P-660HN-Tx 802.11n Wireless ADSL2+ 4-port Gateway Default Login Details IP Address http://192.168.1.1 Password 1234 Firmware Version 1.02 Edition 1, 1/2011 www.zyxel.com www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
About This User's Guide • Download Library Search for the latest product updates and documentation from this link. Read the Tech Doc Overview to find out how to efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in order to better understand how to use your product. • Knowledge Base If you have a specific question about your product, the answer may be here. This is a collection of answers to previously asked questions about ZyXEL products.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The P-660HN-Tx may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.
Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device. • Do NOT open the device or unit.
Safety Warnings 8 P-660HN-Tx User’s Guide
Contents Overview Contents Overview User’s Guide ........................................................................................................................... 19 Introduction ................................................................................................................................ 21 The Web Configurator ............................................................................................................... 29 Status Screens .......................................
Contents Overview 10 P-660HN-Tx User’s Guide
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 5 Safety Warnings........................................................................................................................ 7 Contents Overview .......................................................
Table of Contents 3.2 The Status Screen ............................................................................................................... 37 Chapter 4 Tutorials ................................................................................................................................... 41 4.1 Overview .............................................................................................................................. 41 4.2 Setting Up a Secure Wireless Network ................
Table of Contents 6.4.6 NAT ............................................................................................................................ 86 6.5 Traffic Shaping ..................................................................................................................... 86 6.5.1 ATM Traffic Classes ................................................................................................... 87 Chapter 7 LAN Setup.................................................................
Table of Contents 8.6.2 Additional Wireless Terms .........................................................................................117 8.6.3 Wireless Security Overview ......................................................................................118 8.6.4 Signal Problems ....................................................................................................... 121 8.6.5 BSS .........................................................................................................
Table of Contents 12.1.1 What You Can Do in this Chapter .......................................................................... 155 12.2 What You Need to Know .................................................................................................. 155 12.3 The Trusted CA Screen ................................................................................................... 156 12.3.1 View Trusted CA Certificate ...............................................................................
Table of Contents 16.3 The Telnet Screen ........................................................................................................... 180 16.4 The FTP Screen .............................................................................................................. 180 16.5 The SNMP Screen ........................................................................................................... 181 16.5.1 Configuring SNMP ..................................................................
Table of Contents 22.1 Overview .......................................................................................................................... 217 22.1.1 What You Can Do in the Diagnostic Screens ......................................................... 217 22.2 The General Screen ........................................................................................................ 217 22.3 The DSL Line Screen ...................................................................................
Table of Contents 18 P-660HN-Tx User’s Guide
P ART I User’s Guide 19
CHAPTER 1 Introduction 1.1 Overview The P-660HN-Tx (x stands for 1 or 3) is an ADSL2+ router with 2x2 wireless. By integrating DSL and NAT, you are provided with ease of installation and highspeed, shared Internet access. With 802.11n 2x2, the P-660HN-Tx can transfer at data rates up to 300Mbps. The P-660HN-Tx is also a complete security solution with a robust firewall and content filtering. Please refer to the following description of the product name format.
Chapter 1 Introduction • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers. • FTP for firmware upgrades and configuration backup/restore. • TR-069. This is an auto-configuration server used to remotely configure your device. 1.
Chapter 1 Introduction 1.4.1 Internet Access Your ZyXEL Device provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack. Computers can connect to the ZyXEL Device’s LAN ports (or wirelessly). Figure 1 ZyXEL Device’s Router Features LAN DSL You can also configure firewall and filtering feature on the ZyXEL Device for secure Internet access.
Chapter 1 Introduction You can configure your wireless network in either the built-in Web Configurator, or using the WPS button. Figure 2 Wireless Access Example However, before you can use this ZyXEL Device to create a wireless network, you must set its country code first in the Web Configurator. This is very important. To set the wireless country code: 1 Log into the ZyXEL Device’s built-in Web Configurator. See Chapter 8 on page 103. 2 Open the Network > Wireless LAN > AP screen.
Chapter 1 Introduction 2 Press the WPS/WLAN button for one to five seconds and release it. 3 Press the WPS button on another WPS-enabled device within range of the ZyXEL Device. The WPS/WLAN LED should flash while the ZyXEL Device sets up a WPS connection with the other wireless device. 4 Once the connection is successfully made, the WPS/WLAN LED shines green.
Chapter 1 Introduction 1.6 LEDs (Lights) The following graphic displays the labels of the LEDs. Figure 3 LEDs None of the LEDs are on if the ZyXEL Device is not receiving power. Table 1 LED Descriptions LED COLOR STATUS DESCRIPTION POWER Green On The ZyXEL Device is receiving power and ready for use. Blinking The ZyXEL Device is self-testing. On The ZyXEL Device detected an error while self-testing, or there is a device malfunction. Off The ZyXEL Device is power off.
