FCC ID: I88HES309M WiMax Outdoor CPE

 

HES-309M WiMAX Outdoor CPE Default Login Details IP Address:

User Name:

Password:

admin 1234 http://192.168.1.1 Firmware Version 2.00 Edition 1, 10/2010 www.zyxel.com www.zyxel.com Copyright 2010 ZyXEL Communications Corporation About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL WiMAX Device using the ZyXEL Web Configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.

Support Disc Refer to the included CD for support documents.

ZyXEL Web Site Please refer to www.zyxel.com for additional support documentation and product certifications. Documentation Feedback Send your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you!

The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Need More Help?

More help is available at www.zyxel.com. HES-309M Series Users Guide 3 About This User's Guide

Download Library Search for the latest product updates and documentation from this link. Read the Tech Doc Overview to find out how to efficiently use the documentation in order to better understand how to use your product.

Knowledge Base If you have a specific question about your product, the answer may be here. This is a collection of answers to previously asked questions about ZyXEL products.

Forum This contains discussions on ZyXEL products. Learn from others who use ZyXEL products and share your experiences as well. Customer Support Should problems arise that cannot be solved by the methods listed above, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/web/contact_us.php for contact information. Please have the following information ready when you contact an office.

Product model and serial number.

Warranty Information.

Date that you received your device.

Brief description of the problem and the steps you took to solve it. 4 HES-309M Series Users Guide Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this Users Guide. Warnings tell you about things that could harm you or your WiMAX Device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions

The product(s) described in this book may be referred to as the WiMAX Device, the device, the system or the product in this Users Guide.

Product labels, screen names, field labels and field choices are all in bold font.

A key stroke is denoted by square brackets and uppercase text, for example,

[ENTER] means the enter or return key on your keyboard.

Enter means for you to type one or more characters and then press the

[ENTER] key. Select or choose means for you to use one of the predefined choices.

A right angle bracket ( > ) within a screen name denotes a mouse click. For example, TOOLS > Logs > Log Settings means you first click Tools in the navigation panel, then the Logs sub menu and finally the Log Settings tab to get to that screen.

Units of measurement may denote the metric value or the scientific value. For example, k for kilo may denote 1000 or 1024, M for mega may denote 1000000 or 1048576 and so on.

e.g., is a shorthand for for instance, and i.e., means that is or in other words. HES-309M Series Users Guide 5 Document Conventions Icons Used in Figures Figures in this Users Guide may use the following generic icons. The WiMAX Device icon is not an exact representation of your product. Table 1 Common Icons WiMAX Device Computer Wireless Signal Notebook Server Base Station Telephone Switch Router Internet Cloud Network Cloud 6 HES-309M Series Users Guide Safety Warnings Safety Warnings For your safety, be sure to read and follow all warning notices and instructions.

Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

Do NOT expose your device to dampness, dust or corrosive liquids.

Do NOT store things on the device.

Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.

Connect ONLY suitable accessories to the device.

Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.

Make sure to connect the cables to the correct ports.

Place connecting cables carefully so that no one will step on them or stumble over them.

Always disconnect all cables from this device before servicing or disassembling.

Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).

Do NOT remove the plug and connect it to a power outlet by itself; always attach the plug to the power adaptor first before connecting it to a power outlet.

Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.

Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.

If the power adaptor or cord is damaged, remove it from the device and the power source.

Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.

Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.Use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord.

Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s).

If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged. HES-309M Series Users Guide 7 Safety Warnings

Make sure that the cable system is grounded so as to provide some protection against voltage surges. Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. 8 HES-309M Series Users Guide Contents Overview Contents Overview Users Guide ...........................................................................................................................15 Getting Started ........................................................................................................................... 17 The Web Configurator ............................................................................................................... 19 Setup Wizard ............................................................................................................................. 23 Tutorials ..................................................................................................................................... 29 Technical Reference ..............................................................................................................45 System Status ............................................................................................................................ 47 WiMAX ....................................................................................................................................... 51 Network Settings ....................................................................................................................... 73 Security .................................................................................................................................... 105 Maintenance .............................................................................................................................111 Troubleshooting ....................................................................................................................... 137 Product Specifications ............................................................................................................. 143 HES-309M Series Users Guide 9 Contents Overview 10 HES-309M Series Users Guide Table of Contents Table of Contents About This User's Guide ..........................................................................................................3 Document Conventions............................................................................................................5 Safety Warnings........................................................................................................................7 Contents Overview ...................................................................................................................9 Table of Contents....................................................................................................................11 Part I: Users Guide................................................................................ 15 Chapter 1 Getting Started ........................................................................................................................17 1.1 About Your WiMAX Device .................................................................................................. 17 1.1.1 WiMAX Internet Access ............................................................................................. 17 1.2 WiMAX Device Hardware .................................................................................................... 18 1.2.1 LEDs .......................................................................................................................... 18 1.3 Good Habits for Device Management .................................................................................. 18 Chapter 2 The Web Configurator ............................................................................................................19 2.1 Overview .............................................................................................................................. 19 2.1.1 Accessing the Web Configurator ................................................................................ 19 2.1.2 The Reset Button ....................................................................................................... 20 2.1.3 Saving and Canceling Changes ................................................................................. 20 2.1.4 Working with Tables ................................................................................................... 21 2.2 The Main Screen ................................................................................................................. 22 Chapter 3 Setup Wizard ...........................................................................................................................23 3.1 Overview .............................................................................................................................. 23 3.1.1 Welcome to the Setup Wizard .................................................................................... 23 3.1.2 LAN Settings .............................................................................................................. 24 3.1.3 WiMAX Frequency Settings ....................................................................................... 25 3.1.4 WiMAX Authentication Settings ................................................................................. 27 3.1.5 Setup Complete ......................................................................................................... 28 HES-309M Series Users Guide 11 Table of Contents Chapter 4 Tutorials...................................................................................................................................29 4.1 Overview .............................................................................................................................. 29 4.2 WiMAX Connection Settings ............................................................................................... 29 4.3 Configuring LAN DHCP ....................................................................................................... 30 4.4 Changing Certificate ............................................................................................................ 32 4.5 Blocking Web Access .......................................................................................................... 33 4.6 Configuring the MAC Address Filter .................................................................................... 34 4.7 Setting Up NAT Port Forwarding ......................................................................................... 36 4.8 Access the WiMAX Device Using DDNS ............................................................................. 39 4.8.1 Registering a DDNS Account on www.dyndns.org .................................................... 39 4.8.2 Configuring DDNS on Your WiMAX Device ............................................................... 40 4.8.3 Testing the DDNS Setting .......................................................................................... 40 4.9 Configuring Static Route for Routing to Another Network ................................................... 40 4.10 Remotely Managing Your WiMAX Device ......................................................................... 43 Part II: Technical Reference .................................................................. 45 Chapter 5 System Status .........................................................................................................................47 5.1 Overview .............................................................................................................................. 47 5.2 System Status ...................................................................................................................... 47 Chapter 6 WiMAX......................................................................................................................................51 6.1 Overview .............................................................................................................................. 51 6.1.1 What You Need to Know ............................................................................................ 51 6.2 Connection Settings ............................................................................................................ 55 6.3 Frequency Settings .............................................................................................................. 57 6.4 Authentication Settings ........................................................................................................ 60 6.5 Connect ............................................................................................................................... 63 6.6 Wide Scan ........................................................................................................................... 66 6.7 Link Status ........................................................................................................................... 67 6.8 Link Statistics ....................................................................................................................... 69 6.9 Connection Info ................................................................................................................... 70 6.10 Service Flow ...................................................................................................................... 70 6.11 Buzzer ................................................................................................................................ 71 Chapter 7 Network Settings.....................................................................................................................73 7.1 Overview .............................................................................................................................. 73 12 HES-309M Series Users Guide Table of Contents 7.1.1 What You Need to Know ............................................................................................ 73 7.2 WAN .................................................................................................................................... 78 7.3 PPPoE ................................................................................................................................. 80 7.4 GRE ..................................................................................................................................... 82 7.5 EtherIP ................................................................................................................................. 82 7.6 IP ......................................................................................................................................... 83 7.7 DHCP .................................................................................................................................. 84 7.8 Static Route ......................................................................................................................... 85 7.9 RIP ....................................................................................................................................... 86 7.10 Port Forwarding ................................................................................................................. 87 7.10.1 Port Forwarding Wizard ........................................................................................... 89 7.11 Port Trigger ........................................................................................................................ 90 7.11.1 Port Trigger Wizard .................................................................................................. 91 7.11.2 Trigger Port Forwarding Example ............................................................................. 92 7.12 DMZ ................................................................................................................................... 93 7.13 ALG ................................................................................................................................... 94 7.14 UPnP ................................................................................................................................. 95 7.14.1 Installing UPnP in Windows XP ............................................................................... 95 7.14.2 Web Configurator Easy Access ............................................................................... 99 7.15 DDNS .............................................................................................................................. 101 7.16 Content Filter ................................................................................................................... 102 Chapter 8 Security..................................................................................................................................105 8.1 Overview ............................................................................................................................ 105 8.1.1 What You Need to Know .......................................................................................... 105 8.2 IP Filter .............................................................................................................................. 106 8.3 MAC Filter .......................................................................................................................... 107 8.4 DDOS ................................................................................................................................ 108 Chapter 9 Maintenance .......................................................................................................................... 111 9.1 Overview .............................................................................................................................111 9.1.1 What You Need to Know ...........................................................................................111 9.2 Password ............................................................................................................................118 9.3 HTTP ..................................................................................................................................119 9.4 Telnet ................................................................................................................................. 120 9.5 SSH ................................................................................................................................... 121 9.6 SNMP ................................................................................................................................ 122 9.7 CWMP ............................................................................................................................... 123 9.8 OMA-DM ............................................................................................................................ 125 9.9 Date ................................................................................................................................... 127 9.10 Time Zone ........................................................................................................................ 128 HES-309M Series Users Guide 13 Table of Contents 9.11 Upgrade File .................................................................................................................... 128 9.11.1 The Firmware Upload Process ............................................................................... 129 9.12 Upgrade Link ................................................................................................................... 130 9.13 CWMP Upgrade .............................................................................................................. 130 9.14 Backup ............................................................................................................................. 131 9.15 Restore ............................................................................................................................ 132 9.15.1 The Restore Configuration Process ....................................................................... 132 9.16 Factory Defaults .............................................................................................................. 133 9.17 Log Setting ...................................................................................................................... 133 9.18 Log Display ...................................................................................................................... 134 9.19 About ............................................................................................................................... 135 9.20 Reboot ............................................................................................................................. 135 Chapter 10 Troubleshooting....................................................................................................................137 10.1 Power, Hardware Connections, and LEDs ...................................................................... 137 10.2 WiMAX Device Access and Login ................................................................................... 138 10.3 Internet Access ................................................................................................................ 140 10.4 Reset the WiMAX Device to Its Factory Defaults ............................................................ 141 10.4.1 Pop-up Windows, JavaScript and Java Permissions ............................................. 142 Chapter 11 Product Specifications .........................................................................................................143 Appendix A WiMAX Security ................................................................................................147 Appendix B Setting Up Your Computers IP Address...........................................................151 Appendix C Pop-up Windows, JavaScript and Java Permissions........................................179 Appendix D IP Addresses and Subnetting ...........................................................................189 Appendix E Importing Certificates ........................................................................................201 Appendix F Common Services.............................................................................................233 Appendix G Legal Information..............................................................................................237 Index.......................................................................................................................................241 14 HES-309M Series Users Guide PART I Users Guide 15 16 CHAPTER 1 Getting Started 1.1 About Your WiMAX Device The WiMAX Device that allows you to access the Internet by connecting to a WiMAX wireless network. You can configure firewall and content filtering as well as a host of other features and the browser-based user interface -- the Web Configurator -- provides easy management. See Chapter 11 on page 143 for a complete list of features for your model. 1.1.1 WiMAX Internet Access Connect your computer or network to the WiMAX Device for WiMAX Internet access. See the Quick Start Guide for instructions on hardware connections. In a wireless metropolitan area network (MAN), the WiMAX Device connects to a WiMAX base station (BS) for Internet access. The following diagram shows a notebook computer equipped with the WiMAX Device connecting to the Internet through a WiMAX base station (BS). Figure 1 Mobile Station and Base Station BS When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network. Use content filtering to block access to web sites with URLs containing keywords that you specify. You can define time periods and days during which content filtering is enabled and include or exclude particular computers on your network from content filtering. For example, you could block access to certain web sites. HES-309M Series Users Guide 17 Chapter 1 Getting Started 1.2 WiMAX Device Hardware Follow the instructions in the Quick Start Guide to make hardware connections. 1.2.1 LEDs The following figure shows the LEDs (lights) on the WiMAX Device. 1.3 Good Habits for Device Management Do the following things regularly to make the WiMAX Device more secure and to manage the WiMAX Device more effectively.

Change the password. Use a password thats not easy to guess and that consists of different types of characters, such as numbers and letters.

Write down the password and put it in a safe place.

Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the WiMAX Device becomes unstable or even crashes. If you forget your password, you will have to reset the WiMAX Device to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the WiMAX Device. You could simply restore your last configuration. 18 HES-309M Series Users Guide CHAPTER 2 The Web Configurator 2.1 Overview The Web Configurator is an HTML-based management interface that allows easy device set up and management via any web browser that supports: HTML 4.0, CSS 2.0, and JavaScript 1.5, and higher. The recommended screen resolution for using the web configurator is 1024 by 768 pixels and 16-bit color, or higher. In order to use the Web Configurator you need to allow:

Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in many operating systems and web browsers.

JavaScript (enabled by default in most web browsers).

Java permissions (enabled by default in most web browsers). See the Appendix C on page 179 for more information on configuring your web browser. 2.1.1 Accessing the Web Configurator 1 Make sure your WiMAX Device hardware is properly connected (refer to the Quick Start Guide for more information). 2 Launch your web browser. 3 Enter "" as the URL. 4 Enter the default Username (admin) and Password (1234), then click Login. The Main screen displays. Note: For security reasons, the WiMAX Device automatically logs you out if you do not use the Web Configurator for five minutes. If this happens, log in again. HES-309M Series Users Guide 19 Chapter 2 The Web Configurator 2.1.2 The Reset Button If you forget your password or cannot access the Web Configurator, you will need to use the Reset button to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to 1234. 2.1.2.1 Using The Reset Button 1 Make sure the Power light is on (not blinking). 2 To set the device back to the factory default settings, press the Reset button for five seconds or until all LED lights blink one time, then release it. The device restarts when the defaults have been restored. 3 Reconfigure the WiMAX Device following the steps in your Quick Start Guide. 2.1.3 Saving and Canceling Changes All screens to which you can make configuration changes must be saved before those changes can go into effect. If you make a mistake while configuring the WiMAX Device, you can cancel those changes and start over. Figure 2 Saving and Canceling Changes This screen contains the following fields:

Table 2 Saving and Canceling Changes LABEL Save Cancel DESCRIPTION Click this to save your changes. Click this to restore the settings on this page to their last saved values. Note: If you make changes to a page but do not save before switching to another page or exiting the Web Configurator, those changes are disgarded. 20 HES-309M Series Users Guide Chapter 2 The Web Configurator 2.1.4 Working with Tables Many screens in the WiMAX Device contain tables to provide information or additional configuration options. Figure 3 Tables Example This screen contains the following fields:

Table 3 Saving and Canceling Changes LABEL DESCRIPTION Items per Page This displays the number of items displayed per table page. Use the menu to change this value. First Page Click this to go to the first page in the table. Previous Page Click this to go to the previous page in the table. Page Indicator / Jump to Page This indicates which page is currently displayed in the table. Use the menu to jump to another page. You can only jump to other pages if those pages exist. Next Page Click this to go to the previous page in the table. Last Page Click this to go to the last page in the table. This indicates an items position in the table. It has no bearing on that items importance or lack there of. This indicates the total number of items in the table, including items on pages that are not visible.

Total Num HES-309M Series Users Guide 21 Chapter 2 The Web Configurator 2.2 The Main Screen When you first log into the Web Configurator, the Main screen appears. Here you can view a summary of your WiMAX Devices connection status. This is also the default home page for the Web Configurator and it contains conveniently-placed shortcuts to all of the other screens. Note: Some features in the Web Configurator may not be available depending on your firmware version and/or configuration. The following table describes the icons in this screen. Table 4 Main > Icons ICON DESCRIPTION System Status Click this to open the Main screen, which shows your WiMAX Device status and other information. WiMAX Click this to open the WiMAX menu, which gives you options for configuring your WiMAX settings. Network Setting Click this to open the Network menu, which gives you options for configuring your network settings. Security Click this to open the Security menu, which gives you options for configuring your firewall and security settings. Maintenance Click this to open the Maintenance menu, which gives you options for maintaining your WiMAX Device. Language Use this menu to select the Web Configurators language. Setup Wizard Click this to open the Setup Wizard, where you can configure the most essential settings for your WiMAX Device to work. Logout Click this to log out of the Web Configurator. 22 HES-309M Series Users Guide CHAPTER 3 Setup Wizard 3.1 Overview This chapter provides information on the ZyXEL Setup Wizard. The wizard guides you through several steps for onfiguring your network settings. 3.1.1 Welcome to the Setup Wizard This screen provides a quick summary of the configuration tasks the wizard helps you to perform. They are:

1 Set up your Local Area Network (LAN) options, which determine how the devices in your home or office connect to the WiMAX Device. 2 Set up your WiMAX Devices broadcast frequency, which is the radio channel it uses to communicate with the ISPs base station. 3 Set up your WiMAX Devices login options, which are used to connect your LAN to the ISPs network and verify your account. Figure 4 Setup Wizard > Welcome HES-309M Series Users Guide 23 Chapter 3 Setup Wizard 3.1.2 LAN Settings The LAN Settings screen allows you to configure your local network options. Figure 5 Setup Wizard > LAN Settings The following table describes the labels in this screen. Table 5 Setup Wizard > LAN Settings LABEL LAN TCP/IP DESCRIPTION IP Address Enter the IP address of the WiMAX Device on the LAN. Note: This field is the IP address you use to access the WiMAX Device on the LAN. If the web configurator is running on a computer on the LAN, you lose access to it as soon as you change this field. You can access the web configurator again by typing the new IP address in the browser. Enter the subnet mask of the LAN. Select this if you want the WiMAX Device to be the DHCP server on the LAN. As a DHCP server, the WiMAX Device assigns IP addresses to DHCP clients on the LAN and provides the subnet mask and DNS server information. Enter the IP address from which the WiMAX Device begins allocating IP addresses. Enter the IP address at which the WiMAX Device stops allocating IP addresses. IP Subnet Mask DHCP Server Enable Start IP End IP 24 HES-309M Series Users Guide Chapter 3 Setup Wizard Table 5 Setup Wizard > LAN Settings (continued) LABEL DESCRIPTION Enter the duration in minutes before the device requests a new IP address from the DHCP server. DNS Server assigned by DHCP Server Lease Time First DNS Server Second DNS Server Third DNS Server Specify the first IP address of three DNS servers that the network can use. The WiMAX Device provides these IP addresses to DHCP clients. Specify the second IP address of three DNS servers that the network can use. The WiMAX Device provides these IP addresses to DHCP clients. Specify the third IP address of three DNS servers that the network can use. The WiMAX Device provides these IP addresses to DHCP clients. Back Next Click to display the previous screen. Click to proceed to the next screen. 3.1.3 WiMAX Frequency Settings The WiMAX Frequency Settings screen allows you to configure the broadcast radio frequency used by the WiMAX Device. Note: These settings should be provided by your ISP. Figure 6 Setup Wizard > WiMAX Frequency Settings HES-309M Series Users Guide 25 Chapter 3 Setup Wizard The following table describes the labels in this screen. Table 6 Setup Wizard > WiMAX Frequency Settings LABEL Setting Type DESCRIPTION Select the WiMAX frequency setting type from the list. Step Start Frequency

By Range - Select this to set up the frequency based on a range of MHz.

