Download Print this page

ZyXEL Communications P-660HW-Tx v3 User Manual

Zyxel 802.11g wireless adsl2+ 4-port gateway

Hide thumbs Also See for P-660HW-Tx v3:

User manual (428 pages)

,

Support notes (116 pages)

,

Quick start manual (10 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

P-660HW-Tx v3

802.11g Wireless ADSL2+ 4-port Gateway

Default Login Details

IP Address

Admin

Password

Firmware Version 3.70

Edition 3, 11/2009

www.zyxel.com

www.zyxel.com

http://

192.168.1.254

broadband1

Copyright © 2009

ZyXEL Communications Corporation

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the P-660HW-Tx v3 and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications P-660HW-Tx v3

Page 1 P-660HW-Tx v3 802.11g Wireless ADSL2+ 4-port Gateway Default Login Details IP Address http:// 192.168.1.254 Admin broadband1 Password Firmware Version 3.70 Edition 3, 11/2009 www.zyxel.com www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation...
Page 3: About This User's Guide
Please refer to www.zyxel.com for additional support documentation and product certifications. Documentation Feedback Send your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. P-660HW-Tx v3 User’s Guide...
Page 4 • Brief description of the problem and the steps you took to solve it. Disclaimer Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated P-660HW-Tx v3 User’s Guide...
Page 5 About This User's Guide firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate. P-660HW-Tx v3 User’s Guide...
Page 6: Document Conventions
Syntax Conventions • The P-660HW-Tx v3 may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 7 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch P-660HW-Tx v3 User’s Guide...
Page 8: Safety Warnings
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. P-660HW-Tx v3 User’s Guide...
Page 9: Table Of Contents
Universal Plug-and-Play (UPnP) ..................... 289 Maintenance ......................... 301 System Settings ........................303 Logs ............................309 Update/Reboot ........................323 Diagnostic ..........................337 Statistics ..........................339 Troubleshooting and Specifications .................. 343 Troubleshooting ........................345 Product Specifications ......................351 P-660HW-Tx v3 User’s Guide...
Page 10 Contents Overview Appendices and Index ......................359 P-660HW-Tx v3 User’s Guide...
Page 11: Introduction
Introduction Introducing the ZyXEL Device (23) Introducing the Web Configurator (31) Status Screens (37) Tutorials (47)
Page 13: Table Of Contents
2.1.1 Accessing the Web Configurator ................31 2.2 Web Configurator Main Screen ................... 33 2.2.1 Title Bar ........................33 2.2.2 Navigation Panel ......................34 2.2.3 Main Window ......................36 2.2.4 Status Bar ........................36 Chapter 3 Status Screens ........................37 P-660HW-Tx v3 User’s Guide...
Page 14 Internet (WAN) Setup ......................87 5.1 Overview ..........................87 5.1.1 What You Can Do in the WAN Screens ..............87 5.1.2 What You Need to Know About WAN ................ 87 5.1.3 Before You Begin ....................... 88 P-660HW-Tx v3 User’s Guide...
Page 15 6.6.2 DHCP Setup ......................122 6.6.3 DNS Server Addresses .................... 122 6.6.4 LAN TCP/IP ......................123 6.6.5 RIP Setup ......................... 124 6.6.6 Multicast ........................124 6.6.7 Any IP ........................125 Chapter 7 Wireless LAN......................... 129 7.1 Overview ..........................129 P-660HW-Tx v3 User’s Guide...
Page 16 8.4.1 The Address Mapping Rule Edit Screen ..............171 8.5 The ALG Screen ........................ 173 8.6 NAT Technical Reference ....................173 8.6.1 NAT Definitions ......................173 8.6.2 What NAT Does ....................... 174 8.6.3 How NAT Works ....................... 175 8.6.4 NAT Application ......................176 P-660HW-Tx v3 User’s Guide...
Page 17 10.4 The Trusted Screen ......................210 Chapter 11 Packet Filter........................... 211 11.1 Overview ...........................211 11.1.1 What You Can Do in the Packet Filter Screen ............211 11.1.2 What You Need to Know About the Packet Filter ............211 P-660HW-Tx v3 User’s Guide...
Page 18 14.2.1 Static Route Edit ....................241 Chapter 15 VLANs ............................ 243 15.1 Overview .......................... 243 15.1.1 What You Can Do in the VLANs Screens .............. 243 15.1.2 What You Need to Know About VLANs ..............243 P-660HW-Tx v3 User’s Guide...
Page 19 18.1.2 What You Need to Know About Remote Management .......... 280 18.2 The WWW Screen ......................281 18.2.1 Configuring the WWW Screen ................283 18.3 The Telnet Screen ......................284 18.4 The FTP Screen ......................285 P-660HW-Tx v3 User’s Guide...
Page 20 22.1.1 What You Can Do in the Update/Reboot Screens ..........323 22.1.2 What You Need To Know About Update/Reboot ............ 324 22.1.3 Before You Begin ....................325 22.1.4 Tool Examples ......................325 22.2 The Firmware Screen ...................... 331 P-660HW-Tx v3 User’s Guide...
Page 21 Appendix B Pop-up Windows, JavaScripts and Java Permissions ........385 Appendix C IP Addresses and Subnetting ................395 Appendix D Wireless LANs ....................405 Appendix E Services ......................421 Appendix F Legal Information ....................425 Index............................429 P-660HW-Tx v3 User’s Guide...
Page 22 Table of Contents P-660HW-Tx v3 User’s Guide...
Page 23: Introducing The Zyxel Device
ZyXEL Device. 1.1 Overview The P-660HW-Tx v3 is an ADSL2+ router. By integrating DSL and NAT, you are provided with ease of installation and high-speed, shared Internet access. The P- 660HW-Tx v3 is also a complete security solution with a robust firewall and content filtering.
Page 24: Good Habits For Managing The Zyxel Device
Your ZyXEL Device provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack. Computers can connect to the ZyXEL Device’s LAN ports (or wirelessly). P-660HW-Tx v3 User’s Guide...
Page 25 Use QoS to efficiently manage traffic on your network by giving priority to certain types of traffic and/or to particular computers. For example, you could make sure that the ZyXEL Device gives voice over Internet calls high priority, and/or limit bandwidth devoted to the boss’s excessive file downloading. P-660HW-Tx v3 User’s Guide...
Page 26: Leds (Lights)
Blinking The ZyXEL Device is setting up a WPS connection after pressing the WIFI button for 1-2 seconds. When WPS connection has been configured successfully, the LED will become green. The wireless network is not activated. P-660HW-Tx v3 User’s Guide...
Page 27: The Reset Button
By default, the wireless LAN is on. You can use the WIFI button on the back of the device to disable or activate the wireless LAN. You can also use it to activate WPS in order to quickly set up a wireless network with strong security. P-660HW-Tx v3 User’s Guide...
Page 28: Turn The Wireless Lan Off Or On
WiFi or WPS button on another WPS-enabled device within range of the ZyXEL Device. The WiFi LED should blink orange while the ZyXEL Device sets up a WPS connection with the wireless device. When the WPS connection has been configured successfully, the LED will become green. P-660HW-Tx v3 User’s Guide...
Page 29 Note: You must activate WPS in the ZyXEL Device and in another wireless device within 120 seconds of each other. See Section 7.8.8 on page 155 for more information. Figure 4 Activating WPS WLAN on WPS on WPS ends 1-2s 120s P-660HW-Tx v3 User’s Guide...
Page 30 Chapter 1 Introducing the ZyXEL Device P-660HW-Tx v3 User’s Guide...
Page 31: Introducing The Web Configurator
Internet Explorer. 2.1.1 Accessing the Web Configurator Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). Launch your web browser. Type "http://192.168.1.254" as the URL. P-660HW-Tx v3 User’s Guide...
Page 32 If you have changed the password, enter your password and click Login. Figure 5 Password Screen It is strongly recommended you change the default password. See Section 20.2 on page 304 for more information on changing password. P-660HW-Tx v3 User’s Guide...
Page 33: Web Configurator Main Screen
The icon(s) provide(s) the following function. Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Help: Click this icon to open up help screens. Logout: Click this icon to log out of the web configurator. P-660HW-Tx v3 User’s Guide...
Page 34: Navigation Panel
Address Use this screen to configure network address translation mapping Mapping rules. This screen appears when you choose Full Feature from the NAT > General screen. Use this screen to enable or disable SIP ALG. Security P-660HW-Tx v3 User’s Guide...
Page 35 Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the ZyXEL Device. Use this screen to configure through which interface(s) and from which IP address(es) users can use FTP to access the ZyXEL Device. P-660HW-Tx v3 User’s Guide...
Page 36: Main Window
Right after you connect to the URL, the Status screen is displayed. See Chapter 3 on page 37 for more information about the Status screen. 2.2.4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated. P-660HW-Tx v3 User’s Guide...
Page 37: Status Screens
Use the Status screens to look at the current status of the device, system resources, and interfaces (LAN and WAN). The Status screen also provides detailed information from Any IP and DHCP and statistics from bandwidth management, and traffic. P-660HW-Tx v3 User’s Guide...
Page 38: The Status Screen
This is the current version of the firmware inside the device. It also Firmware shows the date the firmware version was created. Click this to go to the Version screen where you can change it. This is the current version of the device’s DSL modem code. Firmware Version P-660HW-Tx v3 User’s Guide...
Page 39 This is the current IP address of the ZyXEL Device in the LAN. Click this Address to go to the screen where you can change it. Modem This is the current subnet mask in the LAN. Subnet Mask P-660HW-Tx v3 User’s Guide...
Page 40: Reset To Factory Defaults
There are two methods of resetting to factory defaults. In the GUI go to Maintenance > Update/Reboot > Configuration. Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. P-660HW-Tx v3 User’s Guide...
Page 41: Setting Up Remote Management For Http And Telnet
3.2.2.2 Manual WWW Rule Click Advanced > Remote MGMT > WWW and set Access Status to ALL (or LAN & WAN or WLAN & WAN). Note: IMPORTANT! If you choose WAN it will ONLY allow access from the WAN. P-660HW-Tx v3 User’s Guide...
Page 42 In the Edit rule page that appears you may want to change the source address from Any. Otherwise in Service > selected services remove Any(TCP) and Any(UDP) and move Telnet(TCP:23) from available services to selected services. Now click on the Apply button. P-660HW-Tx v3 User’s Guide...
Page 43: Dhcp Client List
3.4 Wireless Clients Use this screen to view the wireless stations that are currently associated to the ZyXEL Device. Click Status > Wireless Clients to access this screen. Figure 8 Wireless Clients P-660HW-Tx v3 User’s Guide...
Page 44: Any Ip Table
ZyXEL Device but is in a different subnet than the ZyXEL Device. MAC Address This field displays the MAC address of the computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device. Refresh Click this to update this screen. P-660HW-Tx v3 User’s Guide...
Page 45: Packet Statistics
WAN IP Address This is the IP address of the ZyXEL Device’s WAN port. Upstream Speed This is the upstream speed of your ZyXEL Device. Downstream This is the downstream speed of your ZyXEL Device. Speed P-660HW-Tx v3 User’s Guide...
