P-660HW-Tx v3 802.11g Wireless ADSL 2+ 4-port Gateway User’s Guide Version 3.40 11/2008 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 User Password user Admin Password 1234 www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. 1 " Warnings tell you about things that could harm you or your ZyXEL Device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The P-660HW-Tx v3 may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide.
Document Conventions Table 1 Common Icons ZyXEL Device Computer Notebook Server DSLAM Firewall Switch Router Internet Cloud Wireless Signal Telephone P-660HW-Tx v3 User’s Guide 5
Safety Warnings Safety Warnings 1 For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device.
Safety Warnings P-660HW-Tx v3 User’s Guide 7
Safety Warnings 8 P-660HW-Tx v3 User’s Guide
Contents Overview Contents Overview Introduction ............................................................................................................................ 31 Introducing the ZyXEL Device ................................................................................................... 33 Introducing the Web Configurator .............................................................................................. 45 Wizard Setup for Internet Access ......................................
Contents Overview Appendices and Index .........................................................................................................
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 4 Safety Warnings........................................................................................................................ 6 Contents Overview .......................................................
Table of Contents 2.1 Web Configurator Overview ................................................................................................. 45 2.2 Accessing the Web Configurator ......................................................................................... 45 2.3 Resetting the ZyXEL Device ................................................................................................ 48 2.3.1 Using the Reset Button ...........................................................................
Table of Contents Chapter 6 Bandwidth Management Wizard ............................................................................................ 89 6.1 Introduction .......................................................................................................................... 89 6.2 Predefined Media Bandwidth Management Services .......................................................... 89 6.3 Bandwidth Management Wizard Setup .................................................................
Table of Contents 8.2.4 Any IP ........................................................................................................................119 8.3 Configuring LAN IP ............................................................................................................ 120 8.3.1 Configuring Advanced LAN Setup ........................................................................... 121 8.4 DHCP Setup .........................................................................................
Table of Contents 10.4.2 Port Forwarding: Services and Port Numbers ........................................................ 152 10.4.3 Configuring Servers Behind Port Forwarding (Example) ....................................... 152 10.5 Configuring Port Forwarding ........................................................................................... 153 10.5.1 Port Forwarding Rule Edit ..................................................................................... 154 Part IV: Security ........
Table of Contents 12.3.3 Key Fields For Configuring Rules .......................................................................... 175 12.4 Connection Direction ....................................................................................................... 175 12.4.1 LAN to WAN Rules ................................................................................................. 176 12.4.2 Alerts .....................................................................................................
Table of Contents 15.6 Maximize Bandwidth Usage ............................................................................................ 207 15.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic .......................................... 207 15.6.2 Maximize Bandwidth Usage Example .................................................................... 207 15.6.3 Bandwidth Management Priorities ......................................................................... 209 15.
Table of Contents 18.3.1 Installing UPnP in Windows Me ............................................................................. 235 18.3.2 Installing UPnP in Windows XP ............................................................................. 236 18.4 Using UPnP in Windows XP Example ............................................................................. 237 18.4.1 Auto-discover Your UPnP-enabled Network Device .............................................. 238 18.4.
Table of Contents Chapter 23 Troubleshooting.................................................................................................................... 281 23.1 Power, Hardware Connections, and LEDs ...................................................................... 281 23.2 ZyXEL Device Access and Login .................................................................................... 282 23.3 Internet Access ...................................................................................
Table of Contents 20 P-660HW-Tx v3 User’s Guide
List of Figures List of Figures Figure 1 Protected Internet Access Applications .................................................................................... 40 Figure 2 LAN-to-LAN Application Example ............................................................................................ 40 Figure 3 LEDs ......................................................................................................................................... 41 Figure 4 Connecting a POTS Splitter ................
List of Figures Figure 39 Bandwidth Management Wizard: General Information ........................................................... 71 Figure 40 Bandwidth Management Wizard: Configuration ..................................................................... 72 Figure 41 Bandwidth Management Wizard: Complete ........................................................................... 73 Figure 42 Select a Mode .................................................................................................
List of Figures Figure 82 LAN IP Alias ......................................................................................................................... 125 Figure 83 Example of a Wireless Network ........................................................................................... 127 Figure 84 Wireless LAN: General ........................................................................................................ 130 Figure 85 Wireless: No Security ......................................
List of Figures Figure 125 Content Filter: Schedule ..................................................................................................... 197 Figure 126 Content Filter: Trusted ........................................................................................................ 198 Figure 127 Example of Static Routing Topology ................................................................................... 201 Figure 128 Static Route ....................................................
List of Figures Figure 168 Error Message .................................................................................................................... 273 Figure 169 Configuration ...................................................................................................................... 273 Figure 170 Configuration Restore Successful ...................................................................................... 274 Figure 171 Temporarily Disconnected ...............................
List of Figures Figure 211 openSUSE 10.3: Network Settings ..................................................................................... 312 Figure 212 openSUSE 10.3: Network Card Setup ............................................................................... 313 Figure 213 openSUSE 10.3: Network Settings .................................................................................... 314 Figure 214 openSUSE 10.3: KNetwork Manager ...........................................................
List of Tables List of Tables Table 1 Common Icons ............................................................................................................................ 5 Table 2 ADSL Standards ....................................................................................................................... 36 Table 3 LEDs .........................................................................................................................................
List of Tables Table 39 LAN IP ................................................................................................................................... 121 Table 40 Advanced LAN Setup ............................................................................................................ 121 Table 41 DHCP Setup ......................................................................................................................... 123 Table 42 LAN Client List .................................
List of Tables Table 82 Over Allotment of Bandwidth Example ................................................................................. 209 Table 83 Media Bandwidth Management: Summary ........................................................................... 210 Table 84 Bandwidth Management: Rule Setup ....................................................................................211 Table 85 Bandwidth Management Rule Configuration ..............................................................
List of Tables Table 125 Hardware Specifications ..................................................................................................... 285 Table 126 Firmware Specifications ...................................................................................................... 285 Table 127 Standards Supported .......................................................................................................... 287 Table 128 IP Address Network Number and Host ID Example ...................
P ART I Introduction Introducing the ZyXEL Device (33) Introducing the Web Configurator (45) 31
CHAPTER 1 Introducing the ZyXEL Device This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways you can manage the ZyXEL Device. 1.1 Overview The ZyXEL Device is an is an ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS) or digital (ISDN) telephone lines (depending on your model).
Chapter 1 Introducing the ZyXEL Device • TR-069. This is a standard that defines how your ZyXEL Device can be managed by a management server. 1.3 Configuring Your ZyXEL Device’s Security Features Your ZyXEL Device comes with a variety of security features. This section summarizes these features and provides links to sections in the User’s Guide to configure security settings on your ZyXEL Device. Follow the suggestions below to improve security on your ZyXEL Device and network. 1.3.
Chapter 1 Introducing the ZyXEL Device • Hide your wireless network name (SSID). The SSID can be regularly broadcast and unauthorized users may use this information to access your network. See Chapter 9 on page 127 for directions on using the web configurator to hide the SSID. • Enable the MAC filter to allow only trusted users to access your wireless network or deny unwanted users access based on their MAC address. See Section 9.2.2 on page 128 for directions on configuring the MAC filter. 1.3.
Chapter 1 Introducing the ZyXEL Device • Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the ZyXEL Device to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the ZyXEL Device. You could simply restore your last configuration. 1.
Chapter 1 Introducing the ZyXEL Device Any IP The Any IP feature allows a computer to access the Internet and the ZyXEL Device without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the ZyXEL Device are not in the same subnet. Firewall The ZyXEL Device is a stateful inspection firewall with DoS (Denial of Service) protection.
Chapter 1 Introducing the ZyXEL Device Dynamic DNS Support With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider. DHCP DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server.
Chapter 1 Introducing the ZyXEL Device " The ZyXEL Device may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs. Wi-Fi Protected Access Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification standard. Key differences between WPA and WEP are user authentication and improved data encryption. WPA2 WPA 2 (IEEE 802.
Chapter 1 Introducing the ZyXEL Device 1.6.1 Protected Internet Access The ZyXEL Device is the ideal high-speed Internet access solution. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers and supports the ADSL standards as shown in Table 2 on page 36. In addition, the ZyXEL Device with the wireless features allows wireless clients access to your network resources. The ZyXEL Device provides protection from attacks by Internet hackers.
Chapter 1 Introducing the ZyXEL Device 1.7 LEDs Figure 3 LEDs Table 3 LEDs LED COLOR STATUS DESCRIPTION POWER Green On The ZyXEL Device is receiving power and functioning properly. Blinking The ZyXEL Device is booting or performing diagnostics. On Power to the ZyXEL Device is too low. Off The system is not ready or has malfunctioned. On The ZyXEL Device has a successful Ethernet connection. Blinking The ZyXEL Device is sending/receiving data.
Chapter 1 Introducing the ZyXEL Device Install the POTS splitter at the point where the telephone line enters your residence, as shown in the following figure. Figure 4 Connecting a POTS Splitter 1 Connect the side labeled “Phone” to your telephone. 2 Connect the side labeled “Modem” or “DSL” to your ZyXEL Device. 3 Connect the side labeled “Line” to the telephone wall jack. 1.8.
Chapter 1 Introducing the ZyXEL Device Figure 5 Connecting a Microfilter You can also use a Y-Connector with a microfilter in order to connect both your modem and a telephone to the same wall jack without using a POTS splitter. 1 Connect a phone cable from the wall jack to the single jack end of the Y-Connector. 2 Connect a cable from the double jack end of the Y-Connector to the “wall side” of the microfilter. 3 Connect another cable from the double jack end of the Y-Connector to the ZyXEL Device.
Chapter 1 Introducing the ZyXEL Device Figure 7 ZyXEL Device with ISDN 44 P-660HW-Tx v3 User’s Guide
CHAPTER 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
Chapter 2 Introducing the Web Configurator 4 Type "192.168.1.1" as the URL. 5 A window displays as shown. Enter the default admin password 1234 to configure the wizards and the advanced features or enter the default user password user to view the status only. Click Login to proceed to a screen asking you to change your password or click Cancel to revert to the default password. Figure 8 Password Screen 6 If you entered the user password, skip the next two steps and refer to Section 2.4.
Chapter 2 Introducing the Web Configurator Figure 9 Change Password at Login 7 Select Go to Wizard setup and click Apply to display the wizard main screen. Otherwise, select Go to Advanced setup and click Apply to display the Status screen. Figure 10 Select a Mode " The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens to you.