By List - Select this to set up the frequency on an individual MHz basis. You can add multiple MHz values to the list. Enter the increments in MHz by which to increase the frequency range. Note: This field only appears when you select By Range under Setting Type. Enter the frequency value at the beginning of the frequency range to use. The frequency is increased in increments equal to the Step value until the End Frequency is reached, at which time the cycle starts over with the Start Frequency. Note: This field only appears when you select By Range under Setting Type. End Frequency Enter the frequency value at the end of the frequency range to use. Bandwidth

Frequency (MHz) Total Num Delete Add OK

Band Start (KHz) Band End (KHz) Total Num Back Next Note: This field only appears when you select By Range under Setting Type. Set the frequency bandwidth in MHz that this WiMAX Device uses. This is an index number for enumeration purposes only. Displays the frequency MHz for the item in the list. Displays the total number of items in the list. Click this to remove an item from the list. Click this to add an item to the list. Click this to save an newly added item to the list. This is an index number for enumeration purposes only. Indicates the beginning of the frequency band in KHz. Indicates the end of the frequency band in KHz. Displays the total number of items in the list. Click to display the previous screen. Click to proceed to the next screen. 26 HES-309M Series Users Guide Chapter 3 Setup Wizard 3.1.4 WiMAX Authentication Settings The WiMAX Authentication Settings screen allows you to configure how your WiMAX Device logs into the service providers network. Note: These settings should be provided by your ISP. Figure 7 Setup Wizard > WiMAX Authentication Settings The following table describes the labels in this screen. Table 7 Setup Wizard > WiMAX Authentication Settings LABEL Authentication Authenticati on Mode DESCRIPTION Select a WiMAX authentication mode for authentication network sessions with the ISP. Options are:

No authentication

User authentication

Device authentication

User and Device authentication Select an EAP authentication mode. Enter your anonymous ID. EAP Supplication EAP Mode Anonymous Id Note: Some modes may not require this. Inner Mode Select an inner authentication mode. Note: Some modes may not require this. HES-309M Series Users Guide 27 Chapter 3 Setup Wizard Table 7 Setup Wizard > WiMAX Authentication Settings (continued) LABEL DESCRIPTION Enter your authentication username. Username Password Back Next Note: Some modes may not require this. Enter your authentication password. Note: Some modes may not require this. Click to display the previous screen. Click to proceed to the next screen. 3.1.5 Setup Complete Click Save to save the Setup Wizard settings and close it. Figure 8 Setup Wizard > Setup Complete Launch your web browser and navigate to www.zyxel.com. If everything was configured properly, the web page should display. You can now surf the Internet!

Refer to the rest of this guide for more detailed information on the complete range of WiMAX Device features available in the more advanced web configurator. Note: If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. 28 HES-309M Series Users Guide CHAPTER 4 Tutorials 4.1 Overview This chapter shows you how to configure some of the WiMAX Devices features. Note: Be sure to read The Web Configurator on page 19 before working through the tutorials presented here. For field descriptions for individual screens, see the related technical reference in this User's Guide. This chapter includes the following configuration examples:

WiMAX Connection Settings on page 29

Configuring LAN DHCP on page 30

Changing Certificate on page 32

Blocking Web Access on page 33

Configuring the MAC Address Filter, see page 34

Setting Up NAT Port Forwarding, see page 36

Access the WiMAX Device Using DDNS, see page 39

Configuring Static Route for Routing to Another Network, see page 40

Remotely Managing Your WiMAX Device on page 43 4.2 WiMAX Connection Settings This tutorial provides you with pointers for configuring the WiMAX Device to connect to an ISP. 1 Connect the WiMAX Device to the ISPs nearest base station. See Section 6.2 on page 55. 2 Configure the WiMAX Devices broadcast frequency. Section 6.3 on page 57. 3 Configure the WiMAX Device to connect securely to the ISPs authentication servers. See Section 6.4 on page 60. HES-309M Series Users Guide 29 Chapter 4 Tutorials 4 Check the WiMAX Devices connection status to ensure everything is working properly. See Section 6.7 on page 67. 4.3 Configuring LAN DHCP This tutorial shows you how to set up a small network in your office or home. Goal: Connect three computers to your WiMAX Device to form a small network. Required: The following table provides a summary of the information you will need to complete the tasks in this tutorial. INFORMATION LAN IP Address Starting IP Address Ending IP Address DNS Servers VALUE 192.168.100.1 192.168.100.10 192.168.100.30 From ISP SEE ALSO Chapter 7 on page 83 Chapter 7 on page 84 1 In the Web Configurator, open the Networking Setting > LAN screen and set the IP Address to 192.168.100.1. Use the default IP Subnet Mask of 255.255.255.0. Click Save. 2 Manually change the IP address of your computer that your are using to 192.168.100.x (for example, 192.168.100.5) and keep the subnet set to 255.255.255.0. 30 HES-309M Series Users Guide Chapter 4 Tutorials 3 4 Type http://192.168.100.1 in your browser after the WiMAX Device finishes starting up completely. Log into the Web Configurator and open the Networking Setting > LAN >

DHCP screen. 5 Select Server for the DHCP mode, then enter 192.168.100.10 and 192.168.100.30 as your DHCP starting and ending IP addresses. 6 Leave the other settings as their defaults and click Save. 7 Next, go to the Networking Setting > WAN screen and select NAT in the Operation Mode field. Click Save. 8 Connect your computers to the WiMAX Devices Ethernet ports and youre all set!

HES-309M Series Users Guide 31 Chapter 4 Tutorials Note: You may need to configure the computers on your LAN to automatically obtain IP addresses. For information on how to do this, see Appendix B on page 151. Once your network is configured and hooked up, you will want to connect it to the Internet next. To do this, just run the Internet Connection Wizard (Chapter 3 on page 23), which walks you through the process. 4.4 Changing Certificate This tutorial shows you how to import a new security certificate, which allows your device to communicate with another network servers. Goal: Import a new security certificate into the WiMAX Device. See Also: Appendix E on page 201. 1 Go to the WiMAX > Profile > Authentication Settings screen. In the EAP Supplicant section, click each Browse button and locate the security certificates that were provided by your new ISP. s 2 Configure your new Internet access settings based on the information provided by the ISP. Note: You can also use the Internet Connection Wizard to configure the Internet access settings. 32 HES-309M Series Users Guide 3 You may need to configure the Options section according to the information provided by the ISP. Chapter 4 Tutorials 4 Click Save. You should now be able to connect to the Internet through your new service provider!

4.5 Blocking Web Access If your WiMAX Device is in a home or office environment you may decide that you want to block an Internet website access. You may need to block both the websites IP address and domain name. Goal: Configure the WiMAX Devices content filter to block a website with a domain name www.example.com. See Also: Section 7.16 on page 102. 1 Open the Networking Setting > Content Filter. 2 Select Enable URL Filter. 3 Select Blacklist. 4 Click Add and configure a URL filter rule by selecting Active and entering www.example.com as the URL. 5 Click OK. HES-309M Series Users Guide 33 Chapter 4 Tutorials 6 Click Save. Open a browser from your computer in the WiMAX Devices LAN network, you should get an Access Violation message when you try to access to http://

www.example.com. You may also need to block the IP address of the website if you do not want users to access to the website through its IP address. 4.6 Configuring the MAC Address Filter This tutorial shows you how to use the MAC filter to block a DHCP clients access to hosts and to the WiMAX network. 34 HES-309M Series Users Guide 1 First of all, you have to know the MAC address of the computer. If not, you can look for the MAC address in the Network Setting > LAN > DHCP screen.

(192.168.100.3 mapping to 00:02:E3:53:16:95 in this example). Chapter 4 Tutorials 2 Click Security > Firewall > MAC Filter. Select Blacklist and click the Add button in the MAC Filter Rules table. HES-309M Series Users Guide 35 Chapter 4 Tutorials 3 An empty entry appears. Enter the computers MAC address in the Source MAC field and leave the other fields set to their defaults. Click Save. The computer will no longer be able to access any host on the WiMAX network through the WiMAX Device. 4.7 Setting Up NAT Port Forwarding Thomas recently received an Xbox 360 as his birthday gift. His friends invited him to play online games with them on Xbox LIVE. In order to communicate and play with other gamers on Xbox LIVE, Thomas needs to configure the port settings on his WiMAX Device. Xbox 360 requires the following ports to be available in order to operate Xbox LIVE correctly:

TCP: 53, 80, 3074 UDP: 53, 88, 3074 1 You have to know the Xbox 360s IP address first. You can check it through the Xbox 360 console. You may be able to check the IP address on the WiMAX Device if the WiMAX Device has assigned a DHCP IP address to the Xbox 360. Check the DHCP Leased Hosts table in the Network > LAN > DHCP screen. Look for the IP address for the Xbox 360. 36 HES-309M Series Users Guide 2 NAT mode is required to use port forwarding. Click Network Setting > WAN and make sure NAT is selected in the Operation Mode field. Click Save. Chapter 4 Tutorials 3 Click Network Setting > NAT > Port Forwarding and then click the first entry to edit the rule. 4 Configure the screen as follows to open TCP/UDP port 53 for the Xbox 360. Click OK. HES-309M Series Users Guide 37 Chapter 4 Tutorials 5 Repeat steps 2 and 3 to open the rest of the ports for the Xbox 360. The port forwarding settings you configured are listed in the Port Forwarding screen. 6 Click Save. Thomas can then connect his Xbox 360 to the Internet and play online games with his friends. In this tutorial, all port 80 traffic is forwarded to the Xbox 360, but port 80 is also the default listening port for remote management via WWW. If Thomas also wants to manage the WiMAX Device from the Internet, he has to assign an unused port to WWW remote access. Click Advanced > Remote MGMT. Enter an unused port in the Port field (81 in this example). Click Save. 38 HES-309M Series Users Guide Chapter 4 Tutorials 4.8 Access the WiMAX Device Using DDNS If you connect your WiMAX Device to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The WiMAX Devices WAN IP address changes dynamically. Dynamic DNS (DDNS) allows you to access the WiMAX Device using a domain name. http://mywimax.dyndns.org A a.b.c.d w.x.y.z To use this feature, you have to apply for DDNS service at www.dyndns.org. This tutorial covers:

Registering a DDNS Account on www.dyndns.org

Configuring DDNS on Your WiMAX Device

Testing the DDNS Setting Note: If you have a private WAN IP address (see Private IP Addresses on page 198), then you cannot use DDNS. 4.8.1 Registering a DDNS Account on www.dyndns.org 1 Open a browser and type http://www.dyndns.org. 2 Apply for a user account. This tutorial uses UserName1 and 12345 as the username and password. 3 Log into www.dyndns.org using your account. 4 Add a new DDNS host name. This tutorial uses the following settings as an example.

Hostname: mywimax.dyndns.org

Service Type: Host with IP address

IP Address: Enter the WAN IP address that your WiMAX Device is currently using. You can find the IP address on the WiMAX Devices Web Configurator Status page. Then you will need to configure the same account and host name on the WiMAX Device later. HES-309M Series Users Guide 39 Chapter 4 Tutorials 4.8.2 Configuring DDNS on Your WiMAX Device Configure the following settings in the Network Setting > DDNS screen. 1 Select Enable Dynamic DNS. 2 Select dyndns.org for the service provider. 3 Select Dynamic for the service type. 4 Type mywimax.dyndns.org in the Domain Name field. 5 Enter the user name

(UserName1) and password

(12345). 6 Select WAN IP for the IP update policy. 7 Click Save. 4.8.3 Testing the DDNS Setting Now you should be able to access the WiMAX Device from the Internet. To test this:

1 Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet. 2 3 Type http://mywimax.dyndns.org and press [Enter]. The WiMAX Devices login page should appear. You can then log into the WiMAX Device and manage it. 4.9 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the WiMAX Devices LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings. 40 HES-309M Series Users Guide Chapter 4 Tutorials In the following figure, router R is connected to the WiMAX Devices LAN. R connects to two networks, N1 (192.168.1.x/24) and N2 (192.168.10.x/24). If you want to send traffic from computer A (in N1 network) to computer B (in N2 network), the traffic is sent to the WiMAX Devices WAN default gateway by default. In this case, computer B will never receive the traffic. N1 A R N2 B You need to specify a static routing rule on the WiMAX Device to specify R as the router in charge of forwarding traffic to N2. In this case, the WiMAX Device routes traffic from computer A to R and then R routes the traffic to computer B. N1 A R N2 B HES-309M Series Users Guide 41 Chapter 4 Tutorials This tutorial uses the following example IP settings:

Table 8 IP Settings in this Tutorial DEVICE / COMPUTER The WiMAX Devices WAN The WiMAX Devices LAN A Rs IP address on N1 Rs IP address on N2 B IP ADDRESS 172.16.1.1 192.168.1.1 192.168.1.34 192.168.1.253 192.168.10.2 192.168.10.33 To configure a static route to route traffic from N1 to N2:

1 Click Network Setting > Route > Static Route. 2 Click Add to create a new route. 3 Configure the Edit Static Route screen using the following settings:

3a Enter 192.168.10.0 and subnet mask 255.255.255.0 for the destination, N2. 3b Enter 192.168.1.253 (Rs IP address on N1) in the IP Address field under Next Hop. 3a Click Save. Now computer B should be able to receive traffic from computer A. You may need to additionally configure Rs firewall settings to accept specific traffic to pass through. 42 HES-309M Series Users Guide Chapter 4 Tutorials 4.10 Remotely Managing Your WiMAX Device The remote management feature allows you to log into the device through the Internet. Goal: Set up the WiMAX Device to allow management requests from the WAN

(Internet). See Also: Section 9.3 on page 119. 1 Open the Maintenance > Remote MGMT > HTTP screen. 2 Select Enable in both HTTP Server and HTTPS Server sections and leave the Port Number settings as 80 and 443. 3 Select Allow Connection from WAN. This allows remote management connections not only from the local network but also the WAN network (Internet). 4 Click Save. HES-309M Series Users Guide 43 Chapter 4 Tutorials 44 HES-309M Series Users Guide PART II Technical Reference 45 46 CHAPTER 5 System Status 5.1 Overview Use this screen to view a summary of your WiMAX Device connection status. 5.2 System Status This screen allows you to view the current status of the device, system resources, and interfaces (LAN and WAN). Click System Status to open this screen as shown next. Figure 9 System Status HES-309M Series Users Guide 47 Chapter 5 System Status The following tables describe the labels in this screen. Table 9 Status LABEL System Information DESCRIPTION System Model Name Software Version Firmware Version Firmware Build Time Time Uptime This field displays the WiMAX Device system model name. It is used for identification. This field displays the Web Configurator version number. This field displays the current version of the firmware inside the device. This field shows the date the firmware version was created. This field displays the current system time. This field displays how long the WiMAX Device has been running since it last started up. System Resources Memory CPU WiMAX Device Status This field displays what percentage of the WiMAX Devices memory is currently used. The higher the memory usage, the more likely the WiMAX Device is to slow down. Some memory is required just to start the WiMAX Device and to run the web configurator. You can reduce the memory usage by disabling some services; by reducing the amount of memory allocated to NAT and firewall rules (you may have to reduce the number of NAT rules or firewall rules to do so); or by deleting rules in functions such as incoming call policies, speed dial entries, and static routes. This field displays what percentage of the WiMAX Devices CPU is currently used. The higher the CPU usage, the more likely the WiMAX Device is to slow down. This field displays the WiMAX Device current status for connecting to the selected base station. Scanning - The WiMAX Device is scanning for available base stations. Ready - The WiMAX Device has finished a scanning and you can connect to a base station. Connecting - The WiMAX Device attempts to connect to the selected base station. UMAC State Connected - The WiMAX Device has successfully connected to the selected base station. This field displays the status of the WiMAXconnection between the WiMAX Device and the base station. Network Search - The WiMAX Device is scanning for any available WiMAX connections. Disconnected - No WiMAX connection is available. Network Entry - A WiMAX connection is initializing. Normal - The WiMAX connection has successfully established. 48 HES-309M Series Users Guide Chapter 5 System Status Table 9 Status (continued) LABEL BSID DESCRIPTION This field displays the MAC address of the base station to which the device is connected. This field indicates the frequency the WiMAX Device is using. This field indicates the strength of the connection that the WiMAX Device has with the base station. This field indicates the relative quality of the link the WiMAX Device has with the base station. This field indicates the status of the WAN connection to the WiMAX Device. This field indicates the MAC address of the port making the WAN connection on the WiMAX Device. This field indicates the current IP address of the WiMAX Device in the WAN. Frequency Signal Strength Link Quality WAN Status MAC Address IP Address Subnet Mask This field indicates the current subnet mask on the WAN. Gateway This field indicates the IP address of the gateway to which the WiMAX Device is connected. This field indicates the Maximum Transmission Unit (MTU) between the WiMAX Device and the ISP servers to which it is connected. This field indicates the Domain Name Server (DNS) to which your WiMAX Device is connected. MTU DNS LAN MAC Address IP Address This field indicates the MAC address of the port making the LAN connection on the WiMAX Device. This field displays the current IP address of the WiMAX Device in the LAN. Subnet Mask This field displays the current subnet mask in the LAN. MTU This field indicates the Maximum Transmission Unit (MTU) between the WiMAX Device and the client devices to which it is connected. HES-309M Series Users Guide 49 Chapter 5 System Status 50 HES-309M Series Users Guide CHAPTER 6 WiMAX 6.1 Overview This chapter shows you how to set up and manage the connection between the WiMAX Device and your ISPs base stations. 6.1.1 What You Need to Know The following terms and concepts may help as you read through this chapter. WiMAX WiMAX (Worldwide Interoperability for Microwave Access) is the IEEE 802.16 wireless networking standard, which provides high-bandwidth, wide-range wireless service across wireless Metropolitan Area Networks (MANs). ZyXEL is a member of the WiMAX Forum, the industry group dedicated to promoting and certifying interoperability of wireless broadband products. In a wireless MAN, a wireless-equipped computer is known either as a mobile station (MS) or a subscriber station (SS). Mobile stations use the IEEE 802.16e standard and are able to maintain connectivity while switching their connection from one base station to another base station (handover) while subscriber stations use other standards that do not have this capability (IEEE 802.16-2004, for example). The following figure shows an MS-equipped notebook computer MS1 moving from base station BS1s coverage area and connecting to BS2. Figure 10 WiMax: Mobile Station HES-309M Series Users Guide 51 Chapter 6 WiMAX WiMAX technology uses radio signals (around 2 to 10 GHz) to connect subscriber stations and mobile stations to local base stations. Numerous subscriber stations and mobile stations connect to the network through a single base station (BS), as in the following figure. Figure 11 WiMAX: Multiple Mobile Stations A base stations coverage area can extend over many hundreds of meters, even under poor conditions. A base station provides network access to subscriber stations and mobile stations, and communicates with other base stations. The radio frequency and bandwidth of the link between the WiMAX Device and the base station are controlled by the base station. The WiMAX Device follows the base stations configuration. Authentication When authenticating a user, the base station uses a third-party RADIUS or Diameter server known as an AAA (Authentication, Authorization and Accounting) server to authenticate the mobile or subscriber stations. The following figure shows a base station using an AAA server to authenticate mobile station MS, allowing it to access the Internet. Figure 12 Using an AAA Server In this figure, the dashed arrow shows the PKM (Privacy Key Management) secured connection between the mobile station and the base station, and the solid arrow shows the EAP secured connection between the mobile station, the base station and the AAA server. See the WiMAX security appendix for more details. 52 HES-309M Series Users Guide Chapter 6 WiMAX Frequency Ranges The following figure shows the WiMAX Device searching a range of frequencies to find a connection to a base station. Figure 13 Frequency Ranges In this figure, A is the WiMAX frequency range. WiMAX frequency range refers to the entire range of frequencies the WiMAX Device is capable of using to transmit and receive (see the Product Specifications appendix for details). In the figure, B shows the operator frequency range. This is the range of frequencies within the WiMAX frequency range supported by your operator

(service provider). The operator range is subdivided into bandwidth steps. In the figure, each C is a bandwidth step. The arrow D shows the WiMAX Device searching for a connection. Have the WiMAX Device search only certain frequencies by configuring the downlink frequencies. Your operator can give you information on the supported frequencies. The downlink frequencies are points of the frequency range your WiMAX Device searches for an available connection. Use the Site Survey screen to set these bands. You can set the downlink frequencies anywhere within the WiMAX frequency range. In this example, the downlink frequencies have been set to search all of the operator range for a connection. Certification Authority A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. You can use the WiMAX Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority. HES-309M Series Users Guide 53 Chapter 6 WiMAX Certificate File Formats The certification authority certificate that you want to import has to be in one of these file formats:

Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates.

PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters, uppercase letters and numerals to convert a binary X.509 certificate into a printable form.

Binary PKCS#7: This is a standard that defines the general syntax for data

(including digital signatures) that may be encrypted. The WiMAX Device currently allows the importation of a PKS#7 file that contains a single certificate.

PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form. CINR Carrier to Interference-plus-Noise Ratio (CINR) measures the effectiveness of a wireless signal and plays an important role in allowing the WiMAX Device to decode signal burts. If a burst has a high signal strength and a high interference-

plus-noise ratio, it can use Digital Signal Processing (DSP) to decode it; if the signal strength is lower, it can switch to an alternate burst profile. RSSI Received Signal Strength Indicator (RSSI) measures the relative strength of a given wireless signal. This is important in determining if a signal is below the Clear-To-Send (CTS) threshold. If it is below the arbitrarily specified threshold, then WiMAX Device is free to transmit any data packets. EAP Authentication EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The WiMAX Device supports EAP-TLS and EAP-TTLS (at the time of writing, TTLS is not available in Windows Vista) . For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). Certificates (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. 54 HES-309M Series Users Guide Chapter 6 WiMAX 6.2 Connection Settings This screen allows you to configure how the WiMAX Device connects to the base stations on the WiMAX network. Click WiMAX > Profile > Connection Settings to open this screen as shown next. Figure 14 Connection Settings Screen This screen contains the following fields:

Table 10 Connection Settings LABEL DESCRIPTION Connection Option Settings Auto Reconnect Auto Connect Mode Select the interval in seconds that the WiMAX Device waits after getting disconnected from the base station before attempting to reconnect. Select the auto connect mode.

