P-660HN-T1H 802.11n Wireless ADSL2+ 4-port Gateway Default Login Details IP Address http://192.168.1.1 Password 1234 Firmware Version 3.40 Edition 2, 8/2010 www.zyxel.com www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
About This User's Guide • Download Library Search for the latest product updates and documentation from this link. Read the Tech Doc Overview to find out how to efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in order to better understand how to use your product. • Knowledge Base If you have a specific question about your product, the answer may be here. This is a collection of answers to previously asked questions about ZyXEL products.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The P-660HN-T1H may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.
Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device. • Do NOT open the device or unit.
Safety Warnings 8 P-660HN-T1H User’s Guide
Contents Overview Contents Overview User’s Guide ........................................................................................................................... 19 Introduction ................................................................................................................................ 21 The Web Configurator ............................................................................................................... 27 Status Screens .......................................
Contents Overview 10 P-660HN-T1H User’s Guide
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 5 Safety Warnings........................................................................................................................ 7 Contents Overview .......................................................
Table of Contents Chapter 4 Tutorials ................................................................................................................................... 37 4.1 Overview .............................................................................................................................. 37 4.2 Setting Up a Secure Wireless Network ............................................................................... 37 4.2.1 Configuring the Wireless Network Settings .......................
Table of Contents 6.4.4 IP Address Assignment .............................................................................................. 83 6.4.5 Nailed-Up Connection (PPP) ..................................................................................... 84 6.4.6 NAT ............................................................................................................................ 84 6.5 Traffic Shaping .......................................................................................
Table of Contents 8.6 The WDS Screen ................................................................................................................115 8.7 The Scheduling Screen ......................................................................................................117 8.8 Wireless LAN Technical Reference ....................................................................................118 8.8.1 Wireless Network Overview .....................................................................
Table of Contents 11.2 The URL Filter Screen .................................................................................................... 154 11.3 The Application Filter Screen ........................................................................................... 155 11.4 The IP/MAC Filter Screen ................................................................................................ 156 Chapter 12 Static Route ..........................................................................
Table of Contents 16.1.2 What You Need to Know About Remote Management .......................................... 180 16.2 The WWW Screen ........................................................................................................... 181 16.2.1 Configuring the WWW Screen ............................................................................... 181 16.3 The Telnet Screen ........................................................................................................... 182 16.
Table of Contents 21.3 The Configuration Screen ................................................................................................ 222 21.4 The Restart Screen ......................................................................................................... 225 Chapter 22 Diagnostic.............................................................................................................................. 227 22.1 Overview .............................................................
Table of Contents 18 P-660HN-T1H User’s Guide
P ART I User’s Guide 19
CHAPTER 1 Introduction 1.1 Overview The P-660HN-T1H is an ADSL2+ router. By integrating DSL and NAT, you are provided with ease of installation and high-speed, shared Internet access. The P660HN-T1H is also a complete security solution with a robust firewall and content filtering. Please refer to the following description of the product name format. • “H” denotes an integrated 4-port hub (switch). • “N” denotes 802.11n draft 2.0. The “N” models support 802.11n wireless connection mode.
Chapter 1 Introduction • TR-069. This is an auto-configuration server used to remotely configure your device. 1.3 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters. • Write down the password and put it in a safe place.
Chapter 1 Introduction You can also configure firewall and filtering feature on the ZyXEL Device for secure Internet access. When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files. Use the filtering feaure to block access to specific web sites or Internet applications such as MSN or Yahoo Messanger.
Chapter 1 Introduction 1.5 LEDs (Lights) The following graphic displays the labels of the LEDs. Figure 2 LEDs None of the LEDs are on if the ZyXEL Device is not receiving power. Table 1 LED Descriptions LED COLOR STATUS DESCRIPTION Green On The ZyXEL Device is receiving power and ready for use. Blinking The ZyXEL Device is self-testing. On The ZyXEL Device detected an error while self-testing, or there is a device malfunction. Off The ZyXEL Device is not receiving power.
Chapter 1 Introduction Table 1 LED Descriptions LED COLOR STATUS DESCRIPTION Green On The ZyXEL Device has an IP connection but no traffic. Your device has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up. (INTERNET) Red Blinking The ZyXEL Device is sending or receiving IP traffic. On The ZyXEL Device attempted to make an IP connection but failed.
Chapter 1 Introduction 26 P-660HN-T1H User’s Guide
CHAPTER 2 The Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.
Chapter 2 The Web Configurator 4 A password screen displays. To access the administrative web configurator and manage the ZyXEL Device, type the admin password (1234 by default) in the password screen and click Login. Click Cancel to revert to the default user password in the password field. If you have changed the password, enter your password and click Login. Figure 3 Password Screen 5 The following screen displays if you have not yet changed your password.
Chapter 2 The Web Configurator 6 Select Go to Wizard setup and click Apply to display the wizard main screen. Otherwise, select Go to Advanced setup and click Apply to display the Status screen. Figure 5 Replace Factory Default Certificate Screen Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. 2.
Chapter 2 The Web Configurator As illustrated above, the main screen is divided into these parts: • A - title bar • B - navigation panel • C - main window • D - status bar 2.2.1 Title Bar The title bar provides some icons in the upper right corner. The icons provide the following functions. Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Wizards: Click this icon to go to the configuration wizards. See Chapter 5 on page 57 for more information.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary LINK Wireless LAN NAT TAB FUNCTION AP Use this screen to configure the wireless LAN settings and WLAN authentication/security settings. More AP Use this screen to configure multiple BSSs on the ZyXEL Device. WPS Use this screen to configure and view your WPS (Wi-Fi Protected Setup) settings. WPS Station Use this screen to set up a WPS wireless network.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary LINK UPnP TAB FUNCTION SNMP Use this screen to configure through which interface(s) and from which IP address(es) users can access the SNMP agent on the ZyXEL Device. DNS Use this screen to configure through which interface(s) and from which IP address(es) users can send DNS queries to the ZyXEL Device.
CHAPTER 3 Status Screens 3.1 Overview Use the Status screens to look at the current status of the device, system resources, and interfaces (LAN and WAN). The Status screen also provides detailed information from DHCP and statistics from bandwidth management, and traffic. 3.2 The Status Screen Use this screen to view the status of the ZyXEL Device. Click Status to open this screen.
Chapter 3 Status Screens Each field is described in the following table. Table 4 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the ZyXEL Device to update this screen. Apply Click this to update this screen immediately. Device Information Host Name This field displays the ZyXEL Device system name. It is used for identification. Model Number This is the model name of your device.
Chapter 3 Status Screens Table 4 Status Screen LABEL DESCRIPTION Channel This is the channel number used by the ZyXEL Device now. Security This displays the type of security mode the ZyXEL Device is using in the wireless LAN. WPS This displays whether WPS is activated. Click this to go to the screen where you can configure the settings. Status This displays whether WLAN is activated. Security Firewall This displays whether or not the ZyXEL Device’s firewall is activated.
Chapter 3 Status Screens Table 4 Status Screen LABEL DESCRIPTION Status This field indicates whether or not the ZyXEL Device is using the interface. For the DSL interface, this field displays Down (line is down), Up (line is up or connected) if you're using Ethernet encapsulation and Down (line is down), Up (line is up or connected), Idle (line (ppp) idle), Dial (starting to trigger a call) and Drop (dropping a call) if you're using PPPoE encapsulation.
CHAPTER 4 Tutorials 4.1 Overview This chapter shows you how to use the ZyXEL Device’s various features. • Setting Up a Secure Wireless Network, see page 37 • Configuring the MAC Address Filter, see page 45 • Configuring Static Route for Routing to Another Network, see page 47 • Multiple Public and Private IP Address Mappings, see page 50 • Multiple WAN Connections Example, see page 53 4.
Chapter 4 Tutorials 4.2.1 Configuring the Wireless Network Settings This example uses the following parameters to set up a wireless network. 38 SSID Example Security Mode WPA-PSK Pre-Shared Key DoNotStealMyWirelessNetwork 802.11 Mode 802.11b+g+n 1 Click Network > Wireless LAN to open the AP screen. Configure the screen using the provided parameters (see page 38). Click Apply. 2 Click the Advanced Setup button and select 802.11b+g+n in the 802.11 Mode field. Click Apply.
Chapter 4 Tutorials Thomas can now use the WPS feature to establish a wireless connection between his notebook and the ZyXEL Device (see Section 4.2.2 on page 39). He can also use the notebook’s wireless client to search for the ZyXEL Device (see Section 4.2.3 on page 44). 4.2.2 Using WPS This section shows you how to set up a wireless network using WPS. It uses the ZyXEL Device as the AP and ZyXEL NWD210N as the wireless client which connects to the notebook.
Chapter 4 Tutorials 4 Push and hold the WPS button located on the ZyXEL Device’s rear panel for more than 5 seconds. Alternatively, you may log into ZyXEL Device’s web configurator and click the Push Button in the Network > Wireless LAN > WPS Station screen. Note: Your ZyXEL Device has a WPS button located on its rear panel as well as a WPS button in its configuration utility. Both buttons have exactly the same function: you can use one or the other. Note: It doesn’t matter which button is pressed first.
Chapter 4 Tutorials The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both ZyXEL Device and wireless client.