Chapter 2 Introducing the Web Configurator 2.3 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”. 2.3.1 Using the Reset Button 1 Make sure the POWER LED is on (not blinking).
Chapter 2 Introducing the Web Configurator The following table describes the labels in this screen. Table 4 Web Configurator Screens Summary LINK/ICON SUB-LINK FUNCTION Wizard INTERNET/ WIRELESS SETUP Use these screens for initial configuration including general setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment. BANDWIDTH MANAGEMENT SETUP Use these screens to limit bandwidth usage by application or packet type.
Chapter 2 Introducing the Web Configurator Table 4 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION Advanced Static Route Bandwidth MGMT Use this screen to configure IP static routes. Summary Use this screen to enable bandwidth management on an interface. Rule Setup Use this screen to define a bandwidth rule. Monitor Use this screen to view the ZyXEL Device’s bandwidth usage and allotments. Dynamic DNS Remote MGMT Use this screen to set up dynamic DNS.
Chapter 2 Introducing the Web Configurator Figure 12 Status Screen The following table describes the labels shown in the Status screen. Table 5 Status Screen LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics. Apply Click this button to refresh the status screen statistics.
Chapter 2 Introducing the Web Configurator Table 5 Status Screen LABEL DESCRIPTION IP Subnet Mask This is the LAN port IP subnet mask. DHCP This is the WAN port DHCP role - Server, Relay or None. WLAN Information SSID This is the descriptive name used to identify the ZyXEL Device in the wireless LAN. Channel This is the channel number used by the ZyXEL Device now. Security This displays the WLAN security mode.
Chapter 2 Introducing the Web Configurator Table 5 Status Screen LABEL DESCRIPTION Bandwidth Status Use this screen to view the ZyXEL Device’s bandwidth usage and allotments. Packet Statistics Use this screen to view port status and packet specific statistics. 2.4.3 Status: Any IP Table Click the Any IP Table hyperlink in the Status screen.
Chapter 2 Introducing the Web Configurator The following table describes the labels in this screen. Table 7 Status: WLAN Status LABEL DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station. Association TIme This field displays the time a wireless station first associated with the ZyXEL Device. Refresh Click Refresh to reload this screen. 2.4.
Chapter 2 Introducing the Web Configurator Figure 16 Status: Packet Statistics The following table describes the fields in this screen. Table 8 Status: Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device’s present date and time. CPU Usage This field specifies the percentage of CPU utilization. Memory Usage This field specifies the percentage of memory utilization.
Chapter 2 Introducing the Web Configurator Table 8 Status: Packet Statistics (continued) LABEL DESCRIPTION Tx B/s This field displays the number of bytes transmitted in the last second. Rx B/s This field displays the number of bytes received in the last second. Up Time This field displays the elapsed time this port has been up. Collisions This is the number of collisions on this port. Poll Interval(s) Type the time interval for the browser to refresh system statistics.
CHAPTER 3 Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. " See the advanced menu chapters for background information on these fields. 3.
Chapter 3 Wizard Setup for Internet Access 2 Click INTERNET/WIRELESS SETUP to configure the system for Internet access and wireless connection. Figure 19 Wizard: Welcome 3 The wizard attempts to detect which WAN connection type you are using. If the wizard detects your connection type and your ISP uses PPPoE or PPPoA, go to Section 3.2.1 on page 59. The screen varies depending on the connection type you use.
Chapter 3 Wizard Setup for Internet Access Figure 21 Auto Detection: Failed 3.2.1 Automatic Detection 1 If you have a PPPoE or PPPoA connection, a screen displays prompting you to enter your Internet account information. Enter the username, password and/or service name exactly as provided. 2 Click Next and see Section 3.3 on page 64 for wireless connection wizard setup. Figure 22 Auto-Detection: PPPoE 3.2.
Chapter 3 Wizard Setup for Internet Access Figure 23 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 9 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.
Chapter 3 Wizard Setup for Internet Access Figure 24 Internet Connection with PPPoE The following table describes the fields in this screen. Table 10 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password Enter the password associated with the user name above.
Chapter 3 Wizard Setup for Internet Access Table 11 Internet Connection with RFC 1483 (continued) LABEL DESCRIPTION Next Click Next to continue to the next wizard screen. Exit Click Exit to close the wizard screen without saving your changes. Figure 26 Internet Connection with ENET ENCAP The following table describes the fields in this screen.
Chapter 3 Wizard Setup for Internet Access Figure 27 Internet Connection with PPPoA The following table describes the fields in this screen. Table 13 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes to the ZyXEL Device.
Chapter 3 Wizard Setup for Internet Access Figure 29 Connection Test Failed-2. 3.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. Figure 30 Connection Test Successful 2 Use this screen to activate the wireless LAN and OTIST. Click Next to continue.
Chapter 3 Wizard Setup for Internet Access Figure 31 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. Table 14 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Back Click Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 3 Configure your wireless settings in this screen. Click Next.
Chapter 3 Wizard Setup for Internet Access Table 15 Wireless LAN Setup Wizard 2 " LABEL DESCRIPTION Security Select Manually assign a WPA-PSK key to configure a pre-shared key (WPA-PSK). Choose this option only if your wireless clients support WPA. See Section 3.3.1 on page 66 for more information. Select Manually assign a WEP key to configure a WEP Key. See Section 3.3.2 on page 67 for more information.
Chapter 3 Wizard Setup for Internet Access Table 16 Manually assign a WPA key LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 3.3.2 Manually assign a WEP key Choose Manually assign a WEP key to setup WEP Encryption parameters. Figure 34 Manually assign a WEP key The following table describes the labels in this screen. Table 17 Manually assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data.
Chapter 3 Wizard Setup for Internet Access Figure 35 Wireless LAN Setup 3 6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. Figure 36 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features.
CHAPTER 4 Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 4.1 Introduction Bandwidth management allows you to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements. This helps keep one service from using all of the available bandwidth and shutting out other users. 4.
Chapter 4 Bandwidth Management Wizard Table 18 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.
Chapter 4 Bandwidth Management Wizard 2 Click BANDWIDTH MANAGEMENT SETUP to configure the system for Internet access and wireless connection. Figure 38 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the service requirements. Figure 39 Bandwidth Management Wizard: General Information The following fields describe the label in this screen.
Chapter 4 Bandwidth Management Wizard Figure 40 Bandwidth Management Wizard: Configuration The following table describes the labels in this screen. Table 20 Bandwidth Management Wizard: Configuration LABEL DESCRIPTION Active Select an entry’s Active check box to turn on bandwidth management for the service/ application. Service These fields display the services names.
Chapter 4 Bandwidth Management Wizard Figure 41 Bandwidth Management Wizard: Complete P-660HW-Tx v3 User’s Guide 73
Chapter 4 Bandwidth Management Wizard 74 P-660HW-Tx v3 User’s Guide
P ART II Wizard Wizard Setup for Internet Access (77) Bandwidth Management Wizard (89) 75
CHAPTER 5 Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 5.1 Introduction Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. " See the advanced menu chapters for background information on these fields. 5.
Chapter 5 Wizard Setup for Internet Access 2 Click INTERNET/WIRELESS SETUP to configure the system for Internet access and wireless connection. Figure 43 Wizard: Welcome 3 The wizard attempts to detect which WAN connection type you are using. If the wizard detects your connection type and your ISP uses PPPoE or PPPoA, go to Section 5.2.1 on page 79. The screen varies depending on the connection type you use.
Chapter 5 Wizard Setup for Internet Access Figure 45 Auto Detection: Failed 5.2.1 Automatic Detection 1 If you have a PPPoE or PPPoA connection, a screen displays prompting you to enter your Internet account information. Enter the username, password and/or service name exactly as provided. 2 Click Next and see Section 5.3 on page 84 for wireless connection wizard setup. Figure 46 Auto-Detection: PPPoE 5.2.
Chapter 5 Wizard Setup for Internet Access Figure 47 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 21 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.
Chapter 5 Wizard Setup for Internet Access Figure 48 Internet Connection with PPPoE The following table describes the fields in this screen. Table 22 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password Enter the password associated with the user name above.
Chapter 5 Wizard Setup for Internet Access Table 23 Internet Connection with RFC 1483 (continued) LABEL DESCRIPTION Next Click Next to continue to the next wizard screen. Exit Click Exit to close the wizard screen without saving your changes. Figure 50 Internet Connection with ENET ENCAP The following table describes the fields in this screen.
Chapter 5 Wizard Setup for Internet Access Figure 51 Internet Connection with PPPoA The following table describes the fields in this screen. Table 25 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes to the ZyXEL Device.
Chapter 5 Wizard Setup for Internet Access Figure 53 Connection Test Failed-2. 5.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. Figure 54 Connection Test Successful 2 Use this screen to activate the wireless LAN and OTIST. Click Next to continue.
Chapter 5 Wizard Setup for Internet Access Figure 55 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. Table 26 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Back Click Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 3 Configure your wireless settings in this screen. Click Next.
Chapter 5 Wizard Setup for Internet Access Table 27 Wireless LAN Setup Wizard 2 " LABEL DESCRIPTION Security Select Manually assign a WPA-PSK key to configure a pre-shared key (WPA-PSK). Choose this option only if your wireless clients support WPA. See Section 5.3.1 on page 86 for more information. Select Manually assign a WEP key to configure a WEP Key. See Section 5.3.2 on page 87 for more information.
Chapter 5 Wizard Setup for Internet Access Table 28 Manually assign a WPA key LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 5.3.2 Manually assign a WEP key Choose Manually assign a WEP key to setup WEP Encryption parameters. Figure 58 Manually assign a WEP key The following table describes the labels in this screen. Table 29 Manually assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data.
Chapter 5 Wizard Setup for Internet Access Figure 59 Wireless LAN Setup 3 6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. Figure 60 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features.
CHAPTER 6 Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 6.1 Introduction Bandwidth management allows you to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements. This helps keep one service from using all of the available bandwidth and shutting out other users. 6.
Chapter 6 Bandwidth Management Wizard Table 30 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.
Chapter 6 Bandwidth Management Wizard 2 Click BANDWIDTH MANAGEMENT SETUP to configure the system for Internet access and wireless connection. Figure 62 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the service requirements. Figure 63 Bandwidth Management Wizard: General Information The following fields describe the label in this screen.
Chapter 6 Bandwidth Management Wizard Figure 64 Bandwidth Management Wizard: Configuration The following table describes the labels in this screen. Table 32 Bandwidth Management Wizard: Configuration LABEL DESCRIPTION Active Select an entry’s Active check box to turn on bandwidth management for the service/ application. Service These fields display the services names.
