ZyXEL MAX207HW2 User Manual

Appendix D IP Addresses and Subnetting

Notation

Since the mask is always a continuous number of ones beginning from the left,
followed by a continuous number of zeros for the remainder of the 32 bit mask,
you can simply specify the number of ones instead of writing the value of each
octet. This is usually spec if i e d by wri t ing a “/” followed by the number of bits in
the mask after the address.

For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask

255.255.255.128.

The following table shows some possible subnet masks using both notations.

Table 74 Alternative Subnet Mask Notation

SUBNET MASK

255.255.255.0 /24 0000 0000 0

255.255.255.128 /25 1000 0000 128

255.255.255.192 /26 1100 0000 192

255.255.255.224 /27 1110 0000 224

255.255.255.240 /28 1111 0000 240

255.255.255.248 /29 1111 1000 248

255.255.255.252 /30 1111 1100 252

ALTERNATIVE
NOTATION

LAST OCTET
(BINARY)

LAST OCTET
(DECIMAL)

Subnetting

You can use subnetting to divide one network into multiple sub-networks. In the
following example a network administrator creates two sub-networks to isolate a
group of servers from the rest of the company network for security reasons.

In this example, the company network address is 192.168.1.0. The first three
octets of the address (192.168.1) are the network number, and the remaining
octet is the host ID, allowing a maximum of 2

8

– 2 or 254 possible hosts.

232

User’s Guide

Appendix D IP Addresses and Subnetting

The following figure shows the company network before subnetting.

Figure 119 Subnetting Example: Before Subnetting

You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into
two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or
/25).

The “borrowed” host ID bit can have a value of either 0 or 1, allowing two
subnets; 192.168.1.0 /25 and 192.168.100.128 /25.

User’s Guide

233

Appendix D IP Addresses and Subnetting

The following figure shows the company network after subnetting. There are now
two sub-networks, A and B.

Figure 120 Subnetting Example: After Subnetting

In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of

7

2

– 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself,

all ones is the subnet’s broadcast address).

192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.100.127
with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP
address that can be assigned to an actual host for subnet A is 192.168.100.1 and
the highest is 192.168.100.126.

Similarly, the host ID range for subnet B is 192.168.100.129 to 192.168.1.254.

Example: Four Subnets

The previous example illustrated using a 25-bit subnet mask to divide a 24-bit
address into two subnets. Similarly, to divide a 24-bit address into four subnets,
you need to “borrow” two host ID bits to give four possible combinations (00, 01,
10 and 11). The subnet mask is 26 bits
(11111111.11111111.11111111.11000000) or 255.255.255.192.

234

User’s Guide

Appendix D IP Addresses and Subnetting

Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a
host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast
address).

Table 75 Subnet 1

IP/SUBNET MASK NETWORK NUMBER

IP Address (Decimal) 192.168.1. 0
IP Address (Binary) 11000000.10101000.00000001. 00000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:

192.168.1.0
Broadcast Address:

192.168.1.63

Lowest Host ID: 192.168.100.1

Highest Host ID: 192.168.1.62

LAST OCTET BIT
VALUE

Table 76 Subnet 2

IP/SUBNET MASK NETWORK NUMBER

IP Address 192.168.1. 64
IP Address (Binary) 11000000.10101000.00000001. 01000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:

192.168.1.64
Broadcast Address:

192.168.100.127

Lowest Host ID: 192.168.1.65

Highest Host ID: 192.168.100.126

LAST OCTET BIT
VALUE

Table 77 Subnet 3

IP/SUBNET MASK NETWORK NUMBER

IP Address 192.168.1. 128
IP Address (Binary) 11000000.10101000.00000001. 10000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:

192.168.100.128
Broadcast Address:

192.168.100.191

Lowest Host ID: 192.168.100.129

Highest Host ID: 192.168.100.190

LAST OCTET BIT
VALUE

Table 78 Subnet 4

IP/SUBNET MASK NETWORK NUMBER

IP Address 192.168.1. 192
IP Address (Binary) 11000000.10101000.00000001. 11000000
Subnet Mask (Binary) 11111111.11111111.11111111. 11000000
Subnet Address:

192.168.100.192
Broadcast Address:

192.168.1.255

Lowest Host ID: 192.168.100.193

Highest Host ID: 192.168.1.254

LAST OCTET BIT
VALUE

User’s Guide

235

Appendix D IP Addresses and Subnetting

Example: Eight Subnets

Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100,
101, 110 and 111).

The following table shows IP address last octet values for each subnet.

Table 79 Eight Subnets

SUBNET

1 0 1 30 31
2 32 33 62 63
3 64 65 94 95
4 96 97 126 127
5 128 129 158 159
6 160 161 190 191
7 192 193 222 223
8 224 225 254 255

SUBNET
ADDRESS

FIRST ADDRESS

LAST
ADDRESS

BROADCAST
ADDRESS

Subnet Planning

The following table is a summary for subnet planning on a network with a 24-bit
network number.