Chapter 1 Introduction Table 1 LED Descriptions LED COLOR STATUS DESCRIPTION INTERNET Green On The ZyXEL Device has an IP connection but no traffic. Your device has a WAN IP address (either static or assigned by a server), PPP negotiation was successfully completed (if used) and the DSL connection is up. Red Blinking The ZyXEL Device is sending or receiving IP traffic. On The ZyXEL Device attempted to make an IP connection but failed.
Chapter 1 Introduction 1.7.1 Using the Reset Button 28 1 Make sure the POWER LED is on (not blinking). 2 To set the device back to the factory default settings, press the RESET button for ten seconds or until the POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have been restored and the device restarts.
CHAPTER 2 The Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.
Chapter 2 The Web Configurator 4 A password screen displays. To access the administrative web configurator and manage the ZyXEL Device, type the user name (admin by default) and admin password (1234 by default) in the password screen and click Login. Click Cancel to revert to the default user password in the password field. If you have changed the password, enter your password and click Login. Figure 4 Password Screen 5 The following screen displays if you have not yet changed your password.
Chapter 2 The Web Configurator 6 Select Go to Wizard setup and click Apply to display the wizard main screen. Otherwise, select Go to Advanced setup and click Apply to display the Status screen. Figure 6 Replace Factory Default Certificate Screen Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again.
Chapter 2 The Web Configurator 2.2 The Main Screen Figure 7 Main Screen A B C D As illustrated above, the main screen is divided into these parts: • A - title bar • B - navigation panel • C - main window • D - status bar 2.2.1 Title Bar The title bar provides some icons in the upper right corner. The icons provide the following functions. Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Wizards: Click this icon to go to the configuration wizards.
Chapter 2 The Web Configurator 2.2.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL Device features. The following tables describe each menu item. Table 3 Navigation Panel Summary LINK TAB Status FUNCTION This screen shows the ZyXEL Device’s general device and network status information. Use this screen to access the statistics and client list.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary LINK Static Route QoS TAB FUNCTION Static Route Use this screen to configure IP static routes to tell your device about networks beyond the directly connected remote nodes. IPv6 Static Route Use this screen to configure IPv6 static routes. General Use this screen to enable QoS and traffic prioritizing. Class Setup Use this screen to configure QoS rules and actions.
Chapter 2 The Web Configurator Right after you log in, the Status screen is displayed. See Chapter 3 on page 37 for more information about the Status screen. 2.2.4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated.
Chapter 2 The Web Configurator 36 P-660HN-Tx User’s Guide
CHAPTER 3 Status Screens 3.1 Overview Use the Status screens to look at the current status of the device, system resources, and interfaces (LAN and WAN). The Status screen also provides detailed information from DHCP and statistics from bandwidth management, and traffic. 3.2 The Status Screen Use this screen to view the status of the ZyXEL Device. Click Status to open this screen.
Chapter 3 Status Screens Each field is described in the following table. Table 4 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the ZyXEL Device to update this screen. Apply Click this to update this screen immediately. Device Information User Name This field displays the ZyXEL Device system name. It is used for identification. Model Number This is the model name of your device.
Chapter 3 Status Screens Table 4 Status Screen LABEL DHCP DESCRIPTION This field displays what DHCP services the ZyXEL Device is providing to the LAN. Choices are: Server - The ZyXEL Device is a DHCP server in the LAN. It assigns IP addresses to other computers in the LAN. Relay - The ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients. None - The ZyXEL Device is not providing any DHCP services to the LAN.
Chapter 3 Status Screens Table 4 Status Screen LABEL DESCRIPTION Status This field indicates whether or not the ZyXEL Device is using the interface. For the DSL interface, this field displays Down (line is down), Up (line is up or connected) and Drop (dropping a call) if you're using PPPoE encapsulation. For the LAN interface, this field displays Up when the ZyXEL Device is using the interface and NoLink when the ZyXEL Device is not using the interface.
CHAPTER 4 Tutorials 4.1 Overview This chapter shows you how to use the ZyXEL Device’s various features. • Setting Up a Secure Wireless Network, see page 41 • Configuring the MAC Address Filter, see page 48 • Configuring Static Route for Routing to Another Network, see page 50 • Now B should be able to receive traffic from A. You may need to additionally configure B’s firewall settings to allow specific traffic to pass through., see page 52 • Multiple WAN Connections Example, see page 53 4.