Chapter 6 Bandwidth Management Wizard Figure 65 Bandwidth Management Wizard: Complete P-660HW-Tx v3 User’s Guide 93
Chapter 6 Bandwidth Management Wizard 94 P-660HW-Tx v3 User’s Guide
P ART III Network WAN Setup (97) LAN Setup (115) Wireless LAN (127) Network Address Translation (NAT) (147) 95
CHAPTER 7 WAN Setup This chapter describes how to configure WAN settings. 7.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 7.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods. 7.1.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol.
Chapter 7 WAN Setup 7.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The ZyXEL Device encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP) DSLAM (digital access multiplexer). Please refer to RFC 2364 for more information on PPPoA. Refer to RFC 1661 for more information on PPP. 7.1.1.
Chapter 7 WAN Setup 7.1.3.2 Scenario 2: One VC, One Protocol (IP) Selecting RFC-1483 encapsulation with VC-based multiplexing requires the least amount of overhead (0 octets). However, if there is a potential need for multiple protocol support in the future, it may be safer to select PPPoA encapsulation instead of RFC-1483, so you do not need to reconfigure either computer later. 7.1.3.
Chapter 7 WAN Setup Do not specify a nailed-up connection unless your telephone company offers flat-rate service or you need a constant connection and the cost is of no concern 7.1.7 NAT NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 7.2 Metric The metric represents the "cost of transmission".
Chapter 7 WAN Setup Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again.
Chapter 7 WAN Setup The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an VBR-nRT connection would be non-time sensitive data file transfers. 7.3.1.3 Unspecified Bit Rate (UBR) The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers.
Chapter 7 WAN Setup Figure 67 Internet Connection (PPPoE) The following table describes the labels in this screen. Table 33 Internet Connection LABEL DESCRIPTION General Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge.
Chapter 7 WAN Setup Table 33 Internet Connection (continued) LABEL DESCRIPTION Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit. Refer to the appendix for more information. VPI The valid range for the VPI is 0 to 255. Enter the VPI assigned to you. VCI The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you.
Chapter 7 WAN Setup Figure 68 Advanced Internet Connection Setup The following table describes the labels in this screen. Table 34 Advanced Internet Connection Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Management Protocol) is a network-layer protocol used to establish membership in a multicast group.
Chapter 7 WAN Setup Table 34 Advanced Internet Connection Setup (continued) LABEL DESCRIPTION Zero Configuration This feature is not applicable/available when you configure the ZyXEL Device to use a static WAN IP address or in bridge mode. Select Yes to set the ZyXEL Device to automatically detect the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and make the necessary configuration changes. Select No to disable this feature.
Chapter 7 WAN Setup Figure 69 More Connections The following table describes the labels in this screen. Table 35 More Connections LABEL DESCRIPTION # This is the index number of a connection. Active This display whether this connection is activated. Clear the check box to disable the connection. Select the check box to enable it. Name This is the descriptive name for this connection. VPI/VCI This is the VPI and VCI values used for this connection.
Chapter 7 WAN Setup Figure 70 More Connections Edit The following table describes the labels in this screen. Table 36 More Connections Edit 108 LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII characters for this connection. Mode Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Chapter 7 WAN Setup Table 36 More Connections Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE encapsulation only) Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service here.
Chapter 7 WAN Setup Table 36 More Connections Edit (continued) LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click this button to display the More Connections Advanced screen and edit more details of your WAN setup. 7.6.2 Configuring More Connections Advanced Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown.
Chapter 7 WAN Setup Table 37 More Connections Advanced Setup (continued) LABEL DESCRIPTION Sustain Cell Rate The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that can be transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec. Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak rate. Type the MBS, which is less than 65535.
Chapter 7 WAN Setup Figure 73 Traffic Redirect LAN Setup 7.8 Configuring WAN Backup To change your ZyXEL Device’s WAN backup settings, click Network > WAN > WAN Backup Setup. The screen appears as shown.
Chapter 7 WAN Setup The following table describes the labels in this screen. Table 38 WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields. Check WAN IP Address1-3 Configure this field to test your ZyXEL Device's WAN accessibility.
Chapter 7 WAN Setup 114 P-660HW-Tx v3 User’s Guide
CHAPTER 8 LAN Setup This chapter describes how to configure LAN settings. 8.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. See Section 8.3 on page 120 to configure the LAN screens. 8.1.
Chapter 8 LAN Setup 8.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. 8.1.2.
Chapter 8 LAN Setup • The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. • The ZyXEL Device acts as a DNS proxy when the Primary and Secondary DNS Server fields are left as 0.0.0.0 in the DHCP Setup screen. 8.
Chapter 8 LAN Setup You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
Chapter 8 LAN Setup 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMPv2).
Chapter 8 LAN Setup " You must enable NAT/SUA to use the Any IP feature on the ZyXEL Device. 8.2.4.1 How Any IP Works Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the ZyXEL Device) to decide which hop to use, to help forward data along to its specified destination.
Chapter 8 LAN Setup The following table describes the fields in this screen. Table 39 LAN IP LABEL DESCRIPTION TCP/IP IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given). Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
Chapter 8 LAN Setup Table 40 Advanced LAN Setup (continued) LABEL DESCRIPTION Any IP Setup Select the Active check box to enable the Any IP feature. This allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the ZyXEL Device are not in the same subnet.
Chapter 8 LAN Setup The following table describes the labels in this screen. Table 41 DHCP Setup LABEL DESCRIPTION DHCP Setup DHCP If set to Server, your ZyXEL Device can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client. If set to None, the DHCP server will be disabled. If set to Relay, the ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients.
Chapter 8 LAN Setup Figure 80 LAN Client List The following table describes the labels in this screen. Table 42 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address specified below. The IP address should be within the range of IP addresses you specified in the DHCP Setup for the DHCP client. MAC Address Enter the MAC address of a computer on your LAN. Add Click Add to add a static DHCP entry.
Chapter 8 LAN Setup When you use IP alias, you can also configure firewall rules to control access between the LAN's logical networks (subnets). " Make sure that the subnets of the logical networks do not overlap. The following figure shows a LAN divided into subnets A, B, and C. Figure 81 Physical Network & Partitioned Logical Networks To change your ZyXEL Device’s IP alias settings, click Network > LAN > IP Alias. The screen appears as shown.
Chapter 8 LAN Setup The following table describes the labels in this screen. Table 43 LAN IP Alias 126 LABEL DESCRIPTION IP Alias 1, 2 Select the check box to configure another LAN network for the ZyXEL Device. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation. Alternatively, click the right mouse button to copy and/or paste the IP address. IP Subnet Mask Your ZyXEL Device will automatically calculate the subnet mask based on the IP address that you assign.
CHAPTER 9 Wireless LAN This chapter discusses how to configure the wireless network settings in your ZyXEL Device. See the appendices for more detailed information about wireless networks. 9.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 83 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients.
Chapter 9 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the AP. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 9.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network. 9.2.1 SSID Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area.
Chapter 9 Wireless LAN • In a RADIUS server: this is a server used in businesses more than in homes. If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password.
Chapter 9 Wireless LAN When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA compatible) to support WPA as well. In this case, if some wireless clients support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the ZyXEL Device. Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption.
Chapter 9 Wireless LAN Table 45 Wireless LAN: General LABEL DESCRIPTION Network Name (SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless client is associated. Wireless clients associating to the access point (AP) must have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Chapter 9 Wireless LAN Figure 85 Wireless: No Security The following table describes the labels in this screen. Table 46 Wireless No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. 9.3.2 WEP Encryption WEP encryption scrambles the data transmitted between the wireless clients and the access points to keep network communications private. It encrypts unicast and multicast communications in a network.
Chapter 9 Wireless LAN Figure 86 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 47 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box. Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The ZyXEL Device automatically generates a WEP key. WEP Key The WEP keys are used to encrypt data.
Chapter 9 Wireless LAN Figure 87 Wireless: WPA-PSK/WPA2-PSK The following table describes the wireless LAN security labels in this screen. Table 48 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK from the drop-down list box. WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Chapter 9 Wireless LAN Table 48 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Idle Timeout (In Seconds) The ZyXEL Device automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again. Some wireless clients may prompt users for a username and password; other clients may use saved login credentials.
Chapter 9 Wireless LAN The following table describes the wireless LAN security labels in this screen. Table 49 Wireless: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the ZyXEL Device even when the ZyXEL Device is using WPA2-PSK or WPA2.
Chapter 9 Wireless LAN 9.3.5 Wireless LAN Advanced Setup To configure advanced wireless settings, click the Advanced Setup button in the General screen. The screen appears as shown. Figure 89 Advanced The following table describes the labels in this screen.
Chapter 9 Wireless LAN Table 50 Wireless LAN: Advanced LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. 9.3.6 MAC Filter To change your ZyXEL Device’s MAC filter settings, click the Edit icon in the Network > Wireless LAN screen. The screen appears as shown. Figure 90 MAC Address Filter The following table describes the labels in this menu.
Chapter 9 Wireless LAN Table 51 MAC Address Filter LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. 9.4 WiFi Protected Setup Your ZyXEL Device supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance.
Chapter 9 Wireless LAN Use the PIN method instead of the push-button configuration (PBC) method if you want to ensure that the connection is established between the devices you specify, not just the first two devices to activate WPS in range of each other. However, you need to log into the configuration interfaces of both devices to use the PIN method.
Chapter 9 Wireless LAN Figure 91 Example WPS Process: PIN Method ENROLLEE REGISTRAR WPS This device’s WPS PIN: 123456 WPS Enter WPS PIN from other device: WPS START WPS START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 9.4.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role.
Chapter 9 Wireless LAN Figure 92 How WPS works ACTIVATE WPS ACTIVATE WPS WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE SECURE TUNNEL REGISTRAR SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary. The WPS connection process is like a handshake; only two devices participate in each WPS transaction.
Chapter 9 Wireless LAN Figure 93 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO AP1 CLIENT 1 In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network. In this case, AP1 must be the registrar, since it is configured (it already has security information for the network).
Chapter 9 Wireless LAN Figure 95 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 E ION CT E NN CO G TIN XIS AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP2 9.4.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It does not work in Ad-Hoc networks (where there is no AP). • When you use WPS, it works between two devices only.
Chapter 9 Wireless LAN You can easily check to see if this has happened. WPS works between only two devices simultaneously, so if another device has enrolled your device will be unable to enroll, and will not have access to the network. If this happens, open the access point’s configuration interface and look at the list of associated clients (usually displayed by MAC address).
