Page 1 P-660HW-Tx v2 Series 802.11g Wireless ADSL2+ 4-port Gateway Support Notes Version3.40 Mar. 2006...
Page 2: Table Of Contents
2. What is the default password for Web Configurator?...12 3. What’s the difference between ‘Common User Account’ and ‘Administrator Account’? ...12 4. How do I know the P-660HW-Tx v2's WAN IP address assigned by the ISP?...12 5. What is the micro filter or splitter used for?...13 6.
Page 3 3. What is the microfilter used for? ...18 4. How do I know the ADSL line is up?...18 5. How does the P-660HW-Tx v2 work on a noisy ADSL? ...18 6. Does the VC-based multiplexing perform better than the LLC-based multiplexing?...19...
Page 4 8. What is Server Set ID (SSID)? ...34 9. What is an ESSID? ...34 Security FAQ ...34 1. How do I secure the data across the P-660HW-Tx v2 Access Point's radio link? ...34 2. What is WEP? ...34 3. What is WPA? ...35 All contents copyright ©...
Page 5 12. Using IP Multicast...76 13. Using Bandwidth Management...77 14. Using Zero-Configuration ...80 15. How could I configure triple play on P-660HW-Tx v2? ...83 16. How to configure packet filter on P-660HW-Tx v2? ...83 Wireless Application Notes...87 1. Configure a Wireless Client to Ad hoc mode ...87 2.
Page 7: Faq
Note: It is protected by super password, ‘1234’ by factory default. 4. How do I update the firmware and configuration file? You can do this if you access the P-660HW-Tx v2 as Administrator. You can upload the firmware and configuration file to Prestige from Web Condigurator, or using FTP or TFTP client software.
Page 8: How Do I Restore P-660Hw-Tx V2 Configurations By Using Tftp Client Program Via Lan
In case you forget the system password, you can erase the current configuration and restore factory defaults this way: Use the RESET button on the rear panel of P-660HW-Tx v2 to reset the router. After the router is reset, the LAN IP address will be reset to '192.168.1.1', the common user password will be reset to 'user', the Administrator password will be reset to ‘1234’.
Page 9: What Is Sua? When Should I Use Sua
Many-to-One and Server. With SUA, 'visible' servers had to be mapped to different ports, since the servers share only one global IP. The P-660HW-Tx v2 now has Full Feature NAT which supports five types of IP/Port mapping: One to One, Many to One, Many to Many Overload, Many to Many No Overload and Server.
Page 10: Is It Possible To Access A Server Running Behind Sua From The Outside Internet? If Possible, How
11. Is it possible to access a server running behind SUA from the outside Internet? If possible, how? Yes, it is possible because P-660HW-Tx v2 delivers the packet to the local server by looking up to a SUA server table. Therefore, to make a local server accessible to the outside users, the port number and the inside IP address of the server must be configured.
Page 11: How Many Network Users Can The Sua/Nat Support
The Prestige does not limit the number of the users but the number of the NAT sessions. The P-660HW-Tx v2 supports 1024 sessions that you can use the 'ip nat session' command in CLI to see. You can also use ‘ip nat hashTable wanif0’...
Page 12: How Can I Protect Against Ip Spoofing Attacks
16. How can I protect against IP spoofing attacks? The P-660HW-Tx v2's filter sets provide a means to protect against IP spoofing attacks. The basic scheme is as follows: For the input data filter: • Deny packets from the outside that claim to be from the inside •...
Page 13: Product Faq
Moreover, only with Administrator Password, you could manage the P-660HW-Tx v2 via FTP/TFTP or Telnet. 4. How do I know the P-660HW-Tx v2's WAN IP address assigned by the ISP? You can view "My WAN IP <from ISP> : x.x.x.x" shown in Web Configurator ‘Status->Device Information ->WAN Information’...
Page 14: What Is The Micro Filter Or Splitter Used For
You can also check your ISP or the information sheet given by the ISP. Please choose PPPoE as the encapsulation type in the P-660HW-Tx v2 if the ISP uses PPPoE. 8. Why does my provider use PPPoE? PPPoE emulates a familiar Dial-Up connection.
Page 15: When Do I Need Ddns Service
IP address we can use the DDNS service. The DDNS server allows to alias a dynamic IP address to a static hostname. Whenever the ISP assigns you a new IP, the P-660HW-Tx v2 sends this IP to the DDNS server for its updates.