Chapter 4 Tutorials PIN Configuration When you use the PIN configuration method, you need to use both the ZyXEL Device’s web configurator and the wireless client’s utility. 1 Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number. 2 Enter the PIN number in the PIN field in the Network > Wireless LAN > WPS Station screen on the ZyXEL Device.
Chapter 4 Tutorials The following figure shows you how to set up a wireless network and its security on a ZyXEL Device and a wireless client by using PIN method.
Chapter 4 Tutorials 4.2.3 Without WPS Use the wireless adapter’s utility installed on the notebook to search for the “Example” SSID. Then enter the “DoNotStealMyWirelessNetwork” pre-shared key to establish an wireless Internet connection. Note: The ZyXEL Device supports IEEE 802.11b and IEEE 802.11g wireless clients. Make sure that your notebook or computer’s wireless adapter supports one of these standards. 4.2.
Chapter 4 Tutorials 2 Configure the screen as follows. Turn on the wireless network from Mondays to Fridays between 18:00 and 23:30. Turn on the wireless network all day on Saturdays and Sundays. Click Apply. 4.3 Configuring the MAC Address Filter Thomas noticed that his daughter Josephine spends too much time surfing the web and downloading media files. He decided to prevent Josephine from accessing the Internet so that she can concentrate on preparing for her final exams.
Chapter 4 Tutorials 46 1 Click Network > LAN > Client List to open the following screen. Look for the MAC address of Josephine’s computer. 2 Click Network > Wireless LAN to open the AP screen. Click the Edit button in the MAC Filter field.
Chapter 4 Tutorials 3 Select Active MAC Filter and Deny Filter Action. Enter the MAC address you found in the Client List screen. Click Apply. Josephine will no longer be able to access the Internet through the ZyXEL Device. 4.4 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the ZyXEL Device’s LAN. The router may be used to separate two department networks.
Chapter 4 Tutorials network), the traffic is sent to the ZyXEL Device’s WAN default gateway by default. In this case, B will never receive the traffic. N1 A R N2 B You need to specify a static routing rule on the ZyXEL Device to specify R as the router in charge of forwarding traffic to N2. In this case, the ZyXEL Device routes traffic from A to R and then R routes the traffic to B.
Chapter 4 Tutorials Table 5 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS R’s N2 192.168.10.2 B 192.168.10.33 To configure a static route to route traffic from N1 to N2: 1 Log into the ZyXEL Device’s Web Configurator in advanced mode. 2 Click Advanced > Static Route. 3 Click Edit on a new rule in the Static Route screen. 4 Configure the Static Route Setup screen using the following settings: 4a Type 192.168.10.0 and subnet mask 255.255.255.0 for the destination, N2. 4b Type 192.
Chapter 4 Tutorials 4.5 Multiple Public and Private IP Address Mappings If your ISP gives you more than one static IP address for your Internet access, you can map each IP address for a specific service. This tutorial assumes you are given two static public IP addresses. You want to map them to two servers A and B. IP-1 IP-2 A B C This tutorial uses the following example settings: Table 6 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS The ZyXEL Device’s WAN 172.16.1.253 (IP-1) 172.16.1.
Chapter 4 Tutorials 4.5.1 Full Feature NAT + Many-to-Many No Overload Mapping Use this setting if your applications can use random public IP addresses and the applications are initiated from the Intranet computers (A and B). For example, VoIP application. See Section 4.5.2 on page 52 if it is not. IP-1 1 2 A B C To configure this: 1 Click Network > NAT. 2 Select Active Network Address Translation(NAT) and Full Feature in the General screen. Click Apply.
Chapter 4 Tutorials • Global IP addresses: 172.16.1.253 ~ 172.16.1.254 Then click Apply. 4.5.2 Full Feature NAT + One-to-One Mapping Use this setting if your applications must use fixed public IP addresses and the applications can be initiated either from the Intranet computers (A and B) or the Internet computer (C). For example, gaming application. IP-1 A B C To configure this setting: 52 1 Click Network > NAT.
Chapter 4 Tutorials 3 Click the Address Mapping tab, click the Edit icon on a new rule. 4 Configure two rules for the one-to-one mappings: • Rule 1 (This maps the public IP address 172.16.1.253 to the private IP address 192.168.1.2) Type: One-to-One Local Start IP: 192.168.1.2 Global Start IP: 172.16.1.253 • Rule 2 (This maps the public IP address 172.16.1.254 to the private IP address 192.168.1.3) Type: One-to-One Local Start IP: 192.168.1.3 Global Start IP: 172.16.1.
Chapter 4 Tutorials In Figure 8, three WAN connections are configured over the ADSL line: • The connection with VPI/VCI, 0/33, is dedicated for Media-On-Demand (MOD) service. • The connection with VPI/VCI, 0/34, is dedicated for VoIP service. • The connection with VPI/VCI, 0/35, is dedicated for general data transmission.
P ART II Technical Reference 55
CHAPTER 5 Internet and Wireless Setup Wizard 5.1 Overview Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields. 5.2 Internet Access Wizard Setup 1 After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to go to the wizards.
Chapter 5 Internet and Wireless Setup Wizard 2 Click INTERNET/WIRELESS SETUP to configure the system for Internet access and wireless connection. Figure 10 Wizard Welcome 3 Your ZyXEL device attempts to detect your DSL connection and your connection type. 3a The following screen appears if a connection is not detected. Check your hardware connections and click Restart the INTERNET/WIRELESS SETUP Wizard to return to the wizard welcome screen.
Chapter 5 Internet and Wireless Setup Wizard 3b The following screen displays if a PPPoE or PPPoA connection is detected. Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Then click Next and see Section 5.3 on page 66 for wireless connection wizard setup. Figure 12 Auto-Detection: PPPoE 3c The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 5.2.
Chapter 5 Internet and Wireless Setup Wizard 5.2.1 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen exactly as your service provider gave it to you. Leave the defaults in any fields for which you were not given information. Figure 14 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen.
Chapter 5 Internet and Wireless Setup Wizard Table 7 Internet Access Wizard Setup: ISP Parameters 2 LABEL DESCRIPTION Multiplexing Select the multiplexing method used by your ISP from the Multiplex drop-down list box either VC-based or LLC-based. Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit. Refer to the appendix for more information. VPI Enter the VPI assigned to you. This field may already be configured.
Chapter 5 Internet and Wireless Setup Wizard The following table describes the fields in this screen. Table 8 LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password Enter the password associated with the user name above. Service Name Type the name of your PPPoE service here. Back Click this to return to the previous screen without saving.
Chapter 5 Internet and Wireless Setup Wizard The following table describes the fields in this screen. Table 9 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field. Back Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving.
Chapter 5 Internet and Wireless Setup Wizard The following table describes the fields in this screen. Table 10 Internet Connection with ENET ENCAP LABEL DESCRIPTION Obtain an IP A static IP address is a fixed IP that your ISP gives you. A dynamic IP Address address is not fixed; the ISP assigns you a different one each time you Automatically connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address.
Chapter 5 Internet and Wireless Setup Wizard The following table describes the fields in this screen. Table 11 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving.
Chapter 5 Internet and Wireless Setup Wizard 5.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. Figure 21 Connection Test Successful 2 Use this screen to activate the wireless LAN. Click Next to continue. Figure 22 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen.
Chapter 5 Internet and Wireless Setup Wizard Table 12 Wireless LAN Setup Wizard 1 3 LABEL DESCRIPTION Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. Configure your wireless settings in this screen. Click Next. Figure 23 Wireless LAN The following table describes the labels in this screen.
Chapter 5 Internet and Wireless Setup Wizard Table 13 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. Note: The wireless stations and ZyXEL Device must use the same SSID, channel ID and WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) for wireless communication. 4 This screen varies depending on the security mode you selected in the previous screen.
Chapter 5 Internet and Wireless Setup Wizard 5.3.2 Manually Assign a WEP Key Choose Manually assign a WEP key to setup WEP Encryption parameters. Figure 25 Manually Assign a WEP key The following table describes the labels in this screen. Table 15 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission.
Chapter 5 Internet and Wireless Setup Wizard 6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. Note: No wireless LAN settings display if you chose not to configure wireless LAN settings. Figure 27 Internet Access and WLAN Wizard Setup Complete 7 70 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning.
CHAPTER 6 WAN Setup 6.1 Overview This chapter describes how to configure WAN settings from the WAN screens. Use these screens to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations. Figure 28 LAN and WAN LAN WAN 6.1.
Chapter 6 WAN Setup they should also provide a username and password (and service name) for user authentication. WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the ZyXEL Device tries to access the Internet.
Chapter 6 WAN Setup 6.2 The Internet Access Setup Screen Use this screen to change your ZyXEL Device’s WAN settings. Click Network > WAN > Internet Access Setup. The screen differs by the WAN type and encapsulation you select. Figure 29 Network > WAN >Internet Access Setup (PPPoE) The following table describes the labels in this screen. Table 16 Network > WAN > Internet Access Setup LABEL DESCRIPTION Line ADSL Mode Select the mode supported by your ISP.
Chapter 6 WAN Setup Table 16 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION General Mode Select Routing (default) from the drop-down list box if your ISP gives you one IP address only and you want multiple computers to share an Internet account. Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly.
Chapter 6 WAN Setup Table 16 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Connection (PPPoA and PPPoE encapsulation only) Keep Alive Select Keep Alive when you want your connection up all the time. The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field.
