ZyXEL Communications P2612HWUFX User Manual

Chapter 15 Certificates

Table 96 Security > Certificates > Trusted CAs (continued)

LABEL DESCRIPTION

Subject This field displays identifying information about the certificate’s owner,

such as CN (Common Name), OU (Organizational Unit or department),
O (Organization or company) and C (Country). It is recommended that
each certificate have unique subject information.

Issuer This field displays identifying information about the certificate’s issuing

certification authority, such as a common name, organizational unit or
department, organization or company and country. With self-signed
certificates, this is the same information as in the Subject field.

Valid From This field displays the date that the certificate becomes applicable. The

text displays in red and includes a Not Yet Valid! message if the
certificate has not yet become applicable.

Valid To This field displays the date that the certificate expires. The text displays

in red and includes an Expiring! or Expired! message if the certificate is
about to expire or has already expired.

CRL Issuer This field displays Yes if the certification authority issues Certificate

Revocation Lists for the certificates that it has issued and you have
selected the Issues certificate revocation lists (CRL) check box in
the certificate’s details screen to have the ZyXEL Device check the CRL
before trusting any certificates issued by the certification authority.
Otherwise the field displays “No”.

Modify Click the Edit icon to open a screen with an in-depth list of information

about the certificate.
Click the Remove icon to remove the certificate. A window displays

asking you to confirm that you want to delete the certificates. Note that
subsequent certificates move up by one when you take this action.

Import Click Import to open a screen where you can save the certificate of a

certification authority that you trust, from your computer to the ZyXEL
Device.

Refresh Click this button to display the current validity status of the certificates.

15.6 Trusted CA Import

Click Security > Certificates > Trusted CAs to open the Trusted CAs screen
and then click Import to open the Trusted CA Import screen. Follow the
instructions in this screen to save a trusted certification authority’s certificate to
the ZyXEL Device.

P-2612HWU-F1 User’s Guide

301

Chapter 15 Certificates

Note: You must remove any spaces from the certificate’s filename before you can

import the certificate.

Figure 179 Security > Certificates > Trusted CA > Import

The following table describes the labels in this screen.

Table 97 Security > Certificates > Trusted CA > Import

LABEL DESCRIPTION

File Path Type in the location of the file you want to upload in this field or click Browse

to find it.
Browse Click Browse to find the certificate file you want to upload.
Back Click Back to return to the previous screen.
Apply Click Apply to save the certificate on the ZyXEL Device.
Cancel Click Cancel to quit and return to the Trusted CAs screen.

15.7 Trusted CA Details

Click Security > Certificates > Trusted CAs to open the Trusted CAs screen.
Click the details icon to open the Trusted CA Details screen. Use this screen to
view in-depth information about the certification authority’s cert ificate, change the
certificate’s name and set whether or not you want the ZyXEL Device to check a

302

P-2612HWU-F1 User’s Guide

Chapter 15 Certificates

certification authority’s list of revoked certificates before trusting a certificate
issued by the certification authority.

Figure 180 Security > Certificates > Trusted CA > Details

P-2612HWU-F1 User’s Guide

303

Chapter 15 Certificates

The following table describes the labels in this screen.

Table 98 Security > Certificates > Trusted CA > Details

LABEL DESCRIPTION

Certificate Name This field displays the identifying name of this certificate. If you want

Property
Issues certificate
revocation lists
(CRLs)

Certificate Path Click the Refresh button to have this read-only text box display the

Refresh Click Refresh to display the certification path.
Certificate

Information
T ype This field displays general information about the certificate. CA-signed

Version This field displays the X.509 version number.
Serial Number This fie ld displays the certificate’s identification number given by the

Subject This field displays information that identifies the owner of the

Issuer This field displays identifying information about the certificate’s

to change the name, type up to 31 characters to identify this key
certificate. You may use any character (not including spaces).

Select this check box to have the ZyXEL Device check incoming
certificates that are issued by this certification authority against a
Certificate Revocation List (CRL).

