Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router P-660HW-Dx User’s Guide...
Safety Warnings Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Table of Contents Table of Contents About This User's Guide ......................3 Document Conventions......................4 Safety Warnings........................6 Contents Overview ........................9 Table of Contents........................11 List of Figures ......................... 21 List of Tables........................... 27 Part I: Introduction................. 31 Chapter 1 Introducing the ZyXEL Device ....................
Page 12
Table of Contents 2.4.7 Changing Login Password ..................49 Part II: Wizards ..................51 Chapter 3 Wizard Setup for Internet Access..................53 3.1 Introduction .......................... 53 3.2 Internet Access Wizard Setup ..................... 53 3.2.1 Automatic Detection ....................55 3.2.2 Manual Configuration ....................55 3.3 Wireless Connection Wizard Setup ..................
Page 13
Table of Contents 5.6.2 Configuring More Connections Advanced Setup ............88 5.7 Traffic Redirect ........................89 5.8 Configuring WAN Backup ....................89 Chapter 6 LAN Setup..........................93 6.1 LAN Overview ........................93 6.1.1 LANs, WANs and the ZyXEL Device ................93 6.1.2 DHCP Setup .......................
Page 19
Table of Contents Appendix L Legal Information....................347 Appendix M Customer Support .................... 351 Index............................357 P-660HW-Dx User’s Guide...
Page 20
Table of Contents P-660HW-Dx User’s Guide...
List of Figures List of Figures Figure 1 Protected Internet Access Applications ..................34 Figure 2 LAN-to-LAN Application Example .................... 34 Figure 3 Front Panel ..........................35 Figure 4 Password Screen ........................38 Figure 5 User status screen ........................38 Figure 6 Change Password at Login ......................
Page 22
List of Figures Figure 39 Example of Traffic Shaping ....................79 Figure 40 Internet Connection (PPPoE) ....................81 Figure 41 Advanced Internet Connection Setup ..................83 Figure 42 More Connections ........................84 Figure 43 More Connections Edit ......................86 Figure 44 More Connections Advanced Setup ..................88 Figure 45 Traffic Redirect Example ......................
Page 24
List of Figures Figure 125 Network Connections ......................218 Figure 126 Internet Connection Properties ..................219 Figure 127 Internet Connection Properties: Advanced Settings ............219 Figure 128 Internet Connection Properties: Advanced Settings: Add ..........220 Figure 129 System Tray Icon ........................ 220 Figure 130 Internet Connection Status ....................
Page 25
List of Figures Figure 168 Macintosh OS 8/9: Apple Menu ..................294 Figure 169 Macintosh OS 8/9: TCP/IP ....................294 Figure 170 Macintosh OS X: Apple Menu .................... 295 Figure 171 Macintosh OS X: Network ....................296 Figure 172 Red Hat 9.0: KDE: Network Configuration: Devices ............297 Figure 173 Red Hat 9.0: KDE: Ethernet Device: General ..............
Page 26
List of Figures P-660HW-Dx User’s Guide...
List of Tables List of Tables Table 1 ADSL Standards ........................34 Table 2 Front Panel LEDs ........................36 Table 3 Web Configurator Screens Summary ..................41 Table 4 Status Screen ..........................44 Table 5 Status: Any IP Table ........................46 Table 6 Status: WLAN Status .........................
Page 30
List of Tables Table 125 IP Address Network Number and Host ID Example ............302 Table 126 Subnet Masks ........................303 Table 127 Maximum Host Numbers ....................303 Table 128 Alternative Subnet Mask Notation ..................303 Table 129 Subnet 1 ..........................305 Table 130 Subnet 2 ..........................
H A P T E R Introducing the ZyXEL Device This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways you can manage the ZyXEL Device. 1.1 Overview The ZyXEL Device is an IEEE 802.11b/g wireless ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS), digital (ISDN) telephone lines (depending on your model) or by wireless.
Chapter 1 Introducing the ZyXEL Device Figure 1 Protected Internet Access Applications You can also use the ZyXEL Device to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application example is shown as follows. Figure 2 LAN-to-LAN Application Example The ZyXEL Device is compatible with the ADSL/ADSL2/ADSL2+ standards.
Chapter 1 Introducing the ZyXEL Device 1.2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. •...
Chapter 1 Introducing the ZyXEL Device The following table describes the LEDs. Table 2 Front Panel LEDs COLOR STATUS DESCRIPTION POWER Green The ZyXEL Device is receiving power and functioning properly. Blinking The ZyXEL Device is rebooting or performing diagnostics. Power to the ZyXEL Device is too low.
H A P T E R Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
Chapter 2 Introducing the Web Configurator 5 A window displays as shown. Figure 4 Password Screen 2.2.1 User Access 1 For user access enter the default user password user to view the status only. The following window will appear. Figure 5 User status screen 2.2.2 Administrator Access 1 For administrator access enter the default admin password 1234 to configure the wizards and the advanced features.
Chapter 2 Introducing the Web Configurator confirm and click Apply. Alternatively click Ignore to proceed to the main menu if you do not want to change the password now. If you do not change the password at least once, the following screen appears every time you log in with the admin password.
Chapter 2 Introducing the Web Configurator The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens. 2.3 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration file.
Chapter 2 Introducing the Web Configurator Figure 8 Web Configurator: Main Screen Click the Logout icon at any ti to exit the web configurator. Use the submenus to configure ZyXEL Device features. Click the icon (located in the top right corner of most screens) to view embedded help.
Page 42
Chapter 2 Introducing the Web Configurator Table 3 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION Use this screen to configure LAN TCP/IP settings, enable Any IP and other advanced properties. DHCP Setup Use this screen to configure LAN DHCP settings. Client List Use this screen to view current DHCP client information and to always assign an IP address to a MAC address (and host...
Chapter 2 Introducing the Web Configurator Table 3 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION Remote MGMT Use this screen to configure through which interface(s) and from which IP address(es) users can use HTTPS or HTTP to manage the ZyXEL Device. Telnet Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the...
Chapter 2 Introducing the Web Configurator Figure 9 Status Screen The following table describes the labels shown in the Status screen. Table 4 Status Screen LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics.
Page 45
Chapter 2 Introducing the Web Configurator Table 4 Status Screen (continued) LABEL DESCRIPTION IP Subnet Mask This is the LAN port IP subnet mask. DHCP This is the WAN port DHCP role - Server, Relay or None. WLAN Information (Wireless devices only) SSID This is the descriptive name used to identify the ZyXEL Device in the wireless LAN.
Chapter 2 Introducing the Web Configurator 2.4.3 Status: Any IP Table Click the Any IP Table hyperlink in the Status screen. The Any IP table shows current read- only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the ZyXEL Device.
