all | frequencies |
|
|
exhibits | applications |
---|---|---|---|---|---|
manuals |
app s | submitted / available | |||||||
---|---|---|---|---|---|---|---|---|
1 2 |
|
User Manual Part 1 | Users Manual | 3.29 MiB | May 07 2011 | |||
1 2 |
|
User Manual Part 2 | Users Manual | 3.13 MiB | May 07 2011 | |||
1 2 | Attestation Statements | May 07 2011 | ||||||
1 2 | Attestation Statements | May 07 2011 | ||||||
1 2 | Cover Letter(s) | May 07 2011 | ||||||
1 2 | Cover Letter(s) | May 07 2011 | ||||||
1 2 | External Photos | May 07 2011 | ||||||
1 2 | Internal Photos | May 07 2011 | ||||||
1 2 | ID Label/Location Info | May 07 2011 | ||||||
1 2 | ID Label/Location Info | May 07 2011 | ||||||
1 2 | RF Exposure Info | May 07 2011 | ||||||
1 2 | Test Report | May 07 2011 | ||||||
1 2 | Test Report | May 07 2011 | ||||||
1 2 | Test Setup Photos | May 07 2011 | ||||||
1 2 | Test Setup Photos | May 07 2011 |
1 2 | User Manual Part 1 | Users Manual | 3.29 MiB | May 07 2011 |
MAX208M2W Series WiMAX Indoor VoIP Wi-Fi IAD http://192.168.1.1 Default Login Details IP Address:
Admins User Name and Password:
Guests User Name and Password:
admin / 1234 guest / guest Software Version 2.00 Edition 1, 1/2011 www.zyxel.com www.zyxel.com Copyright 2011 ZyXEL Communications Corporation About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL MAX208M2W Series using the ZyXEL Web Configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access. Support Disc Refer to the included CD for support documents. ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. Documentation Feedback Send your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you!
The Technical Writing Team, ZyXEL Communications Corp. Need More Help?
More help is available at www.zyxel.com. MAX208M2W Series Users Guide 3 About This User's Guide Download Library Search for the latest product updates and documentation from this link. Read the Tech Doc Overview to find out how to efficiently use the documentation in order to better understand how to use your product. Knowledge Base If you have a specific question about your product, the answer may be here. This is a collection of answers to previously asked questions about ZyXEL products. Forum This contains discussions on ZyXEL products. Learn from others who use ZyXEL products and share your experiences as well. Customer Support Should problems arise that cannot be solved by the methods listed above, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/web/contact_us.php for contact information. Please have the following information ready when you contact an office. Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. 4 MAX208M2W Series Users Guide Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this Users Guide. Warnings tell you about things that could harm you or your MAX208M2W Series. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions The product(s) described in this book may be referred to as the MAX208M2W Series, the device, the system or the product in this Users Guide. Product labels, screen names, field labels and field choices are all in bold font. A key stroke is denoted by square brackets and uppercase text, for example,
[ENTER] means the enter or return key on your keyboard. Enter means for you to type one or more characters and then press the
[ENTER] key. Select or choose means for you to use one of the predefined choices. A right angle bracket ( > ) within a screen name denotes a mouse click. For example, TOOLS > Logs > Log Settings means you first click Tools in the navigation panel, then the Logs sub menu and finally the Log Settings tab to get to that screen. Units of measurement may denote the metric value or the scientific value. For example, k for kilo may denote 1000 or 1024, M for mega may denote 1000000 or 1048576 and so on. e.g., is a shorthand for for instance, and i.e., means that is or in other words. MAX208M2W Series Users Guide 5 Document Conventions Icons Used in Figures Figures in this Users Guide may use the following generic icons. The MAX208M2W Series icon is not an exact representation of your product. Table 1 Common Icons MAX208M2W Series ComputerWireless Signal NotebookServerBase Station TelephoneSwitchRouter Internet CloudNetwork Cloud 6 MAX208M2W Series Users Guide Safety Warnings Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. Do NOT use this product near water, for example, in a wet basement or near a swimming pool. Do NOT expose your device to dampness, dust or corrosive liquids. Do NOT store things on the device. Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. Connect ONLY suitable accessories to the device. Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information. Make sure to connect the cables to the correct ports. Place connecting cables carefully so that no one will step on them or stumble over them. Always disconnect all cables from this device before servicing or disassembling. Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe). Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug to the power adaptor first before connecting it to a power outlet. Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord. Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution. If the power adaptor or cord is damaged, remove it from the device and the power source. Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning. Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.Use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s). If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged. MAX208M2W Series Users Guide 7 Safety Warnings Make sure that the cable system is grounded so as to provide some protection against voltage surges. Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. 8 MAX208M2W Series Users Guide Contents Overview Contents Overview Users Guide ...........................................................................................................................17 Getting Started ...........................................................................................................................19 Introducing the Web Configurator ..............................................................................................25 Setup Wizard............................................................................................................................. 31 Tutorials .....................................................................................................................................43 Technical Reference ..............................................................................................................63 System Status ............................................................................................................................65 WiMAX .......................................................................................................................................69 Network Setting .........................................................................................................................89 Security ....................................................................................................................................127 The VoIP General Screens ......................................................................................................133 The VoIP Account Screens ......................................................................................................139 The VoIP Line Screens ............................................................................................................157 Maintenance ............................................................................................................................161 Troubleshooting .......................................................................................................................187 Product Specifications .............................................................................................................193 MAX208M2W Series Users Guide 9 Contents Overview 10 MAX208M2W Series Users Guide Table of Contents Table of Contents About This User's Guide..........................................................................................................3 Document Conventions............................................................................................................5 Safety Warnings........................................................................................................................7 Contents Overview...................................................................................................................9 Table of Contents....................................................................................................................11 Part I: Users Guide................................................................................17 Chapter 1 Getting Started........................................................................................................................19 1.1 About Your MAX208M2W Series .........................................................................................19 1.1.1 WiMAX Internet Access .............................................................................................19 1.1.2 Make Calls via Internet Telephony Service Provider ..................................................20 1.2 MAX208M2W Series Hardware ...........................................................................................21 1.2.1 LEDs ..........................................................................................................................21 1.3 Good Habits for Managing the MAX208M2W Series ..........................................................22 Chapter 2 Introducing the Web Configurator........................................................................................25 2.1 Overview ..............................................................................................................................25 2.1.1 Accessing the Web Configurator ................................................................................25 2.1.2 The Reset Button .......................................................................................................26 2.1.3 Saving and Canceling Changes .................................................................................27 2.1.4 Working with Tables ...................................................................................................27 2.2 The Main Screen .................................................................................................................28 Chapter 3 Setup Wizard...........................................................................................................................31 3.1 Overview ..............................................................................................................................31 3.1.1 Welcome to the Setup Wizard ....................................................................................31 3.1.2 LAN Settings ..............................................................................................................33 3.1.3 WiMAX Frequency Settings .......................................................................................34 3.1.4 WiMAX Authentication Settings .................................................................................36 3.1.5 VoIP Settings ..............................................................................................................38 MAX208M2W Series Users Guide 11 Table of Contents 3.1.6 WLAN Settings ...........................................................................................................39 3.1.7 Setup Complete .........................................................................................................41 Chapter 4 Tutorials...................................................................................................................................43 4.1 Overview ..............................................................................................................................43 4.2 WiMAX Connection Settings ...............................................................................................43 4.3 Configuring LAN DHCP .......................................................................................................44 4.4 Changing Certificate ............................................................................................................46 4.5 Blocking Web Access ..........................................................................................................47 4.6 Configuring the MAC Address Filter ....................................................................................48 4.7 Setting Up NAT Port Forwarding .........................................................................................50 4.8 Access the MAX208M2W Series Using DDNS ...................................................................53 4.8.1 Registering a DDNS Account on www.dyndns.org ....................................................53 4.8.2 Configuring DDNS on Your MAX208M2W Series ......................................................54 4.8.3 Testing the DDNS Setting ..........................................................................................54 4.9 Configuring Static Route for Routing to Another Network ...................................................54 4.10 Remotely Managing Your MAX208M2W Series ................................................................57 4.11 VLAN Configuration Example ............................................................................................58 Part II: Technical Reference..................................................................63 Chapter 5 System Status.........................................................................................................................65 5.1 Overview ..............................................................................................................................65 5.2 System Status ......................................................................................................................65 Chapter 6 WiMAX......................................................................................................................................69 6.1 Overview ..............................................................................................................................69 6.1.1 What You Need to Know ............................................................................................69 6.2 Connection Settings ............................................................................................................73 6.3 Frequency Settings ..............................................................................................................75 6.4 Authentication Settings ........................................................................................................78 6.5 Connect ...............................................................................................................................81 6.6 Wide Scan ...........................................................................................................................84 6.7 Link Status ...........................................................................................................................85 6.8 Link Statistics .......................................................................................................................87 6.9 Connection Info ...................................................................................................................88 6.10 Service Flow ......................................................................................................................88 12 MAX208M2W Series Users Guide Chapter 7 Network Setting.......................................................................................................................89 Table of Contents 7.1 Overview ..............................................................................................................................89 7.1.1 What You Need to Know ............................................................................................89 7.2 WAN ....................................................................................................................................94 7.3 PPPoE .................................................................................................................................96 7.4 GRE .....................................................................................................................................98 7.5 EtherIP .................................................................................................................................98 7.6 IP .........................................................................................................................................99 7.7 DHCP ................................................................................................................................100 7.8 WLAN ................................................................................................................................102 7.9 WPS ..................................................................................................................................104 7.10 MAC Address Filter .........................................................................................................104 7.11 Static Route ......................................................................................................................106 7.12 Static Route Add ..............................................................................................................106 7.13 RIP ...................................................................................................................................107 7.14 Port Forwarding ...............................................................................................................108 7.14.1 Port Forwarding Wizard ..........................................................................................110 7.15 Port Trigger .......................................................................................................................111 7.15.1 Port Trigger Wizard .................................................................................................112 7.15.2 Trigger Port Forwarding Example ...........................................................................113 7.16 DMZ ..................................................................................................................................114 7.17 ALG ..................................................................................................................................115 7.18 UPnP ................................................................................................................................116 7.18.1 Installing UPnP in Windows XP ..............................................................................116 7.18.2 Web Configurator Easy Access .............................................................................120 7.19 VLAN ...............................................................................................................................122 7.20 DDNS ..............................................................................................................................125 7.21 Content Filter ...................................................................................................................126 Chapter 8 Security..................................................................................................................................127 8.1 Overview ............................................................................................................................127 8.1.1 What You Need to Know ..........................................................................................127 8.2 IP Filter ..............................................................................................................................128 8.3 MAC Filter ..........................................................................................................................129 8.4 DDOS ................................................................................................................................130 Chapter 9 The VoIP General Screens...................................................................................................133 9.1 VoIP Overview ...................................................................................................................133 9.1.1 What You Can Do in This Chapter ...........................................................................133 9.1.2 What You Need to Know ..........................................................................................133 MAX208M2W Series Users Guide 13 Table of Contents 9.1.3 Before you Begin ......................................................................................................135 9.2 Media .................................................................................................................................135 9.2.1 QoS ..........................................................................................................................136 9.2.2 QoS Settings ............................................................................................................137 9.3 Technical Reference ..........................................................................................................137 9.3.1 DSCP and Per-Hop Behavior ...................................................................................137 Chapter 10 The VoIP Account Screens..................................................................................................139 10.1 Overview ..........................................................................................................................139 10.1.1 What You Can Do in This Chapter .........................................................................139 10.1.2 What You Need to Know ........................................................................................139 10.1.3 SIP User Agent ......................................................................................................140 10.2 Status ...............................................................................................................................144 10.3 Server ..............................................................................................................................146 10.4 Feature ............................................................................................................................147 10.5 User .................................................................................................................................150 10.6 Dialing ..............................................................................................................................152 10.7 Speed Dial .......................................................................................................................152 10.8 FAX ..................................................................................................................................153 10.9 Technical Reference ........................................................................................................154 10.9.1 SIP Call Progression ..............................................................................................154 10.9.2 SIP Client Server ....................................................................................................155 Chapter 11 The VoIP Line Screens.........................................................................................................157 11.1 Overview ..........................................................................................................................157 11.1.1 What You Can Do in This Chapter .........................................................................157 11.1.2 What You Need to Know ........................................................................................157 11.2 Phone ..............................................................................................................................158 11.3 Voice ................................................................................................................................159 11.4 Profile ...............................................................................................................................159 Chapter 12 Maintenance..........................................................................................................................161 12.1 Overview ..........................................................................................................................161 12.1.1 What You Need to Know ........................................................................................161 12.2 Password .........................................................................................................................168 12.3 HTTP ...............................................................................................................................169 12.4 Telnet ...............................................................................................................................170 12.5 SSH .................................................................................................................................170 12.6 SNMP ..............................................................................................................................171 12.7 CWMP .............................................................................................................................172 14 MAX208M2W Series Users Guide Table of Contents 12.8 OMA-DM ..........................................................................................................................174 12.9 Date .................................................................................................................................176 12.10 Time Zone ......................................................................................................................177 12.11 Upgrade File ..................................................................................................................177 12.11.1 The Firmware Upload Process .............................................................................178 12.12 Upgrade Link .................................................................................................................179 12.13 CWMP Upgrade ............................................................................................................179 12.14 Backup ...........................................................................................................................180 12.15 Restore ..........................................................................................................................181 12.15.1 The Restore Configuration Process .....................................................................181 12.16 Factory Defaults ............................................................................................................182 12.17 Log Setting ....................................................................................................................182 12.18 Log Display ....................................................................................................................183 12.19 Ping Test ........................................................................................................................184 12.20 Traceroute Test ..............................................................................................................184 12.21 About .............................................................................................................................185 12.22 Reboot ...........................................................................................................................185 Chapter 13 Troubleshooting....................................................................................................................187 13.1 Power, Hardware Connections, and LEDs ......................................................................187 13.2 MAX208M2W Series Access and Login ..........................................................................188 13.3 Internet Access ................................................................................................................190 13.4 Reset the MAX208M2W Series to Its Factory Defaults ...................................................191 13.4.1 Pop-up Windows, JavaScript and Java Permissions .............................................192 Chapter 14 Product Specifications.........................................................................................................193 14.1 Wall-Mounting ..................................................................................................................201 14.1.1 The Wall-Mounting Kit ............................................................................................201 14.1.2 Instructions .............................................................................................................201 Appendix A WiMAX Security................................................................................................205 Appendix B Setting Up Your Computers IP Address...........................................................209 Appendix C Pop-up Windows, JavaScript and Java Permissions........................................237 Appendix D IP Addresses and Subnetting...........................................................................247 Appendix E Importing Certificates........................................................................................259 Appendix F Common Services.............................................................................................291 Appendix G Legal Information..............................................................................................295 MAX208M2W Series Users Guide 15 Table of Contents Index.......................................................................................................................................299 16 MAX208M2W Series Users Guide PART I Users Guide 17 18 CHAPTER 1 Getting Started 1.1 About Your MAX208M2W Series The MAX208M2W Series includes MAX208M2W and MAX218M2W. The MAX208M2W Series has a built-in switch and two phone ports. It allows you to access the Internet by connecting to a WiMAX wireless network. You can use a traditional analog telephone to make Internet calls using the MAX208M2W Seriess Voice over IP (VoIP) communication capabilities. Additionally, The web browser-based Graphical User Interface (GUI), also known as the web configurator, provides easy management of the device and its features. See Chapter 14 on page 193 for a complete list of features for your model. 1.1.1 WiMAX Internet Access Connect your computer or network to the MAX208M2W Series for WiMAX Internet access. See the Quick Start Guide for instructions on hardware connection. In a wireless metropolitan area network (MAN), the MAX208M2W Series connects to a WiMAX base station (BS) for Internet access. The following diagram shows a notebook computer equipped with the MAX208M2W Series connecting to the Internet through a WiMAX base station
(marked BS). Figure 1 Mobile Station and Base Station When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network. MAX208M2W Series Users Guide 19 Chapter 1Getting Started Use content filtering to block access to web sites with URLs containing keywords that you specify. You can define time periods and days during which content filtering is enabled and include or exclude particular computers on your network from content filtering. For example, you could block access to certain web sites for the kids. 1.1.2 Make Calls via Internet Telephony Service Provider In a home or small office environment, you can use the MAX208M2W Series to make and receive the following types of VoIP telephone calls:
Peer-to-Peer calls - Use the MAX208M2W Series to make a call directly to the recipients IP address without using a SIP proxy server. Figure 2 VoIP Features - Peer-to-Peer Calls Calls via a VoIP service provider - The MAX208M2W Series sends your call to a VoIP service providers SIP server which forwards your calls to either VoIP or PSTN phones. Figure 3 Calls via VoIP Service Provider 20 MAX208M2W Series Users Guide Chapter 1Getting Started 1.2 MAX208M2W Series Hardware Follow the instructions in the Quick Start Guide to make hardware connections. 1.2.1 LEDs The following figure shows the LEDs (lights) on the MAX208M2W Series. Figure 4 The MAX208M2W Seriess LEDs POWER LED WIMAX LINK SIGNAL STRENGTH INDICATORS VOICE LEDS 1 & 2 WLAN LED The following table describes your MAX208M2W Seriess LEDs (from top to bottom). Table 2 The MAX208M2W Series LEDs behavior LED PowerOffThe MAX208M2W Series is not receiving power. DESCRIPTION STATE RedThe MAX208M2W Series is receiving power but has Green been unable to start up correctly or is not receiving enough power. See the Troubleshooting section for more information. Solid: The MAX208M2W Series is receiving power and functioning correctly. Flashing: the device is self-testing (startup) MAX208M2W Series Users Guide 21 Chapter 1Getting Started Table 2 The MAX208M2W Series LEDs behavior LED WiMAX LinkOffThe MAX208M2W Series is not connected to a wireless DESCRIPTION STATE
(WiMAX) network. GreenThe MAX208M2W Series is successfully connected to a wireless (WiMAX) network. The MAX208M2W Series is searching for a wireless
(WiMAX) network. The MAX208M2W Series has found a wireless (WiMAX) network and is connecting. Green (Blinking Slowly) Green (Blinking Quickly) The Strength Indicator LEDs display the Interference-plus-Noise Ratio
(CINR) of the wireless (WiMAX) connection. Signal 1 OnThe signal strength is in the range between 5 and 15. Signal 2 OnThe signal strength is in the range between 16 and 24. Signal 3 OnThe signal strength is greater than or equal to 25 dBm Signal Strength Indicator Voice 1 & 2OffNo SIP account is registered, or the MAX208M2W Series is not receiving power. GreenA SIP account is registered. Green (Blinking)A SIP account is registered, and the phone attached to the VoIP port is in use (off the hook). YellowA SIP account is registered and has a voice message on the SIP server. Yellow (Blinking)A SIP account is registered and has a voice message on the SIP server, and the phone attached to the VoIP port is in use (off the hook). WLANOffThe Wi-Fi network is not operational. GreenThe Wi-Fi network is operational. Blinking GreenThe WiMAX Device is sending and receiving data across the Wi-Fi network. 1.3 Good Habits for Managing the MAX208M2W Series Do the following things regularly to make the MAX208M2W Series more secure and to manage the MAX208M2W Series more effectively. Change the password. Use a password thats not easy to guess and that consists of different types of characters, such as numbers and letters. Write down the password and put it in a safe place. 22 MAX208M2W Series Users Guide Chapter 1Getting Started Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the MAX208M2W Series becomes unstable or even crashes. If you forget your password, you will have to reset the MAX208M2W Series to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-
configure the MAX208M2W Series. You could simply restore your last configuration. MAX208M2W Series Users Guide 23 Chapter 1Getting Started 24 MAX208M2W Series Users Guide CHAPTER 2 Introducing the Web Configurator 2.1 Overview The Web Configurator is an HTML-based management interface that allows easy device set up and management via any web browser that supports: HTML 4.0, CSS 2.0, and JavaScript 1.5, and higher. The recommended screen resolution for using the web configurator is 1024 by 768 pixels and 16-bit color, or higher. In order to use the Web Configurator you need to allow:
Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in many operating systems and web browsers. JavaScript (enabled by default in most web browsers). Java permissions (enabled by default in most web browsers). See the Appendix C on page 237 for more information on configuring your web browser. 2.1.1 Accessing the Web Configurator 1 Make sure your MAX208M2W Series hardware is properly connected (refer to the Quick Start Guide for more information). 2 Launch your web browser. 3 Enter 192.168.1.1" as the URL. MAX208M2W Series Users Guide 25 Chapter 2Introducing the Web Configurator 4 A login screen displays. Enter the default Username (admin) and Password
(1234), then click Login. Figure 5 Login screen Note: For security reasons, the MAX208M2W Series automatically logs you out if you do not use the Web Configurator for five minutes. If this happens, log in again. 2.1.2 The Reset Button If you forget your password or cannot access the Web Configurator, you will need to use the Reset button to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to 1234. 2.1.2.1 Using The Reset Button 1 Make sure the Power light is on (not blinking). 2 To set the device back to the factory default settings, press the Reset button for five seconds or until all LED lights blink one time, then release it. The device restarts when the defaults have been restored. 3 Reconfigure the MAX208M2W Series following the steps in your Quick Start Guide. 26 MAX208M2W Series Users Guide Chapter 2Introducing the Web Configurator 2.1.3 Saving and Canceling Changes All screens to which you can make configuration changes must be saved before those changes can go into effect. If you make a mistake while configuring the MAX208M2W Series, you can cancel those changes and start over. Figure 6 Saving and Canceling Changes This screen contains the following fields:
Table 3 Saving and Canceling Changes LABEL SaveClick this to save your changes. CancelClick this to restore the settings on this page to their last saved values. DESCRIPTION Note: If you make changes to a page but do not save before switching to another page or exiting the Web Configurator, those changes are disgarded. 2.1.4 Working with Tables Many screens in the MAX208M2W Series contain tables to provide information or additional configuration options. Figure 7 Tables Example This screen contains the following fields:
Table 4 Saving and Canceling Changes LABEL DESCRIPTION Items per Page This displays the number of items displayed per table page. Use the menu to change this value. First Page Click this to go to the first page in the table. MAX208M2W Series Users Guide 27 Chapter 2Introducing the Web Configurator Table 4 Saving and Canceling Changes (continued) LABEL DESCRIPTION Previous Page Click this to go to the previous page in the table. Page Indicator / Jump to Page This indicates which page is currently displayed in the table. Use the menu to jump to another page. You can only jump to other pages if those pages exist. Next Page Click this to go to the previous page in the table. Last Page Click this to go to the last page in the table.
#This indicates an item bearing on that items importance or lack there of. s position in the table. It has no Total NumThis indicates the total number of items in the table, including items on pages that are not visible. 2.2 The Main Screen When you first log into the Web Configurator, the Main screen appears. Here you can view a summary of your MAX208M2W Seriess connection status. This is also the default home page for the Web Configurator and it contains conveniently-
placed shortcuts to all of the other screens. Note: Some features in the Web Configurator may not be available depending on your firmware version and/or configuration. Note: The available menus and screens vary depending on the user account you use for login. 28 MAX208M2W Series Users Guide Chapter 2Introducing the Web Configurator Figure 8 Main Screen The following table describes the icons in this screen. Table 5 Main > Icons ICON DESCRIPTION System Status Click this to open the Main screen, which shows your MAX208M2W Series status and other information. WiMAX Click this to open the WiMAX menu, which gives you options for configuring your WiMAX settings. Network Setting Click this to open the Network menu, which gives you options for configuring your network settings. Security Click this to open the Security menu, which gives you options for configuring your firewall and security settings. VoIP Click this icon to open the VoIP menu, which gives you options on how to use the device to make phone calls. MAX208M2W Series Users Guide 29 Chapter 2Introducing the Web Configurator Table 5 Main > Icons (continued) ICON DESCRIPTION Maintenance Click this to open the Maintenance menu, which gives you options for maintaining your MAX208M2W Series and performing basic network connectivity tests. Language Use this menu to select the Web Configurators language. Setup Wizard Click this to open the Setup Wizard, where you can configure the most essential settings for your MAX208M2W Series to work. Logout Click this to log out of the Web Configurator. 30 MAX208M2W Series Users Guide CHAPTER 3 Setup Wizard 3.1 Overview This chapter provides information on the ZyXEL Setup Wizard. The wizard guides you through several steps for onfiguring your network settings. 3.1.1 Welcome to the Setup Wizard This screen provides a quick summary of the configuration tasks the wizard helps you to perform. They are:
1 Set up your Local Area Network (LAN) options, which determine how the devices in your home or office connect to the MAX208M2W Series. 2 Set up your MAX208M2W Seriess broadcast frequency, which is the radio channel it uses to communicate with the ISPs base station. 3 Set up your MAX208M2W Seriess login options, which are used to connect your LAN to the ISPs network and verify your account. 4 Set up your MAX208M2W Seriess VoIP Settings, which will allow you to make calls over the nternet. MAX208M2W Series Users Guide 31 Chapter 3Setup Wizard 5 Set up your MAX208M2W Seriess WLAN so that other devices, such as a laptop or a smartphone, can connect wirelessly to the nternet using the MAX208M2W Series. Figure 9 Setup Wizard > Welcome 32 MAX208M2W Series Users Guide Chapter 3Setup Wizard 3.1.2 LAN Settings The LAN Settings screen allows you to configure your local network options. Figure 10 Setup Wizard > LAN Settings The following table describes the labels in this screen. Table 6 Setup Wizard > LAN Settings LABEL LAN TCP/IP DESCRIPTION IP Address Enter the IP address of the MAX208M2W Series on the LAN. Note: This field is the IP address you use to access the MAX208M2W Series on the LAN. If the web configurator is running on a computer on the LAN, you lose access to it as soon as you change this field. You can access the web configurator again by typing the new IP address in the browser. Enter the subnet mask of the LAN. Select this if you want the MAX208M2W Series to be the DHCP server on the LAN. As a DHCP server, the MAX208M2W Series assigns IP addresses to DHCP clients on the LAN and provides the subnet mask and DNS server information. Enter the IP address from which the MAX208M2W Series begins allocating IP addresses. Enter the IP address at which the MAX208M2W Series stops allocating IP addresses. IP Subnet Mask DHCP Server Enable Start IP End IP MAX208M2W Series Users Guide 33 Chapter 3Setup Wizard Table 6 Setup Wizard > LAN Settings (continued) LABEL DESCRIPTION Enter the duration in minutes before the device requests a new IP address from the DHCP server. DNS Server assigned by DHCP Server Lease Time First DNS Server Second DNS Server Third DNS Server Specify the first IP address of three DNS servers that the network can use. The MAX208M2W Series provides these IP addresses to DHCP clients. Specify the second IP address of three DNS servers that the network can use. The MAX208M2W Series provides these IP addresses to DHCP clients. Specify the third IP address of three DNS servers that the network can use. The MAX208M2W Series provides these IP addresses to DHCP clients. Back Next Click to display the previous screen. Click to proceed to the next screen. 3.1.3 WiMAX Frequency Settings The WiMAX Frequency Settings screen allows you to configure the broadcast radio frequency used by the MAX208M2W Series. Note: These settings should be provided by your ISP. Figure 11 Setup Wizard > WiMAX Frequency Settings 34 MAX208M2W Series Users Guide Chapter 3Setup Wizard The following table describes the labels in this screen. Table 7 Setup Wizard > WiMAX Frequency Settings LABEL Setting TypeSelect the WiMAX frequency setting type from the list. DESCRIPTION By Range - Select this to set up the frequency based on a range of MHz. By List - Select this to set up the frequency on an individual MHz basis. You can add multiple MHz values to the list. StepEnter the increments in MHz by which to increase the frequency range. Note: This field only appears when you select By Range under Setting Type. Start FrequencyEnter the frequency value at the beginning of the frequency range to use. The frequency is increased in increments equal to the Step value until the End Frequency is reached, at which time the cycle starts over with the Start Frequency. Note: This field only appears when you select By Range under Setting Type. End FrequencyEnter the frequency value at the end of the frequency range to use. Note: This field only appears when you select By Range under Setting Type. BandwidthSet the frequency bandwidth in MHz that this MAX208M2W Series uses.
#This is an index number for enumeration purposes only. Frequency (MHz)Displays the frequency MHz for the item in the list. Total NumDisplays the total number of items in the list. DeleteClick this to remove an item from the list. AddClick this to add an item to the list. OKClick this to save an newly added item to the list.