Page 46 Type the time interval for the browser to refresh system statistics. Set Interval Click this to apply the new poll interval you entered in the Poll Interval field above. Stop Click this to halt the refreshing of the system statistics. P-660HW-Tx v3 User’s Guide...
Page 47: Tutorials
Internet through the AP. Thomas has to configure the wireless network settings on the ZyXEL Device. Then he can set up a wireless network using WPS (Section 4.2.2 on page 49) or manual configuration (Section 4.2.3 on page 54). P-660HW-Tx v3 User’s Guide...
Page 48: Configuring The Wireless Network Settings
(see page 48). Click Apply. Note: To see the default SSID, check the sticker on the rear panel of your ZyXEL Device. To see the current SSID, go to the Status screen. P-660HW-Tx v3 User’s Guide...
Page 49: Using Wps
Make sure that you have installed the wireless client driver and utility in your notebook. Press the WiFi or WPS button on your notebook within range of the ZyXEL Device. P-660HW-Tx v3 User’s Guide...
Page 50 WiFi LED blinks orange. This may take up to two minutes. Then the WiFi LED becomes green when the wireless client is able to communicate with the ZyXEL Device securely. (You can refer to Section 1.7.2 on page 28 for more information on activating WPS.) P-660HW-Tx v3 User’s Guide...
Page 51 ZyXEL Device and wireless client. Example WPS Process: PBC Method ZyXEL Device Wireless Client WITHIN 120 SECONDS Press and hold for more than 5 seconds SECURITY INFO COMMUNICATION P-660HW-Tx v3 User’s Guide...
Page 52 The ZyXEL Device authenticates the wireless client and sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the ZyXEL Device securely. P-660HW-Tx v3 User’s Guide...
Page 53 The following figure shows you how to set up a wireless network and its security on a ZyXEL Device and a wireless client by using PIN method. Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION P-660HW-Tx v3 User’s Guide...
Page 54: Without Wps
Click Network > Wireless LAN > Scheduling to open the following screen and configure as follows. Turn on the wireless network from Mondays to Fridays between 18:00 and 23:30. Turn on the wireless network all day on Saturdays and Sundays. Click Apply. P-660HW-Tx v3 User’s Guide...
Page 55: Setting Up Multiple Wireless Groups
• Visiting guests will use the Guest group, which has a lower security mode and QoS control. Company A will use the following parameters to set up the wireless network groups. COMPANY GUEST SSID eircom07390946 Guest Security Mode WPA2-PSK WPA2-PSK Static WEP Pre-Shared Key ForCompanyOnly ForVIPOnly Guest Default Highest P-660HW-Tx v3 User’s Guide...
Page 56 Configure the screen using the provided parameters and click Apply. Click Network > Wireless LAN > More AP to open the following screen. Click the Edit icon to configure the second wireless network group. P-660HW-Tx v3 User’s Guide...
Page 57 Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. In the More AP screen, click the Edit icon to configure the third wireless network group. P-660HW-Tx v3 User’s Guide...
Page 58 Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. Activate the wireless network groups and click Apply. P-660HW-Tx v3 User’s Guide...
Page 59: Configuring The Mac Address Filter
Device. Thomas can deny access to the wireless network using the MAC address of Josephine’s computer. Thomas Josephine Click Network > Local Network (LAN) > Client List to open the following screen. Look for the MAC address of Josephine’s computer. P-660HW-Tx v3 User’s Guide...
Page 60 MAC Filter field. Select Active MAC Filter and Deny Filter Action. Enter the MAC address you found in the Client List screen. Click Apply. Josephine will no longer be able to access the Internet through the ZyXEL Device. P-660HW-Tx v3 User’s Guide...
Page 61: Access The Zyxel Device Using Ddns
• Service Type: Host with IP address • IP Address: Enter the WAN IP address that your ZyXEL Device is currently using. You can find the IP address on the ZyXEL Device’s Web Configurator Status page. P-660HW-Tx v3 User’s Guide...
Page 62: Configuring Ddns On Your Zyxel Device
In this tutorial, you add a firewall rule that lets you manage the ZyXEL Device from the Internet. Select Custom from the General screen. The Rules tab will appear. Click the tab to go to Rules screen. P-660HW-Tx v3 User’s Guide...
Page 63 ZyXEL Device from the Internet. Click Add. Select Any in the Source Address List and click Delete. Note: If the computer gets a different IP address, this firewall rule will not work. P-660HW-Tx v3 User’s Guide...
Page 64: Testing The Ddns Setting
Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet. Type http://zyxelrouter.dyndns.org and press [Enter]. The ZyXEL Device’s login page should appear. You can then log into the ZyXEL Device and manage it. P-660HW-Tx v3 User’s Guide...
Page 65: Configuring Static Route For Routing To Another Network
A (in N1 network) to computer B (in N2 network), the traffic is sent to the ZyXEL Device’s WAN default gateway by default. In this case, B will never receive the traffic. P-660HW-Tx v3 User’s Guide...
Page 66 To configure a static route to route traffic from N1 to N2: Log into the ZyXEL Device’s Web Configurator in advanced mode. Click Advanced > Static Route. Click Edit on a new rule in the Static Route screen. P-660HW-Tx v3 User’s Guide...
Page 67: Multiple Public And Private Ip Address Mappings
If your ISP gives you more than one static IP address for your Internet access, you can map each IP address for a specific service. This tutorial assumes you are given two static public IP addresses. You want to map them to two servers A and IP-1 IP-2 P-660HW-Tx v3 User’s Guide...
Page 68: Full Feature Nat + Many-To-Many No Overload Mapping
Use this setting if your applications can use random public IP addresses and the applications are initiated from the Intranet computers (A and B). For example, VoIP application. See Section 4.7.2 on page 70 if it is not. IP-1 To configure this: Click Network > NAT. P-660HW-Tx v3 User’s Guide...
Page 69 Click the Address Mapping tab, and then click the Edit icon on a new rule. Configure the rule using the following settings: • Type: Many-to-Many No Overload • Local IP addresses: 192.168.1.2 ~ 192.168.1.3 • Global IP addresses: 172.16.1.253 ~ 172.16.1.254 Then click Apply. P-660HW-Tx v3 User’s Guide...
Page 70: Full Feature Nat + One-To-One Mapping
Click the Address Mapping tab, click the Edit icon on a new rule. Configure two rules for the one-to-one mappings: • Rule 1 (This maps the public IP address 172.16.1.253 to the private IP address 192.168.1.2) Type: One-to-One Local Start IP: 192.168.1.2 P-660HW-Tx v3 User’s Guide...
Page 71: Atm Qos And Qos Overview
PVC. In the following figure, the ZyXEL Device is configured to transmit two types of traffic, general data for Internet access and VoIP using SIP using 1/ 33 and 1/34 PVCs respectively. General data is assigned Unspecified Bit Rate P-660HW-Tx v3 User’s Guide...
Page 72 (ISP) want to provide to the subscriber for general data transmission. This tutorial uses the following example settings: • Line Modulation: Multi Mode • Mode: Routing • Encapsulation: PPPoE • User Name: eircom@eircom.net • Password: 1234 • PVC: LLC, 1/33 • ATM QoS: UBR P-660HW-Tx v3 User’s Guide...
Page 73 Chapter 4 Tutorials Leave the other settings as their defaults and click Apply. P-660HW-Tx v3 User’s Guide...
Page 74 4.8.1.2 PVC 2 for VoIP Traffic Click the More Connections tab and then click the Edit icon next to the entry two. Then configure the screen using the following example settings: • Select Active. • Name: PVC-for-VoIP • Mode: Routing P-660HW-Tx v3 User’s Guide...
Page 75 Chapter 4 Tutorials • Encapsulation: ENET ENCAP • PVC: LLC, 1/34 • ATM QoS: CBR Click Apply. Click the Advanced Setup button and then select CBR in the ATM QoS Type field. Click Apply. P-660HW-Tx v3 User’s Guide...
Page 76: Configuring Qos
SHAPING RATE IN QUEUE NO. BUCKET SIZE PERCENT 87,500 Bytes 92% (default) 100,000 Bytes 4.8.2.1 Queue Setup Click Advanced > QoS > Queue Setup. Click the Edit icon of queue 2 to open the Queue Configuration screen. P-660HW-Tx v3 User’s Guide...
Page 77 Chapter 4 Tutorials Enter 70 in the Rate field and 87500 in the Size field. Click Apply. Click the Edit icon of queue 5 to open the Queue Configuration screen. P-660HW-Tx v3 User’s Guide...
Page 78 Configure this rule using the following example settings. • Class Configuration: • Select Active. • Enter a descriptive name for this rule. For example, General Data. • Interface: From LAN • Priority: 2 (Default) P-660HW-Tx v3 User’s Guide...
Page 79 Chapter 4 Tutorials • Routing Policy: To WAN Index • WAN Index: 1 • Filter Configuration: • Physical Port: 1~3 (exclude port 4) Click Apply. P-660HW-Tx v3 User’s Guide...
Page 80 • Enter VoIP as the descriptive name for this rule. • Interface: From LAN • Priority: 5 • Routing Policy: To WAN Index • WAN Index: 2 • Filter Configuration: • Service: VoIP(SIP) • Physical Port: All P-660HW-Tx v3 User’s Guide...
Page 81 Chapter 4 Tutorials Click Apply. 4.8.2.3 Activate QoS on the ZyXEL Device Click Advanced > QoS > General. P-660HW-Tx v3 User’s Guide...
Page 82: Setting Up Nat Port Forwarding
666 of the Doom server computer which has an IP address of 192.168.1.34. D=192.168.1.34 Thomas may set up the port settings by configuring the port settings for the Doom server computer (see Section on page 167 for more information). P-660HW-Tx v3 User’s Guide...
Page 83 Click Network > NAT > Port Forwarding to open the following screen. Select User define from the Service Name field. Configure the screen as follows to forward port 666 traffic to the computer with IP address 192.168.1.34. Click Apply. P-660HW-Tx v3 User’s Guide...
Page 84 Chapter 4 Tutorials The port forwarding settings you configured are listed in the Port Forwarding screen. Players on the Internet then can have access to Thomas’ Doom server. P-660HW-Tx v3 User’s Guide...
Page 85: Network
Network Internet (WAN) Setup (87) Local Network (LAN) Setup (111) Wireless LAN (129) Network Address Translation (NAT) (163)
Page 87: Internet (Wan) Setup
5.1.2 What You Need to Know About WAN Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol. To set up a WAN connection to the Internet, you need to use the P-660HW-Tx v3 User’s Guide...
Page 88: Before You Begin
Section 5.5 on page 103 for technical background information on WAN. 5.1.3 Before You Begin You need to know your Internet access settings such as encapsulation and WAN IP address. Get this information from your ISP. P-660HW-Tx v3 User’s Guide...
Page 89: The Internet Access Setup Screen
Use this screen to change your ZyXEL Device’s WAN settings. Click Network > Internet (WAN) > Internet Access Setup. The screen differs by the WAN type and encapsulation you select. Figure 12 Network > Internet (WAN) >Internet Access Setup (PPPoE) P-660HW-Tx v3 User’s Guide...
Page 90 ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. P-660HW-Tx v3 User’s Guide...
Page 91 Specify an idle time-out in the Max Idle Timeout field when you select Connect on Demand. The default setting is 0, which means the Internet session will not timeout. Apply Click this to save your changes. P-660HW-Tx v3 User’s Guide...
Page 92: Advanced Internet Access Setup
Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the Internet Access Setup screen. The screen appears as shown. Figure 13 Network > Internet (WAN) > Internet Access Setup: Advanced Setup P-660HW-Tx v3 User’s Guide...
Page 93 PCR. Note that system default is 0 cells/sec. Maximum Maximum Burst Size (MBS) refers to the maximum number of cells Burst Size that can be sent at the peak rate. Type the MBS, which is less than 65535. P-660HW-Tx v3 User’s Guide...