Chapter 2 Introducing the Web Configurator The following table describes the labels in this screen. Table 6 Status: WLAN Status LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station.
Chapter 2 Introducing the Web Configurator Figure 13 Status: Packet Statistics The following table describes the fields in this screen. Table 7 Status: Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device’s present date and time.
Chapter 2 Introducing the Web Configurator Table 7 Status: Packet Statistics (continued) LABEL DESCRIPTION LAN Port Statistics Interface This field displays the type of port. Status This field displays Down (line is down), Up (line is up or connected) if you're using Ethernet encapsulation and Down (line is down), Up (line is up or connected), Idle (line (ppp) idle), Dial (starting to trigger a call) and Drop (dropping a call) if you're using PPPoE encapsulation.
Page 50
Chapter 2 Introducing the Web Configurator P-660HW-Dx User’s Guide...
H A P T E R Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP.
Chapter 3 Wizard Setup for Internet Access Figure 16 Wizard: Welcome 3 The wizard attempts to detect which WAN connection type you are using. If the wizard detects your connection type and your ISP uses PPPoE or PPPoA, go to Section 3.2.1 on page 55.
Chapter 3 Wizard Setup for Internet Access Figure 18 Auto Detection: Failed 3.2.1 Automatic Detection 1 If you have a PPPoE or PPPoA connection, a screen displays prompting you to enter your Internet account information. Enter the username, password and/or service name exactly as provided.
Chapter 3 Wizard Setup for Internet Access Figure 20 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 8 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account.
Chapter 3 Wizard Setup for Internet Access Figure 21 Internet Connection with PPPoE The following table describes the fields in this screen. Table 9 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
Chapter 3 Wizard Setup for Internet Access Table 10 Internet Connection with RFC 1483 (continued) LABEL DESCRIPTION Next Click Next to continue to the next wizard screen. Exit Click Exit to close the wizard screen without saving your changes. Figure 23 Internet Connection with ENET ENCAP The following table describes the fields in this screen.
Chapter 3 Wizard Setup for Internet Access Figure 24 Internet Connection with PPPoA The following table describes the fields in this screen. Table 12 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above.
Chapter 3 Wizard Setup for Internet Access Figure 26 Connection Test Failed-2. 3.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6.
Chapter 3 Wizard Setup for Internet Access Figure 28 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. Table 13 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Enable OTIST Select the check box to enable OTIST if you want to transfer your ZyXEL Device’s SSID and WPA-PSK security settings to wireless clients that support...
Chapter 3 Wizard Setup for Internet Access Figure 29 Wireless LAN Setup Wizard 2 The following table describes the labels in this screen. Table 14 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Network Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless Name(SSID) LAN.
Chapter 3 Wizard Setup for Internet Access The wireless stations and ZyXEL Device must use the same SSID, channel ID and WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) for wireless communication. 4 This screen varies depending on the security mode you selected in the previous screen. Fill in the field (if available) and click Next.
Chapter 3 Wizard Setup for Internet Access Figure 31 Manually assign a WEP key The following table describes the labels in this screen. Table 16 Manually assign a WEP key LABEL DESCRIPTION The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission.
Chapter 3 Wizard Setup for Internet Access 6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. Figure 33 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com.
Page 66
Chapter 3 Wizard Setup for Internet Access P-660HW-Dx User’s Guide...
H A P T E R Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 4.1 Introduction Bandwidth management allows you to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements.
Chapter 4 Bandwidth Management Wizard Table 17 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION NetMeeting A multimedia communications product from Microsoft that enables groups to (H.323) teleconference and videoconference over the Internet. NetMeeting supports VoIP, text chat sessions, a whiteboard, file transfers and application sharing. NetMeeting uses H.323.
Chapter 4 Bandwidth Management Wizard 2 Click BANDWIDTH MANAGEMENT SETUP to configure the system for Internet access. Figure 35 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the service requirements. Figure 36 Bandwidth Management Wizard: General Information The following fields describe the label in this screen.
Chapter 4 Bandwidth Management Wizard Table 18 Bandwidth Management Wizard: General Information LABEL DESCRIPTION Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 4 Use the second wizard screen to select the services that you want to apply bandwidth management and select the priorities that you want to apply to the services listed.
Chapter 4 Bandwidth Management Wizard Table 19 Bandwidth Management Wizard: Configuration LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration.
H A P T E R WAN Setup This chapter describes how to configure WAN settings. 5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 5.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods.
Chapter 5 WAN Setup 5.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The ZyXEL Device encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP) DSLAM (digital access multiplexer).
Chapter 5 WAN Setup 5.1.3.2 Scenario 2: One VC, One Protocol (IP) Selecting RFC-1483 encapsulation with VC-based multiplexing requires the least amount of overhead (0 octets). However, if there is a potential need for multiple protocol support in the future, it may be safer to select PPPoA encapsulation instead of RFC-1483, so you do not need to reconfigure either computer later.
Chapter 5 WAN Setup Do not specify a nailed-up connection unless your telephone company offers flat-rate service or you need a constant connection and the cost is of no concern 5.1.7 NAT NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Chapter 5 WAN Setup Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR.
Chapter 5 WAN Setup The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level.
Chapter 5 WAN Setup Figure 40 Internet Connection (PPPoE) The following table describes the labels in this screen. Table 20 Internet Connection LABEL DESCRIPTION General Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Chapter 5 WAN Setup Table 20 Internet Connection (continued) LABEL DESCRIPTION The valid range for the VPI is 0 to 255. Enter the VPI assigned to you. The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic).
Chapter 5 WAN Setup Figure 41 Advanced Internet Connection Setup The following table describes the labels in this screen. Table 21 Advanced Internet Connection Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.
Chapter 5 WAN Setup Table 21 Advanced Internet Connection Setup (continued) LABEL DESCRIPTION Zero This feature is not applicable/available when you configure the ZyXEL Device to Configuration use a static WAN IP address or in bridge mode. Select Yes to set the ZyXEL Device to automatically detect the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and make the necessary configuration changes.
Chapter 5 WAN Setup The following table describes the labels in this screen. Table 22 More Connections LABEL DESCRIPTION This is the index number of a connection. Active This display whether this connection is activated. Clear the check box to disable the connection.
Chapter 5 WAN Setup Figure 43 More Connections Edit The following table describes the labels in this screen. Table 23 More Connections Edit LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection.
Page 87
Chapter 5 WAN Setup Table 23 More Connections Edit (continued) LABEL DESCRIPTION Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. By prior agreement, a protocol is assigned a specific virtual circuit, for example, VC1 will carry IP.
Chapter 5 WAN Setup 5.6.2 Configuring More Connections Advanced Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 44 More Connections Advanced Setup The following table describes the labels in this screen.
