1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. P-660HW-DX
  6. User manual

ZyXEL Communications P-660HW-DX User Manual

802.11g wireless adsl 2+ 4-port gateway
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
P-660HW-Dx
802.11g Wireless ADSL 2+ 4-port Gateway
User's Guide
Version 3.40
8/2007
Edition 2
www.zyxel.com

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications P-660HW-DX

Summary of Contents for ZyXEL Communications P-660HW-DX

  • Page 1 P-660HW-Dx 802.11g Wireless ADSL 2+ 4-port Gateway User’s Guide Version 3.40 8/2007 Edition 2 www.zyxel.com...

  • Page 3: About This User's Guide

    Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.

  • Page 4: Document Conventions

    Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
  • Page 5 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router P-660HW-Dx User’s Guide...

  • Page 6: Safety Warnings

    Safety Warnings Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
  • Page 7 Safety Warnings P-660HW-Dx User’s Guide...
  • Page 8 Safety Warnings P-660HW-Dx User’s Guide...

  • Page 9: Table Of Contents

    Contents Overview Contents Overview Introduction ..........................31 Introducing the ZyXEL Device ....................33 Introducing the Web Configurator ....................37 Wizards ........................... 51 Wizard Setup for Internet Access ....................53 Bandwidth Management Wizard ....................67 Network ........................... 73 WAN Setup ..........................75 LAN Setup ..........................
  • Page 10 Contents Overview P-660HW-Dx User’s Guide...

  • Page 11: Table Of Contents

    Table of Contents Table of Contents About This User's Guide ......................3 Document Conventions......................4 Safety Warnings........................6 Contents Overview ........................9 Table of Contents........................11 List of Figures ......................... 21 List of Tables........................... 27 Part I: Introduction................. 31 Chapter 1 Introducing the ZyXEL Device ....................
  • Page 12 Table of Contents 2.4.7 Changing Login Password ..................49 Part II: Wizards ..................51 Chapter 3 Wizard Setup for Internet Access..................53 3.1 Introduction .......................... 53 3.2 Internet Access Wizard Setup ..................... 53 3.2.1 Automatic Detection ....................55 3.2.2 Manual Configuration ....................55 3.3 Wireless Connection Wizard Setup ..................
  • Page 13 Table of Contents 5.6.2 Configuring More Connections Advanced Setup ............88 5.7 Traffic Redirect ........................89 5.8 Configuring WAN Backup ....................89 Chapter 6 LAN Setup..........................93 6.1 LAN Overview ........................93 6.1.1 LANs, WANs and the ZyXEL Device ................93 6.1.2 DHCP Setup .......................
  • Page 14 Table of Contents 7.6.2 WMM QoS Priorities ....................122 7.6.3 Services ........................123 7.7 QoS Screen ........................125 7.7.1 ToS (Type of Service) and WMM QoS ..............125 7.7.2 Application Priority Configuration ................127 Chapter 8 Network Address Translation (NAT) Screens..............129 8.1 NAT Overview ........................
  • Page 15 Table of Contents 9.5.1 Stateful Inspection Process ..................149 9.5.2 Stateful Inspection and the ZyXEL Device ............... 150 9.5.3 TCP Security ......................150 9.5.4 UDP/ICMP Security ....................151 9.5.5 Upper Layer Protocols ..................... 151 9.6 Guidelines for Enhancing Security with Your Firewall ............152 9.6.1 Security In General ....................
  • Page 16 Table of Contents Part V: Advanced ................. 181 Chapter 12 Static Route ........................... 183 12.1 Static Route ........................183 12.2 Configuring Static Route ....................183 12.2.1 Static Route Edit ....................184 Chapter 13 Bandwidth Management....................... 187 13.1 Bandwidth Management Overview ................. 187 13.2 Application-based Bandwidth Management ..............
  • Page 17 Table of Contents 15.4 Configuring Telnet ......................205 15.5 Telnet Login ........................206 15.6 Configuring FTP ......................207 15.7 SNMP ..........................207 15.7.1 Supported MIBs ..................... 209 15.7.2 SNMP Traps ......................209 15.7.3 Configuring SNMP ....................209 15.8 Configuring DNS ......................210 15.9 Configuring ICMP ......................211 Chapter 16 Universal Plug-and-Play (UPnP)..................
  • Page 18 Table of Contents 18.4 Log Descriptions ......................237 Chapter 19 Tools............................251 19.1 Firmware Upgrade ......................251 19.2 Configuration Screen ....................... 253 19.2.1 Backup Configuration ..................... 253 19.2.2 Restore Configuration .................... 254 19.2.3 Back to Factory Defaults ..................255 19.3 Restart ..........................255 Chapter 20 Diagnostic..........................
  • Page 19 Table of Contents Appendix L Legal Information....................347 Appendix M Customer Support .................... 351 Index............................357 P-660HW-Dx User’s Guide...
  • Page 20 Table of Contents P-660HW-Dx User’s Guide...

  • Page 21: List Of Figures

    List of Figures List of Figures Figure 1 Protected Internet Access Applications ..................34 Figure 2 LAN-to-LAN Application Example .................... 34 Figure 3 Front Panel ..........................35 Figure 4 Password Screen ........................38 Figure 5 User status screen ........................38 Figure 6 Change Password at Login ......................
  • Page 22 List of Figures Figure 39 Example of Traffic Shaping ....................79 Figure 40 Internet Connection (PPPoE) ....................81 Figure 41 Advanced Internet Connection Setup ..................83 Figure 42 More Connections ........................84 Figure 43 More Connections Edit ......................86 Figure 44 More Connections Advanced Setup ..................88 Figure 45 Traffic Redirect Example ......................
  • Page 23 List of Figures Figure 82 Three-Way Handshake ......................146 Figure 83 SYN Flood ..........................147 Figure 84 Smurf Attack ......................... 147 Figure 85 Stateful Inspection ........................ 149 Figure 86 Firewall: General ........................158 Figure 87 Firewall Rules ........................160 Figure 88 Firewall: Edit Rule ........................ 162 Figure 89 Firewall: Customized Services .....................
  • Page 24 List of Figures Figure 125 Network Connections ......................218 Figure 126 Internet Connection Properties ..................219 Figure 127 Internet Connection Properties: Advanced Settings ............219 Figure 128 Internet Connection Properties: Advanced Settings: Add ..........220 Figure 129 System Tray Icon ........................ 220 Figure 130 Internet Connection Status ....................
  • Page 25 List of Figures Figure 168 Macintosh OS 8/9: Apple Menu ..................294 Figure 169 Macintosh OS 8/9: TCP/IP ....................294 Figure 170 Macintosh OS X: Apple Menu .................... 295 Figure 171 Macintosh OS X: Network ....................296 Figure 172 Red Hat 9.0: KDE: Network Configuration: Devices ............297 Figure 173 Red Hat 9.0: KDE: Ethernet Device: General ..............
  • Page 26 List of Figures P-660HW-Dx User’s Guide...

  • Page 27: List Of Tables

    List of Tables List of Tables Table 1 ADSL Standards ........................34 Table 2 Front Panel LEDs ........................36 Table 3 Web Configurator Screens Summary ..................41 Table 4 Status Screen ..........................44 Table 5 Status: Any IP Table ........................46 Table 6 Status: WLAN Status .........................
  • Page 28 List of Tables Table 39 MAC Address Filter ....................... 121 Table 40 WMM QoS Priorities ......................122 Table 41 Commonly Used Services ..................... 124 Table 42 Wireless Lan: QoS ........................ 126 Table 43 Application Priority Configuration ..................127 Table 44 NAT Definitions ........................129 Table 45 NAT Mapping Types ......................
  • Page 29 List of Tables Table 82 Remote Management: WWW ....................205 Table 83 Remote Management: Telnet ....................206 Table 84 Remote Management: FTP ....................207 Table 85 SNMP Traps .......................... 209 Table 86 Remote Management: SNMP ....................210 Table 87 Remote Management: DNS ....................211 Table 88 Remote Management: ICMP ....................
  • Page 30 List of Tables Table 125 IP Address Network Number and Host ID Example ............302 Table 126 Subnet Masks ........................303 Table 127 Maximum Host Numbers ....................303 Table 128 Alternative Subnet Mask Notation ..................303 Table 129 Subnet 1 ..........................305 Table 130 Subnet 2 ..........................

  • Page 31: Introduction

    Introduction Introducing the ZyXEL Device (33) Introducing the Web Configurator (37)

  • Page 33: Introducing The Zyxel Device

    H A P T E R Introducing the ZyXEL Device This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways you can manage the ZyXEL Device. 1.1 Overview The ZyXEL Device is an IEEE 802.11b/g wireless ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS), digital (ISDN) telephone lines (depending on your model) or by wireless.

  • Page 34: Figure 1 Protected Internet Access Applications

    Chapter 1 Introducing the ZyXEL Device Figure 1 Protected Internet Access Applications You can also use the ZyXEL Device to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application example is shown as follows. Figure 2 LAN-to-LAN Application Example The ZyXEL Device is compatible with the ADSL/ADSL2/ADSL2+ standards.

  • Page 35: Ways To Manage The Zyxel Device

    Chapter 1 Introducing the ZyXEL Device 1.2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. •...

  • Page 36: Hardware Connections

    Chapter 1 Introducing the ZyXEL Device The following table describes the LEDs. Table 2 Front Panel LEDs COLOR STATUS DESCRIPTION POWER Green The ZyXEL Device is receiving power and functioning properly. Blinking The ZyXEL Device is rebooting or performing diagnostics. Power to the ZyXEL Device is too low.

  • Page 37: Introducing The Web Configurator

    H A P T E R Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.