Chapter 4 Tutorials 4.2.1 Configuring the Wireless Network Settings This example uses the following parameters to set up a wireless network. 42 SSID Example Security Mode WPA2-PSK Pre-Shared Key DoNotStealMyWirelessNetwork 802.11 Mode 802.11b+g+n 1 Click Network > Wireless LAN to open the AP screen. Configure the screen using the provided parameters (see page 42). Click Apply. 2 Click the Advanced Setup button and select 802.11b+g+n in the 802.11 Mode field. Click Apply.
Chapter 4 Tutorials Thomas can now use the WPS feature to establish a wireless connection between his notebook and the ZyXEL Device (see Section 4.2.2 on page 43). He can also use the notebook’s wireless client to search for the ZyXEL Device (see Section 4.2.3 on page 48). 4.2.2 Using WPS This section shows you how to set up a wireless network using WPS. It uses the ZyXEL Device as the AP and ZyXEL NWD210N as the wireless client which connects to the notebook.
Chapter 4 Tutorials 4 Push and hold the WPS button located on the ZyXEL Device’s rear panel for more than 1-5 seconds. Alternatively, you may log into ZyXEL Device’s web configurator and click the Push Button in the Network > Wireless LAN > WPS Station screen. Note: Your ZyXEL Device has a WPS button located on its rear panel as well as a WPS button in its configuration utility. Both buttons have exactly the same function: you can use one or the other.
Chapter 4 Tutorials The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both ZyXEL Device and wireless client.
Chapter 4 Tutorials PIN Configuration When you use the PIN configuration method, you need to use both the ZyXEL Device’s web configurator and the wireless client’s utility. 1 Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number. 2 Enter the PIN number in the PIN field in the Network > Wireless LAN > WPS Station screen on the ZyXEL Device.
Chapter 4 Tutorials The following figure shows you how to set up a wireless network and its security on a ZyXEL Device and a wireless client by using PIN method.
Chapter 4 Tutorials 4.2.3 Without WPS Use the wireless adapter’s utility installed on the notebook to search for the “Example” SSID. Then enter the “DoNotStealMyWirelessNetwork” pre-shared key to establish an wireless Internet connection. Note: The ZyXEL Device supports IEEE 802.11b and IEEE 802.11g wireless clients. Make sure that your notebook or computer’s wireless adapter supports one of these standards. 4.
Chapter 4 Tutorials 1 Click Network > LAN > Client List to open the following screen. Look for the MAC address of Josephine’s computer. 2 Click Network > Wireless LAN to open the AP screen. Click the Edit button in the MAC Filter field.
Chapter 4 Tutorials 3 Select Enable MAC Filter and Deny Association. Enter the MAC address you found in the Client List screen. Click Apply. Josephine will no longer be able to access the Internet through the ZyXEL Device. 4.4 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the ZyXEL Device’s LAN. The router may be used to separate two department networks.
Chapter 4 Tutorials network), the traffic is sent to the ZyXEL Device’s WAN default gateway by default. In this case, B will never receive the traffic. N1 A R N2 B You need to specify a static routing rule on the ZyXEL Device to specify R as the router in charge of forwarding traffic to N2. In this case, the ZyXEL Device routes traffic from A to R and then R routes the traffic to B.
Chapter 4 Tutorials Table 5 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS R’s N2 192.168.10.2 B 192.168.10.33 To configure a static route to route traffic from N1 to N2: 1 Log into the ZyXEL Device’s Web Configurator in advanced mode. 2 Click Advanced > Static Route. 3 Click Edit on a new rule in the Static Route screen. 4 Configure the Static Route Setup screen using the following settings: 4a Type 192.168.10.0 and subnet mask 255.255.255.0 for the destination, N2. 4b Type 192.
Chapter 4 Tutorials 4.5 Multiple WAN Connections Example This example shows an application for multiple WAN connections. Your ISP may configure more than one WAN connection on the ZyXEL Device to record traffic statistics or calculate service charges. In Figure 9, three WAN connections are configured over the ADSL line: • The connection with VPI/VCI, 0/33, is dedicated for Media-On-Demand (MOD) service. • The connection with VPI/VCI, 0/34, is dedicated for VoIP service.
Chapter 4 Tutorials 54 P-660HN-Tx User’s Guide
P ART II Technical Reference 55
CHAPTER 5 Internet and Wireless Setup Wizard 5.1 Overview Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields. 5.2 Internet Access Wizard Setup 1 After you enter the password to access the web configurator, click the wizard icon ( ) in the top right corner of the web configurator to go to the wizards.
