Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for ZyXEL Communications P-660HN-F1A
Summary of Contents for ZyXEL Communications P-660HN-F1A
- Page 1 P-660HN-F1A 802.11n Wireless ADSL2+ 4-port Gateway Default Login Details IP Address http://192.168.1.1 Admin 1234 Password User user Password Firmware Version 3.70 Edition 1, 01/2010 www.zyxel.com www.zyxel.com Copyright © 2010 ZyXEL Communications Corporation...
-
Page 3: About This User's Guide
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the P-660HN-F1A using the web configurator. Tips for Reading User’s Guides On-Screen When reading a ZyXEL User’s Guide On-Screen, keep the following in mind: •... - Page 4 About This User's Guide Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Need More Help? More help is available at www.zyxel.com. • Download Library Search for the latest product updates and documentation from this link. Read...
- Page 5 Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate. P-660HN-F1A User’s Guide...
-
Page 6: Document Conventions
Syntax Conventions • The P-660HN-F1A may be referred to as the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font. - Page 7 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The P-660HN-F1A icon is not an exact representation of your device. P-660HN-F1A Computer Notebook computer Server Firewall Telephone Router Switch P-660HN-F1A User’s Guide...
-
Page 8: Safety Warnings
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. P-660HN-F1A User’s Guide... -
Page 9: Table Of Contents
Contents Overview Contents Overview User’s Guide ........................... 21 Introducing the P-660HN-F1A ....................23 Introducing the Web Configurator ....................29 Status Screens .......................... 37 Tutorials ............................. 45 Internet and Wireless Setup Wizard ..................89 Technical Reference ......................103 WAN Setup ..........................105 LAN Setup .......................... - Page 10 Contents Overview P-660HN-F1A User’s Guide...
-
Page 11: Table Of Contents
Introducing the P-660HN-F1A ....................23 1.1 Overview ..........................23 1.2 Ways to Manage the P-660HN-F1A ..................23 1.3 Good Habits for Managing the P-660HN-F1A ..............24 1.4 Applications for the P-660HN-F1A ..................24 1.4.1 Internet Access ......................25 1.5 LEDs (Lights) ........................26 1.6 The RESET Button ...................... - Page 12 4.4 Setting Up NAT Port Forwarding and Firewall Rule ............. 57 4.4.1 Default Server ......................58 4.4.2 Port Forwarding ......................59 4.5 Access the P-660HN-F1A Using DDNS ................64 4.5.1 Registering a DDNS Account on www.dyndns.org ............ 65 4.5.2 Configuring DDNS on Your P-660HN-F1A ..............65 4.5.3 Adding a Firewall Rule for Remote Management ............
- Page 13 7.6 LAN Technical Reference ....................137 7.6.1 LANs, WANs and the ZyXEL Device ................ 137 7.6.2 DHCP Setup ......................138 7.6.3 DNS Server Addresses .................... 138 7.6.4 LAN TCP/IP ......................139 7.6.5 RIP Setup ......................... 140 7.6.6 Multicast ........................140 P-660HN-F1A User’s Guide...
- Page 14 9.4.1 The Address Mapping Rule Edit Screen ..............181 9.5 The SIP ALG Screen ......................183 9.6 NAT Technical Reference ....................183 9.6.1 NAT Definitions ......................183 9.6.2 What NAT Does ....................... 184 9.6.3 How NAT Works ....................... 185 P-660HN-F1A User’s Guide...
- Page 15 12.1.2 What You Need to Know About the Packet Filter ........... 217 12.2 The Packet Filter Screen ....................218 12.2.1 Editing Protocol Filters ................... 219 12.2.2 Configuring Protocol Filter Rules ................220 12.2.3 Editing Generic Filters .................... 221 P-660HN-F1A User’s Guide...
- Page 16 16.2.1 What You Can Do in the QoS Screens ..............252 16.2.2 What You Need to Know About QoS ..............253 16.2.3 QoS Class Setup Example ..................253 16.3 The QoS General Screen ....................257 16.4 The Class Setup Screen ....................258 P-660HN-F1A User’s Guide...
- Page 17 19.1.1 What You Can Do in the UPnP Screen ..............289 19.1.2 What You Need to Know About UPnP ..............289 19.2 The UPnP Screen ......................291 19.3 Installing UPnP in Windows Example ................292 19.4 Using UPnP in Windows XP Example ................295 P-660HN-F1A User’s Guide...
- Page 18 23.2 The General Diagnostic Screen ..................335 23.3 The DSL Line Diagnostic Screen ..................336 Chapter 24 Troubleshooting........................339 24.1 Power, Hardware Connections, and LEDs ..............339 24.2 P-660HN-F1A Access and Login ..................340 24.3 Internet Access ........................ 342 P-660HN-F1A User’s Guide...