  • Page 38: User Access

    Chapter 2 Introducing the Web Configurator 5 A window displays as shown. Figure 4 Password Screen 2.2.1 User Access 1 For user access enter the default user password user to view the status only. The following window will appear. Figure 5 User status screen 2.2.2 Administrator Access 1 For administrator access enter the default admin password 1234 to configure the wizards and the advanced features.

  • Page 39: Figure 6 Change Password At Login

    Chapter 2 Introducing the Web Configurator confirm and click Apply. Alternatively click Ignore to proceed to the main menu if you do not want to change the password now. If you do not change the password at least once, the following screen appears every time you log in with the admin password.

  • Page 40: Resetting The Zyxel Device

    Chapter 2 Introducing the Web Configurator The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens. 2.3 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration file.

  • Page 41: Figure 8 Web Configurator: Main Screen

    Chapter 2 Introducing the Web Configurator Figure 8 Web Configurator: Main Screen Click the Logout icon at any ti to exit the web configurator. Use the submenus to configure ZyXEL Device features. Click the icon (located in the top right corner of most screens) to view embedded help.
  • Page 42 Chapter 2 Introducing the Web Configurator Table 3 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION Use this screen to configure LAN TCP/IP settings, enable Any IP and other advanced properties. DHCP Setup Use this screen to configure LAN DHCP settings. Client List Use this screen to view current DHCP client information and to always assign an IP address to a MAC address (and host...

  • Page 43: Status Screen

    Chapter 2 Introducing the Web Configurator Table 3 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION Remote MGMT Use this screen to configure through which interface(s) and from which IP address(es) users can use HTTPS or HTTP to manage the ZyXEL Device. Telnet Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the...

  • Page 44: Figure 9 Status Screen

    Chapter 2 Introducing the Web Configurator Figure 9 Status Screen The following table describes the labels shown in the Status screen. Table 4 Status Screen LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics.
  • Page 45 Chapter 2 Introducing the Web Configurator Table 4 Status Screen (continued) LABEL DESCRIPTION IP Subnet Mask This is the LAN port IP subnet mask. DHCP This is the WAN port DHCP role - Server, Relay or None. WLAN Information (Wireless devices only) SSID This is the descriptive name used to identify the ZyXEL Device in the wireless LAN.

  • Page 46: Status: Any Ip Table

    Chapter 2 Introducing the Web Configurator 2.4.3 Status: Any IP Table Click the Any IP Table hyperlink in the Status screen. The Any IP table shows current read- only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the ZyXEL Device.

  • Page 47: Status: Bandwidth Status

    Chapter 2 Introducing the Web Configurator The following table describes the labels in this screen. Table 6 Status: WLAN Status LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station.

  • Page 48: Figure 13 Status: Packet Statistics

    Chapter 2 Introducing the Web Configurator Figure 13 Status: Packet Statistics The following table describes the fields in this screen. Table 7 Status: Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device’s present date and time.

  • Page 49: Changing Login Password

    Chapter 2 Introducing the Web Configurator Table 7 Status: Packet Statistics (continued) LABEL DESCRIPTION LAN Port Statistics Interface This field displays the type of port. Status This field displays Down (line is down), Up (line is up or connected) if you're using Ethernet encapsulation and Down (line is down), Up (line is up or connected), Idle (line (ppp) idle), Dial (starting to trigger a call) and Drop (dropping a call) if you're using PPPoE encapsulation.
  • Page 50 Chapter 2 Introducing the Web Configurator P-660HW-Dx User’s Guide...

  • Page 51: Wizards

    Wizards Wizard Setup for Internet Access (53) Bandwidth Management Wizard (67)

  • Page 53: Wizard Setup For Internet Access

    H A P T E R Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP.

  • Page 54: Figure 16 Wizard: Welcome

    Chapter 3 Wizard Setup for Internet Access Figure 16 Wizard: Welcome 3 The wizard attempts to detect which WAN connection type you are using. If the wizard detects your connection type and your ISP uses PPPoE or PPPoA, go to Section 3.2.1 on page 55.

  • Page 55: Automatic Detection

    Chapter 3 Wizard Setup for Internet Access Figure 18 Auto Detection: Failed 3.2.1 Automatic Detection 1 If you have a PPPoE or PPPoA connection, a screen displays prompting you to enter your Internet account information. Enter the username, password and/or service name exactly as provided.

  • Page 56: Figure 20 Internet Access Wizard Setup: Isp Parameters

    Chapter 3 Wizard Setup for Internet Access Figure 20 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 8 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account.

  • Page 57: Figure 21 Internet Connection With Pppoe

    Chapter 3 Wizard Setup for Internet Access Figure 21 Internet Connection with PPPoE The following table describes the fields in this screen. Table 9 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.

  • Page 58: Figure 23 Internet Connection With Enet Encap

    Chapter 3 Wizard Setup for Internet Access Table 10 Internet Connection with RFC 1483 (continued) LABEL DESCRIPTION Next Click Next to continue to the next wizard screen. Exit Click Exit to close the wizard screen without saving your changes. Figure 23 Internet Connection with ENET ENCAP The following table describes the fields in this screen.

  • Page 59: Figure 24 Internet Connection With Pppoa

    Chapter 3 Wizard Setup for Internet Access Figure 24 Internet Connection with PPPoA The following table describes the fields in this screen. Table 12 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above.

  • Page 60: Wireless Connection Wizard Setup

    Chapter 3 Wizard Setup for Internet Access Figure 26 Connection Test Failed-2. 3.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6.

  • Page 61: Figure 28 Wireless Lan Setup Wizard 1

    Chapter 3 Wizard Setup for Internet Access Figure 28 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. Table 13 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Enable OTIST Select the check box to enable OTIST if you want to transfer your ZyXEL Device’s SSID and WPA-PSK security settings to wireless clients that support...

  • Page 62: Figure 29 Wireless Lan Setup Wizard 2

    Chapter 3 Wizard Setup for Internet Access Figure 29 Wireless LAN Setup Wizard 2 The following table describes the labels in this screen. Table 14 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Network Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless Name(SSID) LAN.

  • Page 63: Manually Assign A Wpa-Psk Key

    Chapter 3 Wizard Setup for Internet Access The wireless stations and ZyXEL Device must use the same SSID, channel ID and WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) for wireless communication. 4 This screen varies depending on the security mode you selected in the previous screen. Fill in the field (if available) and click Next.

  • Page 64: Figure 31 Manually Assign A Wep Key

    Chapter 3 Wizard Setup for Internet Access Figure 31 Manually assign a WEP key The following table describes the labels in this screen. Table 16 Manually assign a WEP key LABEL DESCRIPTION The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission.

  • Page 65: Figure 33 Internet Access And Wlan Wizard Setup Complete

    Chapter 3 Wizard Setup for Internet Access 6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. Figure 33 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com.
  • Page 66 Chapter 3 Wizard Setup for Internet Access P-660HW-Dx User’s Guide...

  • Page 67: Bandwidth Management Wizard

    H A P T E R Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 4.1 Introduction Bandwidth management allows you to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements.

  • Page 68: Bandwidth Management Wizard Setup

    Chapter 4 Bandwidth Management Wizard Table 17 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION NetMeeting A multimedia communications product from Microsoft that enables groups to (H.323) teleconference and videoconference over the Internet. NetMeeting supports VoIP, text chat sessions, a whiteboard, file transfers and application sharing. NetMeeting uses H.323.

  • Page 69: Figure 35 Wizard: Welcome

    Chapter 4 Bandwidth Management Wizard 2 Click BANDWIDTH MANAGEMENT SETUP to configure the system for Internet access. Figure 35 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the service requirements. Figure 36 Bandwidth Management Wizard: General Information The following fields describe the label in this screen.

  • Page 70: Figure 37 Bandwidth Management Wizard: Configuration

    Chapter 4 Bandwidth Management Wizard Table 18 Bandwidth Management Wizard: General Information LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 4 Use the second wizard screen to select the services that you want to apply bandwidth management and select the priorities that you want to apply to the services listed.

  • Page 71: Figure 38 Bandwidth Management Wizard: Complete

    Chapter 4 Bandwidth Management Wizard Table 19 Bandwidth Management Wizard: Configuration LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration.
  • Page 72 Chapter 4 Bandwidth Management Wizard P-660HW-Dx User’s Guide...

  • Page 73: Network

    Network WAN Setup (75) LAN Setup (93) Wireless LAN (105) Network Address Translation (NAT) Screens (129)

  • Page 75: Wan Setup

    H A P T E R WAN Setup This chapter describes how to configure WAN settings. 5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 5.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods.

  • Page 76: Multiplexing

    Chapter 5 WAN Setup 5.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The ZyXEL Device encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP) DSLAM (digital access multiplexer).

  • Page 77: Vpi And Vci

    Chapter 5 WAN Setup 5.1.3.2 Scenario 2: One VC, One Protocol (IP) Selecting RFC-1483 encapsulation with VC-based multiplexing requires the least amount of overhead (0 octets). However, if there is a potential need for multiple protocol support in the future, it may be safer to select PPPoA encapsulation instead of RFC-1483, so you do not need to reconfigure either computer later.

  • Page 78: Nat

    Chapter 5 WAN Setup Do not specify a nailed-up connection unless your telephone company offers flat-rate service or you need a constant connection and the cost is of no concern 5.1.7 NAT NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.

  • Page 79: Atm Traffic Classes

    Chapter 5 WAN Setup Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR.

  • Page 80: Zero Configuration Internet Access

    Chapter 5 WAN Setup The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level.

  • Page 81: Figure 40 Internet Connection (Pppoe)

    Chapter 5 WAN Setup Figure 40 Internet Connection (PPPoE) The following table describes the labels in this screen. Table 20 Internet Connection LABEL DESCRIPTION General Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.