Table 80 24-bit Network Number Subnet Planning

NO. “BORROWED”
HOST BITS

1 255.255.255.128 (/25) 2 126
2 255.255.255.192 (/26) 4 62
3 255.255.255.224 (/27) 8 30
4 255.255.255.240 (/28) 16 14
5 255.255.255.248 (/29) 32 6
6 255.255.255.252 (/30) 64 2
7 255.255.255.254 (/31) 128 1

The following table is a summary for subnet planning on a network with a 16-bit
network number.

Table 81 16-bit Network Number Subnet Planning

NO. “BORROWED”
HOST BITS

1 255.255.128.0 (/17) 2 32766
2 255.255.192.0 (/18) 4 16382

SUBNET MASK NO. SUBNETS

SUBNET MASK NO. SUBNETS

NO. HOSTS PER
SUBNET

NO. HOSTS PER
SUBNET

236

User’s Guide

Appendix D IP Addresses and Subnetting

Table 81 16-bit Network Number Subnet Planning (continued)

NO. “BORROWED”
HOST BITS

3 255.255.224.0 (/19) 8 8190
4 255.255.240.0 (/20) 16 4094
5 255.255.248.0 (/21) 32 2046
6 255.255.252.0 (/22) 64 1022
7 255.255.254.0 (/23) 128 510
8 255.255.255.0 (/24) 256 254
9 255.255.255.128 (/25) 512 126
10 255.255.255.192 (/26) 1024 62
11 255.255.255.224 (/27) 2048 30
12 255.255.255.240 (/28) 4096 14
13 255.255.255.248 (/29) 8192 6
14 255.255.255.252 (/30) 16384 2
15 255.255.255.254 (/31) 32768 1

SUBNET MASK NO. SUBNETS

NO. HOSTS PER
SUBNET

Configuring IP Addresses

Where you obtain your network number depends on your particular situation. If
the ISP or your network administrator assigns you a block of registered IP
addresses, follow their instructions in selecting the IP addresses and the subnet
mask.

If the ISP did not explicitly give you an IP network number, then most likely you
have a single user account and the ISP will assign you a dynamic IP address when
the connection is established. If this is the case, it is recommended that you select
a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned
Number Authority (IANA) reserved this block of addresses specifically for private
use; please do not use any other number unless you are told otherwise. Y ou must
also enable Network Address Translation (NAT) on the WiMAX Modem.

Once you have decided on the network nu mber, pick an IP address for your WiMAX
Modem that is easy to remember (for instance, 192.168.100.1) but make sure
that no other device on your network is using that IP address.

The subnet mask specifies the network number portion of an IP address. Your
WiMAX Modem will compute the subnet mask automatically based on the IP
address that you entered. Y ou don't need to change the subnet mask computed by
the WiMAX Modem unless you are instructed to do otherwise.

User’s Guide

237

Appendix D IP Addresses and Subnetting

Private IP Addresses

Every machine on the Internet must have a unique address. If your networks are
isolated from the Internet (running only between two branch offices, for example)
you can assign any IP addresses to the hosts without problems. However, the
Internet Assigned Numbers Authority (IANA) has reserved the following three
blocks of IP addresses specifically for private networks:

• 10.0.0.0 — 10.255.255.255

• 172.16.0.0 — 172.31.255.255

• 192.168.0.0 — 192.168.255.255
You can obtain your IP address from the IANA, from an ISP, or it can be assigned

from a private network. If you belong to a small organization and your Internet
access is through an ISP, the ISP can provide you with the Internet addresses for
your local networks. On the other hand, if you are part of a much larger
organization, you should consult your network administrator for the appropriate IP
addresses.

Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address assignment,
please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466,
Guidelines for Management of IP Address Space.

IP Address Conflicts

Each device on a network must have a unique IP address. Devices with duplicate
IP addresses on the same network will not be able to access the Internet or other
resources. The devices may also be unreachable through the network.

Conflicting Computer IP Addresses Example

More than one device can not use the same IP address. In the following example
computer A has a static (or fixed) IP address that is the same as the IP address
that a DHCP server assigns to computer B which is a DHCP client. Neither can
access the Internet. This problem can be solved by assigning a different static IP

238

User’s Guide

address to computer A or setting computer A to obtain an IP address
automatically.

Figure 121 Conflicting Computer IP Ad dresses Example

Conflicting Router IP Addresses Example

Appendix D IP Addresses and Subnetting

Since a router connects different networks, it must have interfaces using different
network numbers. For example, if a router is set between a LAN and the Internet
(WAN), the router’ s LAN and WAN addresses must be on different subnets. In the
following example, the LAN and WAN are on the same subnet. The LAN computers
cannot access the Internet because the router cannot route between networks.