By channel power - Auto connects to the base station if the signal strength of the channel is sufficient for the WiMAX Device.

By CINR - Auto connects to the base station if the signal-to-noise ratio is sufficient for the WiMAX Device. Enable Handover Enable Idle Mode Idle Mode Interval Select this to maintain connectivity while the WiMAX Device switches its connection from one base station to another base station. Select this to have the WiMAX Device enter the idle mode after it has no traffic passing through for a pre-defined period. Make sure your base station also supports this before selecting this. Set the idle duration in minutes. This is how long the WiMAX Device waits during periods of no activity before going into idle mode. HES-309M Series Users Guide 55 Chapter 6 WiMAX Table 10 Connection Settings (continued) LABEL DESCRIPTION Set the refresh interval in milliseconds for calculating the signal-to-

noise measurement (CINR) and signal strength measurement (RSSI) of the WiMAX Device. Enter the Low Data Rate Protection (LDRP) time in milliseconds. If the uplink/downlink data rate is smaller than the LDRP time, the WiMAX Device sends a disconnect request to the base station. Enter the outgoing data rates for LDRP in bytes per second. Enter the incoming data rates for LDRP in bytes per second. CINR & RSSI Refresh Interval LDRP (Low Data Rate Protection) LDRP TX Rate LDRP RX Rate Connection Type Settings Mode Select Select how the WiMAX Device connects to the base station.

Auto Connect Mode - The device connects automatically to the first base station in range.

Network Search Mode - The device scans for available base stations then connects to the best one it can. BSID This displays the MAC address of a base station within range of the WiMAX Device. Preamble ID The preamble ID is the index identifier in the header of the base stations broadcast messages. In the beginning of a mobile stationss network entry process, it searches for the preamble and uses it to additional channel information. The preamble ID is used to synchronize the upstream and downstream transmission timing with the base station. This field displays the radio frequency of the WiMAX Devices connection to the base station. This field displays the bandwidth of the base station in megahertz

(MHz). This field displays the Received Signal Strength Indication (RSSI), which is an overal measurement of radio signal strength. A higher RSSI level indicates a stronger signal. This field displays the average Carrier to Interference plus Noise Ratio for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal. Click this to have the WiMAX Device scan for base stations. Frequency

(MHz) Bandwidth

(MHz) RSSI (dBm) CINR (dB) R3/R1 Search 56 HES-309M Series Users Guide Chapter 6 WiMAX 6.3 Frequency Settings Use this screen to have the WiMAX Device to scan one or more specific radio frequencies (given by your WiMAX service provider) to find available connections to base stations. Click WiMAX > Profile > Frequency Settings to open this screen as shown next. Figure 15 Frequency Settings Screen (By List) A B Figure 16 Frequency Settings Screen (By Range) A B HES-309M Series Users Guide 57 Chapter 6 WiMAX This screen contains the following fields:

Table 11 Frequency Settings DESCRIPTION LABEL Setting Type Select whether to scan base stations by entering specific frequency(-

ies) (By List) or a range of frequencies (By Range). Note: When you select By Range, you can only configure one range of frequencies in this screen. To configure multiple frequency ranges, use the WiMAX > Wide Scan screen. Note: Some settings in this screen are only available depending on the Setting Type selected. Join Wide Scan Result The scanning result of the frequency to scan you configured in this screen will be shown in the WiMAX > Connect screen. Select this option to determine whether to also append the wide scanning result

(configured in the WiMAX > Wide Scan screen) to the same table. Select the default bandwidth (size) per frequency band you specify in table A. Default Bandwidth A (When By List is selected in the Setting Type field) Frequency

(KHz) This displays the center frequency of an frequency band in kilohertz

(KHz). Click the number to modify it. Bandwidth

(MHz) Enter the center frequency in this field when you are adding an entry. This displays the bandwidth of the frequency band in megahertz (MHz). If you set a center frequency to 3400000 KHz with the bandwidth of 10 MHz, then the frequency band is from 3300500 to 3400500 KHz. Click the number to modify it. Enter the bandwidth of the frequency band in this field when you are adding an entry. Click this button to remove an item from the list. Click this button to add an item to the list. Click this button to save any changes made to the list. Delete Add OK A (When By Range is selected in the Setting Type field) Start Frequency

(KHz) End Frequency

(KHz) Step (KHz) Bandwidth

(MHz) This indicates the beginning of a frequency band in kilohertz (KHz). Click this field to modify it. Enter the beginning frequency when you are adding an entry. This indicates the end of the frequency band in kilohertz (KHz). Click this field to modify it. This indicates the frequency step within each band in kilohertz (KHz). Click this field to modify it. This indicates the bandwidth in megahertz (MHz). Click this field to modify it. 58 HES-309M Series Users Guide Chapter 6 WiMAX Table 11 Frequency Settings (continued) LABEL OK DESCRIPTION Click this button to save any changes made to the list. Valid Band Info (B) This table displays the entire frequency band the WiMAX Device supports. The frequenc(ies) to scan that you configured in table A must be within this range. Band Start

(KHz) Band End

(KHz) This indicates the beginning of the frequency band in kilohertz (KHz). This indicates the end of the frequency band in kilohertz (KHz). HES-309M Series Users Guide 59 Chapter 6 WiMAX 6.4 Authentication Settings These settings allow the WiMAX Device to establish a secure (authenticated) connection with the service provider. Click WiMAX > Profile > Authentication Settings to open this screen as shown next. Figure 17 Authentication Settings Screen 60 HES-309M Series Users Guide This screen contains the following fields:

Chapter 6 WiMAX Table 12 Authentication Settings LABEL Authentication Mode DESCRIPTION Select the authentication mode from the list. The WiMAX Device supports the following authentication modes:

No authentication

User authentication

Device authentication

User and device authentication Data Encryption AES-CCM AES-CBC Key Encryption AES-key wrap AES-ECB EAP Supplicant Select this to enable AES-CCM encryption. CCM combines counter-mode encryption with CBC-MAC authentication. Select this to enable AES-CBC encryption. CBC creates message authentication code from a block cipher. Select this encapsulate cryptographic keys in a symmetric encryption algorithm. Select this to divide cryptographic keys into blocks and encrypt them separately. EAP Mode Select an Extensible Authentication Protocol (EAP) mode. The WiMAX Device supports the following:

EAP-TLS - In this protocol, digital certifications are needed by both the server and the wireless clients for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the senders identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead.

EAP-TTLS - This protocol is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. Enter the anonymous ID used for EAP supplicant authentication. Browse for and choose a server root certificate file, if required. This field displays information about the assigned server root certificate. Browse for and choose a device certificate file, if required. This field displays information about the assigned device certificate. Anonymous ID Server Root CA Cert File Server Root CA Info Device Cert File Device Cert Info HES-309M Series Users Guide 61 Chapter 6 WiMAX Table 12 Authentication Settings (continued) LABEL DESCRIPTION Browse for and choose a device private key, if required. Device Private Key Device Private Key Info Device Private Key Password Inner Mode This field displays information about the assigned device private key. Enter the device private key, if required. Sets the EAP-TTLS inner mode. The WiMAX Device supports the following:

MS-CHAP v2 - This is version 2 of Microsofts variant of Challenge Handshake Authentication Protocol (CHAP). It allows for mutual authentication between devices.

MS-CHAP - This is Microsofts variant of Challenge Handshake Authentication Protocol (CHAP). It allows for mutual authentication between devices.

CHAP - The Challenge Handshake Authentication Protocol (CHAP) uses PPP to authenticate remote devices using a three-way handshake and shared secret verification.

MD5 - Message-Digest, algorithm 5, (MD5) encryption is typically used for checking file integrity. Because this encryption protocol contains a number of serious security flaws it is generally not recommended that you use it for authentication security.

PAP - Password Authentication Protocol uses unencrypted plaintext to send a passwords for authentication over the network. Its probably not a good idea to rely on this for security. Username Password Enter the username required for the EAP-TTLS inner method. Enter the password required for the EAP-TTLS inner method. Options Enable Auth Mode Decoration in EAP Outer ID Enable Service Mode Decoration in EAP Outer ID Random Outer ID Ignore Cert Verification Same EAP OuterID in ReAuth MAC address in EAP-TLS outer Id Select this to enable authentication mode. Select this to enable service mode. Select this to allow the WiMAX Device to generate a 16-byte random number as a username for the EAP Identity Response message. Select this to ignore base station certification verification when a certificate is received during EAP-TLS or EAP-TTLS. Select this to use the same EAP to the outer ID when reauthenticating. Adds the MAC address of the WiMAX Device to the outer ID while the EAP mode is set to EAP-TLS. 62 HES-309M Series Users Guide Chapter 6 WiMAX Table 12 Authentication Settings (continued) LABEL DESCRIPTION Select this to delete an existing root certificate file from the WiMAX Device. Select this to delete an existing device certificate file from the WiMAX Device. Select this to delete an existing private key from the WiMAX Device. Delete existed Root Certificate file Delete existed Device Certificate file Delete existed Private Key 6.5 Connect This screen allows you to view the available WiMAX frequency band(s) and base station(s) the WiMAX Device found through scanning and choose a base station to which to connect. Click WiMAX > Connect to open this screen as shown next. Figure 18 Connect Screen HES-309M Series Users Guide 63 Chapter 6 WiMAX This screen contains the following fields:

Table 13 Connect LABEL Applied Frequency Information DESCRIPTION This table shows the scanning result you made in the WiMAX > Profile > Frequency Settings and WiMAX > Wide Scan screens. Note: You cannot see the wide scanning result that you made in WiMAX > Wide Scan screen if the Join Wide Scan Result is set to No in the WiMAX >

Profile > Frequency Settings screen. Frequency

(KHz) Bandwidth

(MHz) This field displays the available center frequency of a frequency band in kilohertz (KHz). This field displays the bandwidth of the frequency band in megahertz

(MHz). Available Network List Connected Mode Select a connect mode:

Auto Connect Mode - This allows the WiMAX Device to connect to any of the base stations on the list automatically.

Network Search Mode - This allows the WiMAX Device to connect to a user-specified base station. Select this option, choose a base station, click Connect. Connect Disconnect BSID Preamble ID This field displays the preamble ID. Click this to connect to the selected base station. Click this to disconnect from the selected base station. This field displays the base station MAC address. The preamble ID is the index identifier in the header of the base stations broadcast messages. In the beginning of a mobile stationss network entry process, it searches for the preamble and uses it to additional channel information. The preamble ID is used to synchronize the upstream and downstream transmission timing with the base station. This field displays the center frequency the base station uses in kilohertz (KHz). This field displays the frequency band bandwidth the base station uses in megahertz (MHz). This field displays the Received Signal Strength Indication (RSSI), which is an overal measurement of radio signal strength. A higher RSSI level indicates a stronger signal. This field displays the average Carrier to Interference plus Noise Ratio for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal. Click this to have the WiMAX Device scan for base stations in the frequency band(s) listed in the Applied Frequency Information table. Frequency

(MHz) Bandwidth

(MHz) RSSI (dBm) CINR (dB) R3/R1 Search Connected BS Info 64 HES-309M Series Users Guide Chapter 6 WiMAX Table 13 Connect (continued) LABEL DESCRIPTION This field displays the WiMAX Device current status for connecting to the selected base station. Device Status Scanning - The WiMAX Device is scanning for available base stations. Ready - The WiMAX Device has finished scanning and you can connect to a base station. Connecting - The WiMAX Device attempts to connect to the selected base station. UMAC State Connected - The WiMAX Device has successfully connected to the selected base station. This field displays the status of the WiMAXconnection between the WiMAX Device and the base station. Network Search - The WiMAX Device is scanning for any available WiMAX connections. Disconnected - No WiMAX connection is available. Network Entry - A WiMAX connection is initializing. BSID Frequency

(MHz) RSSI (dBm) CINR (dB) Normal - The WiMAX connection has been successfully established. This field displays the MAC address of the base station to which the WiMAX Device is connected. This field displays the frequency the base station uses in megahertz

(MHz). This field displays the Received Signal Strength Indication (RSSI), which is an overal measurement of radio signal strength. A higher RSSI level indicates a stronger signal. This field displays the average Carrier to Interference plus Noise Ratio for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal. HES-309M Series Users Guide 65 Chapter 6 WiMAX 6.6 Wide Scan This screen allows you to discover base stations by entering one or more frequency ranges and bandwidth on which to scan. Click WiMAX > Wide Scan to open this screen as shown next. Figure 19 Wide Scan Screen This screen contains the following fields:

Table 14 Wide Scan LABEL Wide Scan Settings DESCRIPTION Auto Wide Scan Use this to enable (Yes) or disable (No) automatically scanning for base stations. Wide Scan Range Start Frequency

(KHz) End Frequency

(KHz) Step (KHz) Bandwidth

(MHz) Delete Add OK Wide Scan Result Enter the start frequency in kilohertz (KHz) for a wide scan range. Enter the end frequency in kilohertz (KHz) for a wide scan range. Enter the step increment in kilohertz (KHz) that the wide scan jumps each time it scans between the start and end frequencies. Enter the frequency bandwidth to be scanned. Click this to remove a range of frequencies from the wide scan range list. Click this to add a range of frequencies to the wide scan range list. Click this so save any changes to the wide scan range list. This table displays the available frequency band(s) found through the wide scan. 66 HES-309M Series Users Guide Chapter 6 WiMAX Table 14 Wide Scan (continued) LABEL DESCRIPTION This field displays the frequency in kilohertz (KHz). Frequency

(KHz) Bandwidth

(MHz) Search Clear This field displays the bandwidth in megahertz (MHz). Click this to initiate a wide scan. Click this to clear the wide scan results. 6.7 Link Status This screen provides a general overview of the current WiMAX connection with the service provider. Click WiMAX > Link Status to open this screen as shown next. Figure 20 Link Status Screen This screen contains the following fields:

Table 15 Link Status LABEL Profile BSID RSSI CINR R3 CINR R1 DESCRIPTION This field displays the profile name. This field displays the MAC address of the base station to which the WiMAX Device is currently connected. This field displays the Received Signal Strength Indication (RSSI), which is an overal measurement of radio signal strength. A higher RSSI level indicates a stronger signal. This field displays the average Carrier to Interference plus Noise Ratio

(R3) for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal. This field displays the average Carrier to Interference plus Noise Ratio

(R1) for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal. HES-309M Series Users Guide 67 Chapter 6 WiMAX Table 15 Link Status (continued) LABEL CINR Std Dev DESCRIPTION This field displays the average Carrier to Interference plus Noise Ratio

(Std Dev) for the current connection. This value is an indication of overal radio signal quality, where a higher value means a better quality signal. This field displays the frequency in kilohertz (KHz). This field displays the transmission power of the WiMAX Device in dBm. This field displays the Uplink Modulation and Coding Sequence (UL MCS). This field displays the Downlink Modulation and Coding Sequence (DL MCS). Frequency TX Power UL MCS DL MCS RF Temperature This field displays the temperature of the WiMAX Devices RF circuit. 68 HES-309M Series Users Guide Chapter 6 WiMAX 6.8 Link Statistics This screen provides a detailed overview of the current WiMAX connection with the service provider.. Click WiMAX > Link Statistics to open this screen as shown next. Figure 21 Link Statistics Screen This screen contains the following sections:

Table 16 Link Statistics LABEL Link HARQ TX/RX MCS DESCRIPTION This section provides a detailed overview of link statistics. This section provides a detailed overview of Hybrid Automatic Repeat Request link statistics. This section provides a detailed overview of transmission and receiving link statistics. This section provides a detailed overview of Modulation and Coding Sequence (MCS) link statistics HES-309M Series Users Guide 69 Chapter 6 WiMAX 6.9 Connection Info This screen displays all of the connections made through the WiMAX device since its last reboot. Click WiMAX > Connection Info to open this screen as shown next. Figure 22 Connection Info Screen This screen contains the following fields:

Table 17 Connection Info LABEL Active Connection CID Connection Type DESCRIPTION This displays the unique, unidirectional 16-bit Connection Identifier

(CID) for an active connection. This displays the type of connection. 6.10 Service Flow This screen displays data priority information for all of the connections made through the WiMAX device since its last reboot. Click WiMAX > Service Flow to open this screen as shown next. Figure 23 Service Flow Screen This screen contains the following fields:

Table 18 Service Flow LABEL SFID SF Status SF Direction DESCRIPTION This displays a 32-bit service flow identifier. This display the service flow status. This displays the service flow direction. 70 HES-309M Series Users Guide 6.11 Buzzer Chapter 6 WiMAX This screen allows you to enable or disable the WiMAX Devices buzzer. See Section 1.2.1 on page 18 for a description of buzzer states. Click WiMAX > Buzzer to open this screen as shown next. Figure 24 Buzzer Screen This screen contains the following fields:

Table 19 Buzzer LABEL Enable Buzzer DESCRIPTION Select this to enable the buzzer. Whenever a connection is made to a WiMAX signal, the device emits a small buzz. HES-309M Series Users Guide 71 Chapter 6 WiMAX 72 HES-309M Series Users Guide CHAPTER 7 Network Settings 7.1 Overview This chapter shows you how to configure the WiMAX Devices network settings. 7.1.1 What You Need to Know The following terms and concepts may help as you read through this chapter. IP Address IP addresses identify individual devices on a network. Every networking device

(including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet Masks Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your WiMAX Device an IP address, subnet mask, DNS and other routing information when its turned on. HES-309M Series Users Guide 73 Chapter 7 Network Settings DNS Server Address DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask. There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your ISP gives you the DNS server addresses, enter them in the DNS Server fields; otherwise, leave them blank. Some ISPs choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The WiMAX Device supports the IPCP DNS server extensions through the DNS proxy feature. If the Primary and Secondary DNS Server fields are not specified, for instance, left as 0.0.0.0, the WiMAX Device tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the WiMAX Device, the WiMAX Device forwards the query to the real DNS server learned through IPCP and relays the response back to the computer. Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses. This way, the WiMAX Device can pass the DNS servers to the computers and the computers can query the DNS server directly without the WiMAX Devices intervention. RIP Setup RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to:

RX/TX - the WiMAX Device will broadcast its routing table periodically and incorporate the RIP information that it receives.

RX Only - the WiMAX Device will not send any RIP packets but will accept all RIP packets received.

TX Only - the WiMAX Device will send out RIP packets but will not accept any RIP packets received.

None - the WiMAX Device will not send any RIP packets and will ignore any RIP packets received. 74 HES-309M Series Users Guide Chapter 7 Network Settings The Version field controls the format and the broadcasting method of the RIP packets that the WiMAX Device sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Port Forwarding A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world. With port forwarding, you can forward incoming service requests to the server(s) on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. In addition to the servers for specified services, NAT supports a default server. A service request that does not have a server explicitly designated for it is forwarded to the default server. If the default is not defined, the service request is simply discarded. For example, let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 25 Multiple Servers Behind NAT Example HES-309M Series Users Guide 75 Chapter 7 Network Settings Trigger Ports Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address, Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The WiMAX Device records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a "trigger" port). When the WiMAX Device's WAN port receives a response with a specific port number and protocol

("incoming" port), the WiMAX Device forwards the traffic to the LAN IP address of the computer that sent the request. After that computers connection for that service closes, another computer on the LAN can use the service in the same manner. This way you do not need to configure a new IP address each time you want a different LAN computer to use the application. ALG Some applications, such as SIP, cannot operate through NAT (are NAT un-friendly) because they embed IP addresses and port numbers in their packets data payload. Some NAT routers may include a SIP Application Layer Gateway (ALG). An Application Layer Gateway (ALG) manages a specific protocol (such as SIP, H.323 or FTP) at the application layer. A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream. UPnP Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use. How do I know if I'm using UPnP?

UPnP hardware is identified as an icon in the Network Connections folder

(Windows XP). Each UPnP compatible device installed on your network will appear as a separate icon. Selecting the icon of a UPnP device will allow you to access the information and properties of that device. 76 HES-309M Series Users Guide Chapter 7 Network Settings NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate through NAT. UPnP network devices can automatically configure network addressing, announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following:

Dynamic port mapping

Learning public IP addresses

Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. UPnP and ZyXEL ZyXEL has received UPnP certification from the official UPnP Forum (http://

www.upnp.org). ZyXEL's UPnP implementation supports IGD 1.0 (Internet Gateway Device). The WiMAX Device only sends UPnP multicasts to the LAN. Content Filter Internet content filtering allows you to create and enforce Internet access policies tailored to their needs. Content filtering is the ability to block certain specific URL keywords. HES-309M Series Users Guide 77 Chapter 7 Network Settings 7.2 WAN Use these settings to configure the WAN connection between the WiMAX Device and the service provider. Click Network Setting > WAN to open this screen as shown next. Figure 26 WAN Screen 78 HES-309M Series Users Guide Chapter 7 Network Settings This screen contains the following fields:

Table 20 WAN LABEL Operation Mode Select the WiMAX Devices operational mode. DESCRIPTION

Bridge - This puts the WiMAX Device in bridge mode, acting as a transparent middle man between devices on the LAN and the devices on the WAN.

