEL Device itself as the gateway for each LAN network.
Page 107: Table 28 Lan Ip Alias
The following table describes the labels in this screen. Table 28 LAN IP Alias LABEL DESCRIPTION IP Alias 1, 2 Select the check box to configure another LAN network for the ZyXEL Device. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation. Alternatively, click the right mouse button to copy and/or paste the IP address.
Page 108 P-2602R/RL-DxA Series User’s Guide Chapter 8 LAN Setup...
Page 109: Network Address Translation (Nat) Screens
Network Address Translation This chapter discusses how to configure NAT on the ZyXEL Device. 9.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 110: What Nat Does
P-2602R/RL-DxA Series User’s Guide 9.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 111: Nat Application
9.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Figure 52 NAT Application With IP Alias 9.1.5 NAT Mapping Types NAT supports five types of IP/port mapping.
Page 112: Sua (Single User Account) Versus Nat
P-2602R/RL-DxA Series User’s Guide Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types. Table 30 NAT Mapping Types TYPE One-to-One Many-to-One (SUA/PAT) Many-to-Many Overload Many-to-Many No Overload Server 9.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 113: Port Forwarding
Figure 53 NAT General The following table describes the labels in this screen. Table 31 NAT General LABEL DESCRIPTION Active Select this check box to enable NAT. Network Address Translation (NAT) SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device.
Page 114: Default Server Ip Address
P-2602R/RL-DxA Series User’s Guide You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers.
Page 115: Configuring Servers Behind Port Forwarding (Example)
9.4.3 Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 116: Port Forwarding Rule Edit
P-2602R/RL-DxA Series User’s Guide The following table describes the fields in this screen. Table 33 Port Forwarding LABEL Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
Page 117: Sip Alg
The following table describes the fields in this screen. Table 34 Port Forwarding Rule Setup LABEL Active Click this check box to enable the rule. Service Name Enter a name to identify this port-forwarding rule. Start Port Enter a port number in this field. To forward only one port, enter the port number again in the End Port field.
Page 118: Figure 57 Network > Nat > Alg
P-2602R/RL-DxA Series User’s Guide Figure 57 Network > NAT > ALG Each field is described in the following table. Table 35 Network > NAT > ALG LABEL DESCRIPTION Enable SIP ALG Select this to make sure SIP (VoIP) works correctly with port-forwarding and address-mapping rules.
Page 119: Chapter 10 Voice
This chapter provides background information on VoIP and SIP and explains how to configure your device’s voice settings. 10.1 Introduction to VoIP VoIP is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit- switched telephone network.
Page 120: Sip Service Domain
P-2602R/RL-DxA Series User’s Guide 10.2.1.2 SIP Service Domain The SIP service domain of the VoIP service provider is the domain name in a SIP URI. For example, if the SIP address is [email protected], then “VoIP-provider.com” is the SIP service domain. 10.2.2 SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call.
Page 121: Sip User Agent
10.2.3.1 SIP User Agent A SIP user agent can make and receive VoIP telephone calls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol. In the following figure, either A or B can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent to receive the call.
Page 122: Sip Redirect Server
P-2602R/RL-DxA Series User’s Guide Figure 59 SIP Proxy Server 10.2.3.3 SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server.
Page 123: Sip Register Server
Figure 60 SIP Redirect Server 10.2.3.4 SIP Register Server A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register. 10.2.3.5 Multiple SIP Accounts You can set up 2 SIP accounts on your ZyXEL Device and your ZyXEL Device is equipped with 2 phone ports.
Page 124: Figure 61 Sip > Sip Settings
P-2602R/RL-DxA Series User’s Guide Figure 61 SIP > SIP Settings Each field is described in the following table. Table 37 SIP > SIP Settings LABEL DESCRIPTION SIP Account Select the SIP account you want to see in this screen. If you change this field, the screen automatically refreshes.
Page 125: Rtp
Table 37 SIP > SIP Settings LABEL DESCRIPTION SIP Service Enter the SIP service domain name. In the full SIP URI, this is the part after the @ Domain symbol. You can use up to 127 printable ASCII Extended set characters. Send Caller ID Select this if you want to send identification when you make VoIP phone calls.
Page 126: Pstn Call Setup Signaling
P-2602R/RL-DxA Series User’s Guide 10.6 PSTN Call Setup Signaling Dual-Tone MultiFrequency (DTMF) signaling uses pairs of frequencies (one lower frequency and one higher frequency) to set up calls. It is also known as Touch Tone®. Each of the keys on a DTMF telephone corresponds to a different pair of frequencies. Pulse dialing sends a series of clicks to the local phone office in order to dial numbers.
Page 127: Listening To Custom Tones
4 You can continue to add, listen to, or delete tones, or you can hang up the receiver when you are done. 10.8.0.2 Listening to Custom Tones Do the following to listen to a custom tone: 1 Pick up the phone and press “****” on your phone’s keypad and wait for the message that says you are in the configuration menu.
Page 128: Figure 62 Voip > Sip Settings > Advanced
P-2602R/RL-DxA Series User’s Guide Figure 62 VoIP > SIP Settings > Advanced Chapter 10 Voice...
Page 129: Table 39 Voip > Sip Settings > Advanced
Each field is described in the following table. Table 39 VoIP > SIP Settings > Advanced LABEL DESCRIPTION SIP Account This field displays the SIP account you see in this screen. SIP Server Settings URL Type Select whether or not to include the SIP service domain name when the ZyXEL Device sends the SIP number.
Page 130 P-2602R/RL-DxA Series User’s Guide Table 39 VoIP > SIP Settings > Advanced LABEL DESCRIPTION DTMF Mode Control how the ZyXEL Device handles the tones that your telephone makes when you push its buttons. You should use the same mode your VoIP service provider uses.
Page 131: Quality Of Service (Qos)
Table 39 VoIP > SIP Settings > Advanced LABEL DESCRIPTION Back Click this to return to the SIP Settings screen without saving your changes. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value.
Page 132: Vlan
P-2602R/RL-DxA Series User’s Guide Figure 63 DiffServ: Differentiated Service Field DSCP (6-bit) The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different priorities of forwarding.
Page 133: Phone
Table 40 SIP > QoS LABEL DESCRIPTION Voice VLAN ID Select this if the ZyXEL Device has to be a member of a VLAN to communicate with the SIP server. Ask your network administrator, if you are not sure. Enter the VLAN ID provided by your network administrator in the field on the right.
Page 134: Echo Cancellation
P-2602R/RL-DxA Series User’s Guide 10.11.4 Echo Cancellation G.168 is an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk. 10.12 Analog Phone Use this screen to control which SIP accounts and PSTN line each phone uses. To configure your analog phone settings, click VoIP >...
Page 135: Advanced Analog Phone Setup Screen
Table 41 Phone > Analog Phone LABEL DESCRIPTION PSTN Line (“L” Select this if you want to receive phone calls from the PSTN line (that do not use models only) the Internet) on this phone port. If you select more than one source for incoming calls, there is no way to distinguish between them when you receive phone calls.
Page 136: Common Phone Settings Screen
P-2602R/RL-DxA Series User’s Guide Table 42 Phone > Analog Phone > Advanced LABEL DESCRIPTION Speaking Volume Enter the loudness that the ZyXEL Device uses for speech that it sends to the peer device. -1 is the quietest, and 1 is the loudest. Listening Volume Enter the loudness that the ZyXEL Device uses for speech that it receives from the peer device.
Page 137: Supplementary Phone Services Overview
Figure 67 Phone > Common Each field is described in the following table. Table 43 Phone > Common LABEL DESCRIPTION Active Immediate Select this if you want to use the pound key (#) to tell the ZyXEL Device to make Dial the phone call immediately, instead of waiting the number of seconds you selected in the Dialing Interval Select in VoIP >...
Page 138: The Flash Key
P-2602R/RL-DxA Series User’s Guide 10.14.1 The Flash Key Flashing means to press the hook for a short period of time (a few hundred milliseconds) before releasing it. On newer telephones, there should be a "flash" key (button) that generates the signal electronically. If the flash key is not available, you can tap (press and immediately release) the hook by hand to achieve the same effect.
Page 139: European Call Waiting
If you hang up the phone but a caller is still on hold, there will be a remind ring. 10.14.2.2 European Call Waiting This allows you to place a call on hold while you answer another incoming call on the same telephone (directory) number.
Page 140: Usa Call Hold
P-2602R/RL-DxA Series User’s Guide After pressing the flash key, if you do not issue the sub-command before the default sub- command timeout (2 seconds) expires or issue an invalid sub-command, the current operation will be aborted. Table 45 USA Flash Key Commands COMMAND SUB-COMMAND Flash...
Page 141: Phone Region Screen
