P-870HW-51a v2 802.11bg Wireless VDSL2 4 port gateway Default Login Details IP Address http://192.168.1.1 User Name 1234 Password 1234 Firmware Version 1.0 www.zyxel.com Edition 1, 1/2009 www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
About This User's Guide Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/ web/contact_us.php for contact information. Please have the following information ready when you contact an office. • Product model and serial number. • Warranty Information. • Date that you received your device.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The P-870HW-51a v2 may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.
Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device. • Do NOT open the device or unit.
Safety Warnings 8 P-870HW-51a v2 User’s Guide
Introduction ............................................................................................................................ 17 Introducing the ZyXEL Device ................................................................................................... 19 Tutorials ..................................................................................................................................... 25 Introducing the Web Configurator ...........................................................
New Template User’s Guide
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 5 Safety Warnings........................................................................................................................ 7 Table of Contents........................................................
Table of Contents 3.2.3 Status Bar ................................................................................................................... 38 Chapter 4 Status Screens ........................................................................................................................ 39 4.1 Status Screen ...................................................................................................................... 39 4.1.1 WAN Service Statistics ......................................
Table of Contents 7.1.1 What You Can Do in this Chapter .............................................................................. 79 7.2 What You Need to Know ...................................................................................................... 80 7.3 Before You Begin ................................................................................................................. 82 7.4 The General Screen ................................................................................
Table of Contents Chapter 10 Static Route ........................................................................................................................... 125 10.1 Overview ....................................................................................................................... 125 10.1.1 What You Can Do in this Chapter .......................................................................... 125 10.2 The Static Route Screen ......................................................
Table of Contents Part V: Maintenance, Troubleshooting and Specifications .............. 163 Chapter 15 System Settings .................................................................................................................... 165 15.1 Overview .......................................................................................................................... 165 15.1.1 What You Can Do in this Chapter .......................................................................... 165 15.1.
Table of Contents Appendix C IP Addresses and Subnetting ........................................................................... 235 Appendix D Wireless LANs .................................................................................................. 247 Appendix E Common Services............................................................................................. 263 Appendix F Legal Information .............................................................................................
P ART I Introduction Introducing the ZyXEL Device (19) Tutorials (25) Introducing the Web Configurator (35) Status Screens (39) 17
CHAPTER 1 Introducing the ZyXEL Device This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways you can manage the ZyXEL Device. 1.1 Overview The P-870HW-51a v2 is a VDSL2 gateway that allows super-fast, secure Internet access over analog (POTS) telephone lines. you can use Quality of Service (QoS) to efficiently manage traffic on your network by giving priority to certain types of traffic and/or to particular computers.
Chapter 1 Introducing the ZyXEL Device 1.3 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters. • Write down the password and put it in a safe place. • Back up the configuration (and make sure you know how to restore it).
Chapter 1 Introducing the ZyXEL Device 1.5 LEDs (Lights) The following graphic displays the labels of the LEDs. Figure 2 LEDs on the Top of the Device None of the LEDs are on if the ZyXEL Device is not receiving power. Table 1 LED Descriptions LED COLO R STATUS DESCRIPTION POWER Green On The ZyXEL Device is receiving power and ready for use. Blinking The ZyXEL Device is self-testing. On The ZyXEL Device detected an error while self-testing, or there is a device malfunction.
Chapter 1 Introducing the ZyXEL Device Table 1 LED Descriptions LED WLAN/ WPS COLO R STATUS DESCRIPTION Green On The wireless network is activated and is operating in IEEE 802.11b/g mode. Blinking The ZyXEL Device is communicating with other wireless clients. Orange Blinking Off DSL INTERNET Green Green The ZyXEL Device is setting up a WPS connection. The wireless network is not activated. On The DSL line is up. Blinking The ZyXEL Device is initializing the DSL line.
Chapter 1 Introducing the ZyXEL Device 1.7 The WPS WLAN Button You can use the WPS WLAN ON/OFF button ( ) on the top of the device to turn the wireless LAN off or on. You can also use it to activate WPS in order to quickly set up a wireless network with strong security. 1.7.1 Turn the Wireless LAN Off or On 1 Make sure the POWER LED is on (not blinking). 2 Press the WPS WLAN ON/OFF button for one second and release it. The WLAN/ WPS LED should change from on to off or vice versa. 1.7.
Chapter 1 Introducing the ZyXEL Device 24 P-870HW-51a v2 User’s Guide
CHAPTER 2 Tutorials This chapter describes how to set up a wireless network. 2.1 How to Set up a Wireless Network This tutorial gives you examples of how to set up an access point and wireless client for wireless communication using the following parameters. The wireless clients can access the Internet through an AP wirelessly. 2.1.1 Example Parameters SSID SSID_Example3 Security WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) 802.11 mode IEEE 802.
Chapter 2 Tutorials 1 Open the Network > Wireless LAN screen in the AP’s web configurator. Figure 3 AP: Wireless LAN 26 2 Make sure the Active Wireless LAN check box is selected. 3 Enter “SSID_Example3” as the SSID and select a channel which is not used by another AP. 4 Set security mode to WPA-PSK and enter “ThisismyWPA-PSKpre-sharedkey” in the Pre-Shared Key field. Click Apply.
Chapter 2 Tutorials 5 Click the Advanced Setup tab and select 54g Auto in the 54gTM Mode field. Click Apply. Figure 4 AP: Wireless LAN > Advanced Setup 6 Open the Status screen.Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status.
Chapter 2 Tutorials 7 Click the WLAN Station List hyperlink in the AP’s Status screen. You can see if any wireless client has connected to the AP. Figure 6 AP: Status: WLAN Station List 2.1.3 Configuring the Wireless Client This section describes how to connect the wireless client to a network. 2.1.3.1 Connecting to a Wireless LAN The following sections show you how to join a wireless network using the ZyXEL utility, as in the following diagram.
Chapter 2 Tutorials This example illustrates how to manually connect your wireless client to an access point (AP) which is configured for WPA-PSK security and connected to the Internet. Before you connect to the access point, you must know its Service Set IDentity (SSID) and WPA-PSK pre-shared key. In this example, the SSID is “SSID_Example3” and the pre-shared key is “ThisismyWPA-PSKpre-sharedkey”.
Chapter 2 Tutorials 3 When you try to connect to an AP with security configured, a window will pop up prompting you to specify the security settings. Enter the pre-shared key and leave the encryption type at the default setting. Use the Next button to move on to the next screen. You can use the Back button at any time to return to the previous screen, or the Exit button to return to the Site Survey screen. Figure 8 ZyXEL Utility: Security Settings 4 The Confirm Save window appears.
Chapter 2 Tutorials 5 The ZyXEL utility returns to the Link Info screen while it connects to the wireless network using your settings. When the wireless link is established, the ZyXEL utility icon in the system tray turns green and the Link Info screen displays details of the active connection. Check the network information in the Link Info screen to verify that you have successfully connected to the selected network.
Chapter 2 Tutorials 1 Open the ZyXEL utility and click the Profile tab to open the screen shown next. Click Add to configure a new profile. Figure 11 ZyXEL Utility: Profile 2 The Add New Profile screen appears. The wireless client automatically searches for available wireless networks, which are displayed in the Scan Info box. Click on Scan if you want to search again. You can also configure your profile for a wireless network that is not in the list.
Chapter 2 Tutorials 4 Choose the same encryption method as the AP to which you want to connect (In this example, WPA-PSK). Figure 13 ZyXEL Utility: Profile Security 5 This screen varies depending on the encryption method you selected in the previous screen. Enter the pre-shared key and leave the encryption type at the default setting. Figure 14 ZyXEL Utility: Profile Encryption 6 In the next screen, leave both boxes checked. Figure 15 Profile: Wireless Protocol Settings.
