ZyXEL Communications MAX200M1 WiMAX IEEE802.16e Indoor Basic CPE-2.5GHz User Manual ZyBook

ZyXEL Communications Corporation WiMAX IEEE802.16e Indoor Basic CPE-2.5GHz ZyBook

User manual4

ZyXEL MAX-200M1 Series User’s Guide221In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. DiameterDiameter (RFC 3588) is a type of AAA server that provides several improvements over RADIUS in efficiency, security, and support for roaming. Security AssociationThe set of information about user authentication and data encryption between two computers is known as a security association (SA). In a WiMAX network, the process of security association has three stages.• Authorization request and replyThe MS/SS presents its public certificate to the base station. The base station verifies the certificate and sends an authentication key (AK) to the MS/SS.• Key request and replyThe MS/SS requests a transport encryption key (TEK) which the base station generates and encrypts using the authentication key. • Encrypted trafficThe MS/SS decrypts the TEK (using the authentication key). Both stations can now securely encrypt and decrypt the data flow.CCMPAll traffic in a WiMAX network is encrypted using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol). CCMP is based on the 128-bit Advanced Encryption Standard (AES) algorithm. ‘Counter mode’ refers to the encryption of each block of plain text with an arbitrary number, known as the counter. This number changes each time a block of plain text is encrypted. Counter mode avoids the security weakness of repeated identical blocks of encrypted text that makes encrypted data vulnerable to pattern-spotting.‘Cipher Block Chaining Message Authentication’ (also known as CBC-MAC) ensures message integrity by encrypting each block of plain text in such a way that its encryption is dependent on the block before it. This series of ‘chained’ blocks creates a message authentication code (MAC or CMAC) that ensures the encrypted data has not been tampered with.
ZyXEL MAX-200M1 Series User’s Guide222Authentication The ZyXEL Device supports EAP-TTLS authentication.EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection (with EAP-TLS digital certifications are needed by both the server and the wireless clients for mutual authentication). Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
ZyXEL MAX-200M1 Series User’s GuideAppendix C 223APPENDIX CSetting up Your Computer’s IP AddressAll computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.TCP/IP should already be installed on computers using Windows NT/2000/XP, Macintosh OS 7 and later operating systems.After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to “communicate” with your network. Windows 95/98/MeClick Start, Settings, Control Panel and double-click the Network icon to open the Network window.
ZyXEL MAX-200M1 Series User’s Guide224 Appendix CFigure 130   WIndows 95/98/Me: Network: ConfigurationInstalling ComponentsThe Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks.If you need the adapter:1In the Network window, click Add.2Select Adapter and then click Add.3Select the manufacturer and model of your network adapter and then click OK.If you need TCP/IP:1In the Network window, click Add.2Select Protocol and then click Add.3Select Microsoft from the list of manufacturers.4Select TCP/IP from the list of network protocols and then click OK.If you need Client for Microsoft Networks:1Click Add.2Select Client and then click Add.
ZyXEL MAX-200M1 Series User’s GuideAppendix C 2253Select Microsoft from the list of manufacturers.4Select Client for Microsoft Networks from the list of network clients and then click OK.5Restart your computer so the changes you made take effect.Configuring 1In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties2Click the IP Address tab.• If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.Figure 131   Windows 95/98/Me: TCP/IP Properties: IP Address3Click the DNS Configuration tab.• If you do not know your DNS information, select Disable DNS.• If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
ZyXEL MAX-200M1 Series User’s Guide226 Appendix CFigure 132   Windows 95/98/Me: TCP/IP Properties: DNS Configuration4Click the Gateway tab.• If you do not know your gateway’s IP address, remove previously installed gateways.• If you have a gateway IP address, type it in the New gateway field and click Add.5Click OK to save and close the TCP/IP Properties window.6Click OK to close the Network window. Insert the Windows CD if prompted.7Restart your computer when prompted.Verifying Settings1Click Start and then Run.2In the Run window, type "winipcfg" and then click OK to open the IP Configuration window.3Select your network adapter. You should see your computer's IP address, subnet mask and default gateway.Windows 2000/NT/XPThe following example figures use the default Windows XP GUI theme.1Click start (Start in Windows 2000/NT), Settings, Control Panel.