Page 16: How Do I Setup My P-660Hw-Tx V2 For Routing Ipsec Packets Over Sua
Because the remote gateway checks this source port during connections, the port thus is not allowed to be changed. 13. How do I setup my P-660HW-Tx v2 for routing IPSec packets over SUA? For outgoing IPSec tunnels, no extra setting is required.
Page 17: What Do The Parameters (Pcr, Scr, Mbs) Mean
P-660HW-Tx v2 Series Support Notes fluctuating natural bit rate. The P-660HW-Tx v2 is able to support variable traffic among different virtual connections. Certain traffic may be discarded if the virtual connection experiences congestion. Traffic shaping defines a set of actions taken by the P-660HW-Tx v2 to avoid congestion; traffic shaping takes measures to adapt to unpredictable fluctuations in traffic flows and other problems among virtual connections.
Page 18: What Is Content Filter
(that you specify) in the URL. You can set a schedule for when the P-660HW-Tx v2 performs content filtering. You can also specify trusted IP Addresses on LAN for which the P-660HW-Tx v2 will not perform content filtering. You can configure the details about it in Web Configurator, Advanced setup, Security ->...
Page 19: Adsl Faq
4. How do I know the ADSL line is up? You can see the DSL LED Green on the P-660HW-Tx v2's front panel is on when the ADSL physical layer is up.
Page 20: Does The Vc-Based Multiplexing Perform Better Than The Llc-Based Multiplexing
Maintenance -> Diagnostic -> DSL Line -> DSL Status: 8. What are the signaling pins of the ADSL connector? The signaling pins on the P-660HW-Tx v2's ADSL connector are pin 3 and pin 4. The middle two pins for a RJ11 cable.
Page 21 Triple Play is a port-based policy to forward packets from different LAN port to different PVCs, thus you can configure each PVC separately to assign different QoS to different application. All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 22: Firewall Faq
2. What makes P-660HW-Tx v2 secure? The P-660HW-Tx v2 is pre-configured to automatically detect and thwart Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND attack, IP Spoofing, etc. It also uses stateful packet inspection to determine if an inbound connection is allowed through the firewall to the private LAN.
Page 23: What Kind Of Firewall Is The P-660Hw-Tx V2
4. The P-660HW-Tx v2's firewall is fast. It uses a hashing function to search the matched session cache instead of going through every individual rule for a packet.
Page 24: What Is Ping Of Death Attack
IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself. All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 25: What Is Brute-Force Attack
1. How do I configure the firewall? You can use the Web Configurator to configure the firewall for P-660HW-Tx v2. By factory default, if you connect your PC to the LAN Interface of P-660HW-Tx v2, you can access Web Configurator via ‘http://192.168.1.1’.
Page 26: Why Can't I Configure My P-660Hw-Tx V2 Using Web Configurator/Telnet Over Wan
1. Change the default Administrator password since it is required when setting up the firewall. 2. Limit who can access to your P-660HW-Tx v2’s Web Configurator or CLI. You can enter the IP address of the secured LAN host in Web Configurator, Advanced Setup, Advanced ->...
Page 27: Why Can't I Upload The Firmware And Configuration File Using Ftp Over Wan
FTP connection from WAN. The WAN-to-LAN ACL summary will look like as shown below. Source IP= FTP host Destination IP= P-660HW-Tx v2's WAN IP All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 28: Log And Alert
Log and Alert . When does the P-660HW-Tx v2 generate the firewall log? The P-660HW-Tx v2 generates the firewall log immediately when the packet matches a firewall rule. The log for Default Firewall Policy (LAN to WAN, WAN to LAN, WAN to WAN) is generated automatically with factory default setting, but you can change it in Web Configurator.
Page 29: When Does The P-660Hw-Tx V2 Generate The Firewall Alert
5. What is the difference between the log and alert? A log entry is just added to the log inside the P-660HW-Tx v2 and e-mailed together with all other log entries at the scheduled time as configured. An alert is e-mailed immediately after an attacked is detected.
Page 30: Wireless Faq