Chapter 5 Internet and Wireless Setup Wizard 3 Your ZyXEL device attempts to detect your DSL connection and your connection type. 3a The following screen appears if a connection is not detected. Check your hardware connections and click Restart the INTERNET/WIRELESS SETUP Wizard to return to the wizard welcome screen. If you still cannot connect, click Manually configure your Internet connection. Follow the directions in the wizard and enter your Internet setup information as provided to you by your ISP.
Chapter 5 Internet and Wireless Setup Wizard 3b The following screen displays if a PPPoE or PPPoA connection is detected. Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Then click Next and see Section 5.3 on page 66 for wireless connection wizard setup. Figure 12 Auto-Detection: PPPoE 3c The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 5.2.
Chapter 5 Internet and Wireless Setup Wizard 5.2.1 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen exactly as your service provider gave it to you. Leave the defaults in any fields for which you were not given information. Figure 14 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen.
Chapter 5 Internet and Wireless Setup Wizard Table 6 Internet Access Wizard Setup: ISP Parameters 2 LABEL DESCRIPTION Multiplexing Select the multiplexing method used by your ISP from the Multiplex drop-down list box either VC-based or LLC-based. Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit. Refer to the appendix for more information. VPI Enter the VPI assigned to you. This field may already be configured.
Chapter 5 Internet and Wireless Setup Wizard The following table describes the fields in this screen. Table 7 LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password Enter the password associated with the user name above. Service Name Type the name of your PPPoE service here. Back Click this to return to the previous screen without saving.
Chapter 5 Internet and Wireless Setup Wizard The following table describes the fields in this screen. Table 8 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field. Back Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving.
Chapter 5 Internet and Wireless Setup Wizard The following table describes the fields in this screen. Table 9 Internet Connection with ENET ENCAP LABEL DESCRIPTION Obtain an IP A static IP address is a fixed IP that your ISP gives you. A dynamic IP Address address is not fixed; the ISP assigns you a different one each time you Automatically connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address.
Chapter 5 Internet and Wireless Setup Wizard The following table describes the fields in this screen. Table 10 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving.
Chapter 5 Internet and Wireless Setup Wizard 5.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. Figure 21 Connection Test Successful 2 Use this screen to activate the wireless LAN. Click Next to continue. Figure 22 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen.
Chapter 5 Internet and Wireless Setup Wizard Table 11 Wireless LAN Setup Wizard 1 3 LABEL DESCRIPTION Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. Configure your wireless settings in this screen. Click Next. Figure 23 Wireless LAN The following table describes the labels in this screen.
Chapter 5 Internet and Wireless Setup Wizard Table 12 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. Note: The wireless stations and ZyXEL Device must use the same SSID, channel ID and WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) for wireless communication. 4 This screen varies depending on the security mode you selected in the previous screen.
Chapter 5 Internet and Wireless Setup Wizard 5.3.2 Manually Assign a WEP Key Choose Manually assign a WEP key to setup WEP Encryption parameters. Figure 25 Manually Assign a WEP key The following table describes the labels in this screen. Table 14 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission.
Chapter 5 Internet and Wireless Setup Wizard 6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. Note: No wireless LAN settings display if you chose not to configure wireless LAN settings. Figure 27 Internet Access and WLAN Wizard Setup Complete 7 70 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning.
CHAPTER 6 WAN Setup 6.1 Overview This chapter describes how to configure WAN settings from the WAN screens. Use these screens to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations. Figure 28 LAN and WAN LAN WAN 6.1.
Chapter 6 WAN Setup they should also provide a username and password (and service name) for user authentication. WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the ZyXEL Device tries to access the Internet.
Chapter 6 WAN Setup 6.2 The Internet Access Setup Screen Use this screen to change your ZyXEL Device’s WAN settings. Click Network > WAN > Internet Access Setup. The screen differs by the WAN type and encapsulation you select. Figure 29 Network > WAN >Internet Access Setup (PPPoE) The following table describes the labels in this screen.
Chapter 6 WAN Setup Table 15 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Encapsulation Select the method of encapsulation used by your ISP from the dropdown list box. Choices vary depending on the mode you select in the Mode field. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. If you select Bridge in the Mode field, method of encapsulation is not available.
Chapter 6 WAN Setup Table 15 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION IPv6 Address Obtain an IP Address Automatically Select this option if you want to have the ZyXEL Device use the IPv6 prefix from the connected router’s Router Advertisement (RA) to generate an IPv6 address. Static IP Address Select this option if you have a fixed IPv6 address assigned by your ISP. DHCP IPv6 Select DHCP if you want to obtain an IPv6 address from a DHCPv6 server.
Chapter 6 WAN Setup 6.2.1 Advanced Internet Access Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the Internet Access Setup screen. The screen appears as shown. Figure 30 Network > WAN > Internet Access Setup: Advanced Setup The following table describes the labels in this screen.