Chapter 2 Tutorials 7 Verify the profile settings in the read-only screen. Click Save to save and go to the next screen. Figure 16 Profile: Confirm Save 8 Click Activate Now to use the new profile immediately. Otherwise, click the Activate Later button. If you clicked Activate Later, you can select the profile from the list in the Profile screen and click Connect to activate it. Note: Only one profile can be activated and used at any given time.
CHAPTER 3 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 3.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
Chapter 3 Introducing the Web Configurator 4 A password screen displays. Enter the default user name 1234 and default password 1234.The password displays in non-readable characters. If you have changed the password, enter your password and click Login. Click Cancel to revert to the default password in the password field. Figure 18 Password Screen 3.
Chapter 3 Introducing the Web Configurator • B - navigation panel • C - main window • D - status bar 3.2.1 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL Device features. The following tables describe each menu item. Table 2 Navigation Panel Summary LINK TAB Status FUNCTION This screen shows the ZyXEL Device’s general device and network status information. Use this screen to access the statistics and client list.
Chapter 3 Introducing the Web Configurator Table 2 Navigation Panel Summary LINK QoS TAB FUNCTION General Use this screen to enable QoS. Queue Setup Use this screen to configure QoS queues. Class Setup Use this screen to define a classifier. Dynamic DNS Remote MGMT UPnP This screen allows you to use a static hostname alias for a dynamic IP address. TR069 Use this screen to configure the ZyXEL Device to be managed by an ACS (Auto Configuration Server).
CHAPTER 4 Status Screens Use the Status screens to look at the current status of the device, system resources and interfaces (LAN and WAN). The Status screen also provides detailed information from DHCP and statistics from traffic. 4.1 Status Screen Click Status to open this screen. Figure 20 Status Screen Each field is described in the following table. Table 3 Status Screen LABEL DESCRIPTION Refresh Interval Enter how often you want the ZyXEL Device to update this screen.
Chapter 4 Status Screens Table 3 Status Screen LABEL DESCRIPTION Device Information Host Name This field displays the ZyXEL Device system name. It is used for identification. Click this to go to the screen where you can change it. Model Number This is the model name of your device. MAC Address This is the MAC (Media Access Control) or Ethernet address unique to your ZyXEL Device. ZyNOS Firmware Version This field displays the current version of the firmware inside the device.
Chapter 4 Status Screens Table 3 Status Screen LABEL DESCRIPTION System Uptime This field displays how long the ZyXEL Device has been running since it last started up. The ZyXEL Device starts up when you plug it in, when you restart it (Maintenance > Tools > Restart), or when you reset it (see Section 1.6 on page 22). Current Date/Time This field displays the current date and time in the ZyXEL Device. You can change this in Maintenance > System > Time Setting.
Chapter 4 Status Screens Table 3 Status Screen LABEL DESCRIPTION LAN Statistics Click this link to view packet specific statistics on the LAN and WLAN interfaces. See Section 4.1.4 on page 46. Client List Click this link to view current DHCP client information. See Section 4.1.5 on page 47. 4.1.1 WAN Service Statistics Click Status > WLAN Service Statistics to access this screen. Use this screen to view the WAN statistics.
Chapter 4 Status Screens Table 4 Status > WAN Service Statistics (continued) LABEL DESCRIPTION Drops This indicates the number of received packets dropped on this interface. Transmitted Bytes This indicates the number of bytes transmitted on this interface. Pkts This indicates the number of transmitted packets on this interface. Errs This indicates the number of frames with errors transmitted on this interface. Drops This indicates the number of outgoing packets dropped on this interface.
Chapter 4 Status Screens Table 5 Status > Route Info (continued) LABEL DESCRIPTION Flag This indicates the route status. Up: The route is up. Reject: The route is blocked and will force a route lookup to fail. Gateway: The route uses a gateway to forward traffic. Host: The target of the route is a host. Reinstate: The route is reinstated for dynamic routing.
Chapter 4 Status Screens 4.1.3 WLAN Station List Click Status > WLAN Station List to access this screen. Use this screen to view the wireless stations that are currently associated to the ZyXEL Device. Figure 23 Status > WLAN Station List The following table describes the labels in this screen. Table 6 Status > WLAN Station List LABEL DESCRIPTION MAC Address This field shows the MAC (Media Access Control) address of an associated wireless station.
Chapter 4 Status Screens 4.1.4 LAN Statistics Click Status > LAN Statistics to access this screen. Use this screen to view the LAN statistics. Figure 24 Status > LAN Statistics The following table describes the labels in this screen. Table 7 Status > LAN Statistics LABEL DESCRIPTION Interface This shows the LAN or WLAN interface. eth0~3 represent the physical Ethernet ports 1~ 4. Received Bytes This indicates the number of bytes received on this interface.
Chapter 4 Status Screens Table 7 Status > LAN Statistics (continued) LABEL DESCRIPTION Set Interval Click this button to apply the new poll interval you entered in the Refresh Interval field. Stop Click Stop to stop refreshing statistics. 4.1.5 Client List DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it.
Chapter 4 Status Screens 48 P-870HW-51a v2 User’s Guide
P ART II Network WAN Setup (51) LAN Setup (69) Wireless LAN (79) Network Address Translation (NAT) (107) 49
CHAPTER 5 WAN Setup 5.1 Overview This chapter discusses the ZyXEL Device’s WAN screens. Use these screens to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations. Figure 26 LAN and WAN LAN WAN Internet • See Section 5.
Chapter 5 WAN Setup 5.2 What You Need to Know Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol. To set up a WAN connection to the Internet, you need to use the same encapsulation method used by your ISP (Internet Service Provider). If your ISP offers a dial-up Internet connection using PPPoE (PPP over Ethernet) or PPPoA, they should also provide a username and password (and service name) for user authentication.
Chapter 5 WAN Setup 5.4 The Internet Connection Screen Use this screen to change your ZyXEL Device’s WAN settings. Click Network > WAN > Internet Connection. The screen differs by the mode you select. Figure 27 WAN > Internet Connection (PPPoE) The following table describes the labels in this screen. Table 9 WAN > Internet Connection LABEL DESCRIPTION General Name P-870HW-51a v2 User’s Guide Specify a name for this connection.
Chapter 5 WAN Setup Table 9 WAN > Internet Connection (continued) LABEL DESCRIPTION Mode The ZyXEL Device is in routing mode by default. This allows multiple computers to share an Internet account. Select the method of encapsulation (ENET ENCAP or PPPoE) used by your ISP from the drop-down list box. Otherwise, select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly.
Chapter 5 WAN Setup Table 9 WAN > Internet Connection (continued) LABEL Symmetric DESCRIPTION Select this option to enable symmetric NAT on this connection. This field is available only when you select Active NAT. Fullcone Select this option to enable full cone NAT on this connection. This field is available only when you select Active NAT. DNS Servers Select From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address).
Chapter 5 WAN Setup 5.4.1 Advanced Internet Connection Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the Internet Connection screen. The screen appears as shown. Figure 28 WAN > Internet Connection: Advanced Setup The following table describes the labels in this screen.
Chapter 5 WAN Setup Table 10 WAN > Internet Connection: Advanced Setup (continued) LABEL DESCRIPTION PPPoE This field is available when you select PPPoE encapsulation. Passthrough (PPPoE In addition to the ZyXEL Device's built-in PPPoE client, you can enable encapsulati PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE on only) client software on their computers to connect to the ISP via the ZyXEL Device. Each host can have a separate account and a public WAN IP address.