Chapter 9 Wireless LAN Table 52 Network > Wireless LAN > WPS LABEL Release_Con figuration DESCRIPTION This button is available when the WPS status is Configured. Click this button to remove all configured wireless and wireless security settings for WPS connections on the ZyXEL Device. Apply Click this to save your changes. Refresh Click this to update the screen. 9.
CHAPTER 10 Network Address Translation (NAT) This chapter discusses how to configure NAT on the ZyXEL Device. 10.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 10.1.
Chapter 10 Network Address Translation (NAT) 10.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Chapter 10 Network Address Translation (NAT) Figure 99 NAT Application With IP Alias 10.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the ZyXEL Device maps multiple local IP addresses to one global IP address.
Chapter 10 Network Address Translation (NAT) Table 55 NAT Mapping Types (continued) TYPE IP MAPPING Many-to-Many Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA1 ILA4ÅÆ IGA2 … Many-to-Many No Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 … Server Server 1 IPÅÆ IGA1 Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 10.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Chapter 10 Network Address Translation (NAT) The following table describes the labels in this screen. Table 56 NAT General LABEL DESCRIPTION Active Network Address Translation (NAT) Select this check box to enable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device. Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device.
Chapter 10 Network Address Translation (NAT) 10.4.1 Default Server IP Address In addition to the servers for specified services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in this screen. " If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. 10.4.
Chapter 10 Network Address Translation (NAT) Figure 101 Multiple Servers Behind NAT Example 10.5 Configuring Port Forwarding " " The Port Forwarding screen is available only when you select SUA Only in the NAT > General screen. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. Click Network > NAT > Port Forwarding to open the following screen.
Chapter 10 Network Address Translation (NAT) The following table describes the fields in this screen. Table 58 NAT Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen.
Chapter 10 Network Address Translation (NAT) The following table describes the fields in this screen. Table 59 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this check box to enable the rule. Service Name Enter a name to identify this port-forwarding rule. Start Port Enter a port number in this field. To forward only one port, enter the port number again in the End Port field. To forward a series of ports, enter the start port number here and the end port number in the End Port field.
Chapter 10 Network Address Translation (NAT) 156 P-660HW-Tx v3 User’s Guide
P ART IV Security Firewalls (159) Firewall Configuration (173) Content Filtering (195) 157
CHAPTER 11 Firewalls This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 11.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network.
Chapter 11 Firewalls 11.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data.
Chapter 11 Firewalls 11.3.1 Denial of Service Attacks Figure 104 Firewall Application 11.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks. 11.4.
Chapter 11 Firewalls 11.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 2 3 4 5 Those that exploit bugs in a TCP/IP implementation. Those that exploit weaknesses in the TCP/IP specification. Brute-force attacks that flood a network with useless data. IP Spoofing. "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of various computer and host systems.
Chapter 11 Firewalls Figure 106 SYN Flood • In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself. 7 A brute-force attack, such as a "Smurf" attack, targets a feature in the IP specification known as directed or subnet broadcasting, to quickly flood the target network with useless data.
Chapter 11 Firewalls 11.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 61 ICMP Commands That Trigger Alerts 5 REDIRECT 13 TIMESTAMP_REQUEST 14 TIMESTAMP_REPLY 17 ADDRESS_MASK_REQUEST 18 ADDRESS_MASK_REPLY 11.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
Chapter 11 Firewalls are allowed in. The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL Device’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet. In summary, stateful inspection: • Allows all sessions originating from the LAN (local network) to the WAN (Internet).
Chapter 11 Firewalls 6 Later, an inbound packet reaches the interface. This packet is part of the connection previously established with the outbound packet. The inbound packet is evaluated against the inbound access list, and is permitted because of the temporary access list entry previously created. 7 The packet is inspected by a firewall rule, and the connection's state table entry is updated as necessary.
Chapter 11 Firewalls If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the Internet. Assuming that this is an acceptable part of the security policy (as is the case with the default policy), the connection will be allowed. A cache entry is added which includes connection information such as IP addresses, TCP ports, sequence numbers, etc.
Chapter 11 Firewalls 11.6 Guidelines for Enhancing Security with Your Firewall • Change the default password via CLI (Command Line Interpreter) or web configurator. • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network.
Chapter 11 Firewalls • Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 11.7 Packet Filtering Vs Firewall Below are some comparisons between the ZyXEL Device’s filtering and firewall functions. 11.7.1 Packet Filtering: • The router filters packets as they pass through the router’s interface according to the filter rules you designed.
Chapter 11 Firewalls • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address. • The firewall performs better than filtering if you need to check many rules. • Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur.
Chapter 11 Firewalls Figure 110 “Triangle Route” Problem 11.8.2 The “Triangle Route” Solutions IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your switch supports up to three logical LAN interfaces with the switch being the gateway for each logical network. By putting your LAN and Gateway B in different subnets, all returning network traffic must pass through the switch to your LAN. The following steps describe such a scenario.
Chapter 11 Firewalls 172 P-660HW-Tx v3 User’s Guide
CHAPTER 12 Firewall Configuration This chapter shows you how to enable and configure the ZyXEL Device firewall. 12.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.CLI (Command Line Interpreter) commands provide limited configuration options and are only recommended for advanced users. 12.
Chapter 12 Firewall Configuration You may define additional rules and sets or modify existing ones but please exercise extreme caution in doing so. " If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them.
Chapter 12 Firewall Configuration 2 Does this rule stop LAN users from accessing critical resources on the Internet? For example, if IRC is blocked, are there users that require this service? 3 Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will a rule that blocks just certain users be more effective? 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowe
Chapter 12 Firewall Configuration 12.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed nonrestricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN. WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN).
Chapter 12 Firewall Configuration The following table describes the labels in this screen. Table 64 Firewall: General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Route Select this check box to have the ZyXEL Device firewall permit the use of triangle route topology on the network.
Chapter 12 Firewall Configuration Figure 113 Firewall Rules The following table describes the labels in this screen. Table 65 Firewall Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for Storage Space in Use recording firewall rules it is currently using. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
Chapter 12 Firewall Configuration Table 65 Firewall Rules (continued) LABEL DESCRIPTION Action This field displays whether the firewall silently discards packets (Drop), discards packets and sends a TCP reset packet or an ICMP destinationunreachable message to the sender (Reject) or allows the passage of packets (Permit) Schedule This field tells you whether a schedule is specified (Yes) or not (No). Log This field shows you whether a log is created when packets match this rule (Yes) or not (No).
Chapter 12 Firewall Configuration Figure 114 Firewall: Edit Rule The following table describes the labels in this screen. Table 66 Firewall: Edit Rule LABEL DESCRIPTION Edit Rule N Active 180 Select this option to enable this firewall rule.
Chapter 12 Firewall Configuration Table 66 Firewall: Edit Rule (continued) LABEL DESCRIPTION Action for Matched Packet Use the drop-down list box to select what the firewall is to do with packets that match this rule. Select Drop to silently discard the packets without sending a TCP reset packet or an ICMP destination-unreachable message to the sender.
Chapter 12 Firewall Configuration 12.6.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further information on these services, please read Section 12.8 on page 187. Click the Edit Customized Services link while editing a firewall rule to configure a custom service port. This displays the following screen. Refer to Section 11.
Chapter 12 Firewall Configuration Figure 116 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 68 Firewall: Configure Customized Services LABEL DESCRIPTION Config Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Chapter 12 Firewall Configuration Figure 117 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8. 4 Click Add to display the firewall rule configuration screen. 5 In the Edit Rule screen, click the Edit Customized Services link to open the Customized Service screen.
Chapter 12 Firewall Configuration Figure 119 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. " Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Chapter 12 Firewall Configuration Figure 120 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Chapter 12 Firewall Configuration Figure 121 Firewall Example: Rules: MyService 12.8 Predefined Services The Available Services list box in the Edit Rule screen (see Section 12.6.1 on page 179) displays all predefined services that the ZyXEL Device already supports. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP). The second field indicates the IP port number that defines the service.
Chapter 12 Firewall Configuration Table 69 Predefined Services (continued) 188 SERVICE DESCRIPTION HTTP(TCP:80) Hyper Text Transfer Protocol - a client/server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICQ(UDP:4000) This is a popular Internet chat program. IPSEC_TRANSPORT/ TUNNEL(AH:0) The IPSEC AH (Authentication Header) tunneling protocol uses this service.
Chapter 12 Firewall Configuration Table 69 Predefined Services (continued) SERVICE DESCRIPTION SSH(TCP/UDP:22) Secure Shell Remote Login Program. STRMWORKS(UDP:1558) Stream Works Protocol. SYSLOG(UDP:514) Syslog allows you to send system logs to a UNIX server. TACACS(UDP:49) Login Host Protocol used for (Terminal Access Controller Access Control System). TELNET(TCP:23) Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments.
Chapter 12 Firewall Configuration The following table describes the labels in this screen. Table 70 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING on The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both incoming LAN and WAN Ping requests. Do Not Respond to Requests for Unauthorized Services.
Chapter 12 Firewall Configuration 12.10.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "halfopen" means that the session has not reached the established state-the TCP three-way handshake has not yet been completed (see Figure 105 on page 162). For UDP, "half-open" means that the firewall has detected no return traffic.
Chapter 12 Firewall Configuration Figure 123 Firewall: Threshold The following table describes the labels in this screen. Table 71 Firewall: Threshold LABEL DESCRIPTION DEFAULT VALUES One Minute Low This is the rate of new half-open sessions that causes the firewall to stop deleting halfopen sessions. The ZyXEL Device continues to delete half-open sessions as necessary, until the rate of new connection attempts drops below this number. 80 existing half-open sessions.
Chapter 12 Firewall Configuration Table 71 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES Maximum Incomplete High This is the number of existing half-open sessions that causes the firewall to start deleting half-open sessions. When the number of existing half-open sessions rises above this number, the ZyXEL Device deletes half-open sessions as required to accommodate new connection requests. Do not set Maximum Incomplete High to lower than the current Maximum Incomplete Low number.
Chapter 12 Firewall Configuration 194 P-660HW-Tx v3 User’s Guide
CHAPTER 13 Content Filtering This chapter covers how to configure content filtering. 13.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the ZyXEL Device performs content filtering.
Chapter 13 Content Filtering Figure 124 Content Filter: Keyword The following table describes the labels in this screen. Table 72 Content Filter: Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature. Block Websites that contain these keywords in the URL: This box contains the list of all the keywords that you have configured the ZyXEL Device to block. Delete Highlight a keyword in the box and click Delete to remove it.
Chapter 13 Content Filtering Figure 125 Content Filter: Schedule The following table describes the labels in this screen. Table 73 Content Filter: Schedule LABEL DESCRIPTION Schedule Select Active Everyday to Block to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active.
