P-660R-F1 Series ADSL2+ Router Default Login Details IP Address http://192.168.1.1 User Name admin Password 1234 Versionwww.zyxel.com 3.70 Edition 1, 05/2011 www.zyxel.
About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The P-660R-F1 may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide.
Copyright Server Firewall Router Switch Telephone Copyright Copyright © 2011 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.
Certifications Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.
Certifications Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device.
Certifications 8 P-660R-F1 Series User’s Guide
Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions ........................................................................................................... 4 Copyright................................................................................................................................... 5 Certifications.........................................................................
3.2.2 Manual Configuration .................................................................................................36 Chapter 4 WAN Setup .............................................................................................................................. 43 4.1 WAN Overview ....................................................................................................................43 4.1.1 Encapsulation ..............................................................................
6.1 NAT Overview .....................................................................................................................75 6.1.1 NAT Definitions ...........................................................................................................75 6.1.2 What NAT Does ..........................................................................................................76 6.1.3 How NAT Works ..............................................................................................
8.2.1 Editing Protocol Filters ..............................................................................................106 8.2.2 Configuring Protocol Filter Rules ..............................................................................107 8.2.3 Editing Generic Filters ..............................................................................................109 8.2.4 Configuring Generic Packet Rules ........................................................................... 111 8.
11.3 The Class Setup Screen ..................................................................................................151 11.3.1 The Class Configuration Screen .............................................................................152 11.4 The QoS Monitor Screen ..................................................................................................155 11.5 QoS Technical Reference .................................................................................................156 11.
.3.2 Installing UPnP in Windows XP ..............................................................................177 14.4 Using UPnP in Windows XP Example .............................................................................179 14.4.1 Auto-discover Your UPnP-enabled Network Device ...............................................179 14.4.2 Web Configurator Easy Access ..............................................................................182 Chapter 15 System ................................
Appendix A ......................................................................................................................... 217 Appendix A Product Specifications ..................................................................................... 217 Appendix B Wall-mounting Instructions ............................................................................... 221 Appendix C Setting up Your Computer’s IP Address...........................................................
P-660R-F1 Series User’s Guide
Contents Overview Copyright ......................................................................................................................................5 Certifications ................................................................................................................................5 Getting To Know Your ZyXEL Device .........................................................................................19 Introducing the Web Configurator ............................................
P-660R-F1 Series User’s Guide
C HAPT ER 1 Getting To Know Your Z Y X E L D EVICE This chapter describes the key features and applications of your ZyXEL Device. 1.1 Introducing the ZyXEL Device The ZyXEL Device is an ADSL2+ gateway that allows super-fast Internet access over analog (POTS) or digital (ISDN) telephone lines (depending on your model). In the ZyXEL Device product name, “R” denotes an integrated router and “F” denotes a chip set standard. Your ZyXEL Device product name ends with a number.
Chapter 1 Getting To Know Your ZyXEL Device 1.2 Features High Speed Internet Access The DSL RJ-11 (ADSL over POTS models) or RJ-45 (ADSL over ISDN models) connects to your ADSL-enabled telephone line. The ZyXEL Device is compatible with the ADSL/ADSL2/ADSL2+ standards. Maximum data rates attainable for each standard are shown in the next table. Table 1 ADSL Standards DATA RATE STANDARD UPSTREAM DOWNSTREAM ADSL 832 kbps 8Mbps ADSL2 3.5Mbps 12Mbps ADSL2+ 3.
Chapter 1 Getting To Know Your ZyXEL Device PPPoE (RFC2516) PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL. The PPPoE driver on the ZyXEL Device is transparent to the computers on the LAN, which see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE clients on individual computers.
Chapter 1 Getting To Know Your ZyXEL Device 1.3.1 Internet Access The ZyXEL Device is the ideal high-speed Internet access solution. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers and supports the ADSL standards as shown in Table 1 on page 20. Figure 1 Internet Access Applications 1.3.2 LAN to LAN Application You can use the ZyXEL Device to connect two geographically dispersed networks over the ADSL line.
Chapter 1 Getting To Know Your ZyXEL Device The following table describes the lights. Table 2 Front Panel Lights LIGHT COLOR STATUS DESCRIPTION POWER Green On The ZyXEL Device is receiving power and functioning properly. Blinking The ZyXEL Device is rebooting or performing diagnostics. On Power to the ZyXEL Device is too low. Off The ZyXEL Device is turned off. The system is not receiving power. On The ZyXEL Device has a successful 10Mbps Ethernet connection.
C HAPT ER 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
Chapter 2 Introducing the Web Configurator 5 A window displays as shown. Enter the default admin password 1234 to configure the wizards and the advanced features or enter the default user password user to view the status only. Click Login to proceed to a screen asking you to change your password or click Cancel to revert to the default password. Figure 4 Password Screen 6 If you entered the user password, skip the next two steps and refer to Section 2.4.
Chapter 2 Introducing the Web Configurator 2.3 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”. 2.3.1 Using the Reset Button 1 Make sure the POWER light is on (not blinking).
Chapter 2 Introducing the Web Configurator Note: Click the icon (located in the top right corner of most screens) to view embedded help. Table 3 Web Configurator Screens Summary LINK/ICON SUB-LINK FUNCTION Wizard INTERNET SETUP Use these screens for initial configuration including general setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment. Logout Click this icon to exit the web configurator.
Chapter 2 Introducing the Web Configurator Table 3 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION General This screen contains administrative and system-related information and also allows you to change your password. Time Setting Use this screen to change your ZyXEL Device’s time and date. Firmware Use this screen to upload firmware to your ZyXEL Device.
Chapter 2 Introducing the Web Configurator The following table describes the labels shown in the Status screen. Table 4 Status Screen LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics. Apply Click this button to refresh the status screen statistics.
Chapter 2 Introducing the Web Configurator Table 4 Status Screen LABEL DESCRIPTION Rate For the LAN ports, this displays the port speed and duplex setting. For the DSL port, it displays the downstream and upstream transmission rate. Summary Any IP Table Use this screen to view a list of IP addresses and MAC addresses of computers, which are not in the same subnet as the ZyXEL Device. Packet Statistics Use this screen to view port status and packet specific statistics. 2.4.
Chapter 2 Introducing the Web Configurator 2.4.4 Status: Packet Statistics Click the Packet Statistics hyperlink in the Status screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Not all fields are available on all models Figure 9 Status: Packet Statistics The following table describes the fields in this screen.
Chapter 2 Introducing the Web Configurator Table 6 Status: Packet Statistics (continued) LABEL DESCRIPTION Status This field displays Down (line is down), Up (line is up or connected) if you're using Ethernet encapsulation and Down (line is down), Up (line is up or connected), Idle (line (ppp) idle), Dial (starting to trigger a call) and Drop (dropping a call) if you're using PPPoE encapsulation. For the WLAN port, it displays the transmission rate when WLAN is enabled or N/A when WLAN is disabled.
Chapter 2 Introducing the Web Configurator password again, then click Maintenance > System to display the screen as shown next. See Table 69 on page 186 for detailed field descriptions.
C HAPT ER 3 Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields. 3.
Chapter 3 Wizard Setup for Internet Access 3 The wizard attempts to detect which WAN connection type you are using. If the wizard detects your connection type and your ISP uses PPPoE or PPPoA, go to Section 3.2.1 on page 35. The screen varies depending on the connection type you use.
Chapter 3 Wizard Setup for Internet Access 2 Click Next to confirm your settings and test your connection. Figure 14 Auto-Detection: PPPoE 3.2.2 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type, enter the Internet access information given to you by your ISP exactly in the wizard screen. If not given, leave the fields set to the default.