100 times faster, becomes popular as well. The setup cost of Wireless LAN is relative high because the equipment cost including access point and PCMCIA Wireless LAN card is higher than hubs and CAT 5 cables. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 31: Where Can You Find 802.11 Wireless Networks
802.11b or 802.11g networks. In other words, a user equipped with an 802.11b or 802.11g radio card will not be able to interface directly to an 802.11a access point. Multi-mode NICs will solve this problem. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 32: What Is 802.11G
Transmitting through a wall is possible depending upon the material used in its construction. In general, metals and substances with a high water content do not allow radio waves to pass through. Metals reflect radio waves and concrete All contents copyright © 2006 ZyXEL Communications Corporation.
Page 33: What Are Potential Factors That May Causes Interference Among Wlan Products
P-660HW-Tx v2 to initialize the module. 19. Does P-660HW-Tx v2 support WEP? Yes, P-660HW-Tx v2 supports 64-bit/128-bit/256 WEP. 20. What wireless standard does P-660HW-Tx v2 support? It supports IEEE 802.11b/g/g+ standard. 21. Does P-660HW-Tx v2 support MAC filtering? Yes, it supports up to 32 MAC Address filtering.
Page 34: Does P-660Hw-Tx V2 Support Auto Rate Adaption
P-660HW-Tx v2 Series Support Notes 22. Does P-660HW-Tx v2 support auto rate adaption? Yes, it means that the AP on P-660HW-Tx v2 will automatically decelerate when devices move beyond the optimal range, or other interference is present. If the device moves back within the range of a higher-speed transmission, the connection will automatically speed up again.
Page 35: Why The 2.4 Ghz Frequency Range
AP. The ESSID is a 32-character maximum string and is case-sensitive. Security FAQ 1. How do I secure the data across the P-660HW-Tx v2 Access Point's radio link? To secure the date across the P-660HW-Tx v2 Access Point’s radio link, we...
Page 36: What Is Wpa
WAP applies IEEE 802.1x Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. You can not use the P-660HW-Tx v2's local user database for WPA authentication purpose since the local user database uses MD5 EAP which can not to generate keys.
Page 37: Can The Ssid Be Encrypted
WPA-PSK security mode automatically with just one touch at the reset button on rear panel. To use this function on P-660HW-Tx v2, you could press the reset button on P-660HW-Tx v2 for 1~5 seconds, the OTIST is actived. The P-660HW-Tx v2 will enhance the Wireless Security Level to WPA-PSK automatically if no WLAN security has been set.
Page 38: Application Notes
In this case, we use P-660HW-Tx v2 which works as an ADSL bridge modem to connect to the ISP. The ISP will generally give one Internet account and limit only one computer to access the Internet.
Page 39 P-660HW-Tx v2 Series Support Notes Setup your P-660HW-Tx v2 under bridge mode The following procedure shows you how to configure your P-660HW-Tx v2 as bridge mode. We will use Web Configurator to guide you through the related menu. (1) Configure P-660HW-Tx v2 as bridge mode and configure Internet setup parameters in Web Configurator, Advanced Setup, Network ->...
Page 40: Internet Access Using P-660Hw-Tx V2 Under Routing Mode
Identifier) given to you by your ISP. (2) Turn off DHCP Server and configure a LAN IP for the P-660HW-Tx v2 in Web Configurator, Advanced Setup, Network -> LAN. We use 192.168.1.1 as the LAN IP for P-660HW-Tx v2 in this case: Step 1: Disactive DHCP Server and apply it: Step 2: Assign an IP to the LAN Interface of P-660HW-Tx v2, e.g.:...
Page 41 IP address of the computer is assigned by the P-660HW-Tx v2. The P-660HW-Tx v2 can also provide the DNS to the clients via DHCP if it is available. For this setup in Windows, we check the option 'Obtain an IP address automatically' in its TCP/IP setup.
Page 42: Setup The P-660Hw-Tx V2 As A Dhcp Relay
Otherwise, set to Static and enter the IP in the IP Assignment Address field. (2) Configure a LAN IP for the P-660HW-Tx v2 and the DHCP settings in Web Configurator, Advanced Setup, Network -> LAN. 3. Setup the P-660HW-Tx v2 as a DHCP Relay •...
Page 43: Sua Notes
• Setup the P-660HW-Tx v2 as a DHCP Relay We could set the P-660HW-Tx v2 as a DHCP Relay by the following command in CLI: Ip dhcp enif0 mode relay Ip dhcp enif0 relay server 4. SUA Notes Tested SUA/NAT Applications (e.g., Cu-SeeMe, ICQ, NetMeeting)