Page 94 You can configure generic filters in the Packet Filter screen. See Chapter 11 on page 211 for more details. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 95: The More Connections Screen
Internet access setup. Click the Remove icon to delete the Internet access setup from your connection list. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 96: More Connections Edit
Table 14 Network > Internet (WAN) > More Connections: Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII characters for this connection. P-660HW-Tx v3 User’s Guide...
Page 97 If you use RFC 1483, enter the IP address given by your ISP in the IP Address field. Subnet Mask This option is available if you select ENET ENCAP in the Encapsulation field. Enter a subnet mask in dotted decimal notation. P-660HW-Tx v3 User’s Guide...
Page 98 Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. Advanced Setup Click this to display the More Connections Advanced Setup screen and edit more details of your WAN setup. P-660HW-Tx v3 User’s Guide...
Page 99: Configuring More Connections Advanced Setup
Select the RIP version from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports IGMP-v1, IGMP-v2 and IGMP-v3. Select None to disable it. ATM QoS P-660HW-Tx v3 User’s Guide...
Page 100 4 sets of filters. You can configure generic filters in the Packet Filter screen. See Chapter 11 on page 211 for more details. Back Click this to return to the previous screen without saving. P-660HW-Tx v3 User’s Guide...
Page 101: The Wan Backup Setup Screen
Use this screen to configure your ZyXEL Device’s WAN backup. Click Network > Internet (WAN) > WAN Backup Setup. This screen is not available if you set the WAN type to Ethernet in the Internet Access Setup screen. Figure 17 Network > Internet (WAN) > WAN Backup P-660HW-Tx v3 User’s Guide...
Page 102 Active Traffic Redirect Select this check box to have the ZyXEL Device use traffic redirect if the normal WAN connection goes down. Note: If you activate traffic redirect, you must configure at least one Check WAN IP Address. P-660HW-Tx v3 User’s Guide...
Page 103: Wan Technical Reference
The ZyXEL Device supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE. P-660HW-Tx v3 User’s Guide...
Page 104: Multiplexing
In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc. VC-based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical. P-660HW-Tx v3 User’s Guide...
Page 105: Vpi And Vci
(N/A) as the DHCP server assigns them to the ZyXEL Device. 5.5.5 Nailed-Up Connection (PPP) A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The ZyXEL Device does two things when you specify P-660HW-Tx v3 User’s Guide...
Page 106: Nat
Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network. This agreement helps eliminate congestion, which is important for transmission of real time data such as audio and video connections. P-660HW-Tx v3 User’s Guide...
Page 107: Atm Traffic Classes
CBR is used for connections that continuously require a specific amount of bandwidth. A PCR is specified and if traffic exceeds this rate, cells may be dropped. Examples of connections that need CBR would be high-resolution video and voice. P-660HW-Tx v3 User’s Guide...
Page 108: Zero Configuration Internet Access
ISP, you will be redirected to web screen(s) for information input or troubleshooting. Zero configuration for Internet access is disabled when • the ZyXEL Device is in bridge mode • you set the ZyXEL Device to use a static (fixed) WAN IP address. P-660HW-Tx v3 User’s Guide...
Page 109: Traffic Redirect
(Subnet 2). Configure filters that allow packets from the protected LAN (Subnet 1) to the backup gateway (Subnet 2). Figure 20 Traffic Redirect LAN Setup Subnet 1 192.168.1.0 - 192.168.1.24 Internet Backup Gateway Subnet 2 192.168.2.0 - 192.168.2.24 P-660HW-Tx v3 User’s Guide...
Page 110 Chapter 5 Internet (WAN) Setup P-660HW-Tx v3 User’s Guide...
Page 111: Local Network (Lan) Setup
118) to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. • Use the IP Alias screen (Section 6.5 on page 119) to change your ZyXEL Device’s IP alias settings. P-660HW-Tx v3 User’s Guide...
Page 112: What You Need To Know About Lan
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a networking device before you can access it. P-660HW-Tx v3 User’s Guide...
Page 113: Before You Begin
IP address you entered. Click Apply to save your settings. Figure 21 Network > Local Network (LAN) > IP P-660HW-Tx v3 User’s Guide...
Page 114: The Advanced Lan Ip Setup Screen
Use this screen to edit your ZyXEL Device’s RIP, multicast, Any IP and Windows Networking settings. Click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Figure 22 Network > Local Network (LAN) > IP: Advanced Setup P-660HW-Tx v3 User’s Guide...
Page 115 Select the generic filter(s) to control incoming traffic. You may choose up to 4 sets of filters. You can configure generic filters in the Packet Filter screen. See Chapter 11 on page 211 for more details. Outgoing Filter Sets P-660HW-Tx v3 User’s Guide...
Page 116: The Dhcp Setup Screen
Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Click Network > DHCP Setup to open this screen. Figure 23 Network > Local Network (LAN) > DHCP Setup P-660HW-Tx v3 User’s Guide...
Page 117 DHCP sever on your LAN, or else the computers must have their DNS server addresses manually configured. If you do not configure a DNS server, you must know the IP address of a computer in order to access it. P-660HW-Tx v3 User’s Guide...
Page 118: The Client List Screen
This field displays whether the client is connected to the ZyXEL Device. Host Name This field displays the computer host name. IP Address This field displays the IP address relative to the # field listed above. P-660HW-Tx v3 User’s Guide...
Page 119: The Ip Alias Screen
Note: Make sure that the subnets of the logical networks do not overlap. The following figure shows a LAN divided into subnets A, B, and C. Figure 25 Physical Network & Partitioned Logical Networks A: 192.168.1.1 - 192.168.1.24 Ethernet B: 192.168.2.1 - 192.168.2.24 Interface C: 192.168.3.1 - 192.168.3.24 P-660HW-Tx v3 User’s Guide...
Page 120: Configuring The Lan Ip Alias Screen
When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received. P-660HW-Tx v3 User’s Guide...
Page 121: Lan Technical Reference
The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 27 LAN and WAN IP Addresses P-660HW-Tx v3 User’s Guide...
Page 122: Dhcp Setup
It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the DHCP Setup screen. P-660HW-Tx v3 User’s Guide...
Page 123: Lan Tcp/Ip
IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 — 10.255.255.255 • 172.16.0.0 — 172.31.255.255 P-660HW-Tx v3 User’s Guide...
Page 124: Rip Setup
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. P-660HW-Tx v3 User’s Guide...
Page 125: Any Ip
The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment. In a residential house where a ZyXEL Device is installed, you can still use the computer to access the Internet P-660HW-Tx v3 User’s Guide...
Page 126 MAC address in its ARP table. When the computer cannot locate the default gateway, an ARP request is broadcast on the LAN. The ZyXEL Device receives the ARP request and replies to the computer with its own MAC address. P-660HW-Tx v3 User’s Guide...
Page 127 IP routing table so it can properly forward packets intended for the computer. After all the routing information is updated, the computer can access the ZyXEL Device and the Internet as if it is in the same subnet as the ZyXEL Device. P-660HW-Tx v3 User’s Guide...
Page 128 Chapter 6 Local Network (LAN) Setup P-660HW-Tx v3 User’s Guide...
Page 129: Wireless Lan
Distribution System, in which the ZyXEL Device acts as a bridge with other ZyXEL access points. • Use the Scheduling screen (see Section 7.7 on page 147) to configure the dates/times to enable or disable the wireless LAN. P-660HW-Tx v3 User’s Guide...
Page 130: What You Need To Know About Wireless
7.1.3 Before You Start Before you start using these screens, ask yourself the following questions. See Section 7.1.2 on page 130 if some of the terms used here are not familiar to you. P-660HW-Tx v3 User’s Guide...
Page 131: The Ap Screen
7.2 The AP Screen Use this screen to configure the wireless settings of your ZyXEL Device. Click Network > Wireless LAN to open the AP screen. Figure 29 Network > Wireless LAN > AP P-660HW-Tx v3 User’s Guide...
Page 132 This shows whether the wireless devices with the MAC addresses listed are allowed or denied to access the ZyXEL Device using this SSID. Edit Click this to go to the MAC Filter screen to configure MAC filter settings. Section 7.2.6 on page 139 for more details. P-660HW-Tx v3 User’s Guide...
Page 133: No Security
Figure 30 Network > Wireless LAN > AP: No Security The following table describes the labels in this screen. Table 23 Network > Wireless LAN > AP: No Security LABEL DESCRIPTION Security Choose No Security from the drop-down list box. Mode P-660HW-Tx v3 User’s Guide...
Page 134: Wep Encryption
If you want to manually set the WEP key, enter any 5 (64-bit) or 13 (128- bit) characters (ASCII string) or 10 or 26 hexadecimal characters ("0-9", lowercase "a-f") for a 64-bit or 128-bit WEP key respectively. P-660HW-Tx v3 User’s Guide...
Page 135: Wpa(2)-Psk
Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. P-660HW-Tx v3 User’s Guide...
Page 136: Wpa(2) Authentication
Use this screen to configure and enable WPA or WPA2 authentication. Click the Wireless LAN link under Network to display the AP screen. Select WPA, WPA2 or WPAMixed from the Security Mode list. Figure 33 Network > Wireless LAN > AP: WPA(2) P-660HW-Tx v3 User’s Guide...
Page 137 The key must be the same on the external authentication server and your ZyXEL Device. The key is not sent over the network. Accounting Server (optional) IP Address Enter the IP address of the external accounting server in dotted decimal notation. P-660HW-Tx v3 User’s Guide...
Page 138: Wireless Lan Advanced Setup
APs. Select one of the following Maximum, Middle or Minimum. Preamble Select a preamble type from the drop-down list menu. Choices are Long, Short or Dynamic. The default setting is Long. See the appendix for more information. P-660HW-Tx v3 User’s Guide...
Page 139: Mac Filter
7.2.6 MAC Filter Use this screen to change your ZyXEL Device’s MAC filter settings. Click the Edit button in the AP screen. The screen appears as shown. Figure 35 Network > Wireless LAN > AP: MAC Address Filter P-660HW-Tx v3 User’s Guide...
Page 140: The More Ap Screen
This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the ZyXEL Device. Click Network > Wireless LAN > More AP. The following screen displays. Figure 36 Network > Wireless LAN > More AP P-660HW-Tx v3 User’s Guide...
Page 141: More Ap Edit
7.3.1 More AP Edit Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the More AP screen. The following screen displays. Figure 37 Network > Wireless LAN > More AP: Edit P-660HW-Tx v3 User’s Guide...
Page 142 Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 143: The Wps Screen
This displays Unconfigured if WPS is disabled and there is no wireless or wireless security changes on the ZyXEL Device or you click Release_Configuration to remove the configured wireless and wireless security settings. P-660HW-Tx v3 User’s Guide...
Page 144: The Wps Station Screen
Use this screen to set up a WPS wireless network using either Push Button Configuration (PBC) or PIN Configuration. Click Network > Wireless LAN > WPS Station. The following screen displays. Figure 39 Network > Wireless LAN > WPS Station P-660HW-Tx v3 User’s Guide...
Page 145: The Wds Screen
Note: WDS security is independent of the security settings between the ZyXEL Device and any wireless clients. Note: At the time of writing, WDS is compatible with other ZyXEL APs only. Not all models support WDS links. Check your other AP’s documentation. P-660HW-Tx v3 User’s Guide...