Chapter 13 Content Filtering Figure 126 Content Filter: Trusted The following table describes the labels in this screen. Table 74 Content Filter: Trusted LABEL DESCRIPTION Trusted User IP Range 198 From Type the IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering. To Type the ending IP address of a specific range of users on your LAN that you want to exclude from content filtering.
P ART V Advanced Static Route (201) Bandwidth Management (205) Dynamic DNS Setup (217) Remote Management Configuration (221) Universal Plug-and-Play (UPnP) (233) 199
CHAPTER 14 Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 14.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
Chapter 14 Static Route Figure 128 Static Route The following table describes the labels in this screen. Table 75 Static Route LABEL DESCRIPTION # This is the number of an individual static route. Active Select the check box to activate this static route. Otherwise, clear the check box. Name This is the name that describes or identifies this route. Destination This parameter specifies the IP network address of the final destination. Routing is always based on network number.
Chapter 14 Static Route Figure 129 Static Route Edit The following table describes the labels in this screen. Table 76 Static Route Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number.
Chapter 14 Static Route 204 P-660HW-Tx v3 User’s Guide
CHAPTER 15 Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 15.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
Chapter 15 Bandwidth Management Figure 130 Subnet-based Bandwidth Management Example 15.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.
Chapter 15 Bandwidth Management 15.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 15.
Chapter 15 Bandwidth Management The ZyXEL Device divides up the unbudgeted 2048 kbps among the classes that require more bandwidth. If the administration department only uses 1024 kbps of the budgeted 2048 kbps, the ZyXEL Device also divides the remaining 1024 kbps among the classes that require more bandwidth. Therefore, the ZyXEL Device divides a total of 3072 kbps of unbudgeted and unused bandwidth among the classes that require more bandwidth. 15.6.2.
Chapter 15 Bandwidth Management 15.6.3 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the ZyXEL Device forwards out through an interface. Table 81 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED. High Typically used for voice traffic or video that is especially sensitive to jitter (jitter is the variations in delay).
Chapter 15 Bandwidth Management Figure 131 Bandwidth Management: Summary The following table describes the labels in this screen. Table 83 Media Bandwidth Management: Summary 210 LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.
Chapter 15 Bandwidth Management 15.9 Bandwidth Management Rule Setup You must use the Bandwidth Management Summary screen to enable bandwidth management on an interface before you can configure rules for that interface. Click Advanced > Bandwidth MGMT > Rule Setup to open the following screen. Figure 132 Bandwidth Management: Rule Setup The following table describes the labels in this screen.
Chapter 15 Bandwidth Management Table 84 Bandwidth Management: Rule Setup (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing rule. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 15.9.
Chapter 15 Bandwidth Management Table 85 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION BW Budget Specify the maximum bandwidth allowed for the rule in kbps. The recommendation is a setting between 20 kbps and 20000 kbps for an individual rule. Priority Select a priority from the drop down list box. Choose High, Mid or Low. Use All Managed Bandwidth Select this option to allow a rule to borrow unused bandwidth on the interface.
Chapter 15 Bandwidth Management Table 85 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
Chapter 15 Bandwidth Management Figure 134 Bandwidth Management: Monitor P-660HW-Tx v3 User’s Guide 215
Chapter 15 Bandwidth Management 216 P-660HW-Tx v3 User’s Guide
CHAPTER 16 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 16.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.
Chapter 16 Dynamic DNS Setup Figure 135 Dynamic DNS The following table describes the fields in this screen. Table 87 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider. Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider.
Chapter 16 Dynamic DNS Setup Table 87 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS server auto detect IP Address Select this option only when there are one or more NAT routers between the ZyXEL Device and the DDNS server. This feature has the DDNS server automatically detect and use the IP address of the NAT router that has a public IP address. Note: The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS server.
Chapter 16 Dynamic DNS Setup 220 P-660HW-Tx v3 User’s Guide
CHAPTER 17 Remote Management Configuration This chapter provides information on configuring remote management. 17.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. " When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Chapter 17 Remote Management Configuration 17.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately. • There is already another remote management session with an equal or higher priority running.
Chapter 17 Remote Management Configuration The following table describes the labels in this screen. Table 88 Remote Management: WWW LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 17 Remote Management Configuration Figure 138 Remote Management: Telnet The following table describes the labels in this screen. Table 89 Remote Management: Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 17 Remote Management Configuration Figure 139 Remote Management: FTP The following table describes the labels in this screen. Table 90 Remote Management: FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 17 Remote Management Configuration Figure 140 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
Chapter 17 Remote Management Configuration 17.6.2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 91 SNMP Traps TRAP # TRAP NAME DESCRIPTION 0 coldStart (defined in RFC-1215) A trap is sent after booting (power on). 1 warmStart (defined in RFC-1215) A trap is sent after booting (software reboot).
Chapter 17 Remote Management Configuration The following table describes the labels in this screen. Table 92 Remote Management: SNMP LABEL DESCRIPTION SNMP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 17 Remote Management Configuration Figure 142 Remote Management: DNS The following table describes the labels in this screen. Table 93 Remote Management: DNS LABEL DESCRIPTION Port The DNS service port number is 53. Access Status Select the interface(s) through which a computer may send DNS queries to the ZyXEL Device. Secured Client IP A secured client is a “trusted” computer that is allowed to send DNS queries to the ZyXEL Device.
Chapter 17 Remote Management Configuration Figure 143 Remote Management: ICMP The following table describes the labels in this screen. Table 94 Remote Management: ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
Chapter 17 Remote Management Configuration Follow the procedure below to configure your ZyXEL Device to be managed by CNM Access. See the Command Interpreter appendix for information on the command structure and how to access the CLI (Command Line Interface) on the ZyXEL Device. " In this example a.b.c.d is the IP address of CNM Access. You must change this value to reflect your actual management server IP address or domain name. See Table 95 on page 231 for detailed descriptions of the commands.
Chapter 17 Remote Management Configuration 232 P-660HW-Tx v3 User’s Guide
CHAPTER 18 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 18.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Chapter 18 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages only on the LAN. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. You must have IIS (Internet Information Services) enabled on the Windows web server for UPnP to work. 18.
Chapter 18 Universal Plug-and-Play (UPnP) Table 96 Configuring UPnP LABEL DESCRIPTION Allow UPnP to pass through Firewall Select this check box to allow traffic from UPnP-enabled applications to bypass the firewall. Clear this check box to have the firewall block all UPnP application packets (for example, MSN packets). Apply Click Apply to save the setting to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. 18.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 147 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. 18.3.2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click start and Control Panel. 2 Double-click Network Connections.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 149 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 150 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 18.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device.
Chapter 18 Universal Plug-and-Play (UPnP) Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. 18.4.1 Auto-discover Your UPnP-enabled Network Device 1 Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 152 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 154 Internet Connection Properties: Advanced Settings: Add " When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 5 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. Figure 155 System Tray Icon 6 Double-click on the icon to display your current Internet connection status.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 156 Internet Connection Status 18.4.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 157 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 158 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device.
Chapter 18 Universal Plug-and-Play (UPnP) 244 P-660HW-Tx v3 User’s Guide
P ART VI Maintenance System (247) Logs (253) Tools (271) Diagnostic (277) 245
CHAPTER 19 System Use this screen to configure the ZyXEL Device’s time and date settings. 19.1 General Setup 19.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". • In Windows 95/98 click Start, Settings, Control Panel, Network.
Chapter 19 System Figure 160 System General Setup The following table describes the labels in this screen. Table 97 System General Setup LABEL DESCRIPTION System Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Domain Name Enter the domain name (if you know it) here.
Chapter 19 System Table 97 System General Setup LABEL DESCRIPTION Old Password Type the default admin password (1234) or the existing password you use to access the system for configuring advanced features. New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the ZyXEL Device. Retype to Confirm Type the new password again for confirmation.
Chapter 19 System The following table describes the fields in this screen. Table 98 System Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server. Current Date This field displays the date of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the date with the time server.
Chapter 19 System Table 98 System Time Setting (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the second Sunday of March. Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time.
Chapter 19 System 252 P-660HW-Tx v3 User’s Guide
CHAPTER 20 Logs This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 20.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server. 20.1.
Chapter 20 Logs Figure 162 View Log The following table describes the fields in this screen. Table 99 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page. Time This field displays the time the log was recorded. Message This field states the reason for the log.
Chapter 20 Logs Figure 163 Log Settings The following table describes the fields in this screen. Table 100 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via E-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyXEL Device sends.
Chapter 20 Logs Table 100 Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full • None. If you select Weekly or Daily, specify a time of day when the E-mail should be sent. If you select Weekly, then also specify which day of the week the E-mail should be sent. If you select When Log is Full, an alert is sent when the log fills up. If you select None, no log messages are sent.
Chapter 20 Logs Figure 164 E-mail Log Example Subject: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy |forward | 09:54:17 |UDP src port:00520 dest port:00520 |<1,00> | 3|Apr 7 00 |From:192.168.1.6 To:10.10.10.
Chapter 20 Logs Table 101 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Starting Connectivity Monitor Starting Connectivity Monitor. Time initialized by Daytime Server The router got the time and date from the Daytime server. Time initialized by Time server The router got the time and date from the time server. Time initialized by NTP server The router got the time and date from the NTP server. Connect to Daytime server fail The router was not able to connect to the Daytime server.
Chapter 20 Logs Table 103 Access Control Logs (continued) LOG MESSAGE DESCRIPTION Triangle route packet forwarded: [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall allowed a triangle route session to pass through. Packet without a NAT table entry blocked: [TCP | UDP | IGMP | ESP | GRE | OSPF] The router blocked a packet that didn't have a corresponding NAT table entry.
Chapter 20 Logs Table 106 ICMP Logs LOG MESSAGE DESCRIPTION Firewall default policy: ICMP , , ICMP access matched the default policy and was blocked or forwarded according to the user's setting. For type and code details, see Table 118 on page 268. Firewall rule [NOT] match: ICMP , , , ICMP access matched (or didn’t match) a firewall rule (denoted by its number) and was blocked or forwarded according to the rule.
Chapter 20 Logs Table 109 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall. Table 110 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: Keyword blocking The content of a requested web page matched a user defined keyword. %s: Not in trusted web list The web site is not in a trusted domain, and the router blocks all traffic except trusted domain sites. %s: Forbidden Web site The web site is in the forbidden web site list.
Chapter 20 Logs Table 111 Attack Logs LOG MESSAGE DESCRIPTION attack [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack. attack ICMP (type:%d, code:%d) The firewall detected an ICMP attack. For type and code details, see Table 118 on page 268. land [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land attack. land ICMP (type:%d, code:%d) The firewall detected an ICMP land attack.