3 When party B answers the second call, press the flash key to create a three-way conversation. 4 Hang up the phone to drop the connection. 5 If you want to separate the activated three-way conference into two individual connections (with party A on-line and party B on hold), press the flash key. 6 If you want to go back to the three-way conversation, press the flash key again.
Page 142: Peer-To-Peer Calls
P-2602R/RL-DxA Series User’s Guide 10.16.1 Peer-to-Peer Calls You can call another VoIP device directly without going through a SIP server. You must set up a speed dial entry in the phone book in order to do this. Select Non-Proxy (Use IP or URL) in the Type column and enter the callee’s IP address or domain name.
Page 143: Incoming Call Policy Screen
Table 47 Phone Book > Speed Dial LABEL DESCRIPTION Number Enter the SIP number you want the ZyXEL Device to call when you dial the speed- dial number. Name Enter a name to identify the party you call when you dial the speed-dial number. You can use up to 127 printable ASCII characters.
Page 144: Figure 70 Phone Book > Incoming Call Policy
P-2602R/RL-DxA Series User’s Guide Figure 70 Phone Book > Incoming Call Policy You can create two sets of call-forwarding rules. Each one is stored in a call-forwarding table. Each field is described in the following table. Table 48 Phone Book > Incoming Call Policy LABEL DESCRIPTION Table Number...
Page 145: Pstn Line Screen
Table 48 Phone Book > Incoming Call Policy LABEL DESCRIPTION Advanced Setup The ZyXEL Device checks these rules before it checks the rules in the Forward to Number section. This field is a sequential value, and it is not associated with a specific rule. The sequence is important, however.
Page 146: Figure 71 Pstn Line > General
P-2602R/RL-DxA Series User’s Guide Figure 71 PSTN Line > General Each field is described in the following table. Table 49 PSTN Line > General LABEL DESCRIPTION PSTN Line Pre-fix Enter 1 - 7 numbers you dial before you dial the phone number, if you want to Number make a regular phone call while one of your SIP accounts is registered.
Page 147: Chapter 11 Phone Usage
This chapter describes how to use a phone connected to your ZyXEL Device for basic tasks. 11.1 Dialing a Telephone Number The PHONE LED turns green when your SIP account is registered. Dial a SIP number like “12345” on your phone’s keypad. Use speed dial entries (see that use letters.
Page 148: Auto Firmware Upgrade
P-2602R/RL-DxA Series User’s Guide 11.5 Auto Firmware Upgrade During auto-provisioning, the ZyXEL Device checks to see if there is a newer firmware version. If newer firmware is available, the ZyXEL Device plays a recording when you pick up your phone’s handset. Press “*99#”...
Page 149: Chapter 12 Firewalls
This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 12.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
Page 150: Application-Level Firewalls
P-2602R/RL-DxA Series User’s Guide 12.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts: Information hiding prevents the names of internal systems from being made known via DNS...
Page 151: Denial Of Service Attacks
• The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service.
Page 152: Types Of Dos Attacks
P-2602R/RL-DxA Series User’s Guide Some of the most common IP ports are: Table 50 Common IP Ports Telnet SMTP 12.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification.
Page 153: Figure 74 Syn Flood
Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. •...
Page 154: Icmp Vulnerability
P-2602R/RL-DxA Series User’s Guide Figure 75 Smurf Attack 12.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 51 ICMP Commands That Trigger Alerts REDIRECT TIMESTAMP_REQUEST TIMESTAMP_REPLY ADDRESS_MASK_REQUEST ADDRESS_MASK_REPLY 12.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
Page 155: Traceroute
12.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall. Often, many DoS attacks also employ a technique known as "IP Spoofing"...
Page 156: Stateful Inspection Process
P-2602R/RL-DxA Series User’s Guide The previous figure shows the ZyXEL Device’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.
Page 157: Tcp Security
• Allow certain types of traffic from the Internet to specific hosts on the LAN. • Allow access to a Web server to everyone but competitors. • Restrict use of certain protocols, such as Telnet, to authorized users on the LAN. These custom rules work by evaluating the network traffic’s Source IP address, Destination IP address, IP protocol type, and comparing these to rules set by the administrator.
Page 158: Upper Layer Protocols
P-2602R/RL-DxA Series User’s Guide A similar situation exists for ICMP, except that the ZyXEL Device is even more restrictive. Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask requests will allow incoming address mask replies, and outgoing timestamp requests will allow incoming timestamp replies.
Page 159: Packet Filtering Vs Firewall
• Encourage your company or organization to develop a comprehensive security plan. Good network administration takes into account what hackers can do and prepares against attacks. The best defense against hackers and crackers is information. Educate all employees about the importance of security and how to minimize risk. Produce lists like this one! •...
Page 160: When To Use Filtering
P-2602R/RL-DxA Series User’s Guide 12.7.1.1 When To Use Filtering • To block/allow LAN packets by their MAC addresses. • To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets. • To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the specific inside host/network "A"...
Page 161: Firewall Configuration
This chapter shows you how to enable and configure the ZyXEL Device firewall. 13.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.
Page 162: Rule Logic Overview
P-2602R/RL-DxA Series User’s Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...
Page 163: Key Fields For Configuring Rules
4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
Page 164: Lan To Wan Rules
P-2602R/RL-DxA Series User’s Guide 13.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.
Page 165: Firewall Rules Summary
The following table describes the labels in this screen. Table 54 Firewall: General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Page 166: Figure 78 Firewall Rules
P-2602R/RL-DxA Series User’s Guide Figure 78 Firewall Rules The following table describes the labels in this screen. Table 55 Firewall Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using.
Page 167: Configuring Firewall Rules
Table 55 Firewall Rules (continued) LABEL DESCRIPTION This field shows you whether a log is created when packets match this rule (Yes) or not (No). Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule.
Page 168: Figure 79 Firewall: Edit Rule
P-2602R/RL-DxA Series User’s Guide Figure 79 Firewall: Edit Rule Chapter 13 Firewall Configuration...
Page 169: Table 56 Firewall: Edit Rule
The following table describes the labels in this screen. Table 56 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select what the firewall is to do with packets that Packet match this rule.
Page 170: Customized Services
P-2602R/RL-DxA Series User’s Guide Table 56 Firewall: Edit Rule (continued) LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. 13.6.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.
Page 171: Configuring A Customized Service
13.6.3 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This action displays the following screen. Refer to Section 12.1 on page 149 Figure 81 Firewall: Configure Customized Services The following table describes the labels in this screen.
Page 172: Figure 82 Firewall Example: Rules
P-2602R/RL-DxA Series User’s Guide Figure 82 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Page 173: Figure 84 Firewall Example: Edit Rule: Destination Address
P-2602R/RL-DxA Series User’s Guide Figure 84 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Page 174: Figure 85 Firewall Example: Edit Rule: Select Customized Services
P-2602R/RL-DxA Series User’s Guide Figure 85 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Page 175: Dos Thresholds
Figure 86 Firewall Example: Rules: MyService 13.8 DoS Thresholds For DoS attacks, the ZyXEL Device uses thresholds to determine when to drop sessions that do not become fully established. These thresholds apply globally to all sessions. You can use the default threshold values, or you can change them to values more suitable to your security requirements.
Page 176: Half-Open Sessions
P-2602R/RL-DxA Series User’s Guide You should make any changes to the threshold values before you continue configuring firewall rules. 13.8.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "half- open"...
Page 177: Configuring Firewall Thresholds
13.8.3 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen. Figure 87 Firewall: Threshold The following table describes the labels in this screen.
Page 178 P-2602R/RL-DxA Series User’s Guide Table 59 Firewall: Threshold (continued) LABEL DESCRIPTION Maximum This is the number of existing half-open Incomplete Low sessions that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number.
Page 179: Chapter 14 Content Filtering
This chapter covers how to configure content filtering. 14.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Page 180: Configuring The Schedule