  • Page 82: Configuring Advanced Internet Connection Setup

    Chapter 5 WAN Setup Table 20 Internet Connection (continued) LABEL DESCRIPTION The valid range for the VPI is 0 to 255. Enter the VPI assigned to you. The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic).

  • Page 83: Figure 41 Advanced Internet Connection Setup

    Chapter 5 WAN Setup Figure 41 Advanced Internet Connection Setup The following table describes the labels in this screen. Table 21 Advanced Internet Connection Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.

  • Page 84: Configuring More Connections

    Chapter 5 WAN Setup Table 21 Advanced Internet Connection Setup (continued) LABEL DESCRIPTION Zero This feature is not applicable/available when you configure the ZyXEL Device to Configuration use a static WAN IP address or in bridge mode. Select Yes to set the ZyXEL Device to automatically detect the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and make the necessary configuration changes.

  • Page 85: More Connections Edit

    Chapter 5 WAN Setup The following table describes the labels in this screen. Table 22 More Connections LABEL DESCRIPTION This is the index number of a connection. Active This display whether this connection is activated. Clear the check box to disable the connection.

  • Page 86: Figure 43 More Connections Edit

    Chapter 5 WAN Setup Figure 43 More Connections Edit The following table describes the labels in this screen. Table 23 More Connections Edit LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection.
  • Page 87 Chapter 5 WAN Setup Table 23 More Connections Edit (continued) LABEL DESCRIPTION Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. By prior agreement, a protocol is assigned a specific virtual circuit, for example, VC1 will carry IP.

  • Page 88: Configuring More Connections Advanced Setup

    Chapter 5 WAN Setup 5.6.2 Configuring More Connections Advanced Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 44 More Connections Advanced Setup The following table describes the labels in this screen.

  • Page 89: Traffic Redirect

    Chapter 5 WAN Setup 5.7 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below. Figure 45 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN.

  • Page 90: Figure 47 Wan Backup Setup

    Chapter 5 WAN Setup Figure 47 WAN Backup Setup The following table describes the labels in this screen. Table 25 WAN Backup Setup LABEL DESCRIPTION WAN Backup Setup Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
  • Page 91 Chapter 5 WAN Setup Table 25 WAN Backup Setup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your ZyXEL Device to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request.
  • Page 92 Chapter 5 WAN Setup P-660HW-Dx User’s Guide...

  • Page 93: Lan Setup

    H A P T E R LAN Setup This chapter describes how to configure LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.

  • Page 94: Dhcp Setup

    Chapter 6 LAN Setup 6.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients.

  • Page 95: Ip Address And Subnet Mask

    Chapter 6 LAN Setup 6.3.1 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.

  • Page 96: Rip Setup

    Chapter 6 LAN Setup 6.3.2 RIP Setup RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to: • Both - the ZyXEL Device will broadcast its routing table periodically and incorporate the RIP information that it receives.

  • Page 97: Any Ip

    Chapter 6 LAN Setup 6.3.4 Any IP Traditionally, you must set the IP addresses and the subnet masks of a computer and the ZyXEL Device to be in the same subnet to allow the computer to access the Internet (through the ZyXEL Device).

  • Page 98: Configuring Lan Ip

    Chapter 6 LAN Setup The following lists out the steps taken, when a computer tries to access the Internet for the first time through the ZyXEL Device. 1 When a computer (which is in a different subnet) first attempts to access the Internet, it sends packets to its default gateway (which is not the ZyXEL Device) by looking at the MAC address in its ARP table.

  • Page 99: Configuring Advanced Lan Setup

    Chapter 6 LAN Setup 6.4.1 Configuring Advanced LAN Setup To edit your ZyXEL Device's advanced LAN settings, click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Figure 51 Advanced LAN Setup The following table describes the labels in this screen. Table 27 Advanced LAN Setup LABEL DESCRIPTION...

  • Page 100: Dhcp Setup

    Chapter 6 LAN Setup Table 27 Advanced LAN Setup (continued) LABEL DESCRIPTION Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 6.5 DHCP Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN.

  • Page 101: Lan Client List

    Chapter 6 LAN Setup Table 28 DHCP Setup LABEL DESCRIPTION DNS Servers The ZyXEL Device passes a DNS (Domain Name System) server IP address to Assigned by DHCP the DHCP clients. Server Primary DNS Server This field is not available when you set DHCP to Relay. Secondary DNS Enter the IP addresses of the DNS servers.

  • Page 102: Lan Ip Alias

    Chapter 6 LAN Setup Table 29 LAN Client List LABEL DESCRIPTION This is the index number of the static IP table entry (row). Status This field displays whether the client is connected to the ZyXEL Device. Host Name This field displays the computer host name. IP Address This field displays the IP address relative to the # field listed above.

  • Page 103: Figure 55 Lan Ip Alias

    Chapter 6 LAN Setup To change your ZyXEL Device’s IP alias settings, click Network > LAN > IP Alias. The screen appears as shown. Figure 55 LAN IP Alias The following table describes the labels in this screen. Table 30 LAN IP Alias LABEL DESCRIPTION IP Alias 1, 2...
  • Page 104 Chapter 6 LAN Setup Table 30 LAN IP Alias LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-Dx User’s Guide...

  • Page 105: Wireless Lan

    H A P T E R Wireless LAN This chapter discusses how to configure the wireless network settings on your ZyXEL Device. See the appendices for more detailed information about wireless networks. 7.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 56 Example of a Wireless Network The wireless network is the part in the blue circle.

  • Page 106: Wireless Security Overview

    Chapter 7 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 7.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.

  • Page 107: Encryption

    Chapter 7 Wireless LAN • In a RADIUS server: this is a server used in businesses more than in homes. If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.

  • Page 108: One-Touch Intelligent Security Technology (Otist)

    Chapter 7 Wireless LAN When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA compatible) to support WPA as well. In this case, if some wireless clients support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the ZyXEL Device.

  • Page 109: No Security

    Chapter 7 Wireless LAN The following table describes the general wireless LAN labels in this screen. Table 32 Wireless LAN: General LABEL DESCRIPTION Wireless Setup Active Wireless Click the check box to activate wireless LAN. Network Name (Service Set IDentity) The SSID identifies the Service Set with which a wireless client (SSID) is associated.

  • Page 110: Wep Encryption

    Chapter 7 Wireless LAN Figure 58 Wireless: No Security The following table describes the labels in this screen. Table 33 Wireless No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen.

  • Page 111: Wpa-Psk/Wpa2-Psk

    Chapter 7 Wireless LAN Figure 59 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 34 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box. Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate.

  • Page 112: Figure 60 Wireless: Wpa-Psk/Wpa2-Psk

    Chapter 7 Wireless LAN Figure 60 Wireless: WPA-PSK/WPA2-PSK The following table describes the wireless LAN security labels in this screen. Table 35 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK from the drop-down list box. WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.

  • Page 113: Wpa/Wpa2

    Chapter 7 Wireless LAN Table 35 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Idle Timeout (In The ZyXEL Device automatically disconnects a wireless station from the wireless Seconds) network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again. Some wireless clients may prompt users for a username and password;...

  • Page 114: Figure 61 Wireless: Wpa/Wpa2

    Chapter 7 Wireless LAN Figure 61 Wireless: WPA/WPA2 The following table describes the wireless LAN security labels in this screen. Table 36 Wireless: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.

  • Page 115: Wireless Lan Advanced Setup

    Chapter 7 Wireless LAN Table 36 Wireless: WPA/WPA2 (continued) LABEL DESCRIPTION Group Key Update The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ Timer (In Seconds) WPA2-PSK key management) or RADIUS server (if using WPA(2) key management) sends a new group key out to all clients.

  • Page 116: Figure 62 Advanced

    Chapter 7 Wireless LAN Figure 62 Advanced The following table describes the labels in this screen. Table 37 Wireless LAN: Advanced LABEL DESCRIPTION Wireless Advanced Setup RTS/CTS Enter a value between 0 and 2432. Threshold Fragmentation This is the maximum data fragment size that can be sent. Enter a value between Threshold 256 and 2432.

  • Page 117: Otist

    Chapter 7 Wireless LAN Table 37 Wireless LAN: Advanced (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. 7.4 OTIST In a wireless network, the wireless clients must have the same SSID and security settings as the access point (AP) or wireless router (we will refer to both as “AP”...

  • Page 118: Figure 63 Otist

    Chapter 7 Wireless LAN 7.4.1.1.2 Web Configurator Click the Network > Wireless LAN > OTIST. The following screen displays. Figure 63 OTIST The following table describes the labels in this screen. Table 38 OTIST LABEL DESCRIPTION Setup Key Type an OTIST Setup Key of exactly eight ASCII characters in length. The default OTIST setup key is "01234567".

  • Page 119: Starting Otist

    Chapter 7 Wireless LAN Figure 64 Example Wireless Client OTIST Screen 7.4.2 Starting OTIST You must click Start in the AP OTIST web configurator screen and in the wireless client(s) Adapter screen all within three minutes (at the time of writing). You can start OTIST in the wireless clients and AP in any order but they must all be within range and have OTIST enabled.

  • Page 120: Notes On Otist

    Chapter 7 Wireless LAN Figure 67 OTIST in progress (Client) In the wireless client, you see this screen if it can’t find an OTIST-enabled AP (with the same Setup key). Click OK to go back to the ZyXEL utility main screen. Figure 68 No AP with OTIST Found •...

  • Page 121: Mac Filter

    Chapter 7 Wireless LAN 7.5 MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow) or exclude up to 32 devices from accessing the ZyXEL Device (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

  • Page 122: Wmm Qos

    Chapter 7 Wireless LAN Table 39 MAC Address Filter LABEL DESCRIPTION Enter the MAC addresses of the wireless client that are allowed or denied access to Address the ZyXEL Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.