Page 44 QuakeIII1.05 beta StartCraft. Quick Time 4.0 pcAnywhere 8.0 IPsec (ESP tunneling mode) None (one client only) Microsoft Messenger Service 6901/client IP All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes None None None None for Chat.
Page 45 Certain Quake servers do not allow multiple users to login using the same unique IP, so only one Quake user will be allowed in this case. Moreover, when a Quake server is configured behind SUA, P-660HW-Tx v2 will not be able to provide information of that server on the internet.
Page 46 Also, since you need to specify the IP address of a server behind the P-660HW-Tx v2, a server must have a fixed IP address and not be a DHCP client whose IP address potentially changes each time P-660HW-Tx v2 is powered on.
Page 47 Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding. The outside users can access the local server using the P-660HW-Tx v2's WAN IP address which can be obtained from Web Configurator, Status -> WAN Information.
Page 48 All data sent over this connection can be encrypted and compressed, and multiple network level protocols (TCP/IP, NetBEUI and All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes Port Number...
Page 49 Configuration This application note explains how to establish a PPTP connection with a remote private network in the P-660HW-Tx v2 SUA case. In ZyNOS, all PPTP packets can be forwarded to the internal PPTP Server (WinNT server) behind SUA. The port number of the PPTP has to be entered in the Web Configurator, Advanced Setup, Network ->...
Page 50 Example The following example shows how to dial to an ISP via the P-660HW-Tx v2 and then establish a tunnel to a private network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT), PPTP client (Win9x) and the P-660HW-Tx v2.
Page 51 Internet IP address that the ISP assigns to P-660HW-Tx v2 router in SUA mode and enter this IP address in the VPN dial-up dialog box. You can check this Internet IP address from PNC Monitor or Web Configurator, Status ->...
Page 52: Using Full Feature Nat
5. Using Full Feature NAT When P-660HW-Tx v2 is in Routing mode, you can select NAT Option as Full Feature in Network -> Remote Node -> Edit: Key Settings: Field Options Full Feature None Network Address Translation SUA Only Configuring NAT Address Mapping Sets and NAT Server Sets All contents copyright ©...
Page 53 The P-660HW-Tx v2 has 8 remote nodes and so allows you to configure 8 NAT Address Mapping Sets, You must specify which NAT Address Mapping Set (1~8) to use in the remote node when you select Full Feature NAT. You can edit 10 rules for each Address Mapping Set. You can edit the rules for Address Mapping Sets #1 in Web Configurator.
Page 54 Click the ‘Edit’ Button on the rule #1, then you can enter the window in which you can edit an individual rule and configure the Mapping Type, Local and Global Start/End IPs: All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes Many-to-One and...
Page 55 Start IP address. • Configure Address Mapping Sets in CLI Setp 1: Telnet to the P-660HW-Tx v2. (We suppose the LAN IP Address of P-660HW-Tx v2 is 192.168.1.1) Step 2: Select one Address Mapping Set (#1~#8) by command ‘ip nat addrmap map [map #] [set name]’...
Page 56 [set#] ip nat server disp [1] All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes Description Select NAT address mapping set and set mapping set...
Page 57 192.168.1.36 and a FTP server at 192.168.1.33, then you need to specify for port 80 (Web) the server at IP address 192.168.1.36 and for port 21 (FTP) another at IP address 192.168.1.33. All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes server sets Save the NAT server set buffer into flash Clear the server set [set#], must use “save”...
Page 58 Internet Access with an Internal Server • Using Multiple Global IP addresses for clients and servers • Support Non NAT Friendly Applications (1) Internet Access Only All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes Port Number 1723...
Page 59 In this case, we do exactly as the figure (use the convenient pre-configured SUA Only set) and also go to Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding to specify the Internet Server behind the NAT as All contents copyright © 2006 ZyXEL Communications Corporation.
