Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate. P-660HN-F1 User’s Guide...
Syntax Conventions • The P-660HN-F1 may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5
Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch P-660HN-F1 User’s Guide...
• Antenna Warning! This device meets ETSI and FCC certification requirements when ntenna(s). using the included antenna(s). Only use the included a • This device is for indoor use only (utilisation intérieure exclusivement). This product is recyclable. Dispose of it properly. P-660HN-F1 User’s Guide...
2.1 Overview ..........................39 2.1.1 Accessing the Web Configurator ................39 2.2 Web Configurator Main Screen ................... 41 2.2.1 Title Bar ........................41 2.2.2 Navigation Panel ......................42 2.2.3 Main Window ......................44 2.2.4 Status Bar ........................44 P-660HN-F1 User’s Guide...
Page 12
5.3.2 Configuring More Connections Advanced Setup ............79 5.4 The WAN Backup Setup Screen ..................80 5.5 WAN Technical Reference ....................82 5.5.1 Encapsulation ......................82 5.5.2 Multiplexing ........................ 83 5.5.3 VPI and VCI ....................... 83 5.5.4 IP Address Assignment ....................84 P-660HN-F1 User’s Guide...
Page 13
7.2.1 No Security ....................... 108 7.2.2 WEP Encryption ....................... 109 7.2.3 WPA(2)-PSK ......................110 7.2.4 WPA(2) Authentication ....................111 7.2.5 Wireless LAN Advanced Setup .................113 7.2.6 MAC Filter ......................114 7.3 The More AP Screen ......................115 7.3.1 More AP Edit ......................116 P-660HN-F1 User’s Guide...
Page 14
8.6.5 NAT Mapping Types ....................146 Part IV: Security ................... 149 Chapter 9 Firewalls..........................151 9.1 Overview ..........................151 9.1.1 What You Can Do in the Firewall Screens ............... 151 9.1.2 What You Need to Know About Firewall ..............152 P-660HN-F1 User’s Guide...
Page 16
14.1.3 802.1Q/1P Example ....................218 14.2 The 802.1Q/1P Group Setting Screen ................221 14.2.1 Editing 802.1Q/1P Group Setting ................223 14.3 The 802.1Q/1P Port Setting Screen ................224 Chapter 15 Quality of Service (QoS)....................... 227 15.1 Overview .......................... 227 P-660HN-F1 User’s Guide...
Page 17
Chapter 18 Universal Plug-and-Play (UPnP)..................257 18.1 Overview .......................... 257 18.1.1 What You Can Do in the UPnP Screen ..............257 18.1.2 What You Need to Know About UPnP ..............257 18.2 The UPnP Screen ......................258 P-660HN-F1 User’s Guide...
Page 18
21.4 The Restart Screen ......................299 Chapter 22 Diagnostic..........................301 22.1 Overview .......................... 301 22.1.1 What You Can Do in the Diagnostic Screens ............301 22.2 The General Diagnostic Screen ..................301 22.3 The DSL Line Diagnostic Screen ..................302 P-660HN-F1 User’s Guide...
Page 19
Appendix B Pop-up Windows, JavaScript and Java Permissions ........343 Appendix C IP Addresses and Subnetting ................351 Appendix D Wireless LANs ....................359 Appendix E Services ......................373 Appendix F Internal SPTGEN....................377 Appendix G Legal Information....................401 Appendix H Customer Support..................... 405 Index............................411 P-660HN-F1 User’s Guide...
Page 20
Table of Contents P-660HN-F1 User’s Guide...
Page 24
Figure 163 Internet Connection Status ....................265 Figure 164 Network Connections ......................266 Figure 165 Network Connections: My Network Places ................ 267 Figure 166 Network Connections: My Network Places: Properties: Example ........267 Figure 167 Maintenance > System > General ..................272 P-660HN-F1 User’s Guide...
Page 25
Figure 206 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties ........334 Figure 207 Macintosh OS 8/9: Apple Menu ..................335 Figure 208 Macintosh OS 8/9: TCP/IP ....................335 Figure 209 Macintosh OS X: Apple Menu .................... 336 Figure 210 Macintosh OS X: Network ....................337 P-660HN-F1 User’s Guide...
Page 26
Figure 240 Invalid Parameter Entered: Command Line Example ............378 Figure 241 Valid Parameter Entered: Command Line Example ............378 Figure 242 Internal SPTGEN FTP Download Example ................ 379 Figure 243 Internal SPTGEN FTP Upload Example ................379 P-660HN-F1 User’s Guide...
• “N” denotes 802.11n draft 2.0. The “N” models support 802.11n wireless connection mode. • Models ending in “1”, for example P-660HN-F1, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3”...
1.4.1 Internet Access Your ZyXEL Device provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack. Computers can connect to the ZyXEL Device’s LAN ports (or wirelessly). P-660HN-F1 User’s Guide...
The ZyXEL Device is receiving power and ready for use. Blinking The ZyXEL Device is self-testing. The ZyXEL Device detected an error while self-testing, or there is a device malfunction. The ZyXEL Device is not receiving power. P-660HN-F1 User’s Guide...
You can use the WPS WLAN ON/OFF button ( ) on the top of the device to turn the wireless LAN off or on. You can also use it to activate WPS in order to quickly set up a wireless network with strong security. P-660HN-F1 User’s Guide...
WLAN/WPS LED should flash while the ZyXEL Device sets up a WPS connection with the wireless device. You must activate WPS in the ZyXEL Device and in another wireless device within two minutes of each other. See Section 7.9.8 on page 128 for more information. P-660HN-F1 User’s Guide...
ZyXEL Device, type the admin password (1234 by default) in the password screen and click Login. Click Cancel to revert to the default user password in the password field. If you have changed the password, enter your password and click Login. P-660HN-F1 User’s Guide...
Click Apply to create a specific certificate for the device using your computer’s MAC address. For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. P-660HN-F1 User’s Guide...
As illustrated above, the main screen is divided into these parts: • A - title bar • B - navigation panel • C - main window • D - status bar 2.2.1 Title Bar The title bar provides some icons in the upper right corner. P-660HN-F1 User’s Guide...
Use this screen to configure the dates/times to enable or disable the wireless LAN. General Use this screen to enable NAT. Port Forwarding Use this screen to make your local servers visible to the outside world. Use this screen to enable or disable SIP ALG. Security P-660HN-F1 User’s Guide...
Page 43
Use this screen to configure through which interface(s) and from which IP address(es) users can send DNS queries to the ZyXEL Device. ICMP Use this screen to set whether or not your device will respond to pings and probes for services that you have not made available. P-660HN-F1 User’s Guide...
Right after you log in, the Status screen is displayed. See Chapter 3 on page 45 for more information about the Status screen. 2.2.4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated. P-660HN-F1 User’s Guide...
Figure 7 Status Screen Each field is described in the following table. Table 4 Status Screen LABEL DESCRIPTION Refresh Interval Enter how often you want the ZyXEL Device to update this screen. Apply Click this to update this screen immediately. P-660HN-F1 User’s Guide...
Page 46
This displays the type of security mode the ZyXEL Device is using in the wireless LAN. This displays whether WPS is activated. Click this to go to the screen where you can configure the settings. Status This displays whether WLAN is activated. Security P-660HN-F1 User’s Guide...
Page 47
Click this link to display the MAC address(es) of the wireless stations that are currently associating with the ZyXEL Device. See Section 3.4 on page Packet Click this link to view port status and packet specific statistics. See Section 3.5 on Statistics page P-660HN-F1 User’s Guide...