  • Page 123: Services

    Chapter 7 Wireless LAN 7.6.3 Services The commonly used services and port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP). The second field indicates the IP port number that defines the service.

  • Page 124: Table 41 Commonly Used Services

    Chapter 7 Wireless LAN Table 41 Commonly Used Services SERVICE DESCRIPTION AIM/New-ICQ(TCP:5190) AOL’s Internet Messenger service, used as a listening port by ICQ. AUTH(TCP:113) Authentication protocol used by some servers. BGP(TCP:179) Border Gateway Protocol. BOOTP_CLIENT(UDP:68) DHCP Client. BOOTP_SERVER(UDP:67) DHCP Server. CU-SEEME(TCP/UDP:7648, A popular videoconferencing solution from White Pines Software.

  • Page 125: Qos Screen

    Chapter 7 Wireless LAN Table 41 Commonly Used Services (continued) SERVICE DESCRIPTION REAL_AUDIO(TCP:7070) A streaming audio service that enables real time sound over the web. REXEC(TCP:514) Remote Execution Daemon. RLOGIN(TCP:513) Remote Login. RTELNET(TCP:107) Remote Telnet. RTSP(TCP/UDP:554) The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet.

  • Page 126: Figure 71 Wireless Lan: Qos

    Chapter 7 Wireless LAN Click Network > Wireless LAN > QoS. The following screen displays. Figure 71 Wireless LAN: QoS The following table describes the fields in this screen. Table 42 Wireless Lan: QoS LABEL DESCRIPTION Enable WMM QoS Select the check box to enable WMM QoS on the ZyXEL Device. WMM QoS Policy Select Default to have the ZyXEL Device automatically give a service a priority level according to the ToS value in the IP header of packets it sends.

  • Page 127: Application Priority Configuration

    Chapter 7 Wireless LAN 7.7.2 Application Priority Configuration To edit a WMM QoS application entry, click the edit icon ( ) under Modify. The following screen displays. Figure 72 Application Priority Configuration The following table describes the fields in this screen. Table 43 Application Priority Configuration LABEL DESCRIPTION...
  • Page 128 Chapter 7 Wireless LAN Table 43 Application Priority Configuration (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous screen without saving your changes. P-660HW-Dx User’s Guide...

  • Page 129: Network Address Translation (Nat) Screens

    H A P T E R Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the ZyXEL Device. 8.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.

  • Page 130: Network Address Translation (Nat) Screens

    Chapter 8 Network Address Translation (NAT) Screens 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.

  • Page 131: Nat Mapping Types

    Chapter 8 Network Address Translation (NAT) Screens Figure 74 NAT Application With IP Alias 8.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address.

  • Page 132: Sua (Single User Account) Versus Nat

    Chapter 8 Network Address Translation (NAT) Screens The following table summarizes these types. Table 45 NAT Mapping Types TYPE IP MAPPING One-to-One ILA1 IGA1 Many-to-One (SUA/PAT) ILA1 IGA1 ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 …...

  • Page 133: Nat General Setup

    Chapter 8 Network Address Translation (NAT) Screens 8.4 NAT General Setup You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. Click Network > NAT to open the following screen.

  • Page 134: Default Server Ip Address

    Chapter 8 Network Address Translation (NAT) Screens You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21.

  • Page 135: Configuring Servers Behind Port Forwarding (Example)

    Chapter 8 Network Address Translation (NAT) Screens 8.5.3 Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).

  • Page 136: Port Forwarding Rule Edit

    Chapter 8 Network Address Translation (NAT) Screens Figure 77 NAT Port Forwarding The following table describes the fields in this screen. Table 48 NAT Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen.

  • Page 137: Address Mapping

    Chapter 8 Network Address Translation (NAT) Screens Figure 78 Port Forwarding Rule Setup The following table describes the fields in this screen. Table 49 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this check box to enable the rule. Service Name Enter a name to identify this port-forwarding rule.

  • Page 138: Figure 79 Address Mapping Rules

    Chapter 8 Network Address Translation (NAT) Screens rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9. In the set summary screen, the new rule will be rule 7, not 9. Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6.

  • Page 139: Address Mapping Rule Edit

    Chapter 8 Network Address Translation (NAT) Screens Table 50 Address Mapping Rules (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address.

  • Page 140: Table 51 Edit Address Mapping Rule

    Chapter 8 Network Address Translation (NAT) Screens The following table describes the fields in this screen. Table 51 Edit Address Mapping Rule LABEL DESCRIPTION Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address.

  • Page 141: Security

    Security Firewalls (143) Firewall Configuration (155) Content Filtering (177)

  • Page 143: Firewalls

    H A P T E R Firewalls This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 9.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.

  • Page 144: Application-Level Firewalls

    Chapter 9 Firewalls 9.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts: Information hiding prevents the names of internal systems from being made known via DNS...

  • Page 145: Denial Of Service Attacks

    Chapter 9 Firewalls 9.3.1 Denial of Service Attacks Figure 81 Firewall Application 9.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.

  • Page 146: Types Of Dos Attacks

    Chapter 9 Firewalls 9.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing.

  • Page 147: Figure 83 Syn Flood

    Chapter 9 Firewalls Figure 83 SYN Flood • In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.

  • Page 148: Stateful Inspection

    Chapter 9 Firewalls 9.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 53 ICMP Commands That Trigger Alerts REDIRECT TIMESTAMP_REQUEST TIMESTAMP_REPLY ADDRESS_MASK_REQUEST ADDRESS_MASK_REPLY 9.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.

  • Page 149: Stateful Inspection Process

    Chapter 9 Firewalls are allowed in. The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL Device’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet.

  • Page 150: Stateful Inspection And The Zyxel Device

    Chapter 9 Firewalls 6 Later, an inbound packet reaches the interface. This packet is part of the connection previously established with the outbound packet. The inbound packet is evaluated against the inbound access list, and is permitted because of the temporary access list entry previously created.

  • Page 151: Udp/Icmp Security

    Chapter 9 Firewalls If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the Internet. Assuming that this is an acceptable part of the security policy (as is the case with the default policy), the connection will be allowed. A cache entry is added which includes connection information such as IP addresses, TCP ports, sequence numbers, etc.

  • Page 152: Guidelines For Enhancing Security With Your Firewall

    Chapter 9 Firewalls 9.6 Guidelines for Enhancing Security with Your Firewall • Change the default password via CLI (Command Line Interpreter) or web configurator. • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk.

  • Page 153: Packet Filtering Vs Firewall

    Chapter 9 Firewalls • Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 9.7 Packet Filtering Vs Firewall Below are some comparisons between the ZyXEL Device’s filtering and firewall functions.
  • Page 154 Chapter 9 Firewalls • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address. • The firewall performs better than filtering if you need to check many rules. •...

  • Page 155: Firewall Configuration

    H A P T E R Firewall Configuration This chapter shows you how to enable and configure the ZyXEL Device firewall. 10.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.CLI (Command Line Interpreter) commands provide limited configuration options and are only recommended for advanced users.

  • Page 156: Rule Logic Overview

    Chapter 10 Firewall Configuration If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...

  • Page 157: Key Fields For Configuring Rules

    Chapter 10 Firewall Configuration 3 Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will a rule that blocks just certain users be more effective? 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers.

  • Page 158: Lan To Wan Rules

    Chapter 10 Firewall Configuration 10.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.

  • Page 159: Firewall Rules Summary

    Chapter 10 Firewall Configuration The following table describes the labels in this screen. Table 56 Firewall: General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.

  • Page 160: Figure 87 Firewall Rules

    Chapter 10 Firewall Configuration Figure 87 Firewall Rules The following table describes the labels in this screen. Table 57 Firewall Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using.

  • Page 161: Configuring Firewall Rules

    Chapter 10 Firewall Configuration Table 57 Firewall Rules (continued) LABEL DESCRIPTION This field shows you whether a log is created when packets match this rule (Yes) or not (No). Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule.

  • Page 162: Figure 88 Firewall: Edit Rule

    Chapter 10 Firewall Configuration Figure 88 Firewall: Edit Rule P-660HW-Dx User’s Guide...

  • Page 163: Table 58 Firewall: Edit Rule

    Chapter 10 Firewall Configuration The following table describes the labels in this screen. Table 58 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select what the firewall is to do with packets that Packet match this rule.

  • Page 164: Customized Services

    Chapter 10 Firewall Configuration Table 58 Firewall: Edit Rule (continued) LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. 10.6.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.

  • Page 165: Example Firewall Rule

    Chapter 10 Firewall Configuration Refer to Section 9.1 on page 143 for more information. Figure 90 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 60 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.

  • Page 166: Figure 91 Firewall Example: Rules

    Chapter 10 Firewall Configuration Figure 91 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.

  • Page 167: Figure 93 Firewall Example: Edit Rule: Destination Address

    Chapter 10 Firewall Configuration Figure 93 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box.

  • Page 168: Figure 94 Firewall Example: Edit Rule: Select Customized Services

    Chapter 10 Firewall Configuration Figure 94 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.

  • Page 169: Predefined Services

    Chapter 10 Firewall Configuration Figure 95 Firewall Example: Rules: MyService 10.8 Predefined Services The Available Services list box in the Edit Rule screen (see Section 10.6.1 on page 161) displays all predefined services that the ZyXEL Device already supports. Next to the name of the service, two fields appear in brackets.
  • Page 170 Chapter 10 Firewall Configuration Table 61 Predefined Services (continued) SERVICE DESCRIPTION HTTP(TCP:80) Hyper Text Transfer Protocol - a client/server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICQ(UDP:4000) This is a popular Internet chat program. IPSEC_TRANSPORT/ The IPSEC AH (Authentication Header) tunneling protocol uses this TUNNEL(AH:0)

  • Page 171: Anti-Probing

    Chapter 10 Firewall Configuration Table 61 Predefined Services (continued) SERVICE DESCRIPTION SSH(TCP/UDP:22) Secure Shell Remote Login Program. STRMWORKS(UDP:1558) Stream Works Protocol. SYSLOG(UDP:514) Syslog allows you to send system logs to a UNIX server. TACACS(UDP:49) Login Host Protocol used for (Terminal Access Controller Access Control System).