Chapter 6 WAN Setup Table 16 Network > WAN > Internet Access Setup: Advanced Setup (continued) LABEL DESCRIPTION ATM QoS Type Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail. Select rtVBR (real-time Variable Bit Rate) type for applications with bursty connections that require closely controlled delay and delay variation.
Chapter 6 WAN Setup The following table describes the labels in this screen. Table 17 Network > WAN > More Connections LABEL DESCRIPTION # This is an index number indicating the number of the corresponding connection. Active This field indicates whether the connection is active or not. Clear the check box to disable the connection. Select the check box to enable it. Name This is the name you gave to the Internet connection.
Chapter 6 WAN Setup 6.3.1 More Connections Edit Use this screen to configure a connection. Click the edit icon in the More Connections screen to display the following screen. Figure 32 Network > WAN > More Connections: Edit The following table describes the labels in this screen. Table 18 Network > WAN > More Connections: Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection.
Chapter 6 WAN Setup Table 18 Network > WAN > More Connections: Edit (continued) LABEL DESCRIPTION Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. Choices vary depending on the mode you select in the Mode field. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. If you select Bridge in the Mode field, method of encapsulation is not available.
Chapter 6 WAN Setup Table 18 Network > WAN > More Connections: Edit (continued) LABEL DESCRIPTION DHCP IPv6 Select DHCP if you want to obtain an IPv6 address from a DHCPv6 server. The IP address assigned by a DHCPv6 server has priority over the IP address automatically generated by the ZyXEL Device using the IPv6 prefix from an RA.
Chapter 6 WAN Setup 6.3.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 33 Network > WAN > More Connections: Edit: Advanced Setup The following table describes the labels in this screen.
Chapter 6 WAN Setup Table 19 Network > WAN > More Connections: Edit: Advanced Setup (continued) LABEL DESCRIPTION Sustain Cell Rate The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that can be transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec. Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak rate. Type the MBS, which is less than 65535.
Chapter 6 WAN Setup 6.4.1.2 PPP over Ethernet The ZyXEL Device supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE. For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example RADIUS).
Chapter 6 WAN Setup VC-based Multiplexing In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc. VC-based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical. LLC-based Multiplexing In this case one VC carries multiple protocols with protocol identifying information being contained in each packet header.
Chapter 6 WAN Setup port and so the IP Address and Gateway IP Address fields are not applicable (N/A) as the DHCP server assigns them to the ZyXEL Device. 6.4.5 Nailed-Up Connection (PPP) A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The ZyXEL Device does two things when you specify a nailed-up connection. The first is that idle timeout is disabled.
Chapter 6 WAN Setup If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate. The following figure illustrates the relationship between PCR, SCR and MBS. Figure 34 Example of Traffic Shaping 6.5.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification.
Chapter 6 WAN Setup The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an VBR-nRT connection would be non-time sensitive data file transfers. Unspecified Bit Rate (UBR) The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers.
CHAPTER 7 LAN Setup 7.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses. LAN DSL 7.1.1 What You Can Do in the LAN Screens • Use the LAN IP screen (Section 7.2 on page 91) to set the LAN IP address and subnet mask of your ZyXEL device.
Chapter 7 LAN Setup • Use the IPv6 screen (Section 7.6 on page 97) to configure the IPv6 settings on your ZyXEL device’s LAN interface. 7.1.2 What You Need To Know About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.
Chapter 7 LAN Setup without it, you must know the IP address of a networking device before you can access it. Finding Out More See Section 7.7 on page 98 for technical background information on LANs. 7.1.3 Before You Begin Find out the MAC addresses of your network devices if you intend to add them to the DHCP Client List screen. 7.2 The LAN IP Screen Use this screen to set the Local Area Network IP address and subnet mask of your ZyXEL Device. Click Network > LAN to open the IP screen.
Chapter 7 LAN Setup The following table describes the fields in this screen. Table 20 Network > LAN > IP LABEL DESCRIPTION IP Address Enter the LAN IP address you want to assign to your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Chapter 7 LAN Setup Table 21 Network > LAN > IP: Advanced Setup LABEL DESCRIPTION Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 7.3 The DHCP Setup Screen Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Click Network > DHCP Setup to open this screen.
Chapter 7 LAN Setup The following table describes the labels in this screen. Table 22 Network > LAN > DHCP Setup LABEL DESCRIPTION DHCP Setup DHCP If set to Server, your ZyXEL Device can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client. If set to None, the DHCP server will be disabled.