Chapter 6 WAN Setup The following table describes the labels in this screen. Table 17 Network > WAN > Internet Access Setup: Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup This section is not available when you configure the ZyXEL Device to be in bridge mode. RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet.
Chapter 6 WAN Setup Table 17 Network > WAN > Internet Access Setup: Advanced Setup (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 6.3 The More Connections Screen The ZyXEL Device allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network > WAN > More Connections. The screen differs by the encapsulation you select.
Chapter 6 WAN Setup Table 18 Network > WAN > More Connections (continued) LABEL DESCRIPTION Modify The first (ISP) connection is read-only in this screen. Use the WAN > Internet Access Setup screen to edit it. Click the Edit icon to edit the Internet connection settings. Click this icon on an empty configuration to add a new Internet access setup. Click the Remove icon to delete the Internet access setup from your connection list. Apply Click this to save your changes.
Chapter 6 WAN Setup The following table describes the labels in this screen. Table 19 Network > WAN > More Connections: Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII characters for this connection. Mode Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Chapter 6 WAN Setup Table 19 Network > WAN > More Connections: Edit (continued) LABEL ENET ENCAP Gateway DESCRIPTION This option is available if you select ENET ENCAP in the Encapsulation field. Specify a gateway IP address (supplied by your ISP). Connection Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. The ZyXEL Device will try to bring up the connection automatically if it is disconnected.
Chapter 6 WAN Setup The following table describes the labels in this screen. Table 20 Network > WAN > More Connections: Edit: Advanced Setup LABEL DESCRIPTION ATM QoS ATM QoS Type Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail.
Chapter 6 WAN Setup 6.4.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol. IP packets are routed between the Ethernet interface and the WAN interface and then formatted so that they can be understood in a bridged environment. For instance, it encapsulates routed Ethernet frames into bridged ATM cells. ENET ENCAP requires that you specify a gateway IP address in the Gateway IP Address field in the wizard or WAN screen.
Chapter 6 WAN Setup method assumes that each protocol is carried over a separate ATM virtual circuit (VC-based multiplexing). Please refer to RFC 1483 for more detailed information. 6.4.2 Multiplexing There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the multiplexing method required by your ISP. VC-based Multiplexing In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc.
Chapter 6 WAN Setup IP Assignment with RFC 1483 Encapsulation In this case the IP address assignment must be static. IP Assignment with ENET ENCAP Encapsulation In this case you can have either a static or dynamic IP. For a static IP you must fill in all the IP Address and Gateway IP Address fields as supplied by your ISP.
Chapter 6 WAN Setup Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again.
Chapter 6 WAN Setup The VBR-RT (real-time Variable Bit Rate) type is used with bursty connections that require closely controlled delay and delay variation. It also provides a fixed amount of bandwidth (a PCR is specified) but is only available when data is being sent. An example of an VBR-RT connection would be video conferencing. Video conferencing requires real-time data transfers and the bandwidth requirement varies in proportion to the video image's changing dynamics.
CHAPTER 7 LAN Setup 7.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses. LAN DSL 7.1.1 What You Can Do in the LAN Screens • Use the LAN IP screen (Section 7.2 on page 89) to set the LAN IP address and subnet mask of your ZyXEL device.
Chapter 7 LAN Setup 7.1.2 What You Need To Know About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet Mask Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Chapter 7 LAN Setup Finding Out More See Section 7.6 on page 95 for technical background information on LANs. 7.1.3 Before You Begin Find out the MAC addresses of your network devices if you intend to add them to the DHCP Client List screen. 7.2 The LAN IP Screen Use this screen to set the Local Area Network IP address and subnet mask of your ZyXEL Device. Click Network > LAN to open the IP screen. Follow these steps to configure your LAN settings. 1 Enter an IP address into the IP Address field.
Chapter 7 LAN Setup The following table describes the fields in this screen. Table 21 Network > LAN > IP LABEL DESCRIPTION IP Address Enter the LAN IP address you want to assign to your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Chapter 7 LAN Setup 7.3 The DHCP Setup Screen Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Click Network > DHCP Setup to open this screen. Figure 37 Network > LAN > DHCP Setup The following table describes the labels in this screen.
Chapter 7 LAN Setup Table 23 Network > LAN > DHCP Setup LABEL DESCRIPTION DNS Servers Assigned by DHCP Server The ZyXEL Device passes a DNS (Domain Name System) server IP address to the DHCP clients. Primary / Secondary DNS Server Enter the IP address of your primary/secondary DNS server. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 7.
Chapter 7 LAN Setup Table 24 Network > LAN > Client List LABEL DESCRIPTION # This is the index number of the static IP table entry (row). Status This field displays whether the client is connected to the ZyXEL Device. Host Name This field displays the computer host name. IP Address This field displays the IP address relative to the # field listed above.
Chapter 7 LAN Setup The following figure shows a LAN divided into subnets A, B, and C. Figure 39 Physical Network & Partitioned Logical Networks A: 192.168.1.1 - 192.168.1.24 Ethernet Interface B: 192.168.2.1 - 192.168.2.24 C: 192.168.3.1 - 192.168.3.24 7.5.1 Configuring the LAN IP Alias Screen Use this screen to change your ZyXEL Device’s IP alias settings. Click Network > LAN > IP Alias to open the following screen.
Chapter 7 LAN Setup Table 25 Network > LAN > IP Alias LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the ZyXEL Device will broadcast its routing table periodically.
Chapter 7 LAN Setup 7.6.1 LANs, WANs and the ZyXEL Device The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 41 LAN and WAN IP Addresses LAN WAN 7.6.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server.
Chapter 7 LAN Setup • The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. • Some ISPs choose to disseminate the DNS server addresses using the DNS server extensions of IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation.
Chapter 7 LAN Setup address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems.
Chapter 7 LAN Setup probably adequate for most networks, unless you have an unusual network topology. Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. 7.6.6 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network).
Chapter 7 LAN Setup 100 P-660HN-T1H User’s Guide
CHAPTER 8 Wireless LAN 8.1 Overview This chapter describes how to perform tasks related to setting up and optimizing your wireless network, including the following. • Turning the wireless connection on or off. • Configuring a name, wireless channel and security for the network. • Using WiFi Protected Setup (WPS) to configure your wireless network. • Setting up multiple wireless networks. • Using a MAC (Media Access Control) address filter to restrict access to the wireless network.
Chapter 8 Wireless LAN You don’t necessarily need to use all these screens to set up your wireless connection. For example, you may just want to set up a network name, a wireless radio channel and security in the AP screen. 8.1.2 What You Need to Know About Wireless Wireless Basics “Wireless” is essentially radio communication. In the same way that walkie-talkie radios send and receive information over the airwaves, wireless networking devices exchange information with one another.
Chapter 8 Wireless LAN • What wireless standards do the other wireless devices in your network support (IEEE 802.11g, for example)? What is the most appropriate standard to use? • What security options do the other wireless devices in your network support (WPA-PSK, for example)? What is the strongest security option supported by all the devices in your network? • Do the other wireless devices in your network support WPS (Wi-Fi Protected Setup)? If so, you can set up a well-secured network very easily.
Chapter 8 Wireless LAN The following table describes the labels in this screen. Table 26 Network > Wireless LAN > AP LABEL DESCRIPTION Wireless Setup Enable Wireless LAN Click the check box to activate wireless LAN. Channel Selection Set the operating channel manually by selecting a channel from the Channel Selection list or use Auto Channel Select to have it automatically configured.
Chapter 8 Wireless LAN Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 43 Network > Wireless LAN > AP: No Security The following table describes the labels in this screen. Table 27 Network > Wireless LAN > AP: No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. 8.2.2 WEP Encryption Use this screen to configure and enable WEP encryption.
Chapter 8 Wireless LAN The following table describes the wireless LAN security labels in this screen. Table 28 Network > Wireless LAN > AP: Static WEP LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box. Passphrase Enter a passphrase (up to 32 printable characters) and click Generate. The ZyXEL Device automatically generates a WEP key. WEP Key The WEP key is used to encrypt data.
Chapter 8 Wireless LAN 8.2.4 WPA(2) Authentication Use this screen to configure and enable WPA or WPA2 authentication. Click the Wireless LAN link under Network to display the AP screen. Select WPA, WPA2 or WPAMixed from the Security Mode list. Figure 46 Network > Wireless LAN > AP: WPA(2) The following table describes the wireless LAN security labels in this screen. Table 30 Network > Wireless LAN > AP: WPA(2) LABEL DESCRIPTION Security Mode Choose WPA or WPA2 from the drop-down list box.
Chapter 8 Wireless LAN Table 30 Network > Wireless LAN > AP: WPA(2) LABEL DESCRIPTION Authentication Server IP Address Enter the IP address of the external authentication server in dotted decimal notation. Port Number Enter the port number of the external authentication server. You need not change this value unless your network administrator instructs you to do so with additional information.
Chapter 8 Wireless LAN Table 31 Network > Wireless LAN > AP: Advanced Setup LABEL DESCRIPTION Output Power Set the output power of the ZyXEL Device. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs. Select one of the following: 100%, 75%, 50% or 25%. Preamble Select a preamble type from the drop-down list menu. Choices are Long or Short. See the Appendix D on page 293 for more information. 802.11 Mode Select 802.