3.5 Packet Statistics Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Click Status > Packet Statistics to access this screen. P-660HN-F1 User’s Guide...
This field displays the number of packets received on this port. Errors This field displays the number of error packets on this port. Tx B/s This field displays the number of bytes transmitted in the last second. P-660HN-F1 User’s Guide...
ZyXEL Device. MAC Address This field displays the MAC address of the computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device. Refresh Click this to update this screen. P-660HN-F1 User’s Guide...
Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to go to the wizards. Figure 11 Select a Mode 2 Click INTERNET/WIRELESS SETUP to configure the system for Internet access and wireless connection. P-660HN-F1 User’s Guide...
3b The following screen displays if a PPPoE or PPPoA connection is detected. Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Then click Next and see Section 4.3 on page 60 wireless connection wizard setup. P-660HN-F1 User’s Guide...
1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen exactly as your service provider gave it to you. Leave the defaults in any fields for which you were not given information. P-660HN-F1 User’s Guide...
Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. The next wizard screen you see depends on what protocol you chose above. Exit Click this to close the wizard screen without saving. P-660HN-F1 User’s Guide...
Type the name of your PPPoE service here. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 18 Internet Connection with RFC 1483 P-660HN-F1 User’s Guide...
Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP Server clients along with the IP address and the subnet mask. Second DNS As above. Server Back Click this to return to the previous screen without saving. P-660HN-F1 User’s Guide...
• If the user name and/or password you entered for PPPoE or PPPoA connection are not correct, the screen displays as shown next. Click Back to Username and Password setup to go back to the screen where you can modify them. P-660HN-F1 User’s Guide...
4.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. P-660HN-F1 User’s Guide...
Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. 3 Configure your wireless settings in this screen. Click Next. P-660HN-F1 User’s Guide...
WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) for wireless communication. 4 This screen varies depending on the security mode you selected in the previous screen. Fill in the field (if available) and click Next. P-660HN-F1 User’s Guide...
Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. 4.3.2 Manually Assign a WEP Key Choose Manually assign a WEP key to setup WEP Encryption parameters. Figure 27 Manually Assign a WEP key P-660HN-F1 User’s Guide...
6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. No wireless LAN settings display if you chose not to configure wireless LAN settings. P-660HN-F1 User’s Guide...
Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. P-660HN-F1 User’s Guide...
Page 66
Chapter 4 Internet and Wireless Setup Wizard P-660HN-F1 User’s Guide...
To set up a WAN connection to the Internet, you need to use the same encapsulation method used by your ISP (Internet Service Provider). If your ISP offers a dial-up Internet connection using PPPoE (PPP over Ethernet) or PPPoA, they should also provide a username and password (and service name) for user authentication. P-660HN-F1 User’s Guide...
Get this information from your ISP. 5.2 The Internet Access Setup Screen Use this screen to change your ZyXEL Device’s WAN settings. Click Network > WAN > Internet Access Setup. The screen differs by the WAN type and encapsulation you select. P-660HN-F1 User’s Guide...
Use Multi Mode if you are not sure which mode to choose from. The ZyXEL Device dynamically diagnoses the mode supported by the ISP and selects the best compatible one for your connection. Other options are ADSL G.dmt, ADSL2, ADSL2+, ADSL2 AnnexM, ADSL2+ AnnexM, READSL2 Mode and ANSI T1.413. General P-660HN-F1 User’s Guide...
Page 72
DNS server on your LAN, or else the computers must have their DNS server addresses manually configured. If you do not configure a DNS server, you must know the IP address of a computer in order to access it. Connection (PPPoA and PPPoE encapsulation only) P-660HN-F1 User’s Guide...
Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the Internet Access Setup screen. The screen appears as shown. Figure 32 Network > WAN > Internet Access Setup: Advanced Setup P-660HN-F1 User’s Guide...
Enter the MTU in this field. For ENET ENCAP, the MTU value is 1500. For PPPoE, the MTU value is 1492. For PPPoA and RFC 1483, the MTU is 65535. Packet Filter Incoming Filter Sets P-660HN-F1 User’s Guide...
Connections. The screen differs by the encapsulation you select. When you use the WAN > Internet Access Setup screen to set up Internet access, you are configuring the first WAN connection. Figure 33 Network > WAN > More Connections P-660HN-F1 User’s Guide...
Click this to save your changes. Cancel Click this to restore your previously saved settings. 5.3.1 More Connections Edit Use this screen to configure a connection. Click the edit icon in the More Connections screen to display the following screen. P-660HN-F1 User’s Guide...
Choices vary depending on the mode you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. P-660HN-F1 User’s Guide...
Page 78
Select SUA Only if you have one public IP address and want to use NAT. Click Edit Detail to go to the Port Forwarding screen to edit a server mapping set. Otherwise, select None to disable NAT. Back Click this to return to the previous screen without saving. P-660HN-F1 User’s Guide...
Select the RIP version from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports IGMP-v1, IGMP-v2 and IGMP-v3. Select None to disable it. ATM QoS P-660HN-F1 User’s Guide...
Click this to save your changes. Cancel Click this to restore your previously saved settings. 5.4 The WAN Backup Setup Screen Use this screen to configure your ZyXEL Device’s WAN backup. Click Network > WAN > WAN Backup Setup. P-660HN-F1 User’s Guide...
The WAN connection is considered "down" after the ZyXEL Device times out the number of times specified in the Fail Tolerance field. Use a higher value in this field if your network is busy or congested. P-660HN-F1 User’s Guide...
(DSL, cable, wireless, etc.) connection. The PPPoE option is for a dial-up connection using PPPoE. For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example RADIUS). P-660HN-F1 User’s Guide...
The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Please see the appendix for more information. P-660HN-F1 User’s Guide...
"1" for directly connected networks. The number must be between "1" and "15"; a number greater than "15" means the link is down. The smaller the number, the lower the "cost". P-660HN-F1 User’s Guide...
If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate. The following figure illustrates the relationship between PCR, SCR and MBS. Figure 37 Example of Traffic Shaping P-660HN-F1 User’s Guide...
An example application is background file transfer. 5.8 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below. P-660HN-F1 User’s Guide...
6.1.2 What You Need To Know About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. P-660HN-F1 User’s Guide...
Follow these steps to configure your LAN settings. 1 Enter an IP address into the IP Address field. The IP address must be in dotted decimal notation. This will become the IP address of your ZyXEL Device. P-660HN-F1 User’s Guide...
6.2.1 The Advanced LAN IP Setup Screen Use this screen to edit your ZyXEL Device's RIP, multicast, Any IP and Windows Networking settings. Click the Advanced Setup button in the LAN IP screen. The screen appears as shown. P-660HN-F1 User’s Guide...
PPPoE or PPTP, NetBIOS packets cause unwanted calls. However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN. P-660HN-F1 User’s Guide...
Click this to restore your previously saved settings. 6.3 The DHCP Setup Screen Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Click Network > DHCP Setup to open this screen. P-660HN-F1 User’s Guide...
If Relay is selected in the DHCP field above then enter the IP address of the Server actual remote DHCP server here. DNS Server DNS Servers The ZyXEL Device passes a DNS (Domain Name System) server IP address to Assigned by DHCP the DHCP clients. Server P-660HN-F1 User’s Guide...
00:A0:C5:00:00:02. Use this screen to change your ZyXEL Device’s static DHCP settings. Click Network > LAN > Client List to open the following screen. Figure 43 Network > LAN > Client List P-660HN-F1 User’s Guide...
When you use IP alias, you can also configure firewall rules to control access between the LAN's logical networks (subnets). Make sure that the subnets of the logical networks do not overlap. The following figure shows a LAN divided into subnets A, B, and C. P-660HN-F1 User’s Guide...