Chapter 20 Logs Table 112 IPSec Logs (continued) LOG MESSAGE DESCRIPTION Rule <%d> idle time out, disconnect The router dropped a connection that had outbound traffic and no inbound traffic for a certain time period. You can use the "ipsec timer chk_conn" CI command to set the time period. The default value is 2 minutes. WAN IP changed to The router dropped all connections with the “MyIP” configured as “0.0.0.0” when the WAN IP address changed.
Chapter 20 Logs Table 113 IKE Logs (continued) 264 LOG MESSAGE DESCRIPTION Recv IKE uses ISAKMP to transmit data. Each ISAKMP packet contains many different types of payloads. All of them show in the LOG. Refer to RFC2408 – ISAKMP for a list of all ISAKMP payload types. Recv Mode request from The router received an IKE negotiation request from the peer address specified. Send Mode request to The router started negotiation with the peer.
Chapter 20 Logs Table 113 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 1 authentication method mismatch The listed rule’s IKE phase 1 authentication method did not match between the router and the peer. Rule [%d] Phase 1 key group mismatch The listed rule’s IKE phase 1 key group did not match between the router and the peer. Rule [%d] Phase 2 protocol mismatch The listed rule’s IKE phase 2 protocol did not match between the router and the peer.
Chapter 20 Logs Table 114 PKI Logs 266 LOG MESSAGE DESCRIPTION Enrollment successful The SCEP online certificate enrollment was successful. The Destination field records the certification authority server IP address and port. Enrollment failed The SCEP online certificate enrollment failed. The Destination field records the certification authority server’s IP address and port.
Chapter 20 Logs Table 115 Certificate Path Verification Failure Reason Codes CODE DESCRIPTION 1 Algorithm mismatch between the certificate and the search constraints. 2 Key usage mismatch between the certificate and the search constraints. 3 Certificate was not valid in the time interval. 4 (Not used) 5 Certificate is not valid. 6 Certificate signature was not verified correctly. 7 Certificate was revoked by a CRL. 8 Certificate was not added to the cache. 9 Certificate decoding failed.
Chapter 20 Logs Table 116 802.1X Logs (continued) LOG MESSAGE DESCRIPTION RADIUS rejects user. Pls check RADIUS Server. A user was not authenticated by the RADIUS Server. Please check the RADIUS Server. Local User Database does not support authentication method. The local user database only supports the EAP-MD5 method. A user tried to use another authentication method and was not authenticated. User logout because of session timeout expired. The router logged out a user whose session expired.
Chapter 20 Logs Table 118 ICMP Notes (continued) TYPE CODE DESCRIPTION 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) 5 Source route failed Source Quench 4 0 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network.
Chapter 20 Logs Table 119 Syslog Logs LOG MESSAGE DESCRIPTION Mon dd hr:mm:ss hostname src="" dst="" msg="" note="" devID="" cat=" "This message is sent by the system ("RAS" displays as the system name if you haven’t configured one) when the router generates a syslog. The facility is defined in the web MAIN MENU->LOGS->Log Settings page. The severity is the log’s syslog class.
CHAPTER 21 Tools This chapter describes how to upload new firmware, manage configuration and restart your ZyXEL Device. 21.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. Only use firmware for your device’s specific model.
Chapter 21 Tools Table 121 Firmware Upgrade (continued) " LABEL DESCRIPTION Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.
Chapter 21 Tools Figure 168 Error Message 21.2 Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 169 Configuration 21.2.1 Backup Configuration Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer.
Chapter 21 Tools 21.2.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 122 Maintenance Restore Configuration " LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find it. Browse... Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 21 Tools Figure 172 Configuration Restore Error 21.2.3 Back to Factory Defaults Pressing the RESET button in this section clears all user-entered configuration information and returns the ZyXEL Device to its factory defaults. You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to the chapter about introducing the web configurator for more information on the RESET button. 21.
Chapter 21 Tools 276 P-660HW-Tx v3 User’s Guide
CHAPTER 22 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 22.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 174 Diagnostic: General The following table describes the fields in this screen. Table 123 Diagnostic: General LABEL DESCRIPTION TCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection.
Chapter 22 Diagnostic 22.2 DSL Line Diagnostic Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 175 Diagnostic: DSL Line The following table describes the fields in this screen. Table 124 Diagnostic: DSL Line LABEL DESCRIPTION ATM Status Click this button to view ATM status. ATM Loopback Test Click this button to start the ATM loopback test. Make sure you have configured at least one PVC with proper VPIs/VCIs before you begin this test.
P ART VII Troubleshooting and Specifications Troubleshooting (281) Product Specifications (285) 279
CHAPTER 23 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • • • • Power, Hardware Connections, and LEDs ZyXEL Device Access and Login Internet Access Reset the ZyXEL Device to Its Factory Defaults 23.1 Power, Hardware Connections, and LEDs V The ZyXEL Device does not turn on. None of the LEDs turn on. 1 Make sure the ZyXEL Device is turned on.
Chapter 23 Troubleshooting 23.2 ZyXEL Device Access and Login V I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Chapter 23 Troubleshooting V I can see the Login screen, but I cannot log in to the ZyXEL Device. 1 Make sure you have entered the password correctly. The default user password is user, and the default admin password is 1234. The field is case-sensitive, so make sure [Caps Lock] is not on. 2 Turn the ZyXEL Device off and on. 3 Disconnect and re-connect the power adaptor or cord to the ZyXEL Device. 4 If this does not work, you have to reset the ZyXEL Device to its factory defaults. See Section 23.
Chapter 23 Troubleshooting 2 Restart the ZyXEL Device. 3 If the problem continues, contact your ISP. 23.4 Reset the ZyXEL Device to Its Factory Defaults If you reset the ZyXEL Device, you lose all of the changes you have made. The ZyXEL Device re-loads its default settings, and the password resets to 1234. You have to make all of your changes again. V You will lose all of your changes when you push the RESET button. To reset the ZyXEL Device, 1 Make sure the POWER LED is on and not blinking.
CHAPTER 24 Product Specifications This chapter gives details about your ZyXEL Device’s hardware and firmware features. 24.1 General ZyXEL Device Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features.
Chapter 24 Product Specifications Table 126 Firmware Specifications 286 FEATURE DESCRIPTION ADSL Standards Multi-Mode standard (ANSI T1.413,Issue 2; G.dmt(G.992.1); G.lite(G992.2)). EOC in ITU-T (G992.2) ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL2+ (G.992.
Chapter 24 Product Specifications Table 126 Firmware Specifications FEATURE DESCRIPTION Firewall DoS Stateful Packet Inspection Protocol and generic filters Up to 20 Access Control List (ACL) rules between LAN and WAN Real-time E-mail alerts Reports and logs NAT/SUA Port Forwarding 2048 NAT sessions Multimedia applications PPTP under NAT/SUA SIP ALG passthrough VPN passthrough Content Filtering Web page blocking by URL keyword.
Chapter 24 Product Specifications Table 127 Standards Supported (continued) STANDARD DESCRIPTION RFC 2766 Network Address Translation - Protocol IEEE 802.11 Also known by the brand Wi-Fi, denotes a set of Wireless LAN/WLAN standards developed by working group 11 of the IEEE LAN/MAN Standards Committee (IEEE 802). IEEE 802.11b Uses the 2.4 gigahertz (GHz) band IEEE 802.11g Uses the 2.4 gigahertz (GHz) band IEEE 802.11g+ Turbo and Super G modes IEEE 802.
Chapter 24 Product Specifications 3 Do not insert the screws all the way into the wall. Leave a small gap of about 0.5 cm between the heads of the screws and the wall. 4 Make sure the screws are snugly fastened to the wall. They need to hold the weight of the ZyXEL Device with the connection cables. 5 Align the holes on the back of the ZyXEL Device with the screws on the wall. Hang the ZyXEL Device on the screws. Figure 176 Wall-mounting Example 24.2.
Chapter 24 Product Specifications 290 P-660HW-Tx v3 User’s Guide
P ART VIII Appendices and Index " The appendices provide general information. Some details may not apply to your ZyXEL Device.
APPENDIX A Setting Up Your Computer’s IP Address " Your specific ZyXEL device may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported. This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network.
Appendix A Setting Up Your Computer’s IP Address Figure 178 Windows XP: Start Menu 2 In the Control Panel, click the Network Connections icon. Figure 179 Windows XP: Control Panel 3 Right-click Local Area Connection and then select Properties.
Appendix A Setting Up Your Computer’s IP Address 4 On the General tab, select Internet Protocol (TCP/IP) and then click Properties. Figure 181 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens.
Appendix A Setting Up Your Computer’s IP Address Figure 182 Windows XP: Internet Protocol (TCP/IP) Properties 6 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix A Setting Up Your Computer’s IP Address 1 Click Start > Control Panel. Figure 183 Windows Vista: Start Menu 2 In the Control Panel, click the Network and Internet icon. Figure 184 Windows Vista: Control Panel 3 Click the Network and Sharing Center icon. Figure 185 Windows Vista: Network And Internet 4 Click Manage network connections.
Appendix A Setting Up Your Computer’s IP Address Figure 186 Windows Vista: Network and Sharing Center 5 Right-click Local Area Connection and then select Properties. Figure 187 Windows Vista: Network and Sharing Center " During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. 6 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix A Setting Up Your Computer’s IP Address Figure 188 Windows Vista: Local Area Connection Properties 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.
Appendix A Setting Up Your Computer’s IP Address Figure 189 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 8 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix A Setting Up Your Computer’s IP Address 1 Click Apple > System Preferences. Figure 190 Mac OS X 10.4: Apple Menu 2 In the System Preferences window, click the Network icon. Figure 191 Mac OS X 10.4: System Preferences 3 When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure.
Appendix A Setting Up Your Computer’s IP Address Figure 192 Mac OS X 10.4: Network Preferences 4 For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab. Figure 193 Mac OS X 10.4: Network Preferences > TCP/IP Tab. 5 For statically assigned settings, do the following: • From the Configure IPv4 list, select Manually. • In the IP Address field, type your IP address.
Appendix A Setting Up Your Computer’s IP Address • In the Subnet Mask field, type your subnet mask. • In the Router field, type the IP address of your device. Figure 194 Mac OS X 10.4: Network Preferences > Ethernet 6 Click Apply Now and close the window. Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab. Figure 195 Mac OS X 10.