Chapter 8 Wireless LAN 8.2.6 MAC Filter Use this screen to change your ZyXEL Device’s MAC filter settings. Click the Edit button in the AP screen. The screen appears as shown. Figure 48 Network > Wireless LAN > AP: MAC Address Filter The following table describes the labels in this screen. Table 32 Network > Wireless LAN > AP: MAC Address Filter LABEL DESCRIPTION Active MAC Filter Select the check box to enable MAC address filtering.
Chapter 8 Wireless LAN Table 32 Network > Wireless LAN > AP: MAC Address Filter LABEL DESCRIPTION Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 8.3 The More AP Screen This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the ZyXEL Device. Click Network > Wireless LAN > More AP. The following screen displays.
Chapter 8 Wireless LAN Table 33 Network > Wireless LAN > More AP LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 8.3.1 More AP Edit Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the More AP screen. The following screen displays. Figure 50 Network > Wireless LAN > More AP: Edit The following table describes the fields in this screen.
Chapter 8 Wireless LAN Table 34 Network > Wireless LAN > More AP: Edit LABEL DESCRIPTION QoS Select this check box to activate Quality of Service (QoS). Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 8.4 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your ZyXEL Device.
Chapter 8 Wireless LAN Table 35 Network > Wireless LAN > WPS LABEL DESCRIPTION PIN Number This shows the PIN (Personal Identification Number) of the ZyXEL Device. Enter this PIN in the configuration utility of the device you want to connect to using WPS. The PIN is not necessary when you use WPS push-button method. Generate WPS Status Click this to have the ZyXEL Device create a new PIN.
Chapter 8 Wireless LAN The following table describes the labels in this screen. Table 36 Network > Wireless LAN > WPS Station LABEL DESCRIPTION Push Button Click this to add another WPS-enabled wireless device (within wireless range of the ZyXEL Device) to your wireless network. This button may either be a physical button on the outside of device, or a menu button similar to the Push Button on this screen.
Chapter 8 Wireless LAN Click Network > Wireless LAN > WDS. The following screen displays. Figure 53 Network > Wireless LAN > WDS The following table describes the labels in this screen. Table 37 Network > Wireless LAN > WDS LABEL DESCRIPTION WDS Security Select the type of the key used to encrypt data between APs. All the wireless APs (including the ZyXEL Device) must use the same preshared key for data transmission.
Chapter 8 Wireless LAN 8.7 The Scheduling Screen Use the wireless LAN scheduling to configure the days you want to enable or disable the wireless LAN. Click Network > Wireless LAN > Scheduling. The following screen displays. Figure 54 Network > Wireless LAN > Scheduling The following table describes the labels in this screen. Table 38 Network > Wireless LAN > QoS LABEL DESCRIPTION Enable Wireless LAN Scheduling Select this box to activate wireless LAN scheduling on your ZyXEL Device.
Chapter 8 Wireless LAN 8.8 Wireless LAN Technical Reference This section discusses wireless LANs in depth. For more information, see the appendix. 8.8.1 Wireless Network Overview Wireless networks consist of wireless clients, access points and bridges. • A wireless client is a radio connected to a user’s computer. • An access point is a radio with a wired connection to a network, which can connect with numerous wireless clients and let them access the network.
Chapter 8 Wireless LAN The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your ZyXEL Device is the AP. Every wireless network must follow these basic guidelines. • Every device in the same wireless network must use the same SSID. The SSID is the name of the wireless network. It stands for Service Set IDentifier.
Chapter 8 Wireless LAN 8.8.2 Additional Wireless Terms The following table describes some wireless network terms and acronyms used in the ZyXEL Device’s Web Configurator. Table 39 Additional Wireless Terms TERM DESCRIPTION RTS/CTS Threshold In a wireless network which covers a large area, wireless devices are sometimes not aware of each other’s presence. This may cause them to send information to the AP at the same time and result in information colliding and not getting through.
Chapter 8 Wireless LAN These security standards vary in effectiveness. Some can be broken, such as the old Wired Equivalent Protocol (WEP). Using WEP is better than using no security at all, but it will not keep a determined attacker out. Other security standards are secure in themselves but can be broken if a user does not use them properly.
Chapter 8 Wireless LAN You can use the MAC address filter to tell the ZyXEL Device which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security). If a device is not allowed to use the wireless network, it does not matter if it has the correct information. This type of security does not protect the information that is sent in the wireless network.
Chapter 8 Wireless LAN For example, if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users do not log in to the wireless network, you can choose no encryption, Static WEP, WPA-PSK, or WPA2-PSK. Usually, you should set up the strongest encryption that every device in the wireless network supports. For example, suppose you have a wireless network with the ZyXEL Device and you do not have a RADIUS server. Therefore, there is no authentication.
Chapter 8 Wireless LAN and communicate with each other. When Intra-BSS traffic blocking is enabled, wireless station A and B can still access the wired network but cannot communicate with each other. Figure 56 Basic Service set 8.8.6 MBSSID Traditionally, you need to use different APs to configure different Basic Service Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference.
Chapter 8 Wireless LAN 8.8.7 Wireless Distribution System (WDS) The ZyXEL Device can act as a wireless network bridge and establish WDS (Wireless Distribution System) links with other APs. You need to know the MAC addresses of the APs you want to link to. Once the security settings of peer sides match one another, the connection between devices is made. At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details.
Chapter 8 Wireless LAN 8.8.8.1 Push Button Configuration WPS Push Button Configuration (PBC) is initiated by pressing a button on each WPS-enabled device, and allowing them to connect automatically. You do not need to enter any information. Not every WPS-enabled device has a physical WPS button. Some may have a WPS PBC button in their configuration utilities instead of or in addition to the physical button. Take the following steps to set up WPS using the button.
Chapter 8 Wireless LAN Take the following steps to set up a WPS connection between an access point or wireless router (referred to here as the AP) and a client device using the PIN method. 1 Ensure WPS is enabled on both devices. 2 Access the WPS section of the AP’s configuration interface. See the device’s User’s Guide for how to do this.
Chapter 8 Wireless LAN The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. Figure 58 Example WPS Process: PIN Method ENROLLEE REGISTRAR WPS This device’s WPS PIN: 123456 WPS Enter WPS PIN from other device: WPS START WPS START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 8.8.8.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role.
Chapter 8 Wireless LAN The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. Figure 59 How WPS works ACTIVATE WPS ACTIVATE WPS WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary.
Chapter 8 Wireless LAN 8.8.8.4 Example WPS Network Setup This section shows how security settings are distributed in an example WPS setup. The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information.
Chapter 8 Wireless LAN point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. Figure 62 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 E N TIO EC N ON GC N I T XIS AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP2 8.8.8.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate).
Chapter 8 Wireless LAN • When you use the PBC method, there is a short period (from the moment you press the button on one device to the moment you press the button on the other device) when any WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a possible way for a hacker to gain access to a network. You can easily check to see if this has happened.
CHAPTER 9 Network Address Translation (NAT) 9.1 Overview This chapter discusses how to configure NAT on the ZyXEL Device. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 9.1.1 What You Can Do in the NAT Screens • Use the NAT General Setup screen (Section 9.2 on page 135) to configure the NAT setup settings.
Chapter 9 Network Address Translation (NAT) NAT In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Chapter 9 Network Address Translation (NAT) 9.2 The NAT General Setup Screen Use this screen to activate NAT. Click Network > NAT to open the following screen. Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. Figure 63 Network > NAT > General The following table describes the labels in this screen.
Chapter 9 Network Address Translation (NAT) Table 41 Network > NAT > General (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 9.3 The Port Forwarding Screen Note: This screen is available only when you select SUA only in the NAT > General screen. Use this screen to forward incoming service requests to the server(s) on your local network.
Chapter 9 Network Address Translation (NAT) Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 64 Multiple Servers Behind NAT Example A=192.168.1.
Chapter 9 Network Address Translation (NAT) The following table describes the fields in this screen. Table 42 Network > NAT > Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen.
Chapter 9 Network Address Translation (NAT) 9.3.2 The Port Forwarding Rule Edit Screen Use this screen to edit a port forwarding rule. Click the rule’s edit icon in the Port Forwarding screen to display the screen shown next. Figure 66 Network > NAT > Port Forwarding: Edit The following table describes the fields in this screen. Table 43 Network > NAT > Port Forwarding: Edit LABEL DESCRIPTION Rule Setup Active Click this check box to enable the rule.
Chapter 9 Network Address Translation (NAT) Table 43 Network > NAT > Port Forwarding: Edit (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 9.4 The Address Mapping Screen Note: The Address Mapping screen is available only when you select Full Feature in the NAT > General screen. Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify.
Chapter 9 Network Address Translation (NAT) The following table describes the fields in this screen. Table 44 Network > NAT > Address Mapping LABEL DESCRIPTION # This is the rule index number. Local Start IP This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for Server port mapping. Local End IP This is the end Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.
Chapter 9 Network Address Translation (NAT) 9.4.1 The Address Mapping Rule Edit Screen Use this screen to edit an address mapping rule. Click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 68 Network > NAT > Address Mapping: Edit The following table describes the fields in this screen. Table 45 Network > NAT > Address Mapping: Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following.