Page 146 (six hexadecimal character pairs, for example 12:34:56:78:9a:bc). Enter a Pre-Shared Key (PSK) from 8 to 63 case-sensitive ASCII characters (including spaces and symbols). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 147: The Scheduling Screen
LAN will be turned on only during this time period. Apply Click this to save your changes. Reset Click this to restore your previously saved settings. 7.8 Wireless LAN Technical Reference This section discusses wireless LANs in depth. For more information, see the appendix. P-660HW-Tx v3 User’s Guide...
Page 148: Wireless Network Overview
A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your ZyXEL Device is the AP. Every wireless network must follow these basic guidelines. P-660HW-Tx v3 User’s Guide...
Page 149: Additional Wireless Terms
A preamble affects the timing in your wireless network. There are two preamble modes: long and short. If a device uses a different preamble mode than the ZyXEL Device does, it cannot communicate with the ZyXEL Device. P-660HW-Tx v3 User’s Guide...
Page 150: Wireless Security Overview
For example, if your mother owns a 1970 Dodge Challenger and her favorite movie is Vanishing Point P-660HW-Tx v3 User’s Guide...
Page 151: User Authentication
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. P-660HW-Tx v3 User’s Guide...
Page 152 When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA compatible) to support WPA as well. In this case, if some of the P-660HW-Tx v3 User’s Guide...
Page 153: Signal Problems
Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is disabled, wireless station A and B can access the wired network and communicate with each other. When Intra-BSS traffic blocking is enabled, P-660HW-Tx v3 User’s Guide...
Page 154: Mbssid
BSSIDs (they are in different BSSs), but have the same keys, they may hear each other’s communications (but not communicate with each other). • MBSSID should not replace but rather be used in conjunction with 802.1x security. P-660HW-Tx v3 User’s Guide...
Page 155: Wireless Distribution System (Wds)
Number that allows one device to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two minutes to find another device that also has WPS activated. Then, the two devices connect and set up a secure network by themselves. P-660HW-Tx v3 User’s Guide...
Page 156: Pin Configuration
WPS in range of each other. However, you need to log into the configuration interfaces of both devices to use the PIN method. P-660HW-Tx v3 User’s Guide...
Page 157 On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. P-660HW-Tx v3 User’s Guide...
Page 158: How Wps Works
PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly. P-660HW-Tx v3 User’s Guide...
Page 159 It will be the registrar in all subsequent WPS connections in which it is involved. If you want a configured AP to act as an enrollee, you must reset it to its factory defaults. P-660HW-Tx v3 User’s Guide...
Page 160: Example Wps Network Setup
CLIENT 1 ENROLLEE CLIENT 2 In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access P-660HW-Tx v3 User’s Guide...
Page 161: Limitations Of Wps
(if the device supports this feature). Then, you can enter the key into the non-WPS device and join the network as normal (the non-WPS device must also support WPA-PSK or WPA2-PSK). P-660HW-Tx v3 User’s Guide...
Page 162 Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. P-660HW-Tx v3 User’s Guide...
Page 163: Network Address Translation (Nat)
IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side. P-660HW-Tx v3 User’s Guide...
Page 164 • Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device. Finding Out More Section 8.6 on page 173 for advanced technical information on NAT. P-660HW-Tx v3 User’s Guide...
Page 165: The Nat General Setup Screen
NAT sessions they can establish. If your network has a large number of users using peer to peer applications, you can lower this number to ensure no single client is exhausting all of the available NAT sessions. P-660HW-Tx v3 User’s Guide...
Page 166: The Port Forwarding Screen
A default server receives packets from ports that are not specified in this screen. Note: If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. P-660HW-Tx v3 User’s Guide...
Page 167: Configuring The Port Forwarding Screen
Click Network > NAT > Port Forwarding to open the following screen. Note: If WAN IP Passthrough is activated, Port Forwarding will be disabled. Appendix E on page 421 for port numbers commonly used for particular services. Figure 52 Network > NAT > Port Forwarding P-660HW-Tx v3 User’s Guide...
Page 168 Click the delete icon to delete an existing port forwarding rule. Note that subsequent address mapping rules move up by one when you take this action. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 169: The Port Forwarding Rule Edit Screen
Click this to restore your previously saved settings. 8.4 The Address Mapping Screen Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL Device P-660HW-Tx v3 User’s Guide...
Page 170 IP address from your ISP. You can only do this for Many-to-One and Server mapping types. Global End IP This is the ending Inside Global IP Address (IGA). This field is N/A for One-to-one, Many-to-One and Server mapping types. P-660HW-Tx v3 User’s Guide...
Page 171: The Address Mapping Rule Edit Screen
8.4.1 The Address Mapping Rule Edit Screen Use this screen to edit an address mapping rule. Click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 55 Network > NAT > Address Mapping: Edit P-660HW-Tx v3 User’s Guide...
Page 172 Server Mapping Set field. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 173: The Alg Screen
Internet are the outside hosts. Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the P-660HW-Tx v3 User’s Guide...
Page 174: What Nat Does
With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT). P-660HW-Tx v3 User’s Guide...
Page 175: How Nat Works
NAT Table Inside Local Inside Global IP Address IP Address 192.168.1.10 IGA 1 192.168.1.13 192.168.1.11 IGA 2 192.168.1.12 IGA 3 192.168.1.13 IGA 4 192.168.1.12 192.168.1.10 IGA1 Inside Local Inside Global Address (ILA) Address (IGA) 192.168.1.11 192.168.1.10 P-660HW-Tx v3 User’s Guide...
Page 176: Nat Application
• Many-to-Many No Overload: In Many-to-Many No Overload mode, the ZyXEL Device maps each local IP address to a unique global IP address. • Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. P-660HW-Tx v3 User’s Guide...
Page 177 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 P-660HW-Tx v3 User’s Guide...
Page 178 Chapter 8 Network Address Translation (NAT) P-660HW-Tx v3 User’s Guide...
Page 179: Security
Security Firewalls (181) Content Filtering (205) Packet Filter (211) Certificates (223)
Page 181: Firewalls
• Use the Rules screen (Section 9.3 on page 189) to view the configured firewall rules and add, edit or remove a firewall rule when you set the firewall level as Custom in the General screen. P-660HW-Tx v3 User’s Guide...
Page 182: What You Need To Know About Firewall
9.1.3 Firewall Rule for WAN Telnet Connection Example The following Internet firewall rule example allows a Telnet connection from the Internet. You must also configure remote management to allow Telnet from the P-660HW-Tx v3 User’s Guide...
Page 183 Select Single Address from the Address Type drop list of Source Address. Enter the IP address of the computer from which you want to allow Telnet (2.2.2.2) into the Start IP Address field. The IP address must be in dotted decimal notation. Then click Add. P-660HW-Tx v3 User’s Guide...
Page 184 10 Delete Any in the Source Address List box by clicking Delete. 11 Select TELNET(TCP:23) from the Available Service list. Use the Add >> button to add it to the Selected Services list. Use the Remove button to remove services you do not need. P-660HW-Tx v3 User’s Guide...
Page 185 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure, the Rules screen should look like the following. The firewall rule allows a Telnet connection from WAN IP 2.2.2.2 to IP addresses 192.168.1.1 through 192.168.1.254. Firewall Example: Rules: MyService-Telnet Connection P-660HW-Tx v3 User’s Guide...
Page 186: The Firewall General Screen
These rules specify which computers on the WAN can access which computers or services on the LAN. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow computers on the WAN to access devices on the LAN. P-660HW-Tx v3 User’s Guide...
Page 187 (LAN to LAN) is allowed. Medium Select this to allow traffic to the Internet but disallow traffic from the Internet to your local network. This permits LAN to LAN and LAN to WAN traffic. P-660HW-Tx v3 User’s Guide...
Page 188 Expand... Click this to display more information. Basic... Click this to display less information. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 189: The Firewall Rule Screen
Select Custom from the General screen. The Rules tab will appear. Click the tab to go to Rules screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. Figure 62 Security > Firewall > Rules P-660HW-Tx v3 User’s Guide...
Page 190 The ordering of your rules is important as they are applied in order of their numbering. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 191: Configuring Firewall Rules
Use this screen to configure firewall rules. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. Figure 63 Security > Firewall > Rules: Edit P-660HW-Tx v3 User’s Guide...
Page 192 This field determines if a log for packets that match the rule is created Information or not. Go to the Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert P-660HW-Tx v3 User’s Guide...
Page 193: Customized Services
This shows the IP protocol (TCP, UDP or TCP/UDP) that defines your customized service. Port This is the port number or range that defines your customized service. Back Click this to return to the Firewall Edit Rule screen. P-660HW-Tx v3 User’s Guide...
Page 194: Configuring A Customized Service
9.3.4 Firewall Rule Using a Customized Service Example The following Internet firewall rule example allows a hypothetical “Doom” connection from the Internet. Select Custom from the General screen. The Rules tab will appear. Click the tab to go to Rules screen. P-660HW-Tx v3 User’s Guide...
Page 195 Add. Delete Any from the Destination Address List. Scroll down the Available Services list and select *Doom(TCP/UDP:666). Use the Add >> button to add it to the Available Services list. Use the Remove button to remove services you do not need. P-660HW-Tx v3 User’s Guide...
Page 196 Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box. On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. P-660HW-Tx v3 User’s Guide...
Page 197: The Firewall Threshold Screen
(acknowledgment). After this handshake, a connection is established. Figure 66 Three-Way Handshake For UDP, half-open means that the firewall has detected no return traffic. An unusually high number (or arrival rate) of half-open sessions could indicate a DOS attack. P-660HW-Tx v3 User’s Guide...
Page 198: Threshold Values
ZyXEL Device may classify them as DoS attacks. 9.4.2 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. P-660HW-Tx v3 User’s Guide...
Page 199 This is the number of existing half-open sessions that causes the Incomplete Low firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number. P-660HW-Tx v3 User’s Guide...
Page 200: Firewall Technical Reference
This section provides some technical background information about the topics covered in this chapter. 9.5.1 Guidelines For Enhancing Security With Your Firewall Change the default password via web configurator. Think about access control before you connect to the network in any way. P-660HW-Tx v3 User’s Guide...
Page 201: Security Considerations
9.5.3 Triangle Route When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing P-660HW-Tx v3 User’s Guide...