Chapter 5 WAN Setup 5.7 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below. Figure 45 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN.
Chapter 5 WAN Setup Figure 47 WAN Backup Setup The following table describes the labels in this screen. Table 25 WAN Backup Setup LABEL DESCRIPTION WAN Backup Setup Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
Page 91
Chapter 5 WAN Setup Table 25 WAN Backup Setup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your ZyXEL Device to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request.
Page 92
Chapter 5 WAN Setup P-660HW-Dx User’s Guide...
H A P T E R LAN Setup This chapter describes how to configure LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Chapter 6 LAN Setup 6.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients.
Chapter 6 LAN Setup 6.3.1 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Chapter 6 LAN Setup 6.3.2 RIP Setup RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to: • Both - the ZyXEL Device will broadcast its routing table periodically and incorporate the RIP information that it receives.
Chapter 6 LAN Setup 6.3.4 Any IP Traditionally, you must set the IP addresses and the subnet masks of a computer and the ZyXEL Device to be in the same subnet to allow the computer to access the Internet (through the ZyXEL Device).
Chapter 6 LAN Setup The following lists out the steps taken, when a computer tries to access the Internet for the first time through the ZyXEL Device. 1 When a computer (which is in a different subnet) first attempts to access the Internet, it sends packets to its default gateway (which is not the ZyXEL Device) by looking at the MAC address in its ARP table.
Chapter 6 LAN Setup 6.4.1 Configuring Advanced LAN Setup To edit your ZyXEL Device's advanced LAN settings, click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Figure 51 Advanced LAN Setup The following table describes the labels in this screen. Table 27 Advanced LAN Setup LABEL DESCRIPTION...
Chapter 6 LAN Setup Table 27 Advanced LAN Setup (continued) LABEL DESCRIPTION Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 6.5 DHCP Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN.
Chapter 6 LAN Setup Table 28 DHCP Setup LABEL DESCRIPTION DNS Servers The ZyXEL Device passes a DNS (Domain Name System) server IP address to Assigned by DHCP the DHCP clients. Server Primary DNS Server This field is not available when you set DHCP to Relay. Secondary DNS Enter the IP addresses of the DNS servers.
Chapter 6 LAN Setup Table 29 LAN Client List LABEL DESCRIPTION This is the index number of the static IP table entry (row). Status This field displays whether the client is connected to the ZyXEL Device. Host Name This field displays the computer host name. IP Address This field displays the IP address relative to the # field listed above.
Chapter 6 LAN Setup To change your ZyXEL Device’s IP alias settings, click Network > LAN > IP Alias. The screen appears as shown. Figure 55 LAN IP Alias The following table describes the labels in this screen. Table 30 LAN IP Alias LABEL DESCRIPTION IP Alias 1, 2...
Page 104
Chapter 6 LAN Setup Table 30 LAN IP Alias LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-Dx User’s Guide...
H A P T E R Wireless LAN This chapter discusses how to configure the wireless network settings on your ZyXEL Device. See the appendices for more detailed information about wireless networks. 7.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 56 Example of a Wireless Network The wireless network is the part in the blue circle.
Chapter 7 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 7.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
Chapter 7 Wireless LAN • In a RADIUS server: this is a server used in businesses more than in homes. If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.
Chapter 7 Wireless LAN When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA compatible) to support WPA as well. In this case, if some wireless clients support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the ZyXEL Device.
Chapter 7 Wireless LAN The following table describes the general wireless LAN labels in this screen. Table 32 Wireless LAN: General LABEL DESCRIPTION Wireless Setup Active Wireless Click the check box to activate wireless LAN. Network Name (Service Set IDentity) The SSID identifies the Service Set with which a wireless client (SSID) is associated.
Chapter 7 Wireless LAN Figure 58 Wireless: No Security The following table describes the labels in this screen. Table 33 Wireless No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen.
Chapter 7 Wireless LAN Figure 59 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 34 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box. Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate.
Chapter 7 Wireless LAN Figure 60 Wireless: WPA-PSK/WPA2-PSK The following table describes the wireless LAN security labels in this screen. Table 35 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK from the drop-down list box. WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Chapter 7 Wireless LAN Table 35 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Idle Timeout (In The ZyXEL Device automatically disconnects a wireless station from the wireless Seconds) network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again. Some wireless clients may prompt users for a username and password;...
Chapter 7 Wireless LAN Figure 61 Wireless: WPA/WPA2 The following table describes the wireless LAN security labels in this screen. Table 36 Wireless: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Chapter 7 Wireless LAN Table 36 Wireless: WPA/WPA2 (continued) LABEL DESCRIPTION Group Key Update The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ Timer (In Seconds) WPA2-PSK key management) or RADIUS server (if using WPA(2) key management) sends a new group key out to all clients.
Chapter 7 Wireless LAN Figure 62 Advanced The following table describes the labels in this screen. Table 37 Wireless LAN: Advanced LABEL DESCRIPTION Wireless Advanced Setup RTS/CTS Enter a value between 0 and 2432. Threshold Fragmentation This is the maximum data fragment size that can be sent. Enter a value between Threshold 256 and 2432.
Chapter 7 Wireless LAN Table 37 Wireless LAN: Advanced (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. 7.4 OTIST In a wireless network, the wireless clients must have the same SSID and security settings as the access point (AP) or wireless router (we will refer to both as “AP”...
Chapter 7 Wireless LAN 7.4.1.1.2 Web Configurator Click the Network > Wireless LAN > OTIST. The following screen displays. Figure 63 OTIST The following table describes the labels in this screen. Table 38 OTIST LABEL DESCRIPTION Setup Key Type an OTIST Setup Key of exactly eight ASCII characters in length. The default OTIST setup key is "01234567".
Chapter 7 Wireless LAN Figure 64 Example Wireless Client OTIST Screen 7.4.2 Starting OTIST You must click Start in the AP OTIST web configurator screen and in the wireless client(s) Adapter screen all within three minutes (at the time of writing). You can start OTIST in the wireless clients and AP in any order but they must all be within range and have OTIST enabled.
Chapter 7 Wireless LAN Figure 67 OTIST in progress (Client) In the wireless client, you see this screen if it can’t find an OTIST-enabled AP (with the same Setup key). Click OK to go back to the ZyXEL utility main screen. Figure 68 No AP with OTIST Found •...
Chapter 7 Wireless LAN 7.5 MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow) or exclude up to 32 devices from accessing the ZyXEL Device (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Chapter 7 Wireless LAN Table 39 MAC Address Filter LABEL DESCRIPTION Enter the MAC addresses of the wireless client that are allowed or denied access to Address the ZyXEL Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
Chapter 7 Wireless LAN 7.6.3 Services The commonly used services and port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP). The second field indicates the IP port number that defines the service.
