3. What’s the difference between ‘Common User Account’ and ‘Administrator Account’? ..............13 4. How do I know the P-660HWP-Dx's WAN IP address assigned by the ISP? ....................13 5. What is the micro filter or splitter used for? ........14 6.
Page 3
8. What are the signaling pins of the ADSL connector? ....20 9. What is triple play? ................20 HPAV FAQ ....................22 1. Can I deploy P-660HWP-Dx in both 100V region like Japan or 230V region like UK?..................22 2. Will P-660HWP-Dx damage or influence any home appliances and other electronics devices?..............
Page 4
P-660HWP-Dx Support Notes 11 What is Brute-force attack? ............27 12. What is IP Spoofing attack? ............27 13. What are the default ACL firewall rules in P-660HWP-Dx? ..28 Configuration .................... 28 1. How do I configure the firewall? ............28 2.
Page 5
8. What is Server Set ID (SSID)?..........39 9. What is an ESSID? .............. 39 Security FAQ..................... 41 1. How do I secure the data across the P-660HWP-Dx Access Point's radio link?....................41 2. What is WEP? ..................41 3. What is WPA? ................... 41 4.
Page 6
P-660HWP-Dx Support Notes 18. How to configure TR069 on P-660HWP-Dx? ....95 Wireless Application Notes ..............99 1. Configure a Wireless Client to Ad hoc mode ....99 2. Configuring Infrastructure mode ........103 3. MAC Filter ................. 107 4. Setup WEP (Wired Equivalent Privacy) ......109 5.
Note: It is protected by super password, ‘1234’ by factory default. 3. How do I update the firmware and configuration file? You can do this if you access the P-660HWP-Dx as Administrator. You can upload the firmware and configuration file to Prestige from Web Condigurator, or using FTP or TFTP client software.
In case you forget the system password, you can erase the current configuration and restore factory defaults this way: Use the RESET button on the rear panel of P-660HWP-Dx to reset the router. After the router is reset, the LAN IP address will be reset to '192.168.1.1', the common user password will be reset to 'user', the Administrator password will be reset to „1234’.
Many-to-One and Server. With SUA, 'visible' servers had to be mapped to different ports, since the servers share only one global IP. The P-660HWP-Dx now has Full Feature NAT which supports five types of IP/Port mapping: One to One, Many to One, Many to Many Overload, Many to Many No Overload and Server.
P-660HWP-Dx Support Notes The P-660HWP-Dx supports NAT sets on a remote node basis. They are reusable, but only one set is allowed for each remote node. The P-660HWP-Dx supports 8 sets since there are 8 remote nodes. By fatory default, the NAT is select as SUA in Web Configurator, Advanced Setup, Network ->...
Page 11
IP addresses as the Internal Local Addresses (ILA) and the global IP addresses as the Inside Global Address (IGA), One to One: In One-to-One mode, the P-660HWP-Dx maps one ILA to one IGA. Many to One: In Many-to-One mode, the P-660HWP-Dx maps multiple ILA to one IGA.
The Prestige does not limit the number of the users but the number of the sessions. The P-660HWP-Dx supports 2048 sessions that you can use the 'ip nat session' command in CLI to see. You can also use „ip nat hashTable wanif0‟...
Moreover, only with Administrator Password, you could manage the P-660HWP-Dx via FTP/TFTP or Telnet. 4. How do I know the P-660HWP-Dx's WAN IP address assigned by the ISP? You can view "My WAN IP <from ISP> : x.x.x.x" shown in Web Configurator „Status->Device Information ->WAN Information‟...
You can also check your ISP or the information sheet given by the ISP. Please choose PPPoE as the encapsulation type in the P-660HWP-Dx if the ISP uses PPPoE. 8. Why does my provider use PPPoE? PPPoE emulates a familiar Dial-Up connection.
IP address we can use the DDNS service. The DDNS server allows to alias a dynamic IP address to a static hostname. Whenever the ISP assigns you a new IP, the P-660HWP-Dx sends this IP to the DDNS server for its updates.
Because the remote gateway checks this source port during connections, the port thus is not allowed to be changed. 13. How do I setup my P-660HWP-Dx for routing IPSec packets over SUA? For outgoing IPSec tunnels, no extra setting is required.
P-660HWP-Dx Support Notes applications have their own natural bit rate. Large data transactions have a fluctuating natural bit rate. The P-660HWP-Dx is able to support variable traffic among different virtual connections. Certain traffic may be discarded if the virtual connection experiences congestion. Traffic shaping defines a set of actions taken by the P-660HWP-Dx to avoid congestion;...
