Setup and Configuration - LAN
In addition to its IPsec endpoint, the 2 plus has a lot more routing and firewall features than your typical consumer router. IT folks who have wrassled with low end Cisco, Juniper and other "pro" level routers aimed at the small-biz crowd will probably feel right at home with the 2 plus' way of doing things. But others who have drawn the short straw and end up saddled with supporting the company (or home) network on an occasional basis may find the product's user interface a bit opaque at times.
The good news is that Zyxel provides more documentation than you typically find with consumer routers. The bad news is that you'll probably need it, and might not find much help when you turn to it. The 613 page User Guide is long on the what and where, but often comes up short on the how and why. And even when examples are given, they often lack key information or require multiple careful readings to make sense of them.
That being said, initial setup isn't too bad. The 2 plus comes set to a default IP of 192.168.1.1 and its DHCP server enabled, so getting connected and into the admin screen is relatively easy. The login screen has the default password automatically entered, so all you need to do is click the Login button. You then get sent to a screen that prompts you to change the default password, which you can bypass with a click on the Ignore button. But you'll be nagged upon each login until you change the password, so you might as well get it out of the way.
The next screen will prompt you to create a custom security certificate (for IPsec tunnel) based on the router's MAC address to replace the generic factory default certificate. This is not the place to accept a factory default, so another click takes care of this screen and takes you to the Home screen (Figure 4) that holds some useful info.
Figure 4: Home screen
The Internet Access Wizard isn't very wizzy and just takes you to a screen where you manually select Ethernet , PPPoE or PPTP "Encapsulation", i.e. Internet connection type and either static or dynamic IP address assignment for the WAN IP. Other vendors' wizards (such as Netgear) handle this sort of thing automatically, so Zyxel's manual method may feel a bit retro. Another weakness of this "wizard" is that it doesn't expose all of the configuration options for each Encapsulation method (more later). But given the target audience for this product, the manual "wizard" will probably better satisfy most IT geeks.
The VPN Wizard button is a bit more useful, but I'll save that for later. The Show Statistics, Show DHCP Table and VPN Status buttons at the bottom of the screen pop up windows populated with the named information.
The LAN screen in Figure 5 shows the controls available, some of which bear explanation. The Static DHCP tab is where you can assign IP addresses by MAC address, which is handy for things you don't want moving around like NASes, printers, servers, etc. An easier way to assign IPs, however, is to just check the box beside a device in the Show DHCP Table screen available from the Home page. Note that you can't set the DHCP lease time, nor can you force disconnection of devices. RIP-1, 2B and 2M dynamic routing protocols are supported for inbound, outbound and packets traveling in both directions.
Figure 5: LAN screen (click image to enlarge)
I have to confess that I didn't understand the IP Alias feature (Figure 6) and also didn't find much help in the feature's single page explanation in the User Guide. It appears to be a sort of VLAN-like capability, but with LAN segment-to-segment data flow controlled by the 2 plus' firewall rules.