1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Network Router
  5. P-320W v3
  6. User manual

ZyXEL Communications P-320W v3 User Manual

802.11g wireless firewall router
Hide thumbs
Table of Contents

Advertisement

Quick Links

P-320W v3
802.11g Wireless Firewall Router
Default Login Details
IP Address
http://192.168.1.1
Password
Firmware Version 1.0
Edition 1, 3/2009
www.zyxel.com
www.zyxel.com
1234
Copyright © 2009
ZyXEL Communications Corporation

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications P-320W v3

Summary of Contents for ZyXEL Communications P-320W v3

  • Page 1 P-320W v3 802.11g Wireless Firewall Router Default Login Details IP Address http://192.168.1.1 Password 1234 Firmware Version 1.0 Edition 1, 3/2009 www.zyxel.com www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation...
  • Page 3 About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the P-320W v3 using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
  • Page 4 Please have the following information ready when you contact an office. • Product model and serial number. • Warranty Information. • Date that you received your device. Brief description of the problem and the steps you took to solve it. P-320W v3 User’s Guide...

  • Page 5: Document Conventions

    Syntax Conventions • The P-320W v3 may be referred to as the “P-320W v3”, the “device”, the “product” or the “system” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
  • Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. P-320W v3 Computer Notebook computer Server Modem Firewall Telephone Switch Router P-320W v3 User’s Guide...

  • Page 7: Safety Warnings

    Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. P-320W v3 User’s Guide...
  • Page 8 Safety Warnings P-320W v3 User’s Guide...

  • Page 9: Table Of Contents

    Contents Overview Contents Overview Introduction ..........................19 Getting to Know Your P-320W v3 ....................21 Introducing the Web Configurator ....................25 Connection Wizard ........................37 Network ........................... 53 Wireless LAN ..........................55 Wireless Client Mode ......................... 73 Wireless Tutorial ........................77 LAN ............................
  • Page 10 Contents Overview P-320W v3 User’s Guide...
  • Page 11 Getting to Know Your P-320W v3 ..................21 1.1 Overview ..........................21 1.2 Ways to Manage the P-320W v3 ..................22 1.3 Good Habits for Managing the P-320W v3 ................22 1.4 LEDs ............................ 23 Chapter 2 Introducing the Web Configurator ..................25 2.1 Web Configurator Overview ....................
  • Page 12 4.4.5 802.1x + Dynamic WEP ..................... 66 4.4.6 WPA-PSK/WPA2-PSK (Mixed) ................... 67 4.5 MAC Filter ..........................68 4.6 WPS Screen ........................69 4.7 WPS Station Screen ......................70 4.8 Wireless LAN Advanced Screen ..................70 Chapter 5 Wireless Client Mode......................73 P-320W v3 User’s Guide...
  • Page 13 Wireless Tutorial ........................77 6.1 How to Connect to the Internet from an AP ................. 77 6.2 Configure Wireless Security Using WPS on both your P-320W v3 and Wireless Client ..77 6.2.1 Push Button Configuration (PBC) ................78 6.2.2 PIN Configuration ....................... 79 6.3 Enable and Configure Wireless Security without WPS on your P-320W v3 ......
  • Page 14 Firewall........................... 117 12.1 Overview .........................117 12.2 What You Can Do ......................117 12.3 What You Need to Know ....................117 12.3.1 About the P-320W v3 Firewall .................118 12.3.2 Security Parameter Index (SPI) ................118 12.4 General Firewall Screen ....................119 12.5 Services Screen .......................119 12.6 Technical Reference ......................
  • Page 15 16.3.1 How do I know if I'm using UPnP? ................. 141 16.3.2 NAT Traversal ......................142 16.3.3 Cautions with UPnP ....................142 16.3.4 UPnP and ZyXEL ....................142 16.4 UPnP Screen ........................143 16.5 Technical Reference ......................143 16.5.1 Installing UPnP in Windows Example ..............143 P-320W v3 User’s Guide...
  • Page 16 20.1 Power, Hardware Connections, and LEDs ..............185 20.2 P-320W v3 Access and Login ..................186 20.3 Internet Access ........................ 188 20.4 Resetting the P-320W v3 to Its Factory Defaults ............. 189 20.5 Wireless Router Troubleshooting ..................190 20.6 Advanced Features ......................191...
  • Page 17 21.0.1 Verifying Settings ....................234 Appendix D Wireless LANs ....................235 21.0.2 WPA(2)-PSK Application Example ................. 245 21.0.3 WPA(2) with RADIUS Application Example ............245 Appendix E Services ......................247 Appendix F Legal Information ....................251 Index............................255 P-320W v3 User’s Guide...
  • Page 18 Table of Contents P-320W v3 User’s Guide...

  • Page 19: Introduction

    Introduction Getting to Know Your P-320W v3 (21) Introducing the Web Configurator (25) Connection Wizard (37)

  • Page 21: Getting To Know Your P-320W V3

    The following figure shows computers in a WLAN connecting to the P-320W v3 (A), which has a DSL connection to the Internet. The P-320W v3 has a built-in firewall (B) to protect the network. It also has the Network Address Translation (NAT) feature enabled by default.
  • Page 22 Chapter 1 Getting to Know Your P-320W v3 In the following figure, the P-320W v3 (A) enables the wired computers to connect to the access point (B) and gain access to LAN/Internet. Figure 2 Using the P-320W v3 as a Wireless Client...
  • Page 23 The P-320W v3 is sending/receiving data. The WAN connection is not ready, or has failed. WLAN Green The P-320W v3 is ready, but is not sending/ receiving data through the wireless LAN. Blinking The P-320W v3 is sending/receiving data through the wireless LAN.
  • Page 24 Chapter 1 Getting to Know Your P-320W v3 P-320W v3 User’s Guide...

  • Page 25: Introducing The Web Configurator

    Internet Explorer. 2.2 Accessing the Web Configurator Make sure your P-320W v3 hardware is properly connected and prepare your computer or computer network to connect to the P-320W v3 (refer to the Quick Start Guide). Launch your web browser.
  • Page 26 Your computer must be in the same subnet in order to access this website address. Note: Enable the DHCP Server. The P-320W v3 assigns your computer an IP address on the same subnet. Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login.