Alternatively, click the right mouse button to copy and/or paste the IP address. IP Subnet Mask Your ZyXEL Device will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the ZyXEL Device. P-660HN-F1 User’s Guide...
The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 46 LAN and WAN IP Addresses P-660HN-F1 User’s Guide...
DHCP client capability. IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. P-660HN-F1 User’s Guide...
Page 100
Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, “Address Allocation for Private Internets” and RFC 1466, “Guidelines for Management of IP Address Space”. P-660HN-F1 User’s Guide...
After that, the ZyXEL Device periodically updates this information. IP multicasting can be enabled/disabled on the ZyXEL Device LAN and/or WAN interfaces in the web configurator (LAN; WAN). Select None to disable IP multicasting on these interfaces. P-660HN-F1 User’s Guide...
Media Access Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the ZyXEL Device) to decide which hop to use, to help forward data along to its specified destination. P-660HN-F1 User’s Guide...
Page 103
IP routing table so it can properly forward packets intended for the computer. After all the routing information is updated, the computer can access the ZyXEL Device and the Internet as if it is in the same subnet as the ZyXEL Device. P-660HN-F1 User’s Guide...
Page 104
Chapter 6 LAN Setup P-660HN-F1 User’s Guide...
You don’t necessarily need to use all these screens to set up your wireless connection. For example, you may just want to set up a network name, a wireless radio channel and security in the AP screen. P-660HN-F1 User’s Guide...
• What advanced options do you want to configure, if any? If you want to configure advanced options such as Quality of Service, ensure that you know precisely what you want to do. If you do not want to configure advanced options, leave them as they are. P-660HN-F1 User’s Guide...
20 MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300 Mbps. Because not all devices support 40 MHz channels, select Auto 20/40MHz to allow the ZyXEL Device to adjust the channel bandwidth automatically. P-660HN-F1 User’s Guide...
WLAN setup. 7.2.1 No Security In the Network > Wireless LAN > AP screen, select No Security from the Security Mode list to allow wireless devices to communicate with the ZyXEL Device without any data encryption or authentication. P-660HN-F1 User’s Guide...
WPA2-PSK if all your wireless devices support it, or use WPA or WPA2 if your wireless devices support it and you have a RADIUS server. If your wireless devices support nothing stronger than WEP, use the highest encryption level available. P-660HN-F1 User’s Guide...
10 or 26 hexadecimal characters ("0-9", "A-F") for a 64-bit or 128-bit WEP key respectively. 7.2.3 WPA(2)-PSK Use this screen to configure and enable WPA(2)-PSK authentication. Click Network > Wireless LAN to display the AP screen. Select WPA-PSK, WPA2-PSK or WPAPSKMixed from the Security Mode list. P-660HN-F1 User’s Guide...
7.2.4 WPA(2) Authentication Use this screen to configure and enable WPA or WPA2 authentication. Click the Wireless LAN link under Network to display the AP screen. Select WPA, WPA2 or WPAMixed from the Security Mode list. P-660HN-F1 User’s Guide...
The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour). P-660HN-F1 User’s Guide...
Use this screen to configure advanced wireless settings. Click the Advanced Setup button in the AP screen. The screen appears as shown. Section 7.9.2 on page 123 for detailed definitions of the terms listed in this screen. Figure 53 Network > Wireless LAN > AP: Advanced Setup P-660HN-F1 User’s Guide...
7.2.6 MAC Filter Use this screen to change your ZyXEL Device’s MAC filter settings. Click the Edit button in the AP screen. The screen appears as shown. Figure 54 Network > Wireless LAN > AP: MAC Address Filter P-660HN-F1 User’s Guide...
The following table describes the labels in this screen. Table 35 Network > Wireless LAN > More AP LABEL DESCRIPTION This is the index number of each SSID profile. Active Select the check box to activate an SSID profile. P-660HN-F1 User’s Guide...
Security Mode Section 7.2 on page 107 for more details about this field. MAC Filter This shows whether the wireless devices with the MAC addresses listed are allowed or denied to access the ZyXEL Device using this SSID. P-660HN-F1 User’s Guide...
This displays Unconfigured if WPS is disabled and there is no wireless or wireless security changes on the ZyXEL Device or you click Release_Configuration to remove the configured wireless and wireless security settings. P-660HN-F1 User’s Guide...
You can find the PIN either on the outside of the device, or by checking the device’s settings. Note: You must also activate WPS on that device within two minutes to have it present its PIN to the ZyXEL Device. P-660HN-F1 User’s Guide...
At the time of writing, WDS is compatible with other ZyXEL APs only. Not all models support WDS links. Check your other AP’s documentation. Click Network > Wireless LAN > WDS. The following screen displays. Figure 59 Network > Wireless LAN > WDS P-660HN-F1 User’s Guide...
IEEE 802.1Q or DSCP information in their headers. If a packet has no WMM information in its header, it is assigned the default priority. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
This section discusses wireless LANs in depth. For more information, see the appendix. 7.9.1 Wireless Network Overview Wireless networks consist of wireless clients, access points and bridges. • A wireless client is a radio connected to a user’s computer. P-660HN-F1 User’s Guide...
• Every device in the same wireless network must use security compatible with the AP. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. P-660HN-F1 User’s Guide...
It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly. IGMP snooping allows the ZyXEL Device to learn multicast groups without you having to manually configure them. P-660HN-F1 User’s Guide...
MAC address. A MAC address is usually written using twelve hexadecimal characters ; for example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each device in the wireless network, see the device’s User’s Guide or other documentation. P-660HN-F1 User’s Guide...
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. P-660HN-F1 User’s Guide...
A and B can access the wired network and communicate with each other. When Intra-BSS traffic blocking is enabled, wireless station A and B can still access the wired network but cannot communicate with each other. P-660HN-F1 User’s Guide...
Once the security settings of peer sides match one another, the connection between devices is made. At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details. P-660HN-F1 User’s Guide...
(SSID) and security key through an secure connection to the enrollee. If you need to make sure that WPS worked, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. P-660HN-F1 User’s Guide...
Page 129
If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. P-660HN-F1 User’s Guide...
If not, it generates the SSID and WPA(2)-PSK randomly. The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. P-660HN-F1 User’s Guide...
When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information. P-660HN-F1 User’s Guide...
In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. P-660HN-F1 User’s Guide...
WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a possible way for a hacker to gain access to a network. P-660HN-F1 User’s Guide...
Page 134
Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. P-660HN-F1 User’s Guide...
IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side. P-660HN-F1 User’s Guide...
Use this screen to activate NAT. Click Network > NAT to open the following screen. You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. Figure 70 Network > NAT > General P-660HN-F1 User’s Guide...
You can allocate a server IP address that corresponds to a port or a range of ports. The most often used port numbers and services are shown in Appendix E on page 373. Please refer to RFC 1700 for further information about port numbers. P-660HN-F1 User’s Guide...
IP Address assigned by ISP C=192.168.1.35 D=192.168.1.36 8.3.1 Configuring the Port Forwarding Screen Click Network > NAT > Port Forwarding to open the following screen. Appendix E on page 373 for port numbers commonly used for particular services. P-660HN-F1 User’s Guide...
Click this to restore your previously saved settings. 8.3.2 The Port Forwarding Rule Edit Screen Use this screen to edit a port forwarding rule. Click the rule’s edit icon in the Port Forwarding screen to display the screen shown next. P-660HN-F1 User’s Guide...
When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty P-660HN-F1 User’s Guide...