#This is an index number for enumeration purposes only. Band Start (KHz)Indicates the beginning of the frequency band in KHz. Band End (KHz)Indicates the end of the frequency band in KHz. Total NumDisplays the total number of items in the list. Back Next Click to display the previous screen. Click to proceed to the next screen. MAX208M2W Series Users Guide 35 Chapter 3Setup Wizard 3.1.4 WiMAX Authentication Settings The WiMAX Authentication Settings screen allows you to configure how your MAX208M2W Series logs into the service providers network. Note: These settings should be provided by your ISP. Note: The EAP supplicant settings on this screen vary depending on the authentication mode your select. Figure 12 Setup Wizard > WiMAX Authentication Settings 36 MAX208M2W Series Users Guide The following table describes the labels in this screen. Chapter 3Setup Wizard Table 8 Setup Wizard > WiMAX Authentication Settings LABEL Authentication Authenticati on Mode DESCRIPTION Select a WiMAX authentication mode for authentication network sessions with the ISP. Options are:
No authentication User authentication Device authentication User and Device authentication EAP Supplication EAP Mode Anonymous Id Select an EAP autentication mode. See Table 15 on page 79 if you need more inforamtion. Enter your anonymous ID. This field displays information about the assigned server root certificate. Browse for and choose a device certificate file, if required. Note: Some modes may not require this. Select this to ignore base station certification verification when a certificate is received during EAP-TLS or EAP-TTLS. Browse for and choose a server root certificate file, if required. Ignore Cert Verification Server Root CA Cert. File Server Root CA Cert. Info Device Cert. File Device Cert. Info. Device Private Key Device Private Key Info Device Private Key Password Inner Mode Select an inner authentication mode (MS-CHAP, MS-CHAPV2, CHAP, This field displays information about the assigned device certificate. This field displays information about the assigned device private key. Browse for and choose a device private key, if required. Enter the device private key, if required. Username Password Back Next MD5, PAP. See Table 15 on page 79 if you need more inforamtion. Enter your authentication username. Enter your authentication password. Click to display the previous screen. Click to proceed to the next screen. MAX208M2W Series Users Guide 37 Chapter 3Setup Wizard 3.1.5 VoIP Settings The VoIP Settings screen allows you to configure how your MAX208M2W Series connects to up to two VoIP service providers network and makes calls over the Internet. Note: This settings should be provided by your VoIP service provider. Figure 13 Setup Wizard > VoIP Settings The following table describes the labels in this screen. DESCRIPTION Table 9 Setup Wizard > VoIP Settings LABEL Line 1 SIP Account - Configure this section to use the PHONE 1 port. Enable SIP ServerEnter the IP address or domain name of the SIP server. Port NumberEnter the SIP server Select this to activate the SIP account. s listening port number. 38 MAX208M2W Series Users Guide Chapter 3Setup Wizard Figure 15 Steup Wizard > WLAN Settings > Encryption Type: WPA Personall The following table describes the labels in this screen. Table 10 Setup Wizard > WLAN Settings LABEL Wifi Settings DESCRIPTION Enable WLAN WLAN Mode Select this box to enable the wireless service and allow other wireless clients to connect to the Internet using the MAX208M2W Series. Select the mode that the MAX208M2W Series will be using to communicate: 802.11 B/G/N mixed, 802.11 B/G mixed, 802.11 B only, 802.11 G only, or 802.11 N only. WLAN Channel Select one channel from 1 to 13 for wireless communications with the wireless stations. SSID Settings WLAN SSID Hide SSID Encryption Type SSID WEP Settings This field dilsplays the name of the wireless network associated with the MAX208M2W Series. Select this option if you wish to keep the name of the wireless network hidden. Select the type of encryption that the network will be using:
None, WEP, or WPA Personal. Authentication Method Note: You will only see this options if you selected WEP as the Encryption Type. Select the type of authentication used to join the network:
Openn System or Shared Key. Select the length of the encryption key: 64-bit or 128-bit. WEP Encryption Length Key 1 - 4 Pick one of four available keys. The key can be in either Hexagecimal (HEX) or ASCII format. Type the key using any letters and numbers. The field is case sensitive and the lenght must match the length picked in the step above (64-bit or 128-bit). A warning mesage will appear if you fail to do this. SSID WPA Settings 40 MAX208M2W Series Users Guide Chapter 3Setup Wizard Table 10 Setup Wizard > WLAN Settings (continued) LABEL WPA ModeSelect either WPA, WPA2 or Auto (WPA or WPA2). Cipher TypeSelect the type of authentication that you wish to use for your network:
DESCRIPTION TKIP, AES or both. AES is more secure. Pre Shared KeyType the pre-shared key or PSK previously shared between the two parties. 3.1.7 Setup Complete Click Save to save the Setup Wizard settings and close it. Figure 16 Setup Wizard > Setup Complete Launch your web browser and navigate to www.zyxel.com. If everything was configured properly, the web page should display. You can now surf the Internet!
Refer to the rest of this guide for more detailed information on the complete range of MAX208M2W Series features available in the more advanced web configurator. Note: If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. MAX208M2W Series Users Guide 41 Chapter 3Setup Wizard 42 MAX208M2W Series Users Guide CHAPTER 4 Tutorials 4.1 Overview This chapter shows you how to configure some of the MAX208M2W Seriess features. Note: Be sure to read Introducing the Web Configurator on page 25 before working through the tutorials presented here. For field descriptions for individual screens, see the related technical reference in this User's Guide. This chapter includes the following configuration examples:
WiMAX Connection Settings on page 43 Configuring LAN DHCP on page 44 Changing Certificate on page 46 Blocking Web Access on page 47 Configuring the MAC Address Filter, see page48 Setting Up NAT Port Forwarding, see page 50 Access the MAX208M2W Series Using DDNS, see page 53 Configuring Static Route for Routing to Another Network, see page 54 Remotely Managing Your MAX208M2W Series on page 57 VLAN Configuration Example on page 58 4.2 WiMAX Connection Settings This tutorial provides you with pointers for configuring the MAX208M2W Series to connect to an ISP. 1 Connect the MAX208M2W Series to the ISPs nearest base station. See Section 6.2 on page 73. 2 Configure the MAX208M2W Seriess broadcast frequency. Section 6.3 on page 75. MAX208M2W Series Users Guide 43 Chapter 4Tutorials 3 Configure the MAX208M2W Series to connect securely to the ISPs authentication servers. See Section 6.4 on page 78. 4 Check the MAX208M2W Seriess connection status to ensure everything is working properly. See Section 6.7 on page 85. 4.3 Configuring LAN DHCP This tutorial shows you how to set up a small network in your office or home. Goal: Connect three computers to your MAX208M2W Series to form a small network. Required: The following table provides a summary of the information you will need to complete the tasks in this tutorial. VALUE INFORMATION LAN IP Address192.168.100.1 Starting IP Address192.168.100.10 Ending IP Address192.168.100.30 DNS ServersFrom ISP SEE ALSO Chapter 7 on page 99 Chapter 7 on page 100 1 In the Web Configurator, open the Networking Setting > LAN screen and set the IP Address to 192.168.100.1. Use the default IP Subnet Mask of 255.255.255.0. Click Save. 44 MAX208M2W Series Users Guide Chapter 4Tutorials 2 Manually change the IP address of your computer that your are using to 192.168.100.x (for example, 192.168.100.5) and keep the subnet set to 255.255.255.0. 3 4 Type http://192.168.100.1 in your browser after the MAX208M2W Series finishes starting up completely. Log into the Web Configurator and open the Networking Setting > LAN >
DHCP screen. 5 Select Server for the DHCP mode, then enter 192.168.100.10 and 192.168.100.30 as your DHCP starting and ending IP addresses. 6 Leave the other settings as their defaults and click Save. 7 Next, go to the Networking Setting > WAN screen and select NAT in the Operation Mode field. Click Save. MAX208M2W Series Users Guide 45 Chapter 4Tutorials 8 Connect your computers to the MAX208M2W Seriess Ethernet ports and youre all set!
Note: You may need to configure the computers on your LAN to automatically obtain IP addresses. For information on how to do this, see Appendix B on page 209. Once your network is configured and hooked up, you will want to connect it to the Internet next. To do this, just run the Internet Connection Wizard (Chapter 3 on page 31), which walks you through the process. 4.4 Changing Certificate This tutorial shows you how to import a new security certificate, which allows your device to communicate with another network servers. Goal: Import a new security certificate into the MAX208M2W Series. See Also: Appendix E on page 259. 1 Go to the WiMAX > Profile > Authentication Settings screen. In the EAP Supplicant section, click each Browse button and locate the security certificates that were provided by your new ISP. s 2 Configure your new Internet access settings based on the information provided by the ISP. Note: You can also use the Internet Connection Wizard to configure the Internet access settings. 46 MAX208M2W Series Users Guide 3 You may need to configure the Options section according to the information provided by the ISP. Chapter 4Tutorials 4 Click Save. You should now be able to connect to the Internet through your new service provider!
4.5 Blocking Web Access If your MAX208M2W Series is in a home or office environment you may decide that you want to block an Internet website access. You may need to block both the websites IP address and domain name. Goal: Configure the MAX208M2W Seriess content filter to block a website with a domain name www.example.com. See Also: Section 7.21 on page 126. 1 Open the Networking Setting > Content Filter. 2 Select Enable URL Filter. 3 Select Blacklist. 4 Click Add and configure a URL filter rule by selecting Active and entering www.example.com as the URL. 5 Click OK. MAX208M2W Series Users Guide 47 Chapter 4Tutorials 6 Click Save. Open a browser from your computer in the MAX208M2W Seriess LAN network, you should get an Access Violation message when you try to access to http://
www.example.com. You may also need to block the IP address of the website if you do not want users to access to the website through its IP address. 4.6 Configuring the MAC Address Filter This tutorial shows you how to use the MAC filter to block a DHCP clients access to hosts and to the WiMAX network. 48 MAX208M2W Series Users Guide 1 First of all, you have to know the MAC address of the computer. If not, you can look for the MAC address in the Network Setting > LAN > DHCP screen.
(192.168.100.3 mapping to 00:02:E3:53:16:95 in this example). Chapter 4Tutorials 2 Click Security > Firewall > MAC Filter. Select Blacklist and click the Add button in the MAC Filter Rules table. MAX208M2W Series Users Guide 49 Chapter 4Tutorials 3 An empty entry appears. Enter the computers MAC address in the Source MAC field and leave the other fields set to their defaults. Click Save. The computer will no longer be able to access any host on the WiMAX network through the MAX208M2W Series. 4.7 Setting Up NAT Port Forwarding Thomas recently received an Xbox 360 as his birthday gift. His friends invited him to play online games with them on Xbox LIVE. In order to communicate and play with other gamers on Xbox LIVE, Thomas needs to configure the port settings on his MAX208M2W Series. Xbox 360 requires the following ports to be available in order to operate Xbox LIVE correctly:
TCP: 53, 80, 3074 UDP: 53, 88, 3074 1 You have to know the Xbox 360s IP address first. You can check it through the Xbox 360 console. You may be able to check the IP address on the MAX208M2W Series if the MAX208M2W Series has assigned a DHCP IP address to the Xbox 360. Check the DHCP Leased Hosts table in the Network > LAN > DHCP screen. Look for the IP address for the Xbox 360. 50 MAX208M2W Series Users Guide 2 NAT mode is required to use port forwarding. Click Network Setting > WAN and make sure NAT is selected in the Operation Mode field. Click Save. Chapter 4Tutorials 3 Click Network Setting > NAT > Port Forwarding and then click the first entry to edit the rule. 4 Configure the screen as follows to open TCP/UDP port 53 for the Xbox 360. Click OK. MAX208M2W Series Users Guide 51 Chapter 4Tutorials 5 Repeat steps 2 and 3 to open the rest of the ports for the Xbox 360. The port forwarding settings you configured are listed in the Port Forwarding screen. 6 Click Save. Thomas can then connect his Xbox 360 to the Internet and play online games with his friends. In this tutorial, all port 80 traffic is forwarded to the Xbox 360, but port 80 is also the default listening port for remote management via WWW. If Thomas also wants to manage the MAX208M2W Series from the Internet, he has to assign an unused port to WWW remote access. Click Advanced > Remote MGMT. Enter an unused port in the Port field (81 in this example). Click Save. 52 MAX208M2W Series Users Guide Chapter 4Tutorials 4.8 Access the MAX208M2W Series Using DDNS If you connect your MAX208M2W Series to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The MAX208M2W Seriess WAN IP address changes dynamically. Dynamic DNS (DDNS) allows you to access the MAX208M2W Series using a domain name. http://mywimax.dyndns.org A a.b.c.d w.x.y.z To use this feature, you have to apply for DDNS service at www.dyndns.org. This tutorial covers:
Registering a DDNS Account on www.dyndns.org Configuring DDNS on Your MAX208M2W Series Testing the DDNS Setting Note: If you have a private WAN IP address (see Private IP Addresses on page 256), then you cannot use DDNS. 4.8.1 Registering a DDNS Account on www.dyndns.org 1 Open a browser and type http://www.dyndns.org. 2 Apply for a user account. This tutorial uses UserName1 and 12345 as the username and password. 3 Log into www.dyndns.org using your account. 4 Add a new DDNS host name. This tutorial uses the following settings as an example. Hostname: mywimax.dyndns.org Service Type: Host with IP address IP Address: Enter the WAN IP address that your MAX208M2W Series is currently using. You can find the IP address on the MAX208M2W Seriess Web Configurator Status page. Then you will need to configure the same account and host name on the MAX208M2W Series later. MAX208M2W Series Users Guide 53 Chapter 4Tutorials 4.8.2 Configuring DDNS on Your MAX208M2W Series Configure the following settings in the Network Setting > DDNS screen. 1 Select Enable Dynamic DNS. 2 Select dyndns.org for the service provider. 3 Select Dynamic for the service type. 4 Type mywimax.dyndns.org in the Domain Name field. 5 Enter the user name
(UserName1) and password
(12345). 6 Select WAN IP for the IP update policy. 7 Click Save. 4.8.3 Testing the DDNS Setting Now you should be able to access the MAX208M2W Series from the Internet. To test this:
1 Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet. 2 3 Type http://mywimax.dyndns.org and press [Enter]. The MAX208M2W Seriess login page should appear. You can then log into the MAX208M2W Series and manage it. 4.9 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the MAX208M2W Seriess LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings. 54 MAX208M2W Series Users Guide Chapter 4Tutorials In the following figure, router R is connected to the MAX208M2W Seriess LAN. R connects to two networks, N1 (192.168.1.x/24) and N2 (192.168.10.x/24). If you want to send traffic from computer A (in N1 network) to computer B (in N2 network), the traffic is sent to the MAX208M2W Seriess WAN default gateway by default. In this case, computer B will never receive the traffic. N1 A R N2 B You need to specify a static routing rule on the MAX208M2W Series to specify R as the router in charge of forwarding traffic to N2. In this case, the MAX208M2W Series routes traffic from computer A to R and then R routes the traffic to computer B. N1 A R N2 B MAX208M2W Series Users Guide 55 Chapter 4Tutorials This tutorial uses the following example IP settings:
IP ADDRESS 172.16.1.1 Table 11 IP Settings in this Tutorial DEVICE / COMPUTER The MAX208M2W Seriess WAN The MAX208M2W Seriess LAN192.168.1.1 A Rs IP address on N1 192.168.1.253 Rs IP address on N2 192.168.10.2 B 192.168.1.34 192.168.10.33 To configure a static route to route traffic from N1 to N2:
1 Click Network Setting > Route > Static Route. 2 Click Add to create a new route. 3 Configure the Edit Static Route screen using the following settings:
3a Enter 192.168.10.0 and subnet mask 255.255.255.0 for the destination, N2. 3b Enter 192.168.1.253 (Rs IP address on N1) in the IP Address field under Next Hop. 3a Click Save. Now computer B should be able to receive traffic from computer A. You may need to additionally configure Rs firewall settings to accept specific traffic to pass through. 56 MAX208M2W Series Users Guide Chapter 4Tutorials 4.10 Remotely Managing Your MAX208M2W Series The remote management feature allows you to log into the device through the Internet. Goal: Set up the MAX208M2W Series to allow management requests from the WAN (Internet). See Also: Section 12.3 on page 169. 1 Open the Maintenance > Remote MGMT > HTTP screen. 2 Select Enable in both HTTP Server and HTTPS Server sections and leave the Port Number settings as 80 and 443. 3 Select Allow Connection from WAN. This allows remote management connections not only from the local network but also the WAN network (Internet). 4 Click Save. MAX208M2W Series Users Guide 57 Chapter 4Tutorials 4.11 VLAN Configuration Example This example assumes that you want port 1 to recognize VLAN 100 and VLAN 200 traffic sent from/to computers A and B. Port 2 is dedicated for transmitting and receiving VLAN-untagged and management traffic. Figure 17 VLAN Configuration Example A B VLAN 100 VLAN 200 C port 1 port 2 1 Connect your computer (C in the example) to the MAX208M2W Seriess LAN port 2 and access the Web Configurator. 2 Log into the MAX208M2W Series. 58 MAX208M2W Series Users Guide 3 Click Network Setting > VLAN and then click the PVID Group for port 2. Chapter 4Tutorials 4 Select MGMT from the drop-down list, click OK in the section, and then click Save at the bottom of the screen. MAX208M2W Series Users Guide 59 Chapter 4Tutorials 5 Click Network Setting > WAN. Change the MAX208M2W Series to bridge mode and then click Save. 6 The MAX208M2W Series will restart. Wait until it completely restarts. 7 Configure the IP address of your computer to be in the same network as the MAX208M2W Seriess LAN. The default is 192.168.1.x where x can be 2 to 254. 8 Open a browser and type the MAX208M2W Seriess LAN IP address (for example, 192.168.1.1). 9 Log into the MAX208M2W Series and then click Network Setting > VLAN. 10 Enable VLAN and create VLAN 100 by entering VLAN 100 and the priority (7 in this example) in the Management VLAN section. The MAX208M2W Series requires to reboot again. 11 After it completely restarts, log into the MAX208M2W Series. Click Network Setting > VLAN. 60 MAX208M2W Series Users Guide 12 Since by default port 1 is associated with VLAN rule 1. Click the VID field to configure the settings as shown next. Click OK and then Save. Chapter 4Tutorials Finally, you complete the settings. See Section 7.19 on page 122 if you need more information about VLAN. MAX208M2W Series Users Guide 61 Chapter 4Tutorials 62 MAX208M2W Series Users Guide PART II Technical Reference 63 64 CHAPTER 5 System Status 5.1 Overview Use this screen to view a summary of your MAX208M2W Series connection status. 5.2 System Status This screen allows you to view the current status of the device, system resources, and interfaces (LAN and WAN). Click System Status to open this screen as shown next. Figure 18 System Status MAX208M2W Series Users Guide 65 Chapter 5System Status Table 12 Status (continued) LABEL Connection Status DESCRIPTION This field displays the status of the WiMAXconnection between the MAX208M2W Series and the base station. Network Search - The MAX208M2W Series is scanning for any available WiMAX connections. Disconnected - No WiMAX connection is available. Network Entry - A WiMAX connection is initializing. Normal - The WiMAX connection has successfully established. BSIDThis field displays the MAC address of the base station to which the device is connected. FrequencyThis field indicates the frequency the MAX208M2W Series is using. Signal Strength Link QualityThis field indicates the relative quality of the link the MAX208M2W This field indicates the strength of the connection that the MAX208M2W Series has with the base station. Series has with the base station. WAN StatusThis field indicates the status of the WAN connection to the MAX208M2W Series. MAC AddressThis field indicates the MAC address of the port making the WAN connection on the MAX208M2W Series. IP AddressThis field indicates the current IP address of the MAX208M2W Series in the WAN. Subnet MaskThis field indicates the current subnet mask on the WAN. GatewayThis field indicates the IP address of the gateway to which the MAX208M2W Series is connected. MTUThis field indicates the Maximum Transmission Unit (MTU) between the MAX208M2W Series and the ISP servers to which it is connected. DNSThis field indicates the Domain Name Server (DNS) to which your MAX208M2W Series is connected. LAN MAC AddressThis field indicates the MAC address of the port making the LAN connection on the MAX208M2W Series. IP AddressThis field displays the current IP address of the MAX208M2W Series in the LAN. Subnet MaskThis field displays the current subnet mask in the LAN. MTUThis field indicates the Maximum Transmission Unit (MTU) between the MAX208M2W Series and the client devices to which it is connected. VOIP Phone Account1 Subscriber Registered Status Account2 Subscriber This field displays the SIP number for SIP account 1. This field displays whether SIP account 1 is already registered with a SIP server (Registered or Unregistered). This field displays the SIP number for SIP account 2. MAX208M2W Series Users Guide 67 Chapter 5System Status Table 12 Status (continued) LABEL DESCRIPTION This field displays whether SIP account 2 is already registered with a SIP server (Registered or Unregistered). Registered Status Line1 StatusThis field displays whether phone line 1 (mapping to the VoIP1 port) is in use or not (idle). Line 2 StatusThis field displays whether phone line 2 (mapping to the VoIP2 port) is in use or not (idle). 68 MAX208M2W Series Users Guide CHAPTER 6 WiMAX 6.1 Overview This chapter shows you how to set up and manage the connection between the MAX208M2W Series and your ISPs base stations. 6.1.1 What You Need to Know The following terms and concepts may help as you read through this chapter. WiMAX WiMAX (Worldwide Interoperability for Microwave Access) is the IEEE 802.16 wireless networking standard, which provides high-bandwidth, wide-range wireless service across wireless Metropolitan Area Networks (MANs). ZyXEL is a member of the WiMAX Forum, the industry group dedicated to promoting and certifying interoperability of wireless broadband products. In a wireless MAN, a wireless-equipped computer is known either as a mobile station (MS) or a subscriber station (SS). Mobile stations use the IEEE 802.16e standard and are able to maintain connectivity while switching their connection from one base station to another base station (handover) while subscriber stations use other standards that do not have this capability (IEEE 802.16-2004, for example). The following figure shows an MS-equipped notebook computer MS1 moving from base station BS1s coverage area and connecting to BS2. Figure 19 WiMax: Mobile Station MAX208M2W Series Users Guide 69 Chapter 6WiMAX WiMAX technology uses radio signals (around 2 to 10 GHz) to connect subscriber stations and mobile stations to local base stations. Numerous subscriber stations and mobile stations connect to the network through a single base station (BS), as in the following figure. Figure 20 WiMAX: Multiple Mobile Stations A base stations coverage area can extend over many hundreds of meters, even under poor conditions. A base station provides network access to subscriber stations and mobile stations, and communicates with other base stations. The radio frequency and bandwidth of the link between the MAX208M2W Series and the base station are controlled by the base station. The MAX208M2W Series follows the base stations configuration. Authentication When authenticating a user, the base station uses a third-party RADIUS or Diameter server known as an AAA (Authentication, Authorization and Accounting) server to authenticate the mobile or subscriber stations. The following figure shows a base station using an AAA server to authenticate mobile station MS, allowing it to access the Internet. Figure 21 Using an AAA Server In this figure, the dashed arrow shows the PKM (Privacy Key Management) secured connection between the mobile station and the base station, and the solid arrow shows the EAP secured connection between the mobile station, the base station and the AAA server. See the WiMAX security appendix for more details. 70 MAX208M2W Series Users Guide Chapter 6WiMAX Frequency Ranges The following figure shows the MAX208M2W Series searching a range of frequencies to find a connection to a base station. Figure 22 Frequency Ranges In this figure, A is the WiMAX frequency range. WiMAX frequency range refers to the entire range of frequencies the MAX208M2W Series is capable of using to transmit and receive (see the Product Specifications appendix for details). In the figure, B shows the operator frequency range. This is the range of frequencies within the WiMAX frequency range supported by your operator
(service provider). The operator range is subdivided into bandwidth steps. In the figure, each C is a bandwidth step. The arrow D shows the MAX208M2W Series searching for a connection. Have the MAX208M2W Series search only certain frequencies by configuring the downlink frequencies. Your operator can give you information on the supported frequencies. The downlink frequencies are points of the frequency range your MAX208M2W Series searches for an available connection. Use the Site Survey screen to set these bands. You can set the downlink frequencies anywhere within the WiMAX frequency range. In this example, the downlink frequencies have been set to search all of the operator range for a connection. Certification Authority A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. You can use the MAX208M2W Series to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority. MAX208M2W Series Users Guide 71 Chapter 6WiMAX Certificate File Formats The certification authority certificate that you want to import has to be in one of these file formats:
Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates. PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters, uppercase letters and numerals to convert a binary X.509 certificate into a printable form. Binary PKCS#7: This is a standard that defines the general syntax for data
(including digital signatures) that may be encrypted. The MAX208M2W Series currently allows the importation of a PKS#7 file that contains a single certificate. PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form. CINR Carrier to Interference-plus-Noise Ratio (CINR) measures the effectiveness of a wireless signal and plays an important role in allowing the MAX208M2W Series to decode signal burts. If a burst has a high signal strength and a high interference-
plus-noise ratio, it can use Digital Signal Processing (DSP) to decode it; if the signal strength is lower, it can switch to an alternate burst profile. RSSI Received Signal Strength Indicator (RSSI) measures the relative strength of a given wireless signal. This is important in determining if a signal is below the Clear-To-Send (CTS) threshold. If it is below the arbitrarily specified threshold, then MAX208M2W Series is free to transmit any data packets. EAP Authentication EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The MAX208M2W Series supports EAP-TLS and EAP-TTLS (at the time of writing, TTLS is not available in Windows Vista) . For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). Certificates (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. 72 MAX208M2W Series Users Guide Chapter 6WiMAX 6.2 Connection Settings This screen allows you to configure how the MAX208M2W Series connects to the base stations on the WiMAX network. Click WiMAX > Profile > Connection Settings to open this screen as shown next. Figure 23 Connection Settings Screen This screen contains the following fields:
Table 13 Connection Settings LABEL DESCRIPTION Connection Option Settings Auto Reconnect Auto Connect Mode Enable Handover Enable Idle Mode Select the interval in seconds that the MAX208M2W Series waits after getting disconnected from the base station before attempting to reconnect. Select the auto connect mode. By channel power - Auto connects to the base station if the signal strength of the channel is sufficient for the MAX208M2W Series. By CINR - Auto connects to the base station if the signal-to-noise ratio is sufficient for the MAX208M2W Series. Select this to maintain connectivity while the MAX208M2W Series switches its connection from one base station to another base station. Select this to have the MAX208M2W Series enter the idle mode after it has no traffic passing through for a pre-defined period. Make sure your base station also supports this before selecting this. MAX208M2W Series Users Guide 73 Chapter 6WiMAX 6.3 Frequency Settings Use this screen to have the WiMAX Device to scan one or more specific radio frequencies (given by your WiMAX service provider) to find available connections to base stations. Click WiMAX > Profile > Frequency Settings to open this screen as shown next. Figure 24 Frequency Settings Screen (By List) A B Figure 25 Frequency Settings Screen (By Range) A B MAX208M2W Series Users Guide 75 Chapter 6WiMAX This screen contains the following fields:
Table 14 Frequency Settings LABEL DESCRIPTION Setting TypeSelect whether to scan base stations by entering specific frequency(-
ies) (By List) or a range of frequencies (By Range). Note: When you select By Range, you can only configure one range of frequencies in this screen. To configure multiple frequency ranges, use the WiMAX > Wide Scan screen. Note: Some settings in this screen are only available depending on the Setting Type selected. Join Wide Scan Result The scanning result of the frequency to scan you configured in this screen will be shown in the WiMAX > Connect screen. Select this option to determine whether to also append the wide scanning result
(configured in the WiMAX > Wide Scan screen) to the same table. Select the default bandwidth (size) per frequency band you specify in table A. Default Bandwidth A (When By List is selected in the Setting Type field) Frequency
(KHz) This displays the center frequency of an frequency band in kilohertz
(KHz). Click the number to modify it. Bandwidth
(MHz) Enter the center frequency in this field when you are adding an entry. This displays the bandwidth of the frequency band in megahertz (MHz). If you set a center frequency to 3400000 KHz with the bandwidth of 10 MHz, then the frequency band is from 3399500 to 3400500 KHz. Click the number to modify it. Enter the bandwidth of the frequency band in this field when you are adding an entry. DeleteClick this button to remove an item from the list. AddClick this button to add an item to the list. OKClick this button to save any changes made to the list. A (When By Range is selected in the Setting Type field) Start Frequency
(KHz) This indicates the beginning of a frequency band in kilohertz (KHz). Click this field to modify it. Enter the beginning frequency when you are adding an entry. This indicates the end of the frequency band in kilohertz (KHz). End Frequency
(KHz) Step (KHz)This indicates the frequency step within each band in kilohertz (KHz). Click this field to modify it. Bandwidth
(MHz) Click this field to modify it. This indicates the bandwidth in megahertz (MHz). Click this field to modify it. 76 MAX208M2W Series Users Guide Chapter 6WiMAX Table 14 Frequency Settings (continued) LABEL DESCRIPTION OKClick this button to save any changes made to the list. Valid Band Info (B) This table displays the entire frequency band the MAX208M2W Series supports. The frequenc(ies) to scan that you configured in table A must be within this range. Band Start