Page 60 Rule 4 (Server type) to map a web server and mail server with ILA3 (192.168.1.20) to IGA3. Type Server allows us to specify multiple servers, of different types, to other machines behind NAT on the LAN. All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 61 Step 1: In this case, we need to map ILA to more than one IGA, therefore we must choose the Full Feature option from the NAT field in currently active remote node, and assign IGA3 to P-660HW-Tx v2’s WAN IP Address. Step 2: Go to Web Configurator, Advanced Setup, Network -> NAT ->...
Page 62 (200.0.0.3). Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.168.1.20) to IGA3. Menu Network -> NAT -> Address Mapping should look as follows now: All contents copyright © 2006 ZyXEL Communications Corporation.
Page 63 IP address. In this case it is better to use Many-to-Many No Overload or One-to-One NAT mapping types, thus each user login to the server using a unique global IP address. The following figure illustrates this. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 64: Using The Dynamic Dns (Ddns)
This solves the problems if your DNS server uses an IP associated with dynamic IPs. Without DDNS, we always tell the users to use the WAN IP of the P-660HW-Tx v2 to access the internal server. It is inconvenient for the users if this IP is dynamic.
Page 65 When the ISP assigns the P-660HW-Tx v2 a new IP, the P-660HW-Tx v2 must inform the DDNS server the change of this IP so that the server can update its IP-to-DNS entry. Once the IP-to-DNS table in the DDNS server is updated, the DNS name for your web server (i.e., www.zyxel.com.tw) is still usable.
Page 66: Network Management Using Snmp
7. Network Management Using SNMP • ZyXEL SNMP Implementation ZyXEL currently includes SNMP support in some P-660HW-Tx v2 routers. It is implemented based on the SNMPv1, so it will be able to communicate with SNMPv1 NMSs. Further, users can also add ZyXEL's private MIB in the NMS to monitor and control additional system variables.
Page 67 System has to reboot for some fatal errors. And traps with the message of the fatal code will be sent. • Downloading ZyXEL's private MIB • Configure the P-660HW-Tx v2 for SNMP All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 68 Enter the correct Set Community. This Set Community must match the Community 'Set-community requested from the NMS. The default is 'public'. Enter the IP address of the NMS. The P-660HW-Tx v2 will only respond Trusted to SNMP messages coming from this IP address. If 0.0.0.0 is entered, Host the P-660HW-Tx v2 will respond to all NMS managers.
Page 69: Using Syslog
In a typical environment, a LAN router is required to connect two local networks. The P-660HW-Tx v2 can connect three local networks to the ISP or a remote node, we call this function as 'IP Alias'. In this case, an internal router is not required.
Page 70 'IP Alias 1' and 'IP Alias 2' can be configured in Network -> LAN -> IP Alias. There are three internal virtual LAN interfaces for the P-660HW-Tx v2 to route the packets from/to the three networks correctly. They are enif0 for the major network, enif0:0 for the IP alias 1 and enif0:1 for the IP alias 2.
Page 71: Using Ip Policy Routing
LAN -> IP/DHCP Setup by configuring the P-660HW-Tx v2's first LAN IP address. Key Settings: DHCP If the P-660HW-Tx v2's DHCP server is enabled, the IP pool for the clients Setup can be any of the three networks. TCP/IP Enter the first LAN IP address for the P-660HW-Tx v2. This will create the Setup first route in the enif0 interface.
Page 72 The inclusion of length criterion is to differentiate between interactive and bulk traffic. Interactive applications, e.g., Telnet, tend to have short packets, while bulk traffic, e.g., file transfer, tends to have large packets. All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 73 (Set the name as Test of IP routing policy rule ) ip policyrouting set active (Enable the rule) ip policyrouting set criteria protocol All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes Packet length= Len Comp= N/A end= 192.168.1.20...
Page 74 WAN interface. Apply to WAN Interface (Suppose we apply it to remote node example): wan node index wan node ippolicy All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes 192.168.1.2 192.168.1.20 0.0.0.0 80 80 actmatched 192.168.1.254...
Page 75: Using Call Scheduling