P-2602R/RL-DxA Series User’s Guide The following table describes the labels in this screen. Table 60 Content Filter: Keyword LABEL Active Keyword Blocking Block Websites that contain these keywords in the URL: Delete Clear All Keyword Add Keyword Apply Cancel 14.3 Configuring the Schedule To set the days and times for the ZyXEL Device to perform content filtering, click Security >...
Page 181: Configuring Trusted Computers
The following table describes the labels in this screen. Table 61 Content Filter: Schedule LABEL DESCRIPTION Schedule Select Active Everyday to Block to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active.
Page 182 P-2602R/RL-DxA Series User’s Guide Chapter 14 Content Filtering...
Page 183: Chapter 15 Static Route
This chapter shows you how to configure static routes for your ZyXEL Device. 15.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
Page 184: Figure 92 Static Route
P-2602R/RL-DxA Series User’s Guide Figure 92 Static Route The following table describes the labels in this screen. Table 63 Static Route LABEL DESCRIPTION This is the number of an individual static route. Active This field shows whether this static route is active (Yes) or not (No). Name This is the name that describes or identifies this route.
Page 185: Static Route Edit
15.2.1 Static Route Edit Select a static route index number and click Edit. The screen shown next appears. Use this screen to configure the required information for a static route. Figure 93 Static Route Edit The following table describes the labels in this screen. Table 64 Static Route Edit LABEL DESCRIPTION...
Page 186 P-2602R/RL-DxA Series User’s Guide Chapter 15 Static Route...
Page 187: Chapter 16 Bandwidth Management
Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 16.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
Page 188: Application And Subnet-Based Bandwidth Management
P-2602R/RL-DxA Series User’s Guide Figure 94 Subnet-based Bandwidth Management Example 16.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.
Page 189: Maximize Bandwidth Usage
16.6 Maximize Bandwidth Usage The maximize bandwidth usage option (see to divide up any available bandwidth on the interface (including unallocated bandwidth and any allocated bandwidth that a class is not using) among the bandwidth classes that require more bandwidth. When you enable maximize bandwidth usage, the ZyXEL Device first makes sure that each bandwidth class gets up to its bandwidth allotment.
Page 190: Priority-Based Allotment Of Unused And Unbudgeted Bandwidth
P-2602R/RL-DxA Series User’s Guide The ZyXEL Device divides up the unbudgeted 2048 kbps among the classes that require more bandwidth. If the administration department only uses 1024 kbps of the budgeted 2048 kbps, the ZyXEL Device also divides the remaining 1024 kbps among the classes that require more bandwidth.
Page 191: Bandwidth Management Priorities
• Each class gets up to its budgeted bandwidth. The administration class only uses 1024 kbps of its budgeted 2048 kbps. • The ZyXEL Device divides the total 3072 kbps total of unbudgeted and unused bandwidth equally among the other classes. 1024 kbps extra goes to each so the other classes each get a total of 3072 kbps.
Page 192: Bandwidth Management Rule Setup
P-2602R/RL-DxA Series User’s Guide The following table describes the labels in this screen. Table 70 Media Bandwidth Management: Summary LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.
Page 193: Figure 96 Bandwidth Management: Rule Setup
Figure 96 Bandwidth Management: Rule Setup The following table describes the labels in this screen. Table 71 Bandwidth Management: Rule Setup LABEL Direction Service Priority Bandwidth (kbps) Active Rule Name Destination Port Priority Bandwidth (kbps) Modify Chapter 16 Bandwidth Management DESCRIPTION Select LAN to apply bandwidth management to traffic that the ZyXEL Device forwards to the LAN.
Page 194: Rule Configuration
P-2602R/RL-DxA Series User’s Guide Table 71 Bandwidth Management: Rule Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 16.8.1 Rule Configuration Click the Edit icon or User define in the Service field to configure a bandwidth management rule.
Page 195 Table 72 Bandwidth Management Rule Configuration (continued) LABEL BW Budget Priority Use All Managed Bandwidth Filter Configuration Service Destination Address Enter the destination IP address in dotted decimal notation. Destination Subnet Netmask Destination Port Source Address Source Subnet Netmask Source Port Protocol Back Chapter 16 Bandwidth Management...
Page 196: Bandwidth Monitor
P-2602R/RL-DxA Series User’s Guide Table 72 Bandwidth Management Rule Configuration (continued) LABEL Apply Cancel 16.9 Bandwidth Monitor To view the ZyXEL Device’s bandwidth usage and allotments, click Advanced > Bandwidth MGMT > Monitor. The screen appears as shown. Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth rules.
Page 197: Chapter 17 Dynamic Dns Setup
This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 17.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 198: Figure 99 Dynamic Dns
P-2602R/RL-DxA Series User’s Guide Figure 99 Dynamic DNS The following table describes the fields in this screen. Table 73 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Select the type of service that you are registered for from your Dynamic DNS Type...
Page 199 Table 73 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this option only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. This feature has the DDNS server automatically detect IP detect and use the IP address of the NAT router that has a public IP address.
Page 200 P-2602R/RL-DxA Series User’s Guide Chapter 17 Dynamic DNS Setup...
Page 201: Remote Management Configuration
This chapter provides information on configuring remote management. 18.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. Note: When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 202: Remote Management And Nat
P-2602R/RL-DxA Series User’s Guide • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately. • There is already another remote management session with an equal or higher priority running.
Page 203: Telnet
The following table describes the labels in this screen. Table 74 Remote Management: WWW LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Page 204: Configuring Ftp
P-2602R/RL-DxA Series User’s Guide Figure 102 Remote Management: Telnet The following table describes the labels in this screen. Table 75 Remote Management: Telnet LABEL Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 205: Snmp
Figure 103 Remote Management: FTP The following table describes the labels in this screen. Table 76 Remote Management: FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Page 206: Figure 104 Snmp Management Model
P-2602R/RL-DxA Series User’s Guide Figure 104 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP.
Page 207: Supported Mibs
18.6.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 18.6.2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 77 SNMP Traps TRAP #...
Page 208: Figure 105 Remote Management: Snmp
P-2602R/RL-DxA Series User’s Guide Figure 105 Remote Management: SNMP The following table describes the labels in this screen. Table 78 Remote Management: SNMP LABEL SNMP Port Access Status Secured Client IP SNMP Configuration Get Community Set Community Trap Community Destination Apply Cancel DESCRIPTION...
Page 209: Configuring Dns
18.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 8 on page 95 To change your ZyXEL Device’s DNS settings, click Advanced > Remote MGMT > DNS. The screen appears as shown.
Page 210: Figure 107 Remote Management: Icmp
P-2602R/RL-DxA Series User’s Guide If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent.
Page 211: Universal Plug-And-Play (Upnp)
Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 19.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 212: Cautions With Upnp
P-2602R/RL-DxA Series User’s Guide 19.1.3 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Page 213: Installing Upnp In Windows Example
The following table describes the fields in this screen. Table 81 Configuring UPnP LABEL Active the Universal Plug and Play (UPnP) Feature Allow users to make configuration changes through UPnP Allow UPnP to pass through Firewall Apply Cancel 19.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP.
Page 214: Figure 109 Add/Remove Programs: Windows Setup: Communication
P-2602R/RL-DxA Series User’s Guide Figure 109 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 110 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
Page 215: Figure 111 Network Connections
Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Page 216: Using Upnp In Windows Xp Example
P-2602R/RL-DxA Series User’s Guide 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 113 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 19.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP.
Page 217: Figure 114 Network Connections
P-2602R/RL-DxA Series User’s Guide Figure 114 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Chapter 19 Universal Plug-and-Play (UPnP)
Page 218: Figure 115 Internet Connection Properties
P-2602R/RL-DxA Series User’s Guide Figure 115 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Chapter 19 Universal Plug-and-Play (UPnP)
Page 219: Figure 116 Internet Connection Properties: Advanced Settings
Figure 116 Internet Connection Properties: Advanced Settings Figure 117 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 220: Figure 118 System Tray Icon
P-2602R/RL-DxA Series User’s Guide Figure 118 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 119 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first.