(KHz) Band End
(KHz) This indicates the beginning of the frequency band in kilohertz (KHz). This indicates the end of the frequency band in kilohertz (KHz). MAX208M2W Series Users Guide 77 Chapter 6WiMAX 6.4 Authentication Settings These settings allow the WiMAX Device to establish a secure (authenticated) connection with the service provider. Click WiMAX > Profile > Authentication Settings to open this screen as shown next. Figure 26 Authentication Settings Screen 78 MAX208M2W Series Users Guide This screen contains the following fields:
Chapter 6WiMAX Table 15 Authentication Settings LABEL Authentication Mode DESCRIPTION Select the authentication mode from the list. The MAX208M2W Series supports the following authentication modes:
No authentication User authentication Device authentication User and device authentication Data Encryption AES-CCMSelect this to enable AES-CCM encryption. CCM combines counter-mode encryption with CBC-MAC authentication. AES-CBCSelect this to enable AES-CBC encryption. CBC creates message authentication code from a block cipher. Key Encryption AES-key wrap AES-ECBSelect this to divide cryptographic keys into blocks and encrypt them Select this encapsulate cryptographic keys in a symmetric encryption algorithm. separately. EAP Supplicant EAP ModeSelect an Extensible Authentication Protocol (EAP) mode. The MAX208M2W Series supports the following:
EAP-TLS - In this protocol, digital certifications are needed by both the server and the wireless clients for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the senders identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. EAP-TTLS - This protocol is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. Enter the anonymous ID used for EAP supplicant authentication. Browse for and choose a server root certificate file, if required. This field displays information about the assigned server root certificate. Browse for and choose a device certificate file, if required. This field displays information about the assigned device certificate. Anonymous ID Server Root CA Cert File Server Root CA Info Device Cert File Device Cert Info MAX208M2W Series Users Guide 79 Chapter 6WiMAX Table 15 Authentication Settings (continued) LABEL DESCRIPTION Browse for and choose a device private key, if required. Device Private Key Device Private Key Info Device Private Key Password Inner ModeSets the EAP-TTLS inner mode. Enter the device private key, if required. This field displays information about the assigned device private key. The MAX208M2W Series supports the following:
MS-CHAP v2 - This is version 2 of Microsofts variant of Challenge Handshake Authentication Protocol (CHAP). It allows for mutual authentication between devices. MS-CHAP - This is Microsofts variant of Challenge Handshake Authentication Protocol (CHAP). It allows for mutual authentication between devices. CHAP - The Challenge Handshake Authentication Protocol (CHAP) uses PPP to authenticate remote devices using a three-way handshake and shared secret verification. MD5 - Message-Digest, algorithm 5, (MD5) encryption is typically used for checking file integrity. Because this encryption protocol contains a number of serious security flaws it is generally not recommended that you use it for authentication security. PAP - Password Authentication Protocol uses unencrypted plaintext to send a passwords for authentication over the network. It s probably not a good idea to rely on this for security. UsernameEnter the username required for the EAP-TTLS inner method. PasswordEnter the password required for the EAP-TTLS inner method. Options Enable Auth Mode Decoration in EAP Outer ID Enable Service Mode Decoration in EAP Outer ID Random Outer ID Ignore Cert Verification Same EAP OuterID in ReAuth MAC address in EAP-TLS outer Id Select this to enable authentication mode. Select this to enable service mode. Select this to allow the MAX208M2W Series to generate a 16-byte random number as a username for the EAP Identity Response message. Select this to ignore base station certification verification when a certificate is received during EAP-TLS or EAP-TTLS. Select this to use the same EAP to the outer ID when reauthenticating. Adds the MAC address of the MAX208M2W Series to the outer ID while the EAP mode is set to EAP-TLS. 80 MAX208M2W Series Users Guide Chapter 6WiMAX Table 15 Authentication Settings (continued) LABEL DESCRIPTION Select this to delete an existing root certificate file from the MAX208M2W Series. Select this to delete an existing device certificate file from the MAX208M2W Series. Select this to delete an existing private key from the MAX208M2W Series. Delete existed Root Certificate file Delete existed Device Certificate file Delete existed Private Key 6.5 Connect This screen allows you to view the available WiMAX frequency band(s) and base station(s) the MAX208M2W Series found through scanning and choose a base station to which to connect. Click WiMAX > Connect to open this screen as shown next. Figure 27 Connect Screen MAX208M2W Series Users Guide 81 Chapter 6WiMAX This screen contains the following fields:
Table 16 Connect LABEL Applied Frequency Information DESCRIPTION This table shows the scanning result you made in the WiMAX > Profile > Frequency Settings and WiMAX > Wide Scan screens. Note: You cannot see the wide scanning result that you made in WiMAX > Wide Scan screen if the Join Wide Scan Result is set to No in the WiMAX >
Profile > Frequency Settings screen. Frequency
(KHz) Bandwidth
(MHz) This field displays the available center frequency of a frequency band in kilohertz (KHz). This field displays the bandwidth of the frequency band in megahertz
(MHz). Available Network List Connected Mode Select a connect mode:
Auto Connect Mode - This allows the MAX208M2W Series to connect to any of the base stations on the list automatically. Network Search Mode - This allows the MAX208M2W Series to connect to a user-specified base station. Select this option, choose a base station, click Connect. ConnectClick this to connect to the selected base station. DisconnectClick this to disconnect from the selected base station. BSIDThis field displays the base station MAC address. Preamble IDThis field displays the preamble ID. The preamble ID is the index identifier in the header of the base stations broadcast messages. In the beginning of a mobile stations s network entry process, it searches for the preamble and uses it to additional channel information. The preamble ID is used to synchronize the upstream and downstream transmission timing with the base station. This field displays the center frequency the base station uses in kilohertz (KHz). This field displays the frequency band bandwidth the base station uses in megahertz (MHz). Frequency
(MHz) Bandwidth
(MHz) RSSI (dBm)This field displays the Received Signal Strength Indication (RSSI), CINR (dB) R3/R1 which is an overal measurement of radio signal strength. A higher RSSI level indicates a stronger signal. This field displays the average Carrier to Interference plus Noise Ratio for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal. SearchClick this to have the MAX208M2W Series scan for base stations in the frequency band(s) listed in the Applied Frequency Information table. Connected BS Info 82 MAX208M2W Series Users Guide Chapter 6WiMAX Table 16 Connect (continued) LABEL DESCRIPTION This field displays the MAX208M2W Series current status for connecting to the selected base station. Device Status Scanning - The MAX208M2W Series is scanning for available base stations. Ready - The MAX208M2W Series has finished scanning and you can connect to a base station. Connecting - The MAX208M2W Series attempts to connect to the selected base station. Connected - The MAX208M2W Series has successfully connected to the selected base station. UMAC StateThis field displays the status of the WiMAXconnection between the MAX208M2W Series and the base station. Network Search - The MAX208M2W Series is scanning for any available WiMAX connections. Disconnected - No WiMAX connection is available. Network Entry - A WiMAX connection is initializing. Normal - The WiMAX connection has been successfully established. BSIDThis field displays the MAC address of the base station to which the MAX208M2W Series is connected. This field displays the frequency the base station uses in megahertz
(MHz). Frequency
(MHz) RSSI (dBm)This field displays the Received Signal Strength Indication (RSSI), which is an overal measurement of radio signal strength. A higher RSSI level indicates a stronger signal. CINR (dB)This field displays the average Carrier to Interference plus Noise Ratio for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal. MAX208M2W Series Users Guide 83 Chapter 6WiMAX 6.6 Wide Scan This screen allows you to discover base stations by entering one or more frequency ranges and bandwidth on which to scan. Click WiMAX > Wide Scan to open this screen as shown next. Figure 28 Wide Scan Screen This screen contains the following fields:
Table 17 Wide Scan LABEL Wide Scan Settings DESCRIPTION Enter the start frequency in kilohertz (KHz) for a wide scan range. Use this to enable (Yes) or disable (No) automatically scanning for base stations. Auto Wide Scan Wide Scan Range Start Frequency
(KHz) End Frequency
(KHz) Step (KHz)Enter the step increment in kilohertz (KHz) that the wide scan jumps Enter the end frequency in kilohertz (KHz) for a wide scan range. each time it scans between the start and end frequencies. Enter the frequency bandwidth to be scanned. Bandwidth
(MHz) DeleteClick this to remove a range of frequencies from the wide scan range list. AddClick this to add a range of frequencies to the wide scan range list. OKClick this so save any changes to the wide scan range list. Wide Scan Result This table displays the available frequency band(s) found through the wide scan. 84 MAX208M2W Series Users Guide Chapter 6WiMAX Table 17 Wide Scan (continued) LABEL DESCRIPTION This field displays the frequency in kilohertz (KHz). Frequency
(KHz) Bandwidth
(MHz) SearchClick this to initiate a wide scan. ClearClick this to clear the wide scan results. This field displays the bandwidth in megahertz (MHz). 6.7 Link Status This screen provides a general overview of the current WiMAX connection with the service provider. Click WiMAX > Link Status to open this screen as shown next. Figure 29 Link Status Screen This screen contains the following fields:
Table 18 Link Status LABEL ProfileThis field displays the profile name. BSIDThis field displays the MAC address of the base station to which the DESCRIPTION MAX208M2W Series is currently connected. RSSIThis field displays the Received Signal Strength Indication (RSSI), which is an overal measurement of radio signal strength. A higher RSSI level indicates a stronger signal. CINR R3This field displays the average Carrier to Interference plus Noise Ratio
(R3) for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal. MAX208M2W Series Users Guide 85 Chapter 6WiMAX Table 18 Link Status (continued) LABEL CINR R1This field displays the average Carrier to Interference plus Noise Ratio DESCRIPTION
(R1) for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal. CINR Std DevThis field displays the average Carrier to Interference plus Noise Ratio
(Std Dev) for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal. FrequencyThis field displays the frequency in kilohertz (KHz). TX PowerThis field displays the transmission power of the MAX208M2W Series in dBm. UL MCSThis field displays the Uplink Modulation and Coding Sequence (UL MCS). DL MCSThis field displays the Downlink Modulation and Coding Sequence (DL MCS). RF TemperatureThis field displays the temperature in centigrade of the MAX208M2W Handover Success Seriess RF circuit. This field displays how many times the MAX208M2W Series had ever successfully switched its connection from one base station to another base station, since the MAX208M2W Series last restarted. Handover FailThis field displays how many times the MAX208M2W Series had been failed to switch its connection from one base station to another base station, since the MAX208M2W Series last restarted. 86 MAX208M2W Series Users Guide Chapter 6WiMAX 6.8 Link Statistics This screen provides a detailed overview of the current WiMAX connection with the service provider.. Click WiMAX > Link Statistics to open this screen as shown next. Figure 30 Link Statistics Screen This screen contains the following sections:
Table 19 Link Statistics LABEL LinkThis section provides a detailed overview of link statistics. HARQThis section provides a detailed overview of Hybrid Automatic Repeat DESCRIPTION Request link statistics. TX/RXThis section provides a detailed overview of transmission and receiving link statistics. MCSThis section provides a detailed overview of Modulation and Coding Sequence (MCS) link statistics MAX208M2W Series Users Guide 87 Chapter 6WiMAX 6.9 Connection Info This screen displays all of the connections made through the WiMAX device since its last reboot. Click WiMAX > Connection Info to open this screen as shown next. Figure 31 Connection Info Screen This screen contains the following fields:
Table 20 Connection Info LABEL Active Connection CID Connection Type DESCRIPTION This displays the unique, unidirectional 16-bit Connection Identifier
(CID) for an active connection. This displays the type of connection. 6.10 Service Flow This screen displays data priority information for all of the connections made through the WiMAX device since its last reboot. Click WiMAX > Service Flow to open this screen as shown next. Figure 32 Service Flow Screen This screen contains the following fields:
Table 21 Service Flow LABEL SFIDThis displays a 32-bit service flow identifier. SF StatusThis display the service flow status. SF DirectionThis displays the service flow direction. DESCRIPTION 88 MAX208M2W Series Users Guide CHAPTER 7 Network Setting 7.1 Overview This chapter shows you how to configure the MAX208M2W Seriess network setting. 7.1.1 What You Need to Know The following terms and concepts may help as you read through this chapter. IP Address IP addresses identify individual devices on a network. Every networking device
(including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet Masks Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your MAX208M2W Series an IP address, subnet mask, DNS and other routing information when its turned on. MAX208M2W Series Users Guide 89 Chapter 7Network Setting DNS Server Address DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask. There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server fields; otherwise, leave them blank. Some ISPs choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The MAX208M2W Series supports the IPCP DNS server extensions through the DNS proxy feature. If the Primary and Secondary DNS Server fields are not specified, for instance, left as 0.0.0.0, the MAX208M2W Series tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the MAX208M2W Series, the MAX208M2W Series forwards the query to the real DNS server learned through IPCP and relays the response back to the computer. Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses. This way, the MAX208M2W Series can pass the DNS servers to the computers and the computers can query the DNS server directly without the MAX208M2W Seriess intervention. RIP Setup RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to:
RX/TX - the MAX208M2W Series will broadcast its routing table periodically and incorporate the RIP information that it receives. RX Only - the MAX208M2W Series will not send any RIP packets but will accept all RIP packets received. TX Only - the MAX208M2W Series will send out RIP packets but will not accept any RIP packets received. None - the MAX208M2W Series will not send any RIP packets and will ignore any RIP packets received. 90 MAX208M2W Series Users Guide Chapter 7Network Setting The Version field controls the format and the broadcasting method of the RIP packets that the MAX208M2W Series sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Port Forwarding A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world. With port forwarding, you can forward incoming service requests to the server(s) on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. In addition to the servers for specified services, NAT supports a default server. A service request that does not have a server explicitly designated for it is forwarded to the default server. If the default is not defined, the service request is simply discarded. For example, let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 33 Multiple Servers Behind NAT Example MAX208M2W Series Users Guide 91 Chapter 7Network Setting Trigger Ports Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address, Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The MAX208M2W Series records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a "trigger" port). When the MAX208M2W Series's WAN port receives a response with a specific port number and protocol
("incoming" port), the MAX208M2W Series forwards the traffic to the LAN IP address of the computer that sent the request. After that computers connection for that service closes, another computer on the LAN can use the service in the same manner. This way you do not need to configure a new IP address each time you want a different LAN computer to use the application. ALG Some applications, such as SIP, cannot operate through NAT (are NAT un-friendly) because they embed IP addresses and port numbers in their packets data payload. Some NAT routers may include a SIP Application Layer Gateway (ALG). An Application Layer Gateway (ALG) manages a specific protocol (such as SIP, H.323 or FTP) at the application layer. A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream. UPnP Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use. How do I know if I'm using UPnP?
UPnP hardware is identified as an icon in the Network Connections folder
(Windows XP). Each UPnP compatible device installed on your network will appear as a separate icon. Selecting the icon of a UPnP device will allow you to access the information and properties of that device. 92 MAX208M2W Series Users Guide Chapter 7Network Setting NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate through NAT. UPnP network devices can automatically configure network addressing, announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following:
Dynamic port mapping Learning public IP addresses Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. UPnP and ZyXEL ZyXEL has received UPnP certification from the official UPnP Forum (http://
www.upnp.org). ZyXEL's UPnP implementation supports IGD 1.0 (Internet Gateway Device). The MAX208M2W Series only sends UPnP multicasts to the LAN. Content Filter Internet content filtering allows you to create and enforce Internet access policies tailored to their needs. Content filtering is the ability to block certain specific URL keywords. MAX208M2W Series Users Guide 93 Chapter 7Network Setting 7.2 WAN Use these settings to configure the WAN connection between the WiMAX Device and the service provider. Click Network Setting > WAN to open this screen as shown next. Figure 34 WAN Screen 94 MAX208M2W Series Users Guide Chapter 7Network Setting This screen contains the following fields:
Table 22 WAN LABEL Operation Mode DESCRIPTION Select the MAX208M2W Seriess operational mode. Bridge - This puts the MAX208M2W Series in bridge mode, acting as a transparent middle man between devices on the LAN and the devices on the WAN. NAT - This allows the MAX208M2W Series to tag frames for NAT, allowing devices on the LAN to use their own internal IP addresses while communicating with devices on the WAN. WAN ProtocolSelect the protocol the MAX208M2W Series uses to connect to the WAN. The options are:
Ethernet - Select this if you have a persistent connection to the network. PPPoE - Select this if must log into the network before initiating a persistent connection. GRE Tunnel - Select this if you connect to the network using Point-
to-Point Protocol to create VPNs. EtherIP - Select this if you need to tunnel Ethernet and IEEE 802.3 MAC frames across an IP Internet. Bridging LAN ARP Get IP MethodSelect how the MAX208M2W Series receives its IP address. This option enables or disables allow ARP requests to cross the MAX208M2W Series. User - Select this to manually enter the IP address the MAX208M2W Series uses. From ISP - Select to automatically get the IP address the MAX208M2W Series uses from the ISP. Enter the number of seconds the MAX208M2W Series waits for an IP from the ISP before it times out. WAN IP Request Timeout WAN IP Address WAN IP Subnet Mask Gateway IP Address MTUEnter the Maximum Transmission Unit (MTU) for the If the MAX208M2W Series gets its IP from the user, enter the IP address it is to use. If the MAX208M2W Series gets its IP from the ISP, enter the IP address it is to use. If the MAX208M2W Series gets its gateway IP address from the user, enter the IP address it is to use. MAX208M2W Series. This is the largest protocol unit that the MAX208M2W Series allows to pass through it. MAX208M2W Series Users Guide 95 Chapter 7Network Setting Table 22 WAN (continued) LABEL Clone MAC Address First~Third DNS Server 7.3 PPPoE DESCRIPTION Enter a MAC address here for registering bridged devices on the network if their current MAC addresses are causing problems. For example, this can happen when a desktop computer swaps network interface cards; the original NIC may have used its MAC address to register itself on the network and now the new NIC is unrecognized. Using a MAC address that you know is valid, i.e. a clone, allows that device to stay registered. Select how the MAX208M2W Series acquires its DNS server address. From ISP - Select this to have the MAX208M2W Series acquire its DNS server address from the ISP. User Define - Select this to manually enter the DNS server used by the MAX208M2W Series. Use these settings to configure the PPPoE connection between the WiMAX Device and the service provider. Click Network Setting > WAN > PPPoE. Figure 35 PPPoE Screen 96 MAX208M2W Series Users Guide This screen contains the following fields:
Chapter 7Network Setting DESCRIPTION Table 23 PPPoE LABEL User NameEnter the username for PPPoE login into the WAN network. PasswordEnter the password for PPPoE login into the WAN network. Retype Password Auth ProtocolSelect a PPPoE authentication protocol. The MAX208M2W Series Retype the password to confirm it. supports the following:
CHAP - The Challenge Handshake Authentication Protocol (CHAP) uses PPP to authenticate remote devices using a three-way handshake and shared secret verification. PAP - Password Authentication Protocol uses unencrypted plaintext to send a passwords for authentication over the network. It s probably not a good idea to rely on this for security. MS-CHAP v1/2 -This is Microsofts variant of Challenge Handshake Authentication Protocol (CHAP). It allows for mutual authentication between devices. Use this option to enable or disable authentication through Microsoft Point-To-Point Encryption (MPPE) protocol.through Microsoft Point-To-
Point Encryption (MPPE) protocol. MPPE Encryption MPPE StatefulUse this option to allow or disallow the MAX208M2W Series to use the Microsoft Point-To-Point Encryption (MPPE) protocol for stateful peer negotiation. Idle TimeoutEnter the number of second the MAX208M2W Series waits during authentication before timing out. AC NameEnter the access concentrator name for the PPPoE interface if your ISP uses an AC PPPoE service. DNS OverwriteUse this option to allow or disallow the MAX208M2W Series to overwrite Connection Trigger DNS static DNS entries on client devices. Set whether the MAX208M2W Series is persistently connected to the WAN (AlwaysOn) or you must click the PPPoE Connect button each time you want to get on the WAN (Manual). Enter in seconds the duration the MAX208M2W Series waits for idle activity before disconnecting from the WAN. Connection Timeout PPPoE ConnectClick this to connect to the WAN using PPPoE. PPPoE Disconnect Click this to disconnect from the WAN. MAX208M2W Series Users Guide 97 Chapter 7Network Setting 7.4 GRE Use these settings to configure the peer setting of the Generic Routing Encapsulation (GRE) tunnel between the WiMAX Device and another GRE peer. Click Network Setting > WAN > GRE to open this screen as shown next. Figure 36 GRE Screen This screen contains the following fields:
Table 24 GRE LABEL Peer IP AddressEnter the IP address of the GRE peer. DESCRIPTION 7.5 EtherIP Use these settings to configure the peer setting of the EtherIP tunnel between the WiMAX Device and another EtherIP peer. Click Network Setting > WAN > EtherIP to open this screen as shown next. Figure 37 EtherIP Screen This screen contains the following fields:
Table 25 EtherIP LABEL Peer IP AddressEnter the IP address of the EtherIP peer. DESCRIPTION 98 MAX208M2W Series Users Guide Chapter 7Network Setting 7.6 IP Use these settings to configure the LAN connection between the WiMAX Device and your local network. Click Network Setting > LAN > IP to open this screen as shown next. Figure 38 IP Screen This screen contains the following fields:
Table 26 IP LABEL IP addressEnter the IP address of the LAN interface for the MAX208M2W Series. IP Subnet MaskEnter the IP subnet maks of the LAN interface for the MAX208M2W DESCRIPTION Series. MAX208M2W Series Users Guide 99 Chapter 7Network Setting 7.7 DHCP Use these settings to configure whether the WiMAX Device functions as a DHCP server for your local network, or a DHCP relay between the local network and the service provider. You can also disable the DHCP functions. Click Network Setting > LAN > DHCP to open this screen as shown next. Figure 39 DHCP Screen This screen contains the following fields:
Table 27 DHCP LABEL DHCP Server DHCP ModeSelect this if you want the MAX208M2W Series to be the DHCP server DESCRIPTION on the LAN. As a DHCP server, the MAX208M2W Series assigns IP addresses to DHCP clients on the LAN and provides the subnet mask and DNS server information. None - This disables DHCP mode for the MAX208M2W Series. Server - This sets the MAX208M2W Series as a DHCP server for the LAN. Relay - This sets the MAX208M2W Series as a DHCP relay for the LAN, allowing it to pass-through IP addresses assigned to LAN devices from the ISP servers. 100 MAX208M2W Series Users Guide Chapter 7Network Setting Table 27 DHCP (continued) LABEL Start IPEnter the start IP address from which the MAX208M2W Series begins DESCRIPTION allocating IP addresses. End IPEnter the end IP address at which the MAX208M2W Series ceases allocating IP addresses. Lease TimeEnter the duration in minutes that devices on the LAN retain their DHCP-issued IP addresses. At the end of the lease time, they poll the MAX208M2W Series for a renewed or replacement IP. Relay IPEnter the name of the IP address to be used. DNS Server Assigned by the DHCP Server First~Third DNS Server Select how the MAX208M2W Series acquires its DNS server address. None - Select this to not use a DNS server. From ISP - Select this to have the MAX208M2W Series acquire its DNS server address from the ISP. User Define - Select this to manually enter the DNS server used by the MAX208M2W Series. Static DHCP MAC Address IP AddressThis field displays the IP address of the static DHCP client connected to This field displays the MAC address of the static DHCP client connected to the MAX208M2W Series. the MAX208M2W Series. AddClick this to add a new static DHCP entry. OKClick this to save any changes made to this list. DHCP Leased Hosts This displays the MAC address of the DHCP leased host. MAC Address IP AddressThis displays the IP address of the DHCP leased host. Remaining Time RefreshClick this to refresh the list. This displays the how much time is left on the host s lease. MAX208M2W Series Users Guide 101 Chapter 7Network Setting 7.8 WLAN Use this screen to configure the connections between the MAX208M2W Series and the wireless clients that want to access the Internet. Click Network Setting > WLAN to open this screen as shown next. Figure 40 WLAN Screen This screen contains the following fields:
DESCRIPTION Table 28 Network Setting WLAN LABEL WiFi Settings Enable WLANSelect this to activate the wireless LAN. WLAN Mode Select 802.11B/G mixed to allow both IEEE802.11b and IEEE802.11g compliant WLAN devices to associate with the HES-219M2W. Select 802.11B only to allow only IEEE 802.11b compliant WLAN devices to associate with the HES-219M2W. Select 802.11A only to allow only IEEE 802.11a compliant WLAN devices to associate with the HES-219M2W. Select 802.11G only to allow only IEEE 802.11g compliant WLAN devices to associate with the HES-219M2W. WLAN ChannelSelect this option and set the operating fequency/channel depending on your particular region. Select Auto to have the MAX208M2W Series scan and find an available channel. 102 MAX208M2W Series Users Guide Chapter 7Network Setting Table 28 Network Setting WLAN LABEL WLAN Maximum STA number WLAN TxPowerSelect a number between 1 and 24 dB in the drop down box to DESCRIPTION Enter the maximum number of wireless stations that is allowed to associate with the MAX208M2W Series. control the strength of the connection signal, or leave it as default to let the MAX208M2W Series control this feature. SSID Settings WLAN SSIDThis field displays the name of the wireless network and it will appear to other computers that wish to connect wirelessly to the Internet. Hide SSIDSelect this to make the name of the network invisible to others. Encryption Type SSID WEP Settings Select the type of encryption that the network will use: None, WEP or WPA Personal. Note: You will only see these options if you selected WEP as the Encryption Type Authentication Method WEP Encryption Length Key 1 - 4 Select the type of authentication used to join the network:
OPEN SYSTEM or SHARED KEY. Select the length of the encryption key: 64-bit or 128-bit. Pick one of four available keys. The key can be in either HexaDecimal (HEX) or ASCII format. Type the key using any letters and numbers. The field is case sensitive and the lenght must match the length picked in the step above (64-bit or 128-bit). A warning mesage will appear if you fail to do this. SSID WPA Settings Note: You will only see these options if you selected WPA Personal as the Encryption Type. WPA Mode Cipher Type Pre-shared Key Select either WPA, WPA2 or Auto (WPA or WPA2). Select the type of authentication that you wish to use for your network: TKIP, AES or TKIP and AES. AES is more secure. Type a pre-shared key from 8 to 63 case-sensitive ASCII char-
acters (including spaces and symbols). MAX208M2W Series Users Guide 103 Chapter 7Network Setting 7.9 WPS Use this screen to configure WiFi Protected Setup (WPS) on your MAX208M2W Series. WPS allows you to quickly set up a wireless network with strong security without having to configure security settings manually. Set up each WPS connection between two devices. Both devices have to support WPS. Click Network Setting > WLAN > WPS to open this screen as shown next. Figure 41 WPS Screen This screen contains the following fields:
Table 29 WPS LABEL Enable WPSSelect DESCRIPTION Enable and click Apply to activate WPS on the MAX208M2W Series. Select Disable and click Apply to deactivate WPS. Start WPS PBCThis field is available after you select and click Apply. Enable in the Enable WPS field Click this to activate the Push Button Configuration. After clicking this you will be able to use the WPS button at the back of the device to add new wireless clients. Note: You must press the WPS buttons within two minutes of each other. 7.10 MAC Address Filter Use these screens to configure a MAC (Media Access Control) address filter to restrict access to the network. 104 MAX208M2W Series Users Guide Chapter 7Network Setting Click on Network Setting > WLAN > MAC Address Filter. The screen appears as shown. Figure 42 MAC Address Filter Screen This screen contains the following fields:
Table 30 MAC Address Filter DESCRIPTION LABEL Select the check box to enable MAC address filtering. Then, the Enable MAC Address Filter following fields display. Mode Define the filter action for the list of MAC addresses in the MAC address table. Select Allow listed stations to permit access to the MAX208M2W Series only to addresses listed. MAC addresses not listed will be denied access to the MAX208M2W Series. Select Deny listed stations to block access to the MAX208M2W Series to the computers or devices listed in this list.