Chapter 9 Network Address Translation (NAT) Table 45 Network > NAT > Address Mapping: Edit (continued) LABEL DESCRIPTION Global End IP This is the ending global IP address (IGA). This field is N/A for One-toOne, Many-to-One and Server mapping types. Server Mapping Set Click this link to go to the Port Forwarding screen to edit a port forwarding set that you have selected in the Server Mapping Set field. Edit Details Back Click this to return to the previous screen without saving.
Chapter 9 Network Address Translation (NAT) 9.6 NAT Technical Reference This chapter contains more information regarding NAT. 9.6.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Chapter 9 Network Address Translation (NAT) outside world. If you do not define any servers (for Many-to-One and Many-toMany Overload mapping – see Table 48 on page 147), NAT offers the additional benefit of firewall protection. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT). 9.6.
Chapter 9 Network Address Translation (NAT) 9.6.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Figure 71 NAT Application With IP Alias 9.6.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address.
Chapter 9 Network Address Translation (NAT) Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types.
Chapter 9 Network Address Translation (NAT) 148 P-660HN-T1H User’s Guide
CHAPTER 10 Firewall 10.1 Overview This chapter shows you how to enable the ZyXEL Device firewall. Use the firewall to protect your ZyXEL Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: • allows traffic that originates from your LAN computers to go to all other networks. • blocks traffic that originates on other networks from going to the LAN. • blocks SYN and port scanner attacks.
Chapter 10 Firewall device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks. DDoS A DDoS attack is one in which multiple compromised systems attack a single target, thereby causing denial of service for users of the targeted system. LAND Attack In a LAND attack, hackers flood SYN packets into the network with a spoofed source IP address of the target system.
Chapter 10 Firewall 10.2 The Firewall Screen Use this screen to enable firewall and/or SPI. Click Advanced Setup > Firewall to display the following screen. Figure 72 Advanced Setup > Firewall The following table describes the labels in this screen. Table 49 Advanced > Firewall LABEL DESCRIPTION Firewall Use this field to enable or disable firewall on your ZyXEL Device. SPI Use this field to enable or disable SPI on your ZyXEL Device. SAVE Click this to save your changes.
Chapter 10 Firewall 152 P-660HN-T1H User’s Guide
CHAPTER 11 Filters 11.1 Overview This chapter introduces three types of filters supported by the ZyXEL Device. You can configure rules to restrict traffic by IP addresses, MAC addresses, application types and/or URLs. 11.1.1 What You Can Do in the Filter Screens • Use the URL Filter screen (Section 11.2 on page 154) to block access to web sites. • Use the Application Filter screen (Section 11.3 on page 155) to allow or deny traffic from certain types of applications.
Chapter 11 Filters 11.2 The URL Filter Screen Use this screen to block websites by URL. Click Security > Filter > URL Filter. The screen appears as shown. Figure 73 Security > Filter > URL Filter The following table describes the labels in this screen. Table 50 Access Management > Filter (URL) LABEL DESCRIPTION URL Filter Editing Active Use this field to enable or disable the URL filter. URL Index Select the index number of the filter. URL Enter the URL for the ZyXEL Device to block.
Chapter 11 Filters 11.3 The Application Filter Screen Use this screen to allow or deny traffic for certain types of applications. The application filter provides a convenient way to manage the use of various applications on the network. Click Security > Filter > Application Filter. The screen appears as shown. Figure 74 Security > Filter > Application Filter The following table describes the labels in this screen.
Chapter 11 Filters 11.4 The IP/MAC Filter Screen Use this screen to create and apply IP/MAC filters. Click Security > Filter > IP/ MAC Filter. The screen appears as shown. Figure 75 Security > Filter > IP/MAC Filter The following table describes the labels in this screen. Table 52 Access Management > Filter (IP/MAC) LABEL DESCRIPTION IP/MAC Filter Set Editing IP/MAC Filter Set Index Select the index number of the filter set. Interface Select the PVC to which to apply the filter.
Chapter 11 Filters Table 52 Access Management > Filter (IP/MAC) (continued) LABEL DESCRIPTION Rule Type Select IP or MAC type to configure the rule. Use the IP Filter to block traffic by IP addresses. Use the MAC Filter to block traffic by MAC address. Active Use this field to enable or disable the rule. Source IP Address Enter the source IP address of the packets you wish to filter. This field is ignored if it is 0.0.0.0.
Chapter 11 Filters Table 52 Access Management > Filter (IP/MAC) (continued) 158 LABEL DESCRIPTION DELETE Click this to remove the filter rule. CANCEL Click this to restore your previously saved settings.
CHAPTER 12 Static Route 12.1 Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the ZyXEL Device’s LAN interface. The ZyXEL Device routes most traffic from A to the Internet through the ZyXEL Device’s default gateway (R1).
Chapter 12 Static Route 12.1.1 What You Can Do in the Static Route Screens Use the Static Route screens (Section 12.2 on page 160) to view and configure IP static routes on the ZyXEL Device. 12.2 The Static Route Screen Use this screen to view the static route rules. Click Advanced > Static Route to open the Static Route screen. Figure 77 Advanced > Static Route The following table describes the labels in this screen.
Chapter 12 Static Route Table 53 Advanced > Static Route LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can set up a static route on the ZyXEL Device. Click the Remove icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 12.2.
Chapter 12 Static Route 162 P-660HN-T1H User’s Guide
CHAPTER 13 802.1Q/1P 13.1 Overview This chapter describes how to configure the 802.1Q/1P settings. A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks. A VLAN group can be treated as an individual device. Each group can have its own rules about where and how to forward traffic. You can assign any ports on the ZyXEL Device to a VLAN group and configure the settings for the group.
Chapter 13 802.1Q/1P IEEE 802.1Q Tagged VLAN Tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the device on which they were created. The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process the frame across the network. PVC A virtual circuit is a logical point-to-point circuit between customer sites.
Chapter 13 802.1Q/1P Note: If the WAN interface in the VLAN group is not the default router, you need to create a static route to communicate with the WAN. Figure 80 Advanced > 802.1Q/1P > Group Setting The following table describes the labels in this screen. Table 55 Advanced > 802.1Q/1P > Group Setting LABEL DESCRIPTION 802.1Q/1P Active Select this check box to activate the 802.1P/1Q feature. Summary # This field displays the index number of the VLAN group.
Chapter 13 802.1Q/1P 13.2.1 Editing 802.1Q/1P Group Setting Use this screen to configure the settings for each VLAN group. In the 802.1Q/1P screen, click the Edit button from the Modify filed to display the following screen. Figure 81 Advanced > 802.1Q/1P > Group Setting > Edit The following table describes the labels in this screen. Table 56 Advanced > 802.1Q/1P > Group Setting > Edit LABEL DESCRIPTION Active Select this check box to activate the group setting.
Chapter 13 802.1Q/1P Table 56 Advanced > 802.1Q/1P > Group Setting > Edit (continued) LABEL DESCRIPTION Tx Tag Select Tx Tagging if you want the port to tag all outgoing traffic trasmitted through this VLAN. You select this if you want to create VLANs across different devices and not just the ZyXEL Device. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 13.3 The 802.
Chapter 13 802.1Q/1P The following table describes the labels in this screen. Table 57 Advanced > 802.1Q/1P > Port Setting 168 LABEL DESCRIPTION Ports This field displays the types of ports available to join the VLAN group. 802.1Q PVID Assign a VLAN ID for the port. The valid VID range is between 1 and 4094. The ZyXEL Device assigns the PVID to untagged frames or priority-tagged frames received on this port. Apply Click this to save your changes.
CHAPTER 14 Quality of Service (QoS) 14.1 Overview Use the QoS screen to set up your ZyXEL Device to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth. QoS allows the ZyXEL Device to group and prioritize application traffic and fine-tune network performance. Without QoS, all traffic data are equally likely to be dropped when the network is congested.
Chapter 14 Quality of Service (QoS) these two classes are assigned priority queue based on the internal QoS mapping table on the ZyXEL Device. Figure 83 QoS Example VoIP: Queue 6 DSL 50 Mbps Boss: Queue 5 IP=192.168.1.23 14.1.1 What You Can Do in the QoS Screens • Use the QoS screen (Section 14.2 on page 171) to configure QoS settings on the ZyXEL Device. • Use the QoS Settings Summary screen (Section 14.2.1 on page 173) to check the summary of QoS rules and actions you configured for the ZyXEL Device.
Chapter 14 Quality of Service (QoS) 14.2 The QoS Screen Use this screen to enable or disable QoS and have the ZyXEL Device assign priority levels to traffic according to the port range, IEEE 802.1p priority level and/ or IP precedence. Click Advanced Setup > QoS to open the screen as shown next.
Chapter 14 Quality of Service (QoS) The following table describes the labels in this screen. Table 58 Advanced Setup > QoS LABEL DESCRIPTION Quality of Service QoS Use this field to turn on QoS to improve your network performance. You can give priority to traffic that the ZyXEL Device forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly.
Chapter 14 Quality of Service (QoS) Table 58 Advanced Setup > QoS LABEL DESCRIPTION Type of Service Select a type of service from the drop-down list box. DSCP Range Specify a DSCP number between 0 and 63 in this field. 802.1p Select a priority level (0 to 7) from the drop-down list box. Available options are: Normal service, Minimize delay, Maximize throughput, Maximize reliability and Minimize monetary cost.