- Page 19 Appendix B Pop-up Windows, JavaScripts and Java Permissions ........377 Appendix C IP Addresses and Subnetting ................387 Appendix D Wireless LANs ....................397 Appendix E Services ......................413 Appendix F Legal Information ....................417 Index............................421 P-660HN-F1A User’s Guide...
- Page 20 Table of Contents P-660HN-F1A User’s Guide...
-
Page 21: User's Guide
User’s Guide... -
Page 23: Introducing The P-660Hn-F1A
P-660HN-F1A. 1.1 Overview The P-660HN-F1A is an ADSL2+ router. By integrating DSL and NAT, you are provided with ease of installation and high-speed, shared Internet access. The P- P-660HN-F1A is also a complete security solution with a robust firewall and content filtering. -
Page 24: Good Habits For Managing The P-660Hn-F1A
LAN. 1.3 Good Habits for Managing the P-660HN-F1A Do the following things regularly to make the P-660HN-F1A more secure and to manage the P-660HN-F1A more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters. -
Page 25: Internet Access
Chapter 1 Introducing the P-660HN-F1A 1.4.1 Internet Access Your P-660HN-F1A provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack. Computers can connect to the P-660HN-F1A’s LAN ports (or wirelessly). -
Page 26: Leds (Lights)
1.5 LEDs (Lights) The following graphic displays the labels of the LEDs. Figure 2 LEDs on the Top of the Device None of the LEDs are on if the P-660HN-F1A is not receiving power. Table 1 LED Descriptions COLO STATUS DESCRIPTION... -
Page 27: The Reset Button
COLO STATUS DESCRIPTION INTERNET Green The P-660HN-F1A has an IP connection but no traffic. Your device has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up. -
Page 28: Turn The Wireless Lan Off Or On
Press the WPS/WLAN button for more than one second and release it when the LED becomes orange. Press the WPS button on another WPS-enabled device within range of the P-660HN-F1A. The WPS/WLAN LED should flash while the P- 660HN-F1A sets up a WPS connection with the wireless device. -
Page 29: Introducing The Web Configurator
Internet Explorer. 2.1.1 Accessing the Web Configurator Make sure your P-660HN-F1A hardware is properly connected (refer to the Quick Start Guide). Launch your web browser. Type "192.168.1.1" as the URL. - Page 30 Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now. Figure 4 Change Password Screen P-660HN-F1A User’s Guide...
-
Page 31: Web Configurator Main Screen
Figure 5 Replace Factory Default Certificate Screen Note: For security reasons, the P-660HN-F1A automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. 2.2 Web Configurator Main Screen Figure 6 Main Screen P-660HN-F1A User’s Guide... -
Page 32: Title Bar
660HN-F1A features. The following tables describe each menu item. Table 3 Navigation Panel Summary LINK FUNCTION Status This screen shows the P-660HN-F1A’s general device and network status information. Use this screen to access the statistics and client list. Network Internet... - Page 33 Wireless LAN Use this screen to configure the wireless LAN settings and WLAN authentication/security settings. More AP Use this screen to configure multiple BSSs on the P-660HN-F1A. Use this screen to configure WPS (Wi-Fi Protected Setup) settings. WPS Station Use this screen to set up a WPS wireless network.
-
Page 34: Main Window
General Use this screen to configure your device’s name, domain name, management inactivity timeout and password. Time Setting Use this screen to change your P-660HN-F1A’s time and date. Logs View Log Use this screen to display your device’s logs. Log Settings Use this screen to select which logs and/or immediate alerts your device is to record. -
Page 35: Status Bar
Chapter 2 Introducing the Web Configurator 2.2.4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated. P-660HN-F1A User’s Guide... - Page 36 Chapter 2 Introducing the Web Configurator P-660HN-F1A User’s Guide...
-
Page 37: Status Screens
Any IP and DHCP and statistics from bandwidth management, and traffic. 3.2 The Status Screen Use this screen to view the status of the P-660HN-F1A. Click Status to open this screen. Figure 7 Status Screen P-660HN-F1A User’s Guide... - Page 38 DSL Mode This is the DSL standard that your P-660HN-F1A is using. IP Address This is the current IP address of the P-660HN-F1A in the WAN. Click this to go to the screen where you can change it. IP Subnet This is the current subnet mask in the WAN.
- Page 39 Channel This is the channel number used by the P-660HN-F1A now. Security This displays the type of security mode the P-660HN-F1A is using in the wireless LAN. This displays whether WPS is activated. Click this to go to the screen where you can configure the settings.
