ZyXEL Communications P-661HNU-Fx Support Notes
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. P-661HNU-FX
  6. Support notes

ZyXEL Communications P-661HNU-Fx Support Notes

P-661hnu-f series 802.11n wireless adsl2+ 4-port security gateway
Hide thumbs Also See for P-661HNU-Fx:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Manual
P-661HNU Series Support Notes
P-661HNU-Fx
802.11n Wireless ADSL2+ 4-port Security Gateway
Support Notes
Version3.10
Oct 2010
1
All contents copyright © 2010 ZyXEL Communications Corporation.

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications P-661HNU-Fx

Summary of Contents for ZyXEL Communications P-661HNU-Fx

  • Page 1 P-661HNU Series Support Notes P-661HNU-Fx 802.11n Wireless ADSL2+ 4-port Security Gateway Support Notes Version3.10 Oct 2010 All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 2: Table Of Contents

    „Administrator Account‟? ................. 8 4. Will the device work with my Internet connection? ......8 5. How do I know the P-661HNU-Fx's WAN IP address assigned by the ISP?....................... 9 6. What is the micro filter or splitter used for? ........9 7.
  • Page 3 10. What is LAND attack? ............19 11 What is Brute-force attack? ........... 19 12. What is IP Spoofing attack? ..........20 13. What are the default firewall rules in P-661HNU-Fx? ..20 Configuration ................... 20 1. How do I configure the firewall? ..........20 2.
  • Page 4 5. What is Frequency-hopping Spread Spectrum Technology – (FHSS)? ................... 27 Security FAQ .................... 28 1. How do I secure the data across the P-661HNU-Fx Access Point's radio link?..............28 2. What is WEP?................ 28 3. What is WPA-PSK? .............. 29 4.
  • Page 5 2. Backing – up the Configuration ............79 3. Upload Configuration via web GUI ........... 81 4. Using FTP to Upload the Firmware and Configuration Files ..82 Using Windows command ................. 83 All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 6: Faq

    In case you forget the system password, you can erase the current configuration and restore factory defaults this way: Use the RESET button on the rear panel of P-661HNU-Fx to reset the router. After the router is reset, the LAN IP address will be reset to '192.168.1.1', the common user account will be reset to 'user/1234', the Administrator account will be reset to „admin/1234‟.

  • Page 7: Is It Possible To Access A Server Running Behind Sua From The Outside Internet? How Can I Do It

    6. Is it possible to access a server running behind SUA from the outside Internet? How can I do it? Yes, it is possible because P-661HNU-Fx delivers the packet to the local server by looking up to a SUA server table. Therefore, to make a local server accessible to the outside users, the port number and the inside IP address of the server must be configured.

  • Page 8: Product Faq

    „root/1234‟. 4. Will the device work with my Internet connection? P-661HNU-Fx is designed to be compatible with major ISPs utilize ADSL as a broadband service. P-661HNU-Fx offers Ethernet ports to connect to your somputer so the device is placed in the line between the computer and your ISP.

  • Page 9: How Do I Know The P-661Hnu-Fx's Wan Ip Address Assigned By The Isp

    P-661HNU Series Support Notes 5. How do I know the P-661HNU-Fx's WAN IP address assigned by the ISP? You can view "- IP Address : x.x.x.x" shown in Web Configurator „Connection Status -> System Info -> Device Information -> WAN 1 Information‟ to check this IP address.

  • Page 10: What Is Nat

    Internet ISP, thus making them appear as if they came from the NAT system itself (e.f., the PCE router). The CPE keeps track of the original addresses and port numbers, so the incoming reply packets can have their original values restored. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 11: What Is Ddns

    IP address we can use the DDNS service. The DDNS server allows to alias a dynamic IP address to a static hostname. Whenever the ISP assigns you a new IP, the P-661HNU-Fx sends this IP to the DDNS server for its updates.

  • Page 12: What Is Ddns Wildcard? Does The P-661Hnu-Fx Support Ddns Wildcard

    All applications have their own natural bit rate. Large data transactions have a fluctuating natural bit rate. The P-661HNU-Fx is able to support variable traffic among different virtual connections. Certain traffic may be discarded if the virtual connection experiences congestion.