#This is the index number of the MAC address. ActiveSelect this box to make the policy effective or ineffective for a particular device. NameType the name of the device. The name can be up to 20 MAC Address characters long, and any combination of letters, numbers or symbols. Enter the MAC addresses of the wireless devices that are allowed or denied access to the MAX208M2W Series in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc. DeleteClick to delete a specific MAC address from the list. AddClick to add a MAC address to the list. OKClick this button when you are done adding a MAC Address. MAX208M2W Series Users Guide 105 Chapter 7Network Setting 7.11 Static Route Use these settings to create fixed paths through the network. Click Network Setting > Route > Static Route to open this screen as shown next. Figure 43 Static Route Screen This screen contains the following fields:
DESCRIPTION Table 31 Static Route LABEL DestinationThis field displays the destination IP address of the static route. Subnet MaskThis field displays the subnet mask of the static route. Next HopThis field displays next hop information of the static route. MetricThis field displays the static route metric. AddClick this to add a new static route to the list. 7.12 Static Route Add Use these settings to configure a static route. Click Add in the Network Setting > Route > Static Route screen to open this screen as shown next. Figure 44 Static Route Screen 106 MAX208M2W Series Users Guide This screen contains the following fields:
Chapter 7Network Setting Table 32 Static Route LABEL Destination IPEnter the destination IP address of the static route. Subnet MaskEnter the subnet mask of the static route. Next HopSelect DESCRIPTION static route. Interface and then select WAN or LAN for the next hop of the If the next hop is an IP address rather than an interface on the MAX208M2W Series, select IP Address and enter the IP address. MetricEnter the static route metric. 7.13 RIP Use these settings to configure how the WiMAX Device exchanges information with other routers. Click Network Setting > Route > RIP to open this screen as shown next. Figure 45 RIP Screen MAX208M2W Series Users Guide 107 Chapter 7Network Setting This screen contains the following fields:
Table 33 RIP LABEL General Setup DESCRIPTION EnableSelect this to enable RIP on the MAX208M2W Series. Redistribute ActiveThis indicates whether a route is being redistributed. TypeThis indicates what type of route is being redistributed. MetricThis indicates the metric that is being used for redistribution. EditClick this to edit a selected route. OKClick this to save any changes to the redistribution table. LAN DirectionSet the LAN network direction to use with RIP. VersionSet the RIP version to use. AuthenticationUse this option to enable or disable RIP authentication. Authentication ID Authentication Key Enter the authentication ID to use for RIP authentication. Enter the authentication key to use for RIP authentication. WAN DirectionSet the WAN network direction to use with RIP. VersionSet the RIP version to use. AuthenticationUse this option to enable or disable RIP authentication. Authentication ID Authentication Key Enter the authentication ID to use for RIP authentication. Enter the authentication key to use for RIP authentication. 7.14 Port Forwarding Use these settings to forward incoming service requests to the ports on your local network. Note: Make sure you did not configure a DMZ host in the Network Setting > NAT >
DMZ screen if you want to make the settings of this screen work. 108 MAX208M2W Series Users Guide Chapter 7Network Setting Click Network Setting > NAT > Port Forwarding to open this screen as shown next. Figure 46 Port Forwarding Screen This screen contains the following fields:
DESCRIPTION Table 34 Port Forwarding LABEL ActiveThis indicates whether the port forwarding rule is active or not. NameThe displays the name of the port forwarding rule. ProtocolThis displays the protocol to which the port forwarding rule applies. Incoming Port(s) Start PortThis displays the starting port number for incoming traffic for the port forwarding rule. End PortThis displays the ending port number for incoming traffic for the port forwarding rule. Forward Port(s) Start Port End Port This field displays the beginning of the range of port numbers forwarded by this rule. This field displays the end of the range of port numbers forwarded by this rule. If it is the same as the Start Port, only one port number is forwarded. Server IPThis displays the IP address of the server to which packet for the selected port(s) are forwarded. DeleteClick this to delete a specified rule. WizardClick this to open the port forwarding AddClick this to add a new port forwarding rule. OKClick this to save any changes made to the port forwarding list. wizard. MAX208M2W Series Users Guide 109 Chapter 7Network Setting 7.14.1 Port Forwarding Wizard Use this wizard to set up a port forwarding rule for incoming service requests to the ports on your local network. Click Network Setting > NAT > Port Forwarding > Wizard to open this screen as shown next. Figure 47 Port Forwarding Wizard Screen This screen contains the following fields:
DESCRIPTION Table 35 Port Forwarding Wizard LABEL ActiveSelect this to make this port forwarding rule active. Port Forward Select the type of port forwarding rule. Rule Rule NameEnter a name for the port forwarding rule. ProtocolSelect the port forwarding protocol. Incoming Start Port Incoming End Port Forwarding Start Port Forwarding End Port Server IPEnter the port forwarding server IP address. Enter the starting port number for incoming traffic for the port forwarding rule. Enter the ending port number for incoming traffic for the port forwarding rule. Enter the starting port number for forwarded traffic for the port forwarding rule. Enter the ending port number for forwarded traffic for the port forwarding rule. 110 MAX208M2W Series Users Guide Chapter 7Network Setting 7.15 Port Trigger Use these settings to automate port forwarding and allow computers on local network to provide services that would normally require a fixed address on the local network. Click Network Setting > NAT > Port Trigger to open this screen as shown next. Figure 48 Port Trigger Screen This screen contains the following fields:
DESCRIPTION Table 36 Port Trigger LABEL ActiveThis indicates whether the port trigger rule is active or not. NameThe displays the name of the port trigger rule. Trigger ProtocolThis displays the protocol to which the port trigger rule applies. Trigger Port(s) Start / End Port This displays the start / end trigger port for the port trigger rule. Click Add to create a new, empty rule, then enter the incoming port number or range of port numbers you want to forward to the IP address the MAX208M2W Series records. To forward one port number, enter the port number in the Start Port and End Port fields. To forward a range of ports, enter the port number at the beginning of the range in the Start Port field enter the port number at the end of the range in the End Port field. If you want to delete this rule, click the Delete icon. Open ProtocolThis indicates which protocol is used to open the port trigger ports. Open Port(s) MAX208M2W Series Users Guide 111 Chapter 7Network Setting Table 36 Port Trigger (continued) LABEL Start / End Port DESCRIPTION This displays the start / end open port for the port trigger rule. Click Add to create a new, empty rule, then enter the outgoing port number or range of port numbers that makes the MAX208M2W Series record the source IP address and assign it to the selected incoming port number(s). To select one port number, enter the port number in the Start Port and End Port fields. To select a range of ports, enter the port number at the beginning of the range in the Start Port field enter the port number at the end of the range in the End Port field. If you want to delete this rule, click the Delete icon. DeleteClick this to delete a specified rule. WizardClick this to open the port trigger AddClick this to add a new port trigger rule. OKClick this to save any changes made to the port trigger list. wizard. 7.15.1 Port Trigger Wizard Use the wizard to create a port trigger rules that will allow the MAX208M2W Series to to automate port forwarding and allow computers on local network to provide services that would normally require a fixed address on the local network. Click Network Setting > NAT > Port Trigger > Wizard Figure 49 Port Trigger Wizard Screen 112 MAX208M2W Series Users Guide Chapter 7Network Setting This screen contains the following fields:
Table 37 Port Trigger Wizard LABEL DESCRIPTION ActiveSelect this to make this port trigger rule active. Port Trigger Select the type of port trigger rule. Rule Rule NameEnter a name for the port trigger rule. Trigger ProtocolSelect the type of port trigger protocol. Trigger Start Port Trigger End PortEnter the port trigger end port. Open ProtocolSelect the type of open protocol for the port trigger rule. Open Start PortSelect the starting open port for the port trigger rule. Open End PortSelect the ending open port number for the port trigger rule. Enter the port trigger start port. 7.15.2 Trigger Port Forwarding Example The following is an example of trigger port forwarding. In this example, J is Janes computer and S is the Real Audio server. Figure 50 Trigger Port Forwarding Example 1 2 3 4 Jane requests a file from the Real Audio server (port 7070). Port 7070 is a trigger port and causes the MAX208M2W Series to record Janes computer IP address. The MAX208M2W Series associates Jane's computer IP address with the "incoming" port range of 6970-7170. The Real Audio server responds using a port number ranging between 6970-7170. The MAX208M2W Series forwards the traffic to Janes computer IP address. MAX208M2W Series Users Guide 113 Chapter 7Network Setting 5 Only Jane can connect to the Real Audio server until the connection is closed or times out. The MAX208M2W Series times out in three minutes with UDP (User Datagram Protocol), or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol). Two points to remember about trigger ports:
1 2 Trigger events only happen on data that is coming from inside the MAX208M2W Series and going to the outside. If an application needs a continuous data stream, that port (range) will be tied up so that another computer on the LAN cant trigger it. 7.16 DMZ Use this page to set the IP address of your network DMZ (if you have one) for the WiMAX Device. All incoming packets received by this MAX208M2W Seriess WAN interface will be forwarded to the DMZ host you set. Click Network Setting > NAT > DMZ to open this screen as shown next. Note: The configuration you set in this screen takes priority than the Network Setting
> NAT > Port Forwarding screen. Figure 51 DMZ Screen This screen contains the following fields:
Table 38 DMZ LABEL DMZ HostEnter the IP address of your network DMZ host, if you have one. DESCRIPTION 0.0.0.0 means this feature is disabled. 114 MAX208M2W Series Users Guide Chapter 7Network Setting 7.17 ALG Use these settings to bypass NAT on your WiMAX Device for those applications that are "NAT un-friendly". Click Network Setting > NAT > ALG to open this screen as shown next. Figure 52 ALG Screen This screen contains the following fields:
Table 39 Network Setting > NAT > ALG LABEL Enable FTP ALGTurns on the FTP ALG to detect FTP (File Transfer Program) traffic and DESCRIPTION Enable H.323 ALG helps build FTP sessions through the MAX208M2W Series s NAT. Turns on the H.323 ALG to detect H.323 traffic (used for audio communications) and helps build H.323 sessions through the MAX208M2W Seriess NAT. Turns on the IPsec ALG to detect IPsec traffic and helps build IPsec sessions through the MAX208M2W Seriess NAT. Turns on the L2TP ALG to detect L2TP traffic and helps build L2TP sessions through the MAX208M2W Seriess NAT. Turns on the PPTP ALG to detect PPTP traffic and helps build PPTP sessions through the MAX208M2W Seriess NAT. Turns on the RTSP ALG to detect RTSP traffic and helps build RTSP sessions through the MAX208M2W Seriess NAT. Enable IPsec ALG Enable L2TP ALG Enable PPTP ALG Enable RTSP ALG Enable SIP ALGTurns on the SIP ALG to detect SIP traffic and helps build SIP sessions through the MAX208M2W Seriess NAT. SIP PortIf you are using a custom UDP port number (not 5060) for SIP traffic, Enable SIP ALG Set BSID enter it here. Check this box to add the base station ID to the outgoing SIP messages. Select this option only if the media server forwarding calls requires this information. MAX208M2W Series Users Guide 115 Chapter 7Network Setting 7.18 UPnP Use this page to enable the UPnP networking protocol on your WiMAX Device and allow easy network connectivity with other UPnP-compatible devices. Click Network Setting > UPnP to open this screen as shown next. Figure 53 UPnP Screen This screen contains the following fields:
Table 40 UPnP LABEL Enable UPnPSelect this to enable UPnP on the MAX208M2W Series. Enable NAT-PMPSelect this to enable NAT Port Mapping Protocol on the MAX208M2W DESCRIPTION Series. 7.18.1 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start > Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components . 116 MAX208M2W Series Users Guide 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Chapter 7Network Setting 5 In the Networking Services window, select the Universal Plug and Play check box. 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. MAX208M2W Series Users Guide 117 Chapter 7Network Setting 7.18.1.1 Auto-discover Your UPnP-enabled Network Device in Windows XP This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the MAX208M2W Series. Make sure the computer is connected to a LAN port of the MAX208M2W Series. Turn on your computer and the MAX208M2W Series. 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. 118 MAX208M2W Series Users Guide 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Chapter 7Network Setting 4 You may edit or delete the port mappings or click Add to manually add port mappings. 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. MAX208M2W Series Users Guide 119 Chapter 7Network Setting 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. 7 Double-click on the icon to display your current Internet connection status. 7.18.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the MAX208M2W Series without finding out the IP address of the MAX208M2W Series first. This becomes helpful if you do not know the IP address of the MAX208M2W Series. Follow the steps below to access the web configurator:
1 Click Start and then Control Panel. 2 Double-click Network Connections. 120 MAX208M2W Series Users Guide 3 Select My Network Places under Other Places. Chapter 7Network Setting 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your MAX208M2W Series and select Invoke. The web configurator login screen displays. MAX208M2W Series Users Guide 121 Chapter 7Network Setting 6 Right-click on the icon for your MAX208M2W Series and select Properties. A properties window displays with basic information about the MAX208M2W Series. 7.19 VLAN Use this screen to configure port-based VLAN settings on the MAX208M2W Series. This screen allows you to assign port(s) to specific virtual LAN(s) in order to isolate traffic from different VLAN groups. 122 MAX208M2W Series Users Guide Click Network Setting > VLAN to open the screen as shown next. Figure 54 VLAN Screen Chapter 7Network Setting This screen contains the following fields:
Table 41 VLAN LABEL Management VLAN VLAN IDEnter an ID number (1~4094) to create a new VLAN. Enter 0 to disable DESCRIPTION VLAN on the MAX208M2W Series. Note: To use VLAN on the MAX208M2W Series, you must switch the operation mode to bridge on the Network Setting >
WAN screen. It will then require system restart to take effect. PriorityEnter a priority level (1~7) that the MAX208M2W Series assigns to frames belonging to this VLAN. Enter 0 for no priority assigned. Port Egress Tagging
#This is the index number of a port (1 or 2). MAX208M2W Series Users Guide 123 Chapter 7Network Setting Table 41 VLAN LABEL TagThis field displays whether to prioritize traffic transmitted by the port, DESCRIPTION tagged or untagged. Click this field to change the setting. Set this to untagged if you do not want to prioritize outgoing traffic through the port. OKClick this to save the changes in the Port Settings
#This is the index number of a port (1 or 2). PVID GroupThis field displays the index number of a VLAN rule with which the port Port Egress Tagging section. is associated. Click this field to change the setting. Select MGMT to allow the computer(s) connected to the port to access the MAX208M2W Series using the LAN IP address (see the Network Setting > LAN
> IP screen). Note: Set one port to MGMT so that you can still manage the MAX208M2W Series through the port. Set both ports to tagged if you do not need to manage the MAX208M2W Series any more. PriorityEnter a priority level (1~7) that the MAX208M2W Series assigns to frames belonging to this VLAN. Enter 0 for no priority assigned. OKClick this to save the changes in the VLAN Rules - You can configure up to 7 VLANs on the MAX208M2W Series. By default, VLANs 1 to 7 are configured.
#This is the index number of a VLAN rule. VIDThis field displays the VLAN ID of the VLAN rule. Click this field to Port Settings section. change the VLAN ID. When you make the change, make sure you configure the same VLAN ID in the Management VLAN section.. Port1 / Port 2This is an indicator of which port is being configured. JoinSelect TagThis field displays the allowed traffic for the port, VLAN-
Y to add the port into the VLAN group. Otherwise, select N. tagged or VLAN-untagged. Click this field to change the setting. OKClick this to save the changes in the VLAN Rules section. 124 MAX208M2W Series Users Guide Chapter 7Network Setting 7.20 DDNS Use this page to configure the WiMAX Device as a dynamic DNS client. Click Network Setting > DDNS Figure 55 DDNS Screen This screen contains the following fields:
Select the dynamice DNS service provider for the MAX208M2W Series. DESCRIPTION Select this to enable dynamic DNS on the MAX208M2W Series. Table 42 DDNS LABEL Enable Dynamic DNS Service Provider Service TypeSelect the dynamic DNS service type. Domain NameEnter the domain name. Login NameEnter the user name. PasswordEnter the password. IP Update PolicySelect the policy used by the MAX208M2W Series. Options are:
Auto Detect WAN User Defined User Defined IPIf chose User Defined for the IP Update Policy, enter the user defined IP address. WildcardsSelect this to allow a hostname to use wildcards such as MXSelect this to enable mail routing, if supported by the specified DYNDNS
*. service provider. MAX208M2W Series Users Guide 125 Chapter 7Network Setting Table 42 DDNS (continued) LABEL Backup MXSelect this to enable a secondary mail routing, if supported by the DESCRIPTION specified DYNDNS service provider. MX HostEnter the host to which mail is routed when the MX option is selected. 7.21 Content Filter Use these settings to allow ("whitelist") or block ("blacklist") connections to and from specific web sites through the WiMAX Device. Click Network Setting > Content Filter to open this screen as shown next. Figure 56 Content Filter Screen This screen contains the following fields:
Table 43 Content Filter LABEL URL List DESCRIPTION Enable URL Filter Blacklist/
Whitelist Select this employ the content filter to allow (whitelist) or block
(blacklist) specific URL connections made through the MAX208M2W Series. Select whether the current filtering applies to the blacklist (sites that are blocked) or the whitelist (sites that are allowed). URL Filter Rule ActiveIndicates whether the current URL filter is active or not. URLIndicates the URL to be filtered according to blacklist or whitelist rules. DeleteClick this to delete a specified rule. AddClick this to add a new filter rule. OKClick this to save any changes made to the list. 126 MAX208M2W Series Users Guide CHAPTER 8 Security 8.1 Overview This chapter shows you how to configure the MAX208M2W Seriess network settings. 8.1.1 What You Need to Know The following terms and concepts may help as you read through this chapter. About the MAX208M2W Seriess Security Features The MAX208M2W Series security features are designed to protect against Denial of Service attacks when activated as well as block access to and from specific URLs and MAC addresses. Its purpose is to allow a private Local Area Network
(LAN) to be securely connected to the Internet. The MAX208M2W Series can be used to prevent theft, destruction and modification of data. The MAX208M2W Series is installed between the LAN and a WiMAX base station connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The MAX208M2W Series has one Ethernet (LAN) port. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-
mail, FTP and the World Wide Web. However, inbound access is not allowed (by default) unless the remote host is authorized to use a specific service. MAX208M2W Series Users Guide 127 Chapter 8Security 8.2 IP Filter Use this screen to block incoming connections from specific IP addresses. Click Security > Firewall > IP Filter to open this screen as shown next. Figure 57 IP Filter Screen This screen contains the following fields:
Table 44 IP Filter LABEL ActiveIndicates whether the current IP filter is active or not. Source IPThis displays the source IP address for the IP filter rule. DESCRIPTION Click Add to create a new, empty rule, then enter the incoming IP address for the MAX208M2W Series to block. If you want to delete this rule, click the Delete icon. Source PortThis displays the source port number for the IP filter rule. Click Add to create a new, empty rule, then enter the incoming port number for the MAX208M2W Series to block. If you want to delete this rule, click the Delete icon. Destination IPThis displays the destination IP address for the IP filter rule. Click Add to create a new, empty rule, then enter the outgoing IP address for the MAX208M2W Series to block. If you want to delete this rule, click the Delete icon. Destination PortThis displays the destination port number for the IP filter rule. Click Add to create a new, empty rule, then enter the outgoing port number for the MAX208M2W Series to block. If you want to delete this rule, click the Delete icon. ProtocolThis displays the protocol blocked by the IP filter rule. Click Add to create a new, empty rule, then select the protocol type for the MAX208M2W Series to block. If you want to delete this rule, click the Delete icon. DeleteClick this to delete a specified rule. AddClick this to add a new filter rule. OKClick this to save any changes made to the list. 128 MAX208M2W Series Users Guide Chapter 8Security 8.3 MAC Filter Use this screen to allow ("whitelist") or block ("blacklist") connections to and from specific devices on the network based on their unique MAC addresses. Note: This feature only works when the MAX208M2W Series is in bridge mode. Click Security > Firewall > MAC Filter to open this screen as shown next. Figure 58 MAC Filter Screen This screen contains the following fields:
Table 45 MAC Filter LABEL Blacklist/
Whitelist Source MACThis displays the source MAC for the MAC filter rule. DESCRIPTION Select either whitelist or blacklist for viewing and editing. Click Add to create a new, empty rule, then enter the incoming MAC address for the MAX208M2W Series to block. If you want to delete this rule, click the Delete icon. This displays the destination MAC for the MAC filter rule. Click Add to create a new, empty rule, then enter the outgoing MAC address for the MAX208M2W Series to block. If you want to delete this rule, click the Delete icon. Select which days of the week you want the filter rule to be effective. Select what time each day you want the filter rule to be effective. Enter times in 24-hour format; for example, 3:00pm should be entered as 15:00. Destination MAC Mon ~ Sun Start / End Time AddClick this to add a new filter rule. OKClick this to save any changes made to the list. MAX208M2W Series Users Guide 129 Chapter 8Security 8.4 DDOS Use these settings to potentially block specific types of Denial of Service attacks directed at your WiMAX Device. Click Security > Firewall > DDOS to open this screen as shown next. Figure 59 DDOS Screen This screen contains the following fields:
Table 46 DDOS LABEL Prevent from TCP SYN Flood Prevent from UDP Flood Prevent from ICMP Flood Prevent from Port Scan Prevent from LAND Attack DESCRIPTION Select this to monitor for and block TCP SYN flood attacks. A SYN flood is one type of denial of service attack where an overwhelming number of SYN requests assault a client device. Select this to monitor for and block UDP flood attacks. An UDP flood is a type of denial of service attack where an overwhelming number of UDP packets assault random ports on a client device. Because the device is forced to analyze and respond to each packet, it quickly becomes unreachable to other devices. Select this to monitor for and block ICMP flood attacks. An ICMP flood is a type of denial of service attack where an overwhelming number of ICMP ping assault a client device, locking it down and preventing it from responding to requests from other servers. Select this to monitor for and block port scan attacks. A port scan attack is typicall the precursor to a full-blown denial of service attack wherein each port on a device is probed for security holes that can be exploited. Once a security flaw is discovered, an attacker can initiate the appropriate denial of service attack or intrusion attack against the client device. Select this to monitor for and block LAND attacks. A Local Area Network Denial (LAND) attack is a type of denial of service attack where a spoofed TCP SYN packet targets a client devices IP address and forces it into an infinite recursive loop of querying itself and then replying, effectively locking it down. 130 MAX208M2W Series Users Guide Chapter 8Security Table 46 DDOS (continued) LABEL Prevent from IP Spoof DESCRIPTION Select this to monitor for and block IP address spoof attacks. An IP address spoof is an attack whereby the source IP address in the incoming IP packets allows a malicious party to masquerade as a legitimate user and gain access to the client device. Select this to monitor for and block ICMP redirect attacks. An ICMP redirect attack is one where forged ICMP redirect messages can force the client device to route packets for certain connections through an attackers host. Select this to monitor for and block ping of death attacks. A Ping of Death (POD) attack is one where larger-than-allowed ping packets are fragmented then sent against a client device. This results in the client device suffering from a buffer overflow and subsequent system crash. Select this to ignore ping requests from the WAN. Prevent from ICMP redirect Prevent from PING of Death Prevent from PING from WAN MAX208M2W Series Users Guide 131 Chapter 8Security 132 MAX208M2W Series Users Guide CHAPTER 9 The VoIP General Screens 9.1 VoIP Overview The VOICE > General screens allow you to set up global SIP and Quality of Service (QoS) settings. VoIP (Voice over IP) is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit-switched telephone network. You can also use servers to run telephone service applications like PBX services and voice mail. Internet Telephony Service Provider (ITSP) companies provide VoIP service. A company could alternatively set up an IP-PBX and provide its own VoIP service. Circuit-switched telephone networks require 64 kilobits per second (kbps) in each direction to handle a telephone call. VoIP can use advanced voice coding techniques with compression to reduce the required bandwidth. 9.1.1 What You Can Do in This Chapter The Media screen (Section 9.2 on page 135) lets you set up and maintain global VoIP settings on the MAX208M2W Series. The QoS screen (Section 9.2 on page 135) lets you set up and maintain QoS settings for voice traffic flowing through the MAX208M2W Series. 9.1.2 What You Need to Know The following terms and concepts may help as you read through this chapter. Voice Coding A codec (coder/decoder) codes analog voice signals into digital signals and decodes the digital signals back into voice signals. The MAX208M2W Series supports the following codecs. MAX208M2W Series Users Guide 133 Chapter 9The VoIP General Screens G.711 is a Pulse Code Modulation (PCM) waveform codec. PCM measures analog signal amplitudes at regular time intervals (sampling) and converts them into digital bits (quantization). Quantization reads the analog signal and then writes it to the nearest digital value. For this reason, a digital sample is usually slightly different from its analog original (this difference is known as quantization noise). G.711 provides excellent sound quality but requires 64kbps of bandwidth. G.729 is an Analysis-by-Synthesis (AbS) hybrid waveform codec. It uses a filter based on information about how the human vocal tract produces sounds. The codec analyzes the incoming voice signal and attempts to synthesize it using its list of voice elements. It tests the synthesized signal against the original and, if it is acceptable, transmits details of the voice elements it used to make the synthesis. Because the codec at the receiving end has the same list, it can exactly recreate the synthesized audio signal.G.729 provides good sound quality and reduces the required bandwidth to 8kbps. Quality of Service (QoS) Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay and the networking methods used to provide bandwidth for real-