Click the edit icon to go to the screen where you can edit the address mapping rule. Click the delete icon to delete an existing address mapping rule. Note that subsequent address mapping rules move up by one when you take this action. P-660HN-F1 User’s Guide...
Click this link to go to the Port Forwarding screen to edit a port forwarding set that you have selected in the Server Mapping Set field. Back Click this to return to the previous screen without saving. P-660HN-F1 User’s Guide...
IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side. P-660HN-F1 User’s Guide...
Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this. P-660HN-F1 User’s Guide...
Address (ILA) Address (IGA) 192.168.1.11 192.168.1.10 8.6.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the ZyXEL Device can communicate with three distinct WAN networks. P-660HN-F1 User’s Guide...
• Many-to-Many No Overload: In Many-to-Many No Overload mode, the ZyXEL Device maps each local IP address to a unique global IP address. • Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. P-660HN-F1 User’s Guide...
ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 P-660HN-F1 User’s Guide...
• Use the Threshold screen (Section 9.4 on page 163) to set the thresholds that the ZyXEL Device uses to determine when to start dropping sessions that do not become fully established (half-open sessions). P-660HN-F1 User’s Guide...
9.1.3 Firewall Rule Setup Example The following Internet firewall rule example allows a hypothetical “MyService” connection from the Internet. 1 Click Security > Firewall > Rules. 2 Select WAN to LAN in the Packet Direction field. P-660HN-F1 User’s Guide...
Apply. Figure 81 Edit Custom Port Example 7 Select Any in the Destination Address List box and then click Delete. 8 Configure the destination address screen as follows and click Add. P-660HN-F1 User’s Guide...
9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box. P-660HN-F1 User’s Guide...
Figure 83 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. P-660HN-F1 User’s Guide...
Chapter 9 Firewalls Figure 84 Firewall Example: Rules: MyService 9.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 85 Security > Firewall > General P-660HN-F1 User’s Guide...
Click this to restore your previously saved settings. 9.3 The Firewall Rule Screen The ordering of your rules is very important as rules are applied in turn. Refer to Section 9.5 on page 166 for more information. P-660HN-F1 User’s Guide...
(Reject) or allows the passage of packets (Permit). Schedule This field tells you whether a schedule is specified (Yes) or not (No). This field shows you whether a log is created when packets match this rule (Yes) or not (No). P-660HN-F1 User’s Guide...
Use this screen to configure firewall rules. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. P-660HN-F1 User’s Guide...
Figure 87 Security > Firewall > Rules: Edit The following table describes the labels in this screen. Table 54 Security > Firewall > Rules: Edit LABEL DESCRIPTION Edit Rule Active Select this option to enable this firewall rule. P-660HN-F1 User’s Guide...
Page 161
Select the check box to have the ZyXEL Device generate an alert when the rule Message to is matched. Administrator When Matched Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
Click this to return to the Firewall Edit Rule screen. 9.3.3 Configuring a Customized Service Use this screen to add a customized rule or edit an existing rule. Click a rule number in the Firewall Customized Services screen to display the following screen. P-660HN-F1 User’s Guide...
SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. P-660HN-F1 User’s Guide...
9.4.2 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall > Threshold to bring up the next screen. P-660HN-F1 User’s Guide...
For example, if you set the maximum incomplete high to 100, the ZyXEL Device starts deleting half-open sessions when the number of existing half-open sessions rises above 100. It stops deleting half-open sessions when the number of existing half-open sessions drops below the number set as the maximum incomplete low. P-660HN-F1 User’s Guide...
By default, the ZyXEL Device’s stateful packet inspection allows packets traveling in the following directions: • LAN to LAN/ Router These rules specify which computers on the LAN can manage the ZyXEL Device (remote management) and communicate between networks or subnets connected to the LAN interface (IP alias). P-660HN-F1 User’s Guide...
Page 167
These custom rules work by comparing the source IP address, destination IP address and IP protocol type of network traffic to rules set by the administrator. Your customized rules take precedence and override the ZyXEL Device’s default rules. P-660HN-F1 User’s Guide...
When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks. P-660HN-F1 User’s Guide...
Another solution is to use IP alias. IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your ZyXEL Device supports up to three logical LAN interfaces with the ZyXEL Device being the gateway for each logical network. P-660HN-F1 User’s Guide...
3 The reply from the WAN goes to the ZyXEL Device. 4 The ZyXEL Device then sends it to the computer on the LAN in Subnet 1. Figure 94 IP Alias Subnet 1 ISP 1 ISP 2 Subnet 2 P-660HN-F1 User’s Guide...
1 Click Security > Content Filter to display the following screen. 2 Select Active Keyword Blocking. 3 In the Keyword field type keywords to identify websites to be blocked. 4 Click Add Keyword for each keyword to be entered. 5 Click Apply. P-660HN-F1 User’s Guide...
“192.168.1.xxx”. Bob gave his home computer a static IP address of 192.168.1.2 and the study computer a static IP address of 192.168.1.3. To exclude the study computer from keyword blocking he follows these steps. 1 Click Security > Content Filter > Trusted to display the following screen. P-660HN-F1 User’s Guide...
This box contains the list of all the keywords that you have configured the contain these keywords in ZyXEL Device to block. the URL: Delete Highlight a keyword in the box and click this to remove it. P-660HN-F1 User’s Guide...
Select the check box to have the content filtering to be active on the selected day. Start TIme Enter the time when you want the content filtering to take effect in hour-minute format. End Time Enter the time when you want the content filtering to stop in hour-minute format. P-660HN-F1 User’s Guide...
Type the ending IP address of a specific range of users on your LAN that you want to exclude from content filtering. Leave this field blank if you want to exclude an individual computer. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
Section 11.3 on page 183 for technical background information on packet filters. 11.2 The Packet Filter Screen Use this screen to set up packet filters on your ZyXEL Device. Click Security > Packet Filter to display the following screen. P-660HN-F1 User’s Guide...
IP and the upper layer protocol, for example, UDP and TCP headers. In the Packet Filter screen, select Protocol Filter from the Filter Type field. Then click the Edit button from the Modify field to display the following screen. P-660HN-F1 User’s Guide...
Cancel Click this to restore your previously saved settings. 11.2.2 Configuring Protocol Filter Rules Use this screen to configure protocol filter rules. In the Edit (Protocol Filter) screen, click an Edit icon to display the following screen. P-660HN-F1 User’s Guide...
TCP Estab This field is only available when you select TCP in the Protocol field. Select Yes to have the rule match packets that want to establish a TCP connection. This field is ignored if you select No. P-660HN-F1 User’s Guide...
In the Packet Filter screen, select Generic Filter from the Filter Type field. Then click the Edit button from the Modify field to display the following screen. Figure 104 Security > Packet Filter > Edit (Generic Filter) P-660HN-F1 User’s Guide...
Enter the byte count of the data portion in the packet that you wish to compare. The range for this field is 0 to 8. Mask Enter the mask (in hexadecimal notation) to apply to the data portion before comparison. P-660HN-F1 User’s Guide...
The interface can be an Ethernet port or any other hardware port. The following diagram illustrates this. Figure 106 Protocol and Generic Filter Sets Route Incoming Protocol Generic Interface Filters Filters Outgoing P-660HN-F1 User’s Guide...
5 Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. 6 The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. P-660HN-F1 User’s Guide...
(Section 12.4 on page 201) to import self-signed certificates. • Use the Directory Servers screens (Section 12.5 on page 206) to configure a list of addresses of directory servers (that contain lists of valid and revoked certificates). P-660HN-F1 User’s Guide...
This is the ZyXEL Device’s summary list of certificates and certification requests. Certificates display in black and certification requests display in gray. Click Security > Certificates > My Certificates to open the My Certificates screen. Figure 108 My Certificates P-660HN-F1 User’s Guide...