NAT - This allows the WiMAX Device to tag frames for NAT, allowing devices on the LAN to use their own internal IP addresses while communicating with devices on the WAN. WAN Protocol Select the protocol the WiMAX Device uses to connect to the WAN. The options are:

Ethernet - Select this if you have a persistent connection to the network.

PPPoE - Select this if must log into the network before initiating a persistent connection.

GRE Tunnel - Select this if you connect to the network using Point-

to-Point Protocol to create VPNs.

EtherIP - Select this if you need to tunnel Ethernet and IEEE 802.3 MAC frames across an IP Internet. Bridging LAN ARP Get IP Method This option enables or disables allow ARP requests to cross the WiMAX Device. Select how the WiMAX Device receives its IP address.

User - Select this to manually enter the IP address the WiMAX Device uses.

From ISP - Select to automatically get the IP address the WiMAX Device uses from the ISP. WAN IP Request Timeout WAN IP Address If the WiMAX Device gets its IP from the user, enter the IP address it is Enter the number of seconds the WiMAX Device waits for an IP from the ISP before it times out. WAN IP Subnet Mask Gateway IP Address MTU to use. If the WiMAX Device gets its IP from the ISP, enter the IP address it is to use. If the WiMAX Device gets its gateway IP address from the user, enter the IP address it is to use. Enter the Maximum Transmission Unit (MTU) for the WiMAX Device. This is the largest protocol unit that the WiMAX Device allows to pass through it. HES-309M Series Users Guide 79 Chapter 7 Network Settings Table 20 WAN (continued) LABEL Clone MAC Address First~Third DNS Server 7.3 PPPoE DESCRIPTION Enter a MAC address here for registering bridged devices on the network if their current MAC addresses are causing problems. For example, this can happen when a desktop computer swaps network interface cards; the original NIC may have used its MAC address to register itself on the network and now the new NIC is unrecognized. Using a MAC address that you know is valid, i.e. a clone, allows that device to stay registered. Select how the WiMAX Device acquires its DNS server address.

From ISP - Select this to have the WiMAX Device acquire its DNS server address from the ISP.

User Define - Select this to manually enter the DNS server used by the WiMAX Device. Use these settings to configure the PPPoE connection between the WiMAX Device and the service provider. Click Network Setting > WAN > PPPoE Figure 27 PPPoE Screen 80 HES-309M Series Users Guide This screen contains the following fields:

Chapter 7 Network Settings Table 21 PPPoE LABEL User Name Password Retype Password Auth Protocol DESCRIPTION Enter the username for PPPoE login into the WAN network. Enter the password for PPPoE login into the WAN network. Retype the password to confirm it. Select a PPPoE authentication protocol. The WiMAX Device supports the following:

CHAP - The Challenge Handshake Authentication Protocol (CHAP) uses PPP to authenticate remote devices using a three-way handshake and shared secret verification.

PAP - Password Authentication Protocol uses unencrypted plaintext to send a passwords for authentication over the network. Its probably not a good idea to rely on this for security.

MS-CHAP v1/2 -This is Microsofts variant of Challenge Handshake Authentication Protocol (CHAP). It allows for mutual authentication between devices. Use this option to enable or disable authentication. Enter the number of second the WiMAX Device waits during authentication before timing out. Enter the access concentrator name for the PPPoE interface if your ISP uses an AC PPPoE service. Use this option to allow or disallow the WiMAX Device to overwrite DNS static DNS entries on client devices. Use this option to allow or disallow the WiMAX Device to use the Microsoft Point-To-Point Encryption (MPPE) protocol for stateful peer negotiation. Set whether the WiMAX Device is persistently connected to the WAN

(AlwaysOn) or you must click the PPPoE Connect button each time you want to get on the WAN (Manual). Enter in seconds the duration the WiMAX Device waits for idle activity before disconnecting from the WAN. Click this to connect to the WAN using PPPoE. Click this to disconnect from the WAN. Encryption Idle Timeout AC Name DNS Overwrite MPPE_Stateful Connection Trigger Connection Timeout PPPoE Connect PPPoE Disconnect HES-309M Series Users Guide 81 Chapter 7 Network Settings 7.4 GRE Use these settings to configure the peer setting of the Generic Routing Encapsulation (GRE) tunnel between the WiMAX Device and another GRE peer. Click Network Setting > WAN > GRE to open this screen as shown next. Figure 28 GRE Screen This screen contains the following fields:

Table 22 GRE LABEL Peer IP Address Enter the IP address of the GRE peer. DESCRIPTION 7.5 EtherIP Use these settings to configure the peer setting of the EtherIP tunnel between the WiMAX Device and another EtherIP peer. Click Network Setting > WAN > EtherIP to open this screen as shown next. Figure 29 EtherIP Screen This screen contains the following fields:

Table 23 EtherIP LABEL Peer IP Address Enter the IP address of the EtherIP peer. DESCRIPTION 82 HES-309M Series Users Guide Chapter 7 Network Settings 7.6 IP Use these settings to configure the LAN connection between the WiMAX Device and your local network. Click Network Setting > LAN > IP to open this screen as shown next. Figure 30 IP Screen This screen contains the following fields:

Table 24 IP LABEL IP address IP Subnet Mask Enter the IP subnet maks of the LAN interface for the WiMAX Device. DESCRIPTION Enter the IP address of the LAN interface for the WiMAX Device. HES-309M Series Users Guide 83 Chapter 7 Network Settings 7.7 DHCP Use these settings to configure whether the WiMAX Device functions as a DHCP server for your local network, or a DHCP relay between the local network and the service provider. You can also disable the DHCP functions. Click Network Setting > LAN > DHCP to open this screen as shown next. Figure 31 DHCP Screen This screen contains the following fields:

Table 25 DHCP LABEL DHCP Server DHCP Mode DESCRIPTION Select this if you want the WiMAX Device to be the DHCP server on the LAN. As a DHCP server, the WiMAX Device assigns IP addresses to DHCP clients on the LAN and provides the subnet mask and DNS server information.

None - This disables DHCP mode for the WiMAX Device.

Server - This sets the WiMAX Device as a DHCP server for the LAN.

Relay - This sets the WiMAX Device as a DHCP relay for the LAN, allowing it to pass-through IP addresses assigned to LAN devices from the ISP servers. 84 HES-309M Series Users Guide Chapter 7 Network Settings Table 25 DHCP (continued) LABEL Start IP End IP Lease Time DESCRIPTION Enter the start IP address from which the WiMAX Device begins allocating IP addresses. Enter the end IP address at which the WiMAX Device ceases allocating IP addresses. Enter the duration in minutes that devices on the LAN retain their DHCP-issued IP addresses. At the end of the lease time, they poll the WiMAX Device for a renewed or replacement IP. Enter the name of the IP address to be used. Relay IP DNS Server Assigned by the DHCP Server First~Third DNS Server Select how the WiMAX Device acquires its DNS server address.

None - Select this to not use a DNS server.

From ISP - Select this to have the WiMAX Device acquire its DNS server address from the ISP.

User Define - Select this to manually enter the DNS server used by the WiMAX Device. Static DHCP MAC Address IP Address Add OK This field displays the MAC address of the static DHCP client connected to the WiMAX Device. This field displays the IP address of the static DHCP client connected to the WiMAX Device. Click this to add a new static DHCP entry. Click this to save any changes made to this list. DHCP Leased Hosts MAC Address IP Address Remaining Time Refresh This displays the MAC address of the DHCP leased host. This displays the IP address of the DHCP leased host. This displays the how much time is left on the hosts lease. Click this to refresh the list. 7.8 Static Route Use these settings to create fixed paths through the network. Click Network Setting > Route > Static Route to open this screen as shown next. Figure 32 Static Route Screen HES-309M Series Users Guide 85 Chapter 7 Network Settings This screen contains the following fields:

Table 26 Static Route LABEL Destination Subnet Mask Next Hop Metric Add DESCRIPTION This field displays the destination IP address of the static route. This field displays the subnet mask of the static route. This field displays next hop information of the static route. This field displays the static route metric. Click this to add a new static route to the list. 7.9 RIP Use these settings to configure how the WiMAX Device exchanges information with other routers. Click Network Setting > Route > RIP to open this screen as shown next. Figure 33 RIP Screen 86 HES-309M Series Users Guide Chapter 7 Network Settings This screen contains the following fields:

Table 27 RIP LABEL General Setup Enable Redistribute Active Type Metric Edit OK LAN Direction Version Authentication Authentication ID Authentication Key WAN Direction Version Authentication Authentication ID Authentication Key DESCRIPTION Select this to enable RIP on the WiMAX Device. This indicates whether a route is being redistributed. This indicates what type of route is being redistributed. This indicates the metric that is being used for redistribution. Click this to edit a selected route. Click this to save any changes to the redistribution table. Set the LAN network direction to use with RIP. Set the RIP version to use. Use this option to enable or disable RIP authentication. Enter the authentication ID to use for RIP authentication. Enter the authentication key to use for RIP authentication. Set the WAN network direction to use with RIP. Set the RIP version to use. Use this option to enable or disable RIP authentication. Enter the authentication ID to use for RIP authentication. Enter the authentication key to use for RIP authentication. 7.10 Port Forwarding Use these settings to forward incoming service requests to the ports on your local network. Note: Make sure you did not configure a DMZ host in the Network Setting > NAT >

DMZ screen if you want to make the settings of this screen work. HES-309M Series Users Guide 87 Chapter 7 Network Settings Click Network Setting > NAT > Port Forwarding to open this screen as shown next. Figure 34 Port Forwarding Screen This screen contains the following fields:

Table 28 Port Forwarding LABEL Active Name Protocol Incoming Port(s) DESCRIPTION This indicates whether the port forwarding rule is active or not. The displays the name of the port forwarding rule. This displays the protocol to which the port forwarding rule applies. Start Port End Port This displays the starting port number for incoming traffic for the port forwarding rule. This displays the ending port number for incoming traffic for the port forwarding rule. Forward Port(s) Start Port End Port Server IP Delete Wizard Add OK This field displays the beginning of the range of port numbers forwarded by this rule. This field displays the end of the range of port numbers forwarded by this rule. If it is the same as the Start Port, only one port number is forwarded. This displays the IP address of the server to which packet for the selected port(s) are forwarded. Click this to delete a specified rule. Click this to open the port forwarding wizard. Click this to add a new port forwarding rule. Click this to save any changes made to the port forwarding list. 88 HES-309M Series Users Guide Chapter 7 Network Settings 7.10.1 Port Forwarding Wizard Use this wizard to set up a port forwarding rule for incoming service requests to the ports on your local network. Click Network Setting > NAT > Port Forwarding > Wizard to open this screen as shown next. Figure 35 Port Forwarding Wizard Screen This screen contains the following fields:

DESCRIPTION Select this to make this port forwarding rule active. Select the type of port forwarding rule. Table 29 Port Forwarding Wizard LABEL Active Port Forward Rule Rule Name Protocol Incoming Start Port Incoming End Port Forwarding Start Port Forwarding End Port Server IP Enter a name for the port forwarding rule. Select the port forwarding protocol. Enter the starting port number for incoming traffic for the port forwarding rule. Enter the ending port number for incoming traffic for the port forwarding rule. Enter the starting port number for forwarded traffic for the port forwarding rule. Enter the ending port number for forwarded traffic for the port forwarding rule. Enter the port forwarding server IP address. HES-309M Series Users Guide 89 Chapter 7 Network Settings 7.11 Port Trigger Use these settings to automate port forwarding and allow computers on local network to provide services that would normally require a fixed address on the local network. Click Network Setting > NAT > Port Trigger to open this screen as shown next. Figure 36 Port Trigger Screen This screen contains the following fields:

DESCRIPTION This indicates whether the port trigger rule is active or not. The displays the name of the port trigger rule. Table 30 Port Trigger LABEL Active Name Trigger Protocol This displays the protocol to which the port trigger rule applies. Trigger Port(s) Start / End Port This displays the start / end trigger port for the port trigger rule. Click Add to create a new, empty rule, then enter the incoming port number or range of port numbers you want to forward to the IP address the WiMAX Device records. To forward one port number, enter the port number in the Start Port and End Port fields. To forward a range of ports,

enter the port number at the beginning of the range in the Start Port field

enter the port number at the end of the range in the End Port field. If you want to delete this rule, click the Delete icon. This indicates which protocol is used to open the port trigger ports. Open Protocol Open Port(s) 90 HES-309M Series Users Guide Chapter 7 Network Settings Table 30 Port Trigger (continued) LABEL Start / End Port DESCRIPTION This displays the start / end open port for the port trigger rule. Click Add to create a new, empty rule, then enter the outgoing port number or range of port numbers that makes the WiMAX Device record the source IP address and assign it to the selected incoming port number(s). To select one port number, enter the port number in the Start Port and End Port fields. To select a range of ports,

enter the port number at the beginning of the range in the Start Port field

enter the port number at the end of the range in the End Port field. Delete Wizard Add OK If you want to delete this rule, click the Delete icon. Click this to delete a specified rule. Click this to open the port trigger wizard. Click this to add a new port trigger rule. Click this to save any changes made to the port trigger list. 7.11.1 Port Trigger Wizard Use the wizard to create a port trigger rules that will allow the WiMAX Device to to automate port forwarding and allow computers on local network to provide services that would normally require a fixed address on the local network. Click Network Setting > NAT > Port Trigger > Wizard Figure 37 Port Trigger Wizard Screen HES-309M Series Users Guide 91 Chapter 7 Network Settings This screen contains the following fields:

Table 31 Port Trigger Wizard DESCRIPTION LABEL Active Select this to make this port trigger rule active. Select the type of port trigger rule. Port Trigger Rule Enter a name for the port trigger rule. Rule Name Trigger Protocol Select the type of port trigger protocol. Trigger Start Port Trigger End Port Enter the port trigger end port. Open Protocol Open Start Port Select the starting open port for the port trigger rule. Open End Port Enter the port trigger start port. Select the type of open protocol for the port trigger rule. Select the ending open port number for the port trigger rule. 7.11.2 Trigger Port Forwarding Example The following is an example of trigger port forwarding. In this example, J is Janes computer and S is the Real Audio server. Figure 38 Trigger Port Forwarding Example 1 2 3 4 Jane requests a file from the Real Audio server (port 7070). Port 7070 is a trigger port and causes the WiMAX Device to record Janes computer IP address. The WiMAX Device associates Jane's computer IP address with the "incoming" port range of 6970-7170. The Real Audio server responds using a port number ranging between 6970-7170. The WiMAX Device forwards the traffic to Janes computer IP address. 92 HES-309M Series Users Guide Chapter 7 Network Settings 5 Only Jane can connect to the Real Audio server until the connection is closed or times out. The WiMAX Device times out in three minutes with UDP (User Datagram Protocol), or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol). Two points to remember about trigger ports:

1 2 Trigger events only happen on data that is coming from inside the WiMAX Device and going to the outside. If an application needs a continuous data stream, that port (range) will be tied up so that another computer on the LAN cant trigger it. 7.12 DMZ Use this page to set the IP address of your network DMZ (if you have one) for the WiMAX Device. All incoming packets received by this WiMAX Devices WAN interface will be forwarded to the DMZ host you set. Click Network Setting > NAT > DMZ to open this screen as shown next. Note: The configuration you set in this screen takes priority than the Network Setting

> NAT > Port Forwarding screen. Figure 39 DMZ Screen This screen contains the following fields:

Table 32 DMZ LABEL DMZ Host DESCRIPTION Enter the IP address of your network DMZ host, if you have one. 0.0.0.0 means this feature is disabled. HES-309M Series Users Guide 93 Chapter 7 Network Settings 7.13 ALG Use these settings to bypass NAT on your WiMAX Device for those applications that are "NAT un-friendly". Click Network Setting > NAT > ALG to open this screen as shown next. Figure 40 ALG Screen This screen contains the following fields:

Table 33 ALG LABEL Enable FTP ALG Turns on the FTP ALG to detect FTP (File Transfer Program) traffic and DESCRIPTION Enable H.323 ALG helps build FTP sessions through the WiMAX Devices NAT. Turns on the H.323 ALG to detect H.323 traffic (used for audio communications) and helps build H.323 sessions through the WiMAX Devices NAT. Turns on the IPsec ALG to detect IPsec traffic and helps build IPsec sessions through the WiMAX Devices NAT. Turns on the L2TP ALG to detect L2TP traffic and helps build L2TP sessions through the WiMAX Devices NAT. Turns on the PPTP ALG to detect PPTP traffic and helps build PPTP sessions through the WiMAX Devices NAT. Turns on the RTSP ALG to detect RTSP traffic and helps build RTSP sessions through the WiMAX Devices NAT. Enable IPsec ALG Enable L2TP ALG Enable PPTP ALG Enable RTSP ALG Enable SIP ALG Turns on the SIP ALG to detect SIP traffic and helps build SIP sessions SIP Port through the WiMAX Devices NAT. If you are using a custom UDP port number (not 5060) for SIP traffic, enter it here. 94 HES-309M Series Users Guide Chapter 7 Network Settings 7.14 UPnP Use this page to enable the UPnP networking protocol on your WiMAX Device and allow easy network connectivity with other UPnP-compatible devices. Click Network Setting > UPnP to open this screen as shown next. Figure 41 UPnP Screen This screen contains the following fields:

Table 34 UPnP LABEL Enable UPnP Enable NAT-PMP Select this to enable NAT Port Mapping Protocol on the WiMAX Device. DESCRIPTION Select this to enable UPnP on the WiMAX Device. 7.14.1 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start > Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components . HES-309M Series Users Guide 95 Chapter 7 Network Settings 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. 5 In the Networking Services window, select the Universal Plug and Play check box. 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 96 HES-309M Series Users Guide Chapter 7 Network Settings 7.14.1.1 Auto-discover Your UPnP-enabled Network Device in Windows XP This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the WiMAX Device. Make sure the computer is connected to a LAN port of the WiMAX Device. Turn on your computer and the WiMAX Device. 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. HES-309M Series Users Guide 97 Chapter 7 Network Settings 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. 4 You may edit or delete the port mappings or click Add to manually add port mappings. 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 98 HES-309M Series Users Guide 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. Chapter 7 Network Settings 7 Double-click on the icon to display your current Internet connection status. 7.14.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the WiMAX Device without finding out the IP address of the WiMAX Device first. This becomes helpful if you do not know the IP address of the WiMAX Device. Follow the steps below to access the web configurator:

1 Click Start and then Control Panel. 2 Double-click Network Connections. HES-309M Series Users Guide 99 Chapter 7 Network Settings 3 Select My Network Places under Other Places. 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your WiMAX Device and select Invoke. The web configurator login screen displays. 100 HES-309M Series Users Guide 6 Right-click on the icon for your WiMAX Device and select Properties. A properties window displays with basic information about the WiMAX Device. Chapter 7 Network Settings 7.15 DDNS Use this page to configure the WiMAX Device as a dynamic DNS client. Click Network Setting > DDNS Figure 42 DDNS Screen HES-309M Series Users Guide 101 Chapter 7 Network Settings This screen contains the following fields:

DESCRIPTION Select this to enable dynamic DNS on the WiMAX Device. Table 35 DDNS LABEL Enable Dynamic DNS Service Provider Service Type Domain Name Login Name Password IP Update Policy Select the policy used by the WiMAX Device. Options are:

Select the dynamic DNS service type. Enter the domain name. Enter the user name. Enter the password. Select the dynamice DNS service provider for the WiMAX Device.