  • Page 27: Procedure To Use The Reset Button

    If you forget your password or IP address, or you cannot access the web configurator, you will need to use the RESET button at the back of the P-320W v3 to reload the factory-default configuration file. This means that you will lose all configurations that you had previously saved, the password will be reset to “1234”...
  • Page 28 Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics. Click this button to refresh the status screen statistics. P-320W v3 User’s Guide...
  • Page 29 Firmware Version This is the firmware version and the date created. WAN Information WAN Type This shows the P-320W v3’s WAN type or how it acquires its WAN IP address. - IP Address This shows the WAN port’s IP address.

  • Page 30: Navigation Panel

    Use this screen to view a list of wireless clients currently connected to the P-320W v3. - Routing Table Use this screen to view a list of the traffic routes used by the P-320W v3. IP Renew Click this to renew the P-320W v3’s IP address.
  • Page 31 P-320W v3. SNMP Use this screen to configure SNMP in your P-320W v3. Security Use this screen to set your P-320W v3 to not respond to ping from WAN. UPnP General Use this screen to enable UPnP on the P-320W v3.
  • Page 32 DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the P-320W v3’s LAN and/or Guest WLAN as DHCP server(s) or disable them. When configured as a server, the P-320W v3 provides the TCP/IP configuration for the clients.
  • Page 33 LABEL DESCRIPTION This is the index number of the client. MAC Address This shows the MAC address of the device associated with the P-320W v3. Association This shows the date and time when the association with a device is made.
  • Page 34 2.4.5 Summary: Active Session Click the Active Session (Details...) hyperlink in the Status screen. View a list of devices that are currently associated to the P-320W v3 and read-only information such as internal/external IP addresses and Time-out. Figure 12 Summary: Active Session The following table describes the labels in this screen.
  • Page 35 2.4.6 Summary: Routing Table Click the Routing Table (Details...) hyperlink in the Status screen. View a list of the static routes configured in the P-320W v3. Figure 13 Summary: Routing Table The following table describes the labels in this screen.
  • Page 36 Chapter 2 Introducing the Web Configurator P-320W v3 User’s Guide...

  • Page 37: Connection Wizard

    Guide to know what to enter in each field. Leave a field blank if you don’t have that information. After you access the P-320W v3 web configurator, click the Go to Wizard setup hyperlink. You can click the Go to Advanced setup hyperlink to skip this wizard setup and configure advanced features accordingly.

  • Page 38: System Name

    DHCP from the ISP is used. While you must enter the host name (System Name) on each individual computer, the domain name can be assigned from the P-320W v3 via DHCP. P-320W v3 User’s Guide...
  • Page 39 LABEL DESCRIPTION System System Name is a unique name to identify the P-320W v3 in an Ethernet Name network. Enter a descriptive name. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes "-" and underscores "_"...
  • Page 40 Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the (SSID) wireless LAN. If you change this field on the P-320W v3, make sure all wireless stations use the same SSID in order to access the network. Channel The range of radio frequencies used by IEEE 802.11b/g wireless devices is...
  • Page 41 Exit Click Exit to close the wizard screen without saving. Note: The wireless stations and P-320W v3 must use the same SSID, channel ID and WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) or WPA2-PSK (if WPA2-PSK is enabled) for wireless communication.
  • Page 42 The preceding “0x” is entered automatically. Key 1 to Key The WEP keys are used to encrypt data. Both the P-320W v3 and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
  • Page 43 3.4 Connection Wizard: STEP 3: Internet Configuration The P-320W v3 offers three Internet connection types. They are Ethernet, PPP over Ethernet or PPTP. The wizard attempts to detect which WAN connection type you are using. If the wizard does not detect a connection type, you must select one from the drop-down list box.

  • Page 44: Ethernet Connection

    Choose Ethernet when the WAN port is used as a regular Ethernet. Figure 21 Wizard Step 3: Ethernet Connection 3.4.2 PPPoE Connection Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) standard specifying how a host P-320W v3 User’s Guide...
  • Page 45 By implementing PPPoE directly on the P-320W v3 (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the P-320W v3 does that part of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.

  • Page 46: Pptp Connection

    PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet. Refer to the appendix for more information on PPTP. Note: The P-320W v3 supports one PPTP server connection at any given time. Figure 23 Wizard Step 3: PPTP Connection P-320W v3 User’s Guide...

  • Page 47: Your Ip Address

    Select this radio button if your ISP did not assign you a fixed IP automatically address. from ISP Use fixed IP Select this radio button, provided by your ISP to give the P-320W v3 a address fixed, unique IP address. My IP Type the (static) IP address assigned to you by your ISP.

  • Page 48: Wan Ip Address Assignment

    Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP P-320W v3 User’s Guide...

  • Page 49: Dns Server Address Assignment

    Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your P-320W v3, but make sure that no other device on your network is using that IP address.

  • Page 50: Wan Ip And Dns Server Address Assignment

    The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The P-320W v3 uses a system DNS server (in the order you specify here) to resolve domain names for DDNS and the time server.

  • Page 51: Wan Mac Address

    This screen allows users to configure the WAN port's MAC address by either using the P-320W v3’s MAC address, copying the MAC address from a computer on your LAN or manually entering a MAC address. Once it is successfully configured, the address will be copied to the "rom"...

  • Page 52: Connection Wizard Complete

    Follow the on-screen instructions and click Finish to complete the wizard setup. Figure 28 Connection Wizard Complete Well done! You have successfully set up your P-320W v3 to operate on your network and access the Internet. P-320W v3 User’s Guide...

  • Page 53: Network

    Network Wireless LAN (55) Wireless Tutorial (77) WAN (107) LAN (85) Guest WLAN (117) DHCP Server (89) Network Address Translation (NAT) (93) Dynamic DNS (123)

  • Page 55: Wireless Lan

    A and B are called wireless clients. The wireless clients use the access point (AP) to interact with other devices (such as the printer) or with the Internet. Your P-320W v3 is the AP. Every wireless network must follow these basic guidelines.
  • Page 56 320W v3 as a wireless router or access point (AP). • Use the MAC Filter screen (Section 4.5 on page 68) to configure the P-320W v3 to give or deny access to up to 32 devices. • Use the WPS screen (Section 4.6 on page...

  • Page 57: Mac Address Filter

    Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. P-320W v3 User’s Guide...
  • Page 58 When you select WPA2 or WPA2-PSK in your P-320W v3, you can also select an option (WPA Compatible) to support WPA as well. In this case, if some wireless...

  • Page 59: Wpa With Radius Application Example

    The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client. P-320W v3 User’s Guide...