Note that subsequent certificates move up by one when you take this action Create Click this to go to the screen where you can have the ZyXEL Device generate a certificate or a certification request. P-660HN-F1 User’s Guide...
ZyXEL Device. The certificate you import replaces the corresponding request in the My Certificates screen. You must remove any spaces from the certificate’s filename before you can import it. Figure 109 My Certificate Import P-660HN-F1 User’s Guide...
You do not have to fill in every field, although the Common Name is mandatory. The certification authority may add fields (such as a serial number) to the subject information when it issues a certificate. It is recommended that each certificate have unique subject information. P-660HN-F1 User’s Guide...
Page 192
You must have the certification authority’s certificate already imported in the Trusted CAs screen. Click Trusted CAs to go to the Trusted CAs screen where you can view (and manage) the ZyXEL Device's list of certificates of trusted certification authorities. P-660HN-F1 User’s Guide...
ZyXEL Device. Click Security > Certificates > My Certificates to open the My Certificates screen (see Figure 108 on page 188). Click the edit icon to open the My Certificate Details screen. P-660HN-F1 User’s Guide...
This certificates. automatically clears the check box in the details screen of the certificate that was previously set to sign the imported trusted remote host certificates. P-660HN-F1 User’s Guide...
Page 195
Subject Type=CA means that this is a certification authority’s certificate and “Path Length Constraint=1” means that there can only be one certification authority in the certificate’s path. MD5 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the MD5 algorithm. P-660HN-F1 User’s Guide...
ZyXEL Device. Click Security > Certificates > Trusted CAs to open the Trusted CAs screen and then click Import to open the Trusted CA Import screen. You must remove any spaces from the certificate’s filename before you can import the certificate. P-660HN-F1 User’s Guide...
Click Security > Certificates > Trusted CAs to open the Trusted CAs screen. Click the details icon to open the Trusted CA Details screen. P-660HN-F1 User’s Guide...
Certificate Revocation List revocation lists (CRL). (CRLs) Clear this check box to have the ZyXEL Device not check incoming certificates that are issued by this certification authority against a Certificate Revocation List (CRL). P-660HN-F1 User’s Guide...
Page 200
This field displays general information about the certificate. For example, Subject Type=CA means that this is a certification authority’s certificate and “Path Length Constraint=1” means that there can only be one certification authority in the certificate’s path. P-660HN-F1 User’s Guide...
You do not need to add any certificate that is signed by one of the certification authorities on the Trusted CAs screen since the ZyXEL Device automatically accepts any valid certificate signed by a trusted certification authority as being trustworthy. P-660HN-F1 User’s Guide...
Click this to open a screen where you can save the certificate of a remote host (which you trust) from your computer to the ZyXEL Device. Refresh Click this to display the current validity status of the certificates. P-660HN-F1 User’s Guide...
Use this screen to view in-depth information about the trusted remote host’s certificate and/or change the certificate’s name. Click Security > Certificates > Trusted Remote Hosts to open the Trusted Remote Hosts screen. Click the details icon to open the Trusted Remote Host Details screen. P-660HN-F1 User’s Guide...
CA-signed. The ZyXEL Device is the Certification Authority that signed the certificate. X.509 means that this certificate was created and signed according to the ITU-T X.509 recommendation that defines the formats for public-key certificates. P-660HN-F1 User’s Guide...
Page 205
Click this to return to the previous screen without saving. Export Click this and then Save in the File Download screen. The Save As screen opens, browse to the location that you want to use and click Save. P-660HN-F1 User’s Guide...
Address This field displays the IP address or domain name of the directory server. Port This field displays the port number that the directory server uses. Protocol This field displays the protocol that the directory server uses. P-660HN-F1 User’s Guide...
Access Protocol field. You may change the server port number if needed, however you must use the same server port number that the directory server uses. 389 is the default server port number for LDAP. Login Setting P-660HN-F1 User’s Guide...
PKI (Public-Key Infrastructure). Advantages of Certificates Certificates offer the following benefits. • The ZyXEL Device only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate. P-660HN-F1 User’s Guide...
The following procedure describes how to use a certificate’s fingerprint to verify that you have the remote host’s correct certificate. 1 Browse to where you have the remote host’s certificate saved on your computer. 2 Make sure that the certificate has a “.cer” or “.crt” file name extension. P-660HN-F1 User’s Guide...
3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 121 Certificate Details 4 Verify (over the phone for example) that the remote host has the same information in the Thumbprint Algorithm and Thumbprint fields. P-660HN-F1 User’s Guide...
Figure 122 Example of Static Routing Topology 13.1.1 What You Can Do in the Static Route Screens Use the Static Route screens (Section 13.2 on page 214) to view and configure IP static routes on the ZyXEL Device. P-660HN-F1 User’s Guide...
Click the Remove icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
Section 5.3 on page 75 for details on configuring a remote node. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
- they are not confined to the device on which they were created. The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process the frame across the network. P-660HN-F1 User’s Guide...
You want to create high priority for this type of traffic, so you want to group these ports into one VLAN (VLAN2) and then to a PVC (PVC1) where the priority is set to high level of service. You would start with the following steps. P-660HN-F1 User’s Guide...
1 Click Advanced > 802.1Q/1P > Port Setting to display the following screen. 2 Type 2 in the 802.1Q PVID column for LAN1, LAN2 and PVC1. 3 Select 7 from the 802.1P Priority drop-down list box for LAN1, LAN2 and PVC1. 4 Click Apply. P-660HN-F1 User’s Guide...
PVC3 into one VLAN (VLAN4). PVC3 priority is set to medium level of service. Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4. The summary screen should then display as follows. P-660HN-F1 User’s Guide...
Figure 129 Advanced > 802.1Q/1P > Group Setting: Example This completes the 802.1Q/1P setup. 14.2 The 802.1Q/1P Group Setting Screen Use this screen to activate 802.1Q/1P and display the VLAN groups. Click Advanced > 802.1Q/1P to display the following screen. P-660HN-F1 User’s Guide...
T, an untagged port is marked as U and ports not participating in a VLAN are marked as “–“. Modify Click the Edit button to configure the the ports in the VLAN group. Click the Remove button to delete the VLAN group. P-660HN-F1 User’s Guide...
This field displays the types of ports available to join the VLAN group. Control Select Fixed for the port to be a permanent member of the VLAN group. Select Forbidden if you want to prohibit the port from joining the VLAN group. P-660HN-F1 User’s Guide...
This field displays the types of ports available to join the VLAN group. 802.1Q PVID Assign a VLAN ID for the port. The valid VID range is between 1 and 4094. The ZyXEL Device assigns the PVID to untagged frames or priority-tagged frames received on this port. P-660HN-F1 User’s Guide...
Page 225
You may choose a priority level from 0-7, with 0 being the lowest level and 7 being the highest level. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
Class of Service (CoS) is a way of managing traffic in a network by grouping similar types of traffic together and treating each type as a class. You can use CoS to give different priorities to different packet types. P-660HN-F1 User’s Guide...
5. Traffic that does not match these two classes are assigned priority queue based on the internal QoS mapping table on the ZyXEL Device. Figure 133 QoS Example VoIP: Queue 6 50 Mbps Boss: Queue 5 IP=192.168.1.23 P-660HN-F1 User’s Guide...
Section 15.5.4 on page for more information. If you select OFF, traffic which does not match a class is mapped to queue two. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
Click this to restore your previously saved settings. 15.3.1 The Class Configuration Screen Use this screen to configure a classifier. Click the Add button or the Edit icon in the Modify field to display the following screen. P-660HN-F1 User’s Guide...