Chapter 3 Wizard Setup for Internet Access The following table describes the fields in this screen. Table 7 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box. Choices vary depending on what you select in the Mode field.
Chapter 3 Wizard Setup for Internet Access The following table describes the fields in this screen. Table 8 LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password Enter the password associated with the user name above. Service Name Type the name of your PPPoE service here. Back Click Back to go back to the previous wizard screen.
Chapter 3 Wizard Setup for Internet Access The following table describes the fields in this screen. Table 9 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field. Back Click Back to go back to the previous wizard screen. Next Click Next to continue to the next wizard screen. Exit Click Exit to close the wizard screen without saving your changes.
Chapter 3 Wizard Setup for Internet Access The following table describes the fields in this screen. Table 10 Internet Connection with ENET ENCAP LABEL DESCRIPTION Obtain an IP Address Automatically A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet. Static IP Address Select Static IP Address if your ISP gives you a fixed IP address. IP Address Enter your ISP assigned IP address.
Chapter 3 Wizard Setup for Internet Access Table 11 Internet Connection with PPPoA (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. • If the user name and/or password you entered for PPPoE or PPPoA connection are not correct, the screen displays as shown next. Click Back to Username and Password setup to go back to the screen where you can modify them.
Chapter 3 Wizard Setup for Internet Access When you are finished with the Internet Setup Wizard the following screen displays your configuration details. Click Finish to exit the wizard.
C HAPT ER 4 WAN Setup This chapter describes how to configure WAN settings. 4.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 4.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods. 4.1.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol.
Chapter 4 WAN Setup 4.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The ZyXEL Device encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP) DSLAM (digital access multiplexer). Please refer to RFC 2364 for more information on PPPoA. Refer to RFC 1661 for more information on PPP. 4.1.1.
Chapter 4 WAN Setup 4.1.3.2 Scenario 2: One VC, One Protocol (IP) Selecting RFC-1483 encapsulation with VC-based multiplexing requires the least amount of overhead (0 octets). However, if there is a potential need for multiple protocol support in the future, it may be safer to select PPPoA encapsulation instead of RFC-1483, so you do not need to reconfigure either computer later. 4.1.3.
Chapter 4 WAN Setup Do not specify a nailed-up connection unless your telephone company offers flat-rate service or you need a constant connection and the cost is of no concern 4.1.7 NAT NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 4.2 Metric The metric represents the "cost of transmission".
Chapter 4 WAN Setup Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again.
Chapter 4 WAN Setup The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an VBR-nRT connection would be non-time sensitive data file transfers. 4.3.1.3 Unspecified Bit Rate (UBR) The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers.
Chapter 4 WAN Setup See Section 4.1 on page 43 for more information.
Chapter 4 WAN Setup The following table describes the labels in this screen. Table 12 Network > WAN > Internet Access Setup LABEL DESCRIPTION Line Modulation Select the modulation supported by your ISP. Use Multi Mode if you are not sure which mode to choose from. The ZyXEL Device dynamically diagnoses the mode supported by the ISP and selects the best compatible one for your connection. Other options are ADSL G.dmt, ADSL2, ADSL2+, ADSL2 AnnexM, ADSL2+ AnnexM, READSL2 Mode and ANSI T1.413.
Chapter 4 WAN Setup Table 12 Network > WAN > Internet Access Setup LABEL DESCRIPTION Gateway IP address You must specify a gateway IP address (supplied by your ISP) when you select ENET ENCAP in the Encapsulation field (ENET ENCAP encapsulation only) DNS Server First DNS Server Second DNS Server Third DNS Server Select Obtained From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address) and you select Obtain an IP Address Automatically.
Chapter 4 WAN Setup 4.5.1 Configuring Advanced Internet Connection Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the Internet Connection screen. The screen appears as shown. Figure 25 Advanced Internet Connection Setup The following table describes the labels in this screen. Table 13 Advanced Internet Connection Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only.
Chapter 4 WAN Setup Table 13 Advanced Internet Connection Setup (continued) LABEL DESCRIPTION Sustain Cell Rate The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that can be transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec. Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak rate. Type the MBS, which is less than 65535.
Chapter 4 WAN Setup 4.6 Configuring More Connections This section describes the protocol-independent parameters for a remote network. They are required for placing calls to a remote gateway and the network behind it across a WAN connection. When you use the WAN > Internet Connection screen to set up Internet access, you are configuring the first WAN connection. Click Network > WAN > More Connections to display the screen as shown next.
Chapter 4 WAN Setup 4.6.1 More Connections Edit Click the edit icon in the More Connections screen to configure a connection. Figure 27 More Connections Edit The following table describes the labels in this screen. Table 15 More Connections Edit LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII characters for this connection.
Chapter 4 WAN Setup Table 15 More Connections Edit (continued) LABEL DESCRIPTION Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. Choices are PPPoA, RFC 1483, ENET ENCAP or PPPoE. User Name (PPPoA and PPPoE encapsulation only) Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
Chapter 4 WAN Setup 4.6.2 Configuring More Connections Advanced Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 28 More Connections Advanced Setup The following table describes the labels in this screen. Table 16 More Connections Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only.
Chapter 4 WAN Setup Table 16 More Connections Advanced Setup (continued) LABEL DESCRIPTION Sustain Cell Rate The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that can be transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec. Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak rate. Type the MBS, which is less than 65535.
Chapter 4 WAN Setup The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
Chapter 4 WAN Setup 4.8 Configuring WAN Backup To change your ZyXEL Device’s WAN backup settings, click Network > WAN > WAN Backup Setup. The screen appears as shown. Figure 31 WAN Backup Setup The following table describes the labels in this screen. Table 17 WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
Chapter 4 WAN Setup Table 17 WAN Backup Setup (continued) LABEL DESCRIPTION Recovery Interval When the ZyXEL Device is using a lower priority connection (usually a WAN backup connection), it periodically checks to whether or not it can use a higher priority connection. Type the number of seconds (30 recommended) for the ZyXEL Device to wait between checks. Allow more time if your destination IP address handles lots of traffic.
Chapter 4 WAN Setup 62 P-660R-F1 Series User’s Guide
C HAPT ER 5 LAN Setup This chapter describes how to configure LAN settings. 5.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. See Section 5.3 on page 68 to configure the LAN screens. 5.1.
Chapter 5 LAN Setup configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. 5.1.2.1 IP Pool Setup The ZyXEL Device is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool). See the product specifications in the appendices. Do not assign static IP addresses from the DHCP pool to your LAN computers. 5.1.
Chapter 5 LAN Setup 5.2 LAN TCP/IP The ZyXEL Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. 5.2.1 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation.
Chapter 5 LAN Setup Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. 5.2.2 RIP Setup RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets.
Chapter 5 LAN Setup 5.2.4 Any IP Traditionally, you must set the IP addresses and the subnet masks of a computer and the ZyXEL Device to be in the same subnet to allow the computer to access the Internet (through the ZyXEL Device). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the ZyXEL Device.
Chapter 5 LAN Setup 1 When a computer (which is in a different subnet) first attempts to access the Internet, it sends packets to its default gateway (which is not the ZyXEL Device) by looking at the MAC address in its ARP table. 2 When the computer cannot locate the default gateway, an ARP request is broadcast on the LAN. 3 The ZyXEL Device receives the ARP request and replies to the computer with its own MAC address. 4 The computer updates the MAC address for the default gateway to the ARP table.