  • Page 60: Wifi Protected Setup

    Section 6.2 on page 4.4 General Wireless LAN Screen Use this screen to configure your P-320W v3 as a wireless router or access point (AP). The P-320W v3 can broadcast up to four wireless profiles at the same time. This means that users can connect to the P-320W v3 using different SSIDs.
  • Page 61 Chapter 4 Wireless LAN Note: If you are configuring the P-320W v3 from a computer connected to the wireless LAN and you change the P-320W v3’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the P-320W v3’s...
  • Page 62 Select No Security to allow wireless stations to communicate with the access points without any data encryption. Note: If you do not enable any wireless security on your P-320W v3, your network is accessible to any wireless networking device that is within range.

  • Page 63: Wep Encryption

    Both the wireless stations and the access points must use the same WEP key. Your P-320W v3 allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time.
  • Page 64 Key 1 to Key The WEP keys are used to encrypt data. Both the P-320W v3 and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
  • Page 65 Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols). Apply Click Apply to save your changes back to the P-320W v3. Reset Click Reset to reload the previous configuration for this screen. 4.4.4 WPA Click Network >...
  • Page 66 LABEL DESCRIPTION Dynamic WEP The WEP keys are used to encrypt data. Both the P-320W v3 and the Key Exchange wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
  • Page 67 P-320W The key must be the same on the external authentication server and your P-320W v3. The key is not sent over the network. Apply Click Apply to save your changes back to the P-320W v3.

  • Page 68: Mac Filter

    Chapter 4 Wireless LAN 4.5 MAC Filter The MAC filter screen allows you to configure the P-320W v3 to give exclusive access to up to 32 devices (Allow) or exclude up to 32 devices from accessing the P-320W v3 (Deny). Every Ethernet device has a unique MAC (Media Access Control) address.

  • Page 69: Wps Screen

    PIN number. WPS Status Status This displays Configured when the P-320W v3 has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have been changed. The current wireless and wireless security settings also appear in the screen.

  • Page 70: Wps Station Screen

    Type the same PIN number generated in the wireless station’s utility. Then click Start to associate to each other and perform the wireless security information synchronization. 4.8 Wireless LAN Advanced Screen Use this screen to configure your P-320W v3’s advanced wireless setup. P-320W v3 User’s Guide...
  • Page 71 Select 802.11g to allow only IEEE 802.11g compliant WLAN devices to associate with the P-320W v3. Select Mixed to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices to associate with the P-320W v3. The transmission rate of your P-320W v3 might be reduced. Apply Click Apply to save your changes back to the P-320W v3.
  • Page 72 Chapter 4 Wireless LAN P-320W v3 User’s Guide...

  • Page 73: Wireless Client Mode

    Firewall Internet After the P-320W v3 and the access point connect, the P-320W v3 acquires its WAN IP address from the access point. The clients of the P-320W v3 can now surf the Internet. 5.2 What You Can Do Use the Wireless Client Mode screen (Section 5.3 on page...
  • Page 74 Chapter 5 Wireless Client Mode 5.3 Wireless Client Mode Screen Use this screen to use your P-320W v3 as a wireless client and connect to an existing AP. Click Wireless Client Mode to open the following screen. Figure 44 Wireless Client Mode...
  • Page 75 Function an existing AP. Select Disable to use your P-320W v3 as a router or an access point if the network to which you are connecting already has a router. Your P-320W v3 is configured as a router/access point by default.
  • Page 76 Chapter 5 Wireless Client Mode P-320W v3 User’s Guide...

  • Page 77: Wireless Tutorial

    P-320W v3 and Wireless Client This section gives you an example of how to set up wireless network using WPS. This example uses the P-320W v3 as the AP and NWD210N as the wireless client which connects to a notebook.
  • Page 78 Chapter 6 Wireless Tutorial 6.2.1 Push Button Configuration (PBC) Make sure that your P-320W v3 is turned on and that it is within range of your computer. Make sure that you have installed the wireless client (this example uses the NWD210N) driver and utility in your notebook.

  • Page 79: Pin Configuration

    Chapter 6 Wireless Tutorial The following figure shows you an example to set up wireless network and security by pressing a button on both P-320W v3 and wireless client (the NWD210N in this example). Figure 46 Example WPS Process: PBC Method...
  • Page 80 Chapter 6 Wireless Tutorial The following figure shows you the example to set up wireless network and security on P-320W v3 and wireless client (ex. NWD210N in this example) by using PIN method. Figure 47 Example WPS Process: PIN Method...
  • Page 81 WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your P-320W v3. The instructions require that your hardware is connected (see the Quick Start Guide) and you are logged into the web configurator through your LAN connection (see Section 2.2 on page...

  • Page 82: Configure Your Notebook

    Note: We use the ZyXEL M-302 wireless adapter utility screens as an example for the wireless client. The screens may vary for different models. The P-320W v3 supports IEEE 802.11b and IEEE 802.11g wireless clients. Make sure that your notebook or computer’s wireless adapter supports one of these standards.
  • Page 83 Figure 50 Connecting a Wireless Client to a Wireless Network t Select WPA-PSK and type the security key in the following screen. Click Next. Figure 51 Security Settings The Confirm Save window appears. Check your settings and click Save to continue. Figure 52 Confirm Save P-320W v3 User’s Guide...
  • Page 84 If your connection is successful, open your Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the address bar. If you are able to access the web site, your wireless connection is successfully configured. P-320W v3 User’s Guide...

  • Page 85: Lan

    Use the LAN IP screen (Section 7.4 on page 87) to change your basic LAN settings. 7.3 What You Need to Know The following sections provide information that you may need when configuring the LAN IP screen. P-320W v3 User’s Guide...

  • Page 86: Ip Pool Setup

    DNS servers to systems that support DHCP client capability. 7.3.4 Factory LAN Defaults The LAN parameters of the P-320W v3 are preset in the factory with the following values: • IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) •...

  • Page 87: Lan Ip Screen

    Table 35 Network > LAN > IP LABEL DESCRIPTION IP Address Type the IP address of your P-320W v3 in dotted decimal notation 192.168.1.1 (factory default). IP Subnet Mask The subnet mask specifies the network number portion of an IP address.
  • Page 88 Chapter 7 LAN P-320W v3 User’s Guide...