Clear this check box to have the ZyXEL Device not check incoming
certificates that are issued by this certification authority against a
Certificate Revocation List (CRL).

end entity’s certificate and a list of certification authority certificates
that shows the hierarchy of certification authorities that validate the
end entity’s certificate. If the issuing certification authority is one that
you have imported as a trusted certification authority, it may be the
only certification authority in the list (along with the end entity’s own
certificate). The ZyXEL Device does not trust the end entity’s
certificate and displays “Not trusted” in this field if any certificate on
the path has expired or been revoked.

These read-only fields display detailed information about the
certificate.

means that a Certification Authority signed the certificate. Self-signed
means that the certificate’s owner signed the certificate (not a
certification authority). X.509 means that this certificate was created
and signed according to the ITU-T X.509 recommendation that
defines the formats for public-key certificates.

certification authority.

certificate, such as Common Name (CN), Organizational Unit (OU),
Organization (O) and Country (C).

issuing certification authority , such as Common Name, Organizational
Unit, Organization and Country.

304

With self-signed certificates, this is the same information as in the
Subject Name field.

Signature
Algorithm

Valid From This field displays the date that the certificate becomes applicable.

This field displays the type of algorithm that was used to sign the
certificate. Some certification authorities use rsa-pkcs1-sha1 (RSA
public-private key encryption algorithm and the SHA1 hash
algorithm). Other certification authorities may use rsa-pkcs1-md5
(RSA public-private key encryption algorithm and the MD5 hash
algorithm).

The text displays in red and includes a Not Yet Valid! message if the
certificate has not yet become applicable.

P-2612HWU-F1 User’s Guide

Chapter 15 Certificates

Table 98 Security > Certificates > Trusted CA > Details (continued)

LABEL DESCRIPTION

Valid To This field displays the date that the certificate expires. The text

displays in red and includes an Expiring! or Expired! message if the
certificate is about to expire or has already expired.

Key Algorithm This field displays the type of algorithm that was used to gener ate the

certificate’s key pair (the Z yXEL Device uses RS A encryption) and the
length of the key set in bits (1024 bits for example).

Subject
Alternative Name

Key Usage This field displays for what functions the certificate’s key can be used.

Basic Constraint This field displays general information about the certificate. For

CRL Distribution
Points

MD5 Fingerprint This is the certificate’s message digest that the ZyXEL Device

SHA1 Fingerprint This is the certificate’s message digest that the ZyXEL Device

Certificate in PEM
(Base-64)
Encoded Format

This field displays the certificate’s owner‘s IP address (IP), domain
name (DNS) or e-mail address (EMAIL).

For example, “DigitalSignature” means that the key can be used to
sign certificates and “KeyEncipherment” means that the key can be
used to encrypt text.

example, Subject Type=CA means that this is a certification
authority’s certificate and “Path Length Constraint=1” means that
there can only be one certification authority in the certificate’s path.

This field displays how many directory servers with Lists of revoked
certificates the issuing certification authority of this certificate makes
available. This field also displays the domain names or IP addresses of
the servers.

calculated using the MD5 algorithm. You can use this value to verify
with the certification authority (over the phone for example) that this
is actually their certificate.

calculated using the SHA1 algorithm. You can use this value to verify
with the certification authority (over the phone for example) that this
is actually their certificate.

This read-only text box displays the certificate or certification request
in Privacy Enhanced Mail (PEM) format. PEM uses 64 ASCII characters
to convert the binary certificate into a printable form.

Back Click Back to return to the previous screen.
Export Click this button and then Save in the File Download screen. The

Apply Click Apply to save your changes back to the ZyXEL Device. You can

Cancel Click Cancel to quit and return to the Trusted CAs screen.

P-2612HWU-F1 User’s Guide

You can copy and paste the certificate into an e-mail to send to
friends or colleagues or you can copy and paste the certificate into a
text editor and save the file on a management computer for later
distribution (via floppy disk for example).

Save As screen opens, browse to the location that you want to use
and click Save.

only change the name and/or set whether or not you want the ZyXEL
Device to check the CRL that the certification authority issues before
trusting a certificate issued by the certification authority.