Chapter 5 WAN Setup When you use the WAN > Internet Connection screen to set up Internet access, you are configuring the first WAN connection. Figure 29 WAN > More Connections The following table describes the labels in this screen. Table 11 WAN > More Connections LABEL DESCRIPTION # This is an index number indicating the number of the corresponding connection. Name This is the name you gave to the Internet connection.
Chapter 5 WAN Setup 5.5.1 More Connections Edit Click the edit icon or Add button in the More Connections screen to configure a connection. Figure 30 WAN > More Connections: Edit The following table describes the labels in this screen. Table 12 WAN > More Connections: Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection. Name Specify a name for this connection.
Chapter 5 WAN Setup Table 12 WAN > More Connections: Edit (continued) LABEL DESCRIPTION Mode The ZyXEL Device is in routing mode by default. This allows multiple computers to share an Internet account. Select the method of encapsulation (ENET ENCAP or PPPoE) used by your ISP from the drop-down list box. Otherwise, select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly.
Chapter 5 WAN Setup Table 12 WAN > More Connections: Edit (continued) LABEL Symmetric DESCRIPTION Select this option to enable symmetric NAT on this connection. This field is available only when you select Active NAT. Fullcone Select this option to enable full cone NAT on this connection. This field is available only when you select Active NAT. VLAN VLAN Active This section is available in this screen only when you select Bridge in the Mode field.
Chapter 5 WAN Setup 5.5.2 Configuring More Connections Advanced Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 31 WAN > More Connections: Edit: Advanced Setup The following table describes the labels in this screen.
Chapter 5 WAN Setup Table 13 WAN > More Connections: Edit: Advanced Setup (continued) LABEL DESCRIPTION PPPoE This field is available when you select PPPoE encapsulation. Passthrough (PPPoE In addition to the ZyXEL Device's built-in PPPoE client, you can enable encapsulati PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE on only) client software on their computers to connect to the ISP via the ZyXEL Device. Each host can have a separate account and a public WAN IP address.
Chapter 5 WAN Setup Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device can work in bridge mode or routing mode. When the ZyXEL Device is in routing mode, it supports the following methods. ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol. IP packets are routed between the Ethernet interface and the WAN interface and then formatted so that they can be understood in a bridged environment.
Chapter 5 WAN Setup Full Cone NAT In full cone NAT, the NAT router maps all outgoing packets from an internal IP address and port to a single IP address and port on the external network. The NAT router also maps packets coming to that external IP address and port to the internal IP address and port. In the following example, the ZyXEL Device maps the source address of all packets sent from the internal IP address 1 and port A to IP address 2 and port B on the external network.
Chapter 5 WAN Setup the example, only 3, C is allowed to send packets to 2, B and only 4, D is allowed to send packets to 2, M. Figure 33 Symmetric NAT 3, C 2, B 4, D 1, A 2, M 4, E 5, B Introduction to VLANs A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one group.
Chapter 5 WAN Setup contains two bytes of TPID (Tag Protocol Identifier), residing within the type/ length field of the Ethernet frame) and two bytes of TCI (Tag Control Information), starts after the source address field of the Ethernet frame). The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for Ethernet switches. If a frame received at an Ethernet port has a CFI set to 1, then that frame should not be forwarded as it is to an untagged port.
Chapter 5 WAN Setup 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The ZyXEL Device can get the DNS server addresses in the following ways. 68 1 The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields.
CHAPTER 6 LAN Setup 6.1 Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is usually located in one immediate area such as a building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. LAN DSL Internet • See Section 6.7 on page 75 for more information on LANs. • See Appendix D on page 247 for more information on IP addresses and subnetting. 6.1.
Chapter 6 LAN Setup 6.2 What You Need To Know IP Address Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. This is known as an Internet Protocol address. Subnet Mask The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered.
Chapter 6 LAN Setup 6.3 Before You Begin Find out the MAC addresses of your network devices if you intend to add them to the DHCP Client List screen. 6.4 The LAN IP Screen Click Network > LAN to open the IP screen. See Section 6.7 on page 75 for background information. Use this screen to set the Local Area Network IP address and subnet mask of your ZyXEL Device. Follow these steps to configure your LAN settings. 1 Enter an IP address into the IP Address field.
Chapter 6 LAN Setup The following table describes the fields in this screen. Table 14 LAN > IP LABEL DESCRIPTION LAN TCP/IP IP Address Enter the LAN IP address you want to assign to your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Chapter 6 LAN Setup Click Network > LAN > Client List to open the following screen. Use this screen to change your ZyXEL Device’s static DHCP settings. Figure 35 LAN > Client List The following table describes the labels in this screen. Table 15 LAN > Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify. MAC Address Enter the MAC address of a computer on your LAN.
Chapter 6 LAN Setup Note: Make sure that the subnets of the logical networks do not overlap. The following figure shows a LAN divided into subnets A and B. Figure 36 Physical Network & Partitioned Logical Networks A: 192.168.1.1 - 192.168.1.24 Ethernet Interface B: 192.168.2.1 - 192.168.2.24 6.6.1 Configuring the LAN IP Alias Screen Click Network > LAN > IP Alias to open the following screen. Use this screen to change your ZyXEL Device’s IP alias settings.
Chapter 6 LAN Setup 6.7 Technical Reference The following section contains additional technical information about the ZyXEL Device features described in this chapter. LANs, WANs and the ZyXEL Device The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
Chapter 6 LAN Setup IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Chapter 6 LAN Setup organization, you should consult your network administrator for the appropriate IP addresses. Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, “Address Allocation for Private Internets” and RFC 1466, “Guidelines for Management of IP Address Space”.
Chapter 6 LAN Setup 78 P-870HW-51a v2 User’s Guide
CHAPTER 7 Wireless LAN 7.1 Overview This chapter describes how to perform tasks related to setting up and optimizing your wireless network, including the following. • Turning the wireless connection on or off. • Configuring a name, wireless channel and security for the network. • Using WiFi Protected Setup (WPS) to configure your wireless network. • Using a MAC (Media Access Control) address filter to restrict access to the wireless network.
Chapter 7 Wireless LAN • The Advanced Setup screen lets you change the wireless mode, and make other advanced wireless configuration changes (Section 7.8 on page 93). You don’t necessarily need to use all these screens to set up your wireless connection. For example, you may just want to set up a network name, a wireless radio channel and some security in the General screen. 7.2 What You Need to Know Wireless Basics “Wireless” is essentially radio communication.
Chapter 7 Wireless LAN Radio Channels In the radio spectrum, there are certain frequency bands allocated for unlicensed, civilian use. For the purposes of wireless networking, these bands are divided into numerous channels. This allows a variety of networks to exist in the same place without interfering with one another. When you create a network, you must select a channel to use. Since the available unlicensed spectrum varies from one country to another, the number of available channels also varies.
Chapter 7 Wireless LAN mother owns a 1970 Dodge Challenger and her favorite movie is Vanishing Point (which you know was made in 1971) you could use “70dodchal71vanpoi” as your security key. Signal Problems Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption. Problems with distance occur when the two radios are too far apart. Problems with interference occur when other radio waves interrupt the data signal.
Chapter 7 Wireless LAN Click Network > Wireless LAN to open the General screen. Figure 39 Network > Wireless LAN > General The following table describes the labels in this screen. Table 17 Network > Wireless LAN > General LABEL DESCRIPTION Active Wireless LAN Click the check box to activate wireless LAN. Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated.
Chapter 7 Wireless LAN 7.4.1 No Security Select No Security to allow wireless devices to communicate with the access points without any data encryption or authentication. Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 40 Wireless LAN > General: No Security The following table describes the labels in this screen.
Chapter 7 Wireless LAN 7.4.2 WEP Encryption In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen. Select WEP from the Security Mode list. Figure 41 Wireless LAN > General: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 19 Network > Wireless LAN > General: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box.