  • Page 89: Dhcp Server

    TCP/IP configuration at start-up from a server. You can configure the P-320W v3’s DHCP server(s) or disable it. When configured as a server, the P-320W v3 provides the TCP/IP configuration for the clients. If DHCP service is disabled, you must have another DHCP server on your LAN or Guest WLAN, or else the computer must be manually configured.
  • Page 90 (unlimited time). DNS Servers The P-320W v3 passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP clients. The P-320W v3 only passes this information to the LAN DHCP clients when you select the Enable DHCP Server check box. When you clear the...

  • Page 91: Static Dhcp Screen

    00-A0-C5-00-00-02. To change your P-320W v3’s Static DHCP settings, click the DHCP Server link under Network and the Static DHCP tab. The following screen displays.
  • Page 92 Reserve Select this check box in the LAN DHCP Setup or Guest WLAN DHCP Setup section to have the P-320W v3 always assign the IP address(es) to the MAC address(es) (and host name(s)). After you click Apply, the MAC address and IP address also display in the Advanced screen (where you can edit them).

  • Page 93: Network Address Translation (Nat)

    (NAT) 9.1 Overview This chapter discusses how to configure NAT on the P-320W v3. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network.

  • Page 94: Configuring Servers Behind Port Forwarding Example

    Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the P-320W v3 User’s Guide...

  • Page 95: Trigger Port Forwarding Example

    (a "trigger" port). When the P-320W v3's WAN port receives a response with a specific port number and protocol ("incoming" port), the P-320W v3 forwards the traffic to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner.

  • Page 96: Two Points To Remember About Trigger Ports

    9.5 Port Forwarding Screen Port forwarding allows you to define the local servers to which the incoming services will be forwarded. To change your P-320W v3’s port forwarding settings, click Network > NAT > Application. The screen appears as shown.
  • Page 97 Chapter 9 Network Address Translation (NAT) Note: If you do not assign a Default Server IP address in the NAT > General screen, the P-320W v3 discards all packets received for ports that are not specified in this screen or remote management.

  • Page 98: Rule Setup Screen

    Type an end port number. Server IP Type the inside IP address of the server. Address Apply Click Apply to save your changes back to the P-320W v3. Reset Click Reset to begin configuring this screen afresh. P-320W v3 User’s Guide...
  • Page 99 Trigger The trigger port is a port (or a range of ports) that causes (or triggers) the P-320W v3 to record the IP address of the LAN computer that sent the traffic to a server on the WAN. Start Port Type a port number or the starting port number in a range of port numbers.
  • Page 100 End Port Type a port number or the ending port number in a range of port numbers. Apply Click Apply to save your changes back to the P-320W v3. Reset Click Reset to begin configuring this screen afresh. 9.7 Technical Reference This section provides some technical information about the topics covered in this chapter.

  • Page 101: Vlan

    Stations on a logical network can belong to one or more groups. In the figure below, your P-320W v3 (C) has VLAN configured on two of its ports. Frames coming from computer A are tagged with Port VLAN ID (PVID) 1 and those from computer B are tagged with PVID 2.

  • Page 102: Vlan Tag

    10.4 VLAN Screen Use this screen to configure the Port VLAN ID (PVID) on the physical ports of the P-320W v3. The P-320W v3 forwards tagged frames to a VLAN-aware switch that can send the frames to its corresponding destination.
  • Page 103 VLAN. Note: Port 4’s setting is always set to LAN. This ensures that you can manage the P-320W v3 through a LAN port if necessary. PVID Enter the Port VLAN ID (1 ~ 4094) to add to untagged frames received on each port.
  • Page 104 Chapter 10 VLAN P-320W v3 User’s Guide...

  • Page 105: Security

    Security Firewall (117) Content Filtering (125)

  • Page 107: Wan

    H A P T E R 11.1 Overview This chapter discusses the P-320W v3’s WAN screens. Use these screens to configure your P-320W v3 for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.

  • Page 108: Ethernet Encapsulation

    Chapter 11 WAN 11.3 Internet Connection Screen Use this screen to configure your P-320W v3’s Internet access settings. Click Network > WAN. The screen differs according to the encapsulation you choose. 11.3.1 Ethernet Encapsulation This screen displays when you select Ethernet encapsulation.

  • Page 109: Pppoe Encapsulation

    By implementing PPPoE directly on the P-320W v3 (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the P-320W v3 does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
  • Page 110 The Maximum Transmission Unit (MTU) refers to the largest packet size that a device can forward. Enter the value (in bytes) that you want the P-320W v3 to be able to handle. The default value is 1492 bytes. Idle Timeout This value specifies the time in seconds that elapses before the router automatically disconnects from the PPPoE server.

  • Page 111: Pptp Encapsulation

    WAN MAC The MAC address section allows users to configure the WAN port's MAC Address address by using the P-320W v3’s MAC address, copying the MAC address from a computer on your LAN or manually entering a MAC address. Spoof the Select this if you want to hide your computer’s MAC address.
  • Page 112 The Maximum Transmission Unit (MTU) refers to the largest packet size that a device can forward. Enter the value (in bytes) that you want the P-320W v3 to be able to handle. The default value is 1460 bytes. P-320W v3 User’s Guide...
  • Page 113 WAN MAC Address The MAC address section allows users to configure the WAN port's MAC address by either using the P-320W v3’s MAC address, copying the MAC address from a computer on your LAN or manually entering a MAC address.

  • Page 114: Advanced Screen

    Reset Click Reset to begin configuring this screen afresh. 11.5 Traffic Redirect Screen To enable the P-320W v3 to redirect traffic, click Network > WAN > Advanced. The screen appears as shown. Figure 73 Network > WAN > Advanced P-320W v3 User’s Guide...
  • Page 115 IP address handles lots of traffic. Timeout Type the number of seconds for your P-320W v3 to wait for a ping response from the IP Address in the Check WAN IP Address field before it times out. The WAN connection is considered "down" after the P-320W v3 times out the number of times specified in the Fail Tolerance field.
  • Page 116 Chapter 11 WAN P-320W v3 User’s Guide...

  • Page 117: Firewall

    119) to to enable service blocking, enter/delete/modify the services you want to block and the date/time you want to block them. 12.3 What You Need to Know The following sections provide more information about the P-320W v3’s firewalls. P-320W v3 User’s Guide...

  • Page 118: Stateful Inspection Firewall

    Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The P-320W v3 has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet.