305

Chapter 15 Certificates

15.8 Trusted Remote Hosts

Click Security > Certificates > Trusted Remote Hosts to open the Trusted
Remote Hosts screen. This screen displays a list of the certificates of peers that

you trust but which are not signed by one of the certification authorities on the
Trusted CAs screen.

You do not need to add any certificate that is signed by one of the certification
authorities on the Trusted CAs screen since the ZyXEL Device automatically
accepts any valid certificate signed by a trusted certification authority as being
trustworthy.

Figure 181 Security > Certificates > Trusted Remote Hosts

The following table describes the labels in this screen.

Table 99 Security > Certificates > Trusted Remote Hosts

LABEL DESCRIPTION

PKI Storage
Space in Use

Issuer (My
Default Self­signed
Certificate)

# This field displays the certificate index number. The certificates are

Name This field displays the name used to identify this certificate.
Subject This field displays identifying information about the certificate’s owner,

Valid From This field displays the date that the certificate becomes applicable. The

This bar displays the percentage of the ZyXEL Device’s PKI storage
space that is currently in use. The bar turns from green to red when the
maximum is being approached. When the bar is red, you should
consider deleting expired or unnecessary certificates before adding
more certificates.

This field displays identifying information about the default self-signed
certificate on the ZyXEL Device that the ZyXEL Device uses to sign the
trusted remote host certificates.

listed in alphabetical order.

such as CN (Common Name), OU (Organizational Unit or department),
O (Organization or company) and C (Country). It is recommended that
each certificate have unique subject information.

text displays in red and includes a Not Yet Valid! message if the
certificate has not yet become applicable.

306

P-2612HWU-F1 User’s Guide

Chapter 15 Certificates

Table 99 Security > Certificates > Trusted Remote Hosts (continued)

LABEL DESCRIPTION

Valid T o This field displays the date that the certificate expires. The text displays

in red and includes an Expiring! or Expired! message if the certificate is
about to expire or has already expired.

Modify Click the Edit icon to open a screen with an in-depth list of information

about the certificate.
Click the Remove icon to remove the certificate. A window displays

asking you to confirm that you want to delete the certificate. Note that
subsequent certificates move up by one when you take this action.

Import Click Import to open a screen where you can save the certificate of a

remote host (which you trust) from your computer to the ZyXEL Device.

Refresh Click this button to display the current validity status of the certificates.

15.9 Trusted Remote Host Certificate Details

Click Security > Certificates > Trusted Remote Hosts to open the Trusted
Remote Hosts screen. Click the details icon to open the Trusted Remote Host

P-2612HWU-F1 User’s Guide

307

Chapter 15 Certificates

Details screen. Use this screen to view in-depth information about the trusted
remote host’s certificate and/or change the certificate’s name.

Figure 182 Security > Certificates > Trusted Remote Hosts > Details

308

The following table describes the labels in this screen.

Table 100 Security > Certificates > Trusted Remote Hosts > Details

LABEL DESCRIPTION

Certificate Name This field displays the identifying name of this certificate. If you want

to change the name, type up to 31 characters to identify this key
certificate. You may use any character (not including spaces).

Certificate Path Click the Refresh button to have this read-only text box display the

end entity’s own certificate and a list of certification authority
certificates in the hierarchy of certification authorities that validate a
certificate’s issuing certification authority. For a trusted host, the list
consists of the end entity’s own certificate and the default self-signed
certificate that the ZyXEL Device uses to sign remote host
certificates.

Refresh Click Refresh to display the certification path.

P-2612HWU-F1 User’s Guide

Chapter 15 Certificates

Table 100 Security > Certificates > Trusted Remote Hosts > Details (continued)

LABEL DESCRIPTION

Certificate Path These read-only fields display detailed information about the

certificate.