time multimedia applications. Type Of Service (ToS) Network traffic can be classified by setting the ToS (Type Of Service) values at the data source (for example, at the MAX208M2W Series) so a server can decide the best method of delivery, that is the least cost, fastest route and so on. The ToS field is consist of 8 bits. The first 3 bits indicate the priority of the packet. DiffServ DiffServ is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired. This allows the intermediary DiffServ-compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow. In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going. DiffServ uses the first 6 bits of the 8-bit ToS value so that it can backward compatible with non-DiffServ compliant but ToS-enabled network device. See Section 9.3.1 on page 137 for more information. SIP The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and 134 MAX208M2W Series Users Guide Chapter 9The VoIP General Screens multimedia sessions over the Internet. SIP signaling is separate from the media for which it handles sessions. The media that is exchanged during the session can use a different path from that of the signaling. SIP handles telephone calls and can interface with traditional circuit-switched telephone networks. RTP When you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is used to handle voice data transfer. See RFC 1889 for details on RTP. 9.1.3 Before you Begin Ensure that you have all of your voice account information on hand. If not, contact your voice account service provider to find out which settings in this chapter you should configure in order to use your telephone with the MAX208M2W Series. Connect your MAX208M2W Series to the Internet, as described in the Quick Start Guide. If you have not already done so, then you will not be able to test your VoIP settings. 9.2 Media Click VoIP > General > Media to set up and maintain global VoIP settings. Figure 60 VoIP > General > Media MAX208M2W Series Users Guide 135 Chapter 9The VoIP General Screens The following table describes the labels in this screen. Table 47 VoIP > General > Media LABEL Port Range Media Port Start DESCRIPTION Media Port End Enter the listening port number(s) for RTP traffic on the MAX208M2W Series, if your VoIP service provider gave you this information. Otherwise, keep the default values. To enter one port number, enter the port number in the both Media Port Start and Media Port End fields. To enter a range of ports, enter the beginning port number of the range in the Media Port Start field and the ending port number in the Media Port End field. Codec Packetization Time Settings G.711, G.729 Select the type of voice coder/decoder (codec) that you want the MAX208M2W Series to use. G.711 provides high voice quality but requires more bandwidth (64 kbps). G.729 requires only 8 kbps. Advanced Voice Jitter Buffer Type Voice Jitter Buffer Length Packet Loss Concealment T.38 Static Jitter Length Voice jitter is a variation in delay of RTP packets delivery. This could cause strange sound effects. The MAX208M2W Series can utilize the following types of jitter buffer to minimize the effects of jitter. Dynamic - Jitter buffer size is dynamically changed by RTP packets delivery status. Static - Jitter buffer size is fixed. Select the maximum number of milliseconds of voice traffic the MAX208M2W Series can help to smooth out the jitter in order to ensure good voice quality for your conversations. Packets may be dropped due to an overwhelming amount of traffic on the network. Some degree of packet loss will not be noticeable to the end user, but as packet loss increases the quality of sound degrades. Select this to have the MAX208M2W Series to improve the voice quality when packet loss occurrs. T.38 is an ITU-T standard that VoIP devices use to send fax messages over the Internet. Select the number of milliseconds for the jitter buffer size used for transmitting T.38 fax messages. 9.2.1 QoS This section describes the features of the Quality of Service (QoS) screen. 136 MAX208M2W Series Users Guide Chapter 9The VoIP General Screens 9.2.2 QoS Settings Click VoIP > General > QoS to set up Type of Service (ToS) and Differentiated Services (Diffserv) settings for voice traffic transmission through the MAX208M2W Series. Figure 61 VoIP > General > QoS The following table describes the labels in this screen. Table 48 VoIP > General > QoS LABEL SIP ToS/
DiffServ DESCRIPTION Enter the first 6 bits of the ToS field in hexadecimal (in a format of 0x00), which you want to mark on all outgoing SIP packets flowing through the MAX208M2W Series. The MAX208M2W Series automatically converts this number to another in order to compatible with DiffServ-
enabled network. For example, if you enter 0x2E, it is 101110 in binary for ToS service. The MAX208M2W Series converts it to 10111000 in binary for DiffServ-enabled network. Select the ToS value in hexadecimal (in a format of 0x00) to mark all outgoing RTP packets flowing through the MAX208M2W Series. RTP ToS/
DiffServ 9.3 Technical Reference The following section contains additional technical information about the MAX208M2W Series features described in this chapter. 9.3.1 DSCP and Per-Hop Behavior DiffServ defines a new DS (Differentiated Services) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels. The following figure illustrates the DS field. Figure 62 DiffServ: Differentiated Service Field DSCP
(6-bit) Unused
(2-bit) DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. MAX208M2W Series Users Guide 137 Chapter 9The VoIP General Screens The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. 138 MAX208M2W Series Users Guide CHAPTER 10 The VoIP Account Screens 10.1 Overview Use the VoIP > Account 1 and VoIP > Account 2 screens to configure SIP servers, authentication, additional VoIP features, dialing timeout values, speed-
dial rules and how to handle fax messages for two accounts on the MAX208M2W Series. Account 1 maps to phone port 1 and account 2 maps to phone port 2. Since both the Account 1 and Account 2 screens are quite similar, this section uses the VoIP > Account 1 screens to describe the fields. 10.1.1 What You Can Do in This Chapter The Status screen (Section 10.2 on page 144) lets you view the current status of the SIP server, STUN server, selected phone line and call history. You can also manually disconnect the VoIP connection or request the SIP server for a new connection. The Server screen (Section 10.3 on page 146) lets you configure the SIP server, proxy server, outbound server and STUN server settings for the phone line. The Feature screen (Section 10.4 on page 147) lets you configure the SIP additional functions such as DTMF, call forward, call waiting and hotline settings for the phone line. The User screen (Section 10.5 on page 150) lets you configure the SIP account, codec and SIP settings for the phone line. The Dialing screen (Section 10.6 on page 152) lets you configure some timeout setting for the phone line. The Speed Dial screen (Section 10.7 on page 152) lets you add, edit, or remove speed-dial entries for the phone line. The FAX screen (Section 10.8 on page 153) lets you configure which standard the phone line uses for sending FAXes. 10.1.2 What You Need to Know The following terms and concepts may help as you read through this chapter. MAX208M2W Series Users Guide 139 Chapter 10The VoIP Account Screens SIP Identities A SIP account uses an identity (sometimes referred to as a SIP address). A complete SIP identity is called a SIP URI (Uniform Resource Identifier). A SIP account's URI identifies the SIP account in a way similar to the way an e-mail address identifies an e-mail account. The format of a SIP identity is SIP-
Number@SIP-Service-Domain. SIP Number The SIP number is the part of the SIP URI that comes before the @ symbol. A SIP number can use letters like in an e-mail address (johndoe@your-ITSP.com for example) or numbers like a telephone number (1122334455@VoIP-provider.com for example). SIP Service Domain The SIP service domain of the VoIP service provider (the company that lets you make phone calls over the Internet) is the domain name in a SIP URI. For example, if the SIP address is 1122334455@VoIP-provider.com, then VoIP-
provider.com is the SIP service domain. SIP Register Server A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register. 10.1.3 SIP User Agent A SIP user agent can make and receive VoIP telephone calls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol. In the following figure, either A or B can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent to receive the call. Figure 63 SIP User Agent A B SIP Proxy Server A SIP proxy server receives requests from clients and forwards them to another server. 140 MAX208M2W Series Users Guide Chapter 10The VoIP Account Screens In the following example, you want to use client device A to call someone who is using client device C. The client device (A in the figure) sends a call invitation to the SIP proxy server
(B). The SIP proxy server forwards the call invitation to C. Figure 64 SIP Proxy Server 1 B 2 A C STUN STUN (Simple Traversal of User Datagram Protocol (UDP) through Network Address Translators) allows the MAX208M2W Series to find the presence and types of NAT routers and/or firewalls between it and the public Internet. STUN also allows the MAX208M2W Series to find the public IP address that NAT assigned, so the MAX208M2W Series can embed it in the SIP data stream. STUN does not work with symmetric NAT routers or firewalls. See RFC 3489 for details on STUN. The following figure shows how STUN works. The MAX208M2W Series (A) sends SIP packets to the STUN server (B). The STUN server (B) finds the public IP address and port number that the NAT router used on the MAX208M2W Seriess SIP packets and sends them to the MAX208M2W Series. 1 2 1 2 MAX208M2W Series Users Guide 141 Chapter 10The VoIP Account Screens 3 The MAX208M2W Series uses the public IP address and port number in the SIP packets that it sends to the SIP server (C). Figure 65 STUN NAT 1 2 A 3 Outbound Proxy Your VoIP service provider may host a SIP outbound proxy server to handle all of the MAX208M2W Seriess VoIP traffic. This allows the MAX208M2W Series to work with any type of NAT router and eliminates the need for STUN or a SIP ALG. Turn off a SIP ALG on a NAT router in front of the MAX208M2W Series to keep it from retranslating the IP address (since this is already handled by the outbound proxy server). NAT and SIP The MAX208M2W Series must register its public IP address with a SIP register server. If there is a NAT router between the MAX208M2W Series and the SIP register server, the MAX208M2W Series probably has a private IP address. The MAX208M2W Series lists its IP address in the SIP message that it sends to the SIP register server. NAT does not translate this IP address in the SIP message. The SIP register server gets the MAX208M2W Seriess IP address from inside the SIP message and maps it to your SIP identity. If the MAX208M2W Series has a private IP address listed in the SIP message, the SIP server cannot map it to your SIP identity. Use a SIP ALG (Application Layer Gateway), STUN, or outbound proxy to allow the MAX208M2W Series to list its public IP address in the SIP messages. Speed Dial and Peer-to-Peer Calling Speed dial provides shortcuts for dialing frequently used phone numbers. You can map a phone number to an alphanumeric keypad key (1 to 9) and then use that keypad key to call the phone number (press and hold the key for one second or longer). Use this screen to add, edit, or remove speed-dial numbers for outgoing calls. You also have to create speed-dial entries if you want to make peer-to-peer calls or call SIP numbers that use letters. 142 MAX208M2W Series Users Guide Chapter 10The VoIP Account Screens In peer-to-peer calls, you call another VoIP device directly without going through a SIP server. Enter the callees IP address or domain name. The MAX208M2W Series sends SIP INVITE requests to the peer VoIP device when you use the speed dial entry. You do not need to configure a SIP account in order to make a peer-to-peer VoIP call. DTMF Dual-Tone Multi-Frequency (DTMF) telephone call signaling uses pairs of frequencies (one lower frequency and one higher frequency) to set up calls. It is also known as Touch Tone. Each of the keys on a DTMF telephone corresponds to a different pair of frequencies. Supplementary Phone Services Overview Supplementary services such as call hold, call waiting, call transfer, etc. are generally available from your VoIP service provider. The MAX208M2W Series supports the following services:
Call Waiting Call Forwarding Caller ID Hotline Note: To take full advantage of the supplementary phone services available though the MAX208M2W Series's phone port, you may need to subscribe to the services from your VoIP service provider. MAX208M2W Series Users Guide 143 Chapter 10The VoIP Account Screens 10.2 Status Click VoIP > Account 1 (or Account 2) > Status to view VoIP settings and current status. Figure 66 VoIP > Account 1 (or Account 2) > Status The following table describes the labels in this screen. Table 49 VoIP > Account 1 (or Account 2) > Status LABEL Server Status DESCRIPTION SIP Register This field displays the IP address and service port number of the SIP register server, if you have configured one. This field displays the IP address and service port number of the second SIP register server, if you have configured one. SIP Service Domain Proxy ServerThis field displays the IP address and service port number of the SIP Outbound Server Register Status proxy server, if you have configured one. This field displays the IP address and service port number of the outbound proxy server, if you have configured one. This field displays Registered, if the connected phone is registered with the register server. It displays Unregistered if the phone has not registered successfully to the register server yet. STUN Status - see STUN on page 141 144 MAX208M2W Series Users Guide Chapter 10The VoIP Account Screens Table 49 VoIP > Account 1 (or Account 2) > Status LABEL DESCRIPTION STUN ServerThis field displays the IP address and service port number of the STUN
(Simple Traversal of UDP through NATs (Network Address Translation)) server, if you have configured one. STUN Status This field displays whether you have enabled STUN server support on the MAX208M2W Series. Line Status Subscriber Number Account Status Phone Status Call History This field displays the SIP phone number for the phone line. This indicates whether the SIP account is activated or not, or if it is unspecified for the phone line. This field displays busy if the SIP phone number is currently engaged, otherwise it displays idle. Missing call Received call This field displays the number of calls you have received through the connected phone since the MAX208M2W Series last restarted or was turned on. This field displays the number of calls you have missed since the MAX208M2W Series last restarted or was turned on. This field displays the number of calls you have made through the connected phone since the MAX208M2W Series last restarted or was turned on. Click this to register the MAX208M2W Series to the specified register server. Outgoing call Connect Disconnect Click this to disconnect the connected phone with the register server. MAX208M2W Series Users Guide 145 Chapter 10The VoIP Account Screens 10.3 Server Click VoIP > Account 1 (or Account 2) > Server to configure the register server, proxy server, outbound proxy server and NAT settings for this SIP account. Figure 67 VoIP > Account 1 (or Account 2) > Server The following table describes the labels in this screen. Table 50 VoIP > Account 1 (or Account 2) > Server LABEL Registrar Server DESCRIPTION Registrar Server Port NumberEnter the SIP server Enter the IP address or domain name of a SIP server. You can use up to 127 printable ASCII characters. s listening port number. Keep the default value, if you are not sure of this value. Enter the IP address or domain name of another SIP server, if your VoIP service provider gave you one. Otherwise, enter the same address that you have entered in the Registrar Server field. You can use up to 64 printable ASCII characters. Enter the session expiry time in seconds for the phone connections using this account. The allowable range is 60~65535 seconds. This allows the MAX208M2W Series to automatically disconnect any phone calls using this account after a certain period of inactivity. SIP Service Domain Registrar Period Time Proxy Server Proxy ServerEnter the IP address or domain name of the SIP proxy server provided by your VoIP service provider. You can use up to 64 printable ASCII characters. Port Number Enter the SIP proxy servers listening port number, if your VoIP service provider gave you one. Otherwise, keep the default value. Outbound Server 146 MAX208M2W Series Users Guide Chapter 10The VoIP Account Screens Table 50 VoIP > Account 1 (or Account 2) > Server LABEL Outbound Server DESCRIPTION Enter the IP address or domain name of the outbound proxy server provided by your VoIP service provider. You can use up to 127 printable ASCII characters. If you choose not to use an outbound proxy server, set this to 0.0.0.0. Port Number Enter the outbound proxys listening port number, if your VoIP service provider gave you one. Otherwise, leave it as the default 5060. If the outbound proxy is disabled (set to 0.0.0.0), then this port will be ignored. NAT Traversal STUN Server Enter the IP address or domain name of the STUN server, if your VoIP service provider gave you one. Otherwise, keep the default value. Port Number Enter the STUN servers listening port, if your VoIP service provider gave you one. Otherwise, keep the default value. 10.4 Feature Click VoIP > Account 1 (or Account 2) > Feature to configure advanced VoIP features such as DTMF, Call Forwarding, Call Waiting and hotline settings. Figure 68 VoIP > Account 1 (or Account 2) > Feature MAX208M2W Series Users Guide 147 Chapter 10The VoIP Account Screens The following table describes the labels in this screen. Table 51 VoIP > Account 1 (or Account 2) > Feature LABEL Feature Settings DESCRIPTION Select this to have the MAX208M2W Series block all incoming calls from phone that do not send caller ID. Block Anonymous Call Do Not Disturb
(DND) Hide User IDSelect this to not have your calling number display on the callee Select this to have the MAX208M2W Series not forward calls to the phone line. s caller ID. MWISelect this to enable Message Waiting Indicator (MWI) mode for this phone line. The MAX208M2W Series sends a beeping tone to the phone when there is at least one voicemail for the number. Hold MethodSelect the method to use when a call is put on hold. sendonly/recvonly - Select this to allow the MAX208M2W Series to send voice packets only but disallow to receive any voice packets. The peer end should change to a state which allows to receive voice packets from the MAX208M2W Series only but disallow to send any voice packets. inactive - Select this to disallow the MAX208M2W Series send or receive any voice packets. DTMF DTMFControl how the MAX208M2W Series handles the tones that the phone using this extension makes when you push its buttons. One use of the tones is to distinguish between numbers when trying to dial a PSTN phone number. You should use the same mode as your VoIP service provider. The choices are:
Out-of-band(RFC 2833) - Follow the RFC 2833 standard and send the DTMF tones in RTP packets. In Band - Send the DTMF tones in the voice data stream. This works best when you are using a codec that does not use compression
(like G.711). Codecs that use compression (like G.729) can distort the tones. Select this to have the MAX208M2W Series send the DTMF tones in SIP messages. SIP INFO Call Forward Setting Enable call Forwarding Unconditional CF, Unconditional CF Target Select this check box to enable call forward. Select this if you want the MAX208M2W Series to forward all incoming calls to the specified phone number, regardless of other rules in this Call Forward Setting section. Specify the phone number in the Unconditional CF Target field. 148 MAX208M2W Series Users Guide Chapter 10The VoIP Account Screens Table 51 VoIP > Account 1 (or Account 2) > Feature LABEL DESCRIPTION Select this if you want the MAX208M2W Series to forward incoming calls to the specified phone number if the phone port is busy. Specify the phone number in the Busy CF Target field. If you have call waiting, the incoming call is forwarded to the specified phone number if you reject or ignore the second incoming call. Select this if you want the MAX208M2W Series to forward incoming calls to the specified phone number if the call is unanswered. Specify the phone number in the No Answer CF Target field on the right. Select this to enable call waiting for this SIP account on the MAX208M2W Series. Busy CF, Busy CF Target No Answer CF, No Answer CF Target Call Waiting Setting Call waiting Hotline Setting Configure this section to have the MAX208M2W Series automatically dial the hotline target number after the line is off the hook for the duration specified in the Hotline Period Time field. This is especially useful for dialing emergency numbers. Hotline, Hotline Target Hotline Period Time Enter the number to be dialed once the MAX208M2W Series has surpassed the delay period. Enter the duration the phone can remain off the hook before automatically dialing the hotline number. You can set the delay from 5 to 10 seconds. MAX208M2W Series Users Guide 149 Chapter 10The VoIP Account Screens 10.5 User Click VoIP > Account 1 (or Account 2) > User to configure advanced VoIP settings such as DTMF, call forwarding, call waiting and hotline settings. Figure 69 VoIP > Account 1 (or Account 2) > User The following table describes the labels in this screen. Table 52 VoIP > Account 1 (or Account 2) > User LABEL SIP Account DESCRIPTION Enable Select this if you want the MAX208M2W Series to use this account. Clear it if you do not want the MAX208M2W Series to use this account. Enter your SIP number. In the full SIP URI, this is the part before the
@ symbol. You can use up to 127 printable ASCII characters. Subscriber Number Display NameEnter the name that appears on the other party s device if they have Caller ID enabled. You can use up to 127 printable ASCII characters. Type the SIP user name associated with this account for authentication to the SIP register server. Authentication Name This field can be 1-31 printable characters (A-Z, a-z, 0-9). PasswordType the SIP password associated with this account. This field can be 0-31 printable characters (A-Z, a-z, 0-9), underscores (_), pluses (+), periods (.), and at symbols (@). Codec Settings 150 MAX208M2W Series Users Guide Chapter 10The VoIP Account Screens Table 52 VoIP > Account 1 (or Account 2) > User LABEL 1st Codec, 2nd Codec, 3rd Codec DESCRIPTION Select the MAX208M2W Seriess first, second, and third choices of the type of voice coder/decoder (codec) that you want the phone line to use when communicating with the SIP server. The following codecs
(shown in highest quality to lowest quality order) are supported by the MAX208M2W Series:
G.711 aLaw (typically used in Europe) G.711 muLaw (typically used in North America and Japan) G.729 You can also select NONE for the 2nd and 3rd codecs if your VoIP service provider only gave you one or two codec settings. See Voice Codecs on page 227 for more information on voice codecs. When two SIP devices start a SIP session, they must agree on a codec. Media SIP User Agent Name SIP Local Port Session Timer Flag Enable Enter the name you want to show in the "User-Agent" header of SIP packets sent by this account. Enter the MAX208M2W Seriess listening port number, if your VoIP service provider gave you one. Otherwise, keep the default value. Select this activate the MAX208M2W Seriess session timer. If you encounter connectivity issues with your network or Internet, then it is suggested that you use the session timer. Session Timer Enter the session expiry time in seconds for all phone connections on this trunk The allowable range is 120~65535 seconds. This value cannot be lower than the Min Session Timer. Min Session Timer Timeout for Ring back This allows the MAX208M2W Series to automatically disconnect any phone calls on this trunk after a certain period of inactivity. Enter the minimum session expiry time in seconds. The allowable range is 90~65535 seconds. When an incoming call requests a session expiry time that is lower than this, the MAX208M2W Series uses this value instead. Enter the maximum number of seconds the MAX208M2W Series has the associated phone ring for an incoming call. After this time period is expired, the MAX208M2W Series has the phone stop ringing. The caller will hear a busy tone then. MAX208M2W Series Users Guide 151 Chapter 10The VoIP Account Screens 10.6 Dialing Click VoIP > Account 1 (or Account 2) > Dialing to configure dialing timeout values. Figure 70 VoIP > Account 1 (or Account 2) > Dialing The following table describes the labels in this screen. Table 53 VoIP > Account 1 (or Account 2) > Dialing LABEL Inter-digit Timeout First-digit Timeout DESCRIPTION Enter the maximum number of seconds (1~5) the MAX208M2W Series waits for each digit input of a complete callee number after you press the flash key on the phone. If the MAX208M2W Series cannot receive the next digit entered within this time period, the MAX208M2W Series processes digits you have dialed. Set the number of seconds (5~30) for the MAX208M2W Series to wait for you to start dialing a number after you pick up the telephone receiver. If you do not dial any number within that time period, the dial tone becomes a busy signal. Put back the receiver and pick it up again if you want to make a new call. 10.7 Speed Dial Click VoIP > Account 1 (or Account 2) > Speed Dial to add, edit, or remove speed-dial rules. Figure 71 VoIP > Account 1 (or Account 2) > Speed Dial The following table describes the labels in this screen. DESCRIPTION Table 54 VoIP > Account 1 (or Account 2) > Speed Dial LABEL Speed Dial Status EnableSelect this to enable speed dial on the MAX208M2W Series. Speed Dial Rules - This is a list of speed dial numbers. 152 MAX208M2W Series Users Guide Chapter 10The VoIP Account Screens Table 54 VoIP > Account 1 (or Account 2) > Speed Dial LABEL ActiveThis field displays whether the rule is activated or not. Short NumberThis field displays the speed-dial number you want to use for this phone DESCRIPTION number. Select the the speed-dial number you want to use for this phone number if you are editing the entry. Real NumberThis field displays the phone number you want the MAX208M2W Series to call when you use the specified short number. Enter the phone number you want the MAX208M2W Series to call when you use the specified short number if you are editing the entry. NotesThis field displays additional information for the speed-dial number. Enter additional information for the speed-dial number if your are editing the entry. RemoveClick this to remove the rule. AddClick this to add a new speed-dial rule. OK Click this to save the changes you made in this table. 10.8 FAX Click VoIP > Account 1 (or Account 2) > FAX to configure which standard the account uses for fax services. Figure 72 VoIP > Account 1 (or Account 2) > FAX MAX208M2W Series Users Guide 153 Chapter 10The VoIP Account Screens The following table describes the labels in this screen. Table 55 VoIP > Account 1 (or Account 2) > FAX LABEL Options DESCRIPTION Select which standard the MAX208M2W Series uses to handle faxes. The peer devices must also use standard. NONE - Disable the fax function. G.711A Pass Through - Select this option to send and receive fax messages over the network or Internet using VoIP (G.711a). By encoding fax data as audio data, faxes may be susceptible to packet loss and other errors. However, as this standard is considerably older than T.38, it is more compatible with older orobsolete systems. G.711U Pass Through - Select this option to send and receive fax messages over the network or Internet using VoIP (G.711u). By encoding fax data as audio data, faxes may be susceptible to packet loss and other errors. However, as this standard is considerably older than T.38, it is more compatible with older orobsolete systems. T.38 FAX Relay - Select this if the MAX208M2W Series should send fax messages as UDP or TCP/IP packets through IP networks. This provides better quality, but it may have interoperability problems. 10.9 Technical Reference The following section contains additional technical information about the MAX208M2W Series features described in this chapter. 10.9.1 SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call. A calls B. Table 56 SIP Call Progression A 1. INVITE 4. ACK 6. BYE 5.Dialogue (voice traffic) B 2. Ringing 3. OK 7. OK 154 MAX208M2W Series Users Guide Chapter 10The VoIP Account Screens 1 A sends a SIP INVITE request to B. This message is an invitation for B to participate in a SIP telephone call. 2 B sends a response indicating that the telephone is ringing. 3 B sends an OK response after the call is answered. 4 A then sends an ACK message to acknowledge that B has answered the call. 5 Now A and B exchange voice media (talk). 6 After talking, A hangs up and sends a BYE request. 7 B replies with an OK response confirming receipt of the BYE request and the call is terminated. 10.9.2 SIP Client Server SIP is a client-server protocol. A SIP client is an application program or device that sends SIP requests. A SIP server responds to the SIP requests. When you use SIP to make a VoIP call, it originates at a client and terminates at a server. A SIP client could be a computer or a SIP phone. One device can act as both a SIP client and a SIP server. MAX208M2W Series Users Guide 155 Chapter 10The VoIP Account Screens 156 MAX208M2W Series Users Guide CHAPTER 11 The VoIP Line Screens 11.1 Overview The VoIP > Line 1 and VoIP > Line 2 screens allow you to configure the volume, echo cancellation, VAD settings and custom tones for phone ports 1 and 2 which map to SIP accounts 1 and 2 (see Chapter 10 on page 139). Since both the Line 1 and Line 2 screens are quite similar, this section uses the VoIP > Line 1 screens to describe the fields. 11.1.1 What You Can Do in This Chapter The Phone screen (Section 11.2 on page 158) lets you configure phone settings. The Voice screen (Section 11.3 on page 159) lets you configure voice settings. The Profile screen (Section 11.4 on page 159) lets you configure which country of the world the MAX208M2W Series is in. 11.1.2 What You Need to Know The following terms and concepts may help as you read through this chapter. Voice Activity Detection/Silence Suppression/Comfort Noise Voice Activity Detection (VAD) detects whether or not speech is present. This lets the MAX208M2W Series reduce the bandwidth that a call uses by not transmitting silent packets when you are not speaking. When using VAD, the MAX208M2W Series generates comfort noise when the other party is not speaking. The comfort noise lets you know that the line is still connected as total silence could easily be mistaken for a lost connection. Echo Cancellation G.168 is an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk. MAX208M2W Series Users Guide 157 Chapter 11The VoIP Line Screens 11.2 Phone Click VoIP > Line 1 (or Line 2) > Phone to configure phone and caller ID settings. Figure 73 VoIP > Line 1 (or Line 2) > Phone The following table describes the labels in this screen. DESCRIPTION Table 57 VoIP > Line 1 (or Line 2) > Phone LABEL Phone Hook Flash Detect Upper Bound Hook Flash Detect Lower Bound Voice Tx Level Enter the number of milliseconds for the upper bound of a quick on-
hook and off-hook cycle in order to recognize a hook flash event. Enter the number of milliseconds for the lower bound of a quick on-
hook and off-hook cycle in order to recognize a hook flash event. Select the volume level transmitted by the MAX208M2W Series. -9 is the quietest, and 9 is the loudest. Select the volume level transmitted to the MAX208M2W Series. -9 is the quietest, and 9 is the loudest. Voice Rx Level Caller ID Caller ID Type Caller ID Display Caller ID Power Level Select the caller ID type (FSK Bellcore, Japan CLIP, or FSK ETSI) for the region in which the MAX208M2W Series is located. You can also Disable caller ID (means to not display the remote caller ID on the phone). Select when to display the caller ID of incoming calls on the associated phone, before or after it rings (Before Ring or After Ring). Enter the transmitting power level (0~3) the MAX208M2W Series uses to display caller ID on the associated phone.The corresponding power for each number:
0: -13.5 dBm 1: -13 dBm 2: -12 dBm 3: -11 dBm 158 MAX208M2W Series Users Guide Chapter 11The VoIP Line Screens 11.3 Voice Click VoIP > Line 1 (or Line 2) > Voice to configure voice settings. Figure 74 VoIP > Line 1 (or Line 2) > Voice The following table describes the labels in this screen. Table 58 VoIP > Line 1 (or Line 2) > Voice LABEL VAD - Voice Activity Detection DESCRIPTION Voice Active Detector Select one of the following Silence Suppression option to have the MAX208M2W Series stop transmitting voice traffic when you are not speaking using the detection method. This reduces the bandwidth the MAX208M2W Series uses. Silence Suppression - NO CNG Silence Suppression - Only G.711 Annexll Type Silence Suppression - Codec Specific CN Select Disable to turn this feature off. LEC - Line Echo Cancellation Line Echo Canceller Tail Length Select the maximum number of milliseconds of an echo length ( 16 ms, 32 ms or 48 ms) the MAX208M2W Series can handle and eliminate the effect. An echo is normally caused by the sound of your voice reverberating in the telephone receiver while you talk. Select Disable Question: How if an echos length is longer than the set value?