Auto Detect

WAN

User Defined User Defined IP If chose User Defined for the IP Update Policy, enter the user Wildcards MX Backup MX MX Host defined IP address. Select this to allow a hostname to use wildcards such as *. Select this to enable mail routing, if supported by the specified DYNDNS service provider. Select this to enable a secondary mail routing, if supported by the specified DYNDNS service provider. Enter the host to which mail is routed when the MX option is selected. 7.16 Content Filter Use these settings to allow ("whitelist") or block ("blacklist") connections to and from specific web sites through the WiMAX Device. Click Network Setting > Content Filter to open this screen as shown next. Figure 43 Content Filter Screen 102 HES-309M Series Users Guide Chapter 7 Network Settings This screen contains the following fields:

Table 36 Content Filter LABEL URL List DESCRIPTION Enable URL Filter Blacklist/

Whitelist Select this employ the content filter to allow (whitelist) or block

(blacklist) specific URL connections made through the WiMAX Device. Select whether the current filtering applies to the blacklist (sites that are blocked) or the whitelist (sites that are allowed). URL Filter Rule Active URL Delete Add OK Indicates whether the current URL filter is active or not. Indicates the URL to be filtered according to blacklist or whitelist rules. Click this to delete a specified rule. Click this to add a new filter rule. Click this to save any changes made to the list. HES-309M Series Users Guide 103 Chapter 7 Network Settings 104 HES-309M Series Users Guide CHAPTER 8 Security 8.1 Overview This chapter shows you how to configure the WiMAX Devices network settings. 8.1.1 What You Need to Know The following terms and concepts may help as you read through this chapter. About the WiMAX Devices Security Features The WiMAX Device security features are designed to protect against Denial of Service attacks when activated as well as block access to and from specific URLs and MAC addresses. Its purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The WiMAX Device can be used to prevent theft, destruction and modification of data. The WiMAX Device is installed between the LAN and a WiMAX base station connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The WiMAX Device has one Ethernet (LAN) port. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP and the World Wide Web. However, inbound access is not allowed (by default) unless the remote host is authorized to use a specific service. HES-309M Series Users Guide 105 Chapter 8 Security 8.2 IP Filter Use this screen to block incoming connections from specific IP addresses. Click Security > Firewall > IP Filter to open this screen as shown next. Figure 44 IP Filter Screen This screen contains the following fields:

Table 37 IP Filter LABEL Active Source IP DESCRIPTION Indicates whether the current IP filter is active or not. This displays the source IP address for the IP filter rule. Click Add to create a new, empty rule, then enter the incoming IP address for the WiMAX Device to block. Source Port If you want to delete this rule, click the Delete icon. This displays the source port number for the IP filter rule. Click Add to create a new, empty rule, then enter the incoming port number for the WiMAX Device to block. Destination IP If you want to delete this rule, click the Delete icon. This displays the destination IP address for the IP filter rule. Click Add to create a new, empty rule, then enter the outgoing IP address for the WiMAX Device to block. If you want to delete this rule, click the Delete icon. Destination Port This displays the destination port number for the IP filter rule. Click Add to create a new, empty rule, then enter the outgoing port number for the WiMAX Device to block. Protocol If you want to delete this rule, click the Delete icon. This displays the protocol blocked by the IP filter rule. Click Add to create a new, empty rule, then select the protocol type for the WiMAX Device to block. Delete Add OK If you want to delete this rule, click the Delete icon. Click this to delete a specified rule. Click this to add a new filter rule. Click this to save any changes made to the list. 106 HES-309M Series Users Guide Chapter 8 Security 8.3 MAC Filter Use this screen to allow ("whitelist") or block ("blacklist") connections to and from specific devices on the network based on their unique MAC addresses. Note: This feature only works when the WiMAX Device is in bridge mode. Click Security > Firewall > MAC Filter to open this screen as shown next. Figure 45 MAC Filter Screen This screen contains the following fields:

Table 38 MAC Filter LABEL Blacklist/

Whitelist Source MAC DESCRIPTION Select either whitelist or blacklist for viewing and editing. This displays the source MAC for the MAC filter rule. Click Add to create a new, empty rule, then enter the incoming MAC address for the WiMAX Device to block. If you want to delete this rule, click the Delete icon. This displays the destination MAC for the MAC filter rule. Click Add to create a new, empty rule, then enter the outgoing MAC address for the WiMAX Device to block. If you want to delete this rule, click the Delete icon. Select which days of the week you want the filter rule to be effective. Select what time each day you want the filter rule to be effective. Enter times in 24-hour format; for example, 3:00pm should be entered as 15:00. Click this to add a new filter rule. Click this to save any changes made to the list. Destination MAC Mon ~ Sun Start / End Time Add OK HES-309M Series Users Guide 107 Chapter 8 Security 8.4 DDOS Use these settings to potentially block specific types of Denial of Service attacks directed at your WiMAX Device. Click Security > Firewall > DDOS to open this screen as shown next. Figure 46 DDOS Screen This screen contains the following fields:

Table 39 DDOS LABEL Prevent from TCP SYN Flood Prevent from UDP Flood Prevent from ICMP Flood Prevent from Port Scan Prevent from LAND Attack DESCRIPTION Select this to monitor for and block TCP SYN flood attacks. A SYN flood is one type of denial of service attack where an overwhelming number of SYN requests assault a client device. Select this to monitor for and block UDP flood attacks. An UDP flood is a type of denial of service attack where an overwhelming number of UDP packets assault random ports on a client device. Because the device is forced to analyze and respond to each packet, it quickly becomes unreachable to other devices. Select this to monitor for and block ICMP flood attacks. An ICMP flood is a type of denial of service attack where an overwhelming number of ICMP ping assault a client device, locking it down and preventing it from responding to requests from other servers. Select this to monitor for and block port scan attacks. A port scan attack is typicall the precursor to a full-blown denial of service attack wherein each port on a device is probed for security holes that can be exploited. Once a security flaw is discovered, an attacker can initiate the appropriate denial of service attack or intrusion attack against the client device. Select this to monitor for and block LAND attacks. A Local Area Network Denial (LAND) attack is a type of denial of service attack where a spoofed TCP SYN packet targets a client devices IP address and forces it into an infinite recursive loop of querying itself and then replying, effectively locking it down. 108 HES-309M Series Users Guide Chapter 8 Security Table 39 DDOS (continued) LABEL Prevent from IP Spoof DESCRIPTION Select this to monitor for and block IP address spoof attacks. An IP address spoof is an attack whereby the source IP address in the incoming IP packets allows a malicious party to masquerade as a legitimate user and gain access to the client device. Select this to monitor for and block ICMP redirect attacks. An ICMP redirect attack is one where forged ICMP redirect messages can force the client device to route packets for certain connections through an attackers host. Select this to monitor for and block ping of death attacks. A Ping of Death (POD) attack is one where larger-than-allowed ping packets are fragmented then sent against a client device. This results in the client device suffering from a buffer overflow and subsequent system crash. Select this to ignore ping requests from the WAN. Prevent from ICMP redirect Prevent from PING of Death Prevent from PING from WAN HES-309M Series Users Guide 109 Chapter 8 Security 110 HES-309M Series Users Guide CHAPTER 9 Maintenance 9.1 Overview Use these screens to manage and maintain your WiMAX Device. 9.1.1 What You Need to Know The following terms and concepts may help as you read through this chapter. Remote Management Limitations Remote management over LAN or WAN will not work when:

1 2 3 You have disabled that service in one of the remote management screens. The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the WiMAX Device will disconnect the session immediately. There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. HES-309M Series Users Guide 111 Chapter 9 Maintenance Remote Management and NAT When NAT is enabled:

Use the WiMAX Devices WAN IP address when configuring from the WAN.

Use the WiMAX Devices LAN IP address when configuring from the LAN. System Timeout There is a default system management idle timeout of five minutes. The WiMAX Device automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your WiMAX Device supports SNMP agent functionality, which allows a manager station to manage and monitor the WiMAX Device through the network. The WiMAX Device supports SNMP version one (SNMPv1) and version two (SNMPv2). The next figure illustrates an SNMP management operation. Note: SNMP is only available if TCP/IP is configured. 112 HES-309M Series Users Guide Chapter 9 Maintenance TR-069 TR-069 is an abbreviation of Technical Reference 069, a protocol designed to facilitate the remote management of Customer Premise Equipement (CPE), such as the WiMAX Device. It can be managed over a WAN by means of an Auto Configuration Server (ACS). TR-069 is based on sending Remote Procedure Calls

(RPCs) between the ACS and the client device. RPCs are sent in Extensible Markup Language (XML) format over HTTP or HTTPS. An administrator can use an ACS to remotely set up the WiMAX Device, modify its settings, perform firmware upgrades, and monitor and diagnose it. In order to do so, you must enable the TR-069 feature on your WiMAX Device and then configure it appropriately. (The ACS server which it will use must also be configured by its administrator.) Figure 47 TR-069 Example SIP ACS HTTP In this example, the WiMAX Device receives data from at least 3 sources: A SIP server for handling voice calls, an HTTP server for handling web services, and an ACS, for configuring the WiMAX Device remotely. All three servers are owned and operated by the clients Internet Service Provider. However, without the configuration settings from the ACS, the WiMAX Device cannot access the other two servers. Once the WiMAX Device receives its configuration settings and implements them, it can connect to the other servers. If the settings change, it will once again be unable to connect until it receives its updates from the ACS. The WiMAX Device can be configured to periodically check for updates from the auto-configuration server so that the end user need not be worried about it. HES-309M Series Users Guide 113 Chapter 9 Maintenance SNMP An SNMP managed network consists of two main types of component: agents and a manager. Figure 48 SNMP Management Model An agent is a management software module that resides in a managed device (the WiMAX Device). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices. The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. The WiMAX Device supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations:

Get - Allows the manager to retrieve an object variable from the agent.

GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. 114 HES-309M Series Users Guide Chapter 9 Maintenance

Set - Allows the manager to set values for object variables within an agent.

Trap - Used by the agent to inform the manager of some events. The WiMAX Device sends traps to the SNMP manager when any of the following events occurs:

Table 40 SNMP Traps TRAP # TRAP NAME 0 coldStart (defined in RFC-

1215) warmStart (defined in RFC-

1215) authenticationFailure (defined in RFC-1215) whyReboot (defined in ZYXEL-

MIB) 1 4 6 6a For intentional reboot:

6b For fatal error:

OMA-DM DESCRIPTION A trap is sent after booting (power on). A trap is sent after booting (software reboot). A trap is sent to the manager when receiving any SNMP get or set requirements with the wrong community (password). A trap is sent with the reason of restart before rebooting when the system is going to restart

(warm start). A trap is sent with the message "System reboot by user!" if reboot is done intentionally, (for example, download new files, CI command "sys reboot", etc.). A trap is sent with the message of the fatal code if the system reboots because of fatal errors. When the WiMAX Device initiates communication with the server (often times at start up or after the first time you turn it on), the server uploads commands, new files (if any), and other information used by a service provider to customize the WiMAX Devices features. Device management works as follows:

1 2 3 The server (A) sends out the query (1) to the WiMAX Device (B). The WiMAX Device responds by sending back its credentials (2), to which the server responds with its credentials along with a string of management operations

(3). The client responds to the management operations (4), perhaps confirming file alterations or confirming receipt of file uploads and so on. HES-309M Series Users Guide 115 Chapter 9 Maintenance 4 The server disconnects from the WiMAX Device once all of its management operations have been carried out. Figure 49 OMA-DM Data Management B 2 4 1 3 A OMA-DM Authentication In order to ensure the integrity of the connection between an OMA-DM server and the WiMAX Device, communication between the two is encoded using one of three common algorithms. They are not intended to be used in lieu of proper digital security, but instead as a means of transmitting multiple disparate types of data over HTTP. Security encryption for communication is handled by different processes configured elsewhere in the WiMAX Devices web configurator Basic Access Authentication Sends a persons user name and password in Base64. This auhentication protocol is supported by all browsers that are HTTP 1.0/1.1 compliant. Although converted to Base64 for the sake of cross-

compatibility, credentials are nonetheless passed between the web browser and the server in plaintext, making it extremely easy to intercept and read. As such, it is rarely used anymore. Digest Access Authentication This protocol was designed to replace basic access authentication. Instead of encoding a user name and password in plaintext, this protocol uses what is known as an MD5 message authentication code. It allows the server to issue a single-use, randomly generated number (known as a nonce) to the client (in this case, the web browser), which then uses the number as the public key for encrypting its data. When the server receives the encrypted data, it unlocks it using the key that was just provided. While stronger than basic access authentication, this protocol is not as strong as, say, HMAC, or as secure as the client using a client-side private key encryption scheme. Hash Message Authentication Code Also known as HMAC, this code relies on cryptographic hash functions to bolster an existing protocol, such as MD5. It is a method for generating a stronger, significantly higher encryption key. 116 HES-309M Series Users Guide Chapter 9 Maintenance OMA-DM Data Model Each device that conforms to the current OMA-DM standard has an identical data structure embedded in its controlling firmware. This allows a similarly conforming OMA-DM server to navigate the folder structure and to make file alterations where appropriate or required. Figure 50 OMA-DM Data Model Operator Root Folder

Vendor DMAcc MP3s Games In the example data model shown here, the parent folders must conform to the OMA-DM standard. The child folders, on the other hand, can be customized on an individual basis. This allows the parent folders to all maintain a consistent URI

(Uniform Resource Indentifier) across all devices that meet the OMA-DM standards requirements. For example, in the preceding figure the URI for the Games folder is ./Vendor/

Games/. The ./Vendor/ portion of the URI exists on all devices that conform to the OMA-DM standard. The Games folder, however, may or may not exist depending on the services provided by the company managing the device. Daytime A network protocol used by devices for debugging and time measurement. A computer can use this protocol to set its internal clock but only if it knows in which order the year, month, and day are returned by the server. Not all servers use the same format. Time A network protocol for retrieving the current time from a server. The computer issuing the command compares the time on its clock to the information returned by the server, adjusts itself automatically for time zone differences, then calculates the difference and corrects itself if there has been any temporal drift. HES-309M Series Users Guide 117 Chapter 9 Maintenance NTP NTP stands for Network Time Protocol. It is employed by devices connected to the Internet in order to obtain a precise time setting from an official time server. These time servers are accurate to within 200 microseconds. 9.2 Password Use this screen to set up user and admin accounts for logging into and managing the WiMAX Device. Click Maintenance > Password to open this screen as shown next. Figure 51 Password Screen This screen contains the following fields:

Table 41 Password LABEL Change Password DESCRIPTION Group Old Password New Password Retype Select the group for which you want to change the login password. Enter the old password for the login group. Enter the new password for the login group. Retype the new password for the login group. Change User name Group Old Username Select a group for which want to change a username. Enter the username to be changed. 118 HES-309M Series Users Guide Chapter 9 Maintenance Table 41 Password (continued) LABEL DESCRIPTION Enter the new username. New Username Password Enter the password for this username. 9.3 HTTP Use this screen to allow remote access to the WiMAX Device from a network connection over HTTP. Click Maintenance > Remote MGMT > HTTP to open this screen as shown next. Figure 52 HTTP Screen This screen contains the following fields:

Table 42 HTTP LABEL HTTP Server DESCRIPTION Enable Port Number Enter the port number this service can use to access the WiMAX Device. Select this to enable remote management using this service. The computer must use the same port number. HTTPS Server Enable Port Number Enter the port number this service can use to access the WiMAX Device. Select this to enable remote management using this service. The computer must use the same port number. HTTP and HTTPS HES-309M Series Users Guide 119 Chapter 9 Maintenance Table 42 HTTP (continued) LABEL Allow Connection from WAN DESCRIPTION Select this to allow incoming connections from the WAN over either HTTP or HTTPS. HTTP Session Timeout Session Timeout Enter the number of minutes (0-99) the WiMAX Device waits to delete an inactive web connection (HTTP or HTTPS). 9.4 Telnet Use this screen to allow remote access to the WiMAX Device from a network connection over Telnet. Click Maintenance > Remote MGMT > Telnet to open this screen as shown next. Figure 53 Telnet Screen This screen contains the following fields:

Table 43 Telnet LABEL Enable Port Number Allow Connection from WAN Allow Connection from LAN DESCRIPTION Select this to enable remote management using this service. Enter the port number this service can use to access the WiMAX Device. The computer must use the same port number. Select this to allow connections using this service that originate on the WAN. Select this to allow connection using this service that originate on the LAN. 120 HES-309M Series Users Guide Chapter 9 Maintenance 9.5 SSH Use this screen to allow remote access to the WiMAX Device from a network connection over SSH. Click Maintenance > Remote MGMT > SSH to open this screen as shown next. Figure 54 SSH Screen This screen contains the following fields:

Table 44 SSH LABEL Enable Port Number Allow Connection from WAN Allow Connection from LAN DESCRIPTION Select this to enable remote management using this service. Enter the port number this service can use to access the WiMAX Device. The computer must use the same port number. Select this to allow connections using this service that originate on the WAN. Select this to allow connection using this service that originate on the LAN. HES-309M Series Users Guide 121 Chapter 9 Maintenance 9.6 SNMP Use this screen to allow remote access to the WiMAX Device from a network connection over SNMP. Click Maintenance > Remote MGMT > SNMP to open this screen as shown next. Figure 55 SNMP Screen This screen contains the following fields:

Table 45 SNMP LABEL Enable Location Contact Read Community Write Community Trap Server Trap Community DESCRIPTION Select this to enable remote management using this service. Enter the location of the SNMP server (for example, Engineering Dept., Floor 6, Building A, New York City). Enter contact information for the administrator managing the SNMP server (for example, Bill Smith, IT Dept., (555) 555-5454). Enter the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests. Enter the password for incoming Set requests from the management station. The default is public and allows all requests. Enter the IP address of the station to send your SNMP traps to. Enter the trap community, which is the password sent with each trap to the SNMP manager. The default is public and allows all requests. 122 HES-309M Series Users Guide Chapter 9 Maintenance 9.7 CWMP Use this screen to allow CWMP connections for remote management, firmware upgrades and troubleshooting. Click Maintenance > Remote MGMT > CWMP to open this screen as shown next. Figure 56 CWMP Screen This screen contains the following fields:

Table 46 CWMP DESCRIPTION LABEL Enable Select this to enable remote management using this service. ACS Server URL Enter the URL or IP address of the auto-configuration server. Bootstrap Enable ACS Username Select this to enable bootstrap events. ACS Password Enter the user name sent when the WiMAX Device connects to the ACS and which is used for authentication. You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed. Enter the password sent when the WiMAX Device connects to an ACS and which is used for authentication. You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed. HES-309M Series Users Guide 123 Chapter 9 Maintenance Table 46 CWMP (continued) LABEL Perodical Inform Enable DESCRIPTION Select this to allow the WiMAX Device to periodically connect to the ACS and check for configuration updates. If you do not enable this feature then the WiMAX Device can only be updated automatically when the ACS initiates contact with it and if you selected the checkbox on this screen. Enter the time interval (in seconds) at which the WiMAX Device connects to the auto-configuration server. Enter the connection request user name that the ACS must send to the WiMAX Device when it requests a connection. You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed. Note: This must be provided by the ACS administrator. Enter the connection request password that the ACS must send to the WiMAX Device when it requests a connection. You can enter up to 31 alphanumeric characters (a-z, A-Z, 0-9) and underscores but spaces are not allowed. Note: This must be provided by the ACS administrator. Click Browse to upload a Certificate Authority (CA) certificate to the WiMAX Device. This displays information about the currently active CA certificate. Click Browse to upload a client certificate to the WiMAX Device. This displays information about the currently active client certificate. Periodical Inform Interval Connection Request Username Connection Request Password CA Certificate File CA Certificate Info Client Certificate File Client Certificate Info 124 HES-309M Series Users Guide Chapter 9 Maintenance 9.8 OMA-DM Use this screen to allow remote access to the WiMAX Device from a network connection over OMA-DM. Click Maintenance > Remote MGMT > OMA-DM to open this screen as shown next. Figure 57 OMA-DM Screen This screen contains the following fields:

Table 47 OMA-DM LABEL Enable Server URL Server Port Server Auth Type Server ID DESCRIPTION Select this to enable remote management using this service. Enter the IP address or URL of the OMA-DM server that you intend to use to manage this device. Enter the port number for the IP address of the OMA-DM server set up in the preceding field. Select the encryption algorithm scheme used by the OMA-DM server to communicate with client devices. If the scheme selected here does not match the actual scheme used by the server, then server will challenge the WiMAX Device to automatically update its settings.

None - No authentication.

Basic - Server ID and Password are encoded using a Basic Access Authentication Code.

Digest (MD5) - Server ID and Password are encoded using a Digest Access Authentication Code.

HMAC - Server ID and Password are encoded using a keyed Hash Message Authentication Code. Enter the identification code for the server. This is used by the WiMAX Device during the communication handshake process to identify the server. HES-309M Series Users Guide 125 Chapter 9 Maintenance Table 47 OMA-DM (continued) LABEL DESCRIPTION Enter the password for the servers identification code. This shared Server Password public key is used by the WiMAX Device during the communication handshake process to identify the server. Select the encryption algorithm scheme used by the OMA-DM server to communicate with client devices. If the scheme selected here does not match the actual scheme used by the server, then server will challenge the WiMAX Device to automatically update its settings. Client Auth Type

None - No authentication.

Basic - Server ID and Password are encoded using a Basic Access Authentication Code.

Digest (MD5) - Server ID and Password are encoded using a Digest Access Authentication Code.