Type This field displays general information about the certificate. With

trusted remote host certificates, this field always displays CA-signed.
The ZyXEL Device is the Certification Authority that signed the
certificate. X.509 means that this certificate was created and signed
according to the ITU-T X.509 recommendation that defines the

formats for public-key certificates.
Version This field displays the X.509 version number.
Serial Number This field displays the certificate’s identification number given by the

device that created the certificate.
Subject This field displays information that identifies the owner of the

certificate, such as Common Name (CN), Organizational Unit (OU),

Organization (O) and Country (C).
Issuer This field displays identifying information about the default self-

signed certificate on the ZyXEL Device that the ZyXEL Device uses to

sign the trusted remote host certificates.
Signature

Algorithm

Valid From This field displays the date that the certificate becomes applicable.

Valid To This field displays the date that the certificate expires. The text

Key Algorithm This field displays the type of algorithm that was used to generate

Subject Alternative
Name

Key Usage This field displays for what functions the certificate’s key can be

Basic Constraint This field displays general information about the certificate. For

MD5 Fingerprint This is the certificate’s message digest that the ZyXEL Device

This field displays the type of algorithm that the ZyXEL Device used

to sign the certificate, which is rsa-pkcs1-sha1 (RSA public-private

key encryption algorithm and the SHA1 hash algorithm).

The text displays in red and includes a Not Yet Valid! message if the

certificate has not yet become applicable.

displays in red and includes an Expiring! or Expired! message if the

certificate is about to expire or has already expired.

the certificate’s key pair (the ZyXEL Device uses RSA encryption) and

the length of the key set in bits (1024 bits for example).

This field displays the certificate’s owner‘s IP address (IP), domain

name (DNS) or e-mail address (EMAIL).

used. For example, “Digit al S i gn ature” means that the key can be

used to sign certificates and “KeyEncipherment” means that the key

can be used to encrypt text.

example, Subject Type=CA means that this is a certification

authority’s certificate and “Path Length Constraint=1” means that

there can only be one certification authority in the certificate’s path.

calculated using the MD5 algorithm. You cannot use this value to

verify that this is the remote host’s actual certificate because the

ZyXEL Device has signed the certificate; thus causing this value to

be different from that of the remote hosts actual certificate. See

Section 15.1.3 on page 289 for how to verify a remote host’s

certificate.

P-2612HWU-F1 User’s Guide

309

Chapter 15 Certificates

Table 100 Security > Certificates > Trusted Remote Hosts > Details (continued)

LABEL DESCRIPTION

SHA1 Fingerprint This is the certificate’s message digest that the ZyXEL Device

Certificate in PEM
(Base-64) Encoded
Format

Back Click Back to return to the previous screen.
Export Click this button and then Save in the File Download screen. The

Apply Click Apply to save your changes back to the Z yXEL Device. You can

Cancel Click Cancel to quit configuring this screen and return to the

calculated using the SHA1 algorithm. You cannot use this value to

verify that this is the remote host’s actual certificate because the

ZyXEL Device has signed the certificate; thus causing this value to

be different from that of the remote hosts actual certificate. See

Section 15.1.3 on page 289 for how to verify a remote host’s

certificate.

This read-only text box displays the certificate or certification

request in Privacy Enhanced Mail (PEM) format. PEM uses 64 ASCII

characters to convert the binary certificate into a printable form.

You can copy and paste the certificate into an e-mail to send to

friends or colleagues or you can copy and paste the certificate into a

text editor and save the file on a management computer for later

distribution (via floppy disk for example).

Save As screen opens, browse to the location that you want to use

and click Save.

only change the name of the certificate.

Trusted Remote Hosts screen.

15.10 Trusted Remote Hosts Import

Click Security > Certificates > Trusted Remote Hosts to open the Trusted
Remote Hosts screen and then click Import to open the Trusted Remote Host
Import screen. Follow the instructions in this screen to save a trusted host’s

certificate to the ZyXEL Device.

310

P-2612HWU-F1 User’s Guide

Chapter 15 Certificates

Note: The trusted remote host certificate must be a self-signed certificate; and you

must remove any spaces from its filename before you can import it.

Figure 183 Security > Certificates > Trusted Remote Hosts > Import

The following table describes the labels in this screen.

Table 101 Security > Certificates > Trusted Remote Hosts > Import

LABEL DESCRIPTION

File Path Type in the location of the file you want to upload in this field or click Browse

to find it.
Browse Click Browse to find the certificate file you want to upload.
Back Click Back to return to the previous screen.
Apply Click Apply to save the certificate on the ZyXEL Device.
Cancel Click Cancel to quit and return to the Trusted Remote Hosts screen.