ZyXEL MAX-200M1 Series User’s GuideAppendix C 227Figure 133   Windows XP: Start Menu2In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT).Figure 134   Windows XP: Control Panel3Right-click Local Area Connection and then click Properties.
ZyXEL MAX-200M1 Series User’s Guide228 Appendix CFigure 135   Windows XP: Control Panel: Network Connections: Properties4Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties.Figure 136   Windows XP: Local Area Connection Properties5The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).• If you have a dynamic IP address click Obtain an IP address automatically.
ZyXEL MAX-200M1 Series User’s GuideAppendix C 229• If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced.Figure 137   Windows XP: Internet Protocol (TCP/IP) Properties6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.Do one or more of the following if you want to configure additional IP addresses:•In the IP Settings tab, in IP addresses, click Add.•In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.• Repeat the above two steps for each IP address you want to add.• Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways.•In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric.• Click Add. • Repeat the previous three steps for each default gateway you want to add.• Click OK when finished.
ZyXEL MAX-200M1 Series User’s Guide230 Appendix CFigure 138   Windows XP: Advanced TCP/IP Properties7In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP):• Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them.
ZyXEL MAX-200M1 Series User’s GuideAppendix C 231Figure 139   Windows XP: Internet Protocol (TCP/IP) Properties8Click OK to close the Internet Protocol (TCP/IP) Properties window.9Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).11Restart your computer (if prompted).Verifying Settings1Click Start, All Programs, Accessories and then Command Prompt.2In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.Macintosh OS X1Click the Apple menu, and click System Preferences to open the System Preferences window.
ZyXEL MAX-200M1 Series User’s Guide232 Appendix CFigure 140   Macintosh OS X: Apple Menu2Click Network in the icon bar.   • Select Automatic from the Location list.• Select Built-in Ethernet from the Show list. • Click the TCP/IP tab.3For dynamically assigned settings, select Using DHCP from the Configure list.Figure 141   Macintosh OS X: Network4For statically assigned settings, do the following:•From the Configure box, select Manually.• Type your IP address in the IP Address box.• Type your subnet mask in the Subnet mask box.• Type the IP address of your gateway in the Router address box.5Click Apply Now and close the window.
ZyXEL MAX-200M1 Series User’s GuideAppendix C 2336Restart your computer (if prompted).Verifying SettingsCheck your TCP/IP properties in the Network window.Linux This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version. Note: Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE)Follow the steps below to configure your computer IP address using the KDE. 1Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.Figure 142   Red Hat 9.0: KDE: Network Configuration: Devices 2Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown.
ZyXEL MAX-200M1 Series User’s Guide234 Appendix CFigure 143   Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields. 3Click OK to save the changes and close the Ethernet Device General screen. 4If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 144   Red Hat 9.0: KDE: Network Configuration: DNS 5Click the Devices tab.
ZyXEL MAX-200M1 Series User’s GuideAppendix C 2356Click the Activate button to apply the changes. The following screen displays. Click Ye s to save the changes in all screens.Figure 145   Red Hat 9.0: KDE: Network Configuration: Activate 7After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.Using Configuration FilesFollow the steps below to edit the network configuration files and set your computer IP address. 1Assuming that you have only one network card on the computer, locate the ifconfig-eth0 configuration file (where eth0 is the name of the Ethernet card). Open the configuration file with any plain text editor.• If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 146   Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0. DEVICE=eth0ONBOOT=yesBOOTPROTO=dhcpUSERCTL=noPEERDNS=yesTYPE=Ethernet