Appendix A Setting Up Your Computer’s IP Address Mac OS X: 10.5 The screens in this section are from Mac OS X 10.5. 1 Click Apple > System Preferences. Figure 196 Mac OS X 10.5: Apple Menu 2 In System Preferences, click the Network icon. Figure 197 Mac OS X 10.5: Systems Preferences 3 When the Network preferences pane opens, select Ethernet from the list of available connection types.
Appendix A Setting Up Your Computer’s IP Address Figure 198 Mac OS X 10.5: Network Preferences > Ethernet 4 From the Configure list, select Using DHCP for dynamically assigned settings. 5 For statically assigned settings, do the following: • From the Configure list, select Manually. • In the IP Address field, enter your IP address. • In the Subnet Mask field, enter your subnet mask. • In the Router field, enter the IP address of your ZyXEL Device.
Appendix A Setting Up Your Computer’s IP Address Figure 199 Mac OS X 10.5: Network Preferences > Ethernet 6 Click Apply and close the window. Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab. Figure 200 Mac OS X 10.
Appendix A Setting Up Your Computer’s IP Address Linux: Ubuntu 8 (GNOME) This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default Ubuntu 8 installation. " Make sure you are logged in as the root administrator.
Appendix A Setting Up Your Computer’s IP Address 3 In the Authenticate window, enter your admin account name and password then click the Authenticate button. Figure 203 Ubuntu 8: Administrator Account Authentication 4 In the Network Settings window, select the connection that you want to configure, then click Properties. Figure 204 Ubuntu 8: Network Settings > Connections 5 The Properties dialog box opens.
Appendix A Setting Up Your Computer’s IP Address Figure 205 Ubuntu 8: Network Settings > Properties • In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address. • In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields. 6 Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen.
Appendix A Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices tab. The Interface Statistics column shows data if your connection is working properly. Figure 207 Ubuntu 8: Network Tools Linux: openSUSE 10.3 (KDE) This section shows you how to configure your computer’s TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.
Appendix A Setting Up Your Computer’s IP Address " Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in the KDE: 1 Click K Menu > Computer > Administrator Settings (YaST). Figure 208 openSUSE 10.3: K Menu > Computer Menu 2 When the Run as Root - KDE su dialog opens, enter the admin password and click OK. Figure 209 openSUSE 10.
Appendix A Setting Up Your Computer’s IP Address Figure 210 openSUSE 10.3: YaST Control Center 4 When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 211 openSUSE 10.
Appendix A Setting Up Your Computer’s IP Address Figure 212 openSUSE 10.3: Network Card Setup 6 Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. 7 Click Next to save the changes and close the Network Card Setup window.
Appendix A Setting Up Your Computer’s IP Address Figure 213 openSUSE 10.3: Network Settings 9 Click Finish to save your settings and close the window. Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information. Figure 214 openSUSE 10.3: KNetwork Manager When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly.
Appendix A Setting Up Your Computer’s IP Address Figure 215 openSUSE: Connection Status - KNetwork Manager P-660HW-Tx v3 User’s Guide 315
Appendix A Setting Up Your Computer’s IP Address 316 P-660HW-Tx v3 User’s Guide
APPENDIX B Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). " Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 217 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 218 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 220 Internet Options: Security 2 3 4 5 6 320 Click the Custom Level... button. Scroll down to Scripting.
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 221 Security Settings - Java Scripting Java Permissions 1 2 3 4 5 From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window.
Appendix B Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 224 Mozilla Firefox: Tools > Options Click Content.to show the screen below. Select the check boxes as shown in the following screen.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 324 P-660HW-Tx v3 User’s Guide
APPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix C IP Addresses and Subnetting Figure 226 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “subnetwork”. A subnet mask has 32 bits.
Appendix C IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 129 Subnet Masks BINARY DECIMAL 1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET 8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0 16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0 24-bit mask 11111111 11111111 11111111 00000000 255.255.255.
Appendix C IP Addresses and Subnetting Table 131 Alternative Subnet Mask Notation (continued) SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.192 /26 1100 0000 192 255.255.255.224 /27 1110 0000 224 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub-networks.
Appendix C IP Addresses and Subnetting Figure 228 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address.
Appendix C IP Addresses and Subnetting Table 133 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 Table 134 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1.
Appendix C IP Addresses and Subnetting Table 136 Eight Subnets (continued) SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 137 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.
Appendix C IP Addresses and Subnetting Table 138 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 14 255.255.255.252 (/30) 16384 2 15 255.255.255.254 (/31) 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Appendix C IP Addresses and Subnetting IP Address Conflicts Each device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources. The devices may also be unreachable through the network. Conflicting Computer IP Addresses Example More than one device can not use the same IP address.
Appendix C IP Addresses and Subnetting Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address. In the following example, the computer and the router’s LAN port both use 192.168.1.1 as the IP address. The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router’s LAN port.
APPENDIX D Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix D Wireless LANs Figure 233 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix D Wireless LANs Figure 234 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Appendix D Wireless LANs Figure 235 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
Appendix D Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet.
Appendix D Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
Appendix D Wireless LANs Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Appendix D Wireless LANs For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client.
Appendix D Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen.
Appendix D Wireless LANs Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA2 also uses TKIP when required for compatibility reasons, but offers stronger encryption than TKIP with Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP). TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server.
Appendix D Wireless LANs Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's builtin "Zero Configuration" wireless client. However, you must run Windows XP to use it.
Appendix D Wireless LANs 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them.
Appendix D Wireless LANs Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.
Appendix D Wireless LANs Positioning Antennas In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For omni-directional antennas mounted on a wall or ceiling, point the antenna down.
APPENDIX E Command Interpreter The following describes how to use the command interpreter. See the included disk or zyxel.com for more detailed information on these commands. 1 Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Command Syntax • • • • • The command keywords are in courier new font. Enter the command keywords exactly as shown, do not abbreviate. The required fields in a command are enclosed in angle brackets <>.
Appendix E Command Interpreter Configuring What You Want the ZyXEL Device to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyXEL Device is to record. 2 Use sys logs category to view a list of the log categories.
Appendix E Command Interpreter Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. ras> ras> ras> ras> # sys sys sys sys logs logs logs logs load category access 3 save display access .time source destination message 0|06/08/2004 05:58:21 |172.21.4.154 |224.0.1.24 BLOCK Firewall default policy: IGMP (W to W/ZW) 1|06/08/2004 05:58:20 |172.21.3.56 |239.255.255.
Appendix E Command Interpreter ARP Behavior and the ARP ackGratuitous Commands The ZyXEL Device does not accept ARP reply information if the ZyXEL Device did not send out a corresponding request. This helps prevent the ZyXEL Device from updating its ARP table with an incorrect IP address to MAC address mapping due to a spoofed ARP. An incorrect IP to MAC address mapping in the ZyXEL Device’s ARP table could cause the ZyXEL Device to send packets to the wrong device.
Appendix E Command Interpreter Figure 241 Backup Gateway Updating the ARP entries could increase the danger of spoofing attacks. It is only recommended that you turn on ackGratuitous and force update if you need it like in the previous backup gateway example. Turning on the force updates option is more dangerous than leaving it off because the ZyXEL Device updates the ARP table even when there is an existing entry.
Appendix E Command Interpreter Figure 242 Routing Command Example ras> ipsec ipsecEdit 1 ras> ipsec ipsecConfig encryKeyLen 1 ras> ipsec ipsecDisplay ---------- IPSec Setup ---------Index #= 1 Active= No Multi Pro = No Bound IKE 9999 NailUp = No Netbios = No Protocol= 0 Global SW= 0xA Name= test ControlPing = No LogControlPing = No Control ping address = 0.0.0.0 Local: Addr Type= SINGLE Port Start= 0 End= N/A IP Addr Start= 0.0.0.
APPENDIX F NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. See Appendix E on page 349 for information on the command structure. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Appendix F NetBIOS Filter Commands The filter types and their default settings are as follows. Table 143 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN and WAN This field displays whether NetBIOS packets are blocked or forwarded between the LAN and the WAN. Block IPSec Packets This field displays whether NetBIOS packets sent through a VPN connection are blocked or forwarded.
APPENDIX G Internal SPTGEN This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices.
Appendix G Internal SPTGEN " DO NOT alter or delete any field except parameters in the Input column. This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space. Some parameters are dependent on others.
Appendix G Internal SPTGEN Figure 246 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) " You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your ZyXEL Device.
Appendix G Internal SPTGEN Example Internal SPTGEN Menus This section provides example Internal SPTGEN menus. Table 144 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING FIN Field Identification Number FN Field Name PVA Parameter Values Allowed INPUT An example of what you may enter * Applies to the ZyXEL Device.
Appendix G Internal SPTGEN Table 146 Menu 3 / Menu 3.2 TCP/IP and DHCP Ethernet Setup FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Client IP Pool Starting Address = 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.0.0.0 30200005 = Secondary DNS Server = 0.0.0.0 30200006 = Remote DHCP Server = 0.0.0.0 30200008 = IP Address = 172.21.2.
Appendix G Internal SPTGEN Table 146 Menu 3 30201008 = IP Alias #1 Incoming protocol filters Set 3 = 256 30201009 = IP Alias #1 Incoming protocol filters Set 4 = 256 30201010 = IP Alias #1 Outgoing protocol filters Set 1 = 256 30201011 = IP Alias #1 Outgoing protocol filters Set 2 = 256 30201012 = IP Alias #1 Outgoing protocol filters Set 3 = 256 30201013 = IP Alias #1 Outgoing protocol filters Set 4 = 256 30201014 = IP Alias 2 <0(No) | 1(Yes)> = 0 30201015 = IP Address = 0.0.0.
Appendix G Internal SPTGEN Table 146 Menu 3 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = WEP <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)> = 0 30500007 = Default Key 30500008 = WEP Key1 = 30500009 = WEP Key2 = 30500010 = WEP Key3 = 30500011 = WEP Key4 = 30500012 = Wlan Active 30500013 = Wlan 4X Mode <1|2|3|4> = 0 <0(Disable) | 1(Enable)> = 0 <0(Disable) | 1(Enable)> = 0 */ MENU 3.5.
Appendix G Internal SPTGEN Table 147 Menu 4 Internet Access Setup (continued) 364 40000003 = ISP's Name = ChangeMe 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> = 2 40000005 = Multiplexing <1(LLC-based) | 2(VC-based) = 1 40000006 = VPI # = 0 40000007 = VCI # = 35 40000008 = Service Name = any 40000009 = My Login = test@pqa 40000010 = My Password = 1234 40000011 = Single User Account <0(No) | 1(Yes)> = 1 40000012 = IP Address
Appendix G Internal SPTGEN Table 147 Menu 4 Internet Access Setup (continued) 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nailed-up Connection <0(No) |1(Yes)> = 0 Table 148 Menu 12 / Menu 12.1.1 IP Static Route Setup FIN FN PVA INPUT 120101001 = IP Static Route set #1, Name = 120101002 = IP Static Route set #1, Active <0(No) |1(Yes)> = 0 120101003 = IP Static Route set #1, Destination IP address = 0.0.0.