Chapter 5 LAN Setup 5.3.1 Configuring Advanced LAN Setup To edit your ZyXEL Device's advanced LAN settings, click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Figure 35 Advanced LAN Setup The following table describes the labels in this screen. Table 19 Advanced LAN Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.
Chapter 5 LAN Setup Table 19 Advanced LAN Setup (continued) LABEL DESCRIPTION Back Click Back to return to the previous screen. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 5.4 DHCP Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 36 DHCP Setup The following table describes the labels in this screen.
Chapter 5 LAN Setup Table 20 DHCP Setup LABEL DESCRIPTION Remote DHCP Server If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here. DNS Server DNS Servers Assigned by DHCP Server The ZyXEL Device passes a DNS (Domain Name System) server IP address to the DHCP clients. Primary DNS Server This field is not available when you set DHCP to Relay. Secondary DNS Server Enter the IP addresses of the DNS servers.
Chapter 5 LAN Setup The following table describes the labels in this screen. Table 21 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address specified below. The IP address should be within the range of IP addresses you specified in the DHCP Setup for the DHCP client. MAC Address Enter the MAC address of a computer on your LAN. Add Click Add to add a static DHCP entry.
Chapter 5 LAN Setup The following figure shows a LAN divided into subnets A, B, and C. Figure 38 Physical Network & Partitioned Logical Networks To change your ZyXEL Device’s IP alias settings, click Network > LAN > IP Alias. The screen appears as shown. Figure 39 LAN IP Alias The following table describes the labels in this screen. Table 22 LAN IP Alias LABEL DESCRIPTION IP Alias 1, 2 Select the check box to configure another LAN network for the ZyXEL Device.
Chapter 5 LAN Setup Table 22 LAN IP Alias 74 LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the ZyXEL Device will broadcast its routing table periodically.
C HAPT ER 6 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the ZyXEL Device. 6.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 6.1.
Chapter 6 Network Address Translation (NAT) Screens 6.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Chapter 6 Network Address Translation (NAT) Screens 6.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 41 NAT Application With IP Alias 6.1.5 NAT Mapping Types NAT supports five types of IP/port mapping.
Chapter 6 Network Address Translation (NAT) Screens The following table summarizes these types. Table 24 NAT Mapping Types TYPE IP MAPPING One-to-One ILA1ÅÆ IGA1 Many-to-One (SUA/PAT) ILA1ÅÆ IGA1 ILA2ÅÆ IGA1 … Many-to-Many Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA1 ILA4ÅÆ IGA2 … Many-to-Many No Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 … Server Server 1 IPÅÆ IGA1 Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 6.
Chapter 6 Network Address Translation (NAT) Screens 6.3 NAT General Setup You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. Click Network > NAT to open the following screen. Not all fields are available on all models. Figure 42 NAT General The following table describes the labels in this screen. Table 25 NAT General LABEL DESCRIPTION Active Network Address Translation (NAT) Select this check box to enable NAT.
Chapter 6 Network Address Translation (NAT) Screens 6.4 Port Forwarding A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.
Chapter 6 Network Address Translation (NAT) Screens 6.4.3 Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 43 Multiple Servers Behind NAT Example 6.
Chapter 6 Network Address Translation (NAT) Screens The following table describes the fields in this screen. Table 27 NAT Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen.
Chapter 6 Network Address Translation (NAT) Screens The following table describes the fields in this screen. Table 28 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this check box to enable the rule. Service Name Enter a name to identify this port-forwarding rule. Start Port Enter a port number in this field. To forward only one port, enter the port number again in the End Port field.
Chapter 6 Network Address Translation (NAT) Screens The following table describes the fields in this screen. Table 29 Network > NAT > ALG LABEL DESCRIPTION Enable SIP ALG Select this to make sure SIP (VoIP) works correctly with port-forwarding and address-mapping rules. Apply Click this to save your changes. Reset Click this to restore your previously saved settings. 6.
C HAPT ER 7 Firewalls 7.1 Overview This chapter shows you how to enable and configure the ZyXEL Device firewall. Use these screens to enable and configure the firewall that protects your ZyXEL Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: • allows traffic that originates from your LAN computers to go to all other networks. • blocks traffic that originates on other networks from going to the LAN.
Chapter 7 Firewalls have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks. Anti-Probing If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. The ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent.
Chapter 7 Firewalls 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8. 4 Click Add to display the firewall rule configuration screen. 5 In the Edit Rule screen, click the Edit Customized Services link to open the Customized Service screen.
Chapter 7 Firewalls Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box. Figure 52 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following.
Chapter 7 Firewalls Rule 1 allows a “MyService” connection from the WAN to IP addresses 192.168.1.1 through 192.168.1.15 on the LAN. Figure 53 Firewall Example: Rules: MyService 7.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen.
Chapter 7 Firewalls The following table describes the labels in this screen. Table 31 Security > Firewall > General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Chapter 7 Firewalls Click Security > Firewall > Rules to bring up the following screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. Figure 55 Security > Firewall > Rules The following table describes the labels in this screen. Table 32 Security > Firewall > Rules LABEL DESCRIPTION Firewall Rules Storage Space in Use This read-only bar shows how much of the ZyXEL Device's memory for recording firewall rules it is currently using.
Chapter 7 Firewalls Table 32 Security > Firewall > Rules (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule. A window displays asking you to confirm that you want to delete the firewall rule. Note that subsequent firewall rules move up by one when you take this action. 92 Order Click the Move icon to display the Move the rule to field.
Chapter 7 Firewalls 7.3.1 Configuring Firewall Rules Use this screen to configure firewall rules. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels.
Chapter 7 Firewalls The following table describes the labels in this screen. Table 33 Security > Firewall > Rules: Edit LABEL DESCRIPTION Edit Rule Active Select this option to enable this firewall rule. Action for Matched Packet Use the drop-down list box to select whether to discard (Drop), deny and send an ICMP destination-unreachable message to the sender of (Reject) or allow the passage of (Permit) packets that match this rule.
Chapter 7 Firewalls Authority) website. Click the Edit Customized Services link while editing a firewall rule to configure a custom service port. This displays the following screen. Figure 57 Security > Firewall > Rules: Edit: Edit Customized Services The following table describes the labels in this screen. Table 34 Security > Firewall > Rules: Edit: Edit Customized Services LABEL DESCRIPTION No. This is the number of your customized port.
Chapter 7 Firewalls The following table describes the labels in this screen. Table 35 Security > Firewall > Rules: Edit: Edit Customized Services: Config LABEL DESCRIPTION Config Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box. Port Configuration Type Click Single to specify one port only or Range to specify a span of ports that define your customized service.
Chapter 7 Firewalls 7.4.1 Threshold Values If everything is working properly, you probably do not need to change the threshold settings as the default threshold values should work for most small offices. Tune these parameters when you believe the ZyXEL Device has been receiving DoS attacks that are not recorded in the logs or the logs show that the ZyXEL Device is classifying normal traffic as DoS attacks. Factors influencing choices for threshold values are: 1 The maximum number of opened sessions.
Chapter 7 Firewalls The following table describes the labels in this screen. Table 36 Security > Firewall > Threshold LABEL DESCRIPTION Denial of Service Thresholds The ZyXEL Device measures both the total number of existing half-open sessions and the rate of session establishment attempts. Both TCP and UDP half-open sessions are counted in the total number and rate measurements. Measurements are made once a minute.
Chapter 7 Firewalls 7.5 Firewall Technical Reference This section provides some technical background information about the topics covered in this chapter. 7.5.1 Firewall Rules Overview Your customized rules take precedence and override the ZyXEL Device’s default settings. The ZyXEL Device checks the source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them).