  • Page 13: What Do The Atm Qos Types (Cbr, Ubr, Vbr-Nrt, Vbr-Rt) Mean

    P-661HNU Series Support Notes The P-661HNU-Fx holds the parameters for shaping the traffic among its virtual channels. If you do not need traffic shaping, please set SCR = 0, MBS = 0 and PCR as the maximum value according to the line rate (for example, 2.3 Mbps line rate will result PCR as 5424 cell/sec.)

  • Page 14: Adsl Faq

    4. How do I know the ADSL line is up? You can see the DSL LED Green on the P-661HNU-Fx's front panel is on when the ADSL physical layer is up.

  • Page 15: Does The Vc-Based Multiplexing Perform Better Than The Llc-Based Multiplexing

    Maintenance -> Diagnostic -> DSL Line -> DSL Line Status: 8. What are the signaling pins of the ADSL connector? The signaling pins on the P-661HNU-Fx's ADSL connector are pin 3 and pin 4. The middle two pins for a RJ11 cable.
  • Page 16 The low priority is internet access such as ftp etc … Triple Play is a port-based policy to forward packets from different LAN port to different PVCs, thus you can configure each PVC separately to assign different QoS to different application. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 17: Firewall Faq

    2. What makes P-661HNU-Fx secure? The P-661HNU-Fx is pre-configured to automatically detect and thwart Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND attack, IP Spoofing, etc. It also uses stateful packet inspection to determine if an inbound connection is allowed through the firewall to the private LAN.

  • Page 18: What Kind Of Firewall Is The P-661Hnu-Fx

    4. The P-661HNU-Fx's firewall is fast. It uses a hashing function to search the matched session cache instead of going through every individual rule for a packet.

  • Page 19: What Is Ping Of Death Attack

    A Brute-force attack, such as 'Smurf' attack, targets a feature in the IP specification known as directed or subnet broadcasting, to quickly flood the target network with useless data. A Smurf hacker flood a destination IP All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 20: What Is Ip Spoofing Attack

    Configuration 1. How do I configure the firewall? You can use the Web Configurator to configure the firewall for P-661HNU-Fx. By factory default, if you connect your PC to the LAN Interface of P-661HNU-Fx, you can access Web Configurator via „http://192.168.1.1‟.

  • Page 21: Why Can't I Configure My P-661Hnu-Fx Using Web Configurator/Telnet Over Wan

    „MAC Address Filter‟ table if you wish to allow only them to access your network. Then others can‟t configure your device any more. 3. Why can't I configure my P-661HNU-Fx using Web Configurator/Telnet over WAN? There are two possible reasons that WWW/Telnet from WAN is blocked.

  • Page 22: Why Can't I Upload The Firmware And Configuration File Using Ftp Over Wan

    (1) You have disabled FTP service in Web Configurator, Advanced setup, Maitenance -> Remote MGMT. (2)A MAC filter set but your host is not in the MAC address list, Security -> MAC Filter All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 23: Wireless Faq

    3. What is the disadvantage of Wireless LAN? All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 24: Where Can You Find 802.11 Wireless Networks

    (interoperate) with any brand of Access Point that is also Wi-Fi certified. 8. What types of devices use the 2.4GHz Band? Various spread spectrum radio communication applications use the 2.4 GHz band. This includes WLAN systems (not necessarily of the type IEEE All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 25: Does The 802.11 Interfere With Bluetooth Device

    (1) Minimizing the number of walls and ceilings (2) Antenna is positioned for best reception (3) Keep WLAN products away from electrical devices, eg: microwaves, monitors, electric motors,…, etc. (4) Add additional APs if necessary. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 26: What's The Difference Between A Wlan And A Wwan

    Yes, it supports up to 32 MAC Address filtering. 17. Does P-661HNU-Fx support auto rate adaption? Yes, it means that the AP on P-661HNU-Fx will automatically decelerate when devices move beyond the optimal range, or other interference is present. If the device moves back within the range of a higher-speed transmission, the connection will automatically speed up again.

  • Page 27: Advanced Faq

    "logical channel". To an unsynchronised receiver an FHSS transmission appears to be short-duration impulse noise. 802.11 may use FHSS or DSSS. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 28: Security Faq

    AP. The ESSID is a 32-character maximum string and is case-sensitive. Security FAQ 1. How do I secure the data across the P-661HNU-Fx Access Point's radio link? To secure the date across the P-661HNU-Fx Access Point‟s radio link, we could select any one of the security mode: Static 64/128 bit WEP, WPA-PSK, WPA, WPA2-PSK, WPA2.