ZyXEL MAX-200M1 Series User’s Guide236 Appendix CFigure 147   Red Hat 9.0: Static IP Address Setting in ifconfig-eth0   2If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf file in the /etc directory. The following figure shows an example where two DNS server IP addresses are specified.Figure 148   Red Hat 9.0: DNS Settings in resolv.conf   3After you edit and save the configuration files, you must restart the network card. Enter./network restart in the /etc/rc.d/init.d directory. The following figure shows an example.Figure 149   Red Hat 9.0: Restart Ethernet Card Verifying SettingsEnter ifconfig in a terminal screen to check your TCP/IP properties. Figure 150   Red Hat 9.0: Checking TCP/IP Properties DEVICE=eth0ONBOOT=yesBOOTPROTO=staticIPADDR=192.168.1.10NETMASK=255.255.255.0USERCTL=noPEERDNS=yesTYPE=Ethernetnameserver 172.23.5.1nameserver 172.23.5.2[root@localhost init.d]# network restartShutting down interface eth0:                 [OK]Shutting down loopback interface:             [OK]Setting network parameters:                   [OK]Bringing up loopback interface:               [OK]Bringing up interface eth0:                   [OK][root@localhost]# ifconfig eth0      Link encap:Ethernet HWaddr 00:50:BA:72:5B:44            inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:717 errors:0 dropped:0 overruns:0 frame:0          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:100           RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb)          Interrupt:10 Base address:0x1000 [root@localhost]#
ZyXEL MAX-200M1 Series User’s GuideAppendix D 237APPENDIX DIP Addresses and SubnettingThis appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.Introduction to IP AddressesOne part of the IP address is the network number, and the other part is the host ID. In the same way that houses on a street share a common street name, the hosts on a network share a common network number. Similarly, as each house has its own house number, each host on the network has its own unique identifying number - the host ID. Routers use the network number to send packets to the correct network, while the host ID determines to which host on the network the packets are delivered.StructureAn IP address is made up of four parts, written in dotted decimal notation (for example, 192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal.The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID.
ZyXEL MAX-200M1 Series User’s Guide238 Appendix DFigure 151   Network Number and Host IDHow much of the IP address is the network number and how much is the host ID varies according to the subnet mask.  Subnet MasksA subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “sub-network”.A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID. The following example shows a subnet mask identifying the network number (in bold text) and host ID of an IP address (192.168.1.2 in decimal).By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes.Table 95   IP Address Network Number and Host ID Example1ST OCTET:(192)2ND OCTET:(168)3RD OCTET:(1)4TH OCTET(2)IP Address (Binary) 11000000 10101000 00000001 00000010Subnet Mask (Binary) 11111111 11111111 11111111 00000000Network Number 11000000 10101000 00000001Host ID 00000010
ZyXEL MAX-200M1 Series User’s GuideAppendix D 239Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Network SizeThe size of the network number determines the maximum number of possible hosts you can have on your network. The larger the number of network number bits, the smaller the number of remaining host ID bits. An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network  (192.168.1.255 with a 24-bit subnet mask, for example).As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows:NotationSince the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Table 96   Subnet MasksBINARYDECIMAL1ST OCTET2ND OCTET3RD OCTET 4TH OCTET8-bit mask 11111111 00000000 00000000 00000000 255.0.0.016-bit mask 11111111 11111111 00000000 00000000 255.255.0.024-bit mask 11111111 11111111 11111111 00000000 255.255.255.029-bit mask 11111111 11111111 11111111 11111000 255.255.255.248Table 97   Maximum Host NumbersSUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS8 bits 255.0.0.0 24 bits 224 – 2 1677721416 bits 255.255.0.0 16 bits 216 – 2 6553424 bits 255.255.255.0 8 bits 28 – 2 25429 bits 255.255.255.248 3 bits 23 – 2 6Table 98   Alternative Subnet Mask NotationSUBNET MASK ALTERNATIVE NOTATIONLAST OCTET (BINARY)LAST OCTET (DECIMAL)255.255.255.0 /24 0000 0000 0255.255.255.128 /25 1000 0000 128
ZyXEL MAX-200M1 Series User’s Guide240 Appendix DSubnettingYou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 – 2 or 254 possible hosts.The following figure shows the company network before subnetting.  Figure 152   Subnetting Example: Before SubnettingYou can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub-networks, A and B. 255.255.255.192 /26 1100 0000 192255.255.255.224 /27 1110 0000 224255.255.255.240 /28 1111 0000 240255.255.255.248 /29 1111 1000 248255.255.255.252 /30 1111 1100 252Table 98   Alternative Subnet Mask Notation (continued)SUBNET MASK ALTERNATIVE NOTATIONLAST OCTET (BINARY)LAST OCTET (DECIMAL)