P-2612HWU-F1 User’s Guide

311

Chapter 15 Certificates

312

P-2612HWU-F1 User’s Guide

CHAPTER 16

Static Route

16.1 Overview

The ZyXEL Device usually uses the default gateway to route outbound tr affic from
computers on the LAN to the Internet. To have the ZyXEL Device send data to
devices not reachable through the default gateway, use static routes.

For example, the next figure shows a computer (A) connected to the ZyXEL
Device’s LAN interface. The ZyXEL Device routes most traffic from A to the
Internet through the ZyXEL Device’s default gateway (R1). You create one static
route to connect to services offered by your ISP behind router R2. You create
another static route to communicate with a separate network behind a router R3
connected to the LAN.

Figure 184 Example of Static Routing Topology

A

R3

LAN

WAN

R1

Internet

R2

16.1.1 What You Can Do in the Static Route Screens

Use the Static Route screens (Section 16.2 on page 314) to view and configure
IP static routes on the ZyXEL Device.

P-2612HWU-F1 User’s Guide

313

Chapter 16 Static Route

16.2 Configuring Static Route

Click Advanced > Static Route to open the Static Route screen.

Figure 185 Advanced > Static Route

The following table describes the labels in this screen.

Table 102 Advanced > Static Route

LABEL DESCRIPTION

# This is the number of an individual static route.
Active This field indicates whether the rule is active or not.

Clear the check box to disable the rule. Select the check box to enable it.
Name This is the name that describes or identifies this route.
Destination This parameter specifies the IP network address of the final destination.

Routing is always based on network number.
Netmask This parameter specifies the IP network subnet mask of the final

destination.
Gateway This is the IP address of the gateway. The gateway is a router or switch

on the same network segment as the device's LAN or WAN port. The

gateway helps forward packets to their destinations.
Modify Click the Edit icon to go to the screen where you can set up a static route

on the ZyXEL Device.

Click the Remove icon to remove a static route from the ZyXEL Device. A

window displays asking you to confirm that you want to delete the route.
Apply Click this to apply your changes to the ZyXEL Device.
Cancel Click this to return to the previously saved configuration.

314

P-2612HWU-F1 User’s Guide

16.2.1 Static Route Edit

Select a static route index number and click Edit. The screen shown next appears.
Use this screen to configure the required information for a static route.

Figure 186 Advanced > Static Route > Edit

The following table describes the labels in this screen.

Table 103 Advanced > Static Route > Edit

LABEL DESCRIPTION

Active This field allows you to activate/deactivate this static route.
Route Name Enter the name of the IP static route. Leave this field blank to delete this

static route.

Destination IP
Address

IP Subnet
Mask

Gateway IP
Address

Back Click Back to return to the previous screen without saving.
Apply Click Apply to save your changes back to the ZyXEL Device.
Cancel Click Cancel to begin configuring this screen afresh.

This parameter specifies the IP network address of the final destination.
Routing is always based on network number. If you need to specify a
route to a single host, use a subnet mask of 255.255.255.255 in the
subnet mask field to force the network number to be identical to the host
ID.

Enter the IP subnet mask here.

Enter the IP address of the gateway. The gateway is a router or switch on
the same network segment as the device's LAN or WAN port. The
gateway helps forward packets to their destinations.

Chapter 16 Static Route

P-2612HWU-F1 User’s Guide

315

Chapter 16 Static Route

316

P-2612HWU-F1 User’s Guide

CHAPTER 17

802.1Q/1P

17.1 Overview

A Virtual Local Area Network (VLAN) allows a physical network to be partitioned
into multiple logical networks. A VLAN group can be treated as an individual
device. Each group can have its own rules about where and how to forward traffic.
You can assign any ports on the ZyXEL Device to a VLAN group and configure the
settings for the group. You may also set the priority level for traffic transmitted
through the ports.