-
Page 40: Client List
(starting to trigger a call) and Drop (dropping a call) if you're using PPPoE encapsulation. For the LAN interface, this field displays Up when the P-660HN-F1A is using the interface and Down when the P-660HN-F1A is not using the interface. -
Page 41: Wlan Status
MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station. Association This field displays the time a wireless station first associated with the P- TIme 660HN-F1A. Refresh Click this to reload this screen. P-660HN-F1A User’s Guide... -
Page 42: Packet Statistics
DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/ This field displays your P-660HN-F1A’s present date and time. Time CPU Usage This field specifies the percentage of CPU utilization. Memory Usage This field specifies the percentage of memory utilization. - Page 43 Chapter 3 Status Screens Table 6 Packet Statistics (continued) LABEL DESCRIPTION WAN IP Address This is the IP address of the P-660HN-F1A’s WAN port. Upstream Speed This is the upstream speed of your P-660HN-F1A. Downstream This is the downstream speed of your P-660HN-F1A.
- Page 44 Chapter 3 Status Screens P-660HN-F1A User’s Guide...
-
Page 45: Tutorials
Thomas wants to set up a wireless network so that he can use his notebook to access the Internet. In this wireless network, the P-660HN-F1A serves as an access point (AP), and the notebook is the wireless client. The wireless client can access the Internet through the AP. -
Page 46: Configuring The Wireless Network Settings
Chapter 4 Tutorials Thomas has to configure the wireless network settings on the P-660HN-F1A. Then he can set up a wireless network using WPS (Section 4.2.2 on page 47) or manual configuration (Section 4.2.3 on page 52). 4.2.1 Configuring the Wireless Network Settings This example uses the following parameters to set up a wireless network. -
Page 47: Using Wps
P-660HN-F1A. Push Button Configuration (PBC) Make sure that your P-660HN-F1A is turned on and your notebook is within the cover range of the wireless signal. Make sure that you have installed the wireless client driver and utility in your notebook. - Page 48 660HN-F1A’s web configurator and click the Push Button in the Network > Wireless LAN > WPS Station screen. Note: Your P-660HN-F1A has a WPS button located on its rear panel as well as a WPS button in its configuration utility. Both buttons have exactly the same function: you can use one or the other.
- Page 49 Chapter 4 Tutorials The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both P-660HN-F1A and wireless client. Example WPS Process: PBC Method ZyXEL Device Wireless Client...
- Page 50 Station screen on the P-660HN-F1A. Click the Start buttons (or the button next to the PIN field) on both the wireless client utility screen and the P-660HN-F1A’s WPS Station screen within two minutes. The P-660HN-F1A authenticates the wireless client and sends the proper configuration settings to the wireless client.
- Page 51 Chapter 4 Tutorials The following figure shows you how to set up a wireless network and its security on a P-660HN-F1A and a wireless client by using PIN method. Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES...
-
Page 52: Without Wps
“Example” SSID. Then enter the “DoNotStealMyWirelessNetwork” pre-shared key to establish an wireless Internet connection. Note: The P-660HN-F1A supports IEEE 802.11b, IEEE 802.11g and IEEE 802.11n wireless clients. Make sure that your notebook or computer’s wireless adapter supports one of these standards. - Page 53 Chapter 4 Tutorials Configure the screen as follows. Turn on the wireless network from Mondays to Fridays between 18:00 and 23:00. Turn on the wireless network all day on Saturdays and Sundays. Click Apply. P-660HN-F1A User’s Guide...
-
Page 54: Setting Up Multiple Wireless Groups
• Visiting guests will use the Guest group, which has a lower security mode and QoS control. Company A will use the following parameters to set up the wireless network groups. COMPANY GUEST SSID Company Guest Security Mode WPA2-PSK WPA2-PSK Static WEP Pre-Shared Key ForCompanyOnly ForVIPOnly Guest Default High P-660HN-F1A User’s Guide... - Page 55 Configure the screen using the provided parameters and click Apply. Click Network > Wireless LAN > More AP to open the following screen. Click the Edit icon to configure the second wireless network group. P-660HN-F1A User’s Guide...
- Page 56 Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. In the More AP screen, click the Edit icon to configure the third wireless network group. Configure the screen using the provided parameters and click Apply. P-660HN-F1A User’s Guide...
-
Page 57: Setting Up Nat Port Forwarding And Firewall Rule
Xbox LIVE. In order to communicate and play with other gamers on Xbox LIVE, Thomas needs to configure the port settings on his P-660HN-F1A (IP address: 192.168.1.1) and a firewall rule so that access can be allowed to his Xbox 360 remotely. -
Page 58: Default Server
Note: Setting a device as the default server exposes the device to potential attacks. Any port service trying to access the P-660HN-F1A’s WAN IP address will be forwarded to the default server. It is recommended that you set up a firewall rule to protect the device. -
Page 59: Port Forwarding
4.4.2 Port Forwarding If the default server is already assigned to another server, configure the ports for Xbox 360. Click Network > NAT to open the General screen. Select Active Network Address Translation and SUA Only. Click Apply. P-660HN-F1A User’s Guide... - Page 60 Configure the screen as follows to open TCP/UDP port 53 for Xbox 360. Click Apply. Repeat steps 2 and 3 to open the rest of the ports for Xbox 360. The port forwarding settings you configured are listed in the Port Forwarding screen. P-660HN-F1A User’s Guide...