Page 202 The reply from the WAN goes directly to the computer on the LAN without going through the ZyXEL Device. As a result, the ZyXEL Device resets the connection, as the connection has not been acknowledged. Figure 69 “Triangle Route” Problem ISP 1 ISP 2 P-660HW-Tx v3 User’s Guide...
Page 203 The reply from the WAN goes to the ZyXEL Device. The ZyXEL Device then sends it to the computer on the LAN in Subnet 1. Figure 70 IP Alias Subnet 1 ISP 1 ISP 2 Subnet 2 P-660HW-Tx v3 User’s Guide...
Page 204 Chapter 9 Firewalls P-660HW-Tx v3 User’s Guide...
Page 205: Content Filtering
Internet browser, for example “http://www.zyxel.com”. 10.1.3 Before You Begin To use the Trusted screen, you need the IP addresses of devices on your network. See the LAN section (Section 10.4 on page 210) for more information. P-660HW-Tx v3 User’s Guide...
Page 206: Content Filtering Example
Click Security > Content Filter > Schedule. Click Edit Daily to Block and select all weekdays. Under Start Time and End Time, type the times for blocking to begin and end (4pm ~ 7pm in this example). P-660HW-Tx v3 User’s Guide...
Page 207 Click Security > Content Filter > Trusted. In the Start IP Address and End IP Address fields, type 192.168.1.3. Click Apply. Security > Content Filter > Trusted: Example That finishes setting up keyword blocking on the home computer. P-660HW-Tx v3 User’s Guide...
Page 208: The Keyword Screen
Repeat this procedure to add other keywords. Up to 64 keywords are allowed. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request. P-660HW-Tx v3 User’s Guide...
Page 209: The Schedule Screen
Start TIme Enter the time when you want the content filtering to take effect in hour- minute format. End Time Enter the time when you want the content filtering to stop in hour-minute format. P-660HW-Tx v3 User’s Guide...
Page 210: The Trusted Screen
LAN that you want to exclude from content filtering. Leave this field blank if you want to exclude an individual computer. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 211: Packet Filter
With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. Finding Out More Section 11.3 on page 219 for technical background information on packet filters. P-660HW-Tx v3 User’s Guide...
Page 212: The Packet Filter Screen
Click the Remove button to delete a filter set. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 11.2.1 Reset to Factory Defaults There are two methods of resetting to factory defaults. P-660HW-Tx v3 User’s Guide...
Page 213: Editing Protocol Filters
Table 55 Security > Packet Filter > Edit (Protocol Filter) LABEL DESCRIPTION This is the index number of the rules in a filter set. Active Use the check box to turn a filter rule on or off. P-660HW-Tx v3 User’s Guide...
Page 214: Configuring Protocol Filter Rules
Use this screen to configure protocol filter rules. In the Edit (Protocol Filter) screen, click an Edit icon to display the following screen. Figure 76 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule P-660HW-Tx v3 User’s Guide...
Page 215 Select the action for a matching packet. Options are Check Next Rule, Forward and Drop. Action Not Select the action for a packet not matching the rule. Match Options are Check Next Rule, Forward and Drop. P-660HW-Tx v3 User’s Guide...
Page 216: Editing Generic Filters
In the Packet Filter screen, select Generic Filter from the Filter Type field. Then click the Edit button from the Modify field to display the following screen. Figure 77 Security > Packet Filter > Filter Rules P-660HW-Tx v3 User’s Guide...
Page 217: Configuring Generic Packet Rules
Use this screen to configure generic filter rules. In the Edit (Generic Filter) screen, click the Edit button from the Modify field to display the following screen. Figure 78 Security > Packet Filter > Edit (Generic Filter) > Edit Rule P-660HW-Tx v3 User’s Guide...
Page 218 After you have configured the packet filters for incoming and outgoing traffic, you can apply them to the WAN Internet access in the Network > Internet (WAN) > Internet Access Setup: Advanced Setup screen. See Section 5.2.1 on page for more information. P-660HW-Tx v3 User’s Guide...
Page 219: Packet Filter Technical Reference
• Packet filtering only checks the header portion of an IP packet. When To Use Filtering • To block/allow LAN packets by their MAC addresses. • To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets. P-660HW-Tx v3 User’s Guide...
Page 220 • Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. • The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. P-660HW-Tx v3 User’s Guide...
Page 221 Chapter 11 Packet Filter P-660HW-Tx v3 User’s Guide...
Page 222 Chapter 11 Packet Filter P-660HW-Tx v3 User’s Guide...
Page 223: Certificates
A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. You can use the ZyXEL Device to generate certification requests that contain identifying P-660HW-Tx v3 User’s Guide...
Page 224: The Trusted Cas Screen
Click Security > Certificates to open the Trusted CAs screen. Figure 81 Trusted CAs P-660HW-Tx v3 User’s Guide...
Page 225 Click this to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the ZyXEL Device. Refresh Click this to display the current validity status of the certificates. P-660HW-Tx v3 User’s Guide...
Page 226: Trusted Ca Import
Click this to find the certificate file you want to upload. Back Click this to return to the previous screen without saving. Apply Click this to save the certificate on the ZyXEL Device. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 227: Trusted Ca Details
Certification Authority signed the certificate. Self-signed means that the certificate’s owner signed the certificate (not a certification authority). X.509 means that this certificate was created and signed according to the ITU-T X.509 recommendation that defines the formats for public-key certificates. P-660HW-Tx v3 User’s Guide...
Page 228 ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 229: Certificates Technical Reference
In the same way, your private key “writes” your digital signature and your public key allows people to verify whether data was signed by you, or by someone else. This process works as follows. P-660HW-Tx v3 User’s Guide...
Page 230 (because they cannot re-sign the message with Tim’s private key). Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message. P-660HW-Tx v3 User’s Guide...
Page 231: Advanced
Advanced WAN IP Passthrough (233) Static Route (239) VLANs (243) Quality of Service (QoS) (253) Dynamic DNS Setup (275) Remote Management (279) Universal Plug-and-Play (UPnP) (289)
Page 233: Wan Ip Passthrough
1.1.1.1 192.168.1.11 1.1.1.1 Use this feature on a LAN computer which runs applications that do not work well with NAT. For example, VOIP softphones using the SIP protocol may not work on a computer behind NAT. P-660HW-Tx v3 User’s Guide...
Page 234: What You Need To Know About Ip Passthrough
If no NAT rule is found, then all traffic is forwarded to the WAN IP Passthrough computer except incoming ping traffic that goes to the ZyXEL Device. Note: The default NAT server does not work when WAN IP Passthrough is enabled. Figure 85 Incoming Traffic for WAN IP Passthrough Ping P-660HW-Tx v3 User’s Guide...
Page 235 The table below shows the equivalent firewall rules when a LAN computer becomes a WAN IP Passthrough computer. For example, WIP to WAN traffic uses the LAN to WAN firewall rule. See Section 9.2.1 on page 186 for more information on firewall rules. P-660HW-Tx v3 User’s Guide...
Page 236 IP address configured in Network > Local Network (LAN) > Client List. Note: To use WAN IP Passthrough you will need to set the firewall to either Off, Low or Custom (with the correct WAN to WAN/Router rule). P-660HW-Tx v3 User’s Guide...
Page 237 MAC address. Select the Select this to choose a computer from the list of computers that the computer ZyXEL Device has assigned the addresses to. from a list of connected computers P-660HW-Tx v3 User’s Guide...
Page 238 Select the computer you want to configure with WAN IP Passthrough. Passthrough Apply Click this to save your changes. After you click Apply, you need to renew the WAN IP Passthrough computer IP address. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 239: Static Route
Figure 90 Example of Static Routing Topology 14.1.1 What You Can Do in the Static Route Screens Use the Static Route screens (Section 14.2 on page 240) to view and configure IP static routes on the ZyXEL Device. P-660HW-Tx v3 User’s Guide...
Page 240: The Static Route Screen
Click the Edit icon to go to the screen where you can set up a static route on the ZyXEL Device. Click the Remove icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route. P-660HW-Tx v3 User’s Guide...
Page 241: Static Route Edit
Address Type. Enter the IP address of the gateway. The gateway is a router or switch on the same network segment as the device's LAN or WAN port. The gateway helps forward packets to their destinations. P-660HW-Tx v3 User’s Guide...
Page 242 Section 5.3 on page 95 for details on configuring a remote node. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 243: Vlans
15.1.2 What You Need to Know About VLANs IEEE 802.1P Priority IEEE 802.1P specifies the user priority field and defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. P-660HW-Tx v3 User’s Guide...
Page 244 (recall that a port can belong to multiple VLANs). If the tagging on the egress port is enabled for the VID of a frame, then the frame is transmitted as a tagged frame; otherwise, it is transmitted as an untagged frame. P-660HW-Tx v3 User’s Guide...
Page 245: Vlans Example
In the VLAN ID field type in 2 to identify the VLAN group. Select PVC1 from the Default Gateway drop-down list box. In the Control field, select Fixed for LAN1, LAN2 and PVC1 to be permanent members of the VLAN group. P-660HW-Tx v3 User’s Guide...
Page 246 Click Advanced > VLANs > Port Setting to display the following screen. Type 2 in the 802.1Q PVID column for LAN1, LAN2 and PVC1. Select 7 from the 802.1P Priority drop-down list box for LAN1, LAN2 and PVC1. P-660HW-Tx v3 User’s Guide...
Page 247 SSID1 and SSID2 are two wireless networks. You want to create medium priority for this type of traffic, so you want to group these ports and PVC3 into one VLAN (VLAN4). PVC3 priority is set to medium level of service. P-660HW-Tx v3 User’s Guide...
Page 248 Chapter 15 VLANs Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4. The summary screen should then display as follows. Advanced > 802.1Q/1P > Group Setting: Example This completes the VLANs setup. P-660HW-Tx v3 User’s Guide...
Page 249: The Vlans Group Setting Screen
Enter the ID number of a VLAN group. All interfaces (ports, SSIDs and PVCs) are in the management VLAN by default. If you disable the management VLAN, you will not be able to access the ZyXEL Device. Summary This field displays the index number of the VLAN group. P-660HW-Tx v3 User’s Guide...
Page 250: Editing Vlans Group Setting
Use this screen to configure the settings for each VLAN group. In the VLANs screen, click the Edit button from the Modify filed to display the following screen. Figure 95 Advanced > VLANs > Group Setting > Edit P-660HW-Tx v3 User’s Guide...
Page 251 VLANs across different devices and not just the ZyXEL Device. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 252: The Vlans Port Setting Screen
Same if you do not want to modify the priority. You may choose a priority level from 0-7, with 0 being the lowest level and 7 being the highest level. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 253: Quality Of Service (Qos)
(delay) and a low level of jitter (variations in delay) such as Voice over IP (VoIP) or Internet gaming, and those for which jitter alone is a problem such as Internet radio or streaming video. P-660HW-Tx v3 User’s Guide...
Page 254: Qos Overview