Select the check box and enter the source IP address in dotted decimal notation. A blank source IP address means any source IP address. Subnet Enter the source subnet mask. Refer to the appendix for more information on IP Netmask subnetting. P-660HN-F1 User’s Guide...
Page 235
Select this option and enter the minimum and maximum packet length (from 28 to 1500) in the fields provided. DSCP Select this option and specify a DSCP (DiffServ Code Point) number between 0 and 63 in the field provided. P-660HN-F1 User’s Guide...
This shows how many packets mapped to this priority queue are transmitted successfully. Drop This shows how many packets mapped to this priority queue are dropped. Poll Interval(s) Enter the time interval for refreshing statistics in this field. P-660HN-F1 User’s Guide...
IP precedence uses three bits of the eight-bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest. P-660HN-F1 User’s Guide...
If you have a private WAN IP address, then you cannot use Dynamic DNS. 16.2 The Dynamic DNS Screen Use this screen to change your ZyXEL Device’s DDNS. Click Advanced > Dynamic DNS. The screen appears as shown. P-660HN-F1 User’s Guide...
Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line. IP Address Update Policy Use WAN IP Select this option to update the IP address of the host name(s) to the WAN IP Address address. P-660HN-F1 User’s Guide...
Page 243
Use specified IP Type the IP address of the host name(s). Use this if you have a static IP address. Address Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
Page 244
Chapter 16 Dynamic DNS Setup P-660HN-F1 User’s Guide...
You may only have one remote management session running at a time. The ZyXEL Device automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows. P-660HN-F1 User’s Guide...
There is a default system management idle timeout of five minutes (three hundred seconds). The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. P-660HN-F1 User’s Guide...
2 HTTP connection requests from a web browser go to port 80 (by default) on the ZyXEL Device’s WS (web server). Figure 144 HTTPS Implementation If you disable the WWW service in the Remote MGMT > WWW screen, then the ZyXEL Device blocks all HTTP connection attempts. P-660HN-F1 User’s Guide...
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service. P-660HN-F1 User’s Guide...
Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
Your ZyXEL Device supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyXEL Device through the network. The ZyXEL Device supports SNMP version one (SNMPv1) and version two (SNMPv2). The next figure illustrates an SNMP management operation. P-660HN-F1 User’s Guide...
Get operation, followed by a series of GetNext operations. • Set - Allows the manager to set values for object variables within an agent. • Trap - Used by the agent to inform the manager of some events. P-660HN-F1 User’s Guide...
A trap is sent with the message of the fatal code if the system reboots because of fatal errors. 17.5.3 Configuring SNMP To change your ZyXEL Device’s SNMP settings, click Advanced > Remote MGMT > SNMP. The screen appears as shown. P-660HN-F1 User’s Guide...
SNMP manager. The default is public and allows all requests. TrapDestination Type the IP address of the station to send your SNMP traps to. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. P-660HN-F1 User’s Guide...
TCP reset packet for a blocked TCP packet (or an ICMP port- unreachable packet for a blocked UDP packets) or just drop the packets without sending a response packet. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. P-660HN-F1 User’s Guide...
ZyXEL Device, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. P-660HN-F1 User’s Guide...
2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Figure 153 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. P-660HN-F1 User’s Guide...
3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 155 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. P-660HN-F1 User’s Guide...
Figure 156 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 157 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. P-660HN-F1 User’s Guide...
1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. Figure 158 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. P-660HN-F1 User’s Guide...
Chapter 18 Universal Plug-and-Play (UPnP) Figure 159 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. P-660HN-F1 User’s Guide...
5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. P-660HN-F1 User’s Guide...
IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. P-660HN-F1 User’s Guide...
Chapter 18 Universal Plug-and-Play (UPnP) Figure 164 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-660HN-F1 User’s Guide...
Figure 165 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 166 Network Connections: My Network Places: Properties: Example P-660HN-F1 User’s Guide...
• In Windows 2000, click Start, Settings, Control Panel and then double-click System. Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name. P-660HN-F1 User’s Guide...
Type your new user password (up to 30 characters). Note that as you type a Password password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the ZyXEL Device. P-660HN-F1 User’s Guide...
Use this screen to configure the ZyXEL Device’s time based on your local time zone. To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Figure 168 Maintenance > System > Time Setting P-660HN-F1 User’s Guide...
Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening. Select this option if you use Daylight Saving Time. P-660HN-F1 User’s Guide...
Page 275
In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1 User’s Guide...
Page 276
Chapter 19 System Settings P-660HN-F1 User’s Guide...
278). Click Maintenance > Logs to open the View Log screen. Entries in red indicate alerts. The log wraps around and deletes the old entries after it fills. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order. P-660HN-F1 User’s Guide...
Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many e- mails being sent. P-660HN-F1 User’s Guide...
Enter the E-mail address where the alert messages will be sent. Alerts include system errors, attacks and attempted access to blocked web sites. If this field is left blank, alert messages will not be sent via E-mail. P-660HN-F1 User’s Guide...
-1 means ZyXEL Device out of socket -2 means tcp SYN fail -3 means smtp server OK fail -4 means HELO fail -5 means MAIL FROM fail -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail P-660HN-F1 User’s Guide...
Someone has logged on to the router's web configurator Successful WEB login interface. Someone has failed to log on to the router's web configurator WEB login failed interface. Someone has logged on to the router via telnet. Successful TELNET login P-660HN-F1 User’s Guide...
The router failed to allocate memory for the NetBIOS filter setNetBIOSFilter: calloc settings. error The router failed to allocate memory for the NetBIOS filter readNetBIOSFilter: calloc settings. error A WAN connection is down. You cannot access the network WAN connection is down. through this interface. P-660HN-F1 User’s Guide...
TOS (firewall dynamic sessions) until incomplete connections < “Maximum Incomplete Low”. The router sends a TCP RST packet and generates this log if you Access block, sent TCP turn on the firewall TCP reset mechanism (via CI command: "sys firewall tcprst"). P-660HN-F1 User’s Guide...
LOG MESSAGE DESCRIPTION The PPP connection’s Link Control Protocol stage has started. ppp:LCP Starting The PPP connection’s Link Control Protocol stage is opening. ppp:LCP Opening The PPP connection’s Challenge Handshake Authentication Protocol stage is ppp:CHAP Opening opening. P-660HN-F1 User’s Guide...
ACL set for packets traveling from the LAN to the LAN or ZyXEL Device the ZyXEL Device. (W to W/ZyXEL WAN to WAN/ ACL set for packets traveling from the WAN to the WAN Device) ZyXEL Device or the ZyXEL Device. P-660HN-F1 User’s Guide...
Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message P-660HN-F1 User’s Guide...
DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension. Once you have customized the ZyXEL Device's settings, they can be saved back to your computer under a filename of your choosing. P-660HN-F1 User’s Guide...
• Ensure you have either created a firewall rule to allow access from the WAN or turned the firewall off, otherwise the FTP will not function. • Make sure the FTP service has not been disabled in the Remote Management screen. P-660HN-F1 User’s Guide...
FTP client. The following sections give examples of how to upload the firmware and the configuration files. FTP File Upload Command from the DOS Prompt Example 1 Launch the FTP client on your computer. P-660HN-F1 User’s Guide...
Enter “command sys stdio 5” to restore the five-minute management idle timeout (default) when the file transfer is complete. 3 Launch the TFTP client on your computer and connect to the device. Set the transfer mode to binary before starting data transfer. P-660HN-F1 User’s Guide...