Figure 187 802.1Q/1P

Ports

802.1Q

VLAN Groups

802.1P

Priority Levels

17.1.1 What You Can Do in the 802.1Q/1P Screens

•Use the Group Setting screen (Section 17.2 on page 324) to activate 802.1Q/
1P, specify the management VLAN group, display the VLAN groups and
configure the settings for each VLAN group.

•Use the Port Setting screen (Section 17.3 on page 327) to configure the PVID
and assign traffic priority for each port.

17.1.2 What You Need to Know About 802.1Q/1P

IEEE 802.1P Priority

IEEE 802.1P specifies the user priority field and defines up to eight separate tr affic
types by inserting a tag into a MAC-layer fr ame that contains bits to define class of
service.

P-2612HWU-F1 User’s Guide

317

Chapter 17 802.1Q/1P

IEEE 802.1Q Tagged VLAN

Tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the
VLAN membership of a frame across bridges - they are not confined to the device
on which they were created. The VLA N ID associates a fr ame with a speci fic VLAN
and provides the information that devices need to process the frame across the
network.

PVC

A virtual circuit is a logical point-to-point circuit between customer sites.
Permanent means that the circuit is preprogrammed by the carrier as a path
through the network. It does not need to be set up or torn down for each session.

Forwarding Tagged and Untagged Frames

Each port on the device is capable of passing tagged or untagged frames. To
forward a frame from an 802.1Q VLAN-aware device t o an 802. 1Q VLAN- unaw are
device, the ZyXEL Device first decides where to f orward the frame and then strips
off the VLAN tag. To forward a frame from an 802.1Q VLAN-unaware device to an

802.1Q VLAN-aware switch, the ZyXEL Device first decides where to forward the

frame, and then inserts a VLAN tag reflecting the ingress port's default VID. The
default PVID is VLAN 1 for all ports, but this can be changed.

Whether to tag an outgoing frame depends on the setting of the egress port on a
per-VLAN, per-port basis (recall that a port can belong to multiple VLANs). If the
tagging on the egress port is enabled for the VID of a frame, then the frame is
transmitted as a tagged frame; otherwise, it is transmitted as an untagged frame.

318

P-2612HWU-F1 User’s Guide

17.1.3 802.1Q/1P Example

This example shows how to configure the 802.1Q/1P settings on the ZyXEL
Device.

Figure 188 802.1Q/1P Example

Chapter 17 802.1Q/1P

ZyXEL Device

1

2

3

4

LAN1 and LAN2 are connected to ATAs (Analog Telephone Adapters) and used for
VoIP tr affic. Y ou w ant to set a high priority for this type of tr affic, so you will group
these ports into one VLAN (VLAN2) and then set them to use a PVC (PVC1) with a
high priority service level. You would start with the following steps.

1
2

3
4
5
6
7
8

VoIP Network

Internet - (PPPoE)

Internet - (PPPoE)

1 Click Advanced > 802.1Q/1P > Group Setting > Edit to display the following

screen.

2 In the Name field type VoIP to identify the group.

3 In the VLAN ID field type in 2 to identify the VLAN grou p.

4 Select PVC1 from the Default Gateway drop-down list box.

5 In the Control field, select Fixed for LAN1, LAN2 and PVC1 to be permanent

members of the VLAN group.

P-2612HWU-F1 User’s Guide

319

Chapter 17 802.1Q/1P

6 Click Apply.

Figure 189 Advanced > 802.1Q/1P > Group Setting > Edit: Example

To set a high priority for VoIP traffic, follow these steps.

1 Click Advanced > 802.1Q/1P > Port Setting to display the following screen.

2 Type 2 in the 802.1Q PVID column for LAN1, LAN2 and PV C1.

3 Select 7 from the 802.1P Priority drop-down list box for LAN1, LAN2 and PVC1.

320

P-2612HWU-F1 User’s Guide

4 Click Apply.

Figure 190 Advanced > 802.1Q/1P > Port Setting: Example

Chapter 17 802.1Q/1P

Ports 3 and 4 are connected to desktop computers and are used for Internet
traffic. Y ou want to set a l ower priority for this type of tr affic, so you want to group
these ports and PVC2 into one VLAN (VLAN3). PVC2 priority is set to low level of
service.