  • Page 119: General Firewall Screen

    Enable Firewall Select this check box to activate the firewall. The P-320W v3 performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
  • Page 120 Gnutella service. Select TCP type and enter a port range from 6345-6349. Select a service from the Available Services drop-down list and then click Add to add a service to the Blocked Services. P-320W v3 User’s Guide...

  • Page 121: Guidelines For Enhancing Security With Your Firewall

    Protect against IP spoofing by making sure the firewall is active. Keep the firewall in a secured (locked) room. P-320W v3 User’s Guide...
  • Page 122 A protocol for news groups. NFS(UDP:2049) Network File System - NFS is a client/server distributed file service that provides transparent file-sharing for network environments. NNTP(TCP:119) Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. P-320W v3 User’s Guide...
  • Page 123 TCP/IP networks. Its primary function is to allow users to log into remote host systems. TFTP(UDP:69) Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE(TCP:7000) Another videoconferencing solution. P-320W v3 User’s Guide...
  • Page 124 Chapter 12 Firewall P-320W v3 User’s Guide...

  • Page 125: Content Filtering

    Content filtering is the ability to block certain web features or specific URL keywords. The P-320W v3 can block web features such as ActiveX controls, Java applets, cookies and disable web proxies. 13.2 What You Can Do Use the Filter screen (Section 13.3 on page...
  • Page 126 WAN it is possible for LAN users to circumvent content filtering by pointing to this proxy server. Keyword Blocking Enable URL The P-320W v3 can block Web sites with URLs that contain certain Keyword keywords in the domain name or IP address. For example, if the Blocking keyword "bad"...

  • Page 127: Domain Name Or Ip Address Url Checking

    13.4.1 Domain Name or IP Address URL Checking By default, the P-320W v3 checks the URL’s domain name or IP address when performing keyword blocking. This means that the P-320W v3 checks the characters that come before the first slash in the URL.

  • Page 128: File Name Url Checking

    (or not extend) the keyword blocking search to include the URL's full path. 13.4.3 File Name URL Checking Filename URL checking has the P-320W v3 check all of the characters in the URL. For example, filename URL checking searches for keywords within the URL www.zyxel.com.tw/news/pressroom.php.

  • Page 129: Management

    Management Static Route (131) Remote Management (135) Universal Plug-and-Play (UPnP) (141)

  • Page 131: Static Route

    This chapter shows you how to configure static routes for your P-320W v3. The P-320W v3 usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the P-320W v3 send data to devices not reachable through the default gateway, use static routes.

  • Page 132: Ip Static Route Screen

    P-320W v3 that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your P-320W v3; over the WAN, the gateway must be the IP address of one of the remote nodes.

  • Page 133: Static Route Setup Screen

    This field allows you to activate/deactivate this static route. Private This parameter determines if the P-320W v3 will include this route to a remote node in its RIP broadcasts. Select this check box to keep this route private and not included in RIP broadcasts.
  • Page 134 Chapter 14 Static Route P-320W v3 User’s Guide...

  • Page 135: Remote Management

    Figure 80 Remote Management Example Internet In the figure above, the P-320W v3 (A) is being managed by a desktop computer (B) connected via LAN (Land Area Network). It is also being accessed by a notebook (C) connected via WAN (Wide Area Network).

  • Page 136: Remote Management Limitations

    The IP address in the Secured Client IP Address field (Section 15.4 on page 137) does not match the client IP address. If it does not match, the P-320W v3 will disconnect the session immediately. There is already another remote management session with an equal or higher priority running.

  • Page 137: Www Screen

    A secured client is a “trusted” computer that is allowed to communicate IP Address with the P-320W v3 using this service. Select All to allow any computer to access the P-320W v3 using this service. Choose Selected to just allow the computer with the IP address that you specify to access the P-320W v3 using this service.

  • Page 138: The Snmp Screen

    Chapter 15 Remote Management 15.5 The SNMP Screen Use this screen to have a manager station administrate your P-320W v3 over the network. To change your P-320W v3’s SNMP settings, click Management > Remote MGMT > SNMP. The following screen displays.

  • Page 139: Security Screen

    Table 57 Management > Remote MGMT > Security LABEL DESCRIPTION Do not respond Check this if you do not want the P-320W v3 respond to any incoming to ping from WAN Ping requests. Apply Click Apply to save your customized settings and exit this screen.
  • Page 140 Chapter 15 Remote Management P-320W v3 User’s Guide...

  • Page 141: Universal Plug-And-Play (Upnp)

    UPnP hardware is identified as an icon in the Network Connections folder (Windows XP). Each UPnP compatible device installed on your network will appear as a separate icon. Selecting the icon of a UPnP device will allow you to access the information and properties of that device. P-320W v3 User’s Guide...

  • Page 142: Nat Traversal

    When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the P-320W v3 allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.

  • Page 143: Upnp Screen

    P-320W v3's IP address (although you must still enter the password to access the web configurator). Apply Click Apply to save the setting to the P-320W v3. Reset Click Reset to return to the previously saved settings. 16.5 Technical Reference This section provides some technical information about the topics covered in this chapter.
  • Page 144 Components selection box. Click Details. Figure 85 Add/Remove Programs: Windows Setup: Communication In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 86 Add/Remove Programs: Windows Setup: Communication: Components P-320W v3 User’s Guide...
  • Page 145 Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections. In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 87 Network Connections P-320W v3 User’s Guide...
  • Page 146 Chapter 16 Universal Plug-and-Play (UPnP) The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Figure 88 Windows Optional Networking Components Wizard P-320W v3 User’s Guide...

  • Page 147: Using Upnp In Windows Xp Example

    This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the P-320W v3. Make sure the computer is connected to a LAN port of the P-320W v3. Turn on your computer and the P-320W v3.
  • Page 148 Chapter 16 Universal Plug-and-Play (UPnP) Right-click the icon and select Properties. Figure 90 Network Connections P-320W v3 User’s Guide...
  • Page 149 Chapter 16 Universal Plug-and-Play (UPnP) In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 91 Internet Connection Properties P-320W v3 User’s Guide...
  • Page 150 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 92 Internet Connection Properties: Advanced Settings Figure 93 Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. P-320W v3 User’s Guide...
  • Page 151 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the P-320W v3 without finding out the IP address of the P-320W v3 first. This comes helpful if you do not know the IP address of the P-320W v3.
  • Page 152 Chapter 16 Universal Plug-and-Play (UPnP) Select My Network Places under Other Places. Figure 96 Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. P-320W v3 User’s Guide...
  • Page 153 Chapter 16 Universal Plug-and-Play (UPnP) Right-click on the icon for your P-320W v3 and select Invoke. The web configurator login screen displays. Figure 97 Network Connections: My Network Places Right-click on the icon for your P-320W v3 and select Properties. A properties window displays with basic information about the P-320W v3.
  • Page 154 Chapter 16 Universal Plug-and-Play (UPnP) P-320W v3 User’s Guide...