Page 221: Figure 120 Network Connections
Figure 120 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Chapter 19 Universal Plug-and-Play (UPnP) P-2602R/RL-DxA Series User’s Guide...
Page 222: Figure 121 Network Connections: My Network Places
P-2602R/RL-DxA Series User’s Guide Figure 121 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 122 Network Connections: My Network Places: Properties: Example Chapter 19 Universal Plug-and-Play (UPnP)
Page 223: Chapter 20 System
Use this screen to configure the ZyXEL Device’s time and date settings. 20.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
Page 224: Figure 123 System General Setup
P-2602R/RL-DxA Series User’s Guide Figure 123 System General Setup The following table describes the labels in this screen. Table 82 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name”...
Page 225: Time Setting
20.2 Time Setting To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 124 System Time Setting The following table describes the fields in this screen.
Page 226 P-2602R/RL-DxA Series User’s Guide Table 83 System Time Setting (continued) LABEL DESCRIPTION New Time This field displays the last updated time from the time server or the last time configured manually. (hh:mm:ss) When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply.
Page 227 Table 83 System Time Setting (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
Page 228 P-2602R/RL-DxA Series User’s Guide Chapter 20 System...
Page 229: Chapter 21 Logs
This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 21.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Page 230: Configuring Log Settings
P-2602R/RL-DxA Series User’s Guide Figure 125 View Log The following table describes the fields in this screen. Table 84 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view;...
Page 231: Figure 126 Log Settings
Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many e- mails being sent. Figure 126 Log Settings The following table describes the fields in this screen.
Page 232 P-2602R/RL-DxA Series User’s Guide Table 85 Log Settings LABEL DESCRIPTION Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyXEL Device sends. Not all ZyXEL Device models have this field. Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field.
Page 233: Smtp Error Messages
21.4 SMTP Error Messages If there are difficulties in sending e-mail the following error message appears. “SMTP action request failed. ret= ??". The “??"are described in the following table. Table 86 SMTP Error Messages -1 means ZyXEL Device out of socket -2 means tcp SYN fail -3 means smtp server OK fail -4 means HELO fail...
Page 234: Figure 127 E-Mail Log Example
P-2602R/RL-DxA Series User’s Guide Figure 127 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: [email protected] [email protected] 1|Apr 7 00 |From:192.168.1.1 | 09:54:03 |UDP src port:00520 dest port:00520 2|Apr 7 00 |From:192.168.1.131 | 09:54:17 |UDP src port:00520 dest port:00520 3|Apr 7 00 |From:192.168.1.6...
Page 235: Chapter 22 Tools
This chapter explains how to upload new firmware, manage configuration files and restart your ZyXEL Device. Note: Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR ZyXEL Device. 22.1 Introduction Use the instructions in this chapter to change the device’s configuration file or upgrade its firmware.
Page 236: File Maintenance Over Wan
P-2602R/RL-DxA Series User’s Guide This is a sample FTP session saving the current configuration to the computer file “ ”. config.cfg If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the ZyXEL Device only recognizes “rom-0” and “ras”.
Page 237: Figure 128 Firmware Upgrade
Figure 128 Firmware Upgrade The following table describes the labels in this screen. Table 88 Firmware Upgrade LABEL DESCRIPTION Current Firmware This is the present Firmware version and the date created. Version File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.
Page 238: Backup And Restore
P-2602R/RL-DxA Series User’s Guide The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 130 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear.
Page 239: Backup Configuration
Figure 132 Configuration 22.5.1 Backup Configuration Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 240: Reset To Factory Defaults
P-2602R/RL-DxA Series User’s Guide After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 133 Configuration Upload Successful The ZyXEL Device automatically restarts in this time causing a temporary network disconnect.
Page 241: Restart
Figure 136 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to 22.6 Restart System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance >...
Page 242: Ftp Command Configuration Backup Example
P-2602R/RL-DxA Series User’s Guide 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested (the default is “1234”). 5 Enter “ ” to set transfer mode to binary. 6 Use “ ” to transfer files from the ZyXEL Device to the computer, for example, “ rom-0 config.rom computer and renames it “...
Page 243: Backup Configuration Using Tftp
22.7.4 Backup Configuration Using TFTP The ZyXEL Device supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next.
Page 244: Configuration Backup Using Gui-Based Tftp Clients
P-2602R/RL-DxA Series User’s Guide 22.7.6 Configuration Backup Using GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 91 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyXEL Device. 192.168.1.1 is the ZyXEL Device’s default IP address when shipped.
Page 245: Restore Using Ftp Session Example
22.8.1 Restore Using FTP Session Example Figure 139 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec. ftp>quit Refer to Section 22.3 on page 236...
Page 246: Ftp Session Example Of Firmware File Upload
P-2602R/RL-DxA Series User’s Guide 22.9.2 FTP Session Example of Firmware File Upload Figure 140 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds...
Page 247: Tftp Upload Command Example
22.9.4 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras Where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the device’s IP address, “put” transfers the file source on the computer (firmware.bin –...
Page 248 P-2602R/RL-DxA Series User’s Guide Chapter 22 Tools...
Page 249: Chapter 23 Diagnostic
These read-only screens display information to help you identify problems with the ZyXEL Device. 23.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 141 Diagnostic: General The following table describes the fields in this screen. Table 92 Diagnostic: General LABEL DESCRIPTION...
Page 250: Figure 142 Diagnostic: Dsl Line
P-2602R/RL-DxA Series User’s Guide Figure 142 Diagnostic: DSL Line The following table describes the fields in this screen. Table 93 Diagnostic: DSL Line LABEL ATM Status Click this button to view your DSL connection’s Asynchronous Transfer Mode (ATM) statistics. ATM is a networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells.
Page 251 Table 93 Diagnostic: DSL Line (continued) LABEL DSL Line Status Click this button to view statistics about the DSL connections. noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the ZyXEL Device from the ISP). It is measured in decibels.
Page 252 P-2602R/RL-DxA Series User’s Guide Chapter 23 Diagnostic...
Page 253: Chapter 24 Troubleshooting
This chapter covers potential problems and the corresponding remedies. 24.1 Problems Starting Up the ZyXEL Device Table 94 Troubleshooting Starting Up Your Device PROBLEM CORRECTIVE ACTION None of the Make sure that the ZyXEL Device’s power adaptor is connected to the ZyXEL Device lights turn on and plugged in to an appropriate power source.
Page 254: Problems With The Wan
P-2602R/RL-DxA Series User’s Guide 24.3 Problems with the WAN Table 96 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL light is Check the telephone wire and connections between the ZyXEL Device DSL port off. and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service.
Page 255: Problems Accessing The Zyxel Device
24.4 Problems Accessing the ZyXEL Device Table 97 Troubleshooting Accessing Your Device PROBLEM CORRECTIVE ACTION I cannot The username is “admin”. The default password is “1234”. The Password and access the Username fields are case-sensitive. Make sure that you enter the correct password ZyXEL Device.
Page 256: Internet Explorer Pop-Up Blockers
P-2602R/RL-DxA Series User’s Guide • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 24.4.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address.
Page 257: Figure 144 Internet Options
Figure 144 Internet Options 3 Click Apply to save this setting. 24.4.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Page 258: Figure 145 Internet Options
P-2602R/RL-DxA Series User’s Guide Figure 145 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Chapter 24 Troubleshooting...
Page 259: Javascripts
Figure 146 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 24.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
Page 260: Figure 147 Internet Options
P-2602R/RL-DxA Series User’s Guide Figure 147 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
Page 261: Java Permissions
Figure 148 Security Settings - Java Scripting 24.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 262: Figure 149 Security Settings - Java
P-2602R/RL-DxA Series User’s Guide Figure 149 Security Settings - Java 24.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for
under Java (Sun) is selected. 3 Click OK to close the window.