Chapter 7 Wireless LAN Table 41 Commonly Used Services SERVICE DESCRIPTION AIM/New-ICQ(TCP:5190) AOL’s Internet Messenger service, used as a listening port by ICQ. AUTH(TCP:113) Authentication protocol used by some servers. BGP(TCP:179) Border Gateway Protocol. BOOTP_CLIENT(UDP:68) DHCP Client. BOOTP_SERVER(UDP:67) DHCP Server. CU-SEEME(TCP/UDP:7648, A popular videoconferencing solution from White Pines Software.
Chapter 7 Wireless LAN Table 41 Commonly Used Services (continued) SERVICE DESCRIPTION REAL_AUDIO(TCP:7070) A streaming audio service that enables real time sound over the web. REXEC(TCP:514) Remote Execution Daemon. RLOGIN(TCP:513) Remote Login. RTELNET(TCP:107) Remote Telnet. RTSP(TCP/UDP:554) The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet.
Chapter 7 Wireless LAN Click Network > Wireless LAN > QoS. The following screen displays. Figure 71 Wireless LAN: QoS The following table describes the fields in this screen. Table 42 Wireless Lan: QoS LABEL DESCRIPTION Enable WMM QoS Select the check box to enable WMM QoS on the ZyXEL Device. WMM QoS Policy Select Default to have the ZyXEL Device automatically give a service a priority level according to the ToS value in the IP header of packets it sends.
Chapter 7 Wireless LAN 7.7.2 Application Priority Configuration To edit a WMM QoS application entry, click the edit icon ( ) under Modify. The following screen displays. Figure 72 Application Priority Configuration The following table describes the fields in this screen. Table 43 Application Priority Configuration LABEL DESCRIPTION...
Page 128
Chapter 7 Wireless LAN Table 43 Application Priority Configuration (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous screen without saving your changes. P-660HW-Dx User’s Guide...
H A P T E R Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the ZyXEL Device. 8.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Chapter 8 Network Address Translation (NAT) Screens 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.
Chapter 8 Network Address Translation (NAT) Screens Figure 74 NAT Application With IP Alias 8.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address.
Chapter 8 Network Address Translation (NAT) Screens 8.4 NAT General Setup You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. Click Network > NAT to open the following screen.
Chapter 8 Network Address Translation (NAT) Screens You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21.
Chapter 8 Network Address Translation (NAT) Screens 8.5.3 Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Chapter 8 Network Address Translation (NAT) Screens Figure 77 NAT Port Forwarding The following table describes the fields in this screen. Table 48 NAT Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen.
Chapter 8 Network Address Translation (NAT) Screens Figure 78 Port Forwarding Rule Setup The following table describes the fields in this screen. Table 49 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this check box to enable the rule. Service Name Enter a name to identify this port-forwarding rule.
Chapter 8 Network Address Translation (NAT) Screens rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9. In the set summary screen, the new rule will be rule 7, not 9. Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6.
Chapter 8 Network Address Translation (NAT) Screens Table 50 Address Mapping Rules (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address.
Chapter 8 Network Address Translation (NAT) Screens The following table describes the fields in this screen. Table 51 Edit Address Mapping Rule LABEL DESCRIPTION Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address.
H A P T E R Firewalls This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 9.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
Chapter 9 Firewalls 9.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts: Information hiding prevents the names of internal systems from being made known via DNS...
Chapter 9 Firewalls 9.3.1 Denial of Service Attacks Figure 81 Firewall Application 9.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Chapter 9 Firewalls 9.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing.
Chapter 9 Firewalls Figure 83 SYN Flood • In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.
Chapter 9 Firewalls 9.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 53 ICMP Commands That Trigger Alerts REDIRECT TIMESTAMP_REQUEST TIMESTAMP_REPLY ADDRESS_MASK_REQUEST ADDRESS_MASK_REPLY 9.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
Chapter 9 Firewalls are allowed in. The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL Device’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet.
Chapter 9 Firewalls 6 Later, an inbound packet reaches the interface. This packet is part of the connection previously established with the outbound packet. The inbound packet is evaluated against the inbound access list, and is permitted because of the temporary access list entry previously created.
Chapter 9 Firewalls If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the Internet. Assuming that this is an acceptable part of the security policy (as is the case with the default policy), the connection will be allowed. A cache entry is added which includes connection information such as IP addresses, TCP ports, sequence numbers, etc.
Chapter 9 Firewalls 9.6 Guidelines for Enhancing Security with Your Firewall • Change the default password via CLI (Command Line Interpreter) or web configurator. • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk.
Chapter 9 Firewalls • Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 9.7 Packet Filtering Vs Firewall Below are some comparisons between the ZyXEL Device’s filtering and firewall functions.
Page 154
Chapter 9 Firewalls • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address. • The firewall performs better than filtering if you need to check many rules. •...
H A P T E R Firewall Configuration This chapter shows you how to enable and configure the ZyXEL Device firewall. 10.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.CLI (Command Line Interpreter) commands provide limited configuration options and are only recommended for advanced users.
Chapter 10 Firewall Configuration If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...
Chapter 10 Firewall Configuration 3 Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will a rule that blocks just certain users be more effective? 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers.
Chapter 10 Firewall Configuration 10.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.
Chapter 10 Firewall Configuration The following table describes the labels in this screen. Table 56 Firewall: General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Chapter 10 Firewall Configuration Figure 87 Firewall Rules The following table describes the labels in this screen. Table 57 Firewall Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using.
Chapter 10 Firewall Configuration Table 57 Firewall Rules (continued) LABEL DESCRIPTION This field shows you whether a log is created when packets match this rule (Yes) or not (No). Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule.
Chapter 10 Firewall Configuration The following table describes the labels in this screen. Table 58 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select what the firewall is to do with packets that Packet match this rule.
Chapter 10 Firewall Configuration Table 58 Firewall: Edit Rule (continued) LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. 10.6.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.
Chapter 10 Firewall Configuration Refer to Section 9.1 on page 143 for more information. Figure 90 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 60 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Chapter 10 Firewall Configuration Figure 91 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Chapter 10 Firewall Configuration Figure 93 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Chapter 10 Firewall Configuration Figure 94 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Chapter 10 Firewall Configuration Figure 95 Firewall Example: Rules: MyService 10.8 Predefined Services The Available Services list box in the Edit Rule screen (see Section 10.6.1 on page 161) displays all predefined services that the ZyXEL Device already supports. Next to the name of the service, two fields appear in brackets.