• What is Call Scheduling? Call scheduling enables the mechanism for the P-660HW-Tx v2 to run the remote node connection according to the pre-defined schedule. This feature is just like the scheduler ina video recorder which records the program according to the specified time.
Page 76 For example, if we want to apply the call schedule set 1 to remote node 1, we could use the commands: wan node index wan node callsch wan node save All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 77: Using Ip Multicast
Time service is implemented by the Daytime protocol(RFC-867), Time protocol(RFC-868), and NTP protocol(RFC-1305). You have to assign an IP address of a time server and then, the P-660HW-Tx v2 will get the date, time, and time-zone information from this server. You can configure it in Web Configurator, Advanced Setup, Maintenance ->...
Page 78: Using Bandwidth Management
At start up, the P-660HW-Tx v2 queries all directly connected networks to gather group membership. After that, the P-660HW-Tx v2 updates the information by periodic queries. The P-660HW-Tx v2 implementation of IGMP is also compatible with version 1.
Page 79 Step 2: Go to Web Configurator, Advanced Setup, Advanced -> Bandwidth MGMT-> Rule Setup, select the interface, Service, Priority, and Allocated Bandwidth for this rule, then click button ‘Add’ to apply this rule. All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 80 Maximize Bandwidth Usage on the interface to meet the condition.) Service Select User-defined, SIP, FTP, or H.323 to specify the traffic types Destination Enter the IP address of destination that meets this class. IP Address All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 81: Using Zero-Configuration
Whenever system send out all the probing patterns with specific VPI/VCI, system will wait for 5~10 seconds and get the response from ISP, the response patterns will decide which kinds of ADSL All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 82 (2) If you want to enable all service for VC hunting, the service bits will be 1+2+4+8+16+32=63(decimal)= 3f (hex), you must input 3f Need to perform save after this by command ‘wan atm vchunt save’ All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 84: How Could I Configure Triple Play On P-660Hw-Tx V2
16. How to configure packet filter on P-660HW-Tx v2? The P-660HW-Tx v2 allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You can apply up to four filter sets to a particular port to block multiple types of packets.
Page 85 P-660HW-Tx v2 Series Support Notes The packet filter function on P-660HW-Tx v2 is the same as before, just that you could only configure the filter set and apply them by command in CLI. It’s very complex for common users to do it. So here’s the recommendation: (1) Usually if you want to block special packets, you could edit a firewall rule in Web Configurator.
Page 86 [protocol #] sys filter set sourceroute [yes|no] sys filter set destip [address] [subnet All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes Set the index of filter set rule, you must apply this...
Page 87 [set#][rule#] sys filter set freememory All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes the rule Set the destination port and compare type (compare...
Page 88: Wireless Application Notes
Step 1: Double click on the utility icon in your windows task bar the utility will pop up on your windows screen. Step 2: Select configuration tab. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 89 Step 4: Since there is no DHCP server to give the host IP you must first designate a static IP for your station. From Windows Start select Control Panel >Network Connection>Wireless Network Connection. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 90: Configuration For Wireless Station B
Step1: Double click on the utility icon in your windows task bar the utility will pop up on your windows screen. Step 2: Select configuration tab. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 91 Step 4: Since there is no DHCP server to give the host IP you must first designate a static IP for your station. From Windows Start select Control Panel >Network Connection>Wireless Network Connection. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 92: Configuring Infrastructure Mode