Chapter 14 Quality of Service (QoS) The following table describes the labels in this screen. Table 59 Advanced Setup > QoS > QoS Settings Summary LABEL DESCRIPTION Rules # This is the rule’s index number. Active This shows whether the rule is enabled or disabled. Physical Ports This is the physical port associated with the rule. Destination MAC and IP/Mask Port Ranges This is the port range for destination MAC address and IP address.
Chapter 14 Quality of Service (QoS) Table 60 IEEE 802.1p Priority Level and Traffic Type PRIORITY LEVEL TRAFFIC TYPE Level 5 Typically used for video that consumes high bandwidth and is sensitive to jitter. Level 4 Typically used for controlled load, latency-sensitive traffic such as SNA (Systems Network Architecture) transactions. Level 3 Typically used for “excellent effort” or better than best effort and would include important business traffic that can tolerate some delay.
Chapter 14 Quality of Service (QoS) Table 61 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3 PRIORITY QUEUE IEEE 802.
CHAPTER 15 Dynamic DNS Setup 15.1 Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CUSeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Chapter 15 Dynamic DNS Setup 15.2 The Dynamic DNS Screen Use this screen to change your ZyXEL Device’s DDNS. Click Advanced > Dynamic DNS. The screen appears as shown. Figure 86 Advanced > Dynamic DNS The following table describes the fields in this screen. Table 62 Advanced > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider.
CHAPTER 16 Remote Management 16.1 Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. The following figure shows remote management of the ZyXEL Device coming in from the WAN. Figure 87 Remote Management From the WAN LAN WAN HTTP Telnet Note: When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Chapter 16 Remote Management when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows. 1 Telnet 2 HTTP 16.1.1 What You Can Do in the Remote Management Screens • Use the WWW screen (Section 16.2 on page 181) to configure through which interface(s) and from which IP address(es) users can use HTTP to manage the ZyXEL Device. • Use the Telnet screen (Section 16.
Chapter 16 Remote Management Remote Management and NAT When NAT is enabled: • Use the ZyXEL Device’s WAN IP address when configuring from the WAN. • Use the ZyXEL Device’s LAN IP address when configuring from the LAN. System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period.
Chapter 16 Remote Management The following table describes the labels in this screen. Table 63 Advanced > Remote Management > WWW LABEL DESCRIPTION Server Port You may change the server port number for a service, if needed. However, you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 16 Remote Management The following table describes the labels in this screen. Table 64 Advanced > Remote Management > Telnet LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 16 Remote Management The following table describes the labels in this screen. Table 65 Advanced > Remote MGMT > FTP LABEL DESCRIPTION Server Port You may change the server port number for a service, if needed. However, you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 16 Remote Management An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
Chapter 16 Remote Management Table 66 Advanced > Remote MGMT > SNMP (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 16.6 The DNS Screen Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 7 on page 87 for background information.
Chapter 16 Remote Management 16.7 The ICMP Screen To change your ZyXEL Device’s security settings, click Advanced > Remote MGMT > ICMP. The screen appears as shown. If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent.
Chapter 16 Remote Management 188 P-660HN-T1H User’s Guide
CHAPTER 17 Universal Plug-and-Play (UPnP) 17.1 Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use. 17.1.
Chapter 17 Universal Plug-and-Play (UPnP) Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the NAT chapter for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments.
Chapter 17 Universal Plug-and-Play (UPnP) 17.2 The UPnP Screen Use the following screen to configure the UPnP settings on your ZyXEL Device. Click Advanced > UPnP to display the screen shown next. See Section 17.1 on page 189 for more information. Figure 95 Advanced > UPnP > General The following table describes the fields in this screen. Table 69 Advanced > UPnP > General LABEL DESCRIPTION Active the Universal Plug and Play (UPnP) Feature Select this check box to activate UPnP.
Chapter 17 Universal Plug-and-Play (UPnP) 17.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel. Double-click Add/Remove Programs. 2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details.
Chapter 17 Universal Plug-and-Play (UPnP) 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections.
Chapter 17 Universal Plug-and-Play (UPnP) 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details.
Chapter 17 Universal Plug-and-Play (UPnP) 5 In the Networking Services window, select the Universal Plug and Play check box. Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 17.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device.
Chapter 17 Universal Plug-and-Play (UPnP) 2 Right-click the icon and select Properties. Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
Chapter 17 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Chapter 17 Universal Plug-and-Play (UPnP) 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first.
Chapter 17 Universal Plug-and-Play (UPnP) 3 Select My Network Places under Other Places. Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network.
Chapter 17 Universal Plug-and-Play (UPnP) 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device.
CHAPTER 18 CWMP 18.1 Overview The ZyXEL Device supports TR-069 Amendment 1 (CPE WAN Management Protocol Release 2.0) and TR-069 Amendment 2 (CPE WAN Management Protocol v1.1, Release 3.0). TR-069 is a protocol that defines how your ZyXEL Device (ZD) can be managed via a management server (MS) such as ZyXEL’s Vantage Access.
Chapter 18 CWMP 18.2 The CWMP Setup Screen Use this screen to configure your ZyXEL Device to be managed by a management server. Click Advanced> CWMP to display the following screen. Figure 97 Advanced > CWMP The following table describes the fields in this screen. Table 70 Advanced > CWMP LINK DESCRIPTION CWMP Setup 202 CWMP Select Activated to allow the ZyXEL Device to be managed by a management server or select Deactivated to not allow the ZyXEL Device to be managed by a management server.
Chapter 18 CWMP Table 70 Advanced > CWMP (continued) LINK DESCRIPTION Password The password is used to authenticate the ZyXEL Device when making a connection to the management server. This password on the management server and the ZyXEL Device must be the same. Type a password of up to 255 printable characters found on an English-language keyboard. Connection Request Use this part of the screen to allow the management server to connect to the ZyXEL Device after a successful login.
Chapter 18 CWMP 204 P-660HN-T1H User’s Guide
CHAPTER 19 System Settings 19.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 19.1.1 What You Can Do in the System Settings Screens • Use the General screen (Section 19.2 on page 205) to configure system settings. • Use the Time and Date screen (Section 19.3 on page 206) to set the system time. 19.2 The General Screen Use this screen to configure system admin password.
Chapter 19 System Settings The following table describes the labels in this screen. Table 71 Maintenance > System > General LABEL DESCRIPTION Password Admin Password Old Password Type the default password or the existing password you use to access the system in this field. New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type.
Chapter 19 System Settings The following table describes the fields in this screen. Table 72 Maintenance > System > Time and Date LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server. Current Date This field displays the date of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the date with the time server.
Chapter 19 System Settings Table 72 Maintenance > System > Time and Date (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the second Sunday of March. Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time.
CHAPTER 20 Logs 20.1 Overview This chapter contains information about viewing the ZyXEL Device’s logs. The web configurator allows you to choose which types of events and/or alerts to have the ZyXEL Device log and then display the logs. 20.1.1 What You Need To Know About Logs Alerts An alert is a message that is enabled as soon as the event occurs. They include system errors, attacks (access control) and attempted access to blocked web sites.
Chapter 20 Logs Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many e-mails being sent. Figure 100 Maintenance > System Logs The following table describes the fields in this screen. Table 73 Maintenance > Logs > Log Settings LABEL DESCRIPTION System Log 210 Log Type Select the types of logs that you want to display and record. Then click Submit to display the details.
Chapter 20 Logs 20.3 Log Descriptions This section provides descriptions of example log messages. Table 74 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server. Time calibration failed The router failed to get information from the time server. WAN interface gets IP: %s A WAN interface got a new IP address from the DHCP, PPPoE, or dial-up server.
Chapter 20 Logs Table 74 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Successful HTTPS login Someone has logged on to the router's web configurator interface using HTTPS protocol. HTTPS login failed Someone has failed to log on to the router's web configurator interface using HTTPS protocol. Table 75 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max.
Chapter 20 Logs Table 77 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was under a SYN flood attack (the TCP incomplete count is per destination host.) Exceed TCP MAX incomplete, sent TCP RST The router sent a TCP reset packet when the number of TCP incomplete connections exceeded the user configured threshold. (the TCP incomplete count is per destination host.
Chapter 20 Logs For type and code details, see Table 87 on page 217. Table 79 ICMP Logs LOG MESSAGE DESCRIPTION Firewall default policy: ICMP , , ICMP access matched the default policy and was blocked or forwarded according to the user's setting. Firewall rule [NOT] match: ICMP , , , ICMP access matched (or didn’t match) a firewall rule (denoted by its number) and was blocked or forwarded according to the rule.
Chapter 20 Logs Table 81 PPP Logs (continued) LOG MESSAGE DESCRIPTION ppp:LCP Closing The PPP connection’s Link Control Protocol stage is closing. ppp:IPCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing. Table 82 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall. Table 83 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: block keyword The content of a requested web page matched a user defined keyword.
Chapter 20 Logs Table 84 Attack Logs (continued) LOG MESSAGE DESCRIPTION NetBIOS TCP The firewall detected a TCP NetBIOS attack. ip spoofing - no routing entry [ TCP | UDP | IGMP | ESP | GRE | OSPF ] The firewall classified a packet with no source routing entry as an IP spoofing attack. ip spoofing - no routing entry ICMP (type:%d, code:%d) The firewall classified an ICMP packet with no source routing entry as an IP spoofing attack.