Chapter 7 Firewalls You may define additional rules and sets or modify existing ones but please exercise extreme caution in doing so. For example, you may create rules to: • Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet. • Allow certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the Internet to specific hosts on the LAN. • Allow everyone except your competitors to access a web server.
Chapter 7 Firewalls 3 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 4 Does this rule conflict with any existing rules? Once these questions have been answered, adding rules is simply a matter of entering the information into the correct fields in the web configurator screens. 7.5.
Chapter 7 Firewalls As a result, the ZyXEL Device resets the connection, as the connection has not been acknowledged. Figure 62 “Triangle Route” Problem WAN LAN 1 ISP 1 3 2 ISP 2 A 7.5.4.2 Solving the “Triangle Route” Problem If you have the ZyXEL Device allow triangle route sessions, traffic from the WAN can go directly to a LAN computer without passing through the ZyXEL Device and its firewall protection. Another solution is to use IP alias.
Chapter 7 Firewalls 4 The ZyXEL Device then sends it to the computer on the LAN in Subnet 1.
Chapter 7 Firewalls 104 P-660R-F1 Series User’s Guide
C HAPT ER 8 Packet Filters 8.1 Overview Your ZyXEL Device uses filters to decide whether to allow passage of traffic. This chapter discusses how to create and apply filters. 8.1.1 What You Can Do in the Packet Filter Screen Use the Packet Filter screens to display the filter sets and configure the rules for protocol and generic filters. 8.1.2 What You Need to Know About the Packet Filter Filters Your ZyXEL Device uses filters to decide whether to allow passage of a data packet.
Chapter 8 Packet Filters Figure 64 Security > Packet Filter The following table describes the fields in this screen. Table 37 Security > Packet Filter LABEL DESCRIPTION # This field displays the index number of the filter set. Name Enter a name for the filter set. The text may consist of up to 16 letters, numerals and any printable character found on a typical English language keyboard. Filter Type Select Protocol Filter or Generic Filter for your filter set.
Chapter 8 Packet Filters In the Packet Filter screen, select Protocol Filter from the Filter Type field. Then click the Edit button from the Modify field to display the following screen. Figure 65 Security > Packet Filter > Edit (Protocol Filter) The following table describes the fields in this screen. LABEL DESCRIPTION # This is the index number of the rules in a filter set. Active Use the check box to turn a filter rule on or off.
Chapter 8 Packet Filters Figure 66 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule The following table describes the labels in this screen. Table 38 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule LABEL DESCRIPTION Active Select the check box to enable the filter rule. Protocol Select ICMP, TCP or UDP for the upper layer protocol. IP Source Route Select the check box to apply the filter rule to packets with an IP source route option.
Chapter 8 Packet Filters LABEL DESCRIPTION Port Compare Select the comparison to apply to the source port in the packet against the value given in the Source Port field. Options are None, Equal, Not Equal, Less and Greater. TCP Estab This field is only available when you select TCP in the Protocol field. Select Yes to have the rule match packets that want to establish a TCP connection. This field is ignored if you select No.
Chapter 8 Packet Filters In the Packet Filter screen, select Generic Filter from the Filter Type field. Then click the Edit button from the Modify field to display the following screen. Figure 67 Security > Packet Filter > Edit (Generic Filter) The following table describes the labels in this screen. Table 39 Security > Packet Filter > Edit (Generic Filter) LABEL DESCRIPTION # This is the index number of the rules in a filter set. Active Use the check box to turn on or off a filter rule.
Chapter 8 Packet Filters 8.2.4 Configuring Generic Packet Rules Use this screen to configure generic filter rules. In the Edit (Generic Filter) screen, click the Edit button from the Modify field to display the following screen. Figure 68 Security > Packet Filter > Edit (Generic Filter) > Edit Rule The following table describes the labels in this screen. Table 40 Security > Packet Filter > Edit (Generic Filter) > Edit Rule LABEL DESCRIPTION Active Select the check box to enable the filter rule.
Chapter 8 Packet Filters LABEL DESCRIPTION Log Select a logging option from the following: None – No packets will be logged. Match - Only packets that match the rule parameters will be logged. Not Match - Only packets that do not match the rule parameters will be logged. Both – All packets will be logged. Action Match Select the action for a matching packet. Options are Check Next Rule, Forward and Drop. Action Not Match Select the action for a packet not matching the rule.
Chapter 8 Packet Filters Packet Filtering • The router filters packets as they pass through the router’s interface according to the filter rules you designed. • Packet filtering is a powerful tool, yet can be complex to configure and maintain, especially if you need a chain of rules to filter a service. • Packet filtering only checks the header portion of an IP packet. When To Use Filtering 1 To block/allow LAN packets by their MAC addresses.
Chapter 8 Packet Filters 6 114 The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database.
C HAPT ER 9 Certificates 9.1 Overview This chapter describes how your ZyXEL Device can use certificates as a means of authenticating wireless clients. It gives background information about public-key certificates and explains how to use them. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Chapter 9 Certificates Certificate File Formats The certification authority certificate that you want to import has to be in one of these file formats: • Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters, uppercase letters and numerals to convert a binary X.509 certificate into a printable form.
Chapter 9 Certificates 9.2 The My Certificates Screen This is the ZyXEL Device’s summary list of certificates and certification requests. Certificates display in black and certification requests display in gray. Click Security > Certificates > My Certificates to open the My Certificates screen. Figure 71 My Certificates The following table describes the labels in this screen.
Chapter 9 Certificates LABEL DESCRIPTION Subject This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have unique subject information.
Chapter 9 Certificates Note: You must remove any spaces from the certificate’s filename before you can import it. Figure 72 My Certificate Import The following table describes the labels in this screen. Table 42 My Certificate Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click this to find the certificate file you want to upload. Back Click this to return to the previous screen without saving.
Chapter 9 Certificates 9.2.2 My Certificate Create Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. Click Security > Certificates > My Certificates > Create to open the My Certificate Create screen. Figure 73 My Certificate Create The following table describes the labels in this screen.
Chapter 9 Certificates LABEL DESCRIPTION Country Type up to 127 characters to identify the nation where the certificate owner is located. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. Key Length Select a number from the drop-down list box to determine how many bits the key should use (512 to 2048). The longer the key, the more secure it is. A longer key also uses more PKI storage space.
Chapter 9 Certificates LABEL DESCRIPTION Apply Click this to save the certificate on the ZyXEL Device. Cancel Click this to clear your settings. After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyXEL Device is generating the self-signed certificate or certification request.
Chapter 9 Certificates Certificates > My Certificates to open the My Certificates screen. Click the edit icon to open the My Certificate Details screen. Figure 74 My Certificate Details The following table describes the labels in this screen. Table 44 My Certificate Details LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certificate.
Chapter 9 Certificates LABEL DESCRIPTION Certification Path Click the Refresh button to have this read-only text box display the hierarchy of certification authorities that validate the certificate (and the certificate itself). If the issuing certification authority is one that you have imported as a trusted certification authority, it may be the only certification authority in the list (along with the certificate itself).
Chapter 9 Certificates LABEL DESCRIPTION MD5 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the MD5 algorithm. SHA1 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the SHA1 algorithm. Certificate in PEM (Base-64) Encoded Format This read-only text box displays the certificate or certification request in Privacy Enhanced Mail (PEM) format.