Chapter 7 LAN Setup Use this screen to change your ZyXEL Device’s static DHCP settings. Click Network > LAN > Client List to open the following screen. Figure 38 Network > LAN > Client List The following table describes the labels in this screen. Table 23 Network > LAN > Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify. MAC Address Enter the MAC address of a computer on your LAN.
Chapter 7 LAN Setup 7.5 The IP Alias Screen IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The ZyXEL Device supports two logical LAN interface via its physical Ethernet interface with the ZyXEL Device itself as the gateway for the LAN network. When you use IP alias, you can also configure firewall rules to control access to the LAN's logical network (subnet). 7.5.
Chapter 7 LAN Setup 7.6 The IPv6 Screen Use this screen to configure the IPv6 settings for your P-660HN-Tx’s LAN interface. See Appendix E on page 295 for background information about IPv6. Figure 40 Network > LAN > IPv6 The following table describes the labels in this screen. Table 25 Network > LAN > IPv6 LABEL DESCRIPTION IPv6 IPv6 Address Enter the LAN IPv6 address you want to assign to your ZyXEL Device in hexadecimal notation, for example, fe80::1 (factory default).
Chapter 7 LAN Setup LABEL DESCRIPTION Prefix length An IPv6 prefix length specifies how many most significant bits (starting from the left) in the address compose the network address. This field displays the bit number of the IPv6 subnet mask. Preferred Lifetime Enter the preferred lifetime for the prefix. Valid Lifetime Enter the valid lifetime for the prefix. DHCPv6 Configuration IPv6 DNS Configure the IPv6 DNS information the ZyXEL device passes to clients when it acts as a DHCPv6 server.
Chapter 7 LAN Setup 7.7.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Chapter 7 LAN Setup IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Chapter 7 LAN Setup organization, you should consult your network administrator for the appropriate IP addresses. Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, “Address Allocation for Private Internets” and RFC 1466, “Guidelines for Management of IP Address Space”. 7.7.
Chapter 7 LAN Setup version 1 is still in wide use. IGMP version 3 supports source filtering, reporting or ignoring traffic from specific source address to a particular host on the network. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address 224.0.0.
CHAPTER 8 Wireless LAN 8.1 Overview This chapter describes how to perform tasks related to setting up and optimizing your wireless network, including the following. • Turning the wireless connection on or off. • Configuring a name, wireless channel and security for the network. • Using WiFi Protected Setup (WPS) to configure your wireless network. • Setting up multiple wireless networks. • Using a MAC (Media Access Control) address filter to restrict access to the wireless network.
Chapter 8 Wireless LAN 8.1.2 What You Need to Know About Wireless Wireless Basics “Wireless” is essentially radio communication. In the same way that walkie-talkie radios send and receive information over the airwaves, wireless networking devices exchange information with one another. A wireless networking device is just like a radio that lets your computer exchange information with radios attached to other computers.
Chapter 8 Wireless LAN • What security options do the other wireless devices in your network support (WPA-PSK, for example)? What is the strongest security option supported by all the devices in your network? • Do the other wireless devices in your network support WPS (Wi-Fi Protected Setup)? If so, you can set up a well-secured network very easily.
Chapter 8 Wireless LAN Table 26 Network > Wireless LAN > AP LABEL DESCRIPTION Channel Selection Set the operating channel manually by selecting a channel from the Channel Selection list or use Auto Channel Select to have it automatically configured. Common Setup Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Wireless devices associating to the access point (AP) must have the same SSID.
Chapter 8 Wireless LAN Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 43 Network > Wireless LAN > AP: No Security The following table describes the labels in this screen. Table 27 Network > Wireless LAN > AP: No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. 8.2.2 WEP Encryption Use this screen to configure and enable WEP encryption.
Chapter 8 Wireless LAN The following table describes the wireless LAN security labels in this screen. Table 28 Network > Wireless LAN > AP: Static WEP LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box. Passphrase Enter a passphrase (up to 32 printable characters) and click Generate. The ZyXEL Device automatically generates a WEP key. WEP Key The WEP key is used to encrypt data.
Chapter 8 Wireless LAN Table 29 Network > Wireless LAN > AP: WPA(2)-PSK LABEL DESCRIPTION Pre-Shared Key The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific credentials. Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols).
Chapter 8 Wireless LAN Table 30 Network > Wireless LAN > AP: Advanced Setup LABEL DESCRIPTION Preamble Select a preamble type from the drop-down list menu. Choices are Long or Short. See the Appendix D on page 283 for more information. 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device. Select 802.11b+g to allow either IEEE 802.
Chapter 8 Wireless LAN The following table describes the labels in this screen. Table 31 Network > Wireless LAN > AP: MAC Address Filter LABEL DESCRIPTION Enable MAC Filter Select the check box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table. Select Deny to block access to the ZyXEL Device. MAC addresses not listed will be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device.