Appendix G Internal SPTGEN Table 149 Menu 15 SUA Server Setup (continued) 366 150000007 = SUA Server #3 Active <0(No) | 1(Yes)> = 0 150000008 = SUA Server #3 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000009 = SUA Server #3 Port Start = 0 150000010 = SUA Server #3 Port End = 0 150000011 = SUA Server #3 Local IP address = 0.0.0.
Appendix G Internal SPTGEN Table 149 Menu 15 SUA Server Setup (continued) 150000041 = SUA Server #9 Local IP address 150000042 = SUA Server #10 Active = 0.0.0.0 <0(No) | 1(Yes)> = 0 <0(All)|6(TCP)|17(U DP)> = 0 150000043 = SUA Server #10 Protocol 150000044 = SUA Server #10 Port Start = 0 150000045 = SUA Server #10 Port End = 0 150000046 = SUA Server #10 Local IP address = 0.0.0.
Appendix G Internal SPTGEN Table 150 Menu 21.1 Filter Set #1 (continued) 210101011 = IP Filter Set 1,Rule 1 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0 210101013 = IP Filter Set 1,Rule 1 Act Match <1(check next)|2(forward)| 3(drop)> = 3 210101014 = IP Filter Set 1,Rule 1 Act Not Match <1(check next)|2(forward)| 3(drop)> = 1 / Menu 21.1.1.
Appendix G Internal SPTGEN Table 151 Menu 21.1 Filer Set #2 (continued) 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/ IP)> = 2 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> = 1 210201003 = IP Filter Set 2, Rule 1 Protocol = 6 210201004 = IP Filter Set 2, Rule 1 Dest IP address = 0.0.0.
Appendix G Internal SPTGEN Table 151 Menu 21.1 Filer Set #2 (continued) 210202010 = IP Filter Set 2,Rule 2 Src Port = 0 210202011 = IP Filter Set 2, Rule 2 Src Port Comp <0(none)|1(equal)| 2(not equal)|3(less)|4(g reater)> = 0 210202013 = IP Filter Set 2, Rule 2 Act Match <1(check next)|2(forward)|3 (drop)> = 3 210202014 = IP Filter Set 2, Rule 2 Act Not Match <1(check next)|2(forward)|3 (drop)> = 1 PVA INPUT Table 152 Menu 23 System Menus */ Menu 23.
Appendix G Internal SPTGEN Table 152 Menu 23 System Menus (continued) 230400003 = Idle Timeout (in second) = 999 230400004 = Authentication Databases <0(Local User Database Only) |1(RADIUS Only) |2(Local,RADIUS) |3(RADIUS,Local)> = 1 230400005 = Key Management Protocol <0(8021x) |1(WPA) |2(WPAPSK)> = 0 230400006 = Dynamic WEP Key Exchange <0(Disable) |1(64bit WEP) |2(128-bit WEP)> = 0 230400007 = PSK 230400008 = WPA Mixed Mode 230400009 = Data Privacy for Broadcast/ Multicast packets 23
Appendix G Internal SPTGEN Command Examples The following are example Internal SPTGEN screens associated with the ZyXEL Device’s command interpreter commands. Table 154 Command Examples FIN FN PVA INPUT /ci command (for annex a): wan adsl opencmd FIN FN PVA INPUT 990000001 = ADSL OPMD <0(glite)|1(t1.
APPENDIX H Legal Information Copyright Copyright © 2008 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix H Legal Information This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
Appendix H Legal Information Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Appendix H Legal Information 376 P-660HW-Tx v3 User’s Guide
APPENDIX I Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional offices are listed below (see also http:// www.zyxel.com/web/contact_us.php). Please have the following information ready when you contact an office. Required Information • • • • Product model and serial number. Warranty Information.
Appendix I Customer Support • Address: 1005F, ShengGao International Tower, No.137 XianXia Rd., Shanghai • Web: http://www.zyxel.cn Costa Rica • • • • • • Support E-mail: soporte@zyxel.co.cr Sales E-mail: sales@zyxel.co.cr Telephone: +506-2017878 Fax: +506-2015098 Web: www.zyxel.co.cr Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa Rica Czech Republic • • • • • E-mail: info@cz.zyxel.com Telephone: +420-241-091-350 Fax: +420-241-091-359 Web: www.zyxel.
Appendix I Customer Support Germany • • • • • • Support E-mail: support@zyxel.de Sales E-mail: sales@zyxel.de Telephone: +49-2405-6909-69 Fax: +49-2405-6909-99 Web: www.zyxel.de Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen, Germany Hungary • • • • • • Support E-mail: support@zyxel.hu Sales E-mail: info@zyxel.hu Telephone: +36-1-3361649 Fax: +36-1-3259100 Web: www.zyxel.hu Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str.
Appendix I Customer Support Malaysia • • • • • • Support E-mail: support@zyxel.com.my Sales E-mail: sales@zyxel.com.my Telephone: +603-8076-9933 Fax: +603-8076-9833 Web: http://www.zyxel.com.my Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • • • • • • • Support E-mail: support@zyxel.com Support Telephone: +1-800-978-7222 Sales E-mail: sales@zyxel.
Appendix I Customer Support Singapore • • • • • • Support E-mail: support@zyxel.com.sg Sales E-mail: sales@zyxel.com.sg Telephone: +65-6899-6678 Fax: +65-6899-8887 Web: http://www.zyxel.com.sg Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • • • • • • Support E-mail: support@zyxel.es Sales E-mail: sales@zyxel.es Telephone: +34-902-195-420 Fax: +34-913-005-345 Web: www.zyxel.
Appendix I Customer Support Turkey • • • • • Support E-mail: cso@zyxel.com.tr Telephone: +90 212 222 55 22 Fax: +90-212-220-2526 Web: http:www.zyxel.com.tr Address: Kaptanpasa Mahallesi Piyalepasa Bulvari Ortadogu Plaza N:14/13 K:6 Okmeydani/Sisli Istanbul/Turkey Ukraine • • • • • • Support E-mail: support@ua.zyxel.com Sales E-mail: sales@ua.zyxel.com Telephone: +380-44-247-69-78 Fax: +380-44-494-49-32 Web: www.ua.zyxel.com Regular Mail: ZyXEL Ukraine, 13, Pimonenko Str.
Index Index Numerics B 802.
Index activation 196 keywords 195 schedule 196 trusted computers 197 copyright 373 CTS (Clear to Send) 338 customer support 377 customized services, firewalls 182 D date setup 249 default server, NAT 154 Denials of Service, see DoS DHCP 38, 116 setup 122 diagnostic 277 ATM status 278 DSL line 278 disclaimer 373 DNS 116 remote management 228 Domain Name System, see DNS domain name, system 247, 248 DoS 161 half-open sessions 191 IP spoofing 162 LAND attacks 162, 163 Ping of Death 162 Smurf attacks 163 SYN a
Index stateful inspection 160 UDP security 167 firmware 271 fragmentation threshold 137, 338 FTP 33 FTP, remote management 224 full feature, NAT 151 G get community 228 global, NAT 147 guidelines, firewalls 168 H half-open sessions 191 TCP maximum incomplete 191 hidden node 337 I IANA 332 IBSS 335 ICMP 113, 164, 189 remote management 229 security 167 IEEE 802.
Index setup 126 MAC address 124 multicast 118, 121 NetBIOS 122 RIP 118, 121 TCP/IP 121 LAND attacks 162, 163 LEDs 41 limitations remote management 222 WPS 144 LLC-based, multiplexing 98 local, NAT 147 login 46 logs 253 e-mail 255 example 256 firewalls 181 schedule 256 setup 254 syslog 256 M MAC address 124, 128 filter 39, 128, 131, 138 activation 138 managing the device good habits 35 using FTP. See FTP. using SPTGEN. See SPTGEN. using the web configurator. See web configurator. using TR-069. See TR-069.
Index IP address 104 MBS 101, 105 metric 100 MTU 106 multicast 105 multiplexing 98 nailed-up connection 99, 104 PCR 100, 105 RIP 105 SCR 101, 105 setup 102 traffic redirect 111, 113 traffic shaping 100 VCI 99, 104 virtual circuit 104 VPI 99, 104 zero configuration 102, 106 WLAN 127 802.
Index rules bandwidth control 211 firewalls 173, 179 example 183 S safety warnings 6 schedule content filtering 196 firewalls 181 logs 256 scheduler 206, 210 SCR 101, 105 security content filtering 195 activation 196 schedule 196 trusted computers 197 firewalls 159, 160, 169 action 175, 177 activation 177 alerts 176, 181 anti-probing 189 application-level 160 customized services 182 DoS 161 guidelines 168 half-open sessions 191 ICMP 164, 189 ICMP security 167 IP spoofing 164 LAN attacks 162 LAND attacks 1
Index subnet-based bandwidth control 205 subnetting 328 Sustained Cell Rate, see SCR SYN attacks 162 syntax conventions 4 syslog 256 system 247 alerts 253 configuration backup 273 factory defaults 275 restore 274 diagnostic 277 DSL line 278 domain name 247, 248 firmware 271 login 46 logs 253 e-mail 255 example 256 schedule 256 name 247, 248 password 46, 56, 248 reset 48 restart 275 setup 247 status 50 Any IP 53 bandwidth control 54 packet statistics 54 WLAN 53 syslog 256 time/date 249 System Parameter Tabl
Index encapsulation 97, 103 ENET ENCAP 97 example 98 PPPoA 98 PPPoE 97 RFC 1483 98 ICMP 113 IGMP 105 IP address 99, 104 MBS 101, 105 metric 100 MTU 106 multicast 105 multiplexing 98 example 98 nailed-up connection 99, 104 NAT 100 PCR 100, 105 RIP 105 SCR 101, 105 setup 102 traffic redirect 111 activation 113 traffic shaping 100 classes 101 VCI 99, 104 virtual circuit 104 VPI 99, 104 zero configuration 102, 106 warranty 375 note 375 web configurator 33, 45 login 46 password 46, 56 wizard 49, 57, 77 bandwidt
Index X XBOX Live 70, 90 Z zero configuration 36, 102, 106 P-660HW-Tx v3 User’s Guide 391
Index 392 P-660HW-Tx v3 User’s Guide