Chapter 9 Certificates certificate that is signed by one of these certification authorities. Click Security > Certificates > Trusted CAs to open the Trusted CAs screen. Figure 75 Trusted CAs The following table describes the labels in this screen. Table 45 Trusted CAs 126 LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device’s PKI storage space that is currently in use. The bar turns from blue to red when the maximum is being approached.
Chapter 9 Certificates LABEL DESCRIPTION CRL Issuer This field displays Yes if the certification authority issues Certificate Revocation Lists for the certificates that it has issued and you have selected the Issues certificate revocation lists (CRL) check box in the certificate’s details screen to have the ZyXEL Device check the CRL before trusting any certificates issued by the certification authority. Otherwise the field displays “No”.
Chapter 9 Certificates 9.3.2 Trusted CA Details Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyXEL Device to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. Click Security > Certificates > Trusted CAs to open the Trusted CAs screen. Click the details icon to open the Trusted CA Details screen.
Chapter 9 Certificates LABEL DESCRIPTION Certificate Path Click the Refresh button to have this read-only text box display the end entity’s certificate and a list of certification authority certificates that shows the hierarchy of certification authorities that validate the end entity’s certificate.
Chapter 9 Certificates LABEL DESCRIPTION MD5 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the MD5 algorithm. You can use this value to verify with the certification authority (over the phone for example) that this is actually their certificate. SHA1 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the SHA1 algorithm.
Chapter 9 Certificates The following table describes the labels in this screen. Table 48 Trusted Remote Hosts LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device’s PKI storage space that is currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
Chapter 9 Certificates Note: The trusted remote host certificate must be a self-signed certificate; and you must remove any spaces from its filename before you can import it. Figure 79 Trusted Remote Host Import The following table describes the labels in this screen. Table 49 Trusted Remote Host Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click this to find the certificate file you want to upload.
Chapter 9 Certificates the Trusted Remote Hosts screen. Click the details icon to open the Trusted Remote Host Details screen. Figure 80 Trusted Remote Host Details The following table describes the labels in this screen. Table 50 Trusted Remote Host Details LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Chapter 9 Certificates LABEL DESCRIPTION Version This field displays the X.509 version number. Serial Number This field displays the certificate’s identification number given by the device that created the certificate. Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C).
Chapter 9 Certificates LABEL DESCRIPTION Apply Click this to save your changes. You can only change the name of the certificate. Cancel Click this to restore your previously saved settings. 9.5 The Directory Servers Screens This screen displays a summary list of directory servers (that contain lists of valid and revoked certificates) that have been saved into the ZyXEL Device.
Chapter 9 Certificates LABEL DESCRIPTION Modify Click the Edit icon to open a screen where you can change the information about the directory server. Click the Remove icon to remove the directory server entry. A window displays asking you to confirm that you want to delete the directory server. Note that subsequent certificates move up by one when you take this action. Add Click this to open a screen where you can configure information about a directory server so that the ZyXEL Device can access it.
Chapter 9 Certificates LABEL DESCRIPTION Server Port This field displays the default server port number of the protocol that you select in the Access Protocol field. You may change the server port number if needed, however you must use the same server port number that the directory server uses. 389 is the default server port number for LDAP. Login Setting Login The ZyXEL Device may need to authenticate itself in order to assess the directory server.
Chapter 9 Certificates Advantages of Certificates Certificates offer the following benefits. • The ZyXEL Device only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate. • Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys.
Chapter 9 Certificates Trusted Remote Host Certificate Fingerprints A certificate’s fingerprints are message digests calculated using the MD5 or SHA1 algorithms. The following procedure describes how to use a certificate’s fingerprint to verify that you have the remote host’s correct certificate. 1 Browse to where you have the remote host’s certificate saved on your computer. 2 Make sure that the certificate has a “.cer” or “.crt” file name extension.
Chapter 9 Certificates 140 P-660R-F1 Series User’s Guide
C HAPTER 10 Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 10.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
Chapter 10 Static Route 10.2 Configuring Static Route Click Advanced > Static Route to open the Static Route screen. Figure 86 Static Route The following table describes the labels in this screen. Table 53 Static Route LABEL DESCRIPTION # This is the number of an individual static route. Active Select the check box to activate this static route. Otherwise, clear the check box. Name This is the name that describes or identifies this route.
Chapter 10 Static Route 10.2.1 Static Route Edit Select a static route index number and click Edit. The screen shown next appears. Use this screen to configure the required information for a static route. Figure 87 Static Route Edit The following table describes the labels in this screen. Table 54 Static Route Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route.
Chapter 10 Static Route 144 P-660R-F1 Series User’s Guide
C HAPTER 11 Quality Of Service 11.1 Overview Use the QoS screens to set up your ZyXEL Device to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth. QoS allows the ZyXEL Device to group and prioritize application traffic and fine-tune network performance. Without QoS, all traffic data are equally likely to be dropped when the network is congested.
Chapter 11 Quality Of Service Tagging and Marking In a QoS class, you can configure whether to add or change the DiffServ Code Point (DSCP) value, IEEE 802.1p priority level and VLAN ID number in a matched packet. When the packet passes through a compatible network, the networking device, such as a backbone switch, can provide specific treatment or service based on the tag or marker. 11.1.
Chapter 11 Quality Of Service match these two classes are assigned priority queue based on the internal QoS mapping table on the ZyXEL Device. VoIP: Queue 6 DSL 50 Mbps Boss: Queue 5 IP=192.168.1.
Chapter 11 Quality Of Service Figure 89 QoS Class Example: VoIP -2 Figure 90 QoS Class Example: Boss -1 148 P-660R-F1 Series User’s Guide
Chapter 11 Quality Of Service Figure 91 QoS Class Example: Boss -2 11.2 The QoS General Screen Use this screen to enable or disable QoS and have the ZyXEL Device automatically assign priority to traffic according to the IEEE 802.1p priority level, IP precedence and/or packet length.
Chapter 11 Quality Of Service Click Advanced > QoS to open the screen as shown next. Figure 92 Advanced > QoS > General The following table describes the labels in this screen. Table 55 Advanced > QoS > General LABEL DESCRIPTION Active QoS Select the check box to turn on QoS to improve your network performance. You can give priority to traffic that the ZyXEL Device forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly.
Chapter 11 Quality Of Service 11.3 The Class Setup Screen Use this screen to add, edit or delete classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming interface. For example, you can configure a classifier to select traffic from the same protocol port (such as Telnet) to form a flow. Click Advanced > QoS > Class Setup to open the following screen.
Chapter 11 Quality Of Service 11.3.1 The Class Configuration Screen Use this screen to configure a classifier. Click the Add button or the Edit icon in the Modify field to display the following screen. Figure 94 Advanced > QoS > Class Setup: Edit The following table describes the labels in this screen. Table 57 Advanced > QoS > Class Setup: Edit (continued) LABEL DESCRIPTION Class Configuration Active Select the check box to enable this classifier.
Chapter 11 Quality Of Service LABEL DESCRIPTION Routing Policy Select the next hop to which traffic of this class should be forwarded. Select By Routing Table to have the ZyXEL Device use the routing table to find a next hop and forward the matched packets automatically. Select To WAN Index to route the matched packets through the specified PVC. This option is available only when the WAN type is ADSL.
Chapter 11 Quality Of Service LABEL Exclude DESCRIPTION Select this option to exclude the packets that match the specified criteria from this classifier. Destination Address Select the check box and enter the destination IP address in dotted decimal notation. Subnet Netmask Enter the destination subnet mask. Refer to the appendix for more information on IP subnetting. Port Select the check box and enter the port number of the destination.0 means any source port number.