Page 170
Chapter 10 Firewall Configuration Table 61 Predefined Services (continued) SERVICE DESCRIPTION HTTP(TCP:80) Hyper Text Transfer Protocol - a client/server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICQ(UDP:4000) This is a popular Internet chat program. IPSEC_TRANSPORT/ The IPSEC AH (Authentication Header) tunneling protocol uses this TUNNEL(AH:0)
Chapter 10 Firewall Configuration Table 61 Predefined Services (continued) SERVICE DESCRIPTION SSH(TCP/UDP:22) Secure Shell Remote Login Program. STRMWORKS(UDP:1558) Stream Works Protocol. SYSLOG(UDP:514) Syslog allows you to send system logs to a UNIX server. TACACS(UDP:49) Login Host Protocol used for (Terminal Access Controller Access Control System).
Chapter 10 Firewall Configuration The following table describes the labels in this screen. Table 62 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests.
Chapter 10 Firewall Configuration 10.10.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "half- open" means that the session has not reached the established state-the TCP three-way handshake has not yet been completed (see Figure 82 on page 146).
Chapter 10 Firewall Configuration Figure 97 Firewall: Threshold The following table describes the labels in this screen. Table 63 Firewall: Threshold LABEL DESCRIPTION DEFAULT VALUES Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions 80 existing half-open sessions.
Page 175
Chapter 10 Firewall Configuration Table 63 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES Maximum This is the number of existing half-open 100 existing half-open sessions. Incomplete High sessions that causes the firewall to start The above values causes the deleting half-open sessions. When the ZyXEL Device to start deleting number of existing half-open sessions rises half-open sessions when the...
H A P T E R Content Filtering This chapter covers how to configure content filtering. 11.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Chapter 11 Content Filtering The following table describes the labels in this screen. Table 64 Content Filter: Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature. Block Websites that This box contains the list of all the keywords that you have configured the contain these keywords in ZyXEL Device to block.
Chapter 11 Content Filtering The following table describes the labels in this screen. Table 65 Content Filter: Schedule LABEL DESCRIPTION Schedule Select Active Everyday to Block to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active.
H A P T E R Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 12.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
Chapter 12 Static Route Figure 102 Static Route The following table describes the labels in this screen. Table 67 Static Route LABEL DESCRIPTION This is the number of an individual static route. Active Select the check box to activate this static route. Otherwise, clear the check box. Name This is the name that describes or identifies this route.
Chapter 12 Static Route Figure 103 Static Route Edit The following table describes the labels in this screen. Table 68 Static Route Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route.
H A P T E R Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 13.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet.
Chapter 13 Bandwidth Management Figure 104 Subnet-based Bandwidth Management Example 13.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.
Chapter 13 Bandwidth Management 13.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 13.6 Maximize Bandwidth Usage The maximize bandwidth usage option (see Figure 105 on page 192) allows the ZyXEL Device to divide up any available bandwidth on the interface (including unallocated...
Chapter 13 Bandwidth Management The ZyXEL Device divides up the unbudgeted 2048 kbps among the classes that require more bandwidth. If the administration department only uses 1024 kbps of the budgeted 2048 kbps, the ZyXEL Device also divides the remaining 1024 kbps among the classes that require more bandwidth.
Chapter 13 Bandwidth Management 13.6.3 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the ZyXEL Device forwards out through an interface. Table 73 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.
Chapter 13 Bandwidth Management Figure 105 Bandwidth Management: Summary The following table describes the labels in this screen. Table 75 Media Bandwidth Management: Summary LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.
Chapter 13 Bandwidth Management Click Advanced > Bandwidth MGMT > Rule Setup to open the following screen. Figure 106 Bandwidth Management: Rule Setup The following table describes the labels in this screen. Table 76 Bandwidth Management: Rule Setup LABEL DESCRIPTION Direction Select the direction of traffic to which you want to apply bandwidth management.
Chapter 13 Bandwidth Management 13.10 DiffServ DiffServ is a class of service (CoS) model that marks packets so that they receive specific per- hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired.
Chapter 13 Bandwidth Management Figure 108 Bandwidth Management Rule Configuration The following table describes the labels in this screen. Table 78 Bandwidth Management Rule Configuration LABEL DESCRIPTION Rule Configuration Active Select this check box to have the ZyXEL Device apply this bandwidth management rule.
Page 196
Chapter 13 Bandwidth Management Table 78 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION DiffServ mark Select the marking rule from the drop-down list. The first three digits are the DiffServ code point. A packet with the lowest priority mark will be dropped when the line is busy.
Chapter 13 Bandwidth Management Table 78 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Table 79 Services and Port Numbers SERVICES PORT NUMBER ECHO FTP (File Transfer Protocol)
Chapter 13 Bandwidth Management Figure 109 Bandwidth Management: Monitor Table 80 Bandwidth Management Monitor LABEL DESCRIPTION Monitor This section allows you to select which network to monitor. You may select either a LAN, WLAN, or WAN. After selecting a network to monitor, information on active services and their bandwidth usage will appear.
H A P T E R Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 14.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).
Chapter 14 Dynamic DNS Setup Figure 110 Dynamic DNS The following table describes the fields in this screen. Table 81 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Select the type of service that you are registered for from your Dynamic DNS Type...
Page 201
Chapter 14 Dynamic DNS Setup Table 81 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this option only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. This feature has the DDNS server automatically detect IP detect and use the IP address of the NAT router that has a public IP address.
Page 202
Chapter 14 Dynamic DNS Setup P-660HW-Dx User’s Guide...
H A P T E R Remote Management Configuration This chapter provides information on configuring remote management. 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Chapter 15 Remote Management Configuration 15.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately.
Chapter 15 Remote Management Configuration The following table describes the labels in this screen. Table 82 Remote Management: WWW LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 15 Remote Management Configuration Figure 113 Remote Management: Telnet The following table describes the labels in this screen. Table 83 Remote Management: Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Chapter 15 Remote Management Configuration 15.6 Configuring FTP You can upload and download the ZyXEL Device’s firmware and configuration files using FTP, please see the chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client. To change your ZyXEL Device’s FTP settings, click Advanced >...
Chapter 15 Remote Management Configuration SNMP is only available if TCP/IP is configured. Figure 115 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device).
Chapter 15 Remote Management Configuration 15.7.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 15.7.2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 85 SNMP Traps...
Chapter 15 Remote Management Configuration The following table describes the labels in this screen. Table 86 Remote Management: SNMP LABEL DESCRIPTION SNMP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Chapter 15 Remote Management Configuration Figure 117 Remote Management: DNS The following table describes the labels in this screen. Table 87 Remote Management: DNS LABEL DESCRIPTION Port The DNS service port number is 53. Access Status Select the interface(s) through which a computer may send DNS queries to the ZyXEL Device.