SSID1 an d SSID2 are two wireless netwo rks. You want to create medium priority
for this type of traffic, so you want to group these ports and PVC3 into one VLAN
(VLAN4). PVC3 priority is set to medium level of service.

P-2612HWU-F1 User’s Guide

321

Chapter 17 802.1Q/1P

Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4.
The summary screen should display as follows.

Figure 191 Advanced > 802.1Q/1P > Group Setting: Example

322

P-2612HWU-F1 User’s Guide

The port screen should look like this.

Figure 192 Advanced > 802.1Q/1P > Port Setting: Example

Chapter 17 802.1Q/1P

This completes the 802.1Q/1P setup.

P-2612HWU-F1 User’s Guide

323

Chapter 17 802.1Q/1P

17.2 The 802.1Q/1P Group Setting Screen

Use this screen to activate 802.1Q/1P and display the VLAN groups. Click
Advanced > 802.1Q/1P to display the following screen.

Figure 193 Advanced > 802.1Q/1P > Group Setting

324

The following table describes the labels in this screen.

Table 104 Advanced > 802.1Q/1P > Group Setting

LABEL DESCRIPTION

802.1P/1Q
Active Select this check box to activate the 802.1P/1Q feature.
Management Vlan IDEnter the ID number of a VLAN group. All interfaces (ports, SSIDs and

PVCs) are in the management VLAN by default. If you disable the
management VLAN, you will not be able to access the ZyXEL Device.

P-2612HWU-F1 User’s Guide

Table 104 Advanced > 802.1Q/1P > Group Setting (continued)

LABEL DESCRIPTION

Summary
# This field displays the index number of the VLAN group.
Name This field displays the name of the VLAN group.
VID This field displays the ID number of the VLAN group.
Port Number These columns display the VLAN’s settings for each port. A tagged

port is marked as T, an untagged port is marked as U and ports not
participating in a VLAN are marked as “–“.

Modify Click the Edit button to configure the ports in the VLAN group.

Click the Remove button to delete the VLAN group.
Apply Click this to save your changes.
Cancel Click this to restore your previously saved settings.

17.2.1 Editing 802.1Q/1P Group Setting

Use this screen to configure the settings for each VLAN group.

Chapter 17 802.1Q/1P

P-2612HWU-F1 User’s Guide

325

Chapter 17 802.1Q/1P

In the 802.1Q/1P screen, click the Edit button from the Modify filed to display
the following screen.

Figure 194 Advanced > 802.1Q/1P > Group Setting > Edit

326

The following table describes the labels in this screen.

Table 105 Advanced > 802.1Q/1P > Group Setting > Edit

LABEL DESCRIPTION

Name Enter a descriptive name for the VLAN group for identification purposes.

The text may consist of up to 8 letters, numerals, “-”, “_” and “@”.

VLAN ID Assign a VLAN ID for the VLAN group. The valid VID range is between 1

and 4094.

Default
Gateway

Ports This field displays the types of ports available to join the VLAN group.

Select the default gateway for the VLAN group.

P-2612HWU-F1 User’s Guide

Chapter 17 802.1Q/1P

Table 105 Advanced > 802.1Q/1P > Group Setting > Edit (continued)

LABEL DESCRIPTION

Control Select Fixed for the port to be a permanent member of the VLAN group.

Select Forbidden if you want to prohibit the port from joining the VLAN
group.

Tx Tag Select Tx Tagging if you want the port to tag all outgoing traffic

transmitted through this VLAN. You select this if you want to create

VLANs across different devices and not just the ZyXEL Device.
Back Click this to return to the previous screen without saving.
Apply Click this to save your changes.
Cancel Click this to restore your previously saved settings.

17.3 The 802.1Q/1P Port Setting Screen

Use this screen to configure the PVID and assign traffic priority for each port. Click
Advanced > 802.1Q/1P > Port Setting to display the following screen.