ZyXEL MAX-200M1 Series User’s GuideAppendix D 241Figure 153   Subnetting Example: After SubnettingIn a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126. Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.Example: Four Subnets The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 99   Subnet 1IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address (Decimal) 192.168.1. 0IP Address (Binary) 11000000.10101000.00000001. 00000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.0Lowest Host ID: 192.168.1.1Broadcast Address: 192.168.1.63Highest Host ID: 192.168.1.62
ZyXEL MAX-200M1 Series User’s Guide242 Appendix DExample: Eight SubnetsSimilarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.Table 100   Subnet 2IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 64IP Address (Binary) 11000000.10101000.00000001. 01000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.64Lowest Host ID: 192.168.1.65Broadcast Address: 192.168.1.127Highest Host ID: 192.168.1.126Table 101   Subnet 3IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 128IP Address (Binary) 11000000.10101000.00000001. 10000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.128Lowest Host ID: 192.168.1.129Broadcast Address: 192.168.1.191Highest Host ID: 192.168.1.190Table 102   Subnet 4IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 192IP Address (Binary) 11000000.10101000.00000001. 11000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.192Lowest Host ID: 192.168.1.193Broadcast Address: 192.168.1.255Highest Host ID: 192.168.1.254Table 103   Eight SubnetsSUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESSBROADCAST ADDRESS1 0 1 30 31232 33 62 63364 65 94 95496 97 126 127
ZyXEL MAX-200M1 Series User’s GuideAppendix D 243Subnet PlanningThe following table is a summary for subnet planning on a network with a 24-bit network number.The following table is a summary for subnet planning on a network with a 16-bit network number. 5128 129 158 1596160 161 190 1917192 193 222 2238224 225 254 255Table 103   Eight Subnets (continued)SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESSBROADCAST ADDRESSTable 104   24-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.255.128 (/25) 21262255.255.255.192 (/26) 4623255.255.255.224 (/27) 8304255.255.255.240 (/28) 16 145255.255.255.248 (/29) 32 66255.255.255.252 (/30) 64 27255.255.255.254 (/31) 128 1Table 105   16-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.128.0 (/17) 2327662255.255.192.0 (/18) 4163823255.255.224.0 (/19) 881904255.255.240.0 (/20) 16 40945255.255.248.0 (/21) 32 20466255.255.252.0 (/22) 64 10227255.255.254.0 (/23) 128 5108255.255.255.0 (/24) 256 2549255.255.255.128 (/25) 512 12610 255.255.255.192 (/26) 1024 6211 255.255.255.224 (/27) 2048 3012 255.255.255.240 (/28) 4096 1413 255.255.255.248 (/29) 8192 6
ZyXEL MAX-200M1 Series User’s Guide244 Appendix DConfiguring IP AddressesWhere you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the ZyXEL Device.  Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise.Private IP AddressesEvery machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:• 10.0.0.0     — 10.255.255.255• 172.16.0.0   — 172.31.255.255• 192.168.0.0 — 192.168.255.255You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.14 255.255.255.252 (/30) 16384 215 255.255.255.254 (/31) 32768 1Table 105   16-bit Network Number Subnet Planning (continued)NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET
ZyXEL MAX-200M1 Series User’s GuideAppendix D 245
ZyXEL MAX-200M1 Series User’s Guide246 Appendix D
ZyXEL MAX-200M1 Series User’s GuideAppendix E 247APPENDIX ESIP PassthroughEnabling/Disabling the SIP ALGYou can turn off the ZyXEL Device SIP ALG to avoid retranslating the IP address of an existing SIP device that is using STUN. If you want to use STUN with a SIP client device (a SIP phone or IP phone for example) behind the ZyXEL Device, use the ip alg disable ALG_SIP command to turn off the SIP ALG.Signaling Session TimeoutMost SIP clients have an “expire” mechanism indicating the lifetime of signaling sessions. The SIP UA sends registration packets to the SIP server periodically and keeps the session alive in the ZyXEL Device. If the SIP client does not have this mechanism and makes no call during the ZyXEL Device SIP timeout default (60 minutes), the ZyXEL Device SIP ALG drops any incoming calls after the timeout period. You can use the ip alg siptimeout command to change the timeout value.Audio Session TimeoutIf no voice packets go through the SIP ALG before the timeout period default (5 minutes) expires, the SIP ALG does not drop the call but blocks all voice traffic and deletes the audio session. You cannot hear anything and you will need to make a new call to continue your conversation.