- Page 61 In this tutorial, all port 80 traffic is forwarded to Xbox 360, but port 80 is also the default listening port for remote management via WWW. Thomas decides to change the default port number for the P-660HN-F1A web configurator to 8080, so that Xbox users will not be able to access the P-660HN-F1A.
- Page 62 Click the Edit Customized Services under Service to open the Customized Service screen. Click on the number 5 to display the Customized Services Config screen. Configure the screen as follows and click Apply. Edit Custom Port Example P-660HN-F1A User’s Guide...
- Page 63 Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box. Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. P-660HN-F1A User’s Guide...
-
Page 64: Access The P-660Hn-F1A Using Ddns
Firewall Example: Rules: MyService 4.5 Access the P-660HN-F1A Using DDNS If you connect your P-660HN-F1A to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The P- 660HN-F1A’s WAN IP address changes dynamically. -
Page 65: Registering A Ddns Account On Www.dyndns.org
• Hostname: zyxelrouter.dyndns.org • Service Type: Host with IP address • IP Address: Enter the WAN IP address that your P-660HN-F1A is currently using. You can find the IP address on the P-660HN-F1A’s Web Configurator Status page. Then you will need to configure the same account and host name on the P-660HN- F1A later. -
Page 66: Adding A Firewall Rule For Remote Management
Click Apply. 4.5.3 Adding a Firewall Rule for Remote Management By default, your P-660HN-F1A firewall is enabled to secure your network from attacks. In this tutorial, you add a firewall rule that lets you manage the P-660HN- F1A from the Internet. -
Page 67: Testing The Ddns Setting
Click Apply. 4.5.4 Testing the DDNS Setting Now you should be able to access the P-660HN-F1A from the Internet. To test this: Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet. -
Page 68: Configuring Static Route For Routing To Another Network
Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the P-660HN-F1A’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings. - Page 69 Chapter 4 Tutorials You need to specify a static routing rule on the P-660HN-F1A to specify R as the router in charge of forwarding traffic to N2. In this case, the P-660HN-F1A routes traffic from A to R and then R routes the traffic to B.
-
Page 70: Multiple Public And Private Ip Address Mappings
If your ISP gives you more than one static IP address for your Internet access, you can map each IP address for a specific service. This tutorial assumes you are given two static public IP addresses. You want to map them to two servers A and IP-1 IP-2 P-660HN-F1A User’s Guide... -
Page 71: Full Feature Nat + Many-To-Many No Overload Mapping
Chapter 4 Tutorials This tutorial uses the following example settings: Table 8 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS The P-660HN-F1A’s WAN 172.16.1.253 (IP-1) 172.16.1.254 (IP-2) The P-660HN-F1A’s LAN 192.168.1.1 192.168.1.2 192.168.1.3 a.b.c.d To do this, you can use either of the following settings: •... - Page 72 Click the Address Mapping tab, and then click the Edit icon on a new rule. Configure the rule using the following settings: • Type: Many-to-Many No Overload • Local IP addresses: 192.168.1.2 ~ 192.168.1.3 • Global IP addresses: 172.16.1.253 ~ 172.16.1.254 Then click Apply. P-660HN-F1A User’s Guide...
-
Page 73: Full Feature Nat + One-To-One Mapping
Click the Address Mapping tab, click the Edit icon on a new rule. Configure two rules for the one-to-one mappings: • Rule 1 (This maps the public IP address 172.16.1.253 to the private IP address 192.168.1.2) Type: One-to-One Local Start IP: 192.168.1.2 Global Start IP: 172.16.1.253 P-660HN-F1A User’s Guide... -
Page 74: Multiple Wan Connections Example
Click Apply on each of the screens. 4.8 Multiple WAN Connections Example This example shows an application for multiple WAN connections. Your ISP may configure more than one WAN connection on the P-660HN-F1A to record traffic statistics or calculate service charges. Figure 11, three WAN connections are configured over the ADSL line: •... -
Page 75: Two Pvcs With Atm Qos Scenario
This tutorial shows you how to configure two PVCs and specify an ATM QoS type for each PVC. In the following figure, the P-660HN-F1A is configured to transmit two types of traffic, general data for Internet access and VoIP using SIP using 1/ 33 and 1/34 PVCs respectively. - Page 76 (ISP) want to provide to the subscriber for general data transmission. This tutorial uses the following example settings: • Line Modulation: Multi Mode • Mode: Routing • Encapsulation: PPPoE • User Name: PPPoEuser1 • Password: 1234 • PVC: LLC, 1/33 • ATM QoS: UBR P-660HN-F1A User’s Guide...