  • Page 29: What Is Wpa-Psk

    SSID goes over the air in clear text. This makes obtaining the SSID easy by sniffing 802.11n wireless traffic. 8. By turning off the broadcast of SSID, can someone still sniff the SSID? All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 30: What Are Insertion Attacks

    An intruder can masquerade as that user by using this captured information. An intruder who monitors the wireless network can apply this same attack principle on the wireless. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 31: Application Notes

    In this case, we use P-661HNU-Fx which works as an ADSL bridge modem to connect to the ISP. The ISP will generally give one Internet account and limit only one computer to access the Internet.
  • Page 32 P-661HNU Series Support Notes Setup your P-661HNU-Fx under bridge mode The following procedure shows you how to configure your P-661HNU-Fx as bridge mode. We will use Web Configurator to guide you through the related menu. 1. Retrieve Prestige Web Please enter the LAN IP address of the Prestige router in the URL location to retrieve the web screen from the Prestige.
  • Page 33 P-661HNU Series Support Notes 2. Login first The default password is the default SMT password, '1234'. (1) Configure P-661HNU-Fx as bridge mode and configure Internet setup parameters in Web Configurator, Advanced Setup, Network Setting-> Broadband. Click „Add new WAN Interface‟...
  • Page 34 Key Settings: Option Description Encapsulation Select the correct Encapsulation type that your ISP supports. For Mode example, LLC/SNAP-BRIDGING. VPI & VCI Specify a VPI (Virtual Path Identifier) and a VCI (Virtual Channel All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 35: Internet Access Using P-661Hnu-Fx Under Routing Mode

    Identifier) given to you by your ISP. (2) Turn off DHCP Server and configure a LAN IP for the P-661HNU-Fx in Web Configurator, Advanced Setup, Network Setting -> Home Networking -> LAN Setup. We use 192.168.1.1 as the LAN IP for P-661HNU-Fx in this case: Step 1: Disactive DHCP Server and apply it: Step 2: Assign an IP to the LAN Interface of P-661HNU-Fx, e.g.: 192.168.1.1:...
  • Page 36 P-661HNU Series Support Notes Set up your P-661HNU-Fx under routing mode The following procedure shows you how to configure your P-661HNU-Fx as Routing mode for routing traffic. We will use Web Configurator to guide you through the related menu. (1) Configure P-661HNU-Fx as routing mode and configure Internet setup parameters in Web Configurator, Advanced Setup, Network Setting->...

  • Page 37: Internet Access Using 3G Backup

    P-661HNU-Fx dynamically. Otherwise, set to Static IP Adress and IP Address enter the IP in the IP Address field. (2) Configure a LAN IP for the P-661HNU-Fx and the DHCP settings in Web Configurator, Advanced Setup, Network Setting-> Home Networking -> LAN Setup.
  • Page 38 Type the user name (of up to 70 ASCII Printable characters) given to you Username by your service provider. Type the password (of up to 70 ASCII Printable characters) associated Password with the user name above. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 39 Select this to have the ZyXEL Device use the DNS server addresses you DNS IP configure manually. address Primary DNS Enter the first DNS server address assigned by the ISP. server All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 40: Sua Notes

    Cu-SeeMe, and ICQ will need to connect to the local user behind the P-661HNU-Fx. In such case, a SUA server must be configured to forward the incoming packets to the true destination behind SUA. After the required server are configured in Web Configurator, Advanced Setup, Network Setting->...
  • Page 41 QuakeII2.30 None Default/client IP QuakeIII1.05 beta None StartCraft. 6112/client IP Quick Time 4.0 None 5631/client IP pcAnywhere 8.0 None 5632/client IP 22/client IP IPsec (ESP tunneling mode) None (one client only) Default/Client All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 42 Certain Quake servers do not allow multiple users to login using the same unique IP, so only one Quake user will be allowed in this case. Moreover, when a Quake server is configured behind SUA, P-661HNU-Fx will not be able to provide information of that server on the internet.
  • Page 43 A service is identified by the port number. Also, since you need to specify the IP address of a server behind the P-661HNU-Fx, a server must have a fixed IP address and not be a DHCP client whose IP address potentially changes each time P-661HNU-Fx is powered on.
  • Page 44 Web Server is 80: (3) If you want to change the port for Web Server, you could press button „Edit‟ on corresponding rule, then modify and apply it. Default port numbers for some services All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 45 All data sent over this connection can be encrypted and compressed, and multiple network level protocols (TCP/IP, NetBEUI and IPX) can be run correctly. Windows NT Domain Login level security is preserved even across the Internet. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 46 Configuration This application note explains how to establish a PPTP connection with a remote private network in the P-661HNU-Fx SUA case. In ZLD, all PPTP packets can be forwarded to the internal PPTP Server (WinNT server) behind SUA. The port number of the PPTP has to be entered in the Web Configurator, Advanced Setup, Network Setting->...
  • Page 47 P-661HNU Series Support Notes Example The following example shows how to dial to an ISP via the P-661HNU-Fx and then establish a tunnel to a private network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT), PPTP client (Win9x) and the P-661HNU-Fx.
  • Page 48 Internet IP address that the ISP assigns to P-661HNU-Fx router in SUA mode and enter this IP address in the VPN dial-up dialog box. You can check this Internet IP address from PNC Monitor or S Web Configurator, Connecting Status ->...