For Infrastructure WLANs, multiple Access Points(APs) like the WLAN to the wired network and allow users to efficiently share network resources. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 93 P-660HW-Tx v2 Series Support Notes Configure Wireless Access Point to Infrastructure mode using Web configurator. To configure Infrastructure mode of your P-660HW-Tx v2 wireless AP please follow the steps below. Step 1: Login Web Configurator, Advanced Setup, Network -> Wireless LAN ->...
Page 94 Adapter please follow the following steps. Step 1: Double click on the utility icon in your windows task bar the utility will pop up on your windows screen. Step 2: Select configuration tab. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 95 Change to take effect. Step 4: Click on Site Survey tab, and press search all the available AP will be listed. Step 5: Double click on the AP you want to associated with. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 96: Mac Filter
This provides an additional layer of control layer in that only stations with registered MAC addresses can connect. This approach requires that the list of MAC addresses be configured. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 97 Filter Action will be allowed to associate with AP. If Deny Association is selected in this field, hosts with MAC addresses configured in this list will be blocked. All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 98: Setup Wep (Wired Equivalent Privacy)
You can set up the Access Point from Web configurator， Advanced Setup, Network -> Wireless LAN -> General. (You can also configure it via CLI): Step 1: Select ‘Static WEP’ from the pull down menu ‘Security Mode’ in Web Configurator: All contents copyright © 2006 ZyXEL Communications Corporation.
Page 99 256-bit WEP key (secret key) with 58 hexadecimal digits There are two ways you can configure the WEP Key. (1) You can put in a special WEP key in the ‘WEP Key’ menu directly. All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 100 P-660HW-Tx v2 Series Support Notes (2) You can also put in an arbitrary sequence of characters in the ‘Passphrase’ and then press button ‘Generate’ to let the P-660HW-Tx v2 generate WEP Key for you: • Setting up the Station Step 1: Double click on the utility icon in your windows task bar or right click the utility icon then select 'Show Config Utility'.
Page 101 Note: If the utility icon doesn't exist in your task bar, click Start -> Programs -> …… to start the utility. Step 2: Select the 'Configuration' tab. Select ‘Set Security’ to configure encryption type and parameters correspond with access point. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 102 P-660HW-Tx v2 Series Support Notes Note: You should select Key 1 as default Transmit Key, since the P-660HW-Tx v2 is supposed to use Key 1 by default. Key settings The WEP Encryption type of station has to equal to the access point.
Page 103: Site Survey
Survey on Site Step 1: With the diagram with all information you gathered in the preparation phase. Now you are ready to make the survey. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 104 Record down the changes at point where transfer rate drop and the link quality and signal strength information on the diagram as you go alone. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 105 Step 8: Repeat step 1~6 of survey on site as necessary, upon completion you will have an diagram and information of site survey. As illustrated below. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 106: Configure 802.1X And Wpa
WAP applies IEEE 802.1x Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. You can not use the P-660HW-Tx v2's local user database for WPA authentication purpose since the local user database uses MD5 EAP which can not to generate keys.
Page 107 Authentication can be done using local user database internal to the P-660HW-Tx v2 (authenticate up to 32 users) or an external RADIUS server for an unlimited number of users. Step 1: To change your P-660HW-Tx v2's authentication settings, login Web Configurator, Advanced Setup, Network ->...