Chapter 8 Wireless LAN Table 32 Network > Wireless LAN > More AP LABEL DESCRIPTION SSID An SSID profile is the set of parameters relating to one of the ZyXEL Device’s BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated. This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
Chapter 8 Wireless LAN The following table describes the fields in this screen. Table 33 Network > Wireless LAN > More AP: Edit LABEL DESCRIPTION Active Select this check box to make this SSID active. Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Chapter 8 Wireless LAN Click Network > Wireless LAN > WPS. The following screen displays. Figure 50 Network > Wireless LAN > WPS The following table describes the labels in this screen. Table 34 Network > Wireless LAN > WPS LABEL DESCRIPTION WPS Setup WPS Setup Select the check box to activate WPS on the ZyXEL Device.
Chapter 8 Wireless LAN Click Network > Wireless LAN > WPS Station. The following screen displays. Figure 51 Network > Wireless LAN > WPS Station The following table describes the labels in this screen. Table 35 Network > Wireless LAN > WPS Station LABEL DESCRIPTION Push Button Click this to add another WPS-enabled wireless device (within wireless range of the ZyXEL Device) to your wireless network.
Chapter 8 Wireless LAN • An access point is a radio with a wired connection to a network, which can connect with numerous wireless clients and let them access the network. • A bridge is a radio that relays communications between access points and wireless clients, extending a network’s range. Traditionally, a wireless network operates in one of two ways. • An “infrastructure” type of network has one or more access points and one or more wireless clients. The wireless clients connect to the access points.
Chapter 8 Wireless LAN • If two wireless networks overlap, they should use a different channel. Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information. • Every device in the same wireless network must use security compatible with the AP. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network.
Chapter 8 Wireless LAN 8.6.3 Wireless Security Overview By their nature, radio communications are simple to intercept. For wireless data networks, this means that anyone within range of a wireless network without security can not only read the data passing over the airwaves, but also join the network. Once an unauthorized person has access to the network, he or she can steal information or introduce malware (malicious software) intended to compromise the network.
Chapter 8 Wireless LAN not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess. This type of security is fairly weak, however, because there are ways for unauthorized wireless devices to get the SSID. In addition, unauthorized wireless devices can still see the information that is sent in the wireless network. 8.6.3.2 MAC Address Filter Every device that can use a wireless network has a unique identification number, called a MAC address.
Chapter 8 Wireless LAN 8.6.3.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of authentication. (See Section 8.6.3.3 on page 119 for information about this.
Chapter 8 Wireless LAN 8.6.4 Signal Problems Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption. Problems with distance occur when the two radios are too far apart. Problems with interference occur when other radio waves interrupt the data signal.
Chapter 8 Wireless LAN wireless station A and B can still access the wired network but cannot communicate with each other. Figure 53 Basic Service set 8.6.6 MBSSID Traditionally, you need to use different APs to configure different Basic Service Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The ZyXEL Device’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously.
Chapter 8 Wireless LAN 8.6.7 WiFi Protected Setup (WPS) Your ZyXEL Device supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Each WPS connection works between two devices. Both devices must support WPS (check each device’s documentation to make sure).
Chapter 8 Wireless LAN 8.6.7.2 PIN Configuration Each WPS-enabled device has its own PIN (Personal Identification Number). This may either be static (it cannot be changed) or dynamic (in some devices you can generate a new PIN by clicking on a button in the configuration interface).
Chapter 8 Wireless LAN The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. Figure 54 Example WPS Process: PIN Method ENROLLEE REGISTRAR WPS This device’s WPS PIN: 123456 WPS Enter WPS PIN from other device: WPS START WPS START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 8.6.7.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role.
Chapter 8 Wireless LAN The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. Figure 55 How WPS works ACTIVATE WPS ACTIVATE WPS WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary.
Chapter 8 Wireless LAN 8.6.7.4 Example WPS Network Setup This section shows how security settings are distributed in an example WPS setup. The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information.
Chapter 8 Wireless LAN point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. Figure 58 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 E ION CT E NN CO G N TI XIS AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP2 8.6.7.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate).
Chapter 8 Wireless LAN • When you use the PBC method, there is a short period (from the moment you press the button on one device to the moment you press the button on the other device) when any WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a possible way for a hacker to gain access to a network. You can easily check to see if this has happened.
Chapter 8 Wireless LAN 130 P-660HN-Tx User’s Guide
CHAPTER 9 Network Address Translation (NAT) 9.1 Overview This chapter discusses how to configure NAT on the ZyXEL Device. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 9.1.1 What You Can Do in the NAT Screens • Use the NAT General Setup screen (Section 9.2 on page 132) to configure the NAT setup settings.