ZyXEL MAX-200M1 Series User’s Guide248 Appendix E
ZyXEL MAX-200M1 Series User’s GuideAppendix F 249APPENDIX FServicesThe following table lists some commonly-used services and their associated protocols and port numbers.•Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.•Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.•Port(s): This value depends on the Protocol.• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.• If the Protocol is USER, this is the IP protocol number.•Description: This is a brief explanation of the applications that use this service or the situations in which this service is used.Table 106   Examples of ServicesNAME PROTOCOL PORT(S) DESCRIPTIONAH (IPSEC_TUNNEL)User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service.AIM TCP 5190 AOL’s Internet Messenger service.AUTH TCP 113 Authentication protocol used by some servers.BGP TCP 179 Border Gateway Protocol.BOOTP_CLIENT UDP 68 DHCP Client.BOOTP_SERVER UDP 67 DHCP Server.CU-SEEME TCP/UDPTCP/UDP 764824032A popular videoconferencing solution from White Pines Software.DNS TCP/UDP 53 Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers.ESP (IPSEC_TUNNEL)User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service.FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.FTP TCPTCP2021File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail.H.323 TCP 1720 NetMeeting uses this protocol.
ZyXEL MAX-200M1 Series User’s Guide250 Appendix FHTTP TCP 80 Hyper Text Transfer Protocol - a client/server protocol for the world wide web.HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce.ICMP User-Defined 1Internet Control Message Protocol is often used for diagnostic purposes.ICQ UDP 4000 This is a popular Internet chat program.IGMP (MULTICAST) User-Defined 2Internet Group Multicast Protocol is used when sending packets to a specific group of hosts.IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management.IMAP4 TCP 143 The Internet Message Access Protocol is used for e-mail.IMAP4S TCP 993 This is a more secure version of IMAP4 that runs over SSL.IRC TCP/UDP 6667 This is another popular Internet chat program.MSN Messenger TCP 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDPTCP/UDPTCP/UDPTCP/UDP137138139445The Network Basic Input/Output System is used for communication between computers in a LAN.NEW-ICQ TCP 5190 An Internet chat program.NEWS  TCP 144 A protocol for news groups.NFS UDP 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments.NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.PING User-Defined 1Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other).POP3S TCP 995 This is a more secure version of POP3 that runs over SSL.PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel.PPTP_TUNNEL (GRE)User-Defined 47 PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel.Table 106   Examples of Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
ZyXEL MAX-200M1 Series User’s GuideAppendix F 251RCMD TCP 512 Remote Command Service.REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web.REXEC TCP 514 Remote Execution Daemon.RLOGIN TCP 513 Remote Login.ROADRUNNER TCP/UDP 1026 This is an ISP that provides services mainly for cable modems.RTELNET TCP 107 Remote Telnet.RTSP TCP/UDP 554 The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP TCP 115 The Simple File Transfer Protocol is an old way of transferring files between computers.SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.SMTPS TCP 465 This is a more secure version of SMTP that runs over SSL.SNMP TCP/UDP 161 Simple Network Management Program.SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).SQL-NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers.SSDP UDP 1900 The Simple Service Discovery Protocol supports Universal Plug-and-Play (UPnP).SSH TCP/UDP 22 Secure Shell Remote Login Program.STRM WORKS UDP 1558 Stream Works Protocol.SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server.TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System).TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).VDOLIVE TCPUDP7000user-definedA videoconferencing solution. The UDP port number is specified in the application.Table 106   Examples of Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