230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit P-660HN-F1 User’s Guide...
” is the ZyXEL Device IP address, “ ” transfers the file source on the ZyXEL Device host , name of the configuration file on the ZyXEL Device) to the file destination on the rom-0 computer and renames it config.rom. P-660HN-F1 User’s Guide...
Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See Section 21.1.4 on page 291 for upgrading firmware using FTP/TFTP commands. Do NOT turn off the ZyXEL Device while firmware upload is in progress! Figure 175 Maintenance > Tools > Firmware P-660HN-F1 User’s Guide...
Figure 177 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen. P-660HN-F1 User’s Guide...
The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the ZyXEL Device’s current configuration to your computer. P-660HN-F1 User’s Guide...
IP address (192.168.1.1). See Appendix A on page 321 for details on how to set up your computer’s IP address. If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. P-660HN-F1 User’s Guide...
System restart allows you to reboot the ZyXEL Device remotely without turning the power off. You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. P-660HN-F1 User’s Guide...
302) to view the DSL line statistics and reset the ADSL line. 22.2 The General Diagnostic Screen Use this screen to ping an IP address. Click Maintenance > Diagnostic to open the screen shown next. Figure 186 Maintenance > Diagnostic > General P-660HN-F1 User’s Guide...
22.3 The DSL Line Diagnostic Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 187 Maintenance > Diagnostic > DSL Line P-660HN-F1 User’s Guide...
The better (or shorter) the line, the higher the number of bits transmitted for a DMT tone. The maximum number of bits that can be transmitted per DMT tone is 15. There will be some tones without any bits as there has to be space between the upstream and downstream channels. P-660HN-F1 User’s Guide...
Page 304
Reset ADSL Line Successfully!" Capture All Logs Click this to display information and statistics about your ZyXEL Device’s ATM statistics, DSL connection statistics, DHCP settings, firmware version, WAN and gateway IP address, VPI/VCI and LAN IP address. P-660HN-F1 User’s Guide...
Table 127 Firmware Specifications Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default User Password user Default Admin 1234 Password DHCP Server IP Pool 192.168.1.32 to 192.168.1.64 Static DHCP Addresses Content Filtering Web page blocking by URL keyword. P-660HN-F1 User’s Guide...
Page 308
Remote Management This allows you to decide whether a service (HTTP or FTP traffic for example) from a computer on a network (LAN or WAN for example) can access the ZyXEL Device. P-660HN-F1 User’s Guide...
Page 309
Auto-negotiating rate adaptation ADSL physical connection ATM AAL5 (ATM Adaptation Layer type 5) Multi-protocol over AAL5 (RFC2684/1483) PPP over ATM AAL5 (RFC2364) PPP over Ethernet for DSL connection (RFC2516) VC-based and LLC-based multiplexing I.610 F4/F5 OAM Annex L/M TR-067/TR-100 P-660HN-F1 User’s Guide...
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security standard. Key differences between WPA and WEP are user authentication and improved data encryption. WPA2 WPA 2 is a wireless security standard that defines stronger encryption, authentication and key management than WPA. P-660HN-F1 User’s Guide...
PPP over AAL5 (PPP over ATM over ADSL) RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP) RFC 2516 A Method for Transmitting PPP Over Ethernet (PPPoE) RFC 2684 Multiprotocol Encapsulation over ATM Adaptation Layer 5. RFC 2766 Network Address Translation - Protocol P-660HN-F1 User’s Guide...
NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model 12V 1A SOCB PA Input Power AC 120Volts/60Hz Output Power DC 12Volts/1.0A Power Consumption 7.7 Watt max Safety Standards ANSI/UL 60950-1, CSA 60950-1 EUROPEAN PLUG STANDARDS AC Power Adapter Model P-660HN-F1 User’s Guide...
Page 313
Chapter 23 Product Specifications Table 130 ZyXEL Device Series Power Adaptor Specifications (continued) Input Power AC 230Volts/50Hz Output Power DC 12Volts/1.0A Power Consumption 8.3 Watt max Safety Standards CE, GS or TUV, EN60950-1 P-660HN-F1 User’s Guide...
2 Check the hardware connections. See the Quick Start Guide. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Turn the ZyXEL Device off and on. 5 If the problem continues, contact the vendor. P-660HN-F1 User’s Guide...
321. Your ZyXEL Device is a DHCP server by default. • If there is no DHCP server on your network, make sure your computer’s IP address is in the same subnet as the ZyXEL Device. See Appendix A on page 321. P-660HN-F1 User’s Guide...
Page 317
I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload new firmware. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. P-660HN-F1 User’s Guide...
4 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications. P-660HN-F1 User’s Guide...
VIII Appendices and Index The appendices provide general information. Some details may not apply to your ZyXEL Device. Setting up Your Computer’s IP Address (321) Pop-up Windows, JavaScript and Java Permissions (343) IP Addresses and Subnetting (351) Wireless LANs (359) Services (373) Internal SPTGEN (377) Legal Information (401)
If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. P-660HN-F1 User’s Guide...
2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. P-660HN-F1 User’s Guide...
• If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). P-660HN-F1 User’s Guide...
3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings, Control Panel. P-660HN-F1 User’s Guide...
Appendix A Setting up Your Computer’s IP Address Figure 191 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 192 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-660HN-F1 User’s Guide...
• If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. P-660HN-F1 User’s Guide...
To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. P-660HN-F1 User’s Guide...
• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. P-660HN-F1 User’s Guide...
2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Windows Vista This section shows screens from Windows Vista Enterprise Version 6.0. 1 Click the Start icon, Control Panel. P-660HN-F1 User’s Guide...
2 In the Control Panel, double-click Network and Internet. Figure 199 Windows Vista: Control Panel 3 Click Network and Sharing Center. Figure 200 Windows Vista: Network And Internet 4 Click Manage network connections. Figure 201 Windows Vista: Network and Sharing Center P-660HN-F1 User’s Guide...
During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 202 Windows Vista: Network and Sharing Center 6 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 203 Windows Vista: Local Area Connection Properties P-660HN-F1 User’s Guide...
To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. P-660HN-F1 User’s Guide...
• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. P-660HN-F1 User’s Guide...
2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. P-660HN-F1 User’s Guide...
2 Select Ethernet built-in from the Connect via list. Figure 208 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. P-660HN-F1 User’s Guide...
2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. P-660HN-F1 User’s Guide...
Check your TCP/IP properties in the Network window. Linux This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version. P-660HN-F1 User’s Guide...
Figure 211 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 212 Red Hat 9.0: KDE: Ethernet Device: General P-660HN-F1 User’s Guide...
Ethernet card). Open the eth0 eth0 configuration file with any plain text editor. • If you have a dynamic IP address, enter in the field. The dhcp BOOTPROTO= following figure shows an example. P-660HN-F1 User’s Guide...
1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 220 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. P-660HN-F1 User’s Guide...
Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. P-660HN-F1 User’s Guide...
3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 223 Pop-up Blocker Settings P-660HN-F1 User’s Guide...
3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. P-660HN-F1 User’s Guide...
2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 226 Security Settings - Java P-660HN-F1 User’s Guide...
Figure 227 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears. P-660HN-F1 User’s Guide...
Appendix B Pop-up Windows, JavaScript and Java Permissions Figure 228 Mozilla Firefox: Tools > Options Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 229 Mozilla Firefox Content Security P-660HN-F1 User’s Guide...
Page 350
Appendix B Pop-up Windows, JavaScript and Java Permissions P-660HN-F1 User’s Guide...
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. P-660HN-F1 User’s Guide...
Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. P-660HN-F1 User’s Guide...