Chapter 11 Quality Of Service LABEL DESCRIPTION Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 11.4 The QoS Monitor Screen Use this screen to view the ZyXEL Device’s QoS packet statistics. Click Advanced > QoS > Monitor. The screen appears as shown. Figure 95 Advanced > QoS > Monitor The following table describes the labels in this screen.
Chapter 11 Quality Of Service LABEL DESCRIPTION Set Interval Click this to apply the new poll interval you entered in the Poll Interval(s) field. Stop Click this to stop refreshing statistics. 11.5 QoS Technical Reference This section provides some technical background information about the topics covered in this chapter. 11.5.1 IEEE 802.1Q Tag The IEEE 802.1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges.
Chapter 11 Quality Of Service 11.5.3 DiffServ QoS is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types. Differentiated Services (DiffServ) is a Class of Service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow.
Chapter 11 Quality Of Service LAYER 2 LAYER 3 PRIORITY QUEUE IEEE 802.
C HAPTER 12 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 12.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.
Chapter 12 Dynamic DNS Setup See Section 12.1 on page 159 for more information. Figure 96 Dynamic DNS The following table describes the fields in this screen. Table 61 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
Chapter 12 Dynamic DNS Setup Table 61 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS server auto detect IP Address Select this option only when there are one or more NAT routers between the ZyXEL Device and the DDNS server. This feature has the DDNS server automatically detect and use the IP address of the NAT router that has a public IP address. Note: The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS server.
Chapter 12 Dynamic DNS Setup 162 P-660R-F1 Series User’s Guide
C HAPTER 13 Remote Management Configuration This chapter provides information on configuring remote management. 13.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. You may manage your ZyXEL Device from a remote location via: • Internet (WAN only) • ALL (LAN and WAN) • LAN only, • Neither (Disable).
Chapter 13 Remote Management Configuration • Use the ZyXEL Device’s WAN IP address when configuring from the WAN. • Use the ZyXEL Device’s LAN IP address when configuring from the LAN. 13.1.3 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. 13.
Chapter 13 Remote Management Configuration 2 HTTP connection requests from a web browser go to port 80 (by default) on the ZyXEL Device’s WS (web server). Figure 97 HTTPS Implementation Note: If you disable the WWW service in the Remote MGMT > WWW screen, then the ZyXEL Device blocks all HTTP connection attempts.
Chapter 13 Remote Management Configuration The following table describes the labels in this screen. LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. LAN Access Status Select Enable to use the LANinterface for Access Status. When Access Status is enabled on the LAN interface, this is the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 13 Remote Management Configuration 13.3 Telnet You can configure your ZyXEL Device for remote Telnet access as shown next. The administrator uses Telnet from a computer on a remote network to access the ZyXEL Device. Figure 99 Telnet Configuration on a TCP/IP Network 13.4 Configuring Telnet Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. Figure 100 Remote Management: Telnet The following table describes the labels in this screen.
Chapter 13 Remote Management Configuration Table 62 Remote Management: Telnet LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. 13.5 Configuring FTP You can upload and download the ZyXEL Device’s firmware and configuration files using FTP, please see the chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client.
Chapter 13 Remote Management Configuration 13.6 SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyXEL Device supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyXEL Device through the network. The ZyXEL Device supports SNMP version one (SNMPv1) and version two (SNMPv2). The next figure illustrates an SNMP management operation.
Chapter 13 Remote Management Configuration • Set - Allows the manager to set values for object variables within an agent. • Trap - Used by the agent to inform the manager of some events. 13.6.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 13.6.
Chapter 13 Remote Management Configuration 13.6.3 Configuring SNMP To change your ZyXEL Device’s SNMP settings, click Advanced > Remote MGMT > SNMP. The screen appears as shown. Figure 103 Remote Management: SNMP The following table describes the labels in this screen. Table 65 Remote Management: SNMP LABEL DESCRIPTION SNMP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Chapter 13 Remote Management Configuration Table 65 Remote Management: SNMP LABEL DESCRIPTION Destination Type the IP address of the station to send your SNMP traps to. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. 13.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on LAN for background information.
Chapter 13 Remote Management Configuration 13.8 Configuring ICMP To change your ZyXEL Device’s security settings, click Advanced > Remote MGMT > ICMP. The screen appears as shown. If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent.
C HAPTER 14 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 14.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Chapter 14 Universal Plug-and-Play (UPnP) All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 14.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0. See the following sections for examples of installing and using UPnP. 14.2.
Chapter 14 Universal Plug-and-Play (UPnP) 14.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. 14.3.1 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel. Double-click Add/Remove Programs. 2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details.
Chapter 14 Universal Plug-and-Play (UPnP) 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 108 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. 14.3.2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click start and Control Panel.
Chapter 14 Universal Plug-and-Play (UPnP) 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Figure 110 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 111 Networking Services 6 178 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Chapter 14 Universal Plug-and-Play (UPnP) 14.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. 14.4.1 Auto-discover Your UPnP-enabled Network Device 1 Click start and Control Panel. Double-click Network Connections.
Chapter 14 Universal Plug-and-Play (UPnP) 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
Chapter 14 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 114 Internet Connection Properties: Advanced Settings Figure 115 Internet Connection Properties: Advanced Settings: Add Note: When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 5 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Chapter 14 Universal Plug-and-Play (UPnP) 6 Double-click on the icon to display your current Internet connection status. Figure 117 Internet Connection Status 14.4.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 182 1 Click Start and then Control Panel.
Chapter 14 Universal Plug-and-Play (UPnP) 3 Select My Network Places under Other Places. Figure 118 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network.
Chapter 14 Universal Plug-and-Play (UPnP) 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Figure 119 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device.
C HAPTER 15 System Use this screen to configure the ZyXEL Device’s time and date settings. 15.1 General Setup 15.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". • In Windows 95/98 click Start, Settings, Control Panel, Network.
Chapter 15 System Click Maintenance > System to open the General screen. Figure 121 System General Setup The following table describes the labels in this screen. Table 69 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted.
Chapter 15 System Table 69 System General Setup LABEL DESCRIPTION Retype to Confirm Type the new password again for confirmation. Admin Password If you log in with the admin password, you can configure the advanced features as well as the wizard setup on the ZyXEL Device. Old Password Type the default admin password (1234) or the existing password you use to access the system for configuring advanced features. New Password Type your new admin password (up to 30 characters).
Chapter 15 System The following table describes the fields in this screen. Table 70 System Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server. Current Date This field displays the date of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the date with the time server.
Chapter 15 System Table 70 System Time Setting (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the first Sunday of April. Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time.
Chapter 15 System 190 P-660R-F1 Series User’s Guide
C HAPTER 16 Logs 16.1 Overview This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server. 16.1.1 What You Can Do in the Log Screens • Use the View Log screen (Section 16.
Chapter 16 Logs Figure 123 Maintenance > Logs > View Log The following table describes the fields in this screen. Table 71 Maintenance > Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the dropdown list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.
Chapter 16 Logs 16.3 The Log Settings Screen Use the Log Settings screen to configure the mail server, the syslog server, when to send logs and what logs to send. To change your ZyXEL Device’s log settings, click Maintenance > Logs > Log Settings. The screen appears as shown. Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many e-mails being sent.
Chapter 16 Logs Table 72 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via E-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyXEL Device sends. Not all ZyXEL Device models have this field.
Chapter 16 Logs 16.4 SMTP Error Messages If there are difficulties in sending e-mail the following error message appears. “SMTP action request failed. ret= ??". The “??"are described in the following table. Table 73 SMTP Error Messages -1 means ZyXEL Device out of socket -2 means tcp SYN fail -3 means smtp server OK fail -4 means HELO fail -5 means MAIL FROM fail -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail 16.4.