  • Page 155: Maintenance And Troubleshooting

    Maintenance and Troubleshooting System (157) Logs (163) Product Specifications (193)

  • Page 157: System

    See the chapter about wizard setup for more information on the next few screens. 17.2 What You Can Do • Use the General screen (Section 17.4 on page 158) to identify the P-320W v3 in an Ethernet network. • Use the Dynamic DNS screen (Section 17.5 on page 160) to change your P- 320W v3’s DDNS settings...

  • Page 158: Dyndns Wildcard

    If you have a private WAN IP address, then you cannot use Dynamic DNS. 17.4 System General Screen Use this screen to identify the P-320W v3 in an Ethernet network. Click Maintenance > System. The following screen displays. Figure 99 Maintenance > System > General...
  • Page 159 LABEL DESCRIPTION System Name System Name is a unique name to identify the P-320W v3 in an Ethernet network. It is recommended you enter your computer’s “Computer name” in this field (see the chapter about wizard setup for how to find your computer’s name).

  • Page 160: Dynamic Dns Screen

    Chapter 17 System 17.5 Dynamic DNS Screen To change your P-320W v3’s DDNS settings, click Network > DDNS. The screen appears as shown. Figure 100 Dynamic DNS The following table describes the labels in this screen. Table 60 Dynamic DNS...

  • Page 161: Time Setting Screen

    Chapter 17 System 17.6 Time Setting Screen To change your P-320W v3’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the P- 320W v3’s time based on your local time zone.
  • Page 162 When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. Get from Time Select this radio button to have the P-320W v3 get the time and date Server from the time server you specified below.

  • Page 163: Logs

    • Use the Log Settings screen (Section 18.5 on page 165) to configure to where the P-320W v3 is to send logs and which logs and/or immediate alerts the P- 320W v3 to send. 18.3 What You Need to Know An alert is a type of log that warrants more serious attention.

  • Page 164: View Log Screen

    Number of an individual log. Time This field displays the time the log was recorded. See the chapter on system maintenance and information to configure the P-320W v3’s time and date. Message This field states the reason for the log.

  • Page 165: Log Settings Screen

    Chapter 18 Logs 18.5 Log Settings Screen Use this screen to configure to where the P-320W v3 is to send logs and which logs and/or immediate alerts the P-320W v3 to send. Click Maintenance > Logs > Log Settings to open the Log Settings screen.

  • Page 166: Log Descriptions

    Send Log To The P-320W v3 sends logs to the e-mail address specified in this field. If this field is left blank, the P-320W v3 does not send logs via e-mail. SMTP SMTP (Simple Mail Transfer Protocol) is the message-exchange Authentication standard for the Internet.
  • Page 167 SSH login failed server. Someone has logged on to the router's web Successful HTTPS login configurator interface using HTTPS protocol. Someone has failed to log on to the router's web HTTPS login failed configurator interface using HTTPS protocol. P-320W v3 User’s Guide...
  • Page 168 The router sent a TCP reset packet when the number of Exceed TCP MAX TCP incomplete connections exceeded the user configured incomplete, sent TCP RST threshold. (the TCP incomplete count is per destination host.) Note: Refer to TCP Maximum Incomplete in the Firewall Attack Alerts screen. P-320W v3 User’s Guide...
  • Page 169 Attempted access matched a configured filter rule [TCP | UDP | ICMP | IGMP | (denoted by its set and rule number) and was blocked Generic] packet filter or forwarded according to the rule. matched (set:%d, rule:%d) P-320W v3 User’s Guide...
  • Page 170 Starting The PPP connection’s Link Control Protocol stage is opening. ppp:LCP Opening The PPP connection’s Challenge Handshake Authentication Protocol ppp:CHAP Opening stage is opening. The PPP connection’s Internet Protocol Control Protocol stage is ppp:IPCP starting. Starting P-320W v3 User’s Guide...
  • Page 171 The P-320W v3 cannot get the IP address of the external DNS resolving failed content filtering via DNS query. Creating socket failed The P-320W v3 cannot issue a query because TCP/IP socket creation failed, port:port number. P-320W v3 User’s Guide...
  • Page 172 ICMP type and code details, see Table 78 on page 175. (type:%d, code:%d) The firewall detected an ICMP traceroute attack. For type traceroute ICMP (type:%d, and code details, see Table 78 on page 175. code:%d) P-320W v3 User’s Guide...
  • Page 173 Rcvd data <size> too is listed) from the LDAP server whose address and port are large! Max size recorded in the Source field. The maximum size of directory allowed: <max size> data that the router allows is also recorded. P-320W v3 User’s Guide...
  • Page 174 RADIUS server. check RADIUS Server. The local user database is operating as the Use Local User Database to authentication server. authenticate user. Use RADIUS to authenticate user. The RADIUS server is operating as the authentication server. P-320W v3 User’s Guide...
  • Page 175 (L to L/P) LAN to LAN/P- ACL set for packets traveling from the LAN to the 320W v3 LAN or the P-320W v3. (W to W/P) WAN to WAN/P- ACL set for packets traveling from the WAN to the 320W v3 WAN or the P-320W v3.
  • Page 176 The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. Table 80 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate P-320W v3 User’s Guide...
  • Page 177 Chapter 18 Logs Table 80 RFC-2408 ISAKMP Payload Types (continued) LOG DISPLAY PAYLOAD TYPE Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID P-320W v3 User’s Guide...
  • Page 178 Chapter 18 Logs P-320W v3 User’s Guide...

  • Page 179: Tools

    • Use the Configuration screen (Section 19.4 on page 181) to backup or restore a configuration file to your P-320W v3. You can also reset the P-320W v3 to its factory default settings. • Use the Restart screen (Section 19.5 on page 183) to reboot your P-320W v3.
  • Page 180 Click Upload to begin the upload process. This process may take up to two minutes. Note: Do not turn off the P-320W v3 while firmware upload is in progress! Wait two minutes before logging into the P-320W v3 again. Figure 105 Upload Warning The P-320W v3 automatically restarts in this time causing a temporary network disconnect.