Page 263: Telephone Problems
Figure 150 Java (Sun) 24.5 Telephone Problems Table 98 Troubleshooting Telephone PROBLEM CORRECTIVE ACTION The telephone port Check the telephone connections and telephone wire. won’t work or the Make sure you have the VoIP SIP Settings screen properly configured. telephone lacks a dial tone.

Page 264: Problems With Multiple Sip Accounts
P-2602R/RL-DxA Series User’s Guide 24.6 Problems With Multiple SIP Accounts You can set up two SIP accounts on your ZyXEL Device and your ZyXEL Device is equipped with two phone ports. By default your ZyXEL Device uses SIP account 1 with both phone ports for outgoing calls and it uses SIP accounts 1 and 2 for incoming calls.

Page 265: Incoming Calls
Figure 152 Outgoing Calls: Individual SIP Accounts 24.6.2 Incoming Calls The following figure represents the default behavior of your ZyXEL Device when two SIP accounts are configured and you are using two phones. When a call comes in from your SIP account 1, the phones connected to both phone port 1 and phone port 2 ring.

Page 266: Figure 154 Incoming Calls: Individual Sip Accounts
P-2602R/RL-DxA Series User’s Guide Figure 154 Incoming Calls: Individual SIP Accounts Chapter 24 Troubleshooting...

Page 267: Product Specifications
See also Chapter 1 on page 35 Specification Tables Table 99 Device Specifications Default IP Address Default Subnet Mask Default Password DHCP Server IP Pool Static DHCP Addresses Dimensions Weight Power Specification Ethernet PHONE Ports LINE Port RESET Button Operation Temperature Storage Temperature Operation Humidity Storage Humidity...

Page 268: Table 100 Firmware Specifications
P-2602R/RL-DxA Series User’s Guide Table 100 Firmware Specifications ADSL Standards Other Protocol Support Management Firewall Support ITU G.992.1 G.dmt (Annex A, Annex B, U-R2) EOC specified in ITU-T G.992.1 ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL 2/2+ AnnexM ADSL2+ (G.992.5) Reach-Extended ADSL (RE ADSL) SRA (Seamless Rate Adaptation) Auto-negotiating rate adaptation...

Page 269: Table 101 Zyxel Device Power Adaptor Specifications
Table 100 Firmware Specifications (continued) NAT/SUA Content Filtering Static Routes Voice Features Other Features Power Adaptor Specifications Table 101 ZyXEL Device Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model Input Power Output Power Appendix A Product Specifications P-2602R/RL-DxA Series User’s Guide Port Forwarding 512 NAT sessions per host...

Page 270 P-2602R/RL-DxA Series User’s Guide Table 101 ZyXEL Device Power Adaptor Specifications (continued) Power Consumption Safety Standards AC Power Adapter Model Input Power Output Power Power Consumption Safety Standards CHINA PLUG STANDARDS AC Power Adapter Model Input Power Output Power Power Consumption Safety Standards EUROPEAN PLUG STANDARDS AC Power Adapter Model...

Page 271: Splitters And Microfilters
This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals. This allows simultaneous Internet access and telephone service on the same line.