Chapter 16 Logs "End of Log" message shows that a complete log has been sent. Figure 125 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy |forward | 09:54:17 |UDP src port:00520 dest port:00520 |<1,00> | 3|Apr 7 00 |From:192.168.1.6 To:10.10.10.
Chapter 16 Logs 16.5 Log Descriptions This section provides descriptions of example log messages. Table 74 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server. Time calibration failed The router failed to get information from the time server. WAN interface gets IP: %s A WAN interface got a new IP address from the DHCP, PPPoE, or dial-up server.
Chapter 16 Logs Table 75 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. number of session per host! This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be created per host. setNetBIOSFilter: calloc error The router failed to allocate memory for the NetBIOS filter settings. readNetBIOSFilter: calloc error The router failed to allocate memory for the NetBIOS filter settings. WAN connection is down. A WAN connection is down.
Chapter 16 Logs LOG MESSAGE DESCRIPTION Exceed MAX incomplete, sent TCP RST The router sent a TCP reset packet when the number of incomplete connections (TCP and UDP) exceeded the userconfigured threshold. (Incomplete count is for all TCP and UDP connections through the firewall.
Chapter 16 Logs LOG MESSAGE DESCRIPTION Unsupported/out-of-order ICMP: ICMP The firewall does not support this kind of ICMP packets or the ICMP packets are out of order. Router reply ICMP packet: ICMP The router sent an ICMP reply packet to the sender. Table 81 PPP Logs LOG MESSAGE DESCRIPTION ppp:LCP Starting The PPP connection’s Link Control Protocol stage has started. ppp:LCP Opening The PPP connection’s Link Control Protocol stage is opening.
Chapter 16 Logs LOG MESSAGE DESCRIPTION ports scan TCP The firewall detected a TCP port scan attack. teardrop TCP The firewall detected a TCP teardrop attack. teardrop UDP The firewall detected an UDP teardrop attack. teardrop ICMP (type:%d, code:%d) The firewall detected an ICMP teardrop attack. illegal command TCP The firewall detected a TCP illegal command attack. NetBIOS TCP The firewall detected a TCP NetBIOS attack.
Chapter 16 Logs PACKET DIRECTION DIRECTION DESCRIPTION (L to ZyXEL Device) LAN to ZyXEL Device ACL set for packets traveling from the LAN to the ZyXEL Device. (W to ZyXEL Device) WAN to ZyXEL Device ACL set for packets traveling from the WAN to the ZyXEL Device.
Chapter 16 Logs TYPE CODE DESCRIPTION Information Reply 16 0 Information reply message Table 88 System Logs LOG MESSAGE DESCRIPTION Mon dd hr:mm:ss hostname src="" dst="" msg="" note="" devID="" cat=" "This message is sent by the system ("RAS" displays as the system name if you haven’t configured one) when the router generates a syslog.
Chapter 16 Logs 204 P-660R-F1 Series User’s Guide
C HAPTER 17 Tools This chapter describes how to upload new firmware, manage configuration and restart your ZyXEL Device. 17.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a.bin extension, for example, "ZyXEL Device.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. Only use firmware for your device’s specific model.
Chapter 17 Tools Note: Do NOT turn off the ZyXEL Device while firmware upload is in progress! After you see the Firmware Upload in Progress screen, wait two minutes before logging into the ZyXEL Device again. Figure 127 Firmware Upload In Progress The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
Chapter 17 Tools 17.2 Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 130 Configuration 17.2.1 Backup Configuration Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer.
Chapter 17 Tools After you see a “Restore Configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 131 Configuration Restore Successful The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
Chapter 17 Tools You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to the chapter about introducing the web configurator for more information on the RESET button. 17.3 Restart System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
C HAPTER 18 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 18.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 135 Diagnostic: General The following table describes the fields in this screen. Table 92 Diagnostic: General LABEL DESCRIPTION TCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection.
Chapter 18 Diagnostic 18.2 DSL Line Diagnostic Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 136 Diagnostic: DSL Line The following table describes the fields in this screen. Table 93 Diagnostic: DSL Line LABEL DESCRIPTION ATM Status Click this button to view ATM status. ATM Loopback Test Click this button to start the ATM loopback test. Make sure you have configured at least one PVC with proper VPIs/VCIs before you begin this test.
Chapter 18 Diagnostic 212 P-660R-F1 Series User’s Guide
C HAPTER 19 Troubleshooting This chapter covers potential problems and the corresponding remedies. 19.1 Problems Starting Up the ZyXEL Device Table 94 Troubleshooting Starting Up Your ZyXEL Device PROBLEM CORRECTIVE ACTION None of the lights turn on when I turn on the ZyXEL Device. Make sure that the ZyXEL Device’s power adaptor is connected to the ZyXEL Device and plugged in to an appropriate power source. Make sure that the ZyXEL Device and the power source are both turned on.
Chapter 19 Troubleshooting 19.3 Problems with the WAN Table 96 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL light is off. Check the telephone wire and connections between the ZyXEL Device DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service. Reset your ADSL line to reinitialize your link to the DSLAM. For details, refer to Table 93 on page 211. I cannot get a WAN IP address from the ISP.
Chapter 19 Troubleshooting 19.4 Problems Accessing the ZyXEL Device Table 97 Troubleshooting Accessing the ZyXEL Device PROBLEM CORRECTIVE ACTION The default user password is “user” and admin password is “1234”. The Password I cannot field is case-sensitive. Make sure that you enter the correct password using the access the ZyXEL Device. proper case. If you have changed the password and have now forgotten it, you will need to upload the default configuration file.
Chapter 19 Troubleshooting 216 P-660R-F1 Series User’s Guide
A PPENDIX A Product Specifications See also the Introduction chapter for a general overview of the key features. Specification Tables Table 98 Device Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password administrator: 1234 user: user DHCP Pool 192.168.1.33 to 192.168.1.
Table 99 Firmware ADSL Standards Multi-Mode standard (ANSI T1.413,Issue 2; G.dmt(G.992.1); G.lite(G992.2)). ADSL2 G.dmt.bis (G.992.3) ADSL2+ (G.992.
Table 99 Firmware (continued) Static Routes 16 IP and 4 Bridge Other Features Any IP Zero Configuration (VC auto-hunting) Traffic Redirect Dynamic DNS IP Alias P-660R-F1 Series User’s Guide 219
P-660R-F1 Series User’s Guide
A PPENDIX B Wall-mounting Instructions Do the following to hang your ZyXEL Device on a wall. Note: See the product specifications appendix for the size of screws to use and how far apart to place them. 1 Locate a high position on wall that is free of obstructions. Use a sturdy wall. 2 Drill two holes for the screws. Make sure the distance between the centers of the holes matches what is listed in the product specifications appendix.
P-660R-F1 Series User’s Guide
A PPENDIX C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 In the Network window, click Add. 2 Select Protocol and then click Add.
• If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 139 Windows 95/98/Me: TCP/IP Properties: IP Address 3 Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings 1 Click Start and then Run.
2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 142 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 144 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields.
• Click Advanced. Figure 145 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add. • In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
• Click OK when finished. Figure 146 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 147 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted).
Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel.
2 Select Ethernet built-in from the Connect via list. Figure 149 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel.
• Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 151 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window.
Linux This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version. Note: Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 152 Red Hat 9.