- Page 77 Chapter 4 Tutorials Leave the other settings as their defaults and click Apply. P-660HN-F1A User’s Guide...
- Page 78 ATM QoS Type field. Click Apply. 4.9.1.2 PVC 2 for VoIP Traffic Click the More Connections tab and then click the Edit icon next to the entry two. Then configure the screen using the following example settings: P-660HN-F1A User’s Guide...
- Page 79 Chapter 4 Tutorials • Select Active. • Name: PVC-for-VoIP • Mode: Routing • Encapsulation: ENET ENCAP • PVC: LLC, 1/34 • ATM QoS: CBR Click Apply. P-660HN-F1A User’s Guide...
-
Page 80: Configuring Qos
87,500 bytes and 100,000 bytes (maximum size) for VoIP traffic. Configure the screens as shown in the following sections with this information. Table 9 QoS Queue Configuration QUEUE NO. SHAPING RATE BUCKET SIZE 6,000 kpbs 87,500 Bytes 2,000 kpbs 100,000 Bytes P-660HN-F1A User’s Guide... - Page 81 4.9.2.1 Queue Setup Click Advanced > QoS > Queue Setup. Click the Edit icon of queue 2 to open the Queue Configuration screen. Enter 6,000 in the Rate field and 87,500 in the Size field. Click Apply. P-660HN-F1A User’s Guide...
- Page 82 Chapter 4 Tutorials Click the Edit icon of queue 5 to open the Queue Configuration screen. The Rate field is 2,000 as in default. Enter 100,000 (maximum size) in the Size field. Click Apply. P-660HN-F1A User’s Guide...
- Page 83 Now, configure these screens to identify the traffic you want to map to a PVC. In this tutorial, the P-660HN-F1A maps traffic from LAN ports 1~3 to the Internet Access PVC with WAN Index 1 and traffic from LAN port 4 to the VoIP PVC with WAN index 2.
- Page 84 Chapter 4 Tutorials • Physical Port: 1~3 (exclude port 4) Click Apply. P-660HN-F1A User’s Guide...
- Page 85 • Enter VoIP as the descriptive name for this rule. • Interface: From LAN • Priority: 5 • Routing Policy: To WAN Index • WAN Index: 2 • Filter Configuration: • Service: VoIP(SIP) • Physical Port: All P-660HN-F1A User’s Guide...
- Page 86 Chapter 4 Tutorials Click Apply. 4.9.2.3 Activate QoS on the P-660HN-F1A Click Advanced > QoS > General. P-660HN-F1A User’s Guide...
- Page 87 Chapter 4 Tutorials Select Active QoS and click Apply. Now you can connect a VoIP phone to the P-660HN-F1A’s LAN port 4 and computers to port 1~3. The P-660HN-F1A classifies and prioritizes voice traffic to optimize voice quality. • The connection with VPI/VCI, 0/35, is dedicated for general data transmission.
- Page 88 Chapter 4 Tutorials P-660HN-F1A User’s Guide...
-
Page 89: Internet And Wireless Setup Wizard
After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to go to the wizards. Figure 12 Select a Mode P-660HN-F1A User’s Guide... -
Page 90: Internet And Wireless Setup Wizard
ISP. See Section 5.2.1 on page 92 for more details. If you would like to skip your Internet setup and configure the wireless LAN settings, leave Yes selected and click Next. Figure 14 Auto Detection: No DSL Connection P-660HN-F1A User’s Guide... - Page 91 The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 5.2.1 on page 92 on how to manually configure the P-660HN-F1A for Internet access. Figure 16 Auto Detection: Failed P-660HN-F1A User’s Guide...
-
Page 92: Manual Configuration
Chapter 5 Internet and Wireless Setup Wizard 5.2.1 Manual Configuration If the P-660HN-F1A fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen exactly as your service provider gave it to you. Leave the defaults in any fields for which you were not given information. - Page 93 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 5.3 on page 98 for wireless connection wizard setup Figure 18 Internet Connection with PPPoE P-660HN-F1A User’s Guide...
- Page 94 Type the name of your PPPoE service here. Name Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 19 Internet Connection with RFC 1483 P-660HN-F1A User’s Guide...
- Page 95 Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. Figure 20 Internet Connection with ENET ENCAP P-660HN-F1A User’s Guide...
- Page 96 As above. Server Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 21 Internet Connection with PPPoA P-660HN-F1A User’s Guide...
- Page 97 Password setup to go back to the screen where you can modify them. Figure 22 Connection Test Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wireless Setup Wizard to verify your Internet access settings. Figure 23 Connection Test Failed-2. P-660HN-F1A User’s Guide...