Chapter 20 Logs Table 86 ACL Setting Notes (continued) PACKET DIRECTION DIRECTION DESCRIPTION (L to L/ZyXEL Device) LAN to LAN/ ZyXEL Device ACL set for packets traveling from the LAN to the LAN or the ZyXEL Device. (W to W/ZyXEL Device) WAN to WAN/ ZyXEL Device ACL set for packets traveling from the WAN to the WAN or the ZyXEL Device.
Chapter 20 Logs Table 87 ICMP Notes (continued) TYPE CODE DESCRIPTION 0 Information request message Information Reply 16 0 Information reply message Table 88 Syslog Logs LOG MESSAGE DESCRIPTION Mon dd hr:mm:ss hostname src="" dst="" msg="" note="" devID="" cat=" "This message is sent by the system ("RAS" displays as the system name if you haven’t configured one) when the router generates a sy
CHAPTER 21 Tools 21.1 Overview This chapter explains how to upload new firmware, manage configuration files and restart your ZyXEL Device. Use the instructions in this chapter to change the device’s configuration file or upgrade its firmware. After you configure your device, you can backup the configuration file to a computer. That way if you later misconfigure the device, you can upload the backed up configuration file to return to your previous settings.
Chapter 21 Tools Do NOT turn off the ZyXEL Device while firmware upload is in progress! Figure 101 Maintenance > Tools > Firmware The following table describes the labels in this screen. Table 90 Maintenance > Tools > Firmware LABEL DESCRIPTION Current Firmware Version This is the present Firmware version and the date created. File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click this to find the .bin file you want to upload.
Chapter 21 Tools The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 103 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen.
Chapter 21 Tools 21.3 The Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next. Figure 105 Maintenance > Tools > Configuration Backup Configuration Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer.
Chapter 21 Tools Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 91 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click this to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 21 Tools If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 108 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears.
Chapter 21 Tools 21.4 The Restart Screen System restart allows you to reboot the ZyXEL Device remotely without turning the power off. You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
Chapter 21 Tools 226 P-660HN-T1H User’s Guide
CHAPTER 22 Diagnostic 22.1 Overview These read-only screens display information to help you identify problems with the ZyXEL Device. 22.1.1 What You Can Do in the Diagnostic Screens • Use the General screen (Section 22.2 on page 227) to ping an IP address. • Use the DSL Line screen (Section 22.3 on page 228) to view the DSL line statistics and reset the ADSL line. 22.2 The General Screen Use this screen to ping an IP address. Click Maintenance > Diagnostic to open the screen shown next.
Chapter 22 Diagnostic The following table describes the fields in this screen. Table 92 Maintenance > Diagnostic > General LABEL DESCRIPTION TCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection. Ping Click this to ping the IP address that you entered. 22.3 The DSL Line Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next.
Chapter 22 Diagnostic The following table describes the fields in this screen. Table 93 Maintenance > Diagnostic > DSL Line LABEL DESCRIPTION ATM Status Click this to view your DSL connection’s Asynchronous Transfer Mode (ATM) statistics. ATM is a networking technology that provides highspeed data transfer. ATM uses fixed-size packets of information called cells. With ATM, a high QoS (Quality of Service) can be guaranteed. The (Segmentation and Reassembly) SAR driver translates packets into ATM cells.
Chapter 22 Diagnostic Table 93 Maintenance > Diagnostic > DSL Line (continued) LABEL DESCRIPTION DSL Line Status Click this to view statistics about the DSL connections. noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the ZyXEL Device from the ISP). It is measured in decibels. The higher the number the more signal and less noise there is.
CHAPTER 23 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access 23.1 Power, Hardware Connections, and LEDs The ZyXEL Device does not turn on. None of the LEDs turn on. 1 Make sure the ZyXEL Device is turned on. 2 Make sure you are using the power adaptor or cord included with the ZyXEL Device.
Chapter 23 Troubleshooting 2 Check the hardware connections. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Turn the ZyXEL Device off and on. 5 If the problem continues, contact the vendor. 23.2 ZyXEL Device Access and Login I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1.
Chapter 23 Troubleshooting • If you changed the IP address (Section 7.2 on page 89), use the new IP address. • If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the ZyXEL Device. 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 3 Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled. See Appendix C on page 279.
Chapter 23 Troubleshooting I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload new firmware. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. 23.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page 24.
Chapter 23 Troubleshooting The Internet connection is slow or intermittent. 1 There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.5 on page 24. If the ZyXEL Device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications. 2 Check the signal strength.
Chapter 23 Troubleshooting 236 P-660HN-T1H User’s Guide
CHAPTER 24 Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. 24.
Chapter 24 Product Specifications Table 95 Firmware Specifications (continued) Default Admin Password 1234 DHCP Server IP Pool 192.168.1.32 to 192.168.1.64 Static DHCP Addresses 10 URL Filtering URL web page blocking Static Routes 16 Device Management Use the web configurator to easily configure the rich range of features on the ZyXEL Device. Wireless Functionality Allow the IEEE 802.11b/g/n wireless clients to connect to the ZyXEL Device wirelessly.
Chapter 24 Product Specifications Table 95 Firmware Specifications (continued) Firewall Your device has a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The firewall supports TCP/UDP inspection, DoS detection and prevention, real time alerts, reports and logs.
Chapter 24 Product Specifications Table 95 Firmware Specifications (continued) ADSL Standards Support Multi-Mode standard (ANSI T1.413, Issue 2; G.dmt (G.992.1); G.lite (G992.2)) EOC specified in ITU-T G.992.1 ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL2+ (G.992.
Chapter 24 Product Specifications Table 95 Firmware Specifications (continued) Other Protocol Support SIP pass-through DNS Proxy Dynamic DNS (www.dyndns.org) IP Alias DHCP client/server/relay RIP I/ RIP II supported Support 16 IP Static routes by Gateway IGMP v1 and v2 IP Policy Routing UPnP support Transparent bridging, VLAN-tagging pass-through bridge mode Static DHCP Management Embedded Web Configurator(remove webhelp) SNMP v1 & v2c with MIB II Remote Management Control: Telnet, FTP, and Web.
Chapter 24 Product Specifications Table 96 Wireless Features WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) allows you to prioritize wireless traffic according to the delivery requirements of individual services. Other Wireless Features WDS(wireless client: G-570S v2) IEEE 802.11n Compliance Frequency Range:2.
Chapter 24 Product Specifications Table 97 Standards Supported (continued) STANDARD DESCRIPTION RFC 2516 A Method for Transmitting PPP Over Ethernet (PPPoE) RFC 2684 Multiprotocol Encapsulation over ATM Adaptation Layer 5. RFC 2766 Network Address Translation - Protocol IEEE 802.11 Also known by the brand Wi-Fi, denotes a set of Wireless LAN/ WLAN standards developed by working group 11 of the IEEE LAN/MAN Standards Committee (IEEE 802). IEEE 802.11b Uses the 2.4 gigahertz (GHz) band IEEE 802.
Chapter 24 Product Specifications 24.4 Power Adaptor Specifications Table 98 ZyXEL Device Series Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model 12V 1A SOCB PA Input Power AC 120Volts/60Hz Output Power DC 12Volts/1.0A Power Consumption 7.7 Watt max Safety Standards ANSI/UL 60950-1, CSA 60950-1 EUROPEAN PLUG STANDARDS AC Power Adapter Model 244 Input Power AC 230Volts/50Hz Output Power DC 12Volts/1.0A Power Consumption 8.
APPENDIX A Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP/Vista, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
Appendix A Setting up Your Computer’s IP Address Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. Figure 114 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add.
Appendix A Setting up Your Computer’s IP Address 3 Select Microsoft from the list of manufacturers. 4 Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: 1 Click Add. 2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect.
Appendix A Setting up Your Computer’s IP Address 3 Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Figure 116 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways.
Appendix A Setting up Your Computer’s IP Address Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 117 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dialup Connections in Windows 2000/NT).
Appendix A Setting up Your Computer’s IP Address 3 Right-click Local Area Connection and then click Properties. Figure 119 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 120 Windows XP: Local Area Connection Properties 5 250 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Appendix A Setting up Your Computer’s IP Address • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. Figure 121 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Appendix A Setting up Your Computer’s IP Address • Click OK when finished. Figure 122 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Appendix A Setting up Your Computer’s IP Address If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 123 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Appendix A Setting up Your Computer’s IP Address 1 Click the Start icon, Control Panel. Figure 124 Windows Vista: Start Menu 2 In the Control Panel, double-click Network and Internet. Figure 125 Windows Vista: Control Panel 3 Click Network and Sharing Center.
Appendix A Setting up Your Computer’s IP Address 4 Click Manage network connections. Figure 127 Windows Vista: Network and Sharing Center 5 Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
Appendix A Setting up Your Computer’s IP Address 6 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 129 Windows Vista: Local Area Connection Properties 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields.
Appendix A Setting up Your Computer’s IP Address • Click Advanced. Figure 130 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 8 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add.
Appendix A Setting up Your Computer’s IP Address • Click OK when finished. Figure 131 Windows Vista: Advanced TCP/IP Properties 9 In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Appendix A Setting up Your Computer’s IP Address If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 132 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window. 11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window. 13 Turn on your ZyXEL Device and restart your computer (if prompted).
Appendix A Setting up Your Computer’s IP Address Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel.