HMAC - Server ID and Password are encoded using a keyed Hash Message Authentication Code. Note: Make sure that the scheme selected here matches the the Server Auth Type. Enter the client name for the WiMAX Device. Client ID Client Password Enter the password for the WiMAX Devices client name. Perodical Client-

Initiated Enable Select this to allow the WiMAX Device to periodically connect to the OMA-DM server and check for configuration updates. If you do not enable this feature then the WiMAX Device can only be updated automatically when the OM-DM server initiates contact with it and if you selected the checkbox on this screen. Enter the time interval (in seconds) at which the WiMAX Device connects to the OMA-DM server. Periodical Client-Initiated Interval 126 HES-309M Series Users Guide Chapter 9 Maintenance 9.9 Date Use these settings to set the system time or configure an NTP server for automatic time synchronization. Click Maintenance > Date/Time > Date to open this screen as shown next. Figure 58 Date Screen This screen contains the following fields:

Table 48 Date LABEL Manual DESCRIPTION New Time New Date Enter the new time in this field. Enter the new date in this field. Get from Time Server Time Protocol Select the time service protocol that your time server uses.Check with your ISP or network administrator, or use trial-and-error to find a protocol that works. Time Server Address 1~4

NTP (RFC 1305) - This format is similar to Time (RFC 868). Enter the IP address or URL of your time server. Check with your ISP or network administrator if you are unsure of this information. HES-309M Series Users Guide 127 Chapter 9 Maintenance 9.10 Time Zone Use this screen to set the time zone in which the WiMAX device is physically located. Click Maintenance > Date/Time > Time Zone to open this screen as shown next. Figure 59 Time Zone Screen This screen contains the following fields:

Table 49 Time Zone LABEL Time Zone Enable Daylight Savings Time Start Date End Date DESCRIPTION Select the time zone at your location. Select this if your location uses daylight savings time. Daylight savings is a period from late spring to early fall when many places set their clocks ahead of normal local time by one hour to give more daytime light in the evening. Enter which hour on which day of which week of which month daylight-

savings time starts. Enter which hour on the which day of which week of which month daylight-savings time ends. 9.11 Upgrade File Use this screen to browse to a firmware file on a local computer and upload it to the WiMAX Device. Firmware files usually use the system model name with a

"*.bin" extension, such as "WiMAX Device.bin". The upload process uses HTTP

(Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system restarts. Contact your service provider for information on available firmware upgrades. Note: Only use firmware for your WiMAX Devices specific model. 128 HES-309M Series Users Guide Chapter 9 Maintenance Click Maintenance > Firmware Upgrade > Upgrade File to open this screen as shown next. Figure 60 Upgrade File Screen This screen contains the following fields:

Table 50 Upgrade File LABEL Upgrade File Upgrade DESCRIPTION Click Browse then browse to the location of a firmware upgrade file and select it. Click this to begin uploading the selected file. This may take up to two minutes. Note: Do not turn off the device while firmware upload is in progress!

9.11.1 The Firmware Upload Process When the WiMAX Device uploads new firmware, the process usually takes about two minutes. The device also automatically restarts in this time. This causes a temporary network disconnect. Note: Do not turn off the device while firmware upload is in progress!

After two minutes, log in again, and check your new firmware version in the Status screen. You might have to open a new browser window to log in. If the upload is not successful, you will be notified by error message. HES-309M Series Users Guide 129 Chapter 9 Maintenance 9.12 Upgrade Link Use this screen to set the URL of a firmware file on a remote computer and upload it to the WiMAX Device. Click Maintenance > Firmware Upgrade > Upgrade Link to open this screen as shown next. Figure 61 Upgrade Link Screen This screen contains the following fields:

Table 51 Upgrade Link LABEL Upgrade Link Upgrade DESCRIPTION Enter the URL or IP address of the firmwares upgrade location on the network. Click this to begin uploading the selected file. This may take up to two minutes. Note: Do not turn off the device while firmware upload is in progress!

9.13 CWMP Upgrade Use this screen to upgrade the firmware on the WiMAX Device using CWMP Request Download. Click Maintenance > Firmware Upgrade > CWMP Upgrade to open this screen as shown next. Figure 62 CWMP Upgrade Screen 130 HES-309M Series Users Guide Chapter 9 Maintenance This screen contains the following fields:

Table 52 CWMP Upgrade LABEL Upgrade DESCRIPTION Click this to begin upgrading firmware using CWMP Request. This may take up to two minutes. Note: Do not turn off the device while firmware upload is in progress!

9.14 Backup Use this screen to backup your current WiMAX Device settings to a local computer. Click Maintenance > Backup/Restore > Backup to open this screen as shown next. Figure 63 Backup/Restore Screen This screen contains the following fields:

Table 53 Backup/Restore LABEL Backup DESCRIPTION Click this to save the WiMAX Devices current configuration to a file on your computer. Once your device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file is useful if you need to return to your previous settings. HES-309M Series Users Guide 131 Chapter 9 Maintenance 9.15 Restore Use this screen to restore your WiMAX Device settings from a backup file on a local computer. Click Maintenance > Backup/Restore > Restore to open this screen as shown next. Figure 64 Restore Screen This screen contains the following fields:

Table 54 Restore LABEL Configuration File DESCRIPTION Click Choose File then browse to the location of a firmware upgrade file and select it. Backup Configuration File URL Click File Restore to upload the specified configuration to the WiMAX Device and replace the current settings. Enter the URL or IP address of the backup configuration files location on the network. Click URL Restore to upload the specified configuration to the WiMAX Device and replace the current settings. 9.15.1 The Restore Configuration Process When the WiMAX Device restores a configuration file, the device automatically restarts. This causes a temporary network disconnect. Note: Do not turn off the device while configuration file upload is in progress. If the WiMAX Devices IP address is different in the configuration file you selected, you may need to change the IP address of your computer to be in the same subnet as that of the default management IP address (192.168.5.1). See the 132 HES-309M Series Users Guide Chapter 9 Maintenance Quick Start Guide or the appendices for details on how to set up your computers IP address. You might have to open a new browser to log in again. If the upload was not successful, you are notified with an error message. 9.16 Factory Defaults Use this screen to restore the WiMAX Device to its factory default settings. Click Maintenance > Backup/Restore > Factory Defaults to open this screen as shown next. Figure 65 Factory Defaults Screen This screen contains the following fields:

Table 55 Factory Defaults LABEL Reset DESCRIPTION Click this to clear all user-entered configuration information and return the WiMAX Device to its factory defaults. There is no warning screen. 9.17 Log Setting Use this screen to configure which type of events on the WiMAX Device are logged. Click Maintenance > Log > Log Setting to open this screen as shown next. Figure 66 Log Setting Screen HES-309M Series Users Guide 133 Chapter 9 Maintenance This screen contains the following fields:

Table 56 Log Setting LABEL Enable Log Log Level Enable Remote Log Remote Log Host Remote Log Port DESCRIPTION Select this to have the WiMAX Device log network activity according to the selected Log Level. Select the type of logs to record. Select this to allow logs to be recorded and stored on a remote logs server. Enter the remote log host IP address if Enable Remote Log is selected. Enter the remote log host port if Enable Remote Log is selected. 9.18 Log Display Use this screen to view the log messages of the WiMAX Device. Click Maintenance > Log > Log Display to open this screen as shown next. Figure 67 Log Display Screen This screen contains the following fields:

Table 57 Log Display LABEL Display Level Refresh DESCRIPTION Select the type of logs to display from this menu. Click this to refresh the logs in the display window. 134 HES-309M Series Users Guide Chapter 9 Maintenance 9.19 About This screen displays information about the WiMAX Device that can be useful when upgrading firmware, considering deployment options, and working with technical support if the device encounters difficulties. Click Maintenance > About to open this screen as shown next. Figure 68 About Screen This screen contains the following fields:

Table 58 About LABEL System Model Name Software Version Firmware Version Firmware Date Bootloader Version DESCRIPTION This field displays the WiMAX Device system name. It is used for identification. This field displays the Web Configurator software version that the WiMAX Device is currently running. This field displays the current version of the firmware inside the device. This field displays the date the firmware version was created. This field displays the bootloader version. 9.20 Reboot Use this screen to perform a software restart of the WiMAX Device. You may log in again within a few minutes of using the reboot button. Click Maintenance > Reboot to open this screen as shown next. Figure 69 Reboot Screen HES-309M Series Users Guide 135 Chapter 9 Maintenance This screen contains the following fields:

Table 59 Reboot LABEL Reboot DESCRIPTION Click this button to have the device perform a software restart. The Power LED blinks as it restarts and the shines steadily if the restart is successful. Note: Wait one minute before logging back into the WiMAX Device after a restart. 136 HES-309M Series Users Guide CHAPTER 10 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories:

Power, Hardware Connections, and LEDs

WiMAX Device Access and Login

Internet Access

Reset the WiMAX Device to Its Factory Defaults 10.1 Power, Hardware Connections, and LEDs The WiMAX Device does not turn on. None of the LEDs turn on. 1 Make sure you are using the power adapter or cord included with the WiMAX Device. 2 Make sure the power adapter or cord is connected to the WiMAX Device and plugged in to an appropriate power source. Make sure the power source is turned on. 3 Disconnect and re-connect the power adapter or cord to the WiMAX Device. 4 If the problem continues, contact the vendor. One of the LEDs does not behave as expected. 1 Make sure you understand the normal behavior of the LED. See Section 1.2.1 on page 18 for more information. 2 Check the hardware connections. See the Quick Start Guide. HES-309M Series Users Guide 137 Chapter 10 Troubleshooting 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Disconnect and re-connect the power adapter to the WiMAX Device. 5 If the problem continues, contact the vendor. 10.2 WiMAX Device Access and Login I forgot the IP address for the WiMAX Device. 1 2 3 The default IP address is . If you changed the IP address and have forgotten it, you might get the IP address of the WiMAX Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig. The IP address of the Default Gateway might be the IP address of the WiMAX Device (it depends on the network), so enter this IP address in your Internet browser. If this does not work, you have to reset the WiMAX Device to its factory defaults. See Section 9.16 on page 133. I forgot the password. 1 2 The default password is 1234. If this does not work, you have to reset the WiMAX Device to its factory defaults. See Section 9.16 on page 133. I cannot see or access the Login screen in the web configurator. 1 Make sure you are using the correct IP address.

The default IP address is .

If you changed the IP address (Section 7.6 on page 83), use the new IP address. 138 HES-309M Series Users Guide Chapter 10 Troubleshooting

If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the WiMAX Device. 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 18. 3 Make sure your Internet browser does not block pop-up windows and has JavaScript and Java enabled. See Appendix C on page 179. 4 If there is a DHCP server on your network, make sure your computer is using a dynamic IP address. Your WiMAX Device is a DHCP server by default. If there is no DHCP server on your network, make sure your computers IP address is in the same subnet as the WiMAX Device. See Appendix D on page 189. 5 Reset the WiMAX Device to its factory defaults, and try to access the WiMAX Device with the default IP address. See Chapter 2 on page 19. 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions

Try to access the WiMAX Device using another service, such as Telnet. If you can access the WiMAX Device, check the remote management settings and firewall rules to find out why the WiMAX Device does not respond to HTTP.

If your computer is connected wirelessly, use a computer that is connected to a LAN/ETHERNET port. I can see the Login screen, but I cannot log in to the WiMAX Device. 1 Make sure you have entered the user name and password correctly. The default user name is admin, and the default password is 1234. These fields are case-

sensitive, so make sure [Caps Lock] is not on. 2 You cannot log in to the web configurator while someone is using Telnet to access the WiMAX Device. Log out of the WiMAX Device in the other session, or ask the person who is logged in to log out. 3 Disconnect and re-connect the power adapter or cord to the WiMAX Device. 4 If this does not work, you have to reset the WiMAX Device to its factory defaults. See Section 9.16 on page 133. HES-309M Series Users Guide 139 Chapter 10 Troubleshooting I cannot Telnet to the WiMAX Device. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. 10.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 18. 2 Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on. 3 Check your security settings. See Chapter 8 on page 105. 4 Check your WiMAX settings. The WiMAX Device may have been set to search the wrong frequencies for a wireless connection. See Chapter 6 on page 51. If you are unsure of the correct values, contact your service provider. 5 If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP. 6 Disconnect all the cables from your WiMAX Device, and follow the directions in the Quick Start Guide again. 7 If the problem continues, contact your ISP. I cannot access the Internet any more. I had access to the Internet (with the WiMAX Device), but my Internet connection is not available any more. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.2.1 on page 18. 2 Disconnect and re-connect the power adapter to the WiMAX Device. 140 HES-309M Series Users Guide Chapter 10 Troubleshooting 3 If the problem continues, contact your ISP. The Internet connection is slow or intermittent. 1 2 3 The quality of the WiMAX Devices wireless connection to the base station may be poor. Poor signal reception may be improved by moving the WiMAX Device away from thick walls and other obstructions, or to a higher floor in your building. There may be radio interference caused by nearby electrical devices such as microwave ovens and radio transmitters. Move the WiMAX Device away or switch the other devices off. Weather conditions may also affect signal quality. There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.2.1 on page 18. If the WiMAX Device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications. 4 Disconnect and re-connect the power adapter to the WiMAX Device. 5 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. The Internet connection disconnects. 1 Check your WiMAX link and signal strength using the Strength Indicator LEDs on the device. 2 Contact your ISP if the problem persists. 10.4 Reset the WiMAX Device to Its Factory Defaults If you reset the WiMAX Device, you lose all of the changes you have made. The WiMAX Device re-loads its default settings, and the password resets to 1234. You have to make all of your changes again. HES-309M Series Users Guide 141 Chapter 10 Troubleshooting You will lose all of your changes when you push the Reset button. To reset the WiMAX Device, 1 Make sure the Power LED is on and not blinking. 2 Press and hold the Reset button for five to ten seconds. Release the Reset button when the Power LED begins to blink. The default settings have been restored. If the WiMAX Device restarts automatically, wait for the WiMAX Device to finish restarting, and log in to the web configurator. The password is 1234. If the WiMAX Device does not restart automatically, disconnect and reconnect the WiMAX Devices power. Then, follow the directions above again. 10.4.1 Pop-up Windows, JavaScript and Java Permissions Please see Appendix C on page 179. 142 HES-309M Series Users Guide CHAPTER 11 Product Specifications This chapter gives details about your WiMAX Devices hardware and firmware features. FEATURE Operation Requirements Power Supply Requirement LAN Port Reset Button / Restore to Factory Default Button LAN Status LED (Green /

Yellow) RSSI LED (Green) DESCRIPTION

Storage conditions: 40C to 60C, 10% to 95%

humidity

Operation conditions: 40C to 65C, 10% to 90%

humidity (non condensing)

Operating Humidity: 10% to 95% RH

DC 48 V, 0.32 A on PoE

100 V ~ 240 V 10% AC input

RJ-45 Interface

1 Port

10/100BaseT

AUTO MDI/MDIX

System Reset

System configuration can be restored to factory default if hold the Reset Button longer than 5 seconds Green LED for 10M

ON: Linked

Blinking: Data transmitting

OFF: Link off Yellow LED for 100M

ON: Linked

Blinking: Data transmitting

OFF: Link off 5 LED bar : LED 1~5 indicates RSSI

(Power level reception, only on when connected)

5 LED : -50dBm < RSSI

4 LED : -50dBm <= RSSI > -60dBm

3 LED : -60dBm <= RSSI > -70dBm

2 LED : -70dBm <= RSSI > -80dBm

1 LED : -80dBm <= RSSI > -90dBm

0 LED : -90dBm >= RSSI HES-309M Series Users Guide 143 Chapter 11 Product Specifications FEATURE Buzzer behavior Antennna WiMAX compliance DESCRIPTION

5 Counts (5 sec) : -50dBm< RSSI

4 Counts (4 sec) : -50dBm <= RSSI > -60dBm

3 Counts (3 sec) : -60dBm <= RSSI > -70dBm

2 Counts (2 sec) : -70dBm <= RSSI > -80dBm

1 Counts (1 sec) : -80dBm <= RSSI > -90dBm

0 Counts no buzzer : -90dBm >= RSSI

Center Frequency: 3500 MHz (HES-319M), 2300 MHz

(HES-339M), 2600 MHz (HES-309M)

Frequency Range: 3300 MHz~3600 MHz (HES-319M), 2300 MHz~2400 MHz (HES-339M), 2500 MHz~2700 MHz (HES-309M)

Bandwidth: 300 MHz

Peak Gain: 15 dBi (HES-319M), 12 dBi (HES-339M), 13 dBi (HES-309M)

H-Plane Average Gain: 3.5 dBi

VSWR: 2

Polarization: Linear, Vertical

H-Plane HPBW: 180

V-Plane HPBW: 25

Down tilt: 0

Impedance: 50

Connector: IPEX female Fully compliant with IEEE 802.16e Mobile WiMAX corrigendum 1 & 2 and WiMAX Forum Wave 2 System Profiles Operating Frequency Band Certification Profile 3.3GHz~3.6GHz (HES-319M), 2.3GHz~2.4GHz (HES-

339M), 2.5GHz~2.7GHz (HES-309M) Support WF profiles: 1A, 2A, 3A, 5A, 5AL, 5BL (5MHz, 7MHz, 10MHz bandwidth) Maximum nominal Transmission Power Maximum nominal Tx power at the antenna connector:

26dBm. Transmitter Power Control Transmit power control by step of 1dB, relative accuracy of +/- 0.5dB (as per IEEE 802.16e-2005, 8.4.12.1). Transmitter spectral flatness Transmitter spectral flatness as defined in IEEE 802.16e-

2005, 8.4.12.2. Transmitter Error Vector Magnitude (EVM) Transmitter relative constellation error (EVM) as defined in IEEE 802.16e-2005, 8.4.12.3. Receiver SNR Compliant to IEEE 802.16e-2005 section 8.4.13.1 Receiver Sensitivity The receiver minimum sensitivity level Rss, measured under the conditions defined in IEEE 802.16e-2005. 144 HES-309M Series Users Guide Chapter 11 Product Specifications FEATURE Cumulated Noise Figure and Implementation Loss of the Receiver Receiver SNR DESCRIPTION Lower than 6.4dB Compliant to IEEE 802.16e-2005 section 8.4.13.1 Receiver Sensitivity The receiver minimum sensitivity level Rss, measured under the conditions defined in IEEE 802.16e-2005. Receiver Diversity Receiver Adjacent Channel Rejection Maximum Ratio Combining (MRC) The receiver adjacent channel rejection measured under the conditions defined in IEEE 802.16e-2005 is at least:

25dB for QPSK , 14dB for 16QAM , 7dB for 64QAM . Receiver Non-Adjacent Channel Rejection The receiver non-adjacent channel rejection measured under the conditions defined in IEEE 802.16e-2005 is at least: 38dB for QPSK , 33dB for 16QAM , 26dB for 64QAM . HES-309M Series Users Guide 145 Chapter 11 Product Specifications 146 HES-309M Series Users Guide APPENDIX A WiMAX Security Wireless security is vital to protect your wireless communications. Without it, information transmitted over the wireless network would be accessible to any networking device within range. User Authentication and Data Encryption The WiMAX (IEEE 802.16) standard employs user authentication and encryption to ensure secured communication at all times. User authentication is the process of confirming a users identity and level of authorization. Data encryption is the process of encoding information so that it cannot be read by anyone who does not know the code. WiMAX uses PKMv2 (Privacy Key Management version 2) for authentication, and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol) for data encryption. WiMAX supports EAP (Extensible Authentication Protocol, RFC 2486) which allows additional authentication methods to be deployed with no changes to the base station or the mobile or subscriber stations. PKMv2 is a procedure that allows authentication of a mobile or subscriber station and negotiation of a public key to encrypt traffic between the MS/SS and the base station. PKMv2 uses standard EAP methods such as Transport Layer Security

(EAP-TLS) or Tunneled TLS (EAP-TTLS) for secure communication. In cryptography, a key is a piece of information, typically a string of random numbers and letters, that can be used to lock (encrypt) or unlock (decrypt) a message. Public key encryption uses key pairs, which consist of a public (freely available) key and a private (secret) key. The public key is used for encryption and the private key is used for decryption. You can decrypt a message only if you have the private key. Public key certificates (or digital IDs) allow users to verify each others identity. PKMv2 HES-309M Series Users Guide 147 Appendix A WiMAX Security RADIUS RADIUS is based on a client-server model that supports authentication, authorization and accounting. The base station is the client and the server is the RADIUS server. The RADIUS server handles the following tasks:

Authentication Determines the identity of the users.

Authorization Determines the network services available to authenticated users once they are connected to the network.

Accounting Keeps track of the clients network activity. RADIUS is a simple package exchange in which your base station acts as a message relay between the MS/SS and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the base station and the RADIUS server for user authentication:

Access-Request Sent by an base station requesting authentication.

Access-Reject Sent by a RADIUS server rejecting access.

Access-Accept Sent by a RADIUS server allowing access.

Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The base station sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the base station and the RADIUS server for user accounting:

Accounting-Request Sent by the base station requesting accounting.

Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password they both know. The key is not sent over 148 HES-309M Series Users Guide the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Appendix A WiMAX Security Diameter Diameter (RFC 3588) is a type of AAA server that provides several improvements over RADIUS in efficiency, security, and support for roaming. Security Association CCMP The set of information about user authentication and data encryption between two computers is known as a security association (SA). In a WiMAX network, the process of security association has three stages.

Authorization request and reply The MS/SS presents its public certificate to the base station. The base station verifies the certificate and sends an authentication key (AK) to the MS/SS.

Key request and reply The MS/SS requests a transport encryption key (TEK) which the base station generates and encrypts using the authentication key.