11.4 Profile Click VoIP > Line 1 (or Line 2) > Profile to maintain settings that depend on which region of the world the MAX208M2W Series is in. Figure 75 VoIP > Line 1 (or Line 2) > Profile MAX208M2W Series Users Guide 159 Chapter 11The VoIP Line Screens The following table describes the labels in this screen. Table 59 VoIP > Line 1 (or Line 2) > Profile LABEL Country ProfileSelect the place in which the MAX208M2W Series is located, USA or any DESCRIPTION other country (Default). 160 MAX208M2W Series Users Guide CHAPTER 12 Maintenance 12.1 Overview Use these screens to manage and maintain your MAX208M2W Series. 12.1.1 What You Need to Know The following terms and concepts may help as you read through this chapter. Remote Management Limitations Remote management over LAN or WAN will not work when:
1 2 3 You have disabled that service in one of the remote management screens. The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the MAX208M2W Series will disconnect the session immediately. There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. MAX208M2W Series Users Guide 161 Chapter 12Maintenance Remote Management and NAT When NAT is enabled:
Use the MAX208M2W Seriess WAN IP address when configuring from the WAN. Use the MAX208M2W Seriess LAN IP address when configuring from the LAN. System Timeout There is a default system management idle timeout of five minutes. The MAX208M2W Series automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your MAX208M2W Series supports SNMP agent functionality, which allows a manager station to manage and monitor the MAX208M2W Series through the network. The MAX208M2W Series supports SNMP version one (SNMPv1) and version two (SNMPv2). The next figure illustrates an SNMP management operation. Note: SNMP is only available if TCP/IP is configured. 162 MAX208M2W Series Users Guide Chapter 12Maintenance TR-069 TR-069 is an abbreviation of Technical Reference 069, a protocol designed to facilitate the remote management of Customer Premise Equipement (CPE), such as the MAX208M2W Series. It can be managed over a WAN by means of an Auto Configuration Server (ACS). TR-069 is based on sending Remote Procedure Calls
(RPCs) between the ACS and the client device. RPCs are sent in Extensible Markup Language (XML) format over HTTP or HTTPS. An administrator can use an ACS to remotely set up the MAX208M2W Series, modify its settings, perform firmware upgrades, and monitor and diagnose it. In order to do so, you must enable the TR-069 feature on your MAX208M2W Series and then configure it appropriately. (The ACS server which it will use must also be configured by its administrator.) Figure 76 TR-069 Example SIP ACS HTTP In this example, the MAX208M2W Series receives data from at least 3 sources: A SIP server for handling voice calls, an HTTP server for handling web services, and an ACS, for configuring the MAX208M2W Series remotely. All three servers are owned and operated by the clients Internet Service Provider. However, without the configuration settings from the ACS, the MAX208M2W Series cannot access the other two servers. Once the MAX208M2W Series receives its configuration settings and implements them, it can connect to the other servers. If the settings change, it will once again be unable to connect until it receives its updates from the ACS. The MAX208M2W Series can be configured to periodically check for updates from the auto-configuration server so that the end user need not be worried about it. MAX208M2W Series Users Guide 163 Chapter 12Maintenance SNMP An SNMP managed network consists of two main types of component: agents and a manager. Figure 77 SNMP Management Model An agent is a management software module that resides in a managed device (the MAX208M2W Series). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices. The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. The MAX208M2W Series supports MIB II that is defined in RFC-1213 and RFC-
1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations:
Get - Allows the manager to retrieve an object variable from the agent. GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. 164 MAX208M2W Series Users Guide Chapter 12Maintenance Set - Allows the manager to set values for object variables within an agent. Trap - Used by the agent to inform the manager of some events. The MAX208M2W Series sends traps to the SNMP manager when any of the following events occurs:
Table 60 SNMP Traps TRAP # TRAP NAME 0 coldStart (defined in RFC-
1215) warmStart (defined in RFC-
1215) authenticationFailure (defined in RFC-1215) whyReboot (defined in ZYXEL-
MIB) 1 4 6 6a For intentional reboot:
6b For fatal error:
DESCRIPTION A trap is sent after booting (power on). A trap is sent after booting (software reboot). A trap is sent to the manager when receiving any SNMP get or set requirements with the wrong community (password). A trap is sent with the reason of restart before rebooting when the system is going to restart
(warm start). A trap is sent with the message "System reboot by user!" if reboot is done intentionally, (for example, download new files, CI command "sys reboot", etc.). A trap is sent with the message of the fatal code if the system reboots because of fatal errors. OMA-DM When the MAX208M2W Series initiates communication with the server (often times at start up or after the first time you turn it on), the server uploads commands, new files (if any), and other information used by a service provider to customize the MAX208M2W Seriess features. Device management works as follows:
1 2 3 The server (A) sends out the query (1) to the MAX208M2W Series (B). The MAX208M2W Series responds by sending back its credentials (2), to which the server responds with its credentials along with a string of management operations (3). The client responds to the management operations (4), perhaps confirming file alterations or confirming receipt of file uploads and so on. MAX208M2W Series Users Guide 165 Chapter 12Maintenance 4 The server disconnects from the MAX208M2W Series once all of its management operations have been carried out. Figure 78 OMA-DM Data Management OMA-DM Authentication In order to ensure the integrity of the connection between an OMA-DM server and the MAX208M2W Series, communication between the two is encoded using one of three common algorithms. They are not intended to be used in lieu of proper digital security, but instead as a means of transmitting multiple disparate types of data over HTTP. Security encryption for communication is handled by different processes configured elsewhere in the MAX208M2W Seriess web configurator Basic Access Authentication Sends a persons user name and password in Base64. This auhentication protocol is supported by all browsers that are HTTP 1.0/1.1 compliant. Although converted to Base64 for the sake of cross-
compatibility, credentials are nonetheless passed between the web browser and the server in plaintext, making it extremely easy to intercept and read. As such, it is rarely used anymore. Digest Access Authentication This protocol was designed to replace basic access authentication. Instead of encoding a user name and password in plaintext, this protocol uses what is known as an MD5 message authentication code. It allows the server to issue a single-use, randomly generated number (known as a nonce) to the client (in this case, the web browser), which then uses the number as the public key for encrypting its data. When the server receives the encrypted data, it unlocks it using the key that was just provided. While stronger than basic access authentication, this protocol is not as strong as, say, HMAC, or as secure as the client using a client-side private key encryption scheme. Hash Message Authentication Code Also known as HMAC, this code relies on cryptographic hash functions to bolster an existing protocol, such as MD5. It is a method for generating a stronger, significantly higher encryption key. 166 MAX208M2W Series Users Guide Chapter 12Maintenance OMA-DM Data Model Each device that conforms to the current OMA-DM standard has an identical data structure embedded in its controlling firmware. This allows a similarly conforming OMA-DM server to navigate the folder structure and to make file alterations where appropriate or required. Figure 79 OMA-DM Data Model Operator Root Folder
Vendor DMAcc MP3s Games In the example data model shown here, the parent folders must conform to the OMA-DM standard. The child folders, on the other hand, can be customized on an individual basis. This allows the parent folders to all maintain a consistent URI
(Uniform Resource Indentifier) across all devices that meet the OMA-DM standards requirements. For example, in the preceding figure the URI for the Games folder is ./Vendor/
Games/. The ./Vendor/ portion of the URI exists on all devices that conform to the OMA-DM standard. The Games folder, however, may or may not exist depending on the services provided by the company managing the device. Daytime A network protocol used by devices for debugging and time measurement. A computer can use this protocol to set its internal clock but only if it knows in which order the year, month, and day are returned by the server. Not all servers use the same format. Time A network protocol for retrieving the current time from a server. The computer issuing the command compares the time on its clock to the information returned by the server, adjusts itself automatically for time zone differences, then calculates the difference and corrects itself if there has been any temporal drift. MAX208M2W Series Users Guide 167 Chapter 12Maintenance NTP NTP stands for Network Time Protocol. It is employed by devices connected to the Internet in order to obtain a precise time setting from an official time server. These time servers are accurate to within 200 microseconds. 12.2 Password Use this screen to set up admin and guest accounts for logging into and managing the WiMAX Device. The admin user can access and configure all screens. The guest user can only perform some basic settings such as viewing the system status information, configuring LAN, NAT, DDNS, and Firewall settings and reset the MAX208M2W Series to factory defaults and restart the MAX208M2W Series. Click Maintenance > Password to open this screen as shown next. Figure 80 Password Screen This screen contains the following fields:
Table 61 Password LABEL DESCRIPTION Enter the old password for the login group. GroupSelect the group for which you want to change the login password. Old Password New Password RetypeRetype the new password for the login group. Enter the new password for the login group. 168 MAX208M2W Series Users Guide Chapter 12Maintenance 12.4 Telnet Use this screen to allow remote access to the WiMAX Device from a network connection over Telnet. Click Maintenance > Remote MGMT > Telnet to open this screen as shown next. Figure 82 Telnet Screen This screen contains the following fields:
Table 63 Telnet LABEL EnableSelect this to enable remote management using this service. Port NumberEnter the port number this service can use to access the MAX208M2W DESCRIPTION Series. The computer must use the same port number. Select this to allow connections using this service that originate on the WAN. Select this to allow connection using this service that originate on the LAN. Allow Connection from WAN Allow Connection from LAN 12.5 SSH Use this screen to allow remote access to the WiMAX Device from a network connection over SSH. Click Maintenance > Remote MGMT > SSH to open this screen as shown next. Figure 83 SSH Screen 170 MAX208M2W Series Users Guide This screen contains the following fields:
Chapter 12Maintenance Table 64 SSH LABEL EnableSelect this to enable remote management using this service. Port NumberEnter the port number this service can use to access the MAX208M2W DESCRIPTION Series. The computer must use the same port number. Select this to allow connections using this service that originate on the WAN. Select this to allow connection using this service that originate on the LAN. Allow Connection from WAN Allow Connection from LAN 12.6 SNMP Use this screen to allow remote access to the WiMAX Device from a network connection over SNMP. Click Maintenance > Remote MGMT > SNMP to open this screen as shown next. Figure 84 SNMP Screen This screen contains the following fields:
Table 65 SNMP LABEL EnableSelect this to enable remote management using this service. LocationEnter the location of the SNMP se DESCRIPTION Floor 6, Building A, New York City). rver (for example, Engineering Dept., ContactEnter contact information for the administrator managing the SNMP Read Community Write Community server (for example, Bill Smith, IT Dept., (555) 555-5454). Enter the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests. Enter the password for incoming Set requests from the management station. The default is public and allows all requests. MAX208M2W Series Users Guide 171 Chapter 12Maintenance Table 65 SNMP (continued) LABEL Trap Server Trap Community DESCRIPTION Enter the IP address of the station to send your SNMP traps to. Enter the trap community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests. 12.7 CWMP Use this screen to allow CWMP connections for remote management, firmware upgrades and troubleshooting. Click Maintenance > Remote MGMT > CWMP to open this screen as shown next. Figure 85 CWMP Screen This screen contains the following fields:
DESCRIPTION Table 66 CWMP LABEL EnableSelect this to enable remote management using this service. ACS Server URLEnter the URL or IP address of the auto-configuration server. Bootstrap Enable ACS Username Select this to enable bootstrap events. Enter the user name sent when the MAX208M2W Series connects to the ACS and which is used for authentication. You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed. 172 MAX208M2W Series Users Guide Chapter 12Maintenance Table 66 CWMP (continued) LABEL ACS Password DESCRIPTION Enter the password sent when the MAX208M2W Series connects to an ACS and which is used for authentication. You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed. Select this to allow the MAX208M2W Series to periodically connect to the ACS and check for configuration updates. If you do not enable this feature then the MAX208M2W Series can only be updated automatically when the ACS initiates contact with it and if you selected the checkbox on this screen. Enter the time interval (in seconds) at which the MAX208M2W Series connects to the auto-configuration server. Enter the connection request user name that the ACS must send to the MAX208M2W Series when it requests a connection. You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed. Note: This must be provided by the ACS administrator. Enter the connection request password that the ACS must send to the MAX208M2W Series when it requests a connection. You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed. Note: This must be provided by the ACS administrator. Click Browse to upload a Certificate Authority (CA) certificate to the MAX208M2W Series. This displays information about the currently active CA certificate. Click Browse to upload a client certificate to the MAX208M2W Series. This displays information about the currently active client certificate. Perodical Inform Enable Periodical Inform Interval Connection Request Username Connection Request Password CA Certificate File CA Certificate Info Client Certificate File Client Certificate Info MAX208M2W Series Users Guide 173 Chapter 12Maintenance 12.8 OMA-DM Use this screen to allow remote access to the WiMAX Device from a network connection over OMA-DM. Click Maintenance > Remote MGMT > OMA-DM to open this screen as shown next. Figure 86 OMA-DM Screen This screen contains the following fields:
Table 67 OMA-DM LABEL EnableSelect this to enable remote management using this service. Server URL DESCRIPTION Enter the IP address or URL of the OMA-DM server that you intend to use to manage this device. Server PortEnter the port number for the IP address of the OMA-DM server set up Server Auth Type Server ID in the preceding field. Select the encryption algorithm scheme used by the OMA-DM server to communicate with client devices. If the scheme selected here does not match the actual scheme used by the server, then server will challenge the MAX208M2W Series to automatically update its settings. None - No authentication. Basic - Server ID and Password are encoded using a Basic Access Authentication Code. Digest (MD5) - Server ID and Password are encoded using a Digest Access Authentication Code. HMAC - Server ID and Password are encoded using a keyed Hash Message Authentication Code. Enter the identification code for the server. This is used by the MAX208M2W Series during the communication handshake process to identify the server. 174 MAX208M2W Series Users Guide Chapter 12Maintenance Table 67 OMA-DM (continued) LABEL DESCRIPTION Enter the password for the servers identification code. This shared Server public key is used by the MAX208M2W Series during the communication Password handshake process to identify the server. The MAX208M2W Series and the OMA-DM server use nonces to authenticate each other if you select MD5 as the authentication algorithm in the Server Auth Type field. Nonce is an abbreviation of
'number used once'. It is normally a random or pseudo-random number applied in an authentication protocol to protect existing communications from being reused in replay attacks. Server Nonce Client Auth Type Type up to 20 digits for the OMA-DM server nonce. Select the encryption algorithm scheme used by the OMA-DM server to communicate with client devices. If the scheme selected here does not match the actual scheme used by the server, then server will challenge the MAX208M2W Series to automatically update its settings. None - No authentication. Basic - Server ID and Password are encoded using a Basic Access Authentication Code. Digest (MD5) - Server ID and Password are encoded using a Digest Access Authentication Code. HMAC - Server ID and Password are encoded using a keyed Hash Message Authentication Code. Note: Make sure that the scheme selected here matches the the Server Auth Type. Enter the client name for the MAX208M2W Series. Client ID Client Password Enter the password for the MAX208M2W Seriess client name. Client Nonce The MAX208M2W Series and the OMA-DM server use nonces to authenticate each other if you select MD5 as the authentication algorithm in the Client Auth Type field. Perodical Client-
Initiated Enable Type up to 20 digits for the OMA-DM client nonce. Select this to allow the MAX208M2W Series to periodically connect to the OMA-DM server and check for configuration updates. If you do not enable this feature then the MAX208M2W Series can only be updated automatically when the OM-DM server initiates contact with it and if you selected the checkbox on this screen. Enter the time interval (in seconds) at which the MAX208M2W Series connects to the OMA-DM server. Periodical Client-Initiated Interval MAX208M2W Series Users Guide 175 Chapter 12Maintenance 12.9 Date Use these settings to set the system time or configure an NTP server for automatic time synchronization. Click Maintenance > Date/Time > Date to open this screen as shown next. Figure 87 Date Screen This screen contains the following fields:
Table 68 Date LABEL Manual DESCRIPTION New Time New Date Enter the new time in this field. Enter the new date in this field. Get from Time Server Time Protocol Select the time service protocol that your time server uses.Check with your ISP or network administrator, or use trial-and-error to find a protocol that works. Time Server Address 1~4 NTP (RFC 1305) - This format is similar to Time (RFC 868). Enter the IP address or URL of your time server. Check with your ISP or network administrator if you are unsure of this information. 176 MAX208M2W Series Users Guide Chapter 12Maintenance 12.10 Time Zone Use this screen to set the time zone in which the WiMAX device is physically located. Click Maintenance > Date/Time > Time Zone to open this screen as shown next. Figure 88 Time Zone Screen This screen contains the following fields:
Table 69 Time Zone LABEL Time ZoneSelect the time zone at your location. Enable Daylight Savings Time DESCRIPTION Select this if your location uses daylight savings time. Daylight savings is a period from late spring to early fall when many places set their clocks ahead of normal local time by one hour to give more daytime light in the evening. Start DateEnter which hour on which day of which week of which month daylight-
savings time starts. End DateEnter which hour on the which day of which week of which month daylight-savings time ends. 12.11 Upgrade File Use this screen to browse to a firmware file on a local computer and upload it to the WiMAX Device. Firmware files usually use the system model name with a
"*.bin" extension, such as "MAX208M2W Series.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system restarts. Contact your service provider for information on available firmware upgrades. Note: Only use firmware for your MAX208M2W Seriess specific model. MAX208M2W Series Users Guide 177 Chapter 12Maintenance Click Maintenance > Firmware Upgrade > Upgrade File to open this screen as shown next. Figure 89 Upgrade File Screen This screen contains the following fields:
Table 70 Upgrade File LABEL Upgrade FileClick DESCRIPTION and select it. Browse then browse to the location of a firmware upgrade file Upgrade Click this to begin uploading the selected file. This may take up to two minutes. Note: Do not turn off the device while firmware upload is in progress!
12.11.1 The Firmware Upload Process When the MAX208M2W Series uploads new firmware, the process usually takes about two minutes. The device also automatically restarts in this time. This causes a temporary network disconnect. Note: Do not turn off the device while firmware upload is in progress!
After two minutes, log in again, and check your new firmware version in the Status screen. You might have to open a new browser window to log in. If the upload is not successful, you will be notified by error message. 178 MAX208M2W Series Users Guide Chapter 12Maintenance 12.12 Upgrade Link Use this screen to set the URL of a firmware file on a remote computer and upload it to the WiMAX Device. Click Maintenance > Firmware Upgrade > Upgrade Link to open this screen as shown next. Figure 90 Upgrade Link Screen This screen contains the following fields:
Table 71 Upgrade Link LABEL Upgrade LinkEnter the URL or IP address of DESCRIPTION network. the firmwares upgrade location on the Upgrade Click this to begin uploading the selected file. This may take up to two minutes. Note: Do not turn off the device while firmware upload is in progress!
12.13 CWMP Upgrade Use this screen to upgrade the firmware on the WiMAX Device using CWMP Request Download. Click Maintenance > Firmware Upgrade > CWMP Upgrade to open this screen as shown next. Figure 91 CWMP Upgrade Screen MAX208M2W Series Users Guide 179 Chapter 12Maintenance This screen contains the following fields:
Table 72 CWMP Upgrade LABEL Upgrade Click this to begin upgrading firmware using CWMP Request. This may DESCRIPTION take up to two minutes. Note: Do not turn off the device while firmware upload is in progress!
12.14 Backup Use this screen to backup your current WiMAX Device settings to a local computer. Click Maintenance > Backup/Restore > Backup to open this screen as shown next. Figure 92 Backup/Restore Screen This screen contains the following fields:
Table 73 Backup/Restore LABEL BackupClick this to save the MAX208M2W Series DESCRIPTION s current configuration to a file on your computer. Once your device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file is useful if you need to return to your previous settings. 180 MAX208M2W Series Users Guide Chapter 12Maintenance 12.15 Restore Use this screen to restore your WiMAX Device settings from a backup file on a local computer. Click Maintenance > Backup/Restore > Restore to open this screen as shown next. Figure 93 Restore Screen This screen contains the following fields:
Table 74 Restore LABEL Configuration File DESCRIPTION Click Choose File then browse to the location of a firmware upgrade file and select it. Backup Configuration File URL Click File Restore to upload the specified configuration to the MAX208M2W Series and replace the current settings. Enter the URL or IP address of the backup configuration files location on the network. Click URL Restore to upload the specified configuration to the MAX208M2W Series and replace the current settings. 12.15.1 The Restore Configuration Process When the MAX208M2W Series restores a configuration file, the device automatically restarts. This causes a temporary network disconnect. Note: Do not turn off the device while configuration file upload is in progress. If the MAX208M2W Seriess IP address is different in the configuration file you selected, you may need to change the IP address of your computer to be in the same subnet as that of the default management IP address (192.168.5.1). See the Quick Start Guide or the appendices for details on how to set up your computers IP address. You might have to open a new browser to log in again. MAX208M2W Series Users Guide 181 Chapter 12Maintenance If the upload was not successful, you are notified with an error message. 12.16 Factory Defaults Use this screen to restore the WiMAX Device to its factory default settings. Click Maintenance > Backup/Restore > Factory Defaults to open this screen as shown next. Figure 94 Factory Defaults Screen This screen contains the following fields:
Table 75 Factory Defaults LABEL Reset DESCRIPTION Click this to clear all user-entered configuration information and return the MAX208M2W Series to its factory defaults. There is no warning screen. 12.17 Log Setting Use this screen to configure which type of events on the WiMAX Device are logged. Click Maintenance > LOG > Log Setting to open this screen as shown next. Figure 95 Log Setting Screen This screen contains the following fields:
Table 76 Log Setting LABEL Enable LogSelect this to have the MAX208M2W Series log network activity DESCRIPTION according to the selected Log Level. Log LevelSelect the type of logs to record. 182 MAX208M2W Series Users Guide Chapter 12Maintenance Table 76 Log Setting (continued) LABEL Enable Remote Log Remote Log Host Remote Log Port DESCRIPTION Select this to allow logs to be recorded and stored on a remote logs server. Enter the remote log host IP address if Enable Remote Log is selected. Enter the remote log host port if Enable Remote Log is selected. 12.18 Log Display Use this screen to view the log messages of the WiMAX Device. Click Maintenance > LOG > Log Display to open this screen as shown next. Figure 96 Log Display Screen This screen contains the following fields:
Table 77 Log Display LABEL Display LevelSelect the type of logs to display from this menu. RefreshClick this to refresh the logs in the display window. DESCRIPTION MAX208M2W Series Users Guide 183 Chapter 12Maintenance 12.19 Ping Test Use this screen to test network connectivity using ping. Click Maintenance > Network Test > Ping to open this screen as shown next. Figure 97 Ping Screen This screen contains the following fields:
Table 78 Ping LABEL IP AddressEnter the IP address or domain name of a target device to which this DESCRIPTION test will send. PingClick this to start the test. The result will show at the bottom of the screen. 12.20 Traceroute Test Use this screen to test network connectivity using traceroute. Click Maintenance > Network Test > Traceroute to open this screen as shown next. Figure 98 Traceroute Screen This screen contains the following fields:
Table 79 Traceroute LABEL IP AddressEnter the IP address or domain name of a target device to which this DESCRIPTION test will send. TracerouteClick this to start the test. The result will show at the bottom of the screen. 184 MAX208M2W Series Users Guide Chapter 12Maintenance 12.21 About This screen displays information about the MAX208M2W Series that can be useful when upgrading firmware, considering deployment options, and working with technical support if the device encounters difficulties. Click Maintenance > About to open this screen as shown next. Figure 99 About Screen This screen contains the following fields:
DESCRIPTION This field displays the MAX208M2W Series system name. It is used for identification. This field displays the Web Configurator software version that the MAX208M2W Series is currently running. This field displays the current version of the firmware inside the device. Table 80 About LABEL System Model Name Software Version Firmware Version Firmware DateThis field displays the date the firmware version was created. Bootloader Version This field displays the bootloader version. 12.22 Reboot Use this screen to perform a software restart of the WiMAX Device. You may log in again within a few minutes of using the reboot button. Click Maintenance > Reboot to open this screen as shown next. Figure 100 Reboot Screen MAX208M2W Series Users Guide 185 Chapter 12Maintenance This screen contains the following fields:
Table 81 Reboot LABEL RebootClick this button to have the device perform a software restart. The DESCRIPTION Power LED blinks as it restarts and the shines steadily if the restart is successful. Note: Wait one minute before logging back into the MAX208M2W Series after a restart. 186 MAX208M2W Series Users Guide CHAPTER 13 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories:
Power, Hardware Connections, and LEDs MAX208M2W Series Access and Login Internet Access Reset the MAX208M2W Series to Its Factory Defaults 13.1 Power, Hardware Connections, and LEDs The MAX208M2W Series does not turn on. None of the LEDs turn on. 1 Make sure you are using the power adapter or cord included with the MAX208M2W Series. 2 Make sure the power adapter or cord is connected to the MAX208M2W Series and plugged in to an appropriate power source. Make sure the power source is turned on. 3 Disconnect and re-connect the power adapter or cord to the MAX208M2W Series. 4 If the problem continues, contact the vendor. One of the LEDs does not behave as expected. 1 Make sure you understand the normal behavior of the LED. See Section 1.2.1 on page 21 for more information. 2 Check the hardware connections. See the Quick Start Guide. MAX208M2W Series Users Guide 187 Chapter 13Troubleshooting 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Disconnect and re-connect the power adapter to the MAX208M2W Series. 5 If the problem continues, contact the vendor. 13.2 MAX208M2W Series Access and Login I forgot the IP address for the MAX208M2W Series. 1 2 The default IP address is . If you changed the IP address and have forgotten it, you might get the IP address of the MAX208M2W Series by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig. The IP address of the Default Gateway might be the IP address of the MAX208M2W Series (it depends on the network), so enter this IP address in your Internet browser. 3 If this does not work, you have to reset the MAX208M2W Series to its factory defaults. See Section 12.16 on page 182. I forgot the password. 1 2 The default password is 1234. If this does not work, you have to reset the MAX208M2W Series to its factory defaults. See Section 12.16 on page 182. I cannot see or access the Login screen in the web configurator. 1 Make sure you are using the correct IP address. The default IP address is . If you changed the IP address (Section 7.6 on page 99), use the new IP address. 188 MAX208M2W Series Users Guide Chapter 13Troubleshooting If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the MAX208M2W Series. 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 21. 3 Make sure your Internet browser does not block pop-up windows and has JavaScript and Java enabled. See Appendix C on page 237. 4 If there is a DHCP server on your network, make sure your computer is using a dynamic IP address. Your MAX208M2W Series is a DHCP server by default. If there is no DHCP server on your network, make sure your computers IP address is in the same subnet as the MAX208M2W Series. See Appendix D on page 247. 5 Reset the MAX208M2W Series to its factory defaults, and try to access the MAX208M2W Series with the default IP address. See Chapter 2 on page 25. 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions Try to access the MAX208M2W Series using another service, such as Telnet. If you can access the MAX208M2W Series, check the remote management settings and firewall rules to find out why the MAX208M2W Series does not respond to HTTP. If your computer is connected wirelessly, use a computer that is connected to a LAN/ETHERNET port. I can see the Login screen, but I cannot log in to the MAX208M2W Series. 1 Make sure you have entered the user name and password correctly. The default user name is admin, and the default password is 1234. These fields are case-
sensitive, so make sure [Caps Lock] is not on. 2 You cannot log in to the web configurator while someone is using Telnet to access the MAX208M2W Series. Log out of the MAX208M2W Series in the other session, or ask the person who is logged in to log out. 3 Disconnect and re-connect the power adapter or cord to the MAX208M2W Series. 4 If this does not work, you have to reset the MAX208M2W Series to its factory defaults. See Section 12.16 on page 182. MAX208M2W Series Users Guide 189 Chapter 13Troubleshooting I cannot Telnet to the MAX208M2W Series. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. 13.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 21. 2 Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on. 3 Check your security settings. See Chapter 8 on page 127. 4 Check your WiMAX settings. The MAX208M2W Series may have been set to search the wrong frequencies for a wireless connection. See Chapter 6 on page 69. If you are unsure of the correct values, contact your service provider. 5 If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP. 6 Disconnect all the cables from your MAX208M2W Series, and follow the directions in the Quick Start Guide again. 7 If the problem continues, contact your ISP. I cannot access the Internet any more. I had access to the Internet (with the MAX208M2W Series), but my Internet connection is not available any more. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 21. 2 Disconnect and re-connect the power adapter to the MAX208M2W Series. 190 MAX208M2W Series Users Guide Chapter 13Troubleshooting 3 If the problem continues, contact your ISP. The Internet connection is slow or intermittent. 1 2 3 The quality of the MAX208M2W Seriess wireless connection to the base station may be poor. Poor signal reception may be improved by moving the MAX208M2W Series away from thick walls and other obstructions, or to a higher floor in your building. There may be radio interference caused by nearby electrical devices such as microwave ovens and radio transmitters. Move the MAX208M2W Series away or switch the other devices off. Weather conditions may also affect signal quality. There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.2.1 on page 21. If the MAX208M2W Series is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-
peer applications. 4 Disconnect and re-connect the power adapter to the MAX208M2W Series. 5 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. The Internet connection disconnects. 1 Check your WiMAX link and signal strength using the Strength Indicator LEDs on the device. 2 Contact your ISP if the problem persists. 13.4 Reset the MAX208M2W Series to Its Factory Defaults If you reset the MAX208M2W Series, you lose all of the changes you have made. The MAX208M2W Series re-loads its default settings, and the password resets to 1234. You have to make all of your changes again. MAX208M2W Series Users Guide 191 Chapter 13Troubleshooting You will lose all of your changes when you push the Reset button. To reset the MAX208M2W Series, 1 Make sure the Power LED is on and not blinking. 2 Press and hold the Reset button for five to ten seconds. Release the Reset button when the Power LED begins to blink. The default settings have been restored. If the MAX208M2W Series restarts automatically, wait for the MAX208M2W Series to finish restarting, and log in to the web configurator. The password is 1234. If the MAX208M2W Series does not restart automatically, disconnect and reconnect the MAX208M2W Seriess power. Then, follow the directions above again. 13.4.1 Pop-up Windows, JavaScript and Java Permissions Please see Appendix C on page 237. 192 MAX208M2W Series Users Guide CHAPTER 14 Product Specifications This chapter gives details about your MAX208M2W Seriess hardware and firmware features. 0C to 45C Table 82 Environmental and Hardware Specifications FEATUREDESCRIPTION Operating Temperature Storage Temperature-25 Operating Humidity10% ~ 95% (non-condensing) Storage Humidity 10% to 95% (non-condensing) Power Supply12V DC, 2A Power consumption24 Watts maximum Ethernet InterfaceTwo auto-negotiating, auto-MDI/MDI-X NWay 10/100 Mbps C to 55C RJ-45 Ethernet ports Telephony InterfaceTwo analog ATA interfaces for standard telephones through RJ-11 FXS (Foreign Exchange Subscriber) analog connector Two 6 +/- 0.5dBi Omni directional antennas Antennas Weight493g Dimensions259 mm (W) x 93 mm (D) x 164 mm (H) Certification FCC - MAX208M2W; CE - MAX218M2W Comply with WiMAX Forum Wave II standard. WEEE Eco directive 2002/95/EC. Full RoHS (6/6) 2002/96/EC (WEEE) (WEEE) Waste Electrical and Electronic Equipment Directive EEE (Proposal for Directive on Environmental Impacts of Electrical and Electronic Equipment). Reach Compliance EMC o EN 301 489-1 and EN 301 489-17. Emission class B. RF ETSI o EN 302 326 Safety o IEC 60950-1 and EN 60950-1. MAX208M2W Series Users Guide 193 Chapter 14Product Specifications Table 83 Radio Specifications FEATUREDESCRIPTION Media Access ProtocolIEEE 802.16e WiMAX Bandwidth3.4 GHz ~ 3.6 GHz (MAX218M2W) 2.496 GHz~2.690 GHz (MAX208M2W) Data RateAggregate throughput: up to 20 mbps ModulationQPSK (uplink and downlink) Upload: 7 mbps 16-QAM (uplink and downlink) 64-QAM (downlink only) Output PowerTypically 26.5 dBm with internal antennas Duplex modeTime Division Duplex (TDD) SecurityPKMv2 EAP-TTLS/CHAP/PAP/MSCHAP/MSCHAPv2 CMAC message autentication CCM mode 128-bit AES data ciphering Device authentication WiMAX Forum X.509 certificates Table 84 Firmware Specifications FEATUREDESCRIPTION Web-based Configuration and Management Tool High Speed Wireless Internet Access Also known as the web configurator, this is a firmware-
based management solution for the MAX208M2W Series. You must connect using a compatible web browser in order to use it. The MAX208M2W Series is ideal for high-speed wireless Internet browsing. WiMAX (Worldwide Interoperability for Microwave Access) is a wireless networking standard providing high-bandwidth, wide-range secured wireless service. The MAX208M2W Series is a WiMAX mobile station (MS) compatible with the IEEE 802.16e standard. FirewallThe MAX208M2W Series is a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The MAX208M2W Seriess firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs. Content FilteringThe MAX208M2W Series can block access to web sites containing specified keywords. You can define time periods and days during which content filtering is enabled and include or exclude a range of users on the LAN from content filtering. 194 MAX208M2W Series Users Guide Chapter 14Product Specifications Table 84 Firmware Specifications (continued) FEATUREDESCRIPTION Network Address Translation (NAT) Universal Plug and Play
(UPnP) Network Address Translation (NAT) allows the translation of an Internet protocoladdress used within one network (for example a private IP address used in a local network) to a different IP address known withinanother network (for example a public IP address used on the Internet). Your device and other UPnP enabled devices can use the standard TCP/IP protocol to dynamically join a network, obtain an IP address and convey their capabilities to each other. Dynamic DNS SupportWith Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider. DHCPDHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. Your device has built-in DHCP server capability enabled by default. It can assign IP addresses, an IP default gateway and DNS servers to DHCP clients. Your device can also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real DHCP server to the clients. IP AliasIP alias allows you to partition a physical network into logical networks over the same Ethernet interface. Your device supports three logical LAN interfaces via its single physical Ethernet interface with the your device itself as the gateway for each LAN network. Multiple SIP AccountsYou can configure multiple voice (SIP) accounts. SIP ALGYour device is a SIP Application Layer Gateway (ALG). It allows VoIP calls to pass through NAT for devices behind it
(such as a SIP-based VoIP software application on a computer). Dynamic Jitter BufferThe built-in adaptive buffer helps to smooth out the variations in delay (jitter) for voice traffic (up to 60 ms). This helps ensure good voice quality for your conversations. Voice Activity Detection (VAD) reduces the bandwidth that a Voice Activity Detection/
Silence Suppression call uses by not transmitting when you are not speaking. Comfort Noise GenerationYour device generates background noise to fill moments of silence when the other device in a call stops transmitting because the other party is not speaking (as total silence could easily be mistaken for a lost connection). Echo Cancellation You device supports G.168 of at least 24 ms. This an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk. Time and DateGet the current time and date from an external server when you turn on your MAX208M2W Series. You can also set the time manually. MAX208M2W Series Users Guide 195 Chapter 14Product Specifications Table 84 Firmware Specifications (continued) FEATUREDESCRIPTION LoggingUse the MAX208M2W Series connection history, surveillance logs, and error messages. s logging feature to view CodecsG.711 (PCM Fax SupportT.38 FAX relay (FAX over UDP).