Page 272: Figure 156 Connecting A Microfilter
P-2602R/RL-DxA Series User’s Guide 1 Connect a phone cable from the wall jack to the single jack end of the Y- Connector. 2 Connect a cable from the double jack end of the Y-Connector to the “wall side” of the microfilter.

Page 273: Setting Up Your Computer's Ip Address
Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.

Page 274: Figure 157 Windows 95/98/Me: Network: Configuration
P-2602R/RL-DxA Series User’s Guide Figure 157 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.

Page 275: Configuring
3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.

Page 276: Verifying Settings
P-2602R/RL-DxA Series User’s Guide Figure 159 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted.

Page 277: Figure 160 Windows Xp: Start Menu
Figure 160 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 161 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix C Setting up Your Computer’s IP Address P-2602R/RL-DxA Series User’s Guide...

Page 278: Figure 162 Windows Xp: Control Panel: Network Connections: Properties
P-2602R/RL-DxA Series User’s Guide Figure 162 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 163 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).

Page 279: Figure 164 Windows Xp: Advanced Tcp/Ip Settings
• Figure 164 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...

Page 280: Verifying Settings
P-2602R/RL-DxA Series User’s Guide 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • • Figure 165 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window. 10Turn on your ZyXEL Device and restart your computer (if prompted).

Page 281: Macintosh Os 8/9
Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 166 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Appendix C Setting up Your Computer’s IP Address P-2602R/RL-DxA Series User’s Guide...

Page 282: Verifying Settings
P-2602R/RL-DxA Series User’s Guide Figure 167 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • • • • 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration.

Page 283: Figure 168 Macintosh Os X: Apple Menu
Figure 168 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • • • 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 169 Macintosh OS X: Network 4 For statically assigned settings, do the following: •...

Page 284: Verifying Settings
P-2602R/RL-DxA Series User’s Guide • 5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. Type the IP address of your ZyXEL Device in the Router address box.

Page 285: Appendix Dip Subnetting
IP Addressing Routers “route” based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (eight bits), written in dotted decimal notation, for example, 192.168.1.1.

Page 286: Subnet Masks
P-2602R/RL-DxA Series User’s Guide Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a class “B” must begin with “10”, therefore the first octet of a class “B”...

Page 287: Example: Two Subnets
Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/”...

Page 288: Table 107 Subnet 1
P-2602R/RL-DxA Series User’s Guide Note: In the following charts, shaded/bold last octet bit values indicate host ID bits “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet.

Page 289: Example: Four Subnets
Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00, 01, 10 and 11. The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.

Page 290: Example Eight Subnets
P-2602R/RL-DxA Series User’s Guide Table 112 Subnet 4 IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.192 Broadcast Address: 192.168.1.255 Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). The following table shows class C IP address last octet values for each subnet.

Page 291: Subnetting With Class A And Class B Networks
Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (Table 102 on page The following table is a summary for class “B”...

Page 292 P-2602R/RL-DxA Series User’s Guide Appendix D IP Subnetting...

Page 293: Appendix E Services
The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP.

Page 294 P-2602R/RL-DxA Series User’s Guide Table 116 Examples of Services (continued) NAME HTTPS ICMP IGMP (MULTICAST) IMAP4 IMAP4S MSN Messenger NetBIOS NEW-ICQ NEWS NNTP PING POP3 POP3S PPTP PPTP_TUNNEL (GRE) RCMD PROTOCOL PORT(S) DESCRIPTION HTTPS is a secured http session often used in e-commerce.

Page 295 Table 116 Examples of Services (continued) NAME REAL_AUDIO REXEC RLOGIN ROADRUNNER RTELNET RTSP SFTP SMTP SMTPS SNMP SNMP-TRAPS SQL-NET SSDP STRM WORKS SYSLOG TACACS TELNET TFTP VDOLIVE Appendix E Services P-2602R/RL-DxA Series User’s Guide PROTOCOL PORT(S) DESCRIPTION 7070 A streaming audio service that enables real time sound over the web.

Page 296 P-2602R/RL-DxA Series User’s Guide Appendix E Services...

Page 297: Appendix F Firewall Commands
Sys Firewall Commands The following describes the firewall commands. See the Command Interpreter appendix for information on the command structure. these commands must be preceded by them. For example, type firewall. Table 117 Sys Firewall Command disp active disp clear pktdump dynamicrule...

Page 298 P-2602R/RL-DxA Series User’s Guide Appendix F Firewall Commands...

Page 299: Appendix G Triangle Route
The Ideal Setup When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks. Figure 170 Ideal Setup The “Triangle Route”...

Page 300: The "Triangle Route" Solutions
P-2602R/RL-DxA Series User’s Guide Figure 171 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.

Page 301: Gateways On The Wan Side
Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your ZyXEL Device to your LAN. Therefore your LAN is protected. Figure 173 Gateways on the WAN Side Appendix G Triangle Route P-2602R/RL-DxA Series User’s Guide...

Page 302 P-2602R/RL-DxA Series User’s Guide Appendix G Triangle Route...

Page 303: Appendix H Log Descriptions
This appendix provides descriptions of example log messages. Table 118 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP: %s DHCP client IP expired DHCP server assigns %s Successful WEB login WEB login failed Successful TELNET login TELNET login failed Successful FTP login...

Page 304: Table 119 System Error Logs
P-2602R/RL-DxA Series User’s Guide Table 118 System Maintenance Logs (continued) LOG MESSAGE Successful HTTPS login HTTPS login failed Table 119 System Error Logs LOG MESSAGE %s exceeds the max. number of session per host! setNetBIOSFilter: calloc error readNetBIOSFilter: calloc error WAN connection is down.

Page 305: Table 121 Tcp Reset Logs
Table 121 TCP Reset Logs LOG MESSAGE Under SYN flood attack, sent TCP RST Exceed TCP MAX incomplete, sent TCP RST Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP Table 122 Packet Filter Logs...

Page 306: Table 124 Cdr Logs
P-2602R/RL-DxA Series User’s Guide Table 123 ICMP Logs (continued) LOG MESSAGE Triangle route packet forwarded: ICMP Packet without a NAT table entry blocked: ICMP Unsupported/out-of-order ICMP: ICMP Router reply ICMP packet: ICMP Table 124 CDR Logs LOG MESSAGE board %d line %d channel %d, call %d, %s C01 Outgoing Call dev=%x ch=%x %s board %d line %d channel %d,...

Page 307: Table 126 Upnp Logs
Table 126 UPnP Logs LOG MESSAGE UPnP pass through Firewall Table 127 Content Filtering Logs LOG MESSAGE %s: block keyword For type and code details, see Table 128 Attack Logs LOG MESSAGE attack [ TCP | UDP | IGMP | ESP | GRE | OSPF ] attack ICMP (type:%d, code:%d) land [ TCP | UDP | IGMP |...

Page 308: Table 129 802.1X Logs
P-2602R/RL-DxA Series User’s Guide Table 128 Attack Logs (continued) LOG MESSAGE ip spoofing - no routing entry ICMP (type:%d, code:%d) vulnerability ICMP (type:%d, code:%d) traceroute ICMP (type:%d, code:%d) Table 129 802.1X Logs LOG MESSAGE Local User Database accepts user. Local User Database reports user credential error.