(that you specify) in the URL. You can set a schedule for when the P-660HWP-Dx performs content filtering. You can also specify trusted IP Addresses on LAN for which the P-660HWP-Dx will not perform content filtering. You can configure the details about it in Web Configurator, Advanced setup, Security ->...
Maintenance -> Diagnostic -> DSL Line -> DSL Status: 8. What are the signaling pins of the ADSL connector? The signaling pins on the P-660HWP-Dx's ADSL connector are pin 3 and pin 4. The middle two pins for a RJ11 cable.
1. Can I deploy P-660HWP-Dx in both 100V region like Japan or 230V region like UK?. Yes, the operational voltage of P-660HWP-Dx is 100-240v@50-60Hz. As long as you can operate P-660HWP-Dx, it can be used to transmit data over your power network. 2. Will P-660HWP-Dx damage or influence any home appliances and...
2. What makes P-660HWP-Dx secure? The P-660HWP-Dx is pre-configured to automatically detect and thwart Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND attack, IP Spoofing, etc. It also uses stateful packet inspection to determine if an inbound connection is allowed through the firewall to the private LAN.
4. The P-660HWP-Dx's firewall is fast. It uses a hashing function to search the matched session cache instead of going through every individual rule for a packet.
Configuration 1. How do I configure the firewall? You can use the Web Configurator to configure the firewall for P-660HWP-Dx. By factory default, if you connect your PC to the LAN Interface of P-660HWP-Dx, you can access Web Configurator via „http: //192.168.1.1‟.
P-660HWP-Dx Support Notes 3. Why can't I configure my P-660HWP-Dx using Web Configurator/Telnet over WAN? There are four reasons that WWW/Telnet from WAN is blocked. (1) When the firewall is turned on, all connections from WAN to LAN are blocked by the default ACL rule. To enable Telnet from WAN, you must turn the firewall off, or create a firewall rule to allow WWW/Telnet connection from WAN.
Log and Alert . When does the P-660HWP-Dx generate the firewall log? The P-660HWP-Dx generates the firewall log immediately when the packet matches a firewall rule. The log for Default Firewall Policy (LAN to WAN, WAN to LAN, WAN to WAN) is generated automatically with factory default setting, but you can change it in Web Configurator.
5. What is the difference between the log and alert? A log entry is just added to the log inside the P-660HWP-Dx and e-mailed together with all other log entries at the scheduled time as configured. An alert is e-mailed immediately after an attacked is detected.
Yes, it supports up to 32 MAC Address filtering. 18. Does P-660HWP-Dx support auto rate adaption? Yes, it means that the AP on P-660HWP-Dx will automatically decelerate when devices move beyond the optimal range, or other interference is present. If the device moves back within the range of a higher-speed transmission, the connection will automatically speed up again.
P-660HWP-Dx Support Notes Security FAQ 1. How do I secure the data across the P-660HWP-Dx Access Point's radio link? To secure the date across the P-660HWP-Dx Access Point‟s radio link, we could select any one of the security mode: Static 64/128/256 bit WEP, WPA-PSK, WPA, WPA2-PSK, WPA2.
WPA-PSK security mode automatically with just one touch at the reset button on rear panel. To use this function on P-660HWP-Dx, you could press the reset button on P-660HWP-Dx for 1~5 seconds, the OTIST is actived. The P-660HWP-Dx will enhance the Wireless Security Level to WPA-PSK automatically if no WLAN security has been set.
In this case, we use P-660HWP-Dx which works as an ADSL bridge modem to connect to the ISP. The ISP will generally give one Internet account and limit only one computer to access the Internet.
Page 46
P-660HWP-Dx Support Notes Setup your P-660HWP-Dx under bridge mode The following procedure shows you how to configure your P-660HWP-Dx as bridge mode. We will use Web Configurator to guide you through the related menu. (1) Configure P-660HWP-Dx as bridge mode and configure Internet setup parameters in Web Configurator, Advanced Setup, Network ->...
Ethernet cable. (2) TCP/IP configuration Since the P-660HWP-Dx is set to DHCP server as default, so you need only to configure the workstations as the DHCP clients in the networking settings. In this case, the IP address of the computer is assigned by the P-660HWP-Dx.
P-660HWP-Dx Support Notes Address field. (2) Configure a LAN IP for the P-660HWP-Dx and the DHCP settings in Web Configurator, Advanced Setup, Network -> LAN. 3. Setup the P-660HWP-Dx as a DHCP Relay What is DHCP Relay? DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P-660HWP-Dx supports the DHCP relay function.