-
Page 98: Wireless Connection Wizard Setup
The following table describes the labels in this screen. Table 15 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Back Click this to return to the previous screen without saving. P-660HN-F1A User’s Guide... - Page 99 Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the Name(SSID) wireless LAN. If you change this field on the P-660HN-F1A, make sure all wireless stations use the same SSID in order to access the network. Channel The range of radio frequencies used by IEEE 802.11b/g wireless devices is...
-
Page 100: Manually Assign A Wpa-Psk Key
Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. Note: The wireless stations and P-660HN-F1A must use the same SSID, channel ID and WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) for wireless communication. -
Page 101: Manually Assign A Wep Key
Table 18 Manually Assign a WEP key LABEL DESCRIPTION The WEP keys are used to encrypt data. Both the P-660HN-F1A and the wireless stations must use the same WEP key for data transmission. Enter any 5 or 13 ASCII characters, or 10 or 26 hexadecimal characters ("0-9", "A-F") for a 64-bit or 128-bit WEP key respectively. - Page 102 Refer to the rest of this guide for more detailed information on the complete range of P-660HN-F1A features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct.
-
Page 103: Technical Reference
Technical Reference... -
Page 105: Wan Setup
6.1 Overview This chapter describes how to configure WAN settings from the WAN screens. Use these screens to configure your P-660HN-F1A for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations. -
Page 106: What You Need To Know About Wan
WAN IP Address The WAN IP address is an IP address for the P-660HN-F1A, which makes it accessible from an outside network. It is used by the P-660HN-F1A to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the P-660HN-F1A tries to access the Internet. -
Page 107: The Internet Access Setup Screen
Chapter 6 WAN Setup 6.2 The Internet Access Setup Screen Use this screen to change your P-660HN-F1A’s WAN settings. Click Network > WAN > Internet Access Setup. The screen differs by the WAN type and encapsulation you select. Figure 32 Network > WAN >Internet Access Setup... - Page 108 Select the modulation supported by your ISP. Use Multi Mode if you are not sure which mode to choose from. The P-660HN-F1A dynamically diagnoses the mode supported by the ISP and selects the best compatible one for your connection. Other options are ADSL G.dmt, ADSL2, ADSL2+, ADSL2 AnnexM, ADSL2+ AnnexM, READSL2 Mode, ANSI T1.413 and ADSL G.lite.
- Page 109 Nailed-Up Select Nailed-Up Connection when you want your connection up all Connection the time. The P-660HN-F1A will try to bring up the connection automatically if it is disconnected. Connect on Select Connect on Demand when you don't want the connection up...
-
Page 110: Advanced Internet Access Setup
Chapter 6 WAN Setup 6.2.1 Advanced Internet Access Setup Use this screen to edit your P-660HN-F1A's advanced WAN settings. Click the Advanced Setup button in the Internet Access Setup screen. The screen appears as shown. Figure 33 Network > WAN > Internet Access Setup: Advanced Setup The following table describes the labels in this screen. - Page 111 65535. PPPoE This field is available when you select PPPoE encapsulation. Passthrough In addition to the P-660HN-F1A's built-in PPPoE client, you can enable (PPPoE PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE encapsulation...
- Page 112 You can configure generic filters in the Packet Filter screen. See Chapter 12 on page 217 for more details. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1A User’s Guide...
-
Page 113: The More Connections Screen
Chapter 6 WAN Setup 6.3 The More Connections Screen The P-660HN-F1A allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network > WAN > More Connections. The screen differs by the encapsulation you select. -
Page 114: More Connections Edit
Table 22 Network > WAN > More Connections: Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII characters for this connection. P-660HN-F1A User’s Guide... - Page 115 Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account. If you select Bridge, the P-660HN-F1A will forward any packet that it does not route to this remote node; otherwise, the packets are discarded.
- Page 116 Connection Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. The P-660HN-F1A will try to bring up the connection automatically if it is disconnected. Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field.
-
Page 117: Configuring More Connections Advanced Setup
Chapter 6 WAN Setup 6.3.2 Configuring More Connections Advanced Setup Use this screen to edit your P-660HN-F1A's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 36 Network > WAN > More Connections: Edit: Advanced Setup The following table describes the labels in this screen. - Page 118 4 sets of filters. You can configure generic filters in the Packet Filter screen. See Chapter 12 on page 217 for more details. Back Click this to return to the previous screen without saving. P-660HN-F1A User’s Guide...
-
Page 119: The Wan Backup Setup Screen
Click this to restore your previously saved settings. 6.4 The WAN Backup Setup Screen Use this screen to configure your P-660HN-F1A’s WAN backup. Click Network > WAN > WAN Backup Setup. This screen is not available if you set the WAN type to Ethernet in the Internet Access Setup screen. - Page 120 Table 24 Network > Internet (WAN) > WAN Backup LABEL DESCRIPTION Backup Type Select the method that the P-660HN-F1A uses to check the DSL connection. Select DSL Link to have the P-660HN-F1A check if the connection to the DSLAM is up. Select ICMP to have the P-660HN-F1A periodically ping the IP addresses configured in the Check WAN IP Address fields.