Page 309: Table 130 Acl Setting Notes
Table 129 802.1X Logs (continued) LOG MESSAGE No Server to authenticate user. Local User Database does not find user`s credential. Table 130 ACL Setting Notes PACKET DIRECTION (L to W) (W to L) (L to L/ZyXEL Device) (W to W/ZyXEL Device) Table 131 ICMP Notes TYPE...

Page 310: Table 132 Syslog Logs
P-2602R/RL-DxA Series User’s Guide Table 131 ICMP Notes (continued) TYPE CODE Table 132 Syslog Logs LOG MESSAGE Mon dd hr:mm:ss hostname src="" dst="" msg="" note="" devID="" cat=" Table 133 SIP Logs LOG MESSAGE SIP Registration Success by SIP:SIP Phone Number SIP Registration Fail by SIP:SIP Phone Number...

Page 311: Table 134 Rtp Logs
Table 134 RTP Logs LOG MESSAGE Error, RTP init fail Error, Call fail: RTP connect fail Error, RTP connection cannot close Table 135 FSM Logs: Caller Side LOG MESSAGE VoIP Call Start Ph[Phone Port Number] <- Outgoing Call Number VoIP Call Established Ph[Phone Port] ->...

Page 312: Log Commands
1 Use the sys logs load configure which logs the ZyXEL Device is to record. 2 Use sys logs category Figure 174 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ? Valid commands are: exit bridge voiceradius ras>...

Page 313: Displaying Logs
Figure 175 Displaying Log Parameters Example ras> sys logs category access Usage: [0:none/1:log/2:alert/3:both] ras> 4 Use sys logs category record. Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category.

Page 314: Log Command Example
P-2602R/RL-DxA Series User’s Guide Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. Figure 176 Log Command Example ras> sys logs load ras> sys logs category access 3 ras>...

Page 315: Appendix I Command Interpreter
The following describes how to use the command interpreter. Telnet to the ZyXEL Device and enter the password to use the commands. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.

Page 316 P-2602R/RL-DxA Series User’s Guide Appendix I Command Interpreter...

Page 317: Appendix J Internal Sptgen
Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual screens for each ZyXEL Device.

Page 318: Internal Sptgen Ftp Download Example
P-2602R/RL-DxA Series User’s Guide Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 177 on page If you enter a parameter that is invalid in the Input column, the ZyXEL Device will not save the configuration and the command line will display the Field Identification Number.

Page 319: Internal Sptgen Ftp Upload Example
Figure 180 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “...

Page 320: Table 140 Menu 1 General Setup
P-2602R/RL-DxA Series User’s Guide Table 139 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device. The following are the Internal SPTGEN menus. Table 140 Menu 1 General Setup / Menu 1 General Setup 10000000 =...

Page 321 Table 141 Menu 3 30200001 = DHCP 30200002 = Client IP Pool Starting Address 30200003 = Size of Client IP Pool 30200004 = Primary DNS Server 30200005 = Secondary DNS Server 30200006 = Remote DHCP Server 30200008 = IP Address 30200009 = IP Subnet Mask 30200010 =...

Page 322 P-2602R/RL-DxA Series User’s Guide Table 141 Menu 3 30201008 = IP Alias #1 Incoming protocol filters Set 3 30201009 = IP Alias #1 Incoming protocol filters Set 4 30201010 = IP Alias #1 Outgoing protocol filters Set 1 30201011 = IP Alias #1 Outgoing protocol filters Set 2 30201012 =...

Page 323: Table 142 Menu 4 Internet Access Setup
Table 141 Menu 3 30500004 = RTS Threshold 30500005 = FRAG. Threshold 30500006 = 30500007 = Default Key 30500008 = WEP Key1 30500009 = WEP Key2 30500010 = WEP Key3 30500011 = WEP Key4 30500012 = Wlan Active */ MENU 3.5.1 WLAN MAC ADDRESS FILTER 30501001 = Mac Filter Active 30501002 =...

Page 324 P-2602R/RL-DxA Series User’s Guide Table 142 Menu 4 Internet Access Setup (continued) 40000002 = Active 40000003 = ISP's Name 40000004 = Encapsulation 40000005 = Multiplexing 40000006 = VPI # 40000007 = VCI # 40000008 = Service Name 40000009 = My Login 40000010 = My Password 40000011 =...

Page 325: Table 143 Menu 12
Table 142 Menu 4 Internet Access Setup (continued) 40000032= RIP Version 40000033= Nailed-up Connection Table 143 Menu 12 / Menu 12.1.1 IP Static Route Setup 120101001 = IP Static Route set #1, Name 120101002 = IP Static Route set #1, Active 120101003 = IP Static Route set #1, Destination IP address...

Page 326 P-2602R/RL-DxA Series User’s Guide Table 143 Menu 12 (continued) / Menu 12.1.4 IP Static Route Setup 120104001 = IP Static Route set #4, Name 120104002 = IP Static Route set #4, Active 120104003 = IP Static Route set #4, Destination IP address 120104004 = IP Static Route set #4, Destination...

Page 327 Table 143 Menu 12 (continued) 120107006 = IP Static Route set #7, Metric 120107007 = IP Static Route set #7, Private / Menu 12.1.8 IP Static Route Setup 120108001 = IP Static Route set #8, Name 120108002 = IP Static Route set #8, Active 120108003 = IP Static Route set #8, Destination IP address...

Page 328 P-2602R/RL-DxA Series User’s Guide Table 143 Menu 12 (continued) 120111004 = IP Static Route set #11, Destination IP subnetmask 120111005 = IP Static Route set #11, Gateway 120111006 = IP Static Route set #11, Metric 120111007 = IP Static Route set #11, Private */ Menu 12.1.12 IP Static Route Setup 120112001 = IP Static Route set #12, Name...

Page 329: Table 144 Menu 15 Sua Server Setup
Table 143 Menu 12 (continued) 120115002 = IP Static Route set #15, Active 120115003 = IP Static Route set #15, Destination IP address 120115004 = IP Static Route set #15, Destination IP subnetmask 120115005 = IP Static Route set #15, Gateway 120115006 = IP Static Route set #15, Metric 120115007 =...

Page 330 P-2602R/RL-DxA Series User’s Guide Table 144 Menu 15 SUA Server Setup (continued) 150000014 = SUA Server #4 Port Start 150000015 = SUA Server #4 Port End 150000016 = SUA Server #4 Local IP address 150000017 = SUA Server #5 Active 150000018 = SUA Server #5 Protocol 150000019 =...

Page 331: Table 145 Menu 21.1 Filter Set #1
Table 144 Menu 15 SUA Server Setup (continued) 150000048 = SUA Server #11 Protocol 150000049 = SUA Server #11 Port Start 150000050 = SUA Server #11 Port End 150000051 = SUA Server #11 Local IP address 150000052 = SUA Server #12 Active 150000053 = SUA Server #12 Protocol 150000054 =...