Figure 195 Advanced > 802.1Q/1P > Port Setting

P-2612HWU-F1 User’s Guide

327

Chapter 17 802.1Q/1P

The following table describes the labels in this screen.

Table 106 Advanced > 802.1Q/1P > Port Setting

LABEL DESCRIPTION

Ports This field displays the types of ports available to join the VLAN group.

802.1Q PVID Assign a VLAN ID for the port. The valid VID range is between 1 and

802.1P Priority Assign a priority for the traffic transmitted through the port, SSID, or

Apply Click this to save your changes.
Cancel Click this to restore your previously saved settings.

4094. The ZyXEL Device assigns the PVID to untagged frames or

priority-tagged frames received on this port, SSID, or PVC.

PVC. Select Same if you do not want to modify the priority. You may

choose a priority level from 0-7, with 0 being the lowest level and 7

being the highest level.

328

P-2612HWU-F1 User’s Guide

CHAPTER 18

Quality of Service (QoS)

This chapter contains information about configuring QoS, editing classifiers and
viewing the ZyXEL Device’s QoS packet statistics.

18.1 Overview

This chapter discusses the ZyXEL Device’s QoS screens. Use these screens to set
up your ZyXEL Device to use QoS for traffic management.

Quality of Service (QoS) refers to both a network’s abilit y to deliver data with
minimum delay, and the networking methods used to control the use of
bandwidth. QoS allows the ZyXEL Device to group and prioritize application tr affic
and fine-tune network performance.

Without QoS, all traffic data is equally likely to be dropped when the network is
congested. This can cause a reduction in network performance and make the
network inadequate for time-critical application such as video-on-demand.

The ZyXEL Device assigns each packet a priority and then queues the packet
accordingly. Packets assigned a high priority are processed more quickly than
those with low priority if there is congestion, allowing time-sensitive applications
to flow more smoothly . T ime-sensitive applications include both those that require
a low level of latency (delay) and a low level of jitter (variations in delay) such as
Voice over IP (VoIP) or Internet gaming, and those for which jitter alone is a
problem such as Internet radio or streaming video.

• See Section 18.5 on page 341 for advanced technical information on SIP.

18.1.1 What You Can Do in the QoS Screens

•Use the General screen (Section 18.2 on page 333) to enable QoS on the
ZyXEL Device, decide allowable bandwidth using QoS and configure priority
mapping settings for traffic that does not match a custom class.

•Use the Class Setup screen (Section 18.3 on page 335) to set up classifiers to
sort traffic into different flows and assign priority and define actions to be
performed for a classified traffic flow.

P-2612HWU-F1 User’s Guide

329

Chapter 18 Quality of Service (QoS)

•Use the Monitor screen (Section 18.4 on page 341) to view the ZyXEL Device’s
QoS-related packet statistics.

18.1.2 What You Need to Know About QoS

QoS versus Cos

QoS is used to prioritize source-to-destination tr affic flows. All packets in the same
flow are given the same priority . CoS ( class of service) is a way of managing tr affic
in a network by grouping similar types of traffic together and treating each t ype as
a class. You can use CoS to give different priorities to different packet types.

CoS technologies include IEEE 802.1p layer 2 tagging and DiffServ (Differentiated
Services or DS). IEEE 802.1p tagging makes use of three bits in the packet
header, while DiffServ is a new protocol and defines a new DS field, which replaces
the eight-bit ToS (Type of Service) field in the IP header.

Tagging and Marking

In a QoS class, you can configure whether to add or change the DSCP (DiffServ
Code Point) value, IEEE 802.1p priority level and VLAN ID number in a matched
packet. When the packet passes through a compatible network, the networking
device, such as a backbone switch, can provide specific treatment or service
based on the tag or marker.

18.1.3 QoS Class Setup Example

In the following figure, your Internet connection has an upstream transmission
speed of 50 Mbps. You configure a classifier to assign the highest priority queue
(6) to VoIP traffic from the LAN interface, so that voice traffic would not get
delayed when there is network congestion. Traffic from the boss’s IP address
(192.168.1.23 for example) is mapped to queue 5. Traffic that does not match

330

P-2612HWU-F1 User’s Guide