Page 50
Cu-SeeMe, and ICQ will need to connect to the local user behind the P-660HWP-Dx. In such case, a SUA server must be configured to forward the incoming packets to the true destination behind SUA. After the required server are configured in Web Configurator, Advanced Setup, Network ->...
Page 52
Certain Quake servers do not allow multiple users to login using the same unique IP, so only one Quake user will be allowed in this case. Moreover, when a Quake server is configured behind SUA, P-660HWP-Dx will not be able to provide information of that server on the internet.
Page 53
A service is identified by the port number. Also, since you need to specify the IP address of a server behind the P-660HWP-Dx, a server must have a fixed IP address and not be a DHCP client whose IP address potentially changes each time P-660HWP-Dx is powered on.
Page 56
Example The following example shows how to dial to an ISP via the P-660HWP-Dx and then establish a tunnel to a private network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT), PPTP client (Win9x) and the P-660HWP-Dx.
Page 57
Internet IP address that the ISP assigns to P-660HWP-Dx router in SUA mode and enter this IP address in the VPN dial-up dialog box. You can check this Internet IP address from PNC Monitor or S Web Configurator, Status ->...
P-660HWP-Dx Support Notes 5. Using Full Feature NAT When P-660HWP-Dx is in Routing mode, you can select NAT Option as Full Feature in Network -> Remote Node -> Edit: Key Settings: Field Options Description When you select this option you can select...
Page 59
Configuring NAT Address Mapping Sets and NAT Server Sets The P-660HWP-Dx has 8 remote nodes and so allows you to configure 8 NAT Address Mapping Sets, You must specify which NAT Address Mapping Set (1~8) to use in the remote node when you select Full Feature NAT.
Page 61
Start address, i.e., you cannot have an End IP address beginning before the Start IP address. Configure Address Mapping Sets in CLI Setp 1: Telnet to the P-660HWP-Dx. (We suppose the LAN IP Address of P-660HWP-Dx is 192.168.1.1) Step 2: Select one Address Mapping Set (#1~#8) by command „ip nat addrmap map [map #] [set name]‟...
Page 67
Step 1: In this case, we need to map ILA to more than one IGA, therefore we must choose the Full Feature option from the NAT field in currently active remote node, and assign IGA3 to P-660HWP-Dx‟s WAN IP Address. Step 2: Go to Web Configurator, Advanced Setup, Network -> NAT ->...
Without DDNS, we always tell the users to use the WAN IP of the P-660HWP-Dx to access the internal server. It is inconvenient for the users if this IP is dynamic. With DDNS supported by the P-660HWP-Dx, you apply a DNS name (e.g., www.zyxel.com.tw) for your server (e.g., Web server) from a...
Page 71
DDNS server. The outside users can always access the web server using the www.zyxel.com.tw regardless of the WAN IP of the P-660HWP-Dx. When the ISP assigns the P-660HWP-Dx a new IP, the P-660HWP-Dx must inform the DDNS server the change of this IP so that the server can update its IP-to-DNS entry.
7. Network Management Using SNMP ZyXEL SNMP Implementation ZyXEL currently includes SNMP support in some P-660HWP-Dx routers. It is implemented based on the SNMPv1, so it will be able to communicate with SNMPv1 NMSs. Further, users can also add ZyXEL's private MIB in the NMS to monitor and control additional system variables.
Page 74
P-660HWP-Dx Support Notes The SNMP related settings in P-660HWP-Dx are configured in Web Configurator, Advanced Setup, Advanced -> Remote MGNT -> SNMP The following steps describe a simple setup procedure for configuring all SNMP settings. Key Settings: Option Descriptions Enter the correct Get Community. This Get Community must match the 'Get-' and 'GetNext' community requested from the NMS.
In a typical environment, a LAN router is required to connect two local networks. The P-660HWP-Dx can connect three local networks to the ISP or a remote node, we call this function as 'IP Alias'. In this case, an internal router is not required.
Page 76
IP alias 1 and enif0:1 for the IP alias 2. Therefore, three routes are created in the P-660HWP-Dx as shown below when the three networks are configured. If the P-660HWP-Dx's DHCP is also enabled, the IP pool for the clients can be any of the three networks.
Active it and enter the second LAN IP address for the P-660HWP-Dx. This IP Alias 1 will create the second route in the enif0:0 interface. Active it and enter the third LAN IP address for the P-660HWP-Dx. This will IP Alias 2 create the third route in the enif0:1 interface.