Chapter 7 Wireless LAN Table 19 Network > Wireless LAN > General: Static WEP Encryption LABEL DESCRIPTION WEP Encryption WEP (Wired Equivalent Privacy) provides data encryption to prevent unauthorized wireless stations from accessing data transmitted over the wireless network. Select 64-bit WEP or 128-bit WEP to enable data encryption.
Chapter 7 Wireless LAN The following table describes the wireless LAN security labels in this screen. Table 20 Wireless LAN > General: WPA(2)-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK from the drop-down list box. Active Compatible This field is only available for WPA2-PSK. Select this if you want the ZyXEL Device to support WPA-PSK and WPA2-PSK simultaneously. Pre-Shared Key The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same.
Chapter 7 Wireless LAN 7.4.4 WPA(2) Authentication Use this screen to configure and enable WPA or WPA2 authentication; click the Wireless LAN link under Network to display the General screen. Select WPA or WPA2 from the Security Mode list. Figure 43 Wireless LAN > General: WPA(2) The following table describes the wireless LAN security labels in this screen. Table 21 Wireless LAN > General: WPA(2) 88 LABEL DESCRIPTION Security Mode Choose WPA or WPA2 from the drop-down list box.
Chapter 7 Wireless LAN Table 21 Wireless LAN > General: WPA(2) LABEL DESCRIPTION ReAuthentication Timer This field is available only when you select WPA2. Specify how often wireless stations have to resend usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority.
Chapter 7 Wireless LAN Click Network > Wireless LAN >WPS. The following screen displays. Figure 44 Network > Wireless LAN > WPS The following table describes the labels in this screen. Table 22 Network > Wireless LAN > WPS LABEL DESCRIPTION WPS Setup Enable WPS Select the check box to activate WPS on the ZyXEL Device. PIN Number This shows the PIN (Personal Identification Number) of the ZyXEL Device. Enter this PIN in the configuration utility of the device you want to connect to using WPS.
Chapter 7 Wireless LAN 7.6 The WPS Station Screen Use this screen to set up a WPS wireless network using either Push Button Configuration (PBC) or PIN Configuration. Click Network > Wireless LAN > WPS Station. The following screen displays. Figure 45 Network > Wireless LAN > WPS Station The following table describes the labels in this screen.
Chapter 7 Wireless LAN address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. Use this screen to change your ZyXEL Device’s MAC filter settings.Click Network > Wireless LAN > MAC Filter. The following screen displays. Figure 46 Wireless LAN > MAC Filter The following table describes the labels in this screen.
Chapter 7 Wireless LAN 7.8 The Advanced Setup Screen To configure advanced wireless settings, click Network > Wireless LAN > Advanced Setup. The screen appears as shown. Figure 47 Wireless LAN > Advanced Setup The following table describes the labels in this screen. Table 25 Wireless LAN > Advanced Setup LABEL DESCRIPTION RTS/CTS Threshold Enter a value between 0 and 2432. Fragmentatio n Threshold This is the maximum data fragment size that can be sent. Enter a value between 256 and 2432.
Chapter 7 Wireless LAN Table 25 Wireless LAN > Advanced Setup LABEL DESCRIPTION 54gTM Mode Select 54g Auto to allow either IEEE 802.11b or IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device. The ZyXEL Device adjusts the transmission rate automatically according to the wireless standard supported by the wireless devices. Select 54g Performance to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device. Select 802.11b Only to allow either IEEE 802.
Chapter 7 Wireless LAN 7.9.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 48 Example of a Wireless Network AP A B The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your ZyXEL Device is the AP. Every wireless network must follow these basic guidelines.
Chapter 7 Wireless LAN 7.9.2 Additional Wireless Terms The following table describes some wireless network terms and acronyms used in the ZyXEL Device’s Web Configurator. Table 26 Additional Wireless Terms TERM DESCRIPTION RTS/CTS Threshold In a wireless network which covers a large area, wireless devices are sometimes not aware of each other’s presence. This may cause them to send information to the AP at the same time and result in information colliding and not getting through.
Chapter 7 Wireless LAN characters2; for example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each device in the wireless network, see the device’s User’s Guide or other documentation. You can use the MAC address filter to tell the ZyXEL Device which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security).
Chapter 7 Wireless LAN The types of encryption you can choose depend on the type of authentication. (See Section 7.9.3.3 on page 97 for information about this.) Table 27 Types of Encryption for Each Type of Authentication NO AUTHENTICATION RADIUS SERVER Weakest No Security Static WEP WPA-PSK WPA Stronges t WPA2-PSK WPA2 For example, if the wireless network has a RADIUS server, you can choose WPA or WPA2.
Chapter 7 Wireless LAN between two devices. Both devices must support WPS (check each device’s documentation to make sure). Depending on the devices you have, you can either press a button (on the device itself, or in its configuration utility) or enter a PIN (a unique Personal Identification Number that allows one device to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two minutes to find another device that also has WPS activated.
Chapter 7 Wireless LAN Use the PIN method instead of the push-button configuration (PBC) method if you want to ensure that the connection is established between the devices you specify, not just the first two devices to activate WPS in range of each other. However, you need to log into the configuration interfaces of both devices to use the PIN method.
Chapter 7 Wireless LAN The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. Figure 49 Example WPS Process: PIN Method ENROLLEE REGISTRAR WPS This device’s WPS PIN: 123456 WPS Enter WPS PIN from other device: WPS START WPS START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 7.9.4.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role.
Chapter 7 Wireless LAN The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. Figure 50 How WPS works ACTIVATE WPS ACTIVATE WPS WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary.
Chapter 7 Wireless LAN 7.9.4.4 Example WPS Network Setup This section shows how security settings are distributed in an example WPS setup. The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information.
Chapter 7 Wireless LAN point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. Figure 53 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 E N TIO EC N ON GC N I T XIS AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP2 7.9.4.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate).
Chapter 7 Wireless LAN • When you use the PBC method, there is a short period (from the moment you press the button on one device to the moment you press the button on the other device) when any WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a possible way for a hacker to gain access to a network. You can easily check to see if this has happened.
Chapter 7 Wireless LAN 106 P-870HW-51a v2 User’s Guide
CHAPTER 8 Network Address Translation (NAT) 8.1 Overview This chapter discusses how to configure NAT on the ZyXEL Device. Network Address Translation (NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 8.1.
Chapter 8 Network Address Translation (NAT) NAT makes your whole inside network appear as a single computer to the outside world. 8.3 The Port Forwarding Screen This summary screen provides a summary of all port forwarding rules and their configuration. In addition, this screen allows you to create new port forwarding rules and delete existing rules. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.
Chapter 8 Network Address Translation (NAT) The following table describes the labels in this screen. Table 28 NAT Port Forwarding LABEL DESCRIPTION Service Name Select a pre-defined service from the drop-down list box. The predefined service port number(s) and protocol will display in the External port, Internal port and Protocol fields. Otherwise, select User Define to open the Rule Setup screen where you can manually enter the port number(s) and select the IP protocol.
Chapter 8 Network Address Translation (NAT) Table 28 NAT Port Forwarding (continued) LABEL DESCRIPTION Internal Port End This is the last internal port number that identifies a service. Server IP Address This field displays the destination IP address for the packet. Modify Click the edit icon to go to the screen where you can edit the port forwarding rule. Click the remove icon to delete an existing port forwarding rule. Note that subsequent rules move up by one when you take this action.
Chapter 8 Network Address Translation (NAT) Table 29 Port Forwarding Edit (continued) LABEL DESCRIPTION External Start Port Enter the original destination port for the packets. To forward only one port, enter the port number again in the External End Port field. To forward a series of ports, enter the start port number here and the end port number in the External End Port field. External End Port Enter the last port of the original destination port range.