Chapter 15 Remote Management Configuration Figure 118 Remote Management: ICMP The following table describes the labels in this screen. Table 88 Remote Management: ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Chapter 16 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages only on the LAN. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Chapter 16 Universal Plug-and-Play (UPnP) Table 89 Configuring UPnP LABEL DESCRIPTION Allow UPnP to pass through Select this check box to allow traffic from UPnP-enabled applications to Firewall bypass the firewall. Clear this check box to have the firewall block all UPnP application packets (for example, MSN packets).
Chapter 16 Universal Plug-and-Play (UPnP) Figure 121 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. 16.3.2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 123 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 124 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Chapter 16 Universal Plug-and-Play (UPnP) Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. 16.4.1 Auto-discover Your UPnP-enabled Network Device 1 Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 126 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 127 Internet Connection Properties: Advanced Settings P-660HW-Dx User’s Guide...
Chapter 16 Universal Plug-and-Play (UPnP) Figure 128 Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 5 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 130 Internet Connection Status 16.4.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 131 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-660HW-Dx User’s Guide...
Chapter 16 Universal Plug-and-Play (UPnP) Figure 132 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 133 Network Connections: My Network Places: Properties: Example P-660HW-Dx User’s Guide...
H A P T E R System Use this screen to configure the ZyXEL Device’s time and date settings. 17.1 General Setup 17.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
Chapter 17 System Figure 134 System General Setup The following table describes the labels in this screen. Table 90 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name”...
Chapter 17 System Table 90 System General Setup LABEL DESCRIPTION Old Password Type the default admin password (1234) or the existing password you use to access the system for configuring advanced features. New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type.
Chapter 17 System The following table describes the fields in this screen. Table 91 System Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server.
Page 231
Chapter 17 System Table 91 System Time Setting (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the first Sunday of April.
Page 232
Chapter 17 System P-660HW-Dx User’s Guide...
H A P T E R Logs This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 18.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Chapter 18 Logs Figure 136 View Log The following table describes the fields in this screen. Table 92 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.
Chapter 18 Logs Figure 137 Log Settings The following table describes the fields in this screen. Table 93 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Chapter 18 Logs Table 93 Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full • None. If you select Weekly or Daily, specify a time of day when the E-mail should be sent.
Chapter 18 Logs Table 94 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Starting Connectivity Monitor. Starting Connectivity Monitor The router got the time and date from the Daytime server. Time initialized by Daytime Server The router got the time and date from the time server. Time initialized by Time server The router got the time and date from the NTP server.
Chapter 18 Logs Table 96 Access Control Logs (continued) LOG MESSAGE DESCRIPTION The firewall allowed a triangle route session to pass Triangle route packet forwarded: through. [TCP | UDP | IGMP | ESP | GRE | OSPF] The router blocked a packet that didn't have a Packet without a NAT table entry corresponding NAT table entry.
Chapter 18 Logs Table 99 ICMP Logs LOG MESSAGE DESCRIPTION ICMP access matched the default policy and was Firewall default policy: ICMP blocked or forwarded according to the user's setting. For <Packet Direction>, <type:%d>, type and code details, see Table 110 on page 248.
Chapter 18 Logs Table 102 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall. UPnP pass through Firewall Table 103 Content Filtering Logs LOG MESSAGE DESCRIPTION The content of a requested web page matched a user defined %s: Keyword blocking keyword.
Chapter 18 Logs Table 105 IPSec Logs (continued) LOG MESSAGE DESCRIPTION The router dropped a connection that had outbound traffic and no Rule <%d> idle time inbound traffic for a certain time period. You can use the "ipsec timer out, disconnect chk_conn"...
Page 244
Chapter 18 Logs Table 106 IKE Logs (continued) LOG MESSAGE DESCRIPTION IKE uses ISAKMP to transmit data. Each ISAKMP packet Recv <packet> contains many different types of payloads. All of them show in the LOG. Refer to RFC2408 – ISAKMP for a list of all ISAKMP payload types.
Page 245
Chapter 18 Logs Table 106 IKE Logs (continued) LOG MESSAGE DESCRIPTION The listed rule’s IKE phase 1 authentication method did not Rule [%d] Phase 1 match between the router and the peer. authentication method mismatch The listed rule’s IKE phase 1 key group did not match Rule [%d] Phase 1 key group between the router and the peer.
Chapter 18 Logs Table 107 PKI Logs LOG MESSAGE DESCRIPTION The SCEP online certificate enrollment was successful. The Enrollment successful Destination field records the certification authority server IP address and port. The SCEP online certificate enrollment failed. The Destination field Enrollment failed records the certification authority server’s IP address and port.
Chapter 18 Logs Table 108 Certificate Path Verification Failure Reason Codes CODE DESCRIPTION Algorithm mismatch between the certificate and the search constraints. Key usage mismatch between the certificate and the search constraints. Certificate was not valid in the time interval. (Not used) Certificate is not valid.
Chapter 18 Logs Table 110 ICMP Notes TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space...
Chapter 18 Logs Table 111 Syslog Logs LOG MESSAGE DESCRIPTION "This message is sent by the system ("RAS" displays as <Facility*8 + Severity>Mon dd the system name if you haven’t configured one) when the hr:mm:ss hostname router generates a syslog. The facility is defined in the web src="<srcIP:srcPort>"...
H A P T E R Tools This chapter describes how to upload new firmware, manage configuration and restart your ZyXEL Device. 19.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin".
Chapter 19 Tools Table 113 Firmware Upgrade (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.
Chapter 19 Tools Figure 142 Error Message 19.2 Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 143 Configuration 19.2.1 Backup Configuration Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer.
Chapter 19 Tools 19.2.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 114 Maintenance Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find Browse...
Chapter 19 Tools Figure 146 Configuration Restore Error 19.2.3 Back to Factory Defaults Pressing the RESET button in this section clears all user-entered configuration information and returns the ZyXEL Device to its factory defaults. You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device.
H A P T E R Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 20.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 148 Diagnostic: General The following table describes the fields in this screen. Table 115 Diagnostic: General LABEL DESCRIPTION...
Chapter 20 Diagnostic Figure 149 Diagnostic: DSL Line The following table describes the fields in this screen. Table 116 Diagnostic: DSL Line LABEL DESCRIPTION ATM Status Click this button to view ATM status. ATM Loopback Click this button to start the ATM loopback test. Make sure you have configured at Test least one PVC with proper VPIs/VCIs before you begin this test.
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access 21.1 Power, Hardware Connections, and LEDs The ZyXEL Device does not turn on.
Chapter 21 Troubleshooting 21.2 ZyXEL Device Access and Login I forgot the IP address for the ZyXEL Device. • The default IP address is 192.168.1.1. 6 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer.