Appendix A Setting up Your Computer’s IP Address 2 Select Ethernet built-in from the Connect via list. Figure 134 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box.
Appendix A Setting up Your Computer’s IP Address Macintosh OS X 1 Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 135 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list.
Appendix A Setting up Your Computer’s IP Address • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window.
Appendix A Setting up Your Computer’s IP Address 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 138 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Appendix A Setting up Your Computer’s IP Address 6 Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 140 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
Appendix A Setting up Your Computer’s IP Address • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0. Figure 142 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.10 NETMASK=255.255.255.
Appendix A Setting up Your Computer’s IP Address Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 145 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.
Appendix A Setting up Your Computer’s IP Address 268 P-660HN-T1H User’s Guide
APPENDIX B IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix B IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 146 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Appendix B IP Addresses and Subnetting By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes.
Appendix B IP Addresses and Subnetting Notation Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128.
Appendix B IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 147 Subnetting Example: Before Subnetting You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25). The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting.
Appendix B IP Addresses and Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126.
Appendix B IP Addresses and Subnetting Table 105 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 128 IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129 Broadcast Address: 192.168.1.191 Highest Host ID: 192.168.1.190 Table 106 Subnet 4 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1.
Appendix B IP Addresses and Subnetting Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 108 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.128 (/25) 2 126 2 255.255.255.192 (/26) 4 62 3 255.255.255.224 (/27) 8 30 4 255.255.255.240 (/28) 16 14 5 255.255.255.248 (/29) 32 6 6 255.255.255.252 (/30) 64 2 7 255.255.255.
Appendix B IP Addresses and Subnetting addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0.
Appendix B IP Addresses and Subnetting 278 P-660HN-T1H User’s Guide
APPENDIX C Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix C Pop-up Windows, JavaScripts and Java Permissions 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 150 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Appendix C Pop-up Windows, JavaScripts and Java Permissions 2 Select Settings…to open the Pop-up Blocker Settings screen. Figure 151 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix C Pop-up Windows, JavaScripts and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 152 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Appendix C Pop-up Windows, JavaScripts and Java Permissions 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 153 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix C Pop-up Windows, JavaScripts and Java Permissions 6 Click OK to close the window. Figure 154 Security Settings - Java Scripting Java Permissions 284 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Appendix C Pop-up Windows, JavaScripts and Java Permissions 5 Click OK to close the window. Figure 155 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix C Pop-up Windows, JavaScripts and Java Permissions 3 Click OK to close the window. Figure 156 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Appendix C Pop-up Windows, JavaScripts and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen.
Appendix C Pop-up Windows, JavaScripts and Java Permissions 288 P-660HN-T1H User’s Guide
APPENDIX D Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix D Wireless LANs with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. Figure 160 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Appendix D Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. Figure 161 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area.
Appendix D Wireless LANs hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 162 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel.
Appendix D Wireless LANs Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Appendix D Wireless LANs several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows: Table 110 IEEE 802.11g DATA RATE (MBPS) MODULATION 1 DBPSK (Differential Binary Phase Shift Keyed) 2 DQPSK (Differential Quadrature Phase Shift Keying) 5.
Appendix D Wireless LANs IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: • User based identification that allows for roaming.
Appendix D Wireless LANs • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting.
Appendix D Wireless LANs However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key.
Appendix D Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen.
Appendix D Wireless LANs If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x.
Appendix D Wireless LANs keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of WEP) User Authentication WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a network.
Appendix D Wireless LANs 4 The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys. The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. Figure 163 WPA(2) with RADIUS Application Example WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows.
Appendix D Wireless LANs 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. Figure 164 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type.
Appendix D Wireless LANs Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.
Appendix D Wireless LANs • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points. • Directional antennas concentrate the RF signal in a beam, like a flashlight does with the light from its bulb.
APPENDIX E Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/ UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.
Appendix E Services Table 114 Examples of Services 306 NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service. AIM TCP 5190 AOL’s Internet Messenger service. AUTH TCP 113 Authentication protocol used by some servers. BGP TCP 179 Border Gateway Protocol. BOOTP_CLIENT UDP 68 DHCP Client. BOOTP_SERVER UDP 67 DHCP Server.
Appendix E Services Table 114 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION MSN Messenger TCP 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDP 137 TCP/UDP 138 The Network Basic Input/Output System is used for communication between computers in a LAN. TCP/UDP 139 TCP/UDP 445 NEW-ICQ TCP 5190 An Internet chat program. NEWS TCP 144 A protocol for news groups.
Appendix E Services Table 114 Examples of Services (continued) 308 NAME PROTOCOL PORT(S) DESCRIPTION SFTP TCP 115 The Simple File Transfer Protocol is an old way of transferring files between computers. SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SMTPS TCP 465 This is a more secure version of SMTP that runs over SSL. SNMP TCP/UDP 161 Simple Network Management Program.
APPENDIX F Legal Information Copyright Copyright © 2010 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix F Legal Information • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Appendix F Legal Information 本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。 減少電磁波影響,請妥適使用。 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Appendix F Legal Information purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser. To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped.
Index Index Numerics AP (access point) 291 802.1p 173, 174 applications, NAT 146 802.1Q/1P 163 activation 164 group settings 166 port settings 167 priority 163 PVC 164 PVID 168 tagging frames 164, 167 Asynchronous Transfer Mode, see ATM application filter 155 ATM 229 MBS 76, 81 PCR 76, 81 QoS 76, 81, 85 SCR 76, 81 status 229 authentication 120, 122 RADIUS server 122 WPA 108 A activation 802.
Index Command Line Interface, see CLI activation 178 wildcard 177 activation 178 compatibility, WDS 115 configuration backup 222 CWMP 202 DHCP 91 firewalls 151 IP alias 94 IP precedence 172 IP/MAC filter 157 logs 209 port forwarding 137 reset 224 restoring 223 static route 161 WAN 73 wireless LAN 103 wizard 60 connection nailed-up 80, 84 on demand 80 copyright 309 CPE WAN Management Protocol, see CWMP CTS (Clear to Send) 292 CTS threshold 108, 120 CWMP 201 activation 202 configuration 202 Dynamic Host Co
Index LAND attack 150 Ping of Death 150 status 35 SYN attack 149 configuration 172 IP/MAC filter 156 configuration 157 structure 153 firmware 219 version 34 forwarding ports 134, 136 activation 139 configuration 137 example 137 rules 139 fragmentation threshold 108, 120, 293 FTP 21, 183 H hidden node 291 I L LAN 87 client list 92 DHCP 88, 91, 96 DNS 88, 92, 96 IGMP 88, 99 IP address 88, 89, 97 IP alias 93 configuration 94 MAC address 93 multicast 88, 90, 99 RIP 88, 90, 95, 98 status 34 subnet mask 88,
Index MBS 76, 81, 85 MBSSID 124 P MTU 76, 81 P2P 135 multicast 72, 76, 88, 90, 99 IGMPInternet Group Multicast Protocol, see IGMP Pairwise Master Key (PMK) 299, 301 Multiple BSS, see MBSSID multiplexing 74, 79, 83 LLC-based 83 VC-based 83 N nailed-up connection 75, 80, 84 NAT 80, 133, 134, 144, 277 activation 135 address mapping 140 rules 142 types 141, 142, 146 applications 146 IP alias 146 default server IP address 136, 138 example 145 global 144 IGA 144 ILA 144 inside 144 local 144 outside 144 P2P
Index R RADIUS 295 message types 295 messages 295 shared secret key 296 RADIUS server 122 reauthentication, WPA 107 registration product 312 related documentation 3 remote management 179 DNS 186 FTP 183 ICMP 187 limitations 180 NAT 181 Telnet 182 WWW 181 reset 25, 224 restart 225 restoring configuration 223 RFC 1483 74, 79, 82 RIP 76, 88, 90, 95, 98 Routing Information Protocol, see RIP RTS (Request To Send) 292 threshold 291, 292 RTS threshold 108, 120 rules, port forwarding 139 S safety warnings 7 sched
Index firmware 219 version 34 LED 24 passwords 28 administrator 206 reset 25 status 30, 33 firewalls 35 LAN 34 WAN 34 wireless LAN 34 time 206 T tagging frames 164, 167 Telnet 182 thresholds data fragment 108, 120 RTS/CTS 108, 120 time 206 V VBR 85 VBR-nRT 76, 81, 86 VBR-RT 76, 81, 86 VCI 74, 79, 83 Virtual Channel Identifier, see VCI Virtual Local Area Network, see VLAN Virtual Path Identifier, see VPI VLAN 163 802.
Index passwords 28 WEP 105, 123 key 106 Wide Area Network, see WAN Wi-Fi Protected Access 298 WiFi Protected Setup, see WPS wireless client WPA supplicants 300 Wireless Distribution System, see WDS wireless LAN 101, 118 activation 104 authentication 120, 122 BSS 123 example 124 channel 119 configuration 103 encryption 104, 122 example 118 fragmentation threshold 108, 120 limitations 123 MAC address filter 102, 104, 110, 121 MBSSID 124 preamble 109, 120 RADIUS server 122 RTS/CTS threshold 108, 120 scheduling
Index 320 P-660HN-T1H User’s Guide
Index P-660HN-T1H User’s Guide 321
Index 322 P-660HN-T1H User’s Guide