Chapter 8 Network Address Translation (NAT) The following table describes the fields in this screen. Table 30 NAT - DMZ Host LABEL DESCRIPTION Default Server Enter the IP address of the default server which receives packets from ports that are not specified in the NAT Port Forwarding screen. Note: If you do not assign a Default Server, the ZyXEL Device discards all packets received for ports that are not specified in the NAT Port Forwarding screen.
Chapter 8 Network Address Translation (NAT) addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet.
Chapter 8 Network Address Translation (NAT) 114 P-870HW-51a v2 User’s Guide
P ART III Security IP Filter (117) 115
CHAPTER 9 IP Filter 9.1 Overview This chapter shows you how to enable and configure the ZyXEL Device IP filtering settings. The ZyXEL Device firewall is a packet filtering firewall and restricts access based on the source/destination computer network address of a packet and the type of application. 9.1.1 What You Can Do in this Chapter The IP Filtering Incoming screen lets you view and configure incoming IP filtering rules (Section 9.3 on page 118). 9.
Chapter 9 IP Filter Some of the most common IP ports are: Table 32 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 Default Filtering Policies Filtering rules are grouped based on the direction of travel of packets to which they apply. The default rule for incoming traffic blocks all incoming connections from the WAN to the LAN. If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it.
Chapter 9 IP Filter The following table describes the labels in this screen. Table 33 Incoming IP Filtering LABEL DESCRIPTION Active Select this check box to enable the rule. Filter Name This displays the name of the rule. Interfaces This displays the WAN interface to which this rule is applied. Protocol This displays the IP protocol that defines the service to which this rule applies. Source Address / Mask This displays the source IP addresses and subnet mask to which this rule applies.
Chapter 9 IP Filter 9.3.1 Creating Incoming Filtering Rules In the Incoming screen, click Add to display this screen and refer to the following table for information on the labels. Figure 59 Incoming IP Filtering: Add The following table describes the labels in this screen. Table 34 Incoming IP Filtering: Add 120 LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 printable English keyboard characters, including spaces.
Chapter 9 IP Filter Table 34 Incoming IP Filtering: Add (continued) LABEL DESCRIPTION Back Click Back to return to the previous screen. Apply Click Apply to save your customized settings and exit this screen.
Chapter 9 IP Filter 122 P-870HW-51a v2 User’s Guide
P ART IV Advanced Static Route (125) Quality of Service (QoS) (129) Dynamic DNS Setup (141) Remote Management (143) Universal Plug-and-Play (UPnP) (149) 123
CHAPTER 10 Static Route 10.1 Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the ZyXEL Device’s LAN interface. The ZyXEL Device routes most traffic from A to the Internet through the ZyXEL Device’s default gateway (R1).
Chapter 10 Static Route 10.2 The Static Route Screen Click Advanced > Static Route to open the Static Route screen. Figure 61 Advanced > Static Route The following table describes the labels in this screen. Table 35 Advanced > Static Route LABEL DESCRIPTION # This is the number of an individual static route. Active This field indicates whether the rule is active or not. Clear the check box to disable the rule. Select the check box to enable it.
Chapter 10 Static Route 10.2.1 Static Route Edit Click the Add button in the Static Route screen. Use this screen to configure the required information for a static route. Figure 62 Static Route: Add The following table describes the labels in this screen. Table 36 Static Route: Add LABEL DESCRIPTION Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number.
Chapter 10 Static Route 128 P-870HW-51a v2 User’s Guide
CHAPTER 11 Quality of Service (QoS) 11.1 Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested. This can cause a reduction in network performance and make the network inadequate for time-critical application such as video-ondemand.
Chapter 11 Quality of Service (QoS) 11.2 What You Need to Know The following terms and concepts may help as you read through this chapter. QoS versus Cos QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given the same priority. CoS (class of service) is a way of managing traffic in a network by grouping similar types of traffic together and treating each type as a class. You can use CoS to give different priorities to different packet types.
Chapter 11 Quality of Service (QoS) The following table describes the labels in this screen. Table 37 QoS General LABEL DESCRIPTION Active QoS Select the check box to turn on QoS to improve your network performance. Select Default DSCP Mark This field is available only when you select Enable QoS. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
Chapter 11 Quality of Service (QoS) Table 38 QoS Queue Setup LABEL DESCRIPTION Modify Click the edit icon to go to the screen where you can edit the queue. Click the remove icon to delete an existing queue. Note that subsequent rules move up by one when you take this action. Apply Click Apply to save your changes back to the ZyXEL Device. 11.4.1 Adding a QoS Queue Click the Add button or the edit icon in the Queue Setup screen to configure a queue.
Chapter 11 Quality of Service (QoS) 11.5 The Class Setup Screen Use this screen to add, edit or delete QoS classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming interface. For example, you can configure a classifier to select traffic from the same protocol port (such as Telnet) to form a flow.
Chapter 11 Quality of Service (QoS) Table 40 QoS Class Setup (continued) LABEL DESCRIPTION DstMAC /Mask This shows the destination MAC address and the mask of traffic of this class. SrcIP/Mask This shows the source IP address, the source subnet mask and DHCP option 60 or DHCP option 77. DstIP/Mask This shows the destination IP address and the destination subnet mask. Proto This shows the protocol type. Src Port This shows the source port number. Dst Port This shows the destination port number.
Chapter 11 Quality of Service (QoS) 11.5.1 QoS Class Edit Click the Add button or the edit icon in the Class Setup screen to configure a classifier. Figure 67 QoS Class Setup: Add The following table describes the labels in this screen. Table 41 QoS Class Configuration LABEL DESCRIPTION Active Select to enable or disable this classifier. Name Enter a descriptive name of up to 20 printable English keyboard characters, including spaces.
Chapter 11 Quality of Service (QoS) Table 41 QoS Class Configuration (continued) LABEL DESCRIPTION Interface Select from which Ethernet port traffic of this class should come. Select Local for any traffic from the LAN. Order Select an existing number for where you want to put this classifier to move the classifier to the number you selected after clicking Apply. Select Last to put this rule in the back of the classifier list.
Chapter 11 Quality of Service (QoS) Table 41 QoS Class Configuration (continued) LABEL DESCRIPTION MAC Mask Type the mask for the specified MAC address to determine which bits a packet’s MAC address should match. Enter “f” for each bit of the specified source MAC address that the traffic’s MAC address should match. Enter “0“ for the bit(s) of the matched traffic’s MAC address, which can be of any hexadecimal character(s).
Chapter 11 Quality of Service (QoS) IEEE 802.1Q Tag The IEEE 802.1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges. A VLAN tag includes the 12-bit VLAN ID and 3-bit user priority. The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process the frame across the network. IEEE 802.1p specifies the user priority field and defines up to eight separate traffic types.
Chapter 11 Quality of Service (QoS) DSCP and Per-Hop Behavior DiffServ defines a new Differentiated Services (DS) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels. The following figure illustrates the DS field. DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping.
Chapter 11 Quality of Service (QoS) 140 P-870HW-51a v2 User’s Guide
CHAPTER 12 Dynamic DNS Setup 12.1 Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CUSeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Chapter 12 Dynamic DNS Setup 12.3 The Dynamic DNS Screen To change your ZyXEL Device’s DDNS, click Advanced > Dynamic DNS. The screen appears as shown. Figure 68 Advanced > Dynamic DNS The following table describes the fields in this screen. Table 43 Advanced > Dynamic DNS LABEL DESCRIPTION Service Provider Select the name of your Dynamic DNS service provider. Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider.