-law and a-law), G729, G.729a G.711 fax relay for fax calls and be able to renegotiate codec to G.711 if a fax call is detected. Ring TonesSupports different distinctive ring tones on each line. Call PrioritizationPrioritize VoIP traffic originating from the RJ-11 ports over any other traffic. DESCRIPTION Table 85 Standards Supported STANDARD RFC 768User Datagram Protocol RFC 791Internet Protocol v4 RFC 792Internet Control Message Protocol RFC 792Transmission Control Protocol RFC 826Address Resolution Protocol RFC 854Telnet Protocol RFC 1112IGMPv2 RFC 1349Type of Service Protocol RFC 1706DNS NSAP Resource Records RFC 1889Real-time Transport Protocol (RTP) RFC 1890Real-time Transport Control Protocol (RTCP) RFC 2030Simple Network Time Protocol RFC 2104HMAC: Keyed-Hashing for Message Authentication RFC 2236IGMPv2 RFC 2131Dynamic Host Configuration Protocol RFC 2401Security Architecture for the Internet Protocol RFC 2409Internet Key Exchange RFC 2475Architecture for Differentiated Services (Diffserv) RFC 2543SIP Protocol RFC 2617Hypertext Transfer Protocol (HTTP) Authentication: Basic and Digest Access Authentication RFC 2782A DNS RR for specifying the location of services (DNS SRV) RFC 2833Real-time Transport Protocol Payload for DTMF Digits, Telephony Tones and Telephony Signals RFC 2976The SIP INFO Method RFC 3261Session Initiation Protocol (SIP version 2) RFC 3262Reliability of Provisional Responses in the Session Initiation Protocol (SIP). 196 MAX208M2W Series Users Guide Chapter 14Product Specifications Table 85 Standards Supported (continued) STANDARD RFC 3263Session Initiation Protocol (SIP): Locating SIP Servers RFC 3264An Offer/Answer Model with the Session Description Protocol DESCRIPTION
(SDP) RFC 3265Session Initiation Protocol (SIP)-Specific Event Notification RFC 3323A Privacy Mechanism for SIP RFC 3325Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks RFC 3489NAT Traversal - STUN RFC 3550RTP - A Real Time Protocol for Real-Time Applications RFC 3581An Extension to the Session Initiation Protocol (SIP) for Symmetric Response Routing RFC 3611RTP Control Protocol Extended Reports (RTCP XR)-XR RFC 3715IP Sec/NAT Compatibility RFC 3842A Message Summary and Message Waiting Indication Event Package for the Session Initiation Protocol (SIP) IEEE 802.310BASE5 10 Mbit/s (1.25 MB/s) IEEE 802.3u100BASE-TX, 100BASE-T4, 100BASE-FX Fast Ethernet at 100 Mbit/s (12.5 MB/s) with auto-negotiation Table 86 Voice Features Call Park and Pickup Call park and pickup lets you put a call on hold (park) and then continue the call (pickup). The caller must still pay while the call is parked. When you park the call, you enter a number of your choice (up to eight digits), which you must enter again when you pick up the call. If you do not enter the correct number, you cannot pickup the call. This means that only someone who knows the number you have chosen can pick up the call. You can have more than one call on hold at the same time, but you must give each call a different number. Call ReturnWith call return, you can place a call to the last number that called you (either answered or missed). The last incoming call can be through either SIP or PSTN. Country CodePhone standards and settings differ from one country to another, so the settings on your MAX208M2W Series must be configured to match those of the country you are in. The country code feature allows you to do this by selecting the country from a list rather than changing each setting manually. Configure the country code feature when you move the MAX208M2W Series from one country to another. This feature allows you to set your phone not to ring when someone calls you. You can set each phone independently using its keypad, or configure global settings for all phones using the command line interpreter. Do not Disturb
(DnD) MAX208M2W Series Users Guide 197 Chapter 14Product Specifications Table 86 Voice Features Auto DialYou can set the MAX208M2W Series to automatically dial a specified number immediately whenever you lift a phone off the hook. Use the Web Configurator to set the specified number. Use the command line interpreter to have the MAX208M2W Series wait a specified length of time before dialing the number. Phone configThe phone configuration table allows you to customize the phone Firmware update enable / disable keypad combinations you use to access certain features on the MAX208M2W Series, such as call waiting, call return, call forward, etc. The phone configuration table is configurable in command interpreter mode. If your service provider uses this feature, you hear a recorded message when you pick up the phone when new firmware is available for your MAX208M2W Series. Enter *99# in your phones keypad to have the MAX208M2W Series upgrade the firmware, or enter #99# to not upgrade. If your service provider gave you different numbers to use, enter them instead. If you enter the code to not upgrade, you can make a call as normal. You will hear the recording again each time you pick up the phone, until you upgrade. Call waitingThis feature allows you to hear an alert when you are already using the phone and another person calls you. You can then either reject the new incoming call, put your current call on hold and receive the new incoming call, or end the current call and receive the new incoming call. Call forwardingWith this feature, you can set the MAX208M2W Series to forward calls to a specified number, either unconditionally (always), when your number is busy, or when you do not answer. You can also forward incoming calls from one specified number to another. Caller IDThe MAX208M2W Series supports caller ID, which allows you to see the originating number of an incoming call (on a phone with a suitable display). RENA Ringer Equivalence Number (REN) is used to determine the number QoS (Quality of Service) of devices (like telephones or fax machines) that may be connected to the telephone line. Your device has a REN of three, so it can support three devices per telephone port. Quality of Service (QoS) mechanisms help to provide better service on a per-flow basis. Your device supports Type of Service (ToS) tagging and Differentiated Services (DiffServ) tagging. This allows the device to tag voice frames so they can be prioritized over the network. 198 MAX208M2W Series Users Guide Table 86 Voice Features SIP ALGYour device is a SIP Application Layer Gateway (ALG). It allows VoIP Chapter 14Product Specifications Other Voice Features calls to pass through NAT for devices behind it (such as a SIP-based VoIP software application on a computer). SIP version 2 (Session Initiating Protocol RFC 3261) SDP (Session Description Protocol RFC 2327) RTP (RFC 1889) RTCP (RFC 1890) Voice codecs (coder/decoders) G.711, G.726, G.729 Fax and data modem discrimination DTMF Detection and Generation DTMF: In-band and Out-band traffic (RFC 2833),(PCM), (SIP INFO) Point-to-point call establishment between two IADs Quick dialing through predefined phone book, which maps the phone dialing number and destination URL. Flexible Dial Plan (RFC3525 section 7.1.14) Table 87 Star (*) and Pound (#) Code Support
*0Wireless Operator Services
*2Customer Care Access
*66Repeat Dialing
*67Plus the 10 digit phone number to block Caller ID on a single call basis
*69Return last call received
*70Followed by the 10 digit phone number to cancel Call Waiting on a single call basis
*72Activate Call Forwarding (*72 followed by the 10 digit phone number that is requesting call forwarding service)
*720Activate Call Forwarding (*720 followed by the 10 digit phone number that is requesting deactivation of call forwarding service)
*73Plus the forward to phone number to activate Call Forwarding No Answer (no VM service plan)
*730Deactivate Call Forwarding No Answer
*740Plus the forward to phone number to activate Call Forwarding Busy
(no VM service plan)
*911/911Emergency phone number (same as dialing 911)
*411/411Wireless Information Services MAX208M2W Series Users Guide 199 Chapter 14Product Specifications Note: To take full advantage of the supplementary phone services available through the MAX208M2W Series's phone port, you may need to subscribe to the services from your voice account service provider. Not all features are supported by all service providers. Consult your service provider for more information. 200 MAX208M2W Series Users Guide
1 2 | User Manual Part 2 | Users Manual | 3.13 MiB | May 07 2011 |
Chapter 14Product Specifications 14.1 Wall-Mounting This section shows you how to mount your MAX208M2W Series on a wall using the ZyXEL Wall-Mounting kit (not included). 14.1.1 The Wall-Mounting Kit The wall-mounting kit contains the following parts:
12 3 1 2 Two Mortar Plugs (M4*L30 mm) Two Screws (M4*L30 mm) 3 Wall-Mounting Chassis If any parts are missing, contact your vendor. 14.1.2 Instructions To mount the MAX208M2W Series on a wall:
1 Select a position free of obstructions on a sturdy wall. 2 Drill two holes in the wall exactly 70 mm apart. The holes should be 6 mm wide and at least 30 mm deep. Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws. MAX208M2W Series Users Guide 201 Chapter 14Product Specifications 3 Attach the wall mounting chassis with the plugs and screws as shown below:
4 Connect the MAX208M2W Series to the wall mounting chassis by snapping the chassis two upper chassis hooks into the matching holes on the MAX208M2W Series:
Do not pinch or server the cable connections between the wall-
mounting chassis the MAX208M2W Series. 202 MAX208M2W Series Users Guide Chapter 14Product Specifications 5 Snap the lower chassis hooks into the matching holes on the MAX208M2W Series. The cable connections should come out either the left or right gaps between the wall-mounting chassis and the MAX208M2W Series 6 Once you have snapped the wall-mounting chassis in place, the MAX208M2W Series is securely fastened to the wall. MAX208M2W Series Users Guide 203 Chapter 14Product Specifications 204 MAX208M2W Series Users Guide APPENDIX A WiMAX Security Wireless security is vital to protect your wireless communications. Without it, information transmitted over the wireless network would be accessible to any networking device within range. User Authentication and Data Encryption The WiMAX (IEEE 802.16) standard employs user authentication and encryption to ensure secured communication at all times. User authentication is the process of confirming a users identity and level of authorization. Data encryption is the process of encoding information so that it cannot be read by anyone who does not know the code. WiMAX uses PKMv2 (Privacy Key Management version 2) for authentication, and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol) for data encryption. WiMAX supports EAP (Extensible Authentication Protocol, RFC 2486) which allows additional authentication methods to be deployed with no changes to the base station or the mobile or subscriber stations. PKMv2 is a procedure that allows authentication of a mobile or subscriber station and negotiation of a public key to encrypt traffic between the MS/SS and the base station. PKMv2 uses standard EAP methods such as Transport Layer Security
(EAP-TLS) or Tunneled TLS (EAP-TTLS) for secure communication. In cryptography, a key is a piece of information, typically a string of random numbers and letters, that can be used to lock (encrypt) or unlock (decrypt) a message. Public key encryption uses key pairs, which consist of a public (freely available) key and a private (secret) key. The public key is used for encryption and the private key is used for decryption. You can decrypt a message only if you have the private key. Public key certificates (or digital IDs) allow users to verify each others identity. PKMv2 MAX208M2W Series Users Guide 205 Appendix AWiMAX Security RADIUS RADIUS is based on a client-server model that supports authentication, authorization and accounting. The base station is the client and the server is the RADIUS server. The RADIUS server handles the following tasks:
Authentication Determines the identity of the users. Authorization Determines the network services available to authenticated users once they are connected to the network. Accounting Keeps track of the clients network activity. RADIUS is a simple package exchange in which your base station acts as a message relay between the MS/SS and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the base station and the RADIUS server for user authentication:
Access-Request Sent by an base station requesting authentication. Access-Reject Sent by a RADIUS server rejecting access. Access-Accept Sent by a RADIUS server allowing access. Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The base station sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the base station and the RADIUS server for user accounting:
Accounting-Request Sent by the base station requesting accounting. Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password they both know. The key is not sent over 206 MAX208M2W Series Users Guide Appendix AWiMAX Security the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Diameter Diameter (RFC 3588) is a type of AAA server that provides several improvements over RADIUS in efficiency, security, and support for roaming. Security Association CCMP The set of information about user authentication and data encryption between two computers is known as a security association (SA). In a WiMAX network, the process of security association has three stages. Authorization request and reply The MS/SS presents its public certificate to the base station. The base station verifies the certificate and sends an authentication key (AK) to the MS/SS. Key request and reply The MS/SS requests a transport encryption key (TEK) which the base station generates and encrypts using the authentication key. Encrypted traffic The MS/SS decrypts the TEK (using the authentication key). Both stations can now securely encrypt and decrypt the data flow. All traffic in a WiMAX network is encrypted using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol). CCMP is based on the 128-bit Advanced Encryption Standard (AES) algorithm. Counter mode refers to the encryption of each block of plain text with an arbitrary number, known as the counter. This number changes each time a block of plain text is encrypted. Counter mode avoids the security weakness of repeated identical blocks of encrypted text that makes encrypted data vulnerable to pattern-spotting. Cipher Block Chaining Message Authentication (also known as CBC-MAC) ensures message integrity by encrypting each block of plain text in such a way that its encryption is dependent on the block before it. This series of chained blocks creates a message authentication code (MAC or CMAC) that ensures the encrypted data has not been tampered with. MAX208M2W Series Users Guide 207 Appendix AWiMAX Security Authentication The MAX208M2W Series supports EAP-TTLS authentication. EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection (with EAP-
TLS digital certifications are needed by both the server and the wireless clients for mutual authentication). Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. 208 MAX208M2W Series Users Guide APPENDIX B Setting Up Your Computers IP Address Note: Your specific ZyXEL device may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported. This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network. Windows Vista/XP/2000, Mac OS 9/OS X, and all versions of UNIX/LINUX include the software components you need to use TCP/IP on your computer. If you manually assign IP information instead of using a dynamic IP, make sure that your networks computers have IP addresses that place them in the same subnet. In this appendix, you can set up an IP address for:
Windows XP/NT/2000 on page210 Windows Vista on page213 Mac OS X: 10.3 and 10.4 on page217 Mac OS X: 10.5 on page221 Linux: Ubuntu 8 (GNOME) on page 224 Linux: openSUSE 10.3 (KDE) on page230 MAX208M2W Series Users Guide 209 Appendix BSetting Up Your Computer s IP Address Windows XP/NT/2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT. 1 Click Start > Control Panel. Figure 101 Windows XP: Start Menu 2 In the Control Panel, click the Network Connections icon. Figure 102 Windows XP: Control Panel 210 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address 3 Right-click Local Area Connection and then select Properties. Figure 103 Windows XP: Control Panel > Network Connections > Properties 4 On the General tab, select Internet Protocol (TCP/IP) and then click Properties. Figure 104 Windows XP: Local Area Connection Properties MAX208M2W Series Users Guide 211 Appendix BSetting Up Your Computer s IP Address 5 The Internet Protocol TCP/IP Properties window opens. Figure 105 Windows XP: Internet Protocol (TCP/IP) Properties 6 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided. 7 Click OK to close the Internet Protocol (TCP/IP) Properties window. Click OK to close the Local Area Connection Properties window.Verifying Settings 1 Click Start > All Programs > Accessories > Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information. 212 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address Windows Vista This section shows screens from Windows Vista Professional. 1 Click Start > Control Panel. Figure 106 Windows Vista: Start Menu 2 In the Control Panel, click the Network and Internet icon. Figure 107 Windows Vista: Control Panel 3 Click the Network and Sharing Center icon. Figure 108 Windows Vista: Network And Internet MAX208M2W Series Users Guide 213 Appendix BSetting Up Your Computer s IP Address 4 Click Manage network connections. Figure 109 Windows Vista: Network and Sharing Center 5 Right-click Local Area Connection and then select Properties. Figure 110 Windows Vista: Network and Sharing Center Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. 214 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address 6 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties. Figure 111 Windows Vista: Local Area Connection Properties MAX208M2W Series Users Guide 215 Appendix BSetting Up Your Computer s IP Address 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. Figure 112 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 8 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided.Click Advanced. 9 Click OK to close the Internet Protocol (TCP/IP) Properties window. Click OK to close the Local Area Connection Properties window.Verifying Settings 1 Click Start > All Programs > Accessories > Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information. 216 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. 1 Click Apple > System Preferences. Figure 113 Mac OS X 10.4: Apple Menu 2 In the System Preferences window, click the Network icon. Figure 114 Mac OS X 10.4: System Preferences MAX208M2W Series Users Guide 217 Appendix BSetting Up Your Computer s IP Address 3 When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. Figure 115 Mac OS X 10.4: Network Preferences 4 For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab. Figure 116 Mac OS X 10.4: Network Preferences > TCP/IP Tab. 218 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address 5 For statically assigned settings, do the following:
From the Configure IPv4 list, select Manually. In the IP Address field, type your IP address. In the Subnet Mask field, type your subnet mask. In the Router field, type the IP address of your device. Figure 117 Mac OS X 10.4: Network Preferences > Ethernet MAX208M2W Series Users Guide 219 Appendix BSetting Up Your Computer s IP Address Click Apply Now and close the window.Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab. Figure 118 Mac OS X 10.4: Network Utility 220 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address Mac OS X: 10.5 The screens in this section are from Mac OS X 10.5. 1 Click Apple > System Preferences. Figure 119 Mac OS X 10.5: Apple Menu 2 In System Preferences, click the Network icon. Figure 120 Mac OS X 10.5: Systems Preferences MAX208M2W Series Users Guide 221 Appendix BSetting Up Your Computer s IP Address 3 When the Network preferences pane opens, select Ethernet from the list of available connection types. Figure 121 Mac OS X 10.5: Network Preferences > Ethernet 4 5 From the Configure list, select Using DHCP for dynamically assigned settings. For statically assigned settings, do the following:
From the Configure list, select Manually. In the IP Address field, enter your IP address. In the Subnet Mask field, enter your subnet mask. 222 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address In the Router field, enter the IP address of your MAX208M2W Series. Figure 122 Mac OS X 10.5: Network Preferences > Ethernet 6 Click Apply and close the window. MAX208M2W Series Users Guide 223 Appendix BSetting Up Your Computer s IP Address Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab. Figure 123 Mac OS X 10.5: Network Utility Linux: Ubuntu 8 (GNOME) This section shows you how to configure your computers TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default Ubuntu 8 installation. Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in GNOME:
224 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address 1 Click System > Administration > Network. Figure 124 Ubuntu 8: System > Administration Menu 2 When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password. Figure 125 Ubuntu 8: Network Settings > Connections MAX208M2W Series Users Guide 225 Appendix BSetting Up Your Computer s IP Address 3 In the Authenticate window, enter your admin account name and password then click the Authenticate button. Figure 126 Ubuntu 8: Administrator Account Authentication 4 In the Network Settings window, select the connection that you want to configure, then click Properties. Figure 127 Ubuntu 8: Network Settings > Connections 226 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address 5 The Properties dialog box opens. Figure 128 Ubuntu 8: Network Settings > Properties In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address. In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields. 6 Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen. MAX208M2W Series Users Guide 227 Appendix BSetting Up Your Computer s IP Address 7 If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided. Figure 129 Ubuntu 8: Network Settings > DNS 8 Click the Close button to apply the changes. Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices 228 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address tab. The Interface Statistics column shows data if your connection is working properly. Figure 130 Ubuntu 8: Network Tools MAX208M2W Series Users Guide 229 Appendix BSetting Up Your Computer s IP Address Linux: openSUSE 10.3 (KDE) This section shows you how to configure your computers TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default openSUSE 10.3 installation. Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in the KDE:
1 Click K Menu > Computer > Administrator Settings (YaST). Figure 131 openSUSE 10.3: K Menu > Computer Menu 230 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address 2 When the Run as Root - KDE su dialog opens, enter the admin password and click OK. Figure 132 openSUSE 10.3: K Menu > Computer Menu 3 When the YaST Control Center window opens, select Network Devices and then click the Network Card icon. Figure 133 openSUSE 10.3: YaST Control Center MAX208M2W Series Users Guide 231 Appendix BSetting Up Your Computer s IP Address 4 When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 134 openSUSE 10.3: Network Settings 232 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address 5 When the Network Card Setup window opens, click the Address tab Figure 135 openSUSE 10.3: Network Card Setup 6 Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. 7 Click Next to save the changes and close the Network Card Setup window. MAX208M2W Series Users Guide 233 Appendix BSetting Up Your Computer s IP Address 8 If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided. Figure 136 openSUSE 10.3: Network Settings 9 Click Finish to save your settings and close the window. 234 MAX208M2W Series Users Guide Appendix BSetting Up Your Computer s IP Address Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information. Figure 137 openSUSE 10.3: KNetwork Manager When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly. Figure 138 openSUSE: Connection Status - KNetwork Manager MAX208M2W Series Users Guide 235 Appendix BSetting Up Your Computer s IP Address 236 MAX208M2W Series Users Guide APPENDIX C Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow:
Web browser pop-up windows from your device. JavaScript (enabled by default). Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your devices IP address. Disable Pop-up Blockers 1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 139 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. MAX208M2W Series Users Guide 237 Appendix CPop-up Windows, JavaScript and Java Permissions 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 140 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 238 MAX208M2W Series Users Guide Appendix CPop-up Windows, JavaScript and Java Permissions 2 Select Settingsto open the Pop-up Blocker Settings screen. Figure 141 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix http://. For example, http://192.168.167.1. MAX208M2W Series Users Guide 239 Appendix CPop-up Windows, JavaScript and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 142 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript is allowed. 240 MAX208M2W Series Users Guide Appendix CPop-up Windows, JavaScript and Java Permissions 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 143 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). MAX208M2W Series Users Guide 241 Appendix CPop-up Windows, JavaScript and Java Permissions 6 Click OK to close the window. Figure 144 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 242 MAX208M2W Series Users Guide Appendix CPop-up Windows, JavaScript and Java Permissions 5 Click OK to close the window. Figure 145 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. MAX208M2W Series Users Guide 243 Appendix CPop-up Windows, JavaScript and Java Permissions 3 Click OK to close the window. Figure 146 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 147 Mozilla Firefox: TOOLS > Options 244 MAX208M2W Series Users Guide Appendix CPop-up Windows, JavaScript and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 148 Mozilla Firefox Content Security MAX208M2W Series Users Guide 245 Appendix CPop-up Windows, JavaScript and Java Permissions 246 MAX208M2W Series Users Guide APPENDIX D IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device
(including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks. Introduction to IP Addresses One part of the IP address is the network number, and the other part is the host ID. In the same way that houses on a street share a common street name, the hosts on a network share a common network number. Similarly, as each house has its own house number, each host on the network has its own unique identifying number - the host ID. Routers use the network number to send packets to the correct network, while the host ID determines to which host on the network the packets are delivered. Structure An IP address is made up of four parts, written in dotted decimal notation (for example, ). Each of these four parts is known as an octet. An octet is an eight-
digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. MAX208M2W Series Users Guide 247 Appendix DIP Addresses and Subnetting The following figure shows an example IP address in which the first three octets
(192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 149 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term subnet is short for sub-network. A subnet mask has 32 bits. If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID. The following example shows a subnet mask identifying the network number (in bold text) and host ID of an IP address (192.168.1.2 in decimal). Table 88 IP Address Network Number and Host ID Example 1ST OCTET:
(192) 3RD OCTET:
(1) IP Address (Binary)11000000101010000000000100000010 Subnet Mask (Binary) Network Number Host ID00000010 111111111111111111111111 110000001010100000000001 2ND OCTET:
(168) 4TH OCTET
(2) 00000000 248 MAX208M2W Series Users Guide Appendix DIP Addresses and Subnetting By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number part (the bits with a 1 value). For example, an 8-bit mask means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 89 Subnet Masks BINARY 1ST OCTET 2ND OCTET 3RD OCTET 8-bit mask 11111111 00000000 00000000 11111111 11111111 00000000 16-bit mask 24-bit mask 29-bit mask 11111111 11111111 11111111 11111111 11111111 11111111 4TH OCTET 00000000 00000000 DECIMAL 255.0.0.0 255.255.0.0 00000000 255.255.255.0 11111000 255.255.255.24 8 Network Size The size of the network number determines the maximum number of possible hosts you can have on your network. The larger the number of network number bits, the smaller the number of remaining host ID bits. An IP address with host IDs of all zeros is the IP address of the network
(192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network (192.168.1.255 with a 24-bit subnet mask, for example). As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows:
HOST ID SIZE Table 90 Maximum Host Numbers SUBNET MASK 8 bits255.0.0.024 bits 16 bits255.255.0.016 bits 24 bits255.255.255.08 bits 29 bits255.255.255.2 3 bits 2 2 2 48 MAXIMUM NUMBER OF HOSTS 24 216777214 16 265534 8 2254 23 2 6 MAX208M2W Series Users Guide 249 Appendix DIP Addresses and Subnetting Notation Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a / followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations.