ZyXEL MAX-200M1 Series User’s Guide252 Appendix F
ZyXEL MAX-200M1 Series User’s GuideIndex 253IndexAAAA 72about this User’s Guide 27AbS 111accounting serversee AAAACK message 106activity 72address resolution protocol (ARP) 87advanced encryption standardsee AESAES 221AK 221ALG 99, 217alternative subnet mask notation 239analysis-by-synthesis 111antenna 215any IP 216note 87application layer gateway 99, 109, 217Application Layer Gateway. See ALG.authentication 65, 72, 73, 219inner 222types 222authentication keysee AKauthentication serversee AAAauthorization 219authorization request and reply 221authorization serversee AAAauto firmware upgrade 216auto-discovering UPnP-enabled network devices 167automatic log out 35auto-provisioning 216Bbase stationsee BSBS 71links 71BYE request 106Ccall hold 122, 124call service mode 122, 124call transfer 123, 124call waiting 123, 124CBC-MAC 221CCMP 219, 221CD 27cell 71certificate 219verification 221certifications 4notices 5viewing 5chaining 221chaining message authenticationsee CCMPchange password at login 34circuit-switched telephone networks 105Class of Service (CoS) 113clicks 111client serverSIP 106client-server protocol 106CMACsee MACcode 219codec 110coder/decoder 110comfort noise 121comfort noise generation 217computer IP address 223computer name 197configuration 27configuration upload successful 195connections 27, 31contact information 9copyright 3CoS 113counter modesee CCMP
ZyXEL MAX-200M1 Series User’s Guide254 Indexcoverage area 71cryptography 219customer support 9Ddata encryption 219, 221data flow 221data rate 215daytime RFC 867 203decoder 110decryption 219, 221default LAN IP address 33device name 175DHCP 197, 198, 217DHCP client 217DHCP clients 197DHCP relay 217DHCP server 217DIAMETER 72differentiated services 113DiffServ 113DiffServ Code Point (DSCP) 113DiffServ code point (DSCP) 113DiffServ marking rule 113digital ID 219dimensions 215disclaimer 3DL frequency 78domain name 197download frequencysee DL frequencyDS field 113DSCPs 113DTMF 111dual-tone multi-frequencysee DTMFduplex 215dynamic DNS 198, 217dynamic host configuration protocol 217dynamic jitter buffer 217EEAP 72echo cancellation 121, 217encoding 219encrypted traffic 221encryption 219, 221environmental specifications 215ethernet 215ethernet encapsulation 97europe type call service mode 122extensible authorization protocolsee EAPExternal Antenna 216FFCC interference statement 4firewall 131, 132firmware 191firmware upload 192firmware upload error 193flash key 122flashing 122frequency band 78scanning 78frequency pairs 111frequency ranges 78FTP 153, 198FTP restrictions 153GG.168 121, 217G.7 11  110G.729 111Graphical User Interface (GUI) 29graphics icons key 28Hhardware 27, 31HTTP 191humidity 215hybrid waveform codec 111hypertext transfer protocol 191
ZyXEL MAX-200M1 Series User’s GuideIndex 255IIANA 244icons 28identity 72, 219idle timeout 154IEEE 802.16 71, 219IEEE 802.16e 27, 71IEEE 802.1Q VLAN 113IGD 1.0 164inner authentication 222install UPnP 164Windows Me 164Windows XP 166installation 27, 31interface 215interference 206Internet access 72, 216Internet access wizard setup 49Internet Assigned Numbers AuthoritySee IANA 244Internet gateway device 164Internet service providersee ISPInternet Telephony Service Provider 30Internet telephony service provider 105interoperability 71introduction 29IP alias 217IP policy routing (IPPR) 217IP-PBX 105ISP 41ITSP 105ITU-T 121Jjitter buffer 217Kkey 65, 73, 219key request and reply 221Llanguage 27link qualitytroubleshooting 206listening port 118log out 35MMAC 221MAN 71management information base (MIB) 157manual site survey 78media access protocol 215message authentication codesee MACmessage integrity 221message waiting indication 111Metropolitan Area Networksee MANmicrowave 71mobile stationsee MSmodulation 215mouse action sequences 27MS 71multimedia 105multiple PVC support 217multiple SIP accounts 217MWI 111NNAT 244and remote management 154server sets 97NAT routers 109NAT traversal 163network activity 72network address translation (NAT) 216network address translators 109network disconnect 193, 195network services 72NTP RFC 1305 203NTP time servers 198