CHAPTER 13 Remote Management 13.1 Overview This chapter explains how to configure the TR-069 settings and access control settings on the ZyXEL Device. 13.1.1 What You Can Do in this Chapter • The TR-069 Client screen lets you configure the ZyXEL Device’s TR-069 autoconfiguration settings (Section 13.2 on page 143). • The Service Control screens let you configure through which interface(s) users can use which service(s) to manage the ZyXEL Device (Section 13.3 on page 145).
Chapter 13 Remote Management Click Advanced > Remote MGMT to open the following screen. Use this screen to configure your P-870HA to be managed by an ACS. Figure 69 TR-069 The following table describes the fields in this screen. Table 44 TR-069 144 LABEL DESCRIPTION Inform Select Enable to activate remote management via TR-069 on the WAN. Otherwise, select Disable. Inform Interval Enter the time interval (in seconds) at which the ZyXEL Device sends information to the auto-configuration server.
Chapter 13 Remote Management Table 44 TR-069 (continued) LABEL DESCRIPTION Connection Request Password Enter the connection request password. Connection Request URL This shows the connection request URL. Apply/Save Click this button to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. When the ACS makes a connection request to the ZyXEL Device, this password is used to authenticate the ACS.
Chapter 13 Remote Management The following table describes the fields in this screen. Table 45 Access Control: Services LABEL DESCRIPTION Service Control Mode Select Enable to turn on service control. Otherwise, select Disable. Services This is the service you may use to access the ZyXEL Device. LAN Select the Enable check box for the corresponding services that you want to allow access to the ZyXEL Device from the LAN.
Chapter 13 Remote Management Table 46 IP Address (continued) LABEL DESCRIPTION Remove Select this check box and click the Remove button to delete this entry from the ZyXEL Device. Add Click this button to create a new entry. Remove Click this button to delete the selected entry. 13.4.1 Adding an IP Address Click the Add button in the IP Address screen to open the following screen. Figure 72 IP Address: Add The following table describes the fields in this screen.
Chapter 13 Remote Management 148 P-870HW-51a v2 User’s Guide
CHAPTER 14 Universal Plug-and-Play (UPnP) 14.1 Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use. 14.1.
Chapter 14 Universal Plug-and-Play (UPnP) Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the NAT chapter for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments.
Chapter 14 Universal Plug-and-Play (UPnP) The following table describes the fields in this screen. Table 48 Advanced > UPnP LABEL DESCRIPTION Active the Universal Plug and Play (UPnP) Feature Select this check box to activate UPnP. Be aware that anyone could use a UPnP application to open the web configurator's login screen without entering the ZyXEL Device's IP address (although you must still enter the password to access the web configurator).
Chapter 14 Universal Plug-and-Play (UPnP) 2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Figure 74 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box.
Chapter 14 Universal Plug-and-Play (UPnP) 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Chapter 14 Universal Plug-and-Play (UPnP) 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details.
Chapter 14 Universal Plug-and-Play (UPnP) 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 78 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 14.5 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device.
Chapter 14 Universal Plug-and-Play (UPnP) 2 Right-click the icon and select Properties.
Chapter 14 Universal Plug-and-Play (UPnP) 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
Chapter 14 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 81 Internet Connection Properties: Advanced Settings Figure 82 Internet Connection Properties: Advanced Settings: Add 5 158 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Chapter 14 Universal Plug-and-Play (UPnP) 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. Figure 83 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 84 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first.
Chapter 14 Universal Plug-and-Play (UPnP) 3 Select My Network Places under Other Places. Figure 85 Network Connections 4 160 An icon with the description for each UPnP-enabled device displays under Local Network.
Chapter 14 Universal Plug-and-Play (UPnP) 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Figure 86 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device.
Chapter 14 Universal Plug-and-Play (UPnP) 162 P-870HW-51a v2 User’s Guide
P ART V Maintenance, Troubleshooting and Specifications System Settings (165) Logs (169) Tools (173) Troubleshooting (181) Product Specifications (187) 163
CHAPTER 15 System Settings 15.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 15.1.1 What You Can Do in this Chapter • The General screen lets you configure system settings (Section 15.2 on page 166). • The Time Setting screen lets you set the system time (Section 15.3 on page 167). 15.1.
Chapter 15 System Settings 15.2 The General Screen Use the General screen to configure system settings such as the system password. Click Maintenance > System to open the General screen. Figure 88 Maintenance > System > General The following table describes the labels in this screen. Table 49 Maintenance > System > Genera 166 LABEL DESCRIPTION UserName This shows the user name you use to access the system.
Chapter 15 System Settings 15.3 The Time Setting Screen To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 89 Maintenance > System > Time Setting The following table describes the fields in this screen. Table 50 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time Current Time This field displays the time of your ZyXEL Device.
Chapter 15 System Settings Table 50 Maintenance > System > Time Setting (continued) LABEL DESCRIPTION First NTP time server Select an NTP time server from the drop-down list box. Second NTP time server Third NTP time server Otherwise, select Other and enter the IP address or URL (up to 20 extended ASCII characters in length) of your time server. Select None if you don’t want to configure the time server. Check with your ISP/network administrator if you are unsure of this information.
CHAPTER 16 Logs 16.1 Overview This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to a syslog server. 16.1.1 What You Can Do in this Chapter • The View Log screen lets you see the logs for the categories that you selected in the Log Settings screen (Section 16.2 on page 169).
Chapter 16 Logs The log wraps around and deletes the old entries after it fills. Figure 90 Maintenance > Logs > View Log The following table describes the fields in this screen. Table 51 Maintenance > Logs > View Log LABEL DESCRIPTION Display Select a category of logs to view. The ZyXEL Device displays the logs with the severity level equal to or higher than what you selected.
Chapter 16 Logs To change your ZyXEL Device’s log settings, click Maintenance > Logs > Log Settings. The screen appears as shown. Figure 91 Maintenance > Logs > Log Settings The following table describes the fields in this screen. Table 52 Maintenance > Logs > Log Settings LABEL DESCRIPTION Active Select to enable or disable system logging. Syslog Server IP Address Enter the server name or the IP address of the log server. The logs will be stored in both the ZyXEL Device and the log server.
Chapter 16 Logs 172 P-870HW-51a v2 User’s Guide
CHAPTER 17 Tools Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE your ZyXEL Device. 17.1 Overview This chapter explains how to upload new firmware, manage configuration files and restart your ZyXEL Device. Use the instructions in this chapter to change the device’s configuration file or upgrade its firmware. After you configure your device, you can backup the configuration file to a computer.
Chapter 17 Tools 17.2 The Firmware Upgrade Screen Click Maintenance > Tools to open the Firmware screen. Follow the instructions in this screen to upload firmware to your ZyXEL Device. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. Do NOT turn off the ZyXEL Device while firmware upload is in progress! Figure 92 Maintenance > Tools > Firmware The following table describes the labels in this screen.
Chapter 17 Tools After you see the Firmware Upload in Progress screen, wait two minutes before logging into the ZyXEL Device again. Figure 93 Firmware Upload In Progress The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 94 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
Chapter 17 Tools 17.3 The Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next. Figure 96 Maintenance > Tools > Configuration Backup Configuration Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer.
Chapter 17 Tools Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 54 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 17 Tools If the upload was not successful, the following screen will appear. Click Tools > Configuration to go back to the Configuration screen. Figure 99 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears.
Chapter 17 Tools Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
Chapter 17 Tools 180 P-870HW-51a v2 User’s Guide
CHAPTER 18 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access 18.1 Power, Hardware Connections, and LEDs The ZyXEL Device does not turn on. None of the LEDs turn on. 1 Make sure the ZyXEL Device is turned on. 2 Make sure you are using the power adaptor or cord included with the ZyXEL Device.