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Table 134 Alternative Subnet Mask Notation ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000 P-660HN-F1 User’s Guide...
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. P-660HN-F1 User’s Guide...
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 139 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS P-660HN-F1 User’s Guide...
Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. P-660HN-F1 User’s Guide...
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. P-660HN-F1 User’s Guide...
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. P-660HN-F1 User’s Guide...
(AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. P-660HN-F1 User’s Guide...
AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. P-660HN-F1 User’s Guide...
DQPSK (Differential Quadrature Phase Shift Keying) 5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. P-660HN-F1 User’s Guide...
RADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks: • Authentication Determines the identity of the users. • Authorization P-660HN-F1 User’s Guide...
Page 365
EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . P-660HN-F1 User’s Guide...
Page 366
However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. P-660HN-F1 User’s Guide...
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. P-660HN-F1 User’s Guide...
Page 368
AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it. P-660HN-F1 User’s Guide...
(PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). 2 The AP checks each wireless client's password and allows it to join the network only if the password matches. P-660HN-F1 User’s Guide...
The angle of the beam determines the width of the coverage pattern. Angles typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications. P-660HN-F1 User’s Guide...
Page 372
For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. P-660HN-F1 User’s Guide...
Finger is a UNIX or Internet related command that can be used to find out if a user is logged on. File Transfer Protocol, a program to enable fast transfer of files, including large files that may not be possible by e-mail. P-660HN-F1 User’s Guide...
Page 374
(TCP/IP or other). POP3S This is a more secure version of POP3 that runs over SSL. PPTP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. P-660HN-F1 User’s Guide...
Page 375
Access Controller Access Control System). TELNET Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/ IP networks. Its primary function is to allow users to log into remote host systems. P-660HN-F1 User’s Guide...
Page 376
Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the application. user- defined P-660HN-F1 User’s Guide...
DO NOT alter or delete any field except parameters in the Input column. This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. P-660HN-F1 User’s Guide...
The name “ ” is the configuration filename on the ZyXEL Device. rom-t 4 Edit the " " file using a text editor (do not use a word processor). You must leave rom-t this FTP screen to edit. P-660HN-F1 User’s Guide...
200 Type I OK ftp> put rom-t ftp>bye Example Internal SPTGEN Screens This section covers ZyXEL Device Internal SPTGEN screens. Table 147 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number Field Name P-660HN-F1 User’s Guide...
Set 2 30201008 = IP Alias #1 Incoming protocol filters = 256 Set 3 30201009 = IP Alias #1 Incoming protocol filters = 256 Set 4 30201010 = IP Alias #1 Outgoing protocol filters = 256 Set 1 P-660HN-F1 User’s Guide...
Page 385
IP Static Route set #4, Name <Str> 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> 120104003 = IP Static Route set #4, Destination = 0.0.0.0 IP address 120104004 = IP Static Route set #4, Destination IP subnetmask P-660HN-F1 User’s Guide...
/ Menu 12.1.8 IP Static Route Setup INPUT 120108001 = IP Static Route set #8, Name <Str> 120108002 = IP Static Route set #8, Active <0(No) |1(Yes)> 120108003 = IP Static Route set #8, Destination = 0.0.0.0 IP address P-660HN-F1 User’s Guide...
Page 387
120111007 = IP Static Route set #11, Private <0(No) |1(Yes)> */ Menu 12.1.12 IP Static Route Setup INPUT 120112001 = IP Static Route set #12, Name <Str> 120112002 = IP Static Route set #12, Active <0(No) |1(Yes)> P-660HN-F1 User’s Guide...
Page 388
IP subnetmask 120115005 = IP Static Route set #15, Gateway = 0.0.0.0 120115006 = IP Static Route set #15, Metric 120115007 = IP Static Route set #15, Private <0(No) |1(Yes)> */ Menu 12.1.16 IP Static Route Setup INPUT P-660HN-F1 User’s Guide...
SUA Server #5 Protocol <0(All)|6(TCP)|17(U DP)> 150000019 = SUA Server #5 Port Start 150000020 = SUA Server #5 Port End 150000021 = SUA Server #5 Local IP address = 0.0.0.0 150000022 = SUA Server #6 Active <0(No) | 1(Yes)> = P-660HN-F1 User’s Guide...
Page 390
SUA Server #12 Active <0(No) | 1(Yes)> 150000053 = SUA Server #12 Protocol <0(All)|6(TCP)|17(U DP)> 150000054 = SUA Server #12 Port Start 150000055 = SUA Server #12 Port End 150000056 = SUA Server #12 Local IP address = 0.0.0.0 P-660HN-F1 User’s Guide...
210102006 = IP Filter Set 1,Rule 2 Dest Port = 138 210102007 = IP Filter Set 1,Rule 2 Dest Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> 210102008 = IP Filter Set 1,Rule 2 Src IP address = 0.0.0.0 P-660HN-F1 User’s Guide...
Page 392
IP Filter Set 1,Rule 4 Type <2(TCP/IP)> 210104002 = IP Filter Set 1,Rule 4 Active <0(No)|1(Yes)> 210104003 = IP Filter Set 1,Rule 4 Protocol = 17 210104004 = IP Filter Set 1,Rule 4 Dest IP address = 0.0.0.0 P-660HN-F1 User’s Guide...
Page 393
IP Filter Set 1,Rule 5 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> 210105013 = IP Filter Set 1,Rule 5 Act Match <1(check next)|2(forward)| 3(drop)> 210105014 = IP Filter Set 1,Rule 5 Act Not Match <1(Check Next) |2(Forward)|3(Dro p)> P-660HN-F1 User’s Guide...
IP Filter Set 2, Rule 1 Protocol 210201004 = IP Filter Set 2, Rule 1 Dest IP = 0.0.0.0 address 210201005 = IP Filter Set 2, Rule 1 Dest Subnet Mask 210201006 = IP Filter Set 2, Rule 1 Dest Port = 137 P-660HN-F1 User’s Guide...
Page 395
210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port <0(none)|1(equal)| Comp 2(not equal)|3(less)|4(g reater)> 210202013 = IP Filter Set 2, Rule 2 Act Match <1(check next)|2(forward)|3 (drop)> P-660HN-F1 User’s Guide...
Page 396
= 17 210204004 = IP Filter Set 2, Rule 4 Dest IP = 0.0.0.0 address 210204005 = IP Filter Set 2, Rule 4 Dest Subnet Mask 210204006 = IP Filter Set 2, Rule 4 Dest Port = 137 P-660HN-F1 User’s Guide...
Page 397
210205010 = IP Filter Set 2, Rule 5 Src Port 210205011 = IP Filter Set 2, Rule 5 Src Port <0(none)|1(equal)| Comp 2(not equal)|3(less)|4(g reater)> 210205013 = IP Filter Set 2, Rule 5 Act Match <1(check next)|2(forward)|3 (drop)> P-660HN-F1 User’s Guide...
= 0.0.0.0 241100007 = WEB Server Port = 80 241100008 = WEB Server Access <0(all)|1(none)|2( Lan) |3(Wan)> 241100009 = WEB Server Secured IP address = 0.0.0.0 Table 155 Menu 23 System Menus */ Menu 23.1 System Password Setup P-660HN-F1 User’s Guide...
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 402
10 mW (10 dB) dans le cadre d'une installation WiFi en extérieur pour les fréquences comprises entre 2454 MHz et 2483,5 MHz. This Class B digital apparatus complies with Canadian ICES-003. P-660HN-F1 User’s Guide...
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-660HN-F1 User’s Guide...
Page 404
Appendix G Legal Information P-660HN-F1 User’s Guide...