-
Page 121: Wan Technical Reference
This section provides some technical background information about the topics covered in this chapter. 6.5.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The P-660HN-F1A supports the following methods. 6.5.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol. -
Page 122: Multiplexing
By implementing PPPoE directly on the P-660HN-F1A (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the P-660HN-F1A does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access. -
Page 123: Vpi And Vci
IP Address and Gateway IP Address fields as supplied by your ISP. However for a dynamic IP, the P-660HN-F1A acts as a DHCP client on the WAN port and so the IP Address and Gateway IP Address fields are not applicable (N/A) as the DHCP server assigns them to the P-660HN-F1A. -
Page 124: Nat
The first is that idle timeout is disabled. The second is that the P-660HN-F1A will try to bring up the connection when turned on and whenever the connection is down. A nailed-up connection can be very expensive for obvious reasons. -
Page 125: Atm Traffic Classes
The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst P-660HN-F1A User’s Guide... - Page 126 Unspecified Bit Rate (UBR) The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An example application is background file transfer. P-660HN-F1A User’s Guide...
-
Page 127: Lan Setup
(Section 7.2 on page 129) to set the LAN IP address and subnet mask of your ZyXEL device. You can also edit your P-660HN-F1A's RIP, multicast, any IP and Windows Networking settings from this screen. • Use the DHCP Setup screen (Section 7.3 on page... -
Page 128: What You Need To Know About Lan
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a networking device before you can access it. P-660HN-F1A User’s Guide... -
Page 129: Before You Begin
LABEL DESCRIPTION IP Address Enter the LAN IP address you want to assign to your P-660HN-F1A in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default). -
Page 130: The Advanced Lan Ip Setup Screen
LAN setup. 7.2.1 The Advanced LAN IP Setup Screen Use this screen to edit your P-660HN-F1A's RIP, multicast, Any IP and Windows Networking settings. Click the Advanced Setup button in the LAN IP screen. The screen appears as shown. - Page 131 You can configure generic filters in the Packet Filter screen. See Chapter 12 on page 217 for more details. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1A User’s Guide...
-
Page 132: The Dhcp Setup Screen
Chapter 7 LAN Setup 7.3 The DHCP Setup Screen Use this screen to configure the DNS server information that the P-660HN-F1A sends to the DHCP client devices on the LAN. Click Network > DHCP Setup to open this screen. Figure 41 Network > LAN > DHCP Setup The following table describes the labels in this screen. -
Page 133: The Client List Screen
UserDefined, and enter the same IP address, the second UserDefined changes to None after you click Apply. Select DNS Relay to have the P-660HN-F1A act as a DNS proxy only when the ISP uses IPCP DNS server extensions. The P-660HN-F1A's LAN IP address displays in the field to the right (read-only). - Page 134 Chapter 7 LAN Setup Use this screen to change your P-660HN-F1A’s static DHCP settings. Click Network > LAN > Client List to open the following screen. Figure 42 Network > LAN > Client List The following table describes the labels in this screen.
-
Page 135: The Ip Alias Screen
IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The P-660HN-F1A supports three logical LAN interfaces via its single physical Ethernet interface with the P-660HN-F1A itself as the gateway for each LAN network. -
Page 136: Configuring The Lan Ip Alias Screen
Chapter 7 LAN Setup 7.5.1 Configuring the LAN IP Alias Screen Use this screen to change your P-660HN-F1A’s IP alias settings. Click Network > LAN > IP Alias to open the following screen. Figure 44 Network > LAN > IP Alias The following table describes the labels in this screen. -
Page 137: Lan Technical Reference
RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the P-660HN-F1A sends (it recognizes both formats when receiving). RIP-1 is universally supported but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology. -
Page 138: Dhcp Setup
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the P-660HN-F1A as a DHCP server or disable it. When configured as a server, the P-660HN-F1A provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. -
Page 139: Lan Tcp/Ip
Chapter 7 LAN Setup 7.6.4 LAN TCP/IP The P-660HN-F1A has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. -
Page 140: Rip Setup
• Both - the P-660HN-F1A will broadcast its routing table periodically and incorporate the RIP information that it receives. • In Only - the P-660HN-F1A will not send any RIP packets but will accept all RIP packets received. • Out Only - the P-660HN-F1A will send out RIP packets but will not accept any RIP packets received. - Page 141 224.0.0.2 is assigned to the multicast routers group. The P-660HN-F1A supports IGMP version 1 (IGMP-v1), IGMP version 2 (IGMP- v2) and IGMP version 3 (IGMP-v3). At start up, the P-660HN-F1A queries all directly connected networks to gather group membership. After that, the P- 660HN-F1A periodically updates this information.