2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 153 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
6 Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 155 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
2 If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf file in the /etc directory. The following figure shows an example where two DNS server IP addresses are specified. Figure 158 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2 3 After you edit and save the configuration files, you must restart the network card. Enter ./ network restart in the /etc/rc.d/init.d directory. The following figure shows an example.
A PPENDIX D IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. You use subnet masks to subdivide a network into smaller logical networks. Introduction to IP Addresses An IP address has two parts: the network number and the host ID. Routers use the network number to send packets to the correct network, while the host ID identifies a single device on the network.
An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 for example). An IP address with host IDs of all ones is the broadcast address for that network (192.168.1.255 for example). Therefore, to determine the total number of hosts allowed in a network, deduct two as shown next: • A class C address (1 host octet: 8 host bits) can have 28 – 2, or 254 hosts. • A class B address (2 host octets: 16 host bits) can have 216 – 2, or 65534 hosts.
Subnet masks are expressed in dotted decimal notation just like IP addresses. The “natural” masks for class A, B and C IP addresses are as follows. Table 102 “Natural” Masks CLASS NATURAL MASK A 255.0.0.0 B 255.255.0.0 C 255.255.255.0 Subnetting With subnetting, the class arrangement of an IP address is ignored. For example, a class C address no longer has to have 24 bits of network number and 8 bits of host ID. With subnetting, some of the host ID bits are converted into network number bits.
Example: Two Subnets As an example, you have a class “C” address 192.168.1.0 with subnet mask of 255.255.255.0. Table 104 Two Subnets Example IP/SUBNET MASK NETWORK NUMBER HOST ID IP Address 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask 255.255.255. 0 Subnet Mask (Binary) 11111111.11111111.11111111. 00000000 The first three octets of the address make up the network number (class “C”). To make two networks, divide the network 192.168.1.
Host IDs of all zeros represent the subnet itself and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 27 – 2 or 126 hosts for each subnet. 192.168.1.0 with mask 255.255.255.128 is the subnet itself, and 192.168.1.127 with mask 255.255.255.128 is the directed broadcast address for the first subnet. Therefore, the lowest IP address that can be assigned to an actual host for the first subnet is 192.168.1.
Table 110 Subnet 4 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 192 IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example Eight Subnets Similarly use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111).
A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (see Table 100 on page 239) available for subnetting. The following table is a summary for class “B” subnet planning. Table 113 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.128.0 (/17) 2 32766 2 255.255.192.0 (/18) 4 16382 3 255.255.224.0 (/19) 8 8190 4 255.255.240.0 (/20) 16 4094 5 255.255.248.
P-660R-F1 Series User’s Guide
A PPENDIX E Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals. This allows simultaneous Internet access and telephone service on the same line. A splitter also eliminates the destructive interference conditions caused by telephone sets.
4 After you are done, make sure that your telephone works. If your telephone does not work, disconnect the microfilter and contact either your local telephone company or the provider of the microfilter. Figure 162 Connecting a Microfilter You can also use a Y-Connector with a microfilter in order to connect both your modem and a telephone to the same wall jack without using a POTS splitter. 1 Connect a phone cable from the wall jack to the single jack end of the Y-Connector.
ZyXEL Device With ISDN This section relates to people who use their ZyXEL Device with ADSL over ISDN (digital telephone service) only. The following is an example installation for the ZyXEL Device with ISDN.
P-660R-F1 Series User’s Guide
A PPENDIX F Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
2 Figure 166 3 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Internet Options Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 252 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
2 Select Settings…to open the Pop-up Blocker Settings screen. Figure 167 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1.
4 Click Add to move the IP address to the list of Allowed sites. Figure 168 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 169 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
6 Click OK to close the window. Figure 170 Security Settings - Java Scripting Java Permissions 256 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
5 Click OK to close the window. Figure 171 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for
3 Click OK to close the window.
Index A activation classifiers 151 firewalls 90 generic filters 110 protocol filters 107 SIP ALG 84 address assignment 64 Address Resolution Protocol (ARP) 67 ADSL standards 20, 218 alerts firewalls 94 algorithm, certificates 124, 129 MD5 fingerprint 125, 130, 134 remote hosts 134 SHA1 fingerprint 125, 130, 134 alternative subnet mask notation 241 anti-probing 86 Any IP 20 and NAT 67 how it works 67 setup 69 applications Internet access 22 asymmetrical routes 90 ATM Adaptation Layer 5 (AAL5) 44 algorithm 1
backup 207 firewalls 89, 93, 97 restore 207 copyright 5 cost of transmission 46 creation certificates 118 classifiers 151 CRL 127, 128, 129 DYNDNS wildcard 159 E ECHO 80 e-mail logs 194 embedded help 27 customized services 94, 96 Encapsulated Routing Link Protocol (ENET ENCAP) 43 D encapsulation 43, 44 ENET ENCAP 43 PPP over Ethernet 43 PPPoA 44 RFC 1483 44 default LAN IP address 24 default settings 208 deletion, certificates 118 Denials of Service, see DoS DHCP 63, 65, 159, 185 client 21 configurati
thresholds 86, 96, 97, 98 example 86 half-open sessions 98 ICMP 86 logs 94 maximum incomplete 98 P2P 97 packet direction 90 rules 91, 99 schedules 94 security 100 three-way handshake 96 triangle route 90, 101 solutions 102 firmware 205 upgrade 205 upload 205 upload error 206 FTP 80, 163, 168 and NAT 80 and remote management 168 QoS 154 FTP restrictions 163 I IANA 65 ICMP 86 IGMP and multicasting 66 versions 66 IGMP (Internet Group Multicast Protocol) 66 importing remote hosts 131 trusted CA 127 Integrated
TCP/IP 65 port numbers 80 SIP ALG activation 84 specifications 218 what it does 76 LDAP 136 Lightweight Directory Access Protocol, see LDAP login 25 directory servers 137 logs e-mail 194 firewalls 94 generic filters 112 protocol filters 109 schedules 194 M NAT (Network Address Translation) 75 NAT Traversal 174 navigating the web configurator 26 Network Address Translation (NAT) 21 NNTP 80 P P2P 97 management types of 218 Management Information Base (MIB) 169 Maximum Burst Size (MBS) 47, 53, 58 maximum
logs 109 protocols supported 218 remote node 154 reset button 26 resetting and factory default settings 208 Q resetting the ZyXEL Device 26 QoS 802.
activation 84 SMTP 80 SNMP 80, 169 agent 169 and remote management 169 manager 169 MIBs 170 SNMP (Simple Network Management Protocol) 169 SNMP manager 169 splitters 247 splitters and microfilters 247 solutions 102 troubleshooting 214 Internet access 214 trusted CA algorithm 129 CRL 127, 128, 129 exporting 130 importing 127 MD5 fingerprint 130 PEM 130 SHA1 fingerprint 130 standards, ADSL 218 static route example 141 how it works 141 remote nodes 141 SUA 78 SUA (Single User Account) 78 SUA vs NAT SUA (Singl
ENET ENCAP 43 mode 50 modulation 50 packet filter 53, 58 PPP over Ethernet 43 PPPoA 44 Setup 43 troubleshooting 214 WAN (Wide Area Network) 43 WAN backup 60 web and remote management 164 web configurator 24, 26 help 27 main screen 26 navigating 26 screen summary 27 Z Zero Configuration Internet Access 20, 48 ZyNOS (ZyXEL Network Operating System) 5 ZyXEL Home Page 6 ZyXEL Network Operating System 5 P-660R-F1 Series User’s Guide 265
P-660R-F1 Series User’s Guide
P-660R-F1 Series User’s Guide 267
P-660R-F1 Series User’s Guide