Chapter 21 Troubleshooting 5 Reset the device to its factory defaults, and try to access the ZyXEL Device with the default IP address. See Section 2.3 on page 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.
Page 262
Chapter 21 Troubleshooting 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.4 on page 2 If your ISP gave you Internet connection information, make sure you entered it correctly in the Network >...
P P E N D I X Product Specifications and Wall Mounting Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features.M4 Table 117 Hardware Specifications Dimensions (W x D x H) 180 x 128 x 36 mm Power Specification 12V AC 1A Built-in Switch...
Page 266
Appendix A Product Specifications and Wall Mounting Table 118 Firmware Specifications FEATURE DESCRIPTION Configuration Backup & Make a copy of the ZyXEL Device’s configuration. You can put it back on Restoration the ZyXEL Device later if you decide to revert back to an earlier configuration.
Appendix A Product Specifications and Wall Mounting Table 118 Firmware Specifications FEATURE DESCRIPTION Any IP The Any IP feature allows one computer to connect to the ZyXEL Device (and then to other computers) when their IP addresses are in different subnets.
Page 268
Appendix A Product Specifications and Wall Mounting Table 120 Standards Supported (continued) STANDARD DESCRIPTION RFC 1305 Network Time Protocol (NTP version 3) RFC 1441 SNMPv2 Simple Network Management Protocol version 2 RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 RFC 1631 IP Network Address Translator (NAT) RFC 1661...
Appendix A Product Specifications and Wall Mounting Wall-mounting Instructions Complete the following steps to hang your ZyXEL Device on a wall. See the Hardware Specifications table for the size of screws to use and how far apart to place them. 1 Select a high position on a sturdy wall that is free of obstructions.
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix B Wireless LANs Figure 153 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Appendix B Wireless LANs Figure 154 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference.
Appendix B Wireless LANs Figure 155 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Appendix B Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver.
Appendix B Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
Appendix B Wireless LANs Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Page 278
Appendix B Wireless LANs For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.
Appendix B Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen.
Page 280
Appendix B Wireless LANs Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP.
Appendix B Wireless LANs Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client.
Appendix B Wireless LANs 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys.
Appendix B Wireless LANs Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN.
Page 284
Appendix B Wireless LANs Positioning Antennas In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. For omni-directional antennas mounted on a table, desk, and so on, point the antenna up.
P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Appendix C Setting up Your Computer’s IP Address Figure 158 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Appendix C Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. •...
Appendix C Setting up Your Computer’s IP Address Figure 160 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Appendix C Setting up Your Computer’s IP Address Figure 161 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 162 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-660HW-Dx User’s Guide...
Appendix C Setting up Your Computer’s IP Address Figure 163 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 164 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Appendix C Setting up Your Computer’s IP Address Figure 165 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Appendix C Setting up Your Computer’s IP Address Figure 166 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Appendix C Setting up Your Computer’s IP Address Figure 167 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.
Appendix C Setting up Your Computer’s IP Address Figure 168 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 169 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: •...
Appendix C Setting up Your Computer’s IP Address • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel.
Appendix C Setting up Your Computer’s IP Address Figure 171 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Appendix C Setting up Your Computer’s IP Address Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Appendix C Setting up Your Computer’s IP Address • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Appendix C Setting up Your Computer’s IP Address Figure 176 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter in the field. Type static BOOTPROTO= = followed by the IP address (in dotted decimal notation) and type IPADDR NETMASK...
Appendix C Setting up Your Computer’s IP Address Verifying Settings Enter in a terminal screen to check your TCP/IP properties. ifconfig Figure 180 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1...
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Appendix D IP Addresses and Subnetting Figure 181 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Appendix D IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 126 Subnet Masks BINARY DECIMAL 4TH OCTET OCTET...
Appendix D IP Addresses and Subnetting Table 128 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.192 1100 0000 255.255.255.224 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Appendix D IP Addresses and Subnetting Figure 183 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Appendix D IP Addresses and Subnetting Table 133 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 134 24-bit Network Number Subnet Planning NO.
Appendix D IP Addresses and Subnetting Table 135 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
P P E N D I X Firewall Commands The following describes the firewall commands. Table 136 Firewall Commands FUNCTION COMMAND DESCRIPTION Firewall SetUp This command turns the firewall on or off. config edit firewall active <yes | no> This command returns the previously saved config retrieve firewall firewall settings.
Page 310
Appendix E Firewall Commands Table 136 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION Edit E-mail This command sets the IP address to which config edit firewall e-mail the e-mail messages are sent. mail-server <ip address of mail server> This command sets the source e-mail config edit firewall e-mail address of the firewall e-mails.
Page 311
Appendix E Firewall Commands Table 136 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets the threshold rate of new config edit firewall attack half-open sessions per minute where the minute-high <0-255> ZyXEL Device starts deleting old half-opened sessions until it gets them down to the minute-low threshold.
Page 312
Appendix E Firewall Commands Table 136 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets how long ZyXEL Device Config edit firewall set <set lets an inactive TCP connection remain open #> tcp-idle-timeout <seconds> before considering it closed. This command sets whether or not the ZyXEL Config edit firewall set <set Device creates logs for packets that match #>...
Page 313
Appendix E Firewall Commands Table 136 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets the rule to have the config edit firewall set <set ZyXEL Device check for traffic with this #> rule <rule #> destaddr- individual destination address. single <ip address>...
Page 314
Appendix E Firewall Commands Table 136 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command removes the specified rule in a config delete firewall set firewall configuration set. <set #> rule<rule #> P-660HW-Dx User’s Guide...
P P E N D I X Internal SPTGEN This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices.
Appendix F Internal SPTGEN DO NOT alter or delete any field except parameters in the Input column. This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space.
Appendix F Internal SPTGEN Figure 187 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp>...
Appendix F Internal SPTGEN Example Internal SPTGEN Menus This section provides example Internal SPTGEN menus. Table 137 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number Field Name Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device.
Page 319
Appendix F Internal SPTGEN Table 139 Menu 3 / Menu 3.2 TCP/IP and DHCP Ethernet Setup INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> 30200002 = Client IP Pool Starting Address 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server...
Appendix F Internal SPTGEN Table 139 Menu 3 30201008 = IP Alias #1 Incoming protocol filters = 256 Set 3 30201009 = IP Alias #1 Incoming protocol filters = 256 Set 4 30201010 = IP Alias #1 Outgoing protocol filters = 256 Set 1 30201011 =...