What is Call Scheduling? Call scheduling enables the mechanism for the P-660HWP-Dx to run the remote node connection according to the pre-defined schedule. This feature is just like the scheduler in a video recorder which records the program according to the specified time.
Time service is implemented by the Daytime protocol(RFC-867), Time protocol(RFC-868), and NTP protocol(RFC-1305). You have to assign an IP address of a time server and then, the P-660HWP-Dx will get the date, time, and time-zone information from this server. You can configure it in Web Configurator, Advanced Setup, Maintenance ->...
P-660HWP-Dx Support Notes needs to be forwarded. At start up, the P-660HWP-Dx queries all directly connected networks to gather group membership. After that, the P-660HWP-Dx updates the information by periodic queries. The P-660HWP-Dx implementation of IGMP is also compatible with version 1. The multicast setting can be turned on or off on Ethernet and remote nodes.
16. How to configure packet filter on P-660HWP-Dx? The P-660HWP-Dx allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You can apply up to four filter sets to a particular port to block multiple types of packets.
Page 91
P-660HWP-Dx Support Notes The packet filter function on P-660HWP-Dx is the same as before, just that you could only configure the filter set and apply them by command in CLI. It‟s very complex for common users to do it. So here‟s the recommendation: (1) Usually if you want to block special packets, you could edit a firewall rule in Web Configurator.
P-660HWP-Dx Support Notes 18. How to configure TR069 on P-660HWP-Dx? For example: ACS IP: 192.168.10.11 Port: 8080 On CPE In SMT 24.8, CI Command, v> wan tr069 load // Load TR-064 before configuration. v> wan tr069 active 1 // enable the TR-069 operation.
Page 105
P-660HWP-Dx Support Notes Configure Wireless Access Point to Infrastructure mode using Web configurator. To configure Infrastructure mode of your P-660HWP-Dx wireless AP please follow the steps below. Step 1: Login Web Configurator, Advanced Setup, Network -> Wireless LAN -> General. Configure the basic parameters for Wireless LAN.
Page 112
P-660HWP-Dx Support Notes (2) You can also put in an arbitrary sequence of characters in the „Passphrase‟ and then press button „Generate‟ to let the P-660HWP-Dx generate WEP Key for you: Setting up the Station Step 1: Double click on the utility icon in your windows task bar or right click the utility icon then select 'Show Config Utility'.
Page 114
P-660HWP-Dx Support Notes Note: You should select Key 1 as default Transmit Key, since the P-660HWP-Dx is supposed to use Key 1 by default. Key settings The WEP Encryption type of station has to equal to the access point. Check 'ASCII' field for characters WEP key or uncheck 'ASCII' field for Hexadecimal digits WEP key.
WAP applies IEEE 802.1x Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. You can not use the P-660HWP-Dx's local user database for WPA authentication purpose since the local user database uses MD5 EAP which can not to generate keys.
Page 119
Authentication can be done using local user database internal to the P-660HWP-Dx (authenticate up to 32 users) or an external RADIUS server for an unlimited number of users. Step 1: To change your P-660HWP-Dx's authentication settings, login Web Configurator, Advanced Setup, Network ->...
Offline Trace--capture the trace first and display later The details for capturing the trace in CLI as follows: First of all, you need to telnet to the P-660HWP-Dx firstly. The password is Administrator passwords, „admin‟ by default. Online Trace (1) Trace LAN packet ...
P-660HWP-Dx Support Notes Capture the detailed logs by Hyper Terminal Step 1: Initiate a hyper terminal connection from your PC(suppose you connected to the LAN port of P-660HWP-Dx) Step 2: Click the „properties‟ to configure parameters to telnet to the P-660HWP-Dx.
Page 130
Step 3: Run the TFTP client software Step 4: To download the P-660HWP-Dx configuration, please get the remote file 'rom-0' from the Prestige. Step 5: To upload the P-660HWP-Dx configuration, please save the remote file as 'rom-0' in the Prestige. An example:...
Step 2: Type the CI command 'sys stdio 0' to disable console idle timeout in Command Line Interface (CLI). Step 3: Download ZyNOS via LAN: c:\tftp -i [PrestigeIP] get ras [localfile] Step 4: Upload P-660HWP-Dx configurations via LAN: c:\tftp -i [PrestigeIP] put [localfile] rom-0 Step 5: Download P-660HWP-Dx configurations via LAN:...