Chapter 9 Network Address Translation (NAT) NAT In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Chapter 9 Network Address Translation (NAT) The following table describes the labels in this screen. Table 38 Network > NAT > General LABEL DESCRIPTION Active Network Address Translation Select this check box to enable NAT. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 9.3 The Port Forwarding Screen Use this screen to forward incoming service requests to the server(s) on your local network.
Chapter 9 Network Address Translation (NAT) Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 60 Multiple Servers Behind NAT Example A=192.168.1.
Chapter 9 Network Address Translation (NAT) The following table describes the fields in this screen. Table 39 Network > NAT > Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen.
Chapter 9 Network Address Translation (NAT) 9.3.2 The Port Forwarding Rule Edit Screen Use this screen to edit a port forwarding rule. Click the rule’s edit icon in the Port Forwarding screen to display the screen shown next. Figure 62 Network > NAT > Port Forwarding: Edit The following table describes the fields in this screen. Table 40 Network > NAT > Port Forwarding: Edit LABEL DESCRIPTION Rule Setup Active Click this check box to enable the rule.
Chapter 9 Network Address Translation (NAT) 9.4 The ALG Screen Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream. When the ZyXEL Device registers with the SIP register server, the SIP ALG translates the ZyXEL Device’s private IP address inside the SIP data stream to a public IP address.
Chapter 9 Network Address Translation (NAT) packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side. Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet.
Chapter 9 Network Address Translation (NAT) 9.5.3 How NAT Works Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN.
Chapter 9 Network Address Translation (NAT) 9.5.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Figure 65 NAT Application With IP Alias 9.5.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address.
Chapter 9 Network Address Translation (NAT) Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types.
Chapter 9 Network Address Translation (NAT) 142 P-660HN-Tx User’s Guide
CHAPTER 10 Firewall 10.1 Overview This chapter shows you how to enable the ZyXEL Device firewall. Use the firewall to protect your ZyXEL Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: • allows traffic that originates from your LAN computers to go to all other networks. • blocks traffic that originates on other networks from going to the LAN. • blocks SYN and port scanner attacks.
Chapter 10 Firewall device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks. DDoS A Distributed DoS (DDoS) attack is one in which multiple compromised systems attack a single target, thereby causing denial of service for users of the targeted system.
Chapter 10 Firewall 10.2 The Firewall Screen Use this screen to enable firewall and/or SPI. Click Security > Firewall to display the following screen. Figure 66 Security > Firewall The following table describes the labels in this screen. Table 44 Security > Firewall LABEL DESCRIPTION Firewall Firewall Use this field to enable or disable firewall on your ZyXEL Device. SPI Use this field to enable or disable SPI on your ZyXEL Device.
Chapter 10 Firewall 146 P-660HN-Tx User’s Guide
CHAPTER 11 Filters 11.1 Overview This chapter introduces three types of filters supported by the ZyXEL Device. You can configure rules to restrict traffic by IP addresses, MAC addresses, IPv6 addresses and/or URLs. 11.1.1 What You Can Do in the Filter Screens • Use the URL Filter screen (Section 11.2 on page 148) to block access to web sites. • Use the IP Filter screen (Section 11.3 on page 149) to create IP filter rules. • Use the IPv6 Filter screen (Section 11.
Chapter 11 Filters 11.2 The URL Filter Screen Use this screen to block websites by URL. Click Security > Filter > URL Filter. The screen appears as shown. Figure 67 Security > Filter > URL Filter The following table describes the labels in this screen. Table 45 Security > Filter > URL Filter LABEL DESCRIPTION URL Filter Editing Active Use this field to enable or disable the URL filter. URL Index Select the index number of the filter.
Chapter 11 Filters 11.3 The IP Filter Screen Use this screen to create and apply IP filters. Click Security > Filter > IP Filter. The screen appears as shown. Figure 68 Security > Filter > IP Filter The following table describes the labels in this screen. Table 46 Security > Filter > IP Filter LABEL DESCRIPTION Rule Type Rule Type selection Select White List to specify traffic to allow and Black List to specify traffic to disallow.
Chapter 11 Filters Table 46 Security > Filter > IP Filter (continued) LABEL DESCRIPTION Direction Apply the filter to Incoming or Outgoing traffic direction. Rule Type Use the IP Filter to block traffic by IP addresses. Source IP Address Enter the source IP address of the packets you wish to filter. This field is ignored if it is 0.0.0.0. Subnet Mask Enter the IP subnet mask for the source IP address Port Number Enter the source port of the packets that you wish to filter.