  • Page 172: Dos Thresholds

    Chapter 10 Firewall Configuration The following table describes the labels in this screen. Table 62 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests.

  • Page 173: Half-Open Sessions

    Chapter 10 Firewall Configuration 10.10.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "half- open" means that the session has not reached the established state-the TCP three-way handshake has not yet been completed (see Figure 82 on page 146).

  • Page 174: Figure 97 Firewall: Threshold

    Chapter 10 Firewall Configuration Figure 97 Firewall: Threshold The following table describes the labels in this screen. Table 63 Firewall: Threshold LABEL DESCRIPTION DEFAULT VALUES Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions 80 existing half-open sessions.
  • Page 175 Chapter 10 Firewall Configuration Table 63 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES Maximum This is the number of existing half-open 100 existing half-open sessions. Incomplete High sessions that causes the firewall to start The above values causes the deleting half-open sessions. When the ZyXEL Device to start deleting number of existing half-open sessions rises half-open sessions when the...
  • Page 176 Chapter 10 Firewall Configuration P-660HW-Dx User’s Guide...

  • Page 177: Content Filtering

    H A P T E R Content Filtering This chapter covers how to configure content filtering. 11.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.

  • Page 178: Configuring The Schedule

    Chapter 11 Content Filtering The following table describes the labels in this screen. Table 64 Content Filter: Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature. Block Websites that This box contains the list of all the keywords that you have configured the contain these keywords in ZyXEL Device to block.

  • Page 179: Configuring Trusted Computers

    Chapter 11 Content Filtering The following table describes the labels in this screen. Table 65 Content Filter: Schedule LABEL DESCRIPTION Schedule Select Active Everyday to Block to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active.
  • Page 180 Chapter 11 Content Filtering P-660HW-Dx User’s Guide...

  • Page 181: Advanced

    Advanced Static Route (183) Bandwidth Management (187) Dynamic DNS Setup (199) Remote Management Configuration (203) Universal Plug-and-Play (UPnP) (213)

  • Page 183: Static Route

    H A P T E R Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 12.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.

  • Page 184: Static Route Edit

    Chapter 12 Static Route Figure 102 Static Route The following table describes the labels in this screen. Table 67 Static Route LABEL DESCRIPTION This is the number of an individual static route. Active Select the check box to activate this static route. Otherwise, clear the check box. Name This is the name that describes or identifies this route.

  • Page 185: Figure 103 Static Route Edit

    Chapter 12 Static Route Figure 103 Static Route Edit The following table describes the labels in this screen. Table 68 Static Route Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route.
  • Page 186 Chapter 12 Static Route P-660HW-Dx User’s Guide...

  • Page 187: Bandwidth Management

    H A P T E R Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 13.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet.

  • Page 188: Application And Subnet-Based Bandwidth Management

    Chapter 13 Bandwidth Management Figure 104 Subnet-based Bandwidth Management Example 13.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.

  • Page 189: Fairness-Based Scheduler

    Chapter 13 Bandwidth Management 13.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 13.6 Maximize Bandwidth Usage The maximize bandwidth usage option (see Figure 105 on page 192) allows the ZyXEL Device to divide up any available bandwidth on the interface (including unallocated...

  • Page 190: Table 71 Priority-Based Allotment Of Unused And Unbudgeted Bandwidth Example

    Chapter 13 Bandwidth Management The ZyXEL Device divides up the unbudgeted 2048 kbps among the classes that require more bandwidth. If the administration department only uses 1024 kbps of the budgeted 2048 kbps, the ZyXEL Device also divides the remaining 1024 kbps among the classes that require more bandwidth.

  • Page 191: Bandwidth Management Priorities

    Chapter 13 Bandwidth Management 13.6.3 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the ZyXEL Device forwards out through an interface. Table 73 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.

  • Page 192: Bandwidth Management Rule Setup

    Chapter 13 Bandwidth Management Figure 105 Bandwidth Management: Summary The following table describes the labels in this screen. Table 75 Media Bandwidth Management: Summary LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.

  • Page 193: Figure 106 Bandwidth Management: Rule Setup

    Chapter 13 Bandwidth Management Click Advanced > Bandwidth MGMT > Rule Setup to open the following screen. Figure 106 Bandwidth Management: Rule Setup The following table describes the labels in this screen. Table 76 Bandwidth Management: Rule Setup LABEL DESCRIPTION Direction Select the direction of traffic to which you want to apply bandwidth management.

  • Page 194: Diffserv

    Chapter 13 Bandwidth Management 13.10 DiffServ DiffServ is a class of service (CoS) model that marks packets so that they receive specific per- hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired.

  • Page 195: Figure 108 Bandwidth Management Rule Configuration

    Chapter 13 Bandwidth Management Figure 108 Bandwidth Management Rule Configuration The following table describes the labels in this screen. Table 78 Bandwidth Management Rule Configuration LABEL DESCRIPTION Rule Configuration Active Select this check box to have the ZyXEL Device apply this bandwidth management rule.
  • Page 196 Chapter 13 Bandwidth Management Table 78 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION DiffServ mark Select the marking rule from the drop-down list. The first three digits are the DiffServ code point. A packet with the lowest priority mark will be dropped when the line is busy.

  • Page 197: Bandwidth Monitor

    Chapter 13 Bandwidth Management Table 78 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Table 79 Services and Port Numbers SERVICES PORT NUMBER ECHO FTP (File Transfer Protocol)

  • Page 198: Figure 109 Bandwidth Management: Monitor

    Chapter 13 Bandwidth Management Figure 109 Bandwidth Management: Monitor Table 80 Bandwidth Management Monitor LABEL DESCRIPTION Monitor This section allows you to select which network to monitor. You may select either a LAN, WLAN, or WAN. After selecting a network to monitor, information on active services and their bandwidth usage will appear.

  • Page 199: Dynamic Dns Setup

    H A P T E R Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 14.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).

  • Page 200: Figure 110 Dynamic Dns

    Chapter 14 Dynamic DNS Setup Figure 110 Dynamic DNS The following table describes the fields in this screen. Table 81 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Select the type of service that you are registered for from your Dynamic DNS Type...
  • Page 201 Chapter 14 Dynamic DNS Setup Table 81 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this option only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. This feature has the DDNS server automatically detect IP detect and use the IP address of the NAT router that has a public IP address.
  • Page 202 Chapter 14 Dynamic DNS Setup P-660HW-Dx User’s Guide...

  • Page 203: Remote Management Configuration

    H A P T E R Remote Management Configuration This chapter provides information on configuring remote management. 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.

  • Page 204: Remote Management Limitations

    Chapter 15 Remote Management Configuration 15.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately.

  • Page 205: Telnet

    Chapter 15 Remote Management Configuration The following table describes the labels in this screen. Table 82 Remote Management: WWW LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.

  • Page 206: Telnet Login

    Chapter 15 Remote Management Configuration Figure 113 Remote Management: Telnet The following table describes the labels in this screen. Table 83 Remote Management: Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.

  • Page 207: Configuring Ftp

    Chapter 15 Remote Management Configuration 15.6 Configuring FTP You can upload and download the ZyXEL Device’s firmware and configuration files using FTP, please see the chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client. To change your ZyXEL Device’s FTP settings, click Advanced >...

  • Page 208: Figure 115 Snmp Management Model

    Chapter 15 Remote Management Configuration SNMP is only available if TCP/IP is configured. Figure 115 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device).

  • Page 209: Supported Mibs

    Chapter 15 Remote Management Configuration 15.7.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 15.7.2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 85 SNMP Traps...

  • Page 210: Configuring Dns

    Chapter 15 Remote Management Configuration The following table describes the labels in this screen. Table 86 Remote Management: SNMP LABEL DESCRIPTION SNMP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.

  • Page 211: Configuring Icmp

    Chapter 15 Remote Management Configuration Figure 117 Remote Management: DNS The following table describes the labels in this screen. Table 87 Remote Management: DNS LABEL DESCRIPTION Port The DNS service port number is 53. Access Status Select the interface(s) through which a computer may send DNS queries to the ZyXEL Device.

  • Page 212: Figure 118 Remote Management: Icmp

    Chapter 15 Remote Management Configuration Figure 118 Remote Management: ICMP The following table describes the labels in this screen. Table 88 Remote Management: ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.

  • Page 213: Universal Plug-And-Play (Upnp)

    H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.

  • Page 214: Upnp And Zyxel

    Chapter 16 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages only on the LAN. All UPnP-enabled devices may communicate freely with each other without additional configuration.

  • Page 215: Installing Upnp In Windows Example

    Chapter 16 Universal Plug-and-Play (UPnP) Table 89 Configuring UPnP LABEL DESCRIPTION Allow UPnP to pass through Select this check box to allow traffic from UPnP-enabled applications to Firewall bypass the firewall. Clear this check box to have the firewall block all UPnP application packets (for example, MSN packets).

  • Page 216: Installing Upnp In Windows Xp

    Chapter 16 Universal Plug-and-Play (UPnP) Figure 121 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. 16.3.2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP.

  • Page 217: Using Upnp In Windows Xp Example

    Chapter 16 Universal Plug-and-Play (UPnP) Figure 123 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 124 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.