Encrypted traffic The MS/SS decrypts the TEK (using the authentication key). Both stations can now securely encrypt and decrypt the data flow. All traffic in a WiMAX network is encrypted using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol). CCMP is based on the 128-bit Advanced Encryption Standard (AES) algorithm. Counter mode refers to the encryption of each block of plain text with an arbitrary number, known as the counter. This number changes each time a block of plain text is encrypted. Counter mode avoids the security weakness of repeated identical blocks of encrypted text that makes encrypted data vulnerable to pattern-spotting. Cipher Block Chaining Message Authentication (also known as CBC-MAC) ensures message integrity by encrypting each block of plain text in such a way that its encryption is dependent on the block before it. This series of chained blocks creates a message authentication code (MAC or CMAC) that ensures the encrypted data has not been tampered with. HES-309M Series Users Guide 149 Appendix A WiMAX Security Authentication The WiMAX Device supports EAP-TTLS authentication. EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection (with EAP-

TLS digital certifications are needed by both the server and the wireless clients for mutual authentication). Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. 150 HES-309M Series Users Guide APPENDIX B Setting Up Your Computers IP Address Note: Your specific ZyXEL device may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported. This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network. Windows Vista/XP/2000, Mac OS 9/OS X, and all versions of UNIX/LINUX include the software components you need to use TCP/IP on your computer. If you manually assign IP information instead of using a dynamic IP, make sure that your networks computers have IP addresses that place them in the same subnet. In this appendix, you can set up an IP address for:

Windows XP/NT/2000 on page 152

Windows Vista on page 155

Mac OS X: 10.3 and 10.4 on page 159

Mac OS X: 10.5 on page 163

Linux: Ubuntu 8 (GNOME) on page 166

Linux: openSUSE 10.3 (KDE) on page 172 HES-309M Series Users Guide 151 Appendix B Setting Up Your Computers IP Address Windows XP/NT/2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT. 1 Click Start > Control Panel. Figure 70 Windows XP: Start Menu 2 In the Control Panel, click the Network Connections icon. Figure 71 Windows XP: Control Panel 152 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address 3 Right-click Local Area Connection and then select Properties. Figure 72 Windows XP: Control Panel > Network Connections > Properties 4 On the General tab, select Internet Protocol (TCP/IP) and then click Properties. Figure 73 Windows XP: Local Area Connection Properties HES-309M Series Users Guide 153 Appendix B Setting Up Your Computers IP Address 5 The Internet Protocol TCP/IP Properties window opens. Figure 74 Windows XP: Internet Protocol (TCP/IP) Properties 6 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided. 7 Click OK to close the Internet Protocol (TCP/IP) Properties window. Click OK to close the Local Area Connection Properties window.Verifying Settings 1 Click Start > All Programs > Accessories > Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information. 154 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address Windows Vista This section shows screens from Windows Vista Professional. 1 Click Start > Control Panel. Figure 75 Windows Vista: Start Menu 2 In the Control Panel, click the Network and Internet icon. Figure 76 Windows Vista: Control Panel 3 Click the Network and Sharing Center icon. Figure 77 Windows Vista: Network And Internet HES-309M Series Users Guide 155 Appendix B Setting Up Your Computers IP Address 4 Click Manage network connections. Figure 78 Windows Vista: Network and Sharing Center 5 Right-click Local Area Connection and then select Properties. Figure 79 Windows Vista: Network and Sharing Center Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. 156 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address 6 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties. Figure 80 Windows Vista: Local Area Connection Properties HES-309M Series Users Guide 157 Appendix B Setting Up Your Computers IP Address 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. Figure 81 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 8 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided.Click Advanced. 9 Click OK to close the Internet Protocol (TCP/IP) Properties window. Click OK to close the Local Area Connection Properties window.Verifying Settings 1 Click Start > All Programs > Accessories > Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information. 158 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. 1 Click Apple > System Preferences. Figure 82 Mac OS X 10.4: Apple Menu 2 In the System Preferences window, click the Network icon. Figure 83 Mac OS X 10.4: System Preferences HES-309M Series Users Guide 159 Appendix B Setting Up Your Computers IP Address 3 When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. Figure 84 Mac OS X 10.4: Network Preferences 4 For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab. Figure 85 Mac OS X 10.4: Network Preferences > TCP/IP Tab. 160 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address 5 For statically assigned settings, do the following:

From the Configure IPv4 list, select Manually.

In the IP Address field, type your IP address.

In the Subnet Mask field, type your subnet mask.

In the Router field, type the IP address of your device. Figure 86 Mac OS X 10.4: Network Preferences > Ethernet HES-309M Series Users Guide 161 Appendix B Setting Up Your Computers IP Address Click Apply Now and close the window.Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab. Figure 87 Mac OS X 10.4: Network Utility 162 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address Mac OS X: 10.5 The screens in this section are from Mac OS X 10.5. 1 Click Apple > System Preferences. Figure 88 Mac OS X 10.5: Apple Menu 2 In System Preferences, click the Network icon. Figure 89 Mac OS X 10.5: Systems Preferences HES-309M Series Users Guide 163 Appendix B Setting Up Your Computers IP Address 3 When the Network preferences pane opens, select Ethernet from the list of available connection types. Figure 90 Mac OS X 10.5: Network Preferences > Ethernet 4 5 From the Configure list, select Using DHCP for dynamically assigned settings. For statically assigned settings, do the following:

From the Configure list, select Manually.

In the IP Address field, enter your IP address.

In the Subnet Mask field, enter your subnet mask. 164 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address

In the Router field, enter the IP address of your WiMAX Device. Figure 91 Mac OS X 10.5: Network Preferences > Ethernet 6 Click Apply and close the window. HES-309M Series Users Guide 165 Appendix B Setting Up Your Computers IP Address Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab. Figure 92 Mac OS X 10.5: Network Utility Linux: Ubuntu 8 (GNOME) This section shows you how to configure your computers TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default Ubuntu 8 installation. Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in GNOME:

166 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address 1 Click System > Administration > Network. Figure 93 Ubuntu 8: System > Administration Menu 2 When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password. Figure 94 Ubuntu 8: Network Settings > Connections HES-309M Series Users Guide 167 Appendix B Setting Up Your Computers IP Address 3 4 In the Authenticate window, enter your admin account name and password then click the Authenticate button. Figure 95 Ubuntu 8: Administrator Account Authentication In the Network Settings window, select the connection that you want to configure, then click Properties. Figure 96 Ubuntu 8: Network Settings > Connections 168 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address 5 The Properties dialog box opens. Figure 97 Ubuntu 8: Network Settings > Properties

In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address.

In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields. 6 Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen. HES-309M Series Users Guide 169 Appendix B Setting Up Your Computers IP Address 7 If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided. Figure 98 Ubuntu 8: Network Settings > DNS 8 Click the Close button to apply the changes. Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices 170 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address tab. The Interface Statistics column shows data if your connection is working properly. Figure 99 Ubuntu 8: Network Tools HES-309M Series Users Guide 171 Appendix B Setting Up Your Computers IP Address Linux: openSUSE 10.3 (KDE) This section shows you how to configure your computers TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default openSUSE 10.3 installation. Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in the KDE:

1 Click K Menu > Computer > Administrator Settings (YaST). Figure 100 openSUSE 10.3: K Menu > Computer Menu 172 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address 2 When the Run as Root - KDE su dialog opens, enter the admin password and click OK. Figure 101 openSUSE 10.3: K Menu > Computer Menu 3 When the YaST Control Center window opens, select Network Devices and then click the Network Card icon. Figure 102 openSUSE 10.3: YaST Control Center HES-309M Series Users Guide 173 Appendix B Setting Up Your Computers IP Address 4 When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 103 openSUSE 10.3: Network Settings 174 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address 5 When the Network Card Setup window opens, click the Address tab Figure 104 openSUSE 10.3: Network Card Setup 6 Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. 7 Click Next to save the changes and close the Network Card Setup window. HES-309M Series Users Guide 175 Appendix B Setting Up Your Computers IP Address 8 If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided. Figure 105 openSUSE 10.3: Network Settings 9 Click Finish to save your settings and close the window. 176 HES-309M Series Users Guide Appendix B Setting Up Your Computers IP Address Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information. Figure 106 openSUSE 10.3: KNetwork Manager When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly. Figure 107 openSUSE: Connection Status - KNetwork Manager HES-309M Series Users Guide 177 Appendix B Setting Up Your Computers IP Address 178 HES-309M Series Users Guide APPENDIX C Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow:

Web browser pop-up windows from your device.

JavaScript (enabled by default).

Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your devices IP address. Disable Pop-up Blockers 1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 108 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. HES-309M Series Users Guide 179 Appendix C Pop-up Windows, JavaScript and Java Permissions 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 109 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 180 HES-309M Series Users Guide Appendix C Pop-up Windows, JavaScript and Java Permissions 2 Select Settingsto open the Pop-up Blocker Settings screen. Figure 110 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix http://. For example, http://192.168.167.1. HES-309M Series Users Guide 181 Appendix C Pop-up Windows, JavaScript and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 111 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript is allowed. 182 HES-309M Series Users Guide Appendix C Pop-up Windows, JavaScript and Java Permissions 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 112 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). HES-309M Series Users Guide 183 Appendix C Pop-up Windows, JavaScript and Java Permissions 6 Click OK to close the window. Figure 113 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 184 HES-309M Series Users Guide Appendix C Pop-up Windows, JavaScript and Java Permissions 5 Click OK to close the window. Figure 114 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. HES-309M Series Users Guide 185 Appendix C Pop-up Windows, JavaScript and Java Permissions 3 Click OK to close the window. Figure 115 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 116 Mozilla Firefox: TOOLS > Options 186 HES-309M Series Users Guide Appendix C Pop-up Windows, JavaScript and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 117 Mozilla Firefox Content Security HES-309M Series Users Guide 187 Appendix C Pop-up Windows, JavaScript and Java Permissions 188 HES-309M Series Users Guide APPENDIX D IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device

(including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks. Introduction to IP Addresses One part of the IP address is the network number, and the other part is the host ID. In the same way that houses on a street share a common street name, the hosts on a network share a common network number. Similarly, as each house has its own house number, each host on the network has its own unique identifying number - the host ID. Routers use the network number to send packets to the correct network, while the host ID determines to which host on the network the packets are delivered. Structure An IP address is made up of four parts, written in dotted decimal notation (for example, ). Each of these four parts is known as an octet. An octet is an eight-

digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. HES-309M Series Users Guide 189 Appendix D IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets

(192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 118 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term subnet is short for sub-network. A subnet mask has 32 bits. If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID. The following example shows a subnet mask identifying the network number (in bold text) and host ID of an IP address (192.168.1.2 in decimal). Table 60 IP Address Network Number and Host ID Example IP Address (Binary) Subnet Mask (Binary) Network Number Host ID 190 2ND OCTET:

(168) 10101000 4TH 1ST OCTET OCTET:

(2)

(192) 11000000 00000010 11111111 11111111 11111111 00000000 11000000 10101000 00000001 3RD OCTET:

(1) 00000001 00000010 HES-309M Series Users Guide Appendix D IP Addresses and Subnetting By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number part (the bits with a 1 value). For example, an 8-bit mask means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 61 Subnet Masks BINARY 1ST OCTET 2ND OCTET 3RD OCTET 8-bit mask 11111111 00000000 00000000 16-bit 11111111 11111111 00000000 mask 24-bit mask 29-bit mask 11111111 11111111 11111111 11111111 11111111 11111111 4TH OCTET 00000000 00000000 DECIMAL 255.0.0.0 255.255.0.0 00000000 255.255.255.0 11111000 255.255.255.24 8 Network Size The size of the network number determines the maximum number of possible hosts you can have on your network. The larger the number of network number bits, the smaller the number of remaining host ID bits. An IP address with host IDs of all zeros is the IP address of the network

(192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network (192.168.1.255 with a 24-bit subnet mask, for example). As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows:

Table 62 Maximum Host Numbers SUBNET MASK HOST ID SIZE 255.0.0.0 8 bits 16 bits 255.255.0.0 24 bits 255.255.255.0 8 bits 29 bits 255.255.255.2 3 bits 24 bits 16 bits 48 HES-309M Series Users Guide MAXIMUM NUMBER OF HOSTS 16777214 65534 254 6 224 2 216 2 28 2 23 2 191 Appendix D IP Addresses and Subnetting Notation Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a / followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations.

/26 LAST OCTET

(BINARY) 0000 0000 1000 0000 ALTERNATIVE NOTATION

/24

/25 Table 63 Alternative Subnet Mask Notation SUBNET MASK 255.255.255.0 255.255.255.12 8 255.255.255.19 2 255.255.255.22 4 255.255.255.24 0 255.255.255.24 8 255.255.255.25 2 1100 0000 1110 0000 1111 0000 1111 1000 1111 1100

/27

/28

/29

/30 LAST OCTET

(DECIMAL) 0 128 192 224 240 248 252 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons. In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 2 or 254 possible hosts. 192 HES-309M Series Users Guide Appendix D IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 119 Subnetting Example: Before Subnetting You can borrow one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or

/25). The borrowed host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. HES-309M Series Users Guide 193 Appendix D IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 120 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 2 or 126 possible hosts (a host ID of all zeroes is the subnets address itself, all ones is the subnets broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126. Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254. Example: Four Subnets The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to borrow two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits

(11111111.11111111.11111111.11000000) or 255.255.255.192. 194 HES-309M Series Users Guide Appendix D IP Addresses and Subnetting Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnets broadcast address). Table 64 Subnet 1 IP/SUBNET MASK IP Address (Decimal) IP Address (Binary) Subnet Mask (Binary) Subnet Address:

192.168.1.0 Broadcast Address:

192.168.1.63 Table 65 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address:

192.168.1.64 Broadcast Address:

192.168.1.127 Table 66 Subnet 3 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address:

192.168.1.128 Broadcast Address:

192.168.1.191 Table 67 Subnet 4 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 00000000 11111111.11111111.11111111. 11000000 Lowest Host ID: 192.168.1.1 LAST OCTET BIT VALUE 0 Highest Host ID: 192.168.1.62 NETWORK NUMBER LAST OCTET BIT VALUE 64 192.168.1. 11000000.10101000.00000001. 01000000 11111111.11111111.11111111. 11000000 Lowest Host ID: 192.168.1.65 Highest Host ID: 192.168.1.126 NETWORK NUMBER LAST OCTET BIT VALUE 128 192.168.1. 11000000.10101000.00000001. 10000000 11111111.11111111.11111111. 11000000 Lowest Host ID: 192.168.1.129 Highest Host ID: 192.168.1.190 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001

. 11111111.11111111.11111111

. LAST OCTET BIT VALUE 192 11000000 11000000 HES-309M Series Users Guide 195 Appendix D IP Addresses and Subnetting Table 67 Subnet 4 (continued) IP/SUBNET MASK NETWORK NUMBER Subnet Address:

192.168.1.192 Broadcast Address:

192.168.1.255 Lowest Host ID: 192.168.1.193 Highest Host ID: 192.168.1.254 LAST OCTET BIT VALUE Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 68 Eight Subnets SUBNET FIRST ADDRESS LAST SUBNET ADDRESS 0 32 64 96 128 160 192 224 1 33 65 97 129 161 193 225 1 2 3 4 5 6 7 8 ADDRESS 30 62 94 126 158 190 222 254 BROADCAST ADDRESS 31 63 95 127 159 191 223 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. NO. SUBNETS NO. HOSTS PER SUBNET MASK Table 69 24-bit Network Number Subnet Planning NO. BORROWED HOST BITS 1 2 3 4 5 6 7 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) 2 4 8 16 32 64 128 SUBNET 126 62 30 14 6 2 1 196 HES-309M Series Users Guide Appendix D IP Addresses and Subnetting The following table is a summary for subnet planning on a network with a 16-bit network number. NO. SUBNETS NO. HOSTS PER SUBNET MASK Table 70 16-bit Network Number Subnet Planning NO. BORROWED HOST BITS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 255.255.128.0 (/17) 255.255.192.0 (/18) 255.255.224.0 (/19) 255.255.240.0 (/20) 255.255.248.0 (/21) 255.255.252.0 (/22) 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) 2 4 8 16 32 64 128 256 512 1024 2048 4096 8192 16384 32768 SUBNET 32766 16382 8190 4094 2046 1022 510 254 126 62 30 14 6 2 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the WiMAX Device. Once you have decided on the network number, pick an IP address for your WiMAX Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address. The subnet mask specifies the network number portion of an IP address. Your WiMAX Device will compute the subnet mask automatically based on the IP HES-309M Series Users Guide 197 Appendix D IP Addresses and Subnetting address that you entered. You don't need to change the subnet mask computed by the WiMAX Device unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:

10.0.0.0 10.255.255.255

172.16.0.0 172.31.255.255

192.168.0.0 192.168.255.255 You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses. Regardless of your particular situation, do not create an arbitrary IP address;

always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. IP Address Conflicts Each device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources. The devices may also be unreachable through the network. Conflicting Computer IP Addresses Example More than one device can not use the same IP address. In the following example computer A has a static (or fixed) IP address that is the same as the IP address that a DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP 198 HES-309M Series Users Guide Appendix D IP Addresses and Subnetting address to computer A or setting computer A to obtain an IP address automatically. Figure 121 Conflicting Computer IP Addresses Example Conflicting Router IP Addresses Example Since a router connects different networks, it must have interfaces using different network numbers. For example, if a router is set between a LAN and the Internet

(WAN), the routers LAN and WAN addresses must be on different subnets. In the following example, the LAN and WAN are on the same subnet. The LAN computers cannot access the Internet because the router cannot route between networks. Figure 122 Conflicting Computer IP Addresses Example Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address. In the following example, the computer and the routers LAN port both use 192.168.1.1 as the IP address. HES-309M Series Users Guide 199 Appendix D IP Addresses and Subnetting The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the routers LAN port. Figure 123 Conflicting Computer and Router IP Addresses Example 200 HES-309M Series Users Guide APPENDIX E Importing Certificates This appendix shows you how to import public key certificates into your web browser. Public key certificates are used by web browsers to ensure that a secure web site is legitimate. When a certificate authority such as VeriSign, Comodo, or Network Solutions, to name a few, receives a certificate request from a website operator, they confirm that the web domain and contact information in the request match those on public record with a domain name registrar. If they match, then the certificate is issued to the website operator, who then places it on the site to be issued to all visiting web browsers to let them know that the site is legitimate. Many ZyXEL products, such as the NSA-2401, issue their own public key certificates. These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it. However, because the certificates were not issued by one of the several organizations officially recognized by the most common web browsers, you will need to import the ZyXEL-created certificate into your web browser and flag that certificate as a trusted authority. Note: You can see if you are browsing on a secure website if the URL in your web browsers address bar begins with https:// or there is a sealed padlock icon (

padlock in the same location.)