/26 LAST OCTET
(BINARY) 0000 0000 1000 0000 ALTERNATIVE NOTATION
/24
/25 Table 91 Alternative Subnet Mask Notation SUBNET MASK 255.255.255.0 255.255.255.12 8 255.255.255.19 2 255.255.255.22 4 255.255.255.24 0 255.255.255.24 8 255.255.255.25 2 1100 0000 1110 0000 1111 0000 1111 1000 1111 1100
/27
/28
/29
/30 LAST OCTET
(DECIMAL) 0 128 192 224 240 248 252 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons. In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 2 or 254 possible hosts. 250 MAX208M2W Series Users Guide Appendix DIP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 150 Subnetting Example: Before Subnetting You can borrow one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or
/25). The borrowed host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. MAX208M2W Series Users Guide 251 Appendix DIP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 151 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 2 or 126 possible hosts (a host ID of all zeroes is the subnets address itself, all ones is the subnets broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126. Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254. Example: Four Subnets The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to borrow two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits
(11111111.11111111.11111111.11000000) or 255.255.255.192. 252 MAX208M2W Series Users Guide Appendix DIP Addresses and Subnetting Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnets broadcast address). Table 92 Subnet 1 IP/SUBNET MASK IP Address (Decimal) IP Address (Binary) Subnet Mask (Binary) Subnet Address:
192.168.1.0 Broadcast Address:
192.168.1.63 Table 93 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address:
192.168.1.64 Broadcast Address:
192.168.1.127 Table 94 Subnet 3 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address:
192.168.1.128 Broadcast Address:
192.168.1.191 Table 95 Subnet 4 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 00000000 11111111.11111111.11111111. 11000000 Lowest Host ID: 192.168.1.1 LAST OCTET BIT VALUE 0 Highest Host ID: 192.168.1.62 LAST OCTET BIT VALUE 64 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 01000000 11111111.11111111.11111111. 11000000 Lowest Host ID: 192.168.1.65 Highest Host ID: 192.168.1.126 LAST OCTET BIT VALUE 128 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 10000000 11111111.11111111.11111111. 11000000 Lowest Host ID: 192.168.1.129 Highest Host ID: 192.168.1.190 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001
. 11111111.11111111.11111111
. LAST OCTET BIT VALUE 192 11000000 11000000 MAX208M2W Series Users Guide 253 Appendix DIP Addresses and Subnetting Table 95 Subnet 4 (continued) IP/SUBNET MASK Subnet Address:
192.168.1.192 Broadcast Address:
192.168.1.255 NETWORK NUMBER Lowest Host ID: 192.168.1.193 LAST OCTET BIT VALUE Highest Host ID: 192.168.1.254 Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 96 Eight Subnets SUBNET 1 2 3 4 5 6 7 8 SUBNET ADDRESS 0 32 64 96 128 160 192 224 FIRST ADDRESS LAST 1 33 65 97 129 161 193 225 ADDRESS 30 62 94 126 158 190 222 254 BROADCAST ADDRESS 31 63 95 127 159 191 223 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 97 24-bit Network Number Subnet Planning NO. BORROWED HOST BITS 1 2 3 4 5 6 7 SUBNET MASK 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) NO. SUBNETS NO. HOSTS PER 2 4 8 16 32 64 128 SUBNET 126 62 30 14 6 2 1 254 MAX208M2W Series Users Guide Appendix DIP Addresses and Subnetting The following table is a summary for subnet planning on a network with a 16-bit network number. Table 98 16-bit Network Number Subnet Planning NO. BORROWED HOST BITS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 SUBNET MASK 255.255.128.0 (/17) 255.255.192.0 (/18) 255.255.224.0 (/19) 255.255.240.0 (/20) 255.255.248.0 (/21) 255.255.252.0 (/22) 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) NO. SUBNETS NO. HOSTS PER 2 4 8 16 32 64 128 256 512 1024 2048 4096 8192 16384 32768 SUBNET 32766 16382 8190 4094 2046 1022 510 254 126 62 30 14 6 2 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the MAX208M2W Series. Once you have decided on the network number, pick an IP address for your MAX208M2W Series that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address. The subnet mask specifies the network number portion of an IP address. Your MAX208M2W Series will compute the subnet mask automatically based on the IP MAX208M2W Series Users Guide 255 Appendix DIP Addresses and Subnetting address that you entered. You don't need to change the subnet mask computed by the MAX208M2W Series unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:
10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255 You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses. Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. IP Address Conflicts Each device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources. The devices may also be unreachable through the network. Conflicting Computer IP Addresses Example More than one device can not use the same IP address. In the following example computer A has a static (or fixed) IP address that is the same as the IP address that a DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP 256 MAX208M2W Series Users Guide Appendix DIP Addresses and Subnetting address to computer A or setting computer A to obtain an IP address automatically. Figure 152 Conflicting Computer IP Addresses Example Conflicting Router IP Addresses Example Since a router connects different networks, it must have interfaces using different network numbers. For example, if a router is set between a LAN and the Internet
(WAN), the routers LAN and WAN addresses must be on different subnets. In the following example, the LAN and WAN are on the same subnet. The LAN computers cannot access the Internet because the router cannot route between networks. Figure 153 Conflicting Computer IP Addresses Example Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address. In the following example, the computer and the routers LAN port both use 192.168.1.1 as the IP address. MAX208M2W Series Users Guide 257 Appendix DIP Addresses and Subnetting The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the routers LAN port. Figure 154 Conflicting Computer and Router IP Addresses Example 258 MAX208M2W Series Users Guide APPENDIX E Importing Certificates This appendix shows you how to import public key certificates into your web browser. Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as VeriSign, Comodo, or Network Solutions, to name a few, receives a certificate request from a website operator, they confirm that the web domain and contact information in the request match those on public record with a domain name registrar. If they match, then the certificate is issued to the website operator, who then places it on the site to be issued to all visiting web browsers to let them know that the site is legitimate. Many ZyXEL products, such as the NSA-2401, issue their own public key certificates. These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it. However, because the certificates were not issued by one of the several organizations officially recognized by the most common web browsers, you will need to import the ZyXEL-created certificate into your web browser and flag that certificate as a trusted authority. Note: You can see if you are browsing on a secure website if the URL in your web browsers address bar begins with https:// or there is a sealed padlock icon () somewhere in the main browser window (not all browsers show the padlock in the same location.) In this appendix, you can import a public key certificate for:
Internet Explorer on page 260 Firefox on page 270 Opera on page 276 Konqueror on page 284 MAX208M2W Series Users Guide 259 Appendix EImporting Certificates Internet Explorer The following example uses Microsoft Internet Explorer 7 on Windows XP Professional; however, they can also apply to Internet Explorer on Windows Vista. 1 If your devices web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. Figure 155 Internet Explorer 7: Certification Error 2 Click Continue to this website (not recommended). Figure 156 Internet Explorer 7: Certification Error 260 MAX208M2W Series Users Guide 3 In the Address Bar, click Certificate Error > View certificates. Figure 157 Internet Explorer 7: Certificate Error Appendix EImporting Certificates 4 In the Certificate dialog box, click Install Certificate. Figure 158 Internet Explorer 7: Certificate MAX208M2W Series Users Guide 261 Appendix EImporting Certificates 5 In the Certificate Import Wizard, click Next. Figure 159 Internet Explorer 7: Certificate Import Wizard 6 If you want Internet Explorer to Automatically select certificate store based on the type of certificate, click Next again and then go to step 9. Figure 160 Internet Explorer 7: Certificate Import Wizard 262 MAX208M2W Series Users Guide Appendix EImporting Certificates 7 Otherwise, select Place all certificates in the following store and then click Browse. Figure 161 Internet Explorer 7: Certificate Import Wizard 8 In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK. Figure 162 Internet Explorer 7: Select Certificate Store MAX208M2W Series Users Guide 263 Appendix EImporting Certificates 9 In the Completing the Certificate Import Wizard screen, click Finish. Figure 163 Internet Explorer 7: Certificate Import Wizard 10 If you are presented with another Security Warning, click Yes. Figure 164 Internet Explorer 7: Security Warning 264 MAX208M2W Series Users Guide Appendix EImporting Certificates 11 Finally, click OK when presented with the successful certificate installation message. Figure 165 Internet Explorer 7: Certificate Import Wizard 12 The next time you start Internet Explorer and go to a ZyXEL web configurator page, a sealed padlock icon appears in the address bar. Click it to view the pages Website Identification information. Figure 166 Internet Explorer 7: Website Identification MAX208M2W Series Users Guide 265 Appendix EImporting Certificates Installing a Stand-Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Double-click the public key certificate file. Figure 167 Internet Explorer 7: Public Key Certificate File 2 In the security warning dialog box, click Open. Figure 168 Internet Explorer 7: Open File - Security Warning 3 Refer to steps 4-12 in the Internet Explorer procedure beginning on page260 to complete the installation process. 266 MAX208M2W Series Users Guide Appendix EImporting Certificates Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7. 1 Open Internet Explorer and click TOOLS > Internet Options. Figure 169 Internet Explorer 7: Tools Menu 2 In the Internet Options dialog box, click Content > Certificates. Figure 170 Internet Explorer 7: Internet Options MAX208M2W Series Users Guide 267 Appendix EImporting Certificates 3 In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, select the certificate that you want to delete, and then click Remove. Figure 171 Internet Explorer 7: Certificates 4 5 In the Certificates confirmation, click Yes. Figure 172 Internet Explorer 7: Certificates In the Root Certificate Store dialog box, click Yes. Figure 173 Internet Explorer 7: Root Certificate Store 268 MAX208M2W Series Users Guide 6 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. Appendix EImporting Certificates MAX208M2W Series Users Guide 269 Appendix EImporting Certificates Firefox The following example uses Mozilla Firefox 2 on Windows XP Professional;
however, the screens can also apply to Firefox 2 on all platforms. 1 If your devices web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Select Accept this certificate permanently and click OK. Figure 174 Firefox 2: Website Certified by an Unknown Authority 270 MAX208M2W Series Users Guide Appendix EImporting Certificates 3 The certificate is stored and you can now connect securely to the web configurator. A sealed padlock appears in the address bar, which you can click to open the Page Info > Security window to view the web pages security information. Figure 175 Firefox 2: Page Info MAX208M2W Series Users Guide 271 Appendix EImporting Certificates Installing a Stand-Alone Certificate File in Firefox Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Open Firefox and click TOOLS > Options. Figure 176 Firefox 2: Tools Menu 2 In the Options dialog box, click ADVANCED > Encryption > View Certificates. Figure 177 Firefox 2: Options 272 MAX208M2W Series Users Guide 3 In the Certificate Manager dialog box, click Web Sites > Import. Figure 178 Firefox 2: Certificate Manager Appendix EImporting Certificates 4 Use the Select File dialog box to locate the certificate and then click Open. Figure 179 Firefox 2: Select File 5 The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web pages security information. MAX208M2W Series Users Guide 273 Appendix EImporting Certificates Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2. 1 Open Firefox and click TOOLS > Options. Figure 180 Firefox 2: Tools Menu 2 In the Options dialog box, click ADVANCED > Encryption > View Certificates. Figure 181 Firefox 2: Options 274 MAX208M2W Series Users Guide Appendix EImporting Certificates 3 In the Certificate Manager dialog box, select the Web Sites tab, select the certificate that you want to remove, and then click Delete. Figure 182 Firefox 2: Certificate Manager 4 In the Delete Web Site Certificates dialog box, click OK. Figure 183 Firefox 2: Delete Web Site Certificates 5 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. MAX208M2W Series Users Guide 275 Appendix EImporting Certificates Opera The following example uses Opera 9 on Windows XP Professional; however, the screens can apply to Opera 9 on all platforms. 1 If your devices web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Click Install to accept the certificate. Figure 184 Opera 9: Certificate signer not found 276 MAX208M2W Series Users Guide Appendix EImporting Certificates 3 The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web pages security details. Figure 185 Opera 9: Security information MAX208M2W Series Users Guide 277 Appendix EImporting Certificates Installing a Stand-Alone Certificate File in Opera Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Open Opera and click TOOLS > Preferences. Figure 186 Opera 9: Tools Menu 278 MAX208M2W Series Users Guide 2 In Preferences, click ADVANCED > Security > Manage certificates. Figure 187 Opera 9: Preferences Appendix EImporting Certificates MAX208M2W Series Users Guide 279 Appendix EImporting Certificates 3 In the Certificates Manager, click Authorities > Import. Figure 188 Opera 9: Certificate manager 4 Use the Import certificate dialog box to locate the certificate and then click Open. Figure 189 Opera 9: Import certificate 280 MAX208M2W Series Users Guide 5 In the Install authority certificate dialog box, click Install. Figure 190 Opera 9: Install authority certificate Appendix EImporting Certificates 6 Next, click OK. Figure 191 Opera 9: Install authority certificate 7 The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web pages security details. MAX208M2W Series Users Guide 281 Appendix EImporting Certificates Removing a Certificate in Opera This section shows you how to remove a public key certificate in Opera 9. 1 Open Opera and click TOOLS > Preferences. Figure 192 Opera 9: Tools Menu 2 In Preferences, ADVANCED > Security > Manage certificates. Figure 193 Opera 9: Preferences 282 MAX208M2W Series Users Guide Appendix EImporting Certificates 3 In the Certificates manager, select the Authorities tab, select the certificate that you want to remove, and then click Delete. Figure 194 Opera 9: Certificate manager 4 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. Note: There is no confirmation when you delete a certificate authority, so be absolutely certain that you want to go through with it before clicking the button. MAX208M2W Series Users Guide 283 Appendix EImporting Certificates Konqueror The following example uses Konqueror 3.5 on openSUSE 10.3, however the screens apply to Konqueror 3.5 on all Linux KDE distributions. 1 If your devices web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Click Continue. Figure 195 Konqueror 3.5: Server Authentication 3 Click Forever when prompted to accept the certificate. Figure 196 Konqueror 3.5: Server Authentication 284 MAX208M2W Series Users Guide Appendix EImporting Certificates 4 Click the padlock in the address bar to open the KDE SSL Information window and view the web pages security details. Figure 197 Konqueror 3.5: KDE SSL Information MAX208M2W Series Users Guide 285 Appendix EImporting Certificates Installing a Stand-Alone Certificate File in Konqueror Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Double-click the public key certificate file. Figure 198 Konqueror 3.5: Public Key Certificate File 2 In the Certificate Import Result - Kleopatra dialog box, click OK. Figure 199 Konqueror 3.5: Certificate Import Result The public key certificate appears in the KDE certificate manager, Kleopatra. Figure 200 Konqueror 3.5: Kleopatra 286 MAX208M2W Series Users Guide 3 The next time you visit the web site, click the padlock in the address bar to open the KDE SSL Information window to view the web pages security details. Appendix EImporting Certificates MAX208M2W Series Users Guide 287 Appendix EImporting Certificates Removing a Certificate in Konqueror This section shows you how to remove a public key certificate in Konqueror 3.5. 1 Open Konqueror and click Settings > Configure Konqueror. Figure 201 Konqueror 3.5: Settings Menu 2 In the Configure dialog box, select Crypto. 3 On the Peer SSL Certificates tab, select the certificate you want to delete and then click Remove. Figure 202 Konqueror 3.5: Configure 4 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. 288 MAX208M2W Series Users Guide Note: There is no confirmation when you remove a certificate authority, so be absolutely certain you want to go through with it before clicking the button. Appendix EImporting Certificates MAX208M2W Series Users Guide 289 Appendix EImporting Certificates 290 MAX208M2W Series Users Guide APPENDIX F Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/
code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. Protocol: This is the type of IP protocol used by the service. If this is TCP/
UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number. Port(s): This value depends on the Protocol. Please refer to RFC 1700 for further information about port numbers. If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. If the Protocol is USER, this is the IP protocol number. Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. Table 99 Commonly Used Services NAME AH
(IPSEC_TUNNEL) PROTOCOL User-Defined AIM/New-ICQ TCP AUTH BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME TCP TCP UDP UDP TCP DNS UDP TCP/UDP 5190 113 179 68 67 7648 24032 53 PORT(S) DESCRIPTION 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service. AOLs Internet Messenger service. It is also used as a listening port by ICQ. Authentication protocol used by some servers. Border Gateway Protocol. DHCP Client. DHCP Server. A popular videoconferencing solution from White Pines Software. Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. MAX208M2W Series Users Guide 291 Appendix FCommon Services Table 99 Commonly Used Services (continued) NAME ESP
(IPSEC_TUNNEL) PROTOCOL User-Defined PORT(S) DESCRIPTION 50 FINGER FTP H.323 HTTP HTTPS ICMP TCP TCP TCP TCP TCP TCP 79 20 21 1720 80 443 User-Defined 1 ICQ UDP 4000 IGMP
(MULTICAST) User-Defined 2 IKE IRC UDP TCP/UDP MSN Messenger TCP TCP TCP UDP TCP NEW-ICQ NEWS NFS NNTP PING 500 6667 1863 5190 144 2049 119 User-Defined 1 POP3 TCP 110 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service. Finger is a UNIX or Internet related command that can be used to find out if a user is logged on. File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. NetMeeting uses this protocol. Hyper Text Transfer Protocol - a client/server protocol for the world wide web. HTTPS is a secured http session often used in e-commerce. Internet Control Message Protocol is often used for diagnostic or routing purposes. This is a popular Internet chat program. Internet Group Management Protocol is used when sending packets to a specific group of hosts. The Internet Key Exchange algorithm is used for key distribution and management. This is another popular Internet chat program. Microsoft Networks messenger service uses this protocol. An Internet chat program. A protocol for news groups. Network File System - NFS is a client/
server distributed file service that provides transparent file sharing for network environments. Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable. Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other). 292 MAX208M2W Series Users Guide Table 99 Commonly Used Services (continued) NAME PPTP PROTOCOL TCP PORT(S) DESCRIPTION 1723 PPTP_TUNNEL
(GRE) User-Defined 47 RCMD REAL_AUDIO TCP TCP REXEC RLOGIN RTELNET RTSP TCP TCP TCP TCP/UDP SFTP SMTP TCP TCP SNMP TCP/UDP SNMP-TRAPS TCP/UDP SQL-NET TCP SSH STRM WORKS SYSLOG TCP/UDP UDP UDP TACACS TELNET UDP TCP 512 7070 514 513 107 554 115 25 161 162 1521 22 1558 514 49 23 Appendix FCommon Services Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel. Remote Command Service. A streaming audio service that enables real time sound over the web. Remote Execution Daemon. Remote Login. Remote Telnet. The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. Simple File Transfer Protocol. Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. Simple Network Management Program. Traps for use with the SNMP
(RFC:1215). Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. Secure Shell Remote Login Program. Stream Works Protocol. Syslog allows you to send system logs to a UNIX server. Login Host Protocol used for (Terminal Access Controller Access Control System). Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems. MAX208M2W Series Users Guide 293 Appendix FCommon Services Table 99 Commonly Used Services (continued) NAME TFTP PROTOCOL UDP PORT(S) DESCRIPTION 69 VDOLIVE TCP 7000 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP
(Transmission Control Protocol). Another videoconferencing solution. 294 MAX208M2W Series Users Guide APPENDIX G Legal Information Copyright Copyright 2011 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimers ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice. Your use of the MAX208M2W Series is subject to the terms and conditions of any related service providers. Do not use the MAX208M2W Series for illegal purposes. Illegal downloading or sharing of files can result in severe civil and criminal penalties. You are subject to the restrictions of copyright laws and any other applicable laws, and will bear the consequences of any infringements thereof. ZyXEL bears NO responsibility or liability for your use of the download service feature. Trademarks Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners. MAX208M2W Series Users Guide 295 Appendix GLegal Information Certifications Federal Communications Commission (FCC) Interference Statement The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful i nterference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if n ot installed and used in accordance with the instructions, may cause harmful interference to radio c ommunications. This device complies with part 15 of the FCC Rules. However, there is no guarantee that interference will not occur in a particular installation. If this equipment d oes Operation is subject to the condition that this device does not cause harmful cause harmful interference to radio or television reception, which can be determined by turning the e quipment interference. off and on, the user is encouraged to try to correct the interference by one of the following measures:
- Reorient or relocate the receiving antenna.
- Increase the separation between the equipment and receiver.
- Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
- Consult the dealer or an experienced radio/TV technician for help. FCC Caution: Any changes or modifications not expressly approved by the party responsible for c could void the user's authority to operate this equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) T his device may not cause harmful interference, and (2) this device must accept any interference received, i ncluding interference that may cause undesired operation. IMPORTANT NOTE:
Radiation Exposure Statement:
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. T 3 Connect the equipment into an outlet on a circuit different from that to which the equipment should be installed and operated with minimum distance 20cm between the radiator & your body. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Increase the separation between the equipment and the receiver. 1 Reorient or relocate the receiving antenna. receiver is connected. ompliance his 2 4 Consult the dealer or an experienced radio/TV technician for help. FCC Radiation Exposure Statement This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons. 296 MAX208M2W Series User s Guide Appendix GLegal Information Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numrique de la classe B est conforme la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. MAX208M2W Series Users Guide 297 Appendix GLegal Information Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser. To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http://
www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. 298 MAX208M2W Series Users Guide Index Index CBC-MAC 207 CCMP 205, 207 cell 69 certificates 205 CA 71 formats 72 verification 207 certification notices 297 viewing 297 Certification Authority, see CA chaining 207 chaining message authentication see CCMP circuit-switched telephone networks 133 Class of Service (CoS) 134 client-server protocol 155 SIP 155 CMAC see MAC codec 133 comfort noise 157 copyright 295 CoS 134 counter mode see CCMP coverage area 69 cryptography 205 D data 205207 decryption 205 encryption 205 flow 207 DHCP 89 server 89 diameter 70 A AAA 70 AbS 134 accounting server see AAA ACK message 155 activity 70 Advanced Encryption Standard see AES AES 207 ALG 92 alternative subnet mask notation 250 analysis-by-synthesis 134 Application Layer Gateway see ALG authentication 70, 205 inner 208 key server 70 types 208 authorization 205 request and reply 207 server 70 auto-discovery UPnP 118 B base station see BS BS 6970 links 70 BYE request 155 C CA 71, 72 MAX208M2W Series Users Guide 299 Index Differentiated Services see DiffServ DiffServ 134 DiffServ Code Point (DSCP) 134 marking rule 138 digital ID 72, 205 DS field 137 DSCP see DiffServ DTMF 143 dual-tone multi-frequency see DTMF Dynamic Host Configuration Protocol see DHCP E EAP 70 EAP (Extensible Authentication Protocol) 72 EAP-TLS 72 EAP-TTLS 72 echo cancellation 157 encryption 205207 traffic 207 Ethernet encapsulation 91 Extensible Authorization Protocol see EAP F FCC interference statement 296 firewall 127 FTP 161 restrictions 161 G G.168 157 G.711 134 G.729 134 300 H hybrid waveform codec 134 I IANA 256 identity 70, 205 idle timeout 162 IEEE 802.16 69, 205 IEEE 802.16e 69 IGD 1.0 93 inner authentication 208 Internet access 70 gateway device 93 Internet Assigned Numbers Authority see IANA 256 Internet Telephony Service Provider see ITSP interoperability 69 IP-PBX 133 ITSP 133 ITU-T 157 K key 205 request and reply 207 M MAC 207 MAN 69 Management Information Base (MIB) 164 Message Authentication Code see MAC message integrity 207 Metropolitan Area Network see MAN microwave 69, 70 MAX208M2W Series Users Guide mobile station see MS MS 70 multimedia 135 N NAT 255 and remote management 162 server sets 91 traversal 93 NAT routers 141 network activity 70 services 70 network address translators 141 O OK response 155 outbound proxy 142 SIP 142 outbound proxy server 142 P pattern-spotting 207 PBX services 133 PCM 134 peer-to-peer calls 142 per-hop behavior 137 PHB (per-hop behavior) 138 phone services 143 PKMv2 70, 205, 208 plain text encryption 207 Privacy Key Management see PKM private key 205 product registration 298 proxy server Index SIP 140 public certificate 207 public key 205 pulse code modulation 134 push button 104 Q QoS 134 quality of service R RADIUS 70, 72, 206 Message Types 206 Messages 206 Shared Secret Key 206 Real-time Transport Protocol see RTP register server SIP 140 registration product 298 related documentation 3 remote management and NAT 162 remote management limitations 161 required bandwidth 134 RFC 1889 135 RFC 3489 141 RTP 135 S safety warnings 7 secure communication 205 secure connection 70 security 205 security association 207 see SA see QoS server, outbound proxy 142 MAX208M2W Series Users Guide 301 Index services 70 Session Initiation Protocol see SIP silence suppression 157 silent packets 157 SIP 134 account 140 ACK message 155 ALG 92, 142 Application Layer Gateway, see ALG BYE request 155 call progression 154 client 155 client server 155 identities 140 INVITE request 155 number 140 OK response 155 proxy server 140 register server 140 servers 155 service domain 140 URI 140 user agent 140 SIP outbound proxy 142 SNMP 162 manager 164 sound quality 134 SS 69, 70 STUN 141, 142 subnet 247 mask 248 subnetting 250 subscriber station see SS supplementary phone services 143 syntax conventions 5 system timeout 162 T tampering TCP/IP configuration 89 TEK 207 TFTP restrictions 161 TLS 205 ToS 134 Touch Tone 143 transport encryption key see TEK transport layer security see TLS trigger port forwarding process 113 TTLS 205, 208 tunneled TLS see TTLS Type of Service 134 U unauthorized device 205 uniform resource identifier 140 Universal Plug and Play see UPnP UPnP 92 application 93 auto-discovery 118 security issues 93 Windows XP 116 use NAT 141 user agent, SIP 140 user authentication 205 V VAD 157 verification 207 voice activity detection 157 coding 133 mail 133 Voice over IP see VoIP VoIP 133 302 MAX208M2W Series Users Guide Index W waveform codec 134 WiFi Protected Setup, see WPS WiMAX 6970 security 207 WiMAX Forum 69 Wireless Interoperability for Microwave Access see WiMAX wireless LAN WPS 104 adding stations 104 push button 104 Wireless Metropolitan Area Network see MAN wireless network access 69 standard 69 wireless security 205 wizard setup 31 WPS 104 adding stations 104 push button 104 MAX208M2W Series Users Guide 303 Index 304 MAX208M2W Series Users Guide
frequency | equipment class | purpose | ||
---|---|---|---|---|
1 | 2011-07-05 | 2501 ~ 2685 | TNB - Licensed Non-Broadcast Station Transmitter | Original Equipment |
2 | 2412 ~ 2462 | DTS - Digital Transmission System |
app s | Applicant Information | |||||
---|---|---|---|---|---|---|
1 2 | Effective |
2011-07-05
|
||||
1 2 | Applicant's complete, legal business name |
ZyXEL Communications Corporation
|
||||
1 2 | FCC Registration Number (FRN) |
0021059092
|
||||
1 2 | Physical Address |
No.2, Industry East Road IX, Science Park
|
||||
1 2 |
Hsinchu
|
|||||
1 2 |
Taiwan
|
|||||
app s | TCB Information | |||||
1 2 | TCB Application Email Address |
c******@curtis-straus.com
|
||||
1 2 | TCB Scope |
B1: Commercial mobile radio services equipment in the following 47 CFR Parts 20, 22 (cellular), 24,25 (below 3 GHz) & 27
|
||||
1 2 |
A4: UNII devices & low power transmitters using spread spectrum techniques
|
|||||
app s | FCC ID | |||||
1 2 | Grantee Code |
I88
|
||||
1 2 | Equipment Product Code |
MAX208M2W
|
||||
app s | Person at the applicant's address to receive grant or for contact | |||||
1 2 | Name |
E******** B******
|
||||
1 2 | Title |
Section Manager
|
||||
1 2 | Telephone Number |
886 3******** Extension:
|
||||
1 2 | Fax Number |
886 3********
|
||||
1 2 |
E******@zyxel.com.tw
|
|||||
app s | Technical Contact | |||||
1 2 | Firm Name |
Bureau Veritas CPS (H.K.) Ltd. Taoyuan Branch
|
||||
1 2 | Name |
H******** C******
|
||||
1 2 | Physical Address |
81-1, Lu Laio Keng, 9th Ling, Wu Lung Tsuen, Chiun
|
||||
1 2 |
Hsinchu Hsien, 307
|
|||||
1 2 |
Taiwan
|
|||||
1 2 | Telephone Number |
886-3******** Extension:
|
||||
1 2 | Fax Number |
886-3********
|
||||
1 2 |
h******@tw.bureauveritas.com
|
|||||
app s | Non Technical Contact | |||||
1 2 | Firm Name |
Bureau Veritas CPS (H.K.) Ltd. Taoyuan Branch
|
||||
1 2 | Name |
W****** L********
|
||||
1 2 | Physical Address |
No. 19, Hwa Ya 2nd Rd., Kwei Shan Hsiang
|
||||
1 2 |
Taoyuan Hsien, 333
|
|||||
1 2 |
Taiwan
|
|||||
1 2 | Telephone Number |
886-3******** Extension:
|
||||
1 2 | Fax Number |
886-3********
|
||||
1 2 |
w******@tw.bureauveritas.com
|
|||||
app s | Confidentiality (long or short term) | |||||
1 2 | Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | Yes | ||||
1 2 | Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | No | ||||
if no date is supplied, the release date will be set to 45 calendar days past the date of grant. | ||||||
app s | Cognitive Radio & Software Defined Radio, Class, etc | |||||
1 2 | Is this application for software defined/cognitive radio authorization? | No | ||||
1 2 | Equipment Class | TNB - Licensed Non-Broadcast Station Transmitter | ||||
1 2 | DTS - Digital Transmission System | |||||
1 2 | Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant) | WiMAX Indoor VoIP Wi-Fi IAD | ||||
1 2 | Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application? | No | ||||
1 2 | Modular Equipment Type | Does not apply | ||||
1 2 | Purpose / Application is for | Original Equipment | ||||
1 2 | Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization? | Yes | ||||
1 2 | Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization? | No | ||||
1 2 | Grant Comments | Output power is conducted. The product is a WiMAX/WiFi user station. The antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter, except tested WiMAX/WiFi co-transmission configuration. Users and installers must be provided with antenna installation instructions and transmitter operating conditions for satisfying RF exposure compliance. RF exposure compliance may need to be addressed at the time of licensing, as required by the responsible FCC Bureau(s), including antenna co-location requirements of 1.1307(b)(3). | ||||
1 2 | Output power is conducted. The product is a WiMAX/WiFi user station. The antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter, except tested WiMAX/WiFi co-transmission configuration. Users and installers must be provided with antenna installation instructions and transmitter operating conditions for satisfying RF exposure compliance. | |||||
1 2 | Is there an equipment authorization waiver associated with this application? | No | ||||
1 2 | If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded? | No | ||||
app s | Test Firm Name and Contact Information | |||||
1 2 | Firm Name |
Bureau Veritas CPS (H.K.) Ltd. Taoyuan Branch
|
||||
1 2 | Name |
R****** C****
|
||||
1 2 | Telephone Number |
886-3******** Extension:
|
||||
1 2 | Fax Number |
886-3********
|
||||
1 2 |
r******@tw.bureauveritas.com
|
|||||
Equipment Specifications | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
1 | 1 | 27 | 2498.5 | 2687.5 | 0.49 | 2.5 ppm | 5M06W7D | ||||||||||||||||||||||||||||||||||
1 | 2 | 27 | 2499.5 | 2686.5 | 0.447 | 2.5 ppm | 7M06W7D | ||||||||||||||||||||||||||||||||||
1 | 3 | 27 | 2501 | 2685 | 0.468 | 2.5 ppm | 9M87W7D | ||||||||||||||||||||||||||||||||||
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
2 | 1 | 15C | 2412.00000000 | 2462.00000000 | 0.3020000 |
some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details
This product uses the FCC Data API but is not endorsed or certified by the FCC