  • Page 181: Configuration Screen

    19.4.1 Backup Configuration Backup configuration allows you to back up (save) the P-320W v3’s current configuration to a file on your computer. Once your P-320W v3 is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.

  • Page 182: Restore Configuration

    Upload Click Upload to begin the upload process. Note: Do not turn off the P-320W v3 while configuration file upload is in progress After you see the following message in the screen, you must then wait one minute before logging into the P-320W v3 again.

  • Page 183: Back To Factory Defaults

    RESET button. 19.5 Restart Screen System restart allows you to reboot the P-320W v3 without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the P-320W v3 reboot. This does not affect the P-320W v3's configuration.
  • Page 184 Chapter 19 Tools P-320W v3 User’s Guide...

  • Page 185: Troubleshooting

    The P-320W v3 does not turn on. None of the LEDs turn on. Make sure you are using the power adaptor or cord included with the P-320W v3. Make sure the power adaptor or cord is connected to the P-320W v3 and plugged in to an appropriate power source.
  • Page 186 If the DHCP setting under LAN information is Enabled. The P-320W v3 is a DHCP server on LAN. If your P-320W v3 is a DHCP client, you can find your IP address from the DHCP server. This information is only available from the DHCP server which allocates IP addresses on your network.
  • Page 187 Appendix A on page 199. Make sure your computer is in the same subnet as the P-320W v3. (If you know that there are routers between your computer and the P-320W v3, skip this step.) • If there is a DHCP server on your network, make sure your computer is using a dynamic IP address.

  • Page 188: Internet Access

    1234. This field is case-sensitive, so make sure [Caps Lock] is not on. You cannot log in to the web configurator while someone is using Telnet to access the P-320W v3. Log out of the P-320W v3 in the other session, or ask the person who is logged in to log out.
  • Page 189 20.4 Resetting the P-320W v3 to Its Factory Defaults If you reset the P-320W v3, you lose all of the changes you have made. The P- 320W v3 re-loads its default settings, and the password resets to 1234. You have to make all of your changes again.

  • Page 190: Wireless Router Troubleshooting

    If the P-320W v3 does not restart automatically, disconnect and reconnect the P- 320W v3’s power. Then, follow the directions above again. 20.5 Wireless Router Troubleshooting I cannot access the P-320W v3 or ping any computer from the WLAN (wireless router). Make sure the wireless LAN is enabled on the P-320W v3 Make sure the wireless adapter on the wireless station is working properly.

  • Page 191: Advanced Features

    If a keyword that is listed in the Keyword List is not blocked when it is found in a URL, customize the keyword blocking using commands. See the Customizing Keyword Blocking URL Checking section in the Content Filter chapter. P-320W v3 User’s Guide...
  • Page 192 Chapter 20 Troubleshooting P-320W v3 User’s Guide...

  • Page 193: Product Specifications

    Auto-crossover: Use either crossover or straight-through Ethernet cables. 4-5 Port Switch A combination of switch and router makes your P-320W v3 a cost- effective and viable network solution. You can add up to four computers to the P-320W v3 without the cost of a hub when connecting to the Internet through the WAN port.
  • Page 194 Configuration Backup & Make a copy of the P-320W v3’s configuration and put it back Restoration on the P-320W v3 later if you decide you want to revert back to an earlier configuration. Network Address Each computer on your network must have its own unique IP Translation (NAT) address.
  • Page 195 FEATURE DESCRIPTION Content Filter The P-320W v3 blocks or allows access to web sites that you specify and blocks access to web sites with URLs that contain keywords that you specify. You can define time periods and days during which content filtering is enabled. You can also include or exclude particular computers on your network from content filtering.
  • Page 196 Chapter 21 Product Specifications P-320W v3 User’s Guide...

  • Page 197: Appendices And Index

    Appendices and Index Pop-up Windows, JavaScripts and Java Permissions (199) IP Addresses and Subnetting (207) Setting up Your Computer’s IP Address (217) Wireless LANs (235) Services (247) Legal Information (251) Index (255)
  • Page 199 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 113 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. P-320W v3 User’s Guide...
  • Page 200 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. P-320W v3 User’s Guide...
  • Page 201 Select Settings…to open the Pop-up Blocker Settings screen. Figure 115 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. P-320W v3 User’s Guide...
  • Page 202 Figure 116 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. P-320W v3 User’s Guide...
  • Page 203 Figure 117 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). P-320W v3 User’s Guide...

  • Page 204: Java Permissions

    Figure 118 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. P-320W v3 User’s Guide...
  • Page 205 Click OK to close the window. Figure 119 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. P-320W v3 User’s Guide...
  • Page 206 Appendix A Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 120 Java (Sun) P-320W v3 User’s Guide...

  • Page 207: Ip Addresses And Subnetting

    192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. P-320W v3 User’s Guide...

  • Page 208: Subnet Masks

    ID of an IP address (192.168.1.2 in decimal). Table 85 Subnet Mask - Identifying Network Number OCTET: OCTET: OCTET: OCTET (192) (168) IP Address (Binary) 11000000 10101000 00000001 00000010 Subnet Mask (Binary) 11111111 11111111 11111111 00000000 P-320W v3 User’s Guide...
  • Page 209 An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network (192.168.1.255 with a 24-bit subnet mask, for example). P-320W v3 User’s Guide...
  • Page 210 Table 88 Alternative Subnet Mask Notation SUBNET ALTERNATIVE LAST OCTET LAST OCTET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.12 1000 0000 255.255.255.19 1100 0000 255.255.255.22 1110 0000 255.255.255.24 1111 0000 255.255.255.24 1111 1000 255.255.255.25 1111 1100 P-320W v3 User’s Guide...
  • Page 211 You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25). The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. P-320W v3 User’s Guide...
  • Page 212 Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. P-320W v3 User’s Guide...
  • Page 213 Lowest Host ID: 192.168.1.129 192.168.1.128 Broadcast Address: Highest Host ID: 192.168.1.190 192.168.1.191 Table 92 Subnet 4 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001 11000000 Subnet Mask (Binary) 11111111.11111111.11111111 11000000 P-320W v3 User’s Guide...
  • Page 214 The following table is a summary for subnet planning on a network with a 24-bit network number. Table 94 24-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.128 (/25) 255.255.255.192 (/26) 255.255.255.224 (/27) 255.255.255.240 (/28) 255.255.255.248 (/29) 255.255.255.252 (/30) 255.255.255.254 (/31) P-320W v3 User’s Guide...