) somewhere in the main browser window (not all browsers show the In this appendix, you can import a public key certificate for:

Internet Explorer on page 202

Firefox on page 212

Opera on page 218

Konqueror on page 226 HES-309M Series Users Guide 201 Appendix E Importing Certificates Internet Explorer The following example uses Microsoft Internet Explorer 7 on Windows XP Professional; however, they can also apply to Internet Explorer on Windows Vista. 1 If your devices web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. Figure 124 Internet Explorer 7: Certification Error 2 Click Continue to this website (not recommended). Figure 125 Internet Explorer 7: Certification Error 202 HES-309M Series Users Guide 3 In the Address Bar, click Certificate Error > View certificates. Figure 126 Internet Explorer 7: Certificate Error Appendix E Importing Certificates 4 In the Certificate dialog box, click Install Certificate. Figure 127 Internet Explorer 7: Certificate HES-309M Series Users Guide 203 Appendix E Importing Certificates 5 In the Certificate Import Wizard, click Next. Figure 128 Internet Explorer 7: Certificate Import Wizard 6 If you want Internet Explorer to Automatically select certificate store based on the type of certificate, click Next again and then go to step 9. Figure 129 Internet Explorer 7: Certificate Import Wizard 204 HES-309M Series Users Guide Appendix E Importing Certificates 7 Otherwise, select Place all certificates in the following store and then click Browse. Figure 130 Internet Explorer 7: Certificate Import Wizard 8 In the Select Certificate Store dialog box, choose a location in which to save the certificate and then click OK. Figure 131 Internet Explorer 7: Select Certificate Store HES-309M Series Users Guide 205 Appendix E Importing Certificates 9 In the Completing the Certificate Import Wizard screen, click Finish. Figure 132 Internet Explorer 7: Certificate Import Wizard 10 If you are presented with another Security Warning, click Yes. Figure 133 Internet Explorer 7: Security Warning 206 HES-309M Series Users Guide Appendix E Importing Certificates 11 Finally, click OK when presented with the successful certificate installation message. Figure 134 Internet Explorer 7: Certificate Import Wizard 12 The next time you start Internet Explorer and go to a ZyXEL web configurator page, a sealed padlock icon appears in the address bar. Click it to view the pages Website Identification information. Figure 135 Internet Explorer 7: Website Identification HES-309M Series Users Guide 207 Appendix E Importing Certificates Installing a Stand-Alone Certificate File in Internet Explorer Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Double-click the public key certificate file. Figure 136 Internet Explorer 7: Public Key Certificate File 2 In the security warning dialog box, click Open. Figure 137 Internet Explorer 7: Open File - Security Warning 3 Refer to steps 4-12 in the Internet Explorer procedure beginning on page 202 to complete the installation process. 208 HES-309M Series Users Guide Appendix E Importing Certificates Removing a Certificate in Internet Explorer This section shows you how to remove a public key certificate in Internet Explorer 7. 1 Open Internet Explorer and click TOOLS > Internet Options. Figure 138 Internet Explorer 7: Tools Menu 2 In the Internet Options dialog box, click Content > Certificates. Figure 139 Internet Explorer 7: Internet Options HES-309M Series Users Guide 209 Appendix E Importing Certificates 3 In the Certificates dialog box, click the Trusted Root Certificates Authorities tab, select the certificate that you want to delete, and then click Remove. Figure 140 Internet Explorer 7: Certificates 4 5 In the Certificates confirmation, click Yes. Figure 141 Internet Explorer 7: Certificates In the Root Certificate Store dialog box, click Yes. Figure 142 Internet Explorer 7: Root Certificate Store 210 HES-309M Series Users Guide 6 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. Appendix E Importing Certificates HES-309M Series Users Guide 211 Appendix E Importing Certificates Firefox The following example uses Mozilla Firefox 2 on Windows XP Professional;

however, the screens can also apply to Firefox 2 on all platforms. 1 If your devices web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Select Accept this certificate permanently and click OK. Figure 143 Firefox 2: Website Certified by an Unknown Authority 212 HES-309M Series Users Guide Appendix E Importing Certificates 3 The certificate is stored and you can now connect securely to the web configurator. A sealed padlock appears in the address bar, which you can click to open the Page Info > Security window to view the web pages security information. Figure 144 Firefox 2: Page Info HES-309M Series Users Guide 213 Appendix E Importing Certificates Installing a Stand-Alone Certificate File in Firefox Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Open Firefox and click TOOLS > Options. Figure 145 Firefox 2: Tools Menu 2 In the Options dialog box, click ADVANCED > Encryption > View Certificates. Figure 146 Firefox 2: Options 214 HES-309M Series Users Guide 3 In the Certificate Manager dialog box, click Web Sites > Import. Figure 147 Firefox 2: Certificate Manager Appendix E Importing Certificates 4 Use the Select File dialog box to locate the certificate and then click Open. Figure 148 Firefox 2: Select File 5 The next time you visit the web site, click the padlock in the address bar to open the Page Info > Security window to see the web pages security information. HES-309M Series Users Guide 215 Appendix E Importing Certificates Removing a Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2. 1 Open Firefox and click TOOLS > Options. Figure 149 Firefox 2: Tools Menu 2 In the Options dialog box, click ADVANCED > Encryption > View Certificates. Figure 150 Firefox 2: Options 216 HES-309M Series Users Guide Appendix E Importing Certificates 3 In the Certificate Manager dialog box, select the Web Sites tab, select the certificate that you want to remove, and then click Delete. Figure 151 Firefox 2: Certificate Manager 4 5 In the Delete Web Site Certificates dialog box, click OK. Figure 152 Firefox 2: Delete Web Site Certificates The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. HES-309M Series Users Guide 217 Appendix E Importing Certificates Opera The following example uses Opera 9 on Windows XP Professional; however, the screens can apply to Opera 9 on all platforms. 1 If your devices web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Click Install to accept the certificate. Figure 153 Opera 9: Certificate signer not found 218 HES-309M Series Users Guide Appendix E Importing Certificates 3 The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web pages security details. Figure 154 Opera 9: Security information HES-309M Series Users Guide 219 Appendix E Importing Certificates Installing a Stand-Alone Certificate File in Opera Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Open Opera and click TOOLS > Preferences. Figure 155 Opera 9: Tools Menu 220 HES-309M Series Users Guide 2 In Preferences, click ADVANCED > Security > Manage certificates. Figure 156 Opera 9: Preferences Appendix E Importing Certificates HES-309M Series Users Guide 221 Appendix E Importing Certificates 3 In the Certificates Manager, click Authorities > Import. Figure 157 Opera 9: Certificate manager 4 Use the Import certificate dialog box to locate the certificate and then click Open. Figure 158 Opera 9: Import certificate 222 HES-309M Series Users Guide 5 In the Install authority certificate dialog box, click Install. Figure 159 Opera 9: Install authority certificate Appendix E Importing Certificates 6 Next, click OK. Figure 160 Opera 9: Install authority certificate 7 The next time you visit the web site, click the padlock in the address bar to open the Security information window to view the web pages security details. HES-309M Series Users Guide 223 Appendix E Importing Certificates Removing a Certificate in Opera This section shows you how to remove a public key certificate in Opera 9. 1 Open Opera and click TOOLS > Preferences. Figure 161 Opera 9: Tools Menu 2 In Preferences, ADVANCED > Security > Manage certificates. Figure 162 Opera 9: Preferences 224 HES-309M Series Users Guide Appendix E Importing Certificates 3 In the Certificates manager, select the Authorities tab, select the certificate that you want to remove, and then click Delete. Figure 163 Opera 9: Certificate manager 4 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. Note: There is no confirmation when you delete a certificate authority, so be absolutely certain that you want to go through with it before clicking the button. HES-309M Series Users Guide 225 Appendix E Importing Certificates Konqueror The following example uses Konqueror 3.5 on openSUSE 10.3, however the screens apply to Konqueror 3.5 on all Linux KDE distributions. 1 If your devices web configurator is set to use SSL certification, then the first time you browse to it you are presented with a certification error. 2 Click Continue. Figure 164 Konqueror 3.5: Server Authentication 3 Click Forever when prompted to accept the certificate. Figure 165 Konqueror 3.5: Server Authentication 226 HES-309M Series Users Guide Appendix E Importing Certificates 4 Click the padlock in the address bar to open the KDE SSL Information window and view the web pages security details. Figure 166 Konqueror 3.5: KDE SSL Information HES-309M Series Users Guide 227 Appendix E Importing Certificates Installing a Stand-Alone Certificate File in Konqueror Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted, you can install a stand-alone certificate file if one has been issued to you. 1 Double-click the public key certificate file. Figure 167 Konqueror 3.5: Public Key Certificate File 2 In the Certificate Import Result - Kleopatra dialog box, click OK. Figure 168 Konqueror 3.5: Certificate Import Result The public key certificate appears in the KDE certificate manager, Kleopatra. Figure 169 Konqueror 3.5: Kleopatra 228 HES-309M Series Users Guide 3 The next time you visit the web site, click the padlock in the address bar to open the KDE SSL Information window to view the web pages security details. Appendix E Importing Certificates HES-309M Series Users Guide 229 Appendix E Importing Certificates Removing a Certificate in Konqueror This section shows you how to remove a public key certificate in Konqueror 3.5. 1 Open Konqueror and click Settings > Configure Konqueror. Figure 170 Konqueror 3.5: Settings Menu 2 In the Configure dialog box, select Crypto. 3 On the Peer SSL Certificates tab, select the certificate you want to delete and then click Remove. Figure 171 Konqueror 3.5: Configure 4 The next time you go to the web site that issued the public key certificate you just removed, a certification error appears. 230 HES-309M Series Users Guide Note: There is no confirmation when you remove a certificate authority, so be absolutely certain you want to go through with it before clicking the button. Appendix E Importing Certificates HES-309M Series Users Guide 231 Appendix E Importing Certificates 232 HES-309M Series Users Guide APPENDIX F Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/

code numbers and services, visit the IANA (Internet Assigned Number Authority) web site.

Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.

Protocol: This is the type of IP protocol used by the service. If this is TCP/

UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.

Port(s): This value depends on the Protocol. Please refer to RFC 1700 for further information about port numbers.

If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.

If the Protocol is USER, this is the IP protocol number.

Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. Table 71 Commonly Used Services NAME AH

(IPSEC_TUNNEL) PROTOCOL User-Defined AIM/New-ICQ TCP AUTH BGP BOOTP_CLIENT BOOTP_SERVER CU-SEEME TCP TCP UDP UDP TCP DNS UDP TCP/UDP 5190 113 179 68 67 7648 24032 53 PORT(S) DESCRIPTION 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service. AOLs Internet Messenger service. It is also used as a listening port by ICQ. Authentication protocol used by some servers. Border Gateway Protocol. DHCP Client. DHCP Server. A popular videoconferencing solution from White Pines Software. Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. HES-309M Series Users Guide 233 Appendix F Common Services Table 71 Commonly Used Services (continued) NAME ESP

(IPSEC_TUNNEL) PROTOCOL User-Defined PORT(S) DESCRIPTION 50 FINGER FTP H.323 HTTP HTTPS ICMP TCP TCP TCP TCP TCP TCP 79 20 21 1720 80 443 User-Defined 1 ICQ UDP 4000 IGMP

(MULTICAST) User-Defined 2 IKE IRC UDP TCP/UDP MSN Messenger TCP TCP TCP UDP TCP NEW-ICQ NEWS NFS NNTP PING 500 6667 1863 5190 144 2049 119 User-Defined 1 POP3 TCP 110 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service. Finger is a UNIX or Internet related command that can be used to find out if a user is logged on. File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. NetMeeting uses this protocol. Hyper Text Transfer Protocol - a client/server protocol for the world wide web. HTTPS is a secured http session often used in e-commerce. Internet Control Message Protocol is often used for diagnostic or routing purposes. This is a popular Internet chat program. Internet Group Management Protocol is used when sending packets to a specific group of hosts. The Internet Key Exchange algorithm is used for key distribution and management. This is another popular Internet chat program. Microsoft Networks messenger service uses this protocol. An Internet chat program. A protocol for news groups. Network File System - NFS is a client/

server distributed file service that provides transparent file sharing for network environments. Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable. Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other). 234 HES-309M Series Users Guide Table 71 Commonly Used Services (continued) NAME PPTP PROTOCOL TCP PORT(S) DESCRIPTION 1723 PPTP_TUNNEL

(GRE) User-Defined 47 RCMD REAL_AUDIO TCP TCP REXEC RLOGIN RTELNET RTSP TCP TCP TCP TCP/UDP SFTP SMTP TCP TCP SNMP TCP/UDP SNMP-TRAPS TCP/UDP SQL-NET TCP SSH STRM WORKS SYSLOG TCP/UDP UDP UDP TACACS TELNET UDP TCP 512 7070 514 513 107 554 115 25 161 162 1521 22 1558 514 49 23 Appendix F Common Services Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel. Remote Command Service. A streaming audio service that enables real time sound over the web. Remote Execution Daemon. Remote Login. Remote Telnet. The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. Simple File Transfer Protocol. Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. Simple Network Management Program. Traps for use with the SNMP

(RFC:1215). Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. Secure Shell Remote Login Program. Stream Works Protocol. Syslog allows you to send system logs to a UNIX server. Login Host Protocol used for (Terminal Access Controller Access Control System). Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems. HES-309M Series Users Guide 235 Appendix F Common Services Table 71 Commonly Used Services (continued) NAME TFTP PROTOCOL UDP PORT(S) DESCRIPTION 69 VDOLIVE TCP 7000 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP

(Transmission Control Protocol). Another videoconferencing solution. 236 HES-309M Series Users Guide APPENDIX G Legal Information Copyright Copyright 2010 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimers ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice. Your use of the WiMAX Device is subject to the terms and conditions of any related service providers. Do not use the WiMAX Device for illegal purposes. Illegal downloading or sharing of files can result in severe civil and criminal penalties. You are subject to the restrictions of copyright laws and any other applicable laws, and will bear the consequences of any infringements thereof. ZyXEL bears NO responsibility or liability for your use of the download service feature. Trademarks Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners. HES-309M Series Users Guide 237 Appendix G Legal Information Certifications Federal Communications Commission (FCC) Interference Statement The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

This device complies with part 15 of the FCC Rules.

Operation is subject to the condition that this device does not cause harmful interference. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

1 Reorient or relocate the receiving antenna. 2 Increase the separation between the equipment and the receiver. 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. 4 Consult the dealer or an experienced radio/TV technician for help. FCC Radiation Exposure Statement

This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.

To comply with FCC RF exposure compliance requirements, a separation distance of at least 40 cm must be maintained between the antenna of this device and all persons.

238 HES-309M Series Users Guide Appendix G Legal Information

Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numrique de la classe B est conforme la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. HES-309M Series Users Guide 239 Appendix G Legal Information Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser. To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http://

www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. 240 HES-309M Series Users Guide Index Index CA 53 formats 54 verification 149 certification notices 239 viewing 239 Certification Authority, see CA chaining 149 chaining message authentication see CCMP CMAC see MAC copyright 237 counter mode see CCMP coverage area 51 cryptography 147 D data 147149 decryption 147 encryption 147 flow 149 DHCP 73 server 73 diameter 52 digital ID 54, 147 Dynamic Host Configuration Protocol see DHCP E EAP 52 EAP (Extensible Authentication Protocol) 54 EAP-TLS 54 EAP-TTLS 54 encryption 147149 A AAA 52 accounting server see AAA activity 52 Advanced Encryption Standard see AES AES 149 ALG 76 alternative subnet mask notation 192 Application Layer Gateway see ALG authentication 52, 147 inner 150 key server 52 types 150 authorization 147 request and reply 149 server 52 auto-discovery UPnP 97 B base station see BS BS 5152 links 52 C CA 53, 54 CBC-MAC 149 CCMP 147, 149 cell 51 certificates 147 HES-309M Series Users Guide 241 Index traffic 149 Ethernet encapsulation 75 Extensible Authorization Protocol see EAP F FCC interference statement 238 firewall 105 FTP 111 restrictions 111 I IANA 198 identity 52, 147 idle timeout 112 IEEE 802.16 51, 147 IEEE 802.16e 51 IGD 1.0 77 inner authentication 150 Internet access 52 gateway device 77 Internet Assigned Numbers Authority see IANA 198 interoperability 51 K key 147 request and reply 149 M MAC 149 MAN 51 Management Information Base (MIB) 114 Message Authentication Code see MAC message integrity 149 Metropolitan Area Network see MAN microwave 51, 52 mobile station see MS MS 52 N NAT 197 and remote management 112 server sets 75 traversal 77 network activity 52 services 52 P pattern-spotting 149 PKMv2 52, 147, 150 plain text encryption 149 Privacy Key Management see PKM private key 147 product registration 240 public certificate 149 public key 147 R RADIUS 52, 54, 148 Message Types 148 Messages 148 Shared Secret Key 148 registration product 240 related documentation 3 remote management and NAT 112 remote management limitations 111 242 HES-309M Series Users Guide Index U unauthorized device 147 Universal Plug and Play see UPnP UPnP 76 application 77 auto-discovery 97 security issues 77 Windows XP 95 user authentication 147 V verification 149 W WiMAX 5152 security 149 WiMAX Forum 51 Wireless Interoperability for Microwave Access see WiMAX Wireless Metropolitan Area Network see MAN wireless network access 51 standard 51 wireless security 147 wizard setup 23 S safety warnings 7 secure communication 147 secure connection 52 security 147 security association 149 see SA services 52 SIP ALG 76 Application Layer Gateway, see ALG SNMP 112 manager 114 SS 51, 52 subnet 189 mask 190 subnetting 192 subscriber station see SS syntax conventions 5 system timeout 112 T tampering TCP/IP configuration 73 TEK 149 TFTP restrictions 111 TLS 147 transport encryption key see TEK transport layer security see TLS trigger port forwarding process 92 TTLS 147, 150 tunneled TLS see TTLS HES-309M Series Users Guide 243 Index 244 HES-309M Series Users Guide Index HES-309M Series Users Guide 245 Index 246 HES-309M Series Users Guide

 

 

 

 

 

 

 

 

 

 

i I it i Made in Taiwan Model Number : HES-309M Power Rating : 48V 0.32A max FCC ID:I88HES309M This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:

(1) this device may not cause harmful interference, and

(2) this device must accept any interference received, including interference that may cause undesired operation. S/N:

MAC:

 

 

Lettery of Agency

"I, an officer of ZyXEL Communications Corporation do hereby authorize Rex Liao, who is Engineer in Intertek Testing Services Taiwan Ltd. to act on our behalf in front of the Federal Communications Commission with respect to all matters relating to certification of equipment under Part 15 and Part 18 of the FCC Rules until further notice."

I further certify that no party (as defined in 1.2002(b) of CFR 47, 1992) to this application, including myself, is subject to a denial of federal benefits, that includes FCC benefits, pursuant to Section 5301 of the Anti-Drug Abuse Act of 1988, 21 U.S.C.,853(a). By:

Signature Title: Section Manager Date: 2011/Jan/5 Wang Yi Printed

 

 

Confidentility Letter (Permanent) Attention:

Application Examiner Re: Request for confidentiality Applicant: ZyXEL Communications Corporation FCC ID: I88HES309M To whom it may concern, Request is hereby submitted by ZyXEL Communications Corporation to withhold permanently from public review certain portions of the application for equipment certification for the referenced FCC identifiers. This request for confidentiality is made pursuant to 47 CFR 0.457(d) of the FCC Rules. In particular, the following sections of the application are to be kept permanently confidential:

Schematics Detailed Block diagrams Detailed Operational/Functional Description Tune-up specification BOM Rationale for request for confidentiality:

ZyXEL Communications Corporation has invested considerable time and materials in research and development to produce the referenced product. Disclosure of the permanently confidential portions of this application to competitors would not only give them significant competitive advantages in developing similar products, but would also disclose successful implementation of unpublished, leading edge technology developed by us. If you have questions or need further information, please contact the undersigned. Sincerely, Section Manager ZyXEL Communications Corporation 2010/1/5

 

 

Attestation for FCC Declaration of Conformity Data: 2011/1/5 FCC ID: I88HES309M Please be notified that we, the undersigned, ZyXEL Communications Corporation declares that the product which bears the above FCC ID is also compliant with the FCC requirements for DoC. The test report number supporting the DoC is TS10110090-EME. Testing in regards to this report was done by Intertek Testing Service Taiwan Ltd., located at No. 11, Lane 275, Ko Nan 1st Street, Shiang-Shan District, Hsinchu Taiwan, which has been accredited in accordance to all of the requirements of 47CFR 2.948 (d) and (e) of the FCC rules and KDB349827. Sincerely, Printed name: Wang Yi Position: Section Manager ZyXEL Communications Corporation Tel: +886-3-5783942 Fax: +886-3-5782439 Email: ywang@zyxel.com.tw

 

 

Doug Noble From:

Sent:

To:

Cc:

Subject:

Sunny Liu Intertek [sunny.liu@intertek.com]

Thursday, February 10, 2011 9:09 PM Doug Noble; Eric Chu Intertek; Jimmy Yang Intertek; Terry Hsu Intertek customerservice RE: www.acbcert.com ATCB010132 | I88HES309M | | | I88HES309M_ATCB010132 Dear Doug, Thanks for you comments, please see my answer as below:

1. For the internal photos exhibit please remove the shields from the PCBs used in the transmitter. A: We revised the internal photo and upload to ATCB website. 2. The MPE exhibit fails the 1 mW/cm2 limit. With the data in the exhibit the answer would be 2.6287 mW/cm2. The EUT would have to be at least 33cm from bystanders to pass at this power level. A: We revised the minimum distance from 20 cm to 40 cm of MPE tset report and upload to ATCB website. 3. In the test report on page 5 the power is listed at 41.21 dBm with is 13.21 Watts at the antenna connectors. If this power is put into a 14dBi antenna the power would be 331.89 Watts which I dont think would meet the 20cm limit either. The unit would have to be a fixed location with a distance to bystander of 162cm which would be 0.99 mW/cm2 which is under the limit by only 0.01 mW/cm2. A: The power is 41.21 dBm at antenna terminals not connector, include the antenna gain. Tthe minimum distance should be 40 cm, so our client revsied the user namual on page 238. 4. Please explain the Form 731 power levels of 0.52602 Watts and 0.5152 Watts when on page 5 of test report it lists the conducted power at 41.21 dBm = 13.21 Watts. A: It is the conducted power not include the antenna gain. So the power is 0.52602 Watts and 0.5152 Watts. Thanks for your kindly help!

Sunny From: Doug Noble [mailto:doug@acbcert.com]

Sent: Saturday, January 29, 2011 3:45 AM To: Eric Chu Intertek; Sunny Liu Intertek; Julie Wang Intertek; Jimmy Yang Intertek; Terry Hsu Intertek Cc: customerservice@acbcert.com Subject: www.acbcert.com ATCB010132 | I88HES309M | | | I88HES309M_ATCB010132 Regardingwww.acbcert.comapplication:

ATCBID:ATCB010132 FCCID:I88HES309M IC:

TCF:

Accountname:ITSEMCTPE Pleasereadcommentsconcerningthisapplication. Thankyou, DougNoble ____________________________________________ 1 Douglas E. Noble Examining Compliance Engineer American Certification Body Certification for the Wireless Industry www.acbcert.com

(703) 847-4700 corporate email: doug@acbcert.com corporate fax: 703/ 847-6888 direct number: 480-820-3830 alternate email: dnoble1@cox.net cell number: 480-747-2409 NOTICE: This E-Mail message and any attachment may contain privileged or company proprietary information. If you received this message in error, please return to the sender. CONFIDENTIALITY NOTICE This email may contain confidential or privileged information, if you are not the intended recipient, or the person responsible for delivering the message to the intended recipient then please notify us by return email immediately. Should you have received this email in error then you should not copy this for any purpose nor disclose its contents to any other person. http://www.intertek.com 2