• Use the Queue Setup screen (Section 16.7.1 on page 267) to configure QoS queue assignment. • Use the Monitor screen (Section 16.7.1 on page 267) to view the ZyXEL Device’s QoS-related packet statistics. P-660HW-Tx v3 User’s Guide...
Page 255: What You Need To Know About Qos
VoIP traffic from the LAN interface, so that voice traffic would not get delayed when there is network congestion. Traffic from the boss’s IP address (192.168.1.23 for example) is mapped to queue 4. Traffic that does not match P-660HW-Tx v3 User’s Guide...
Page 256 QoS mapping table on the ZyXEL Device. Figure 97 QoS Example VoIP: Queue 5 50 Mbps Boss: Queue 4 IP=192.168.1.23 Figure 98 QoS Class Example: VoIP -1 P-660HW-Tx v3 User’s Guide...
Page 257 Chapter 16 Quality of Service (QoS) Figure 99 QoS Class Example: VoIP -2 Figure 100 QoS Class Example: Boss -1 P-660HW-Tx v3 User’s Guide...
Page 258 Chapter 16 Quality of Service (QoS) Figure 101 QoS Class Example: Boss -2 P-660HW-Tx v3 User’s Guide...
Page 259: The Qos General Screen
Section 16.8.4 on page 272 for more information. If you select OFF, traffic which does not match a class is mapped to queue two. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 260: The Class Setup Screen
Click the Edit icon to go to the screen where you can edit the classifier. Click the Remove icon to delete an existing classifier. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 261: The Class Configuration Screen
16.4.1 The Class Configuration Screen Use this screen to configure a classifier. Click the Add button or the Edit icon in the Modify field to display the following screen. Figure 104 Advanced > QoS > Class Setup: Edit P-660HW-Tx v3 User’s Guide...
Page 262 Select Same to keep the DSCP fields in the packets. Select Auto to map the DSCP value to 802.1 priority level automatically. Select Mark to set the DSCP field with the value you configure in the field provided. P-660HW-Tx v3 User’s Guide...
Page 263 Select the check box and enter the port number of the destination. 0 means any source port number. See Appendix E on page 421 for some common services and port numbers. Select the check box and enter the destination MAC address of the packet. P-660HW-Tx v3 User’s Guide...
Page 264 Select this option to exclude the packets that match the specified criteria from this classifier. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 265: Traffic Shaping
A larger shaping rate requires a big bucket size. For example, use a bucket size of 10 kbytes to get the transmission rate up to 10 Mbps. P-660HW-Tx v3 User’s Guide...
Page 266: Token Bucket Example
E: After enough tokens (1000) are in the bucket, the ZyXEL Device transmits it and then deducts 1000 tokens from the bucket. Figure 105 Token Bucket Scenario Example 2000 2000 1200 2100-1500 =600 700-500 1000-1000 =200 Time (sec) P-660HW-Tx v3 User’s Guide...
Page 267: The Queue Setup Screen
Click the Remove icon to delete an existing queue. Note that subsequent rules move up by one when you take this action. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-Tx v3 User’s Guide...
Page 268: The Queue Configuration Screen
The size range is from 1,500 to 100,000 bytes and the maximum transmission rate must be set if you want to configure the bucket size. You can refer to Section 16.6 on page 265 for more information on Token Bucket. P-660HW-Tx v3 User’s Guide...
Page 269: The Qos Monitor Screen
Click Cancel to begin configuring this screen afresh. 16.7.3 The QoS Monitor Screen Use this screen to view the ZyXEL Device’s QoS packet statistics. Click Advanced > QoS > Monitor. The screen appears as shown. Figure 107 Advanced > QoS > Monitor P-660HW-Tx v3 User’s Guide...
Page 270: Qos Technical Reference
Typically used for voice traffic that is especially sensitive to jitter (jitter is the variations in delay). Level 5 Typically used for video that consumes high bandwidth and is sensitive to jitter. Level 4 Typically used for controlled load, latency-sensitive traffic such as SNA (Systems Network Architecture) transactions. P-660HW-Tx v3 User’s Guide...
Page 271: Ip Precedence
DiffServ defines a new Differentiated Services (DS) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels. The following figure illustrates the DS field. P-660HW-Tx v3 User’s Guide...
Page 272: Automatic Priority Queue Assignment
Table 78 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3 IEEE 802.1P PRIORITY USER PRIORITY TOS (IP IP PACKET QUEUE DSCP (ETHERNET PRECEDENCE) LENGTH (BYTE) PRIORITY) 000000 000000 >1100 001110 250~1100 001100 001010 001000 010110 010100 010010 010000 P-660HW-Tx v3 User’s Guide...
Page 273 Table 78 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3 IEEE 802.1P PRIORITY QUEUE USER PRIORITY TOS (IP IP PACKET PRECEDENCE) DSCP (ETHERNET LENGTH (BYTE) PRIORITY) 011110 <250 011100 011010 011000 100110 100100 100010 100000 101110 101000 110000 111000 P-660HW-Tx v3 User’s Guide...
Page 274 Chapter 16 Quality of Service (QoS) P-660HW-Tx v3 User’s Guide...
Page 275: Dynamic Dns Setup
IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. If you have a private WAN IP address, then you cannot use Dynamic DNS. P-660HW-Tx v3 User’s Guide...
Page 276: The Dynamic Dns Screen
You can specify up to two host names in the field separated by a comma (","). User Name Type your user name. Password Type the password assigned to you. Enable Select the check box to enable DynDNS Wildcard. Wildcard Option P-660HW-Tx v3 User’s Guide...
Page 277 Use specified Type the IP address of the host name(s). Use this if you have a static IP IP Address address. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 278 Chapter 17 Dynamic DNS Setup P-660HW-Tx v3 User’s Guide...
Page 279: Remote Management
You may manage your ZyXEL Device from a remote location via: • Internet (WAN only) • LAN only • WLAN only • LAN and WAN • LAN and WLAN • WLAN and WAN • ALL (WAN, LAN and WLAN) • None (Disable) P-660HW-Tx v3 User’s Guide...
Page 280: What You Can Do In The Remote Management Screens
• There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. • There is a firewall rule that blocks it. P-660HW-Tx v3 User’s Guide...
Page 281: The Www Screen
18.2.0.2 Manual WWW Rule Click Advanced > Remote MGMT > WWW and set Access Status to ALL (or LAN & WAN or WLAN & WAN). Note: IMPORTANT! If you choose WAN it will ONLY allow access from the WAN. P-660HW-Tx v3 User’s Guide...
Page 282 Use this screen to specify how to connect to the ZyXEL Device from a web browser, such as Internet Explorer. Note: If you disable the WWW service in the Remote MGMT > WWW screen, then the ZyXEL Device blocks all HTTP connection attempts. P-660HW-Tx v3 User’s Guide...
Page 283: Configuring The Www Screen
This option is available only when you set the Access Status as ALL, permit WAN WAN, WLAN&WAN, or LAN&WAN. access Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 284: The Telnet Screen
Next go to Security > Firewall > General. There will be a Rules tab if Custom is specified as the firewall option. In Packet direction choose WAN to WAN/Router. Untick the Active tick box for your remote management rule and click the Apply button. P-660HW-Tx v3 User’s Guide...
Page 285: The Ftp Screen
Click this to restore your previously saved settings. 18.4 The FTP Screen You can use FTP (File Transfer Protocol) to upload and download the ZyXEL Device’s firmware and configuration files. Please see the User’s Guide chapter on P-660HW-Tx v3 User’s Guide...
Page 286: The Dns Screen
Click this to restore your previously saved settings. 18.5 The DNS Screen Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 6 on page 111 for background information. P-660HW-Tx v3 User’s Guide...
Page 287: The Icmp Screen
ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. P-660HW-Tx v3 User’s Guide...
Page 288 TCP packet (or an ICMP port-unreachable packet for a blocked UDP packets) or just drop the packets without sending a response packet. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 289: Universal Plug-And-Play (Upnp)
UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following: • Dynamic port mapping • Learning public IP addresses • Assigning lease times to mappings P-660HW-Tx v3 User’s Guide...
Page 290 ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0. See the following sections for examples of installing and using UPnP. P-660HW-Tx v3 User’s Guide...
Page 291: The Upnp Screen
UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 292: Installing Upnp In Windows Example
Follow the steps below to install the UPnP in Windows Me. Click Start and Control Panel. Double-click Add/Remove Programs. Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication P-660HW-Tx v3 User’s Guide...
Page 293 Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections. P-660HW-Tx v3 User’s Guide...
Page 294 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Network Connections The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Windows Optional Networking Components Wizard P-660HW-Tx v3 User’s Guide...
Page 295: Using Upnp In Windows Xp Example
Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network Device Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. P-660HW-Tx v3 User’s Guide...
Page 296 Chapter 19 Universal Plug-and-Play (UPnP) Right-click the icon and select Properties. Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties P-660HW-Tx v3 User’s Guide...
Page 297 You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. P-660HW-Tx v3 User’s Guide...
Page 298 IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. Click Start and then Control Panel. Double-click Network Connections. P-660HW-Tx v3 User’s Guide...
Page 299 Chapter 19 Universal Plug-and-Play (UPnP) Select My Network Places under Other Places. Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. P-660HW-Tx v3 User’s Guide...
Page 300 Network Connections: My Network Places Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Network Connections: My Network Places: Properties: Example P-660HW-Tx v3 User’s Guide...
Page 301: Maintenance
Maintenance System Settings (303) Logs (309) Update/Reboot (323) Diagnostic (337) Statistics (339)
Page 303: System Settings
A LAN (local area network) is typically a network which covers a small area, made up of computers and other devices which share resources such as Internet access, printers etc. P-660HW-Tx v3 User’s Guide...
Page 304: The General Screen
Computer Name tab. Note the entry in the Full computer name field and enter it as the ZyXEL Device System Name. Click Maintenance > System to open the General screen. Figure 116 Maintenance > System > General P-660HW-Tx v3 User’s Guide...
Page 305 After you change the password, use the new password to access the ZyXEL Device. Retype to Type the new password again for confirmation. confirm Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 306: The Time Setting Screen
Time Zone and Daylight Saving at the same time, the new time and date you entered has priority and the Time Zone and Daylight Saving settings do not affect it. P-660HW-Tx v3 User’s Guide...
Page 307 European Union you would select Last, Sunday, March. The time you type in the o'clock field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). P-660HW-Tx v3 User’s Guide...
Page 308 Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 309: Logs
A log is a message about an event that occurred on your ZyXEL Device. For example, when someone logs in to the ZyXEL Device, you can set a schedule for how often logs should be enabled, or sent to a syslog server. P-660HW-Tx v3 User’s Guide...
Page 310: The View Log Screen
This field is a sequential value and is not associated with a specific entry. Time This field displays the time the log was recorded. Message This field states the reason for the log. Source This field lists the source IP address and the port number of the incoming packet. P-660HW-Tx v3 User’s Guide...