Chapter 18 Troubleshooting 2 Check the hardware connections. See the Quick Start Guide. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Turn the ZyXEL Device off and on. 5 If the problem continues, contact the vendor. 18.2 ZyXEL Device Access and Login I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1.
Chapter 18 Troubleshooting • If you changed the IP address (Section on page 76), use the new IP address. • If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the ZyXEL Device. 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. 3 Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled. See Appendix B on page 225.
Chapter 18 Troubleshooting 2 Make sure you entered your ISP account information correctly in the WAN screens. These fields are case-sensitive, so make sure [Caps Lock] is not on. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP. 4 Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again. 5 If the problem continues, contact your ISP.
Chapter 18 Troubleshooting • Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications.
Chapter 18 Troubleshooting 186 P-870HW-51a v2 User’s Guide
CHAPTER 19 Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. 19.
Chapter 19 Product Specifications Table 56 Firmware Specifications (continued) DHCP Server IP Pool 192.168.1.33 to 192.168.1.254 Static DHCP Addresses 10 Static Routes 16 Device Management Use the web configurator to easily configure the rich range of features on the ZyXEL Device. Wireless Functionality Allow the IEEE 802.11b and/or IEEE 802.11g wireless clients to connect to the ZyXEL Device wirelessly.
Chapter 19 Product Specifications Table 56 Firmware Specifications (continued) PPPoE Support (RFC2516) PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL. The PPPoE driver on your device is transparent to the computers on the LAN, which see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE clients on individual computers.
Chapter 19 Product Specifications Table 56 Firmware Specifications (continued) Other Protocol Support PPP (Point-to-Point Protocol) link layer protocol Transparent bridging for unsupported network layer protocols RIP I/RIP II ICMP ATM QoS SNMP v1 and v2c with MIB II support (RFC 1213) IP Multicasting IGMP v1 and v2 IGMP Proxy Management Embedded Web Configurator Remote Firmware Upgrade Syslog TR-069 19.
Chapter 19 Product Specifications Table 57 Wireless Features WPA2 WPA 2 is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Other Wireless Features IEEE 802.11g Compliance Frequency Range: 2.4 GHz ISM Band Advanced Orthogonal Frequency Division Multiplexing (OFDM) Data Rates: 54Mbps, 11Mbps, 5.5Mbps, 2Mbps, and 1 Mbps Auto Fallback WPA2 WMM IEEE 802.11i IEEE 802.11e Wired Equivalent Privacy (WEP) Data Encryption 64/128/256 bit.
Chapter 19 Product Specifications Table 58 Standards Supported (continued) STANDARD DESCRIPTION RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP) RFC 2516 A Method for Transmitting PPP Over Ethernet (PPPoE) RFC 2684 Multiprotocol Encapsulation over ATM Adaptation Layer 5. RFC 2766 Network Address Translation - Protocol IEEE 802.
P ART VI Appendices and Index Note: The appendices provide general information. Some details may not apply to your ZyXEL Device.
APPENDIX A Setting Up Your Computer’s IP Address Note: Your specific ZyXEL device may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported. This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network.
Appendix A Setting Up Your Computer’s IP Address Windows XP/NT/2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT. 1 Click Start > Control Panel. Figure 102 Windows XP: Start Menu 2 In the Control Panel, click the Network Connections icon.
Appendix A Setting Up Your Computer’s IP Address 3 Right-click Local Area Connection and then select Properties. Figure 104 Windows XP: Control Panel > Network Connections > Properties 4 On the General tab, select Internet Protocol (TCP/IP) and then click Properties.
Appendix A Setting Up Your Computer’s IP Address 5 The Internet Protocol TCP/IP Properties window opens. Figure 106 Windows XP: Internet Protocol (TCP/IP) Properties 6 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix A Setting Up Your Computer’s IP Address 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information.
Appendix A Setting Up Your Computer’s IP Address Windows Vista This section shows screens from Windows Vista Professional. 1 Click Start > Control Panel. Figure 107 Windows Vista: Start Menu 2 In the Control Panel, click the Network and Internet icon. Figure 108 Windows Vista: Control Panel 3 Click the Network and Sharing Center icon.
Appendix A Setting Up Your Computer’s IP Address 4 Click Manage network connections. Figure 110 Windows Vista: Network and Sharing Center 5 Right-click Local Area Connection and then select Properties. Figure 111 Windows Vista: Network and Sharing Center Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
Appendix A Setting Up Your Computer’s IP Address 6 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix A Setting Up Your Computer’s IP Address 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. Figure 113 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 8 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically.
Appendix A Setting Up Your Computer’s IP Address 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information.
Appendix A Setting Up Your Computer’s IP Address Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. 1 Click Apple > System Preferences. Figure 114 Mac OS X 10.4: Apple Menu 2 In the System Preferences window, click the Network icon. Figure 115 Mac OS X 10.
Appendix A Setting Up Your Computer’s IP Address 3 When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. Figure 116 Mac OS X 10.4: Network Preferences 4 For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab. Figure 117 Mac OS X 10.4: Network Preferences > TCP/IP Tab.
Appendix A Setting Up Your Computer’s IP Address 5 For statically assigned settings, do the following: • From the Configure IPv4 list, select Manually. • In the IP Address field, type your IP address. • In the Subnet Mask field, type your subnet mask. • In the Router field, type the IP address of your device. Figure 118 Mac OS X 10.4: Network Preferences > Ethernet 6 Click Apply Now and close the window.
Appendix A Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab. Figure 119 Mac OS X 10.
Appendix A Setting Up Your Computer’s IP Address Mac OS X: 10.5 The screens in this section are from Mac OS X 10.5. 1 Click Apple > System Preferences. Figure 120 Mac OS X 10.5: Apple Menu 2 In System Preferences, click the Network icon. Figure 121 Mac OS X 10.
Appendix A Setting Up Your Computer’s IP Address 3 When the Network preferences pane opens, select Ethernet from the list of available connection types. Figure 122 Mac OS X 10.5: Network Preferences > Ethernet 4 From the Configure list, select Using DHCP for dynamically assigned settings. 5 For statically assigned settings, do the following: • From the Configure list, select Manually. • In the IP Address field, enter your IP address. • In the Subnet Mask field, enter your subnet mask.
Appendix A Setting Up Your Computer’s IP Address • In the Router field, enter the IP address of your ZyXEL Device. Figure 123 Mac OS X 10.5: Network Preferences > Ethernet 6 Click Apply and close the window.
Appendix A Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab. Figure 124 Mac OS X 10.5: Network Utility Linux: Ubuntu 8 (GNOME) This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution.
Appendix A Setting Up Your Computer’s IP Address 1 Click System > Administration > Network. Figure 125 Ubuntu 8: System > Administration Menu 2 When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password.
Appendix A Setting Up Your Computer’s IP Address 3 In the Authenticate window, enter your admin account name and password then click the Authenticate button. Figure 127 Ubuntu 8: Administrator Account Authentication 4 In the Network Settings window, select the connection that you want to configure, then click Properties.
Appendix A Setting Up Your Computer’s IP Address 5 The Properties dialog box opens. Figure 129 Ubuntu 8: Network Settings > Properties • In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address. • In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields. 6 Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen.
Appendix A Setting Up Your Computer’s IP Address 7 If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided. Figure 130 Ubuntu 8: Network Settings > DNS 8 Click the Close button to apply the changes.
Appendix A Setting Up Your Computer’s IP Address tab. The Interface Statistics column shows data if your connection is working properly.
Appendix A Setting Up Your Computer’s IP Address Linux: openSUSE 10.3 (KDE) This section shows you how to configure your computer’s TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default openSUSE 10.3 installation. Note: Make sure you are logged in as the root administrator.