  • Page 218: Auto-Discover Your Upnp-Enabled Network Device

    Chapter 16 Universal Plug-and-Play (UPnP) Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. 16.4.1 Auto-discover Your UPnP-enabled Network Device 1 Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway.

  • Page 219: Figure 126 Internet Connection Properties

    Chapter 16 Universal Plug-and-Play (UPnP) Figure 126 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 127 Internet Connection Properties: Advanced Settings P-660HW-Dx User’s Guide...

  • Page 220: Figure 128 Internet Connection Properties: Advanced Settings: Add

    Chapter 16 Universal Plug-and-Play (UPnP) Figure 128 Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 5 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.

  • Page 221: Web Configurator Easy Access

    Chapter 16 Universal Plug-and-Play (UPnP) Figure 130 Internet Connection Status 16.4.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.

  • Page 222: Figure 131 Network Connections

    Chapter 16 Universal Plug-and-Play (UPnP) Figure 131 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-660HW-Dx User’s Guide...

  • Page 223: Figure 132 Network Connections: My Network Places

    Chapter 16 Universal Plug-and-Play (UPnP) Figure 132 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 133 Network Connections: My Network Places: Properties: Example P-660HW-Dx User’s Guide...
  • Page 224 Chapter 16 Universal Plug-and-Play (UPnP) P-660HW-Dx User’s Guide...

  • Page 225: Maintenance And Troubleshooting

    Maintenance and Troubleshooting System (227) Logs (233) Tools (251) Diagnostic (257) Troubleshooting (259)

  • Page 227: System

    H A P T E R System Use this screen to configure the ZyXEL Device’s time and date settings. 17.1 General Setup 17.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".

  • Page 228: Figure 134 System General Setup

    Chapter 17 System Figure 134 System General Setup The following table describes the labels in this screen. Table 90 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name”...

  • Page 229: Time Setting

    Chapter 17 System Table 90 System General Setup LABEL DESCRIPTION Old Password Type the default admin password (1234) or the existing password you use to access the system for configuring advanced features. New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type.

  • Page 230: Table 91 System Time Setting

    Chapter 17 System The following table describes the fields in this screen. Table 91 System Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server.
  • Page 231 Chapter 17 System Table 91 System Time Setting (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the first Sunday of April.
  • Page 232 Chapter 17 System P-660HW-Dx User’s Guide...

  • Page 233: Logs

    H A P T E R Logs This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 18.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.

  • Page 234: Configuring Log Settings

    Chapter 18 Logs Figure 136 View Log The following table describes the fields in this screen. Table 92 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.

  • Page 235: Figure 137 Log Settings

    Chapter 18 Logs Figure 137 Log Settings The following table describes the fields in this screen. Table 93 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.

  • Page 236: Example E-Mail Log

    Chapter 18 Logs Table 93 Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full • None. If you select Weekly or Daily, specify a time of day when the E-mail should be sent.

  • Page 237: Log Descriptions

    Chapter 18 Logs Figure 138 E-mail Log Example Subject: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy |forward...

  • Page 238: Table 95 System Error Logs

    Chapter 18 Logs Table 94 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Starting Connectivity Monitor. Starting Connectivity Monitor The router got the time and date from the Daytime server. Time initialized by Daytime Server The router got the time and date from the time server. Time initialized by Time server The router got the time and date from the NTP server.

  • Page 239: Table 97 Tcp Reset Logs

    Chapter 18 Logs Table 96 Access Control Logs (continued) LOG MESSAGE DESCRIPTION The firewall allowed a triangle route session to pass Triangle route packet forwarded: through. [TCP | UDP | IGMP | ESP | GRE | OSPF] The router blocked a packet that didn't have a Packet without a NAT table entry corresponding NAT table entry.

  • Page 240: Table 99 Icmp Logs

    Chapter 18 Logs Table 99 ICMP Logs LOG MESSAGE DESCRIPTION ICMP access matched the default policy and was Firewall default policy: ICMP blocked or forwarded according to the user's setting. For <Packet Direction>, <type:%d>, type and code details, see Table 110 on page 248.

  • Page 241: Table 102 Upnp Logs

    Chapter 18 Logs Table 102 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall. UPnP pass through Firewall Table 103 Content Filtering Logs LOG MESSAGE DESCRIPTION The content of a requested web page matched a user defined %s: Keyword blocking keyword.

  • Page 242: Table 104 Attack Logs

    Chapter 18 Logs Table 104 Attack Logs LOG MESSAGE DESCRIPTION The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack. attack [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected an ICMP attack. For type and code details, attack ICMP (type:%d, Table 110 on page 248.

  • Page 243: Table 106 Ike Logs

    Chapter 18 Logs Table 105 IPSec Logs (continued) LOG MESSAGE DESCRIPTION The router dropped a connection that had outbound traffic and no Rule <%d> idle time inbound traffic for a certain time period. You can use the "ipsec timer out, disconnect chk_conn"...
  • Page 244 Chapter 18 Logs Table 106 IKE Logs (continued) LOG MESSAGE DESCRIPTION IKE uses ISAKMP to transmit data. Each ISAKMP packet Recv <packet> contains many different types of payloads. All of them show in the LOG. Refer to RFC2408 – ISAKMP for a list of all ISAKMP payload types.
  • Page 245 Chapter 18 Logs Table 106 IKE Logs (continued) LOG MESSAGE DESCRIPTION The listed rule’s IKE phase 1 authentication method did not Rule [%d] Phase 1 match between the router and the peer. authentication method mismatch The listed rule’s IKE phase 1 key group did not match Rule [%d] Phase 1 key group between the router and the peer.

  • Page 246: Table 107 Pki Logs

    Chapter 18 Logs Table 107 PKI Logs LOG MESSAGE DESCRIPTION The SCEP online certificate enrollment was successful. The Enrollment successful Destination field records the certification authority server IP address and port. The SCEP online certificate enrollment failed. The Destination field Enrollment failed records the certification authority server’s IP address and port.

  • Page 247: Table 108 Certificate Path Verification Failure Reason Codes

    Chapter 18 Logs Table 108 Certificate Path Verification Failure Reason Codes CODE DESCRIPTION Algorithm mismatch between the certificate and the search constraints. Key usage mismatch between the certificate and the search constraints. Certificate was not valid in the time interval. (Not used) Certificate is not valid.

  • Page 248: Table 110 Icmp Notes

    Chapter 18 Logs Table 110 ICMP Notes TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space...

  • Page 249: Table 111 Syslog Logs

    Chapter 18 Logs Table 111 Syslog Logs LOG MESSAGE DESCRIPTION "This message is sent by the system ("RAS" displays as <Facility*8 + Severity>Mon dd the system name if you haven’t configured one) when the hr:mm:ss hostname router generates a syslog. The facility is defined in the web src="<srcIP:srcPort>"...
  • Page 250 Chapter 18 Logs P-660HW-Dx User’s Guide...

  • Page 251: Tools

    H A P T E R Tools This chapter describes how to upload new firmware, manage configuration and restart your ZyXEL Device. 19.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin".

  • Page 252: Figure 140 Firmware Upload In Progress

    Chapter 19 Tools Table 113 Firmware Upgrade (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.

  • Page 253: Configuration Screen

    Chapter 19 Tools Figure 142 Error Message 19.2 Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 143 Configuration 19.2.1 Backup Configuration Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer.

  • Page 254: Restore Configuration

    Chapter 19 Tools 19.2.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 114 Maintenance Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find Browse...

  • Page 255: Back To Factory Defaults

    Chapter 19 Tools Figure 146 Configuration Restore Error 19.2.3 Back to Factory Defaults Pressing the RESET button in this section clears all user-entered configuration information and returns the ZyXEL Device to its factory defaults. You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device.
  • Page 256 Chapter 19 Tools P-660HW-Dx User’s Guide...

  • Page 257: Diagnostic

    H A P T E R Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 20.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 148 Diagnostic: General The following table describes the fields in this screen. Table 115 Diagnostic: General LABEL DESCRIPTION...

  • Page 258: Figure 149 Diagnostic: Dsl Line

    Chapter 20 Diagnostic Figure 149 Diagnostic: DSL Line The following table describes the fields in this screen. Table 116 Diagnostic: DSL Line LABEL DESCRIPTION ATM Status Click this button to view ATM status. ATM Loopback Click this button to start the ATM loopback test. Make sure you have configured at Test least one PVC with proper VPIs/VCIs before you begin this test.

  • Page 259: Troubleshooting

    H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access 21.1 Power, Hardware Connections, and LEDs The ZyXEL Device does not turn on.

  • Page 260: Zyxel Device Access And Login

    Chapter 21 Troubleshooting 21.2 ZyXEL Device Access and Login I forgot the IP address for the ZyXEL Device. • The default IP address is 192.168.1.1. 6 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer.

  • Page 261: Internet Access

    Chapter 21 Troubleshooting 5 Reset the device to its factory defaults, and try to access the ZyXEL Device with the default IP address. See Section 2.3 on page 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.
  • Page 262 Chapter 21 Troubleshooting 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.4 on page 2 If your ISP gave you Internet connection information, make sure you entered it correctly in the Network >...

  • Page 263: Appendices And Index

    Appendices and Index Product Specifications and Wall Mounting (265) Wireless LANs (271) Setting up Your Computer’s IP Address (285) IP Addresses and Subnetting (301) Firewall Commands (309) Internal SPTGEN (315) Command Interpreter (331) Pop-up Windows, JavaScripts and Java Permissions (333) NetBIOS Filter Commands (339) Splitters and Microfilters (341) Triangle Route (345)

  • Page 265: Appendix A Product Specifications And Wall Mounting

    P P E N D I X Product Specifications and Wall Mounting Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features.M4 Table 117 Hardware Specifications Dimensions (W x D x H) 180 x 128 x 36 mm Power Specification 12V AC 1A Built-in Switch...
  • Page 266 Appendix A Product Specifications and Wall Mounting Table 118 Firmware Specifications FEATURE DESCRIPTION Configuration Backup & Make a copy of the ZyXEL Device’s configuration. You can put it back on Restoration the ZyXEL Device later if you decide to revert back to an earlier configuration.