Figure 122 Conflicting Computer IP Ad dresses Example

Conflicting Computer and Router IP Addresses Example

More than one device can not use the same IP address. In the following example,
the computer and the router’s LAN port both use 192.168.100.1 as the IP address.

User’s Guide

239

Appendix D IP Addresses and Subnetting

The computer cannot access the Internet. This problem can be solved by
assigning a different IP address to the computer or the router’s LAN port.

Figure 123 Conflicting Computer and Router IP Addresses Example

240

User’s Guide

APPENDIX E

Importing Certificates

This appendix shows you how to import public key certificates into your web
browser.

Public key certificates are used by web browsers to ensure that a secure web site
is legitimate. When a certificate authority such as VeriSign, Comodo, or Network
Solutions, to name a few, receives a certificate request from a website operator,
they confirm that the web domain and contact information in the request match
those on public record with a domain name registrar. If they match, then the
certificate is issued to the website operator, who then places it on the site to be
issued to all visiting web browsers to let them know that the site is legitimate.

Many ZyXEL products, such as the NSA-2401, issue their own public key
certificates. These can be used by web browsers on a LAN or WAN to verify that
they are in fact connecting to the legitimate device and not one masquerading as
it. However, because the certificates were not issued by one of the several
organizations officially recognized by the most common web browsers, you will
need to import the ZyXEL-created certificate into your web browser and flag that
certificate as a trusted authority.

User’s Guide

Note: You can see if you are browsing on a secure website if the URL in your web

browser’s address bar begins with https:// or there is a sealed padlock
icon ( ) somewhere in the main browser window (not all browsers show the
padlock in the same location.)

In this appendix, you can import a public key certificate for:

• Internet Explorer on page 242

•Firefox on page 252

•Opera on page 258

• Konqueror on page 266

241

Appendix E Importing Certificates

Internet Explorer

The following example uses Microsoft Internet Explorer 7 on Windows XP
Professional; however, they can also apply to Internet Explorer on Windows Vista.

1 If your device’s web configur ator is set t o use SSL c ertification, t hen the first time

you browse to it you are presented with a certification error.

Figure 124 Internet Explorer 7: Certification Error

2 Click Continue to this website (not recommended).

Figure 125 Internet Explorer 7: Certification Error

242

User’s Guide

Appendix E Importing Certificates

3 In the Address Bar, click Certificate Error > View certificates.

Figure 126 Internet Explorer 7: Certificate Error

4 In the Certificate dialog box, click Install Certificate.

Figure 127 Internet Explorer 7: Certificate

User’s Guide

243

Appendix E Importing Certificates

5 In the Certificate Import Wizard, click Next.

Figure 128 Internet Explorer 7: Certificate Import Wizard

6 If you want Internet Explorer to Automatically select certificate store based

on the type of certificate, click Next again and then go to step 9.

Figure 129 Internet Explorer 7: Certificate Import Wizard

244

User’s Guide

Appendix E Importing Certificates

7 Otherwise, select Place all certificates in the following store and then click

Browse.

Figure 130 Internet Explorer 7: Certificate Import Wizard

8 In the Select Certificate Store dialog box, choose a location in which to save the

certificate and then click OK.

Figure 131 Internet Explorer 7: Select Certificate Store

User’s Guide

245

Appendix E Importing Certificates

9 In the Completing the Certificate Import Wizard screen, click Finish.

Figure 132 Internet Explorer 7: Certificate Import Wizard

10 If you are presented with another Security Warning, click Yes.

Figure 133 Internet Explorer 7: Security Warning

246

User’s Guide

Appendix E Importing Certificates

11 Finally, click OK when presented with the successful certificate installation

message.

Figure 134 Internet Explorer 7: Certificate Import Wizard

12 The next time you start Internet Explorer and go to a ZyXEL web configurator

page, a sealed padlock icon appears in the address bar. Click it to view the page’s
Website Identification information.

Figure 135 Internet Explorer 7: Website Identification

User’s Guide

247

Appendix E Importing Certificates

Installing a Stand-Alone Certificate File in Internet Explorer

Rather than browsing to a ZyXEL web configurator and installing a public key
certificate when prompted, you can install a stand-alone certificate file if one has
been issued to you.

1 Double-click the public key certificate file.

Figure 136 Internet Explorer 7: Public Key Certificate File

2 In the security warning dialog box, click Open.

Figure 137 Internet Explorer 7: Open File - Security Warning

248

3 Refer to steps 4-12 in the Internet Explorer procedure beginning on page 242 to

complete the installation process.

User’s Guide

Removing a Certificate in Internet Explorer

This section shows you how to remove a public key certificate in Internet Explorer

7.

1 Open Internet Explorer and click TOOLS > Internet Options.

Figure 138 Internet Explorer 7: Tools Menu

Appendix E Importing Certificates

2 In the Internet Options dialog box, click Content > Certificates.

Figure 139 Internet Explorer 7: Internet Options

User’s Guide

249