Page 108 Step 1: Double click on your wireless utility icon in your windows task bar, the utility will pop up on your windows screen. Step 2: Select the configuration tab, type in the SSID (Service Set Identifier), select the operating Mode as Infrastructure, and select proper channel. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 109 P-660HW-Tx v2 Series Support Notes Step 3: Click Set Security to configure the security parameters: Step 4: Click OK for finish, and begin to Site survey. Connect to the AP as you have configured. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 110 P-660HW-Tx v2 Series Support Notes Step 5: Click Link Info tab, if the PC associated and authenticated with AP successfully, we will see the following information. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 111: Support Tool
Offline Trace--capture the trace first and display later The details for capturing the trace in CLI as follows: First of all, you need to telnet to the P-660HW-Tx v2 firstly. The password is Administrator passwords, ‘admin’ by default. • Online Trace (1) Trace LAN packet •...
Page 112 • Enable the trace log by entering: • Display the brief trace online by entering: • Display the detailed trace online by entering: Example: All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes sys trcp channel enet0 sys trcp channel mpoa00 sys trcp sw on &...
Page 113: Offline Trace
• Disable the trace log by entering: • Display the trace briefly by entering: • Display specific packets by using: All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes sys trcp channel sys trcp channel enet0 sys trcp sw on &...
Page 114: Capture The Detailed Logs By Hyper Terminal
• Capture the detailed logs by Hyper Terminal Step 1: Initiate a hyper terminal connection from your PC(suppose you connected to the LAN port of P-660HW-Tx v2) Step 2: Click the ‘properties’ to configure parameters to telnet to the P-660HW-Tx v2.
Page 115 P-660HW-Tx v2 Series Support Notes Step 3: So that after you invoke the relevant commands, you could save the logs you’ve captured. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 116: Firmware/Configurations Uploading And Downloading Using Tftp
Step 5:To upload the firmware, please save the remote file as 'ras' to Prestige. After the transfer is complete, the Prestige will program the upgraded firmware into FLASH ROM and reboot itself. An example: All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes...
Page 117 Step 2: Type the command 'sys stdio 0' to disable console idle timeout in Command Line Interface (CLI). Step 3: Run the TFTP client software Step 4: To download the P-660HW-Tx v2 configuration, please get the remote file 'rom-0' from the Prestige. Step 5: To upload the P-660HW-Tx v2 configuration, please save the remote file as 'rom-0' in the Prestige.
Page 118: Using Tftp Command On Windows Nt
Step 2: Type the CI command 'sys stdio 0' to disable console idle timeout in Command Line Interface (CLI). Step 3: Download ZyNOS via LAN : Step 4: Upload P-660HW-Tx v2 configurations via LAN: [localfile] rom-0 Step 5: Download P-660HW-Tx v2 configurations via LAN: get rom-0 [localfile] •...
Page 119 Step 1: Connect to the Prestige by entering the Prestige's IP and Administrator password in the FTP software. Set the transfer type to 'Auto-Detect' or All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes <- upload firmware...
Page 120 Step 3: To upload the firmware file, we transfer the local 'ras' file to overwrite the remote 'ras' file. To upload the configuration file, we transfer the local 'rom-0' to overwrite the remote 'rom-0' file. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 121 P-660HW-Tx v2 Series Support Notes Step 4: The Prestige reboots automatically after the uploading is finished. Please do not power off the router at this moment. All contents copyright © 2006 ZyXEL Communications Corporation.
Page 122: Ci Command Reference
Please goto ZyXEL public WEB site http://www.zyxel.com/support/download_index.php package (*.zip), you should unzip the package to get the release note in PDF format. All contents copyright © 2006 ZyXEL Communications Corporation. P-660HW-Tx v2 Series Support Notes to download firmware...

This manual is also suitable for:

P-660hw-tx v2 series P-660hw-dx v2 series P-660hw-d series P-660hn-f1z

ZyXEL Communications P-660HW-TX Support Notes

Faq

Zynos FAQ

Product FAQ

Adsl Faq

Firewall FAQ

Wireless FAQ

Application Notes

General Application Notes

Wireless Application Notes

Support Tool

Quick Links

Related Manuals for ZyXEL Communications P-660HW-TX

Summary of Contents for ZyXEL Communications P-660HW-TX

This manual is also suitable for:

Table of Contents