  • Page 267: Table 119 Wireless Firmware Specifications

    Appendix A Product Specifications and Wall Mounting Table 118 Firmware Specifications FEATURE DESCRIPTION Any IP The Any IP feature allows one computer to connect to the ZyXEL Device (and then to other computers) when their IP addresses are in different subnets.
  • Page 268 Appendix A Product Specifications and Wall Mounting Table 120 Standards Supported (continued) STANDARD DESCRIPTION RFC 1305 Network Time Protocol (NTP version 3) RFC 1441 SNMPv2 Simple Network Management Protocol version 2 RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 RFC 1631 IP Network Address Translator (NAT) RFC 1661...

  • Page 269: Figure 150 Wall-Mounting Example

    Appendix A Product Specifications and Wall Mounting Wall-mounting Instructions Complete the following steps to hang your ZyXEL Device on a wall. See the Hardware Specifications table for the size of screws to use and how far apart to place them. 1 Select a high position on a sturdy wall that is free of obstructions.

  • Page 270: Figure 151 Masonry Plug And M4 Tap Screw

    Appendix A Product Specifications and Wall Mounting Figure 151 Masonry Plug and M4 Tap Screw P-660HW-Dx User’s Guide...

  • Page 271: Appendix B Wireless Lans

    P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).

  • Page 272: Figure 153 Basic Service Set

    Appendix B Wireless LANs Figure 153 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.

  • Page 273: Figure 154 Infrastructure Wlan

    Appendix B Wireless LANs Figure 154 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference.

  • Page 274: Figure 155 Rts/Cts

    Appendix B Wireless LANs Figure 155 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.

  • Page 275: Table 121 Ieee 802.11G

    Appendix B Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver.

  • Page 276: Table 122 Wireless Security Levels

    Appendix B Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.

  • Page 277: Eap Authentication

    Appendix B Wireless LANs Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
  • Page 278 Appendix B Wireless LANs For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.

  • Page 279: Table 123 Comparison Of Eap Authentication Types

    Appendix B Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen.
  • Page 280 Appendix B Wireless LANs Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP.

  • Page 281: Figure 156 Wpa(2) With Radius Application Example

    Appendix B Wireless LANs Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client.

  • Page 282: Figure 157 Wpa(2)-Psk Authentication

    Appendix B Wireless LANs 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys.

  • Page 283: Antenna Overview

    Appendix B Wireless LANs Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN.
  • Page 284 Appendix B Wireless LANs Positioning Antennas In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. For omni-directional antennas mounted on a table, desk, and so on, point the antenna up.

  • Page 285: Appendix C Setting Up Your Computer's Ip Address

    P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.

  • Page 286: Figure 158 Windows 95/98/Me: Network: Configuration

    Appendix C Setting up Your Computer’s IP Address Figure 158 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.

  • Page 287: Figure 159 Windows 95/98/Me: Tcp/Ip Properties: Ip Address

    Appendix C Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. •...

  • Page 288: Figure 160 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration

    Appendix C Setting up Your Computer’s IP Address Figure 160 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.

  • Page 289: Figure 161 Windows Xp: Start Menu

    Appendix C Setting up Your Computer’s IP Address Figure 161 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 162 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-660HW-Dx User’s Guide...

  • Page 290: Figure 163 Windows Xp: Control Panel: Network Connections: Properties

    Appendix C Setting up Your Computer’s IP Address Figure 163 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 164 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).

  • Page 291: Figure 165 Windows Xp: Internet Protocol (Tcp/Ip) Properties

    Appendix C Setting up Your Computer’s IP Address Figure 165 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...

  • Page 292: Figure 166 Windows Xp: Advanced Tcp/Ip Properties

    Appendix C Setting up Your Computer’s IP Address Figure 166 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).

  • Page 293: Figure 167 Windows Xp: Internet Protocol (Tcp/Ip) Properties

    Appendix C Setting up Your Computer’s IP Address Figure 167 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.

  • Page 294: Figure 168 Macintosh Os 8/9: Apple Menu

    Appendix C Setting up Your Computer’s IP Address Figure 168 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 169 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: •...

  • Page 295: Figure 170 Macintosh Os X: Apple Menu

    Appendix C Setting up Your Computer’s IP Address • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel.

  • Page 296: Figure 171 Macintosh Os X: Network

    Appendix C Setting up Your Computer’s IP Address Figure 171 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...

  • Page 297: Figure 172 Red Hat 9.0: Kde: Network Configuration: Devices

    Appendix C Setting up Your Computer’s IP Address Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.

  • Page 298: Figure 174 Red Hat 9.0: Kde: Network Configuration: Dns

    Appendix C Setting up Your Computer’s IP Address • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.

  • Page 299: Figure 176 Red Hat 9.0: Dynamic Ip Address Setting In Ifconfig-Eth0

    Appendix C Setting up Your Computer’s IP Address Figure 176 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter in the field. Type static BOOTPROTO= = followed by the IP address (in dotted decimal notation) and type IPADDR NETMASK...

  • Page 300: Figure 180 Red Hat 9.0: Checking Tcp/Ip Properties

    Appendix C Setting up Your Computer’s IP Address Verifying Settings Enter in a terminal screen to check your TCP/IP properties. ifconfig Figure 180 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1...

  • Page 301: Appendix D Ip Addresses And Subnetting

    P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.

  • Page 302: Figure 181 Network Number And Host Id

    Appendix D IP Addresses and Subnetting Figure 181 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).

  • Page 303: Table 126 Subnet Masks

    Appendix D IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 126 Subnet Masks BINARY DECIMAL 4TH OCTET OCTET...

  • Page 304: Figure 182 Subnetting Example: Before Subnetting

    Appendix D IP Addresses and Subnetting Table 128 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.192 1100 0000 255.255.255.224 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.

  • Page 305: Figure 183 Subnetting Example: After Subnetting

    Appendix D IP Addresses and Subnetting Figure 183 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).

  • Page 306: Table 130 Subnet 2

    Appendix D IP Addresses and Subnetting Table 130 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 131 Subnet 3...

  • Page 307: Table 134 24-Bit Network Number Subnet Planning

    Appendix D IP Addresses and Subnetting Table 133 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 134 24-bit Network Number Subnet Planning NO.

  • Page 308: Configuring Ip Addresses

    Appendix D IP Addresses and Subnetting Table 135 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.

  • Page 309: Appendix E Firewall Commands

    P P E N D I X Firewall Commands The following describes the firewall commands. Table 136 Firewall Commands FUNCTION COMMAND DESCRIPTION Firewall SetUp This command turns the firewall on or off. config edit firewall active <yes | no> This command returns the previously saved config retrieve firewall firewall settings.
  • Page 310 Appendix E Firewall Commands Table 136 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION Edit E-mail This command sets the IP address to which config edit firewall e-mail the e-mail messages are sent. mail-server <ip address of mail server> This command sets the source e-mail config edit firewall e-mail address of the firewall e-mails.
  • Page 311 Appendix E Firewall Commands Table 136 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets the threshold rate of new config edit firewall attack half-open sessions per minute where the minute-high <0-255> ZyXEL Device starts deleting old half-opened sessions until it gets them down to the minute-low threshold.
  • Page 312 Appendix E Firewall Commands Table 136 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets how long ZyXEL Device Config edit firewall set <set lets an inactive TCP connection remain open #> tcp-idle-timeout <seconds> before considering it closed. This command sets whether or not the ZyXEL Config edit firewall set <set Device creates logs for packets that match #>...
  • Page 313 Appendix E Firewall Commands Table 136 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets the rule to have the config edit firewall set <set ZyXEL Device check for traffic with this #> rule <rule #> destaddr- individual destination address. single <ip address>...
  • Page 314 Appendix E Firewall Commands Table 136 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command removes the specified rule in a config delete firewall set firewall configuration set. <set #> rule<rule #> P-660HW-Dx User’s Guide...

  • Page 315: Appendix F Internal Sptgen

    P P E N D I X Internal SPTGEN This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices.

  • Page 316: Figure 185 Invalid Parameter Entered: Command Line Example

    Appendix F Internal SPTGEN DO NOT alter or delete any field except parameters in the Input column. This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space.

  • Page 317: Figure 187 Internal Sptgen Ftp Download Example

    Appendix F Internal SPTGEN Figure 187 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp>...

  • Page 318: Table 137 Abbreviations Used In The Example Internal Sptgen Screens Table

    Appendix F Internal SPTGEN Example Internal SPTGEN Menus This section provides example Internal SPTGEN menus. Table 137 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number Field Name Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device.
  • Page 319 Appendix F Internal SPTGEN Table 139 Menu 3 / Menu 3.2 TCP/IP and DHCP Ethernet Setup INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> 30200002 = Client IP Pool Starting Address 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server...