Page 311: The Log Settings Screen
Use the Log Settings screen to configure the mail server, the syslog server, when to send logs and what logs to send. To change your ZyXEL Device’s log settings, click Maintenance > Logs > Log Settings. The screen appears as shown. P-660HW-Tx v3 User’s Guide...
Page 312 E-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyXEL Device sends. Not all ZyXEL Device models have this field. P-660HW-Tx v3 User’s Guide...
Page 313 Options include System Errors, Access Control, Alert Blocked Web Sites, Attacks, and PKI. Apply Click this to save your customized settings and exit this screen. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 User’s Guide...
Page 314: Smtp Error Messages
|<1,02> 127|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |match |forward | 10:05:17 |UDP src port:00520 dest port:00520 |<1,02> 128|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |match |forward | 10:05:30 |UDP src port:00520 dest port:00520 |<1,02> End of Firewall Log P-660HW-Tx v3 User’s Guide...
Page 315: Log Descriptions
The router is saving configuration changes. Configuration Change: PC = 0x%x, Task ID = 0x%x Someone has logged on to the router’s SSH server. Successful SSH login Someone has failed to log on to the router’s SSH SSH login failed server. P-660HW-Tx v3 User’s Guide...
Page 316 [ TCP | UDP | IGMP | ESP | GRE | OSPF ] The router sent a message to notify a user that Router sent blocked web site the router blocked access to a web site that the message: TCP user requested. P-660HW-Tx v3 User’s Guide...
Page 317 Attempted access matched a configured filter rule [ TCP | UDP | ICMP | IGMP | (denoted by its set and rule number) and was blocked Generic ] packet filter or forwarded according to the rule. matched (set: %d, rule: %d) P-660HW-Tx v3 User’s Guide...
Page 318 The PPP connection’s Challenge Handshake Authentication Protocol ppp:CHAP Opening stage is opening. The PPP connection’s Internet Protocol Control Protocol stage is ppp:IPCP starting. Starting The PPP connection’s Internet Protocol Control Protocol stage is ppp:IPCP Opening opening. P-660HW-Tx v3 User’s Guide...
Page 319 The firewall detected a TCP teardrop attack. teardrop TCP The firewall detected an UDP teardrop attack. teardrop UDP The firewall detected an ICMP teardrop attack. teardrop ICMP (type:%d, code:%d) The firewall detected a TCP illegal command attack. illegal command TCP P-660HW-Tx v3 User’s Guide...
Page 320 DESCRIPTION DIRECTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN. P-660HW-Tx v3 User’s Guide...
Page 321 Redirect datagrams for the Type of Service and Host Echo Echo message Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request P-660HW-Tx v3 User’s Guide...
Page 322 Please refer to RFC 2408 for detailed information on each type. Table 106 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID P-660HW-Tx v3 User’s Guide...
Page 323: Update/Reboot
(Section 22.3 on page 333) to backup and restore device configurations. You can also reset your device settings back to the factory default. • Use the Restart screen (Section 22.4 on page 336) to restart your ZyXEL device. P-660HW-Tx v3 User’s Guide...
Page 324: What You Need To Know About Update/Reboot
ROM file system, including your ZyXEL Device configurations, system-related data (including the default password), the error log and the trace log. Firmware This is the generic name for the ZyNOS *.bin firmware on the ZyXEL Device. P-660HW-Tx v3 User’s Guide...
Page 325: Before You Begin
FTP is faster. Please note that you must wait for the system to automatically restart after the file transfer is complete. Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE your device. When the Restore Configuration process is complete, the device automatically restarts. P-660HW-Tx v3 User’s Guide...
Page 326 “rom-0”. Likewise “get rom-0 config.rom” transfers the configuration file on the device to your computer and renames it “config.rom.” See earlier in this chapter for more information on filename conventions. Enter “quit” to exit the ftp prompt. P-660HW-Tx v3 User’s Guide...
Page 327 Note that the telnet connection must be active and the device in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For P-660HW-Tx v3 User’s Guide...
Page 328 “get rom-0 config.rom” transfers the configuration file on the ZyXEL Device to your computer and renames it “config.rom”. See earlier in this chapter for more information on filename conventions. Enter “quit” to exit the ftp prompt. P-660HW-Tx v3 User’s Guide...
Page 329 TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next. P-660HW-Tx v3 User’s Guide...
Page 330 Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom extension) on your computer. Remote This is the filename on the ZyXEL Device. The filename for the firmware is File “ras” and for the configuration file, is “rom-0”. P-660HW-Tx v3 User’s Guide...
Page 331: The Firmware Screen
Current This is the present Firmware version and the date created. Firmware Version File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. P-660HW-Tx v3 User’s Guide...
Page 332 The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 126 Network Temporarily Disconnected After three minutes, log in again and check your new firmware version in the Status screen. P-660HW-Tx v3 User’s Guide...
Page 333: The Configuration Screen
Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your P-660HW-Tx v3 User’s Guide...
Page 334 Figure 129 Configuration Upload Successful The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 130 Network Temporarily Disconnected P-660HW-Tx v3 User’s Guide...
Page 335 Figure 133 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to Section 1.6 on page 27 for more information on using the RESET button. P-660HW-Tx v3 User’s Guide...
Page 336: The Restart Screen
You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Update/Reboot > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 134 Maintenance > Update/Reboot >Restart P-660HW-Tx v3 User’s Guide...
Page 337: Diagnostic
Click this to check your WAN connection status of DSL, ATM, Ethernet PPPoE, IP, and Pinging. IP Address or URL Type the IP address or URL of a computer that you want to ping in order to test a connection. P-660HW-Tx v3 User’s Guide...
Page 338 The ZyXEL Device sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network. P-660HW-Tx v3 User’s Guide...
Page 339: Statistics
Statistics screen. See the Network Connections section in Troubleshooting if you are experiencing problems with your Internet connection. Click Maintenance > Statistics to open the screen shown next. Figure 136 Maintenance > Statisticsl P-660HW-Tx v3 User’s Guide...
Page 340: Terms
The method your modem or router use depends on what the DSLAM is using. P-660HW-Tx v3 User’s Guide...
Page 341 Header Error Correction (HEC) errors are similar to CRC errors, except only the header of the ATM cell is checked. Typically one type of error causes others too, and as mentioned, some errors are normal on a DSL line. P-660HW-Tx v3 User’s Guide...
Page 342 Chapter 24 Statistics P-660HW-Tx v3 User’s Guide...
Page 343: Troubleshooting And Specifications
Troubleshooting and Specifications Troubleshooting (345) Product Specifications (351)
Page 345: Troubleshooting
Turn the ZyXEL Device off and on. If the problem continues, contact the vendor. One of the LEDs does not behave as expected. Make sure you understand the normal behavior of the LED. See Section 1.5 on page P-660HW-Tx v3 User’s Guide...
Page 346: Zyxel Device Access And Login
If this does not work, you have to reset the device to its factory defaults. See Section 1.6 on page I cannot see or access the Login screen in the web configurator. Make sure you are using the correct IP address. • The default IP address is 192.168.1.254. P-660HW-Tx v3 User’s Guide...
Page 347 You cannot log in to the web configurator while someone is using Telnet to access the ZyXEL Device. Log out of the ZyXEL Device in the other session, or ask the person who is logged in to log out. Turn the ZyXEL Device off and on. P-660HW-Tx v3 User’s Guide...
Page 348: Internet Access
AP. Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again. If the problem continues, contact your ISP. P-660HW-Tx v3 User’s Guide...
Page 349: Network Connections
• Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications. 25.4 Network Connections My network cannot be connected. How can I check the Internet connection status? P-660HW-Tx v3 User’s Guide...
Page 350 Excess errors may occur if the quality of your line is poor. If you hear noise on the line while making a telephone call, you should ask your local telecommunications office to check the lines in your house or apartment building and the line from your residence to your DSL service provider. P-660HW-Tx v3 User’s Guide...
Page 351: Product Specifications
Temperature Storage Temperature -20º ~ 60º C Operation Humidity 20% ~ 90% RH Storage Humidity 20% ~ 90% RH 26.2 Firmware Specifications Table 114 Firmware Specifications Default IP Address 192.168.1.254 Default Subnet Mask 255.255.255.0 (24 bits) P-660HW-Tx v3 User’s Guide...
Page 352 Use logs for troubleshooting. You can send logs from the ZyXEL Device to an external syslog server. Universal Plug and A UPnP-enabled device can dynamically join a network, obtain an Play (UPnP) IP address and convey its capabilities to other devices on the network. P-660HW-Tx v3 User’s Guide...
Page 353 Device to have access to web services using the public IP address. When WAN IP Passthrough is configured, all traffic is forwarded to the computer and will not go through NAT. VLANs This allows a physical network to be partitioned into multiple logical networks. P-660HW-Tx v3 User’s Guide...
Page 354 ADSL physical connection ATM AAL5 (ATM Adaptation Layer type Multi-protocol over AAL5 (RFC2684/1483) PPP over ATM AAL5 (RFC2364) PPP over Ethernet for DSL connection (RFC2516) VC-based and LLC-based multiplexing Support up to 8 PVCs I.610 F4/F5 OAM TR-067/TR-100 P-660HW-Tx v3 User’s Guide...
Page 355: Wireless Features
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security standard. Key differences between WPA and WEP are user authentication and improved data encryption. WPA2 WPA 2 is a wireless security standard that defines stronger encryption, authentication and key management than WPA. P-660HW-Tx v3 User’s Guide...
Page 356 RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 RFC 1631 IP Network Address Translator (NAT) RFC 1661 The Point-to-Point Protocol (PPP) RFC 1723 RIP-2 (Routing Information Protocol) RFC 2236 Internet Group Management Protocol, Version 2. P-660HW-Tx v3 User’s Guide...
Page 357 MS PPTP (Microsoft's implementation of Point to Point Tunneling Protocol) RFC 2383 ST2+ over ATM Protocol Specification - UNI 3.1 Version TR-069 TR-069 DSL Forum Standard for CPE Wan Management. 1.363.5 Compliant AAL5 SAR (Segmentation And Re-assembly) P-660HW-Tx v3 User’s Guide...
Page 358: Power Adaptor Specifications
7.7 Watt max Safety Standards ANSI/UL 60950-1, CSA 60950-1 EUROPEAN PLUG STANDARDS AC Power Adapter Model Input Power AC 230Volts/50Hz Output Power DC 12Volts/1.0A Power Consumption 8 Watt max Safety Standards CE, GS or TUV, EN60950-1 P-660HW-Tx v3 User’s Guide...
Page 359: Part Vii: Appendices And Index
Appendices and Index Note: The appendices provide general information. Some details may not apply to your ZyXEL Device. Setting up Your Computer’s IP Address (361) Pop-up Windows, JavaScripts and Java Permissions (385) IP Addresses and Subnetting (395) Wireless LANs (405) Services (421) Legal Information (425) Index (429)
Page 361: Appendix A Setting Up Your Computer's Ip Address
"communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. P-660HW-Tx v3 User’s Guide...
Page 362 In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: In the Network window, click Add. Select Protocol and then click Add. P-660HW-Tx v3 User’s Guide...