ZyXEL MAX-200M1 Series User’s Guide256 IndexOOK response 106operating humidity 215operating temperature 215outbound proxy 109, 110SIP 110outbound proxy server 110Ppattern-spotting 221PBX services 105PCM 110peer-to-peer calls 139per-hop behavior 113PHB (per-hop behavior) 113phone book 139phone services 121physical specifications 215PKMv2 65, 72, 73, 219, 222plain text encryption 221port forwarding 97port numbers 97services 97port numbers 97power 215output 215power supply 215pre-defined NTP time servers list 198preparation 29privacy key managementsee PKMprivate key 219product registration 8product specificationssee specificationsproxy serverSIP 107PSTN 111public certificate 221public key 65, 73, 219Public Switched Telephone Network 111pulse code modulation 110pulse dialing 111QQoS 112, 217quality of servicesee QoSQuick Start Guide 27, 31, 33Rradio specifications 215RADIUS 72, 220Shared Secret Key 221RADIUS Message Types 220RADIUS Messages 220real-time transport protocol 108reception 206redirect serverSIP 108register serverSIP 108registrationproduct 8related documentation 27remote management 153remote management and NAT 154remote management limitations 153REN 217required bandwidth 111reset button 35, 194resetting the time 199resetting your device 35RFC 1305 203RFC 1889 108RFC 3489 109RFC 3842 111RFC 867 203RFC 868 203ringer equivalence number 217RTP 108Ssafety warnings 6secure communication 65, 73, 219secure connection 72security 215, 219
ZyXEL MAX-200M1 Series User’s GuideIndex 257security association 221see SAsee QoSsee WANserver, outbound proxy 110services 72, 97session initiation protocolsee SIPsilence suppression 121, 217silent packets 121SIP 105ALG 99authentication 56authentication password 56SIP account 105, 217SIP ACK message 106SIP ALG 99, 109, 217SIP application layer gateway 99, 217SIP BYE request 106SIP call progression 106SIP client 106SIP client server 106SIP identities 105SIP INVITE request 106SIP number 56, 105SIP OK response 106SIP outbound proxy 110SIP proxy server 107SIP redirect server 108SIP register server 108SIP server address 56SIP servers 106SIP service domain 56, 106SIP URI 105SIP user agent 107SNMP 156manager 157MIBs 157sound quality 110specifications 215physical and environmental 215radio 215speed dial 139SS 71standards 215stateful inspection 131storage humidity 215storage temperature 215STUN 109subnet 237subnet mask 238subnetting 240subscriber stationsee SSsupplementary phone services 121support 27support CD 27syntax conventions 27system name 197system timeout 154TtamperingTDD 215TEK 221telephone keys 111temperature 215terms 27TFTP restrictions 153three-way conference 123, 125timeresetting 199time RFC 868 203TLS 65, 73, 219ToS 112Touch Tone® 111trademarks 3transport encryption keysee TEKtransport layer securitysee TLStriangle 134triangle routesolutions 134trigger port forwarding 98process 98troubleshootinglink quality 206TTLS 65, 73, 219, 222tunneled TLSsee TTLSType of Service 112UUIC 164unauthorized device 219
ZyXEL MAX-200M1 Series User’s Guide258 Indexuniform resource identifier 105Universal Plug and Play 163application 163security issues 163Universal Plug and Play (UPnP) 216Universal Plug and Play Forum 164UPnP 163, 175auto-discovery 167installing example 164UPnP certification 164USA type call service mode 124use NAT 109user agent, SIP 107user authentication 219user ID 56user name 201VVAD 121, 217verification 221virtual local area networksee VLANVLAN 113VLAN group 113VLAN ID 113VLAN ID tags 113VLAN tags 113voice activity detection 121, 217voice coding 110voice mail 105voice over IPsee VoIPVoIP 27, 105standards compliance 217WWAN 71WAN setup 71warranty 8note 8waveform codec 110weather conditions 206web configurator 33weight 215wide area networkWiMAX 27, 71, 215security 221WiMAX Forum 71WiMAX bandwidth 215Wireless Interoperability for Microwave Accesssee WiMAXwireless Metropolitan Area Networksee MANwireless network 27access 71standard 71wireless security 215, 219wizard setup 49ZZyXEL utility 29, 31

Navigation menu