Appendix A Setting Up Your Computer’s IP Address 2 When the Run as Root - KDE su dialog opens, enter the admin password and click OK. Figure 133 openSUSE 10.3: K Menu > Computer Menu 3 When the YaST Control Center window opens, select Network Devices and then click the Network Card icon. Figure 134 openSUSE 10.
Appendix A Setting Up Your Computer’s IP Address 4 When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 135 openSUSE 10.
Appendix A Setting Up Your Computer’s IP Address 5 When the Network Card Setup window opens, click the Address tab Figure 136 openSUSE 10.3: Network Card Setup 6 Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. 7 Click Next to save the changes and close the Network Card Setup window.
Appendix A Setting Up Your Computer’s IP Address 8 If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided. Figure 137 openSUSE 10.3: Network Settings 9 222 Click Finish to save your settings and close the window.
Appendix A Setting Up Your Computer’s IP Address Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information. Figure 138 openSUSE 10.3: KNetwork Manager When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly.
Appendix A Setting Up Your Computer’s IP Address 224 P-870HW-51a v2 User’s Guide
APPENDIX B Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 141 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Select Settings…to open the Pop-up Blocker Settings screen. Figure 142 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 143 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 144 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix B Pop-up Windows, JavaScripts and Java Permissions 6 Click OK to close the window. Figure 145 Security Settings - Java Scripting Java Permissions 230 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click OK to close the window. Figure 146 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix B Pop-up Windows, JavaScripts and Java Permissions 3 Click OK to close the window. Figure 147 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Appendix B Pop-up Windows, JavaScripts and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 234 P-870HW-51a v2 User’s Guide
APPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix C IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 150 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Appendix C IP Addresses and Subnetting By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes.
Appendix C IP Addresses and Subnetting Notation Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128.
Appendix C IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 151 Subnetting Example: Before Subnetting You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25). The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25.
Appendix C IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 152 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.
Appendix C IP Addresses and Subnetting Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 63 Subnet 1 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address (Decimal) 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.
Appendix C IP Addresses and Subnetting Table 66 Subnet 4 (continued) LAST OCTET BIT VALUE IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 Example: Eight Subnets Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.
Appendix C IP Addresses and Subnetting The following table is a summary for subnet planning on a network with a 16-bit network number. Table 69 16-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. HOSTS PER NO. SUBNETS SUBNET 1 255.255.128.0 (/17) 2 32766 2 255.255.192.0 (/18) 4 16382 3 255.255.224.0 (/19) 8 8190 4 255.255.240.0 (/20) 16 4094 5 255.255.248.0 (/21) 32 2046 6 255.255.252.0 (/22) 64 1022 7 255.255.254.0 (/23) 128 510 8 255.255.255.
Appendix C IP Addresses and Subnetting address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise. Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems.
Appendix C IP Addresses and Subnetting address to computer A or setting computer A to obtain an IP address automatically. Figure 153 Conflicting Computer IP Addresses Example Conflicting Router IP Addresses Example Since a router connects different networks, it must have interfaces using different network numbers. For example, if a router is set between a LAN and the Internet (WAN), the router’s LAN and WAN addresses must be on different subnets.
Appendix C IP Addresses and Subnetting The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router’s LAN port.
APPENDIX D Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix D Wireless LANs with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. Figure 157 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Appendix D Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. Figure 158 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area.
Appendix D Wireless LANs wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 159 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel.
Appendix D Wireless LANs Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.
Appendix D Wireless LANs several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows: Table 70 IEEE 802.11g DATA RATE (MBPS) MODULATION 1 DBPSK (Differential Binary Phase Shift Keyed) 2 DQPSK (Differential Quadrature Phase Shift Keying) 5.
Appendix D Wireless LANs IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: • User based identification that allows for roaming.
Appendix D Wireless LANs • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting.
Appendix D Wireless LANs However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key.
Appendix D Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen.
Appendix D Wireless LANs If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x.
Appendix D Wireless LANs keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of WEP) User Authentication WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a network.
Appendix D Wireless LANs 4 The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys. The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. Figure 160 WPA(2) with RADIUS Application Example WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows.
Appendix D Wireless LANs 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. Figure 161 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type.
Appendix D Wireless LANs Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.
Appendix D Wireless LANs • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points. • Directional antennas concentrate the RF signal in a beam, like a flashlight does with the light from its bulb.
APPENDIX E Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/ code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service.
Appendix E Common Services Table 74 Commonly Used Services (continued) 264 NAME PROTOCOL PORT(S) DESCRIPTION ESP (IPSEC_TUNNEL) User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service. FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to find out if a user is logged on. FTP TCP 20 TCP 21 File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.
Appendix E Common Services Table 74 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. PPTP_TUNNEL (GRE) User-Defined 47 PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel. RCMD TCP 512 Remote Command Service.
Appendix E Common Services Table 74 Commonly Used Services (continued) 266 NAME PROTOCOL PORT(S) DESCRIPTION TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE TCP 7000 Another videoconferencing solution.
APPENDIX F Legal Information Copyright Copyright © 2009 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix F Legal Information • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Appendix F Legal Information 本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。 減少電磁波影響,請妥適使用。 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Appendix F Legal Information purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser. To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http:// www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com.
Index Index A viewing 269 CFI 67 ACS 143 channel 249 interference 249 ADSL2 189 channel ID 83 Advanced Encryption Standard See AES.
Index Dynamic Host Configuration Protocol. See DHCP. G.992.3 189 dynamic WEP key exchange 256 G.992.5 189 G.992.4 189 DYNDNS wildcard 141 E H hidden node 249 EAP Authentication 254 host 166 EAP-MD5 191 host name 40 ECHO 112 HTTP 112, 117, 118 encapsulated routing link protocol (ENET ENCAP) 64 HTTP (Hypertext Transfer Protocol) 174 Encapsulation 64 PPP over Ethernet 64 humidity 187 encapsulation ENET ENCAP 64 I encryption 257 WEP 86 IANA 76, 244 ESS 248 IBSS 247 ESSID 40 IEEE 802.
Index creating or eiding rules 120 introduction 117 policies 118 Network Address Translation, see NAT NNTP 112 IP multicasting 190 IP pool 72 IP pool setup 75 O OAM 189 operation humidity 187 L operation temperature 187 LAN statistics 46 LAN TCP/IP 75 logs 169 overview 169 settings 170 P Packet Transfer Mode 52 Pairwise Master Key (PMK) 257, 259 Per-Hop Behavior, see PHB 139 M MAC 40 MAC address 40 MAC address filter action 92 MAC filter 91 managing the device good habits 20 memory usage 41 Message
Index tagging 130 versus CoS 130 Service Set 83 Services 112 Quality of Service, see QoS SMTP 112 Quick Start Guide 35 SNMP 112, 190 SNMP trap 112 SRA 189 R static route 125 static VLAN RADIUS 191, 253 message types 253 messages 253 shared secret key 254 Reach-Extended ADSL 189 registration product 270 related documentation 3 status indicators 21 storage humidity 187 storage temperature 187 subnet 235 subnet mask 76, 236 subnetting 238 Symmetric NAT 65 Symmetric NAT, Outgoing 66 remote management
Index UPnP 149 forum 150 security issues 150 V VID Virtual Local Area Network See VLAN VLAN 66 Introduction 66 number of possible VIDs priority frame static wireless client supplicant 258 with RADIUS application example 258 WPA2 256 user authentication 258 vs WPA2-PSK 257 wireless client supplicant 258 with RADIUS application example 258 WPA2-Pre-Shared Key 256 WPA2-PSK 256, 257 application example 259 WPA-PSK 257 application example 259 WPS status 40 VLAN ID 66 VLAN Identifier See VID VLAN tag 66 W WAN
Index 276 P-870HW-51a v2 User’s Guide