Page 321
Appendix F Internal SPTGEN Table 140 Menu 4 Internet Access Setup (continued) 40000001 = <0(No) | 1(Yes)> 40000002 = Active <0(No) | 1(Yes)> 40000003 = ISP's Name = ChangeMe 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> 40000005 = Multiplexing <1(LLC-based)
Appendix F Internal SPTGEN Table 140 Menu 4 Internet Access Setup (continued) 40000031= RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> 40000033= Nailed-up Connection <0(No) |1(Yes)> Table 141 Menu 12 / Menu 12.1.1 IP Static Route Setup INPUT 120101001 =...
Page 323
Appendix F Internal SPTGEN Table 142 Menu 15 SUA Server Setup (continued) 150000004 = SUA Server #2 Port Start 150000005 = SUA Server #2 Port End 150000006 = SUA Server #2 Local IP address = 0.0.0.0 150000007 = SUA Server #3 Active <0(No) | 1(Yes)>...
Appendix F Internal SPTGEN Table 142 Menu 15 SUA Server Setup (continued) 150000038 = SUA Server #9 Protocol <0(All)|6(TCP)|17(U DP)> 150000039 = SUA Server #9 Port Start 150000040 = SUA Server #9 Port End 150000041 = SUA Server #9 Local IP address = 0.0.0.0 150000042 = SUA Server #10 Active...
Appendix F Internal SPTGEN Table 143 Menu 21.1 Filter Set #1 (continued) 210101009 = IP Filter Set 1,Rule 1 Src Subnet Mask 210101010 = IP Filter Set 1,Rule 1 Src Port 210101011 = IP Filter Set 1,Rule 1 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4(...
Page 326
Appendix F Internal SPTGEN Table 144 Menu 21.1 Filer Set #2, (continued) INPUT 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/ IP)> 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> 210201003 = IP Filter Set 2, Rule 1 Protocol 210201004 = IP Filter Set 2, Rule 1 Dest IP = 0.0.0.0...
Appendix F Internal SPTGEN Table 144 Menu 21.1 Filer Set #2, (continued) 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask 210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port <0(none)|1(equal)| Comp 2(not...
P P E N D I X Command Interpreter The following describes how to use the command interpreter. You can telnet to access the CLI (Command Line Interface) on the ZyXEL Device. See the included disk or zyxel.com for more detailed information on these commands. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
Page 332
Appendix G Command Interpreter P-660HW-Dx User’s Guide...
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Appendix H Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 190 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Appendix H Pop-up Windows, JavaScripts and Java Permissions Figure 191 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 192 Pop-up Blocker Settings P-660HW-Dx User’s Guide...
Appendix H Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Appendix H Pop-up Windows, JavaScripts and Java Permissions Figure 194 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Appendix H Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 196 Java (Sun) P-660HW-Dx User’s Guide...
P P E N D I X NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Appendix I NetBIOS Filter Commands The filter types and their default settings are as follows. Table 148 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN This field displays whether NetBIOS packets are blocked or forwarded Block and WAN between the LAN and the WAN. IPSec Packets This field displays whether NetBIOS packets sent through a VPN Forward connection are blocked or forwarded.
P P E N D I X Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals.
Appendix J Splitters and Microfilters 2 Connect a cable from the wall jack to the “wall side” of the microfilter. 3 Connect the “phone side” of the microfilter to your telephone as shown in the following figure. 4 After you are done, make sure that your telephone works. If your telephone does not work, disconnect the microfilter and contact either your local telephone company or the provider of the microfilter.
Appendix J Splitters and Microfilters ZyXEL Device With ISDN This section relates to people who use their ZyXEL Device with ADSL over ISDN (digital telephone service) only. The following is an example installation for the ZyXEL Device with ISDN. Figure 200 ZyXEL Device with ISDN P-660HW-Dx User’s Guide...
Page 344
Appendix J Splitters and Microfilters P-660HW-Dx User’s Guide...
P P E N D I X Triangle Route The Ideal Setup When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks.
Appendix K Triangle Route Figure 202 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 348
Appendix L Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.
Appendix L Legal Information 3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
Page 350
Appendix L Legal Information P-660HW-Dx User’s Guide...
Page 352
Appendix M Customer Support • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk • Telephone: +45-39-55-07-00 • Fax: +45-39-55-07-07 • Web: www.zyxel.dk • Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark Finland •...
Page 353
Appendix M Customer Support India • Support E-mail: support@zyxel.in • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan •...
Page 354
Appendix M Customer Support • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no • Telephone: +47-22-80-61-80 • Fax: +47-22-80-61-81 • Web: www.zyxel.no • Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway Poland •...
Page 356
Appendix M Customer Support P-660HW-Dx User’s Guide...
Page 357
Index Index backup gateway backup settings backup type AAL5 bandwidth access point budget see AP bandwidth management 67, 187 Address Resolution Protocol bandwidth manager see ARP class configuration ADSL monitor standards summary ADSL line Basic Service Set, See BSS reinitialize Basic wireless security ADSL standards blocking time...
Page 358
Index see CBR copyright EAP Authentication CTS (Clear to Send) ECHO custom ports E-Mail creating / editing e-mail customer support log example customized services Encapsulated Routing Link Protocol see ENET ENCAP encapsulation 75, 76 PPP over Ethernet PPPoA RFC 1483 encryption 107, 110, 280 date and time settings...
Page 359
Index rule logic See IANA rule security ramifications see IANA services Internet Control Message Protocol types see ICMP when to use Internet Group Multicast Protocol firmware 33, 251 see IGMP upgrade IP address 95, 134, 135, 136, 265 upload IP address assignment upload error ENET ENCAP fragmentation threshold...
Page 360
Index using the command interface. See command interface. maximize bandwidth usage packet filtering Maximum Burst Size when to use see MBS packet filtering firewalls max-incomplete high Pairwise Master Key (PMK) 280, 282 max-incomplete low 78, 83, 88 79, 83, 88 Peak Cell Rate media access control see PCR...
Page 361
Index remote management limitations setup, general reset Single User Account see SUA reset button resetting the ZyXEL device restart 251, 255 SIP application layer gateway restore configuration SMTP restore settings smurf RFC 1483 SNMP 134, 207 RFC 1631 manager RFC-1483 MIBs RFC-2364 source address...
Page 362
Index temperature see VC Temporal Key Integrity Protocol (TKIP) Virtual Path Identifier see VPI TFTP restrictions Voice over IP three-way handshake see VoIP threshold values VoIP time and date settings timeout tools traceroute trademarks traffic redirect 89, 91, 267 traffic shaping wall-mounting transmission rates triangle route...
Page 363
Index user authentication vs WPA2-PSK wireless client supplicant with RADIUS application example WPA2-Pre-Shared Key WPA2-PSK 279, 280 application example WPA-PSK 279, 280 application example zero configuration Internet access ZyXEL’s firewall introduction P-660HW-Dx User’s Guide...