Page 332 P-2602R/RL-DxA Series User’s Guide Table 145 Menu 21.1 Filter Set #1 (continued) / Menu 21.1.1.2 set #1, rule #2 210102001 = IP Filter Set 1,Rule 2 Type 210102002 = IP Filter Set 1,Rule 2 Active 210102003 = IP Filter Set 1,Rule 2 Protocol 210102004 = IP Filter Set 1,Rule 2 Dest IP address 210102005 =...

Page 333 Table 145 Menu 21.1 Filter Set #1 (continued) 210103013 = IP Filter Set 1,Rule 3 Act Match 210103014 = IP Filter Set 1,Rule 3 Act Not Match / Menu 21.1.1.4 set #1, rule #4 210104001 = IP Filter Set 1,Rule 4 Type 210104002 = IP Filter Set 1,Rule 4 Active 210104003 =...

Page 334: Table 146 Menu 21.1 Filer Set #2
P-2602R/RL-DxA Series User’s Guide Table 145 Menu 21.1 Filter Set #1 (continued) 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask 210105010 = IP Filter Set 1,Rule 5 Src Port 210105011 = IP Filter Set 1,Rule 5 Src Port Comp 210105013 = IP Filter Set 1,Rule 5 Act Match 210105014 =...

Page 335 Table 146 Menu 21.1 Filer Set #2, (continued) / Menu 21.1.2.1 Filter set #2, rule #1 210201001 = IP Filter Set 2, Rule 1 Type 210201002 = IP Filter Set 2, Rule 1 Active 210201003 = IP Filter Set 2, Rule 1 Protocol 210201004 = IP Filter Set 2, Rule 1 Dest IP address...

Page 336 P-2602R/RL-DxA Series User’s Guide Table 146 Menu 21.1 Filer Set #2, (continued) 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask 210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port Comp 210202013 = IP Filter Set 2, Rule 2 Act Match...

Page 337 Table 146 Menu 21.1 Filer Set #2, (continued) 210204002 = IP Filter Set 2, Rule 4 Active 210204003 = IP Filter Set 2, Rule 4 Protocol 210204004 = IP Filter Set 2, Rule 4 Dest IP address 210204005 = IP Filter Set 2, Rule 4 Dest Subnet Mask 210204006 = IP Filter Set 2, Rule 4 Dest Port...

Page 338 P-2602R/RL-DxA Series User’s Guide Table 146 Menu 21.1 Filer Set #2, (continued) 210205011 = IP Filter Set 2, Rule 5 Src Port Comp 210205013 = IP Filter Set 2, Rule 5 Act Match 210205014 = IP Filter Set 2, Rule 5 Act Not Match / Menu 21.1.2.6 Filter set #2, rule #6 210206001 =...

Page 339: Table 147 Menu 23 System Menus
Table 147 Menu 23 System Menus */ Menu 23.1 System Password Setup 230000000 = System Password */ Menu 23.2 System security: radius server 230200001 = Authentication Server Configured 230200002 = Authentication Server Active 230200003 = Authentication Server IP Address 230200004 = Authentication Server Port 230200005 = Authentication Server Shared...

Page 340: Command Examples
P-2602R/RL-DxA Series User’s Guide Table 147 Menu 23 System Menus (continued) 230400008 = WPA Mixed Mode 230400009 = Data Privacy for Broadcast/ Multicast packets 230400010 = WPA Broadcast/Multicast Key Update Timer Table 148 Menu 24.11 Remote Management Control / Menu 24.11 Remote Management Control 241100001 = TELNET Server Port 241100002 =...

Page 341 Table 149 Command Examples (continued) 990000001 = ADSL OPMD Appendix J Internal SPTGEN P-2602R/RL-DxA Series User’s Guide INPUT INPUT <0(etsi)|1(normal) |2(gdmt)|3(multimo de)>...

Page 342 P-2602R/RL-DxA Series User’s Guide Appendix J Internal SPTGEN...

Page 343: Index
AAL5 Address Assignment Address Resolution Protocol (ARP) ADSL Standards ADSL2 38, 117 Alternative Subnet Mask Notation Analysis-by-Synthesis Any IP How it works note Any IP Setup Application Layer Gateway 38, 117 Application-level Firewalls Asynchronous Transfer Mode ATM AAL5 ATM Adaptation Layer 5 (AAL5) ATM Adaptation Layer type 5 Attack Alert Attack Types...

Page 344 P-2602R/RL-DxA Series User’s Guide DHCP Server diagnostic Differentiated Services DiffServ DiffServ Code Point (DSCP) DiffServ Code Points DiffServ Marking Rule Disclaimer DNS (Domain Name System) Domain Name 97, 114, 223 Basics Types DoS (Denial of Service) DoS (Denial of Service), firewall DoS attacks, types of DS Field DSCPs...

Page 345 Half-Open Sessions Host Host IDs Housing HTTP 114, 151, 152 HTTP (Hypertext Transfer Protocol) HTTP, firewall Humidity IAD (Integrated Access Device) IANA IANA (Internet Assigned Number Authority) ICMP echo Icons Key IEEE 802.1Q VLAN IGMP IGMP Proxy IGMP v1 IGMP v2 Install UPnP Windows Me Windows XP...

Page 346 P-2602R/RL-DxA Series User’s Guide 97, 114, 115 Application Definitions How it works Mapping Types Server Mode What it does What NAT does NAT (Network Address Translation) 37, 109 NAT mode NAT Sessions NAT Traversal NetBIOS commands Network Management NNTP Notebook Computer One-Minute High Operation Humidity Operation Temperature...

Page 347 RFC 3261 RIP, See Routing Information Protocol Romfile Router Routing Information Protocol Direction Version RTCP RTP (Real Time Transport Protocol) Rules Checklist Key Fields LAN to WAN Logic Safety Warnings Saving the State Scheduler Seamless Rate Adaptation Security In General Security Ramifications Server 34, 226...

Page 348 P-2602R/RL-DxA Series User’s Guide TCP Maximum Incomplete 176, 177 TCP Security TCP/IP 151, 152 Teardrop Telephone Telnet Temperature Text File Format TFTP File Upload TFTP and FTP over WAN TFTP Restrictions 201, 236 Three-Way Conference 139, 140 Three-Way Handshake Threshold Values Traceroute Traffic Redirect 91, 92, 93, 94...

This manual is also suitable for:
P-2602rl-dxa series P-2602r - v3.40 P-2602r-d1a P-2602r-d3a P-2602r-d7a P-2602rl-d1a ... Show all
P-2602rl-d3a P-2602rl-d7a P-2602r-d series P-2602rl-d series
Table of Contents
Sitemap Brand | Sitemap Product

ZyXEL Communications P-2602R-DxA Series User Manual

Chapter 1 Getting to Know the Zyxel Device

Chapter 2 Introducing the Web Configurator

Chapter 3 Internet Setup Wizard

Chapter 4 Voip Wizard and Example

Chapter 5 Bandwidth Management Wizard

Chapter 6 Status Screens

Chapter 7 WAN Setup

Chapter 8 LAN Setup

Chapter 9 Network Address Translation (NAT) Screens

Chapter 10 Voice

Chapter 11 Phone Usage

Chapter 12 Firewalls

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications P-2602R-DxA Series

Summary of Contents for ZyXEL Communications P-2602R-DxA Series