  • Page 320: Table 140 Menu 4 Internet Access Setup

    Appendix F Internal SPTGEN Table 139 Menu 3 30201008 = IP Alias #1 Incoming protocol filters = 256 Set 3 30201009 = IP Alias #1 Incoming protocol filters = 256 Set 4 30201010 = IP Alias #1 Outgoing protocol filters = 256 Set 1 30201011 =...
  • Page 321 Appendix F Internal SPTGEN Table 140 Menu 4 Internet Access Setup (continued) 40000001 = <0(No) | 1(Yes)> 40000002 = Active <0(No) | 1(Yes)> 40000003 = ISP's Name = ChangeMe 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> 40000005 = Multiplexing <1(LLC-based)

  • Page 322: Table 141 Menu 12

    Appendix F Internal SPTGEN Table 140 Menu 4 Internet Access Setup (continued) 40000031= RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> 40000033= Nailed-up Connection <0(No) |1(Yes)> Table 141 Menu 12 / Menu 12.1.1 IP Static Route Setup INPUT 120101001 =...
  • Page 323 Appendix F Internal SPTGEN Table 142 Menu 15 SUA Server Setup (continued) 150000004 = SUA Server #2 Port Start 150000005 = SUA Server #2 Port End 150000006 = SUA Server #2 Local IP address = 0.0.0.0 150000007 = SUA Server #3 Active <0(No) | 1(Yes)>...

  • Page 324: Table 143 Menu 21.1 Filter Set #1

    Appendix F Internal SPTGEN Table 142 Menu 15 SUA Server Setup (continued) 150000038 = SUA Server #9 Protocol <0(All)|6(TCP)|17(U DP)> 150000039 = SUA Server #9 Port Start 150000040 = SUA Server #9 Port End 150000041 = SUA Server #9 Local IP address = 0.0.0.0 150000042 = SUA Server #10 Active...

  • Page 325: Table 144 Menu 21.1 Filer Set #2

    Appendix F Internal SPTGEN Table 143 Menu 21.1 Filter Set #1 (continued) 210101009 = IP Filter Set 1,Rule 1 Src Subnet Mask 210101010 = IP Filter Set 1,Rule 1 Src Port 210101011 = IP Filter Set 1,Rule 1 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4(...
  • Page 326 Appendix F Internal SPTGEN Table 144 Menu 21.1 Filer Set #2, (continued) INPUT 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/ IP)> 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> 210201003 = IP Filter Set 2, Rule 1 Protocol 210201004 = IP Filter Set 2, Rule 1 Dest IP = 0.0.0.0...

  • Page 327: Table 145 Menu 23 System Menus

    Appendix F Internal SPTGEN Table 144 Menu 21.1 Filer Set #2, (continued) 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask 210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port <0(none)|1(equal)| Comp 2(not...

  • Page 328: Table 146 Menu 24.11 Remote Management Control

    Appendix F Internal SPTGEN Table 145 Menu 23 System Menus (continued) 230400002 = ReAuthentication Timer (in second) = 555 230400003 = Idle Timeout (in second) = 999 230400004 = Authentication Databases <0(Local User Database Only) |1(RADIUS Only) |2(Local,RADIUS) |3(RADIUS,Local)> 230400005 = Key Management Protocol <0(8021x) |1(WPA) |2(WPAPSK)>...

  • Page 329: Table 147 Command Examples

    Appendix F Internal SPTGEN Command Examples The following are example Internal SPTGEN screens associated with the ZyXEL Device’s command interpreter commands. Table 147 Command Examples INPUT /ci command (for annex a): wan adsl opencmd INPUT 990000001 = ADSL OPMD <0(glite)|1(t1.413 )|2(gdmt)|3(multim ode)>...
  • Page 330 Appendix F Internal SPTGEN P-660HW-Dx User’s Guide...

  • Page 331: Appendix G Command Interpreter

    P P E N D I X Command Interpreter The following describes how to use the command interpreter. You can telnet to access the CLI (Command Line Interface) on the ZyXEL Device. See the included disk or zyxel.com for more detailed information on these commands. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
  • Page 332 Appendix G Command Interpreter P-660HW-Dx User’s Guide...

  • Page 333: Appendix H Pop-Up Windows, Javascripts And Java Permissions

    P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.

  • Page 334: Figure 190 Internet Options: Privacy

    Appendix H Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 190 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.

  • Page 335: Figure 191 Internet Options: Privacy

    Appendix H Pop-up Windows, JavaScripts and Java Permissions Figure 191 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 192 Pop-up Blocker Settings P-660HW-Dx User’s Guide...

  • Page 336: Figure 193 Internet Options: Security

    Appendix H Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.

  • Page 337: Figure 194 Security Settings - Java Scripting

    Appendix H Pop-up Windows, JavaScripts and Java Permissions Figure 194 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.

  • Page 338: Figure 196 Java (Sun)

    Appendix H Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 196 Java (Sun) P-660HW-Dx User’s Guide...

  • Page 339: Appendix I Netbios Filter Commands

    P P E N D I X NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.

  • Page 340: Table 148 Netbios Filter Default Settings

    Appendix I NetBIOS Filter Commands The filter types and their default settings are as follows. Table 148 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN This field displays whether NetBIOS packets are blocked or forwarded Block and WAN between the LAN and the WAN. IPSec Packets This field displays whether NetBIOS packets sent through a VPN Forward connection are blocked or forwarded.

  • Page 341: Appendix J Splitters And Microfilters

    P P E N D I X Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals.

  • Page 342: Figure 198 Connecting A Microfilter

    Appendix J Splitters and Microfilters 2 Connect a cable from the wall jack to the “wall side” of the microfilter. 3 Connect the “phone side” of the microfilter to your telephone as shown in the following figure. 4 After you are done, make sure that your telephone works. If your telephone does not work, disconnect the microfilter and contact either your local telephone company or the provider of the microfilter.

  • Page 343: Figure 200 Zyxel Device With Isdn

    Appendix J Splitters and Microfilters ZyXEL Device With ISDN This section relates to people who use their ZyXEL Device with ADSL over ISDN (digital telephone service) only. The following is an example installation for the ZyXEL Device with ISDN. Figure 200 ZyXEL Device with ISDN P-660HW-Dx User’s Guide...
  • Page 344 Appendix J Splitters and Microfilters P-660HW-Dx User’s Guide...

  • Page 345: Appendix K Triangle Route

    P P E N D I X Triangle Route The Ideal Setup When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks.

  • Page 346: Figure 202 "Triangle Route" Problem

    Appendix K Triangle Route Figure 202 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.

  • Page 347: Copyright

    ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
  • Page 348 Appendix L Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.

  • Page 349: Zyxel Limited Warranty

    Appendix L Legal Information 3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
  • Page 350 Appendix L Legal Information P-660HW-Dx User’s Guide...

  • Page 351: Customer Support

    • Sales E-mail: sales@zyxel.com.tw • Telephone: +886-3-578-3942 • Fax: +886-3-578-2439 • Web: www.zyxel.com, www.europe.zyxel.com • FTP: ftp.zyxel.com, ftp.europe.zyxel.com • Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, Taiwan Costa Rica • Support E-mail: soporte@zyxel.co.cr • Sales E-mail: sales@zyxel.co.cr •...
  • Page 352 Appendix M Customer Support • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk • Telephone: +45-39-55-07-00 • Fax: +45-39-55-07-07 • Web: www.zyxel.dk • Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark Finland •...
  • Page 353 Appendix M Customer Support India • Support E-mail: support@zyxel.in • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan •...
  • Page 354 Appendix M Customer Support • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no • Telephone: +47-22-80-61-80 • Fax: +47-22-80-61-81 • Web: www.zyxel.no • Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway Poland •...
  • Page 355 • Sales E-mail: sales@zyxel.co.uk • Telephone: +44-1344-303044, 08707-555779 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • FTP: ftp.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) P-660HW-Dx User’s Guide...
  • Page 356 Appendix M Customer Support P-660HW-Dx User’s Guide...
  • Page 357 Index Index backup gateway backup settings backup type AAL5 bandwidth access point budget see AP bandwidth management 67, 187 Address Resolution Protocol bandwidth manager see ARP class configuration ADSL monitor standards summary ADSL line Basic Service Set, See BSS reinitialize Basic wireless security ADSL standards blocking time...
  • Page 358 Index see CBR copyright EAP Authentication CTS (Clear to Send) ECHO custom ports E-Mail creating / editing e-mail customer support log example customized services Encapsulated Routing Link Protocol see ENET ENCAP encapsulation 75, 76 PPP over Ethernet PPPoA RFC 1483 encryption 107, 110, 280 date and time settings...
  • Page 359 Index rule logic See IANA rule security ramifications see IANA services Internet Control Message Protocol types see ICMP when to use Internet Group Multicast Protocol firmware 33, 251 see IGMP upgrade IP address 95, 134, 135, 136, 265 upload IP address assignment upload error ENET ENCAP fragmentation threshold...
  • Page 360 Index using the command interface. See command interface. maximize bandwidth usage packet filtering Maximum Burst Size when to use see MBS packet filtering firewalls max-incomplete high Pairwise Master Key (PMK) 280, 282 max-incomplete low 78, 83, 88 79, 83, 88 Peak Cell Rate media access control see PCR...
  • Page 361 Index remote management limitations setup, general reset Single User Account see SUA reset button resetting the ZyXEL device restart 251, 255 SIP application layer gateway restore configuration SMTP restore settings smurf RFC 1483 SNMP 134, 207 RFC 1631 manager RFC-1483 MIBs RFC-2364 source address...
  • Page 362 Index temperature see VC Temporal Key Integrity Protocol (TKIP) Virtual Path Identifier see VPI TFTP restrictions Voice over IP three-way handshake see VoIP threshold values VoIP time and date settings timeout tools traceroute trademarks traffic redirect 89, 91, 267 traffic shaping wall-mounting transmission rates triangle route...
  • Page 363 Index user authentication vs WPA2-PSK wireless client supplicant with RADIUS application example WPA2-Pre-Shared Key WPA2-PSK 279, 280 application example WPA-PSK 279, 280 application example zero configuration Internet access ZyXEL’s firewall introduction P-660HW-Dx User’s Guide...
  • Page 364 Index P-660HW-Dx User’s Guide...

Table of Contents