  • Page 49: Using The Dynamic Dns (Ddns)

    Without DDNS, we always tell the users to use the WAN IP of the P-661HNU-Fx to access the internal server. It is inconvenient for the users if this IP is dynamic. With DDNS supported by the P-661HNU-Fx, you apply a DNS name (e.g., www.zyxel.com.tw) for your server (e.g., Web server) from a...

  • Page 50: File Sharing

    Enter the password that the DDNS server gives to you. 6. File Sharing Sharing files on a USB memory stick or hard drive connected to P-661HNU-Fx with other users on the network, the topology showed bellow allowing PC A, B &...
  • Page 51 2) Go to Network Setting -> Home Networking -> File sharing 3) Click on “Share Configuration” to enable “SMB” function. 4) Click on “Apply”. When File Sharing feature is enabled, P-661HNU-Fx will find the attached USB Hard Drive. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 52 6) Select Access Level “Public” to allow access to anyone who can login to the flash disk. 7) Click on “Add New User” to create a new account for access log in. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 53 8) Enter “User Name” and “New Password”. 9) Click on “Apply”. 10) Repeat the steps 5 and 6 to change the access control level. 11) Select Access Level as “Security”. 12) Select user123 as “Allow User”. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 54 P-661HNU Series Support Notes The following steps will show you how the PC A, B or C Access the USB Hard Drive fromg the PC. 13) Go to Windows “Run” and connect to P-661HNU-Fx. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 55 P-661HNU Series Support Notes 14) After connected to P-661HNU-Fx, the USB hard drive will be displayed on the screen. 15) Click on the USB hard drive, and a pop up window will be displayed asking the login information. Key in the user account: user123, password: xxxxx...
  • Page 56 P-661HNU Series Support Notes After successful log in, the content of the USB hard drive will be displayed. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 57: Qos

    Queue Setup decides the priority on WAN interfaces. Use this screen to configure QoS queue assignment. There are two default queues. One is for WAN interface, the other is for LAN interface. You could add more queues by applying „Add new Queue‟ button. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 58 Use this screen to add, edit or delete classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address,destination address, source port number, destination port number or incoming interface. Click Network Setting -> QoS -> Class Setup All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 59 P-661HNU Series Support Notes The Class Configuration Screen Click the Add new Classifier button to configure a classifier. The QoS Monitor Screen All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 60: Using Syslog

    Syslog Logging: Select Enable to active Syslog. Syslog Server: Enter the IP address of the server that you wish to send the syslog. UDP Port: Enter server port which you want to send the syslog on. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 61: Using Ip Multicast

    IGMP to report their multicast group membership to any immediate-neighbor multicast routers so the multicast routers can decide if a multicast packet needs to be forwarded. At start up, the P-661HNU-Fx queries all directly connected networks to gather group membership.