Page 363 • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 138 Windows 95/98/Me: TCP/IP Properties: IP Address P-660HW-Tx v3 User’s Guide...
Page 364 Click Start and then Run. In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. P-660HW-Tx v3 User’s Guide...
Page 365 Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 140 Windows XP: Start Menu In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT). Figure 141 Windows XP: Control Panel P-660HW-Tx v3 User’s Guide...
Page 366 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 143 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). P-660HW-Tx v3 User’s Guide...
Page 367 Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. P-660HW-Tx v3 User’s Guide...
Page 368 • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. P-660HW-Tx v3 User’s Guide...
Page 369: Windows Vista
In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Windows Vista This section shows screens from Windows Vista Enterprise Version 6.0. P-660HW-Tx v3 User’s Guide...
Page 370 Click the Start icon, Control Panel. Figure 147 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 148 Windows Vista: Control Panel Click Network and Sharing Center. Figure 149 Windows Vista: Network And Internet P-660HW-Tx v3 User’s Guide...
Page 371 Figure 150 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 151 Windows Vista: Network and Sharing Center P-660HW-Tx v3 User’s Guide...
Page 372 • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. P-660HW-Tx v3 User’s Guide...
Page 373 Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. P-660HW-Tx v3 User’s Guide...
Page 374 • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. P-660HW-Tx v3 User’s Guide...
Page 375 Click Start, All Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. P-660HW-Tx v3 User’s Guide...
Page 376 Appendix A Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 156 Macintosh OS 8/9: Apple Menu P-660HW-Tx v3 User’s Guide...
Page 377 Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration. Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window. P-660HW-Tx v3 User’s Guide...
Page 378: Macintosh Os X
• Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. Figure 159 Macintosh OS X: Network For statically assigned settings, do the following: P-660HW-Tx v3 User’s Guide...
Page 379 Follow the steps below to configure your computer IP address using the KDE. Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 160 Red Hat 9.0: KDE: Network Configuration: Devices P-660HW-Tx v3 User’s Guide...
Page 380 If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 162 Red Hat 9.0: KDE: Network Configuration: DNS Click the Devices tab. P-660HW-Tx v3 User’s Guide...
Page 381 • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 164 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet P-660HW-Tx v3 User’s Guide...
Page 382 Figure 167 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] P-660HW-Tx v3 User’s Guide...
Page 383: Verifying Settings
Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# P-660HW-Tx v3 User’s Guide...
Page 384 Appendix A Setting up Your Computer’s IP Address P-660HW-Tx v3 User’s Guide...
Page 385: Appendix B Pop-Up Windows, Javascripts And Java Permissions
In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 169 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. P-660HW-Tx v3 User’s Guide...
Page 386 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. P-660HW-Tx v3 User’s Guide...
Page 387 Select Settings…to open the Pop-up Blocker Settings screen. Figure 171 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. P-660HW-Tx v3 User’s Guide...
Page 388 Figure 172 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. P-660HW-Tx v3 User’s Guide...
Page 389 Figure 173 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). P-660HW-Tx v3 User’s Guide...
Page 390: Java Permissions
Figure 174 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. P-660HW-Tx v3 User’s Guide...
Page 391 Click OK to close the window. Figure 175 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. P-660HW-Tx v3 User’s Guide...
Page 392 Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 177 Mozilla Firefox: Tools > Options P-660HW-Tx v3 User’s Guide...
Page 393 Appendix B Pop-up Windows, JavaScripts and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 178 Mozilla Firefox Content Security P-660HW-Tx v3 User’s Guide...
Page 394 Appendix B Pop-up Windows, JavaScripts and Java Permissions P-660HW-Tx v3 User’s Guide...
Page 395: Appendix C Ip Addresses And Subnetting
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. P-660HW-Tx v3 User’s Guide...
Page 396: Subnet Masks
ID of an IP address (192.168.1.2 in decimal). Table 118 Subnet Masks OCTET: OCTET: OCTET: OCTET (192) (168) IP Address (Binary) 11000000 10101000 00000001 00000010 Subnet Mask (Binary) 11111111 11111111 11111111 00000000 Network Number 11000000 10101000 00000001 Host ID 00000010 P-660HW-Tx v3 User’s Guide...
Page 397 SUBNET MASK HOST ID SIZE HOSTS 8 bits 255.0.0.0 24 bits – 2 16777214 16 bits 255.255.0.0 16 bits – 2 65534 24 bits 255.255.255.0 8 bits – 2 29 bits 255.255.255.2 3 bits – 2 P-660HW-Tx v3 User’s Guide...
Page 398 In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 2 – 2 or 254 possible hosts. P-660HW-Tx v3 User’s Guide...
Page 399 The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 181 Subnetting Example: After Subnetting P-660HW-Tx v3 User’s Guide...
Page 400 Table 123 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 P-660HW-Tx v3 User’s Guide...
Page 401 Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 126 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS P-660HW-Tx v3 User’s Guide...
Page 402 255.255.255.248 (/29) 8192 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP P-660HW-Tx v3 User’s Guide...
Page 403 Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. P-660HW-Tx v3 User’s Guide...
Page 404 Appendix C IP Addresses and Subnetting P-660HW-Tx v3 User’s Guide...
Page 405: Appendix D Wireless Lans
(AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate P-660HW-Tx v3 User’s Guide...
Page 406 This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. P-660HW-Tx v3 User’s Guide...
Page 407 A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or P-660HW-Tx v3 User’s Guide...
Page 408 RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. P-660HW-Tx v3 User’s Guide...
Page 409: Fragmentation Threshold
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has P-660HW-Tx v3 User’s Guide...
Page 410 IEEE802.1x EAP with RADIUS Server Authentication Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. P-660HW-Tx v3 User’s Guide...
Page 411 The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. P-660HW-Tx v3 User’s Guide...
Page 412 The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. P-660HW-Tx v3 User’s Guide...
Page 413 However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. P-660HW-Tx v3 User’s Guide...
Page 414: Dynamic Wep Key Exchange
RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. P-660HW-Tx v3 User’s Guide...
Page 415 The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption P-660HW-Tx v3 User’s Guide...
Page 416 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client. P-660HW-Tx v3 User’s Guide...
Page 417 The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. P-660HW-Tx v3 User’s Guide...
Page 418: Security Parameters Summary
Enable without Dynamic WEP Open Enable with Dynamic WEP Key Enable without Dynamic WEP Disable Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Disable TKIP/AES Enable WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable P-660HW-Tx v3 User’s Guide...
Page 419: Antenna Characteristics
Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. P-660HW-Tx v3 User’s Guide...
Page 420: Positioning Antennas
For omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. P-660HW-Tx v3 User’s Guide...
Page 421: Appendix E Services
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. • If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. P-660HW-Tx v3 User’s Guide...
Page 422 IMAP4 The Internet Message Access Protocol is used for e-mail. IMAP4S This is a more secure version of IMAP4 that runs over SSL. TCP/UDP 6667 This is another popular Internet chat program. P-660HW-Tx v3 User’s Guide...
Page 423 ROADRUNNER TCP/UDP 1026 This is an ISP that provides services mainly for cable modems. RTELNET Remote Telnet. RTSP TCP/UDP The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. P-660HW-Tx v3 User’s Guide...
Page 424 Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the user- application. defined P-660HW-Tx v3 User’s Guide...
Page 425: Appendix F Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 426 • To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons. 注意 ! 依據低功率電波輻射性電機管理辦法第十二條經型式認證合格之低功率射頻電機，非經許可，公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。第十四條低功率射頻電機之使用不得影響飛航安全及干擾合法通信；經發現有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用。前項合法通信，指依電信規定作業之無線電信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 P-660HW-Tx v3 User’s Guide...
Page 427: Zyxel Limited Warranty
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or P-660HW-Tx v3 User’s Guide...
Page 428 Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-660HW-Tx v3 User’s Guide...
Page 429: Index
328, 329, 333 wireless LAN backup type scheduling Basic Service Set, See BSS Basic Service Set, see BSS address mapping broadcast rules types 153, 405 171, 172, 176 example Address Resolution Protocol, see ARP administrator password alerts firewalls P-660HW-Tx v3 User’s Guide...
Page 430 Domain Name System, see DNS configuration backup three-way handshake 328, 329, 333 classifiers thresholds 261, 268 182, 197, 198, 199 DHCP DSCP 262, 264, 271 file dynamic DNS firewalls 187, 191, 198 activation IP alias wildcard P-660HW-Tx v3 User’s Guide...
Page 431 138, 150, 409 keywords 24, 285 schedules backing up configuration trusted IP addresses limitations MAC address 139, 151 restoring configuration 325, 326 activation upgrading firmware 326, 327 packets configuration P-660HW-Tx v3 User’s Guide...
Page 432 88, 91, 97, 105, 112, 123 default server 166, 168 private MAC address 119, 140, 238 IP alias filter 130, 132, 139, 151 configuration MAC address filter NAT applications activation IP precedence management VLAN mapping address P-660HW-Tx v3 User’s Guide...
Page 433 164, 166 activation packet filtering configuration port forwarding 164, 166 example activation rules configuration example PPPoA 90, 97, 104 rules PPPoE 90, 97, 103 remote management passthrough SIP ALG preamble 138, 149 P-660HW-Tx v3 User’s Guide...
Page 434 Quality of Service, see QoS wireless LAN Queue Setup 93, 100, 107 security network wireless LAN 132, 150 Service Set IDentifier, see SSID RADIUS Session Initiation Protocol, see SIP message types P-660HW-Tx v3 User’s Guide...
Page 435 Sustain Cell Rate, see SCR MD5 fingerprint syntax conventions system SHA1 fingerprint backing up configuration backup configuration firmware 324, 331 upgrading version 93, 100, 108 name unicast passwords Universal Plug and Play, see UPnP administrator upgrading firmware 326, 331 P-660HW-Tx v3 User’s Guide...
Page 436 SSID 130, 132, 142, 151 mode 90, 97 activation modulation status 94, 100 145, 155 multicast 88, 93, 99 compatibility multiplexing 91, 97, 104 example nailed-up connection 91, 98, 105 134, 152 packet filter 94, 100 P-660HW-Tx v3 User’s Guide...
Page 437 RADIUS application example WPA2-Pre-Shared Key WPA2-PSK 414, 415 application example WPA-PSK 135, 152, 415 application example pre-shared key 143, 155, 158 activation adding stations example limitations 143, 145, 156 example push button 27, 145, 156 status P-660HW-Tx v3 User’s Guide...
Page 438 Index P-660HW-Tx v3 User’s Guide...