  • Page 215: Configuring Ip Addresses

    You must also enable Network Address Translation (NAT) on the P-320W v3. Once you have decided on the network number, pick an IP address for your P- 320W v3 that is easy to remember (for instance, 192.168.1.1) but make sure that...
  • Page 216 Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. P-320W v3 User’s Guide...
  • Page 217 "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the Prestige’s LAN port. P-320W v3 User’s Guide...
  • Page 218 In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: In the Network window, click Add. Select Protocol and then click Add. P-320W v3 User’s Guide...
  • Page 219 • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 125 Windows 95/98/Me: TCP/IP Properties: IP Address P-320W v3 User’s Guide...
  • Page 220 Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your Prestige and restart your computer when prompted. Verifying Settings Click Start and then Run. In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. P-320W v3 User’s Guide...
  • Page 221 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 127 Windows XP: Start Menu P-320W v3 User’s Guide...
  • Page 222 In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT). Figure 128 Windows XP: Control Panel Right-click Local Area Connection and then click Properties. Figure 129 Windows XP: Control Panel: Network Connections: Properties P-320W v3 User’s Guide...
  • Page 223 • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. P-320W v3 User’s Guide...
  • Page 224 Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. P-320W v3 User’s Guide...
  • Page 225 • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. P-320W v3 User’s Guide...
  • Page 226 Click Start, All Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. P-320W v3 User’s Guide...
  • Page 227 Appendix C Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 134 Macintosh OS 8/9: Apple Menu P-320W v3 User’s Guide...
  • Page 228 Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration. Turn on your Prestige and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window. P-320W v3 User’s Guide...

  • Page 229: Macintosh Os X

    • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. Figure 137 Macintosh OS X: Network P-320W v3 User’s Guide...
  • Page 230 Follow the steps below to configure your computer IP address using the KDE. Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 138 Red Hat 9.0: KDE: Network Configuration: Devices P-320W v3 User’s Guide...
  • Page 231 Click OK to save the changes and close the Ethernet Device General screen. If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 140 Red Hat 9.0: KDE: Network Configuration: DNS P-320W v3 User’s Guide...
  • Page 232 • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 142 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet P-320W v3 User’s Guide...
  • Page 233 Figure 145 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] P-320W v3 User’s Guide...

  • Page 234: Verifying Settings

    Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# P-320W v3 User’s Guide...

  • Page 235: Wireless Lans

    (AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate P-320W v3 User’s Guide...
  • Page 236 This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. P-320W v3 User’s Guide...
  • Page 237 AP is using channel 1, then you need to select a channel between 6 or 11. Note: To comply with US FCC regulation, the country selection function has been completely removed from all US models. The above function is for non-US models only. P-320W v3 User’s Guide...
  • Page 238 If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. P-320W v3 User’s Guide...

  • Page 239: Fragmentation Threshold

    IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has P-320W v3 User’s Guide...
  • Page 240 • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless station and the network RADIUS server. P-320W v3 User’s Guide...

  • Page 241: Types Of Authentication

    The wireless station ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. P-320W v3 User’s Guide...
  • Page 242 The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. P-320W v3 User’s Guide...
  • Page 243 Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. P-320W v3 User’s Guide...
  • Page 244 If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. P-320W v3 User’s Guide...
  • Page 245 AP and the wireless clients. P-320W v3 User’s Guide...

  • Page 246: Security Parameters Summary

    Open None Disable Enable without Dynamic WEP Open Enable with Dynamic WEP Enable without Dynamic WEP Disable Shared Enable with Dynamic WEP Enable without Dynamic WEP Disable TKIP Enable WPA-PSK TKIP Enable WPA2 Enable WPA2-PSK Enable P-320W v3 User’s Guide...
  • Page 247 • If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. • If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. P-320W v3 User’s Guide...
  • Page 248 IMAP4 The Internet Message Access Protocol is used for e-mail. IMAP4S This is a more secure version of IMAP4 that runs over SSL. TCP/UDP 6667 This is another popular Internet chat program. P-320W v3 User’s Guide...
  • Page 249 ROADRUNNER TCP/UDP 1026 This is an ISP that provides services mainly for cable modems. RTELNET Remote Telnet. RTSP TCP/UDP The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. P-320W v3 User’s Guide...
  • Page 250 Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the user- application. defined P-320W v3 User’s Guide...

  • Page 251: Legal Information

    ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
  • Page 252 • IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware- limited to channels 1 through 11. • To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons. P-320W v3 User’s Guide...

  • Page 253: Zyxel Limited Warranty

    Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or P-320W v3 User’s Guide...
  • Page 254 Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-320W v3 User’s Guide...
  • Page 255 Dynamic WEP Key Exchange Certificate Authority DynDNS Wildcard certifications notices viewing CFI (Canonical Format Indicator) Channel 29, 237 Interference EAP Authentication channel Encryption Configuration encryption backup and local (user) database reset the factory defaults restore WPA compatible Cookies P-320W v3 User’s Guide...
  • Page 256 MAC filter IEEE 802.11g managing the device Independent Basic Service Set good habits Install UPnP using the web configurator. See web Windows Me configurator. Windows XP MBSSID Internet Assigned Numbers Authority Media access control See IANA Metric P-320W v3 User’s Guide...
  • Page 257 Point-to-Point Protocol over Simple Mail Transfer Protocol Ethernet SMTP PPTP 46, 111 SNMP see also Point-to-Point Tunneling Protocol SSID 29, 56, 61 Preamble Mode Static Route Private Status product registration subnet P-320W v3 User’s Guide...
  • Page 258 Forum security issues wireless channel URL Keyword Blocking wireless LAN Use Authentication Wireless LAN wizard user authentication Wireless network local (user) database basic guidelines RADIUS server channel encryption User Name example MAC address filter overview security P-320W v3 User’s Guide...
  • Page 259 Wireless tutorial Wizard setup complete Internet connection system information wireless LAN WLAN Interference Security Parameters with RADIUS application example WPA compatible WPA, WPA2 WPA2 with RADIUS application example WPA2-PSK application example WPA-PSK application example ZyNOS P-320W v3 User’s Guide...
  • Page 260 Index P-320W v3 User’s Guide...

Table of Contents