  • Page 62: Wireless Application Notes

    Step 1: Double click on the utility icon in your windows task bar the utility will pop up on your windows screen. Step 2: Select configuration tab. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 63 Step 4: Since there is no DHCP server to give the host IP you must first designate a static IP for your station. From Windows Start select Control Panel >Network Connection>Wireless Network Connection. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 64 Step1: Double click on the utility icon in your windows task bar the utility will pop up on your windows screen. Step 2: Select configuration tab. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 65 Step 4: Since there is no DHCP server to give the host IP you must first designate a static IP for your station. From Windows Start select Control Panel >Network Connection>Wireless Network Connection. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 66: Setup Wep (Wired Equivalent Privacy)

    The standard does not discuss how the shared key is established. In practice, most installations use a single key that is shared between all mobile All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 67 256-bit WEP key (secret key) with 58 hexadecimal digits  Setting up the Station Step 1: Double click on the utility icon in your windows task bar or right click the utility icon then select 'Show Config Utility'. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 68 Note: If the utility icon doesn't exist in your task bar, click Start -> Programs -> …… to start the utility. Step 2: Select the 'Configuration' tab. Select „Set Security‟ to configure encryption type and parameters correspond with access point. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 69 Key 1 by default. Key settings The WEP Encryption type of station has to equal to the access point. Check 'ASCII' field for characters WEP key or uncheck 'ASCII' field for Hexadecimal digits WEP key. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 70: Site Survey

    Survey on Site Step 1: With the diagram with all information you gathered in the preparation phase. Now you are ready to make the survey. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 71 Record down the changes at point where transfer rate drop and the link quality and signal strength information on the diagram as you go alone. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 72 Step 8: Repeat step 1~6 of survey on site as necessary, upon completion you will have an diagram and information of site survey. As illustrated below. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 73: Wps Application

    Wi-Fi Protected Setup. There are several different methods defined in WPS to simplify the process of configuration. P-661HNU-Fx supports two of those methods, which are the PIN Method and PBC Method. PIN Method:...

  • Page 74: Configure 802.1X And Wpa

    WAP applies IEEE 802.1x Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. You can not use the P-661HNU-Fx's local user database for WPA authentication purpose since the local user database uses MD5 EAP which can not to generate keys.
  • Page 75 Authentication can be done using local user database internal to the P-661HNU-Fx (authenticate up to 32 users) or an external RADIUS server for an unlimited number of users. Step 1: To change your P-661HNU-Fx's authentication settings, login Web Configurator, Advanced Setup, Network Setting->...
  • Page 76 Step 1: Double click on your wireless utility icon in your windows task bar, the utility will pop up on your windows screen. Step 2: Select the configuration tab, type in the SSID (Service Set Identifier), select the operating Mode as Infrastructure, and select proper channel. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 77 P-661HNU Series Support Notes Step 3: Click Set Security to configure the security parameters: Step 4: Click OK for finish, and begin to Site survey. Connect to the AP as you have configured. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 78: The Wps/Wlan Button

    The WPS/WLAN LED should change from on to off or vice versa. 2. Activate WPS (1) Make sure the POWER LED is on (not blinking). (2) Press the WPS WLAN ON/OFF button for 5 to 10 seconds and release it. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 79: Support Tool

    1. Upgrading Firmware via web GUI  Go to Maintenance -> Firmware Upgrade Click Browse. Select the Firmware to upload and click Open. Click Upload 2. Backing – up the Configuration  Go to Maintenance -> Backup/Restore All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 80 P-661HNU Series Support Notes  Click “Backup”.  Click “Save”.  Select the directory to save and click Save. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 81: Upload Configuration Via Web Gui

    P-661HNU Series Support Notes 3. Upload Configuration via web GUI  Go to Maintenance -> Backup/Restore  Click Browse.  Select the configuration file to upload and click Open. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 82: Using Ftp To Upload The Firmware And Configuration Files

    'admin/1234'. Step 3 Transfer the file to the Prestige. Example: Step 1: Connect to the Prestige by entering the Prestige's IP and Administrator password in the FTP software. All contents copyright © 2010 ZyXEL Communications Corporation.

  • Page 83: Using Windows Command

    Step 3: The Prestige reboots automatically after the uploading is finished. Please do not power off the router at this moment. Using Windows command Step 1: Connect to the Prestige by entering the Prestige's IP to access it. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 84 Step3: Find the fw fold and access the fold. Step4: Enter “binary”. Step5: To upload the firmware file, we put the ras file to the fold. To upload the configuration file, we put the rom file to the fold. All contents copyright © 2010 ZyXEL Communications Corporation.
  • Page 85 P-661HNU Series Support Notes Step6: The Prestige reboots automatically after the uploading is finished. Please do not power off the router at this moment. All contents copyright © 2010 ZyXEL Communications Corporation.

This manual is also suitable for:

P-661hnu-f1

Table of Contents