- Page 142 Chapter 7 LAN Setup P-660HN-F1A User’s Guide...
-
Page 143: Wireless Lan
• Performing other performance-related wireless tasks. 8.1.1 What You Can Do in the Wireless LAN Screens This section describes the P-660HN-F1A’s Network > Wireless LAN screens. Use these screens to set up your P-660HN-F1A’s wireless connection. • Use the AP screen (see Section 8.2 on page... -
Page 144: What You Need To Know About Wireless
• What wireless standards do the other wireless devices in your network support (IEEE 802.11g, for example)? What is the most appropriate standard to use? P-660HN-F1A User’s Guide... -
Page 145: The Ap Screen
If you do not want to configure advanced options, leave them as they are. 8.2 The AP Screen Use this screen to configure the wireless settings of your P-660HN-F1A. Click Network > Wireless LAN to open the AP screen. Figure 46 Network > Wireless LAN > AP The following table describes the labels in this screen. - Page 146 Table 30 Network > Wireless LAN > AP LABEL DESCRIPTION Auto-Scan Select this option to have the P-660HN-F1A automatically scan for and Channel select a channel which is not used by another device. Channel Set the operating frequency/channel depending on your particular region.
-
Page 147: No Security
Security Mode list to allow wireless devices to communicate with the P-660HN- F1A without any data encryption or authentication. Note: If you do not enable any wireless security on your P-660HN-F1A, your network is accessible to any wireless networking device that is within range. - Page 148 The P-660HN-F1A automatically generates a WEP key. WEP Key The WEP key is used to encrypt data. Both the P-660HN-F1A and the wireless stations must use the same WEP key for data transmission. If you want to manually set the WEP key, enter any 5 or 13 characters (ASCII string) or 10 or 26 hexadecimal characters ("0-9", "A-F") for a 64-...
-
Page 149: Wpa(2)-Psk
This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA-PSK and WPA wireless clients be able to communicate with the P-660HN-F1A even when the P- 660HN-F1A is using WPA2-PSK or WPA2. Pre-Shared Key The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. -
Page 150: Wpa(2) Authentication
This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA-PSK and WPA wireless clients be able to communicate with the P-660HN-F1A even when the P- 660HN-F1A is using WPA2-PSK or WPA2. Group Key... -
Page 151: Wireless Lan Advanced Setup
P-660HN- F1A. The key must be the same on the external authentication server and your P-660HN-F1A. The key is not sent over the network. Accounting Server (optional) IP Address Enter the IP address of the external accounting server in dotted decimal notation. -
Page 152: The More Ap Screen
256 and 2432. Output Power Set the output power of the P-660HN-F1A. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs. Select one of the following Maximum, Middle or Minimum. -
Page 153: More Ap Edit
8.3.1 More AP Edit Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the More AP screen. The following screen displays. Figure 53 Network > Wireless LAN > More AP: Edit P-660HN-F1A User’s Guide... - Page 154 MAC Filter This shows whether the wireless devices with the MAC addresses listed are allowed or denied to access the P-660HN-F1A using this SSID. Edit Click this to go to the MAC Filter screen to configure MAC filter settings.
-
Page 155: Mac Filter
Chapter 8 Wireless LAN 8.3.2 MAC Filter Use this screen to change your P-660HN-F1A’s MAC filter settings. Click the Edit button in the More AP screen. The screen appears as shown. Figure 54 Network > Wireless LAN > More AP: MAC Filter The following table describes the labels in this screen. -
Page 156: The Wps Screen
Click this to restore your previously saved settings. 8.4 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your P-660HN-F1A. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices. -
Page 157: The Wps Station Screen
LABEL DESCRIPTION WPS Status This displays Configured when the P-660HN-F1A has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have been changed. The current wireless and wireless security settings also appear in the screen. -
Page 158: The Scheduling Screen
Push Button Click this to add another WPS-enabled wireless device (within wireless range of the P-660HN-F1A) to your wireless network. This button may either be a physical button on the outside of device, or a menu button similar to the Push Button on this screen. -
Page 159: Wireless Lan Technical Reference
The wireless clients connect to the access points. • An “ad-hoc” type of network is one in which there is no access point. Wireless clients connect to one another in order to exchange information. P-660HN-F1A User’s Guide... - Page 160 The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your P-660HN-F1A is the AP. Every wireless network must follow these basic guidelines.
-
Page 161: Additional Wireless Terms
By setting this value lower than the default value, the wireless devices must sometimes get permission to send information to the P-660HN-F1A. The lower the value, the more often the devices must get permission. If this value is greater than the fragmentation threshold value (see below), then wireless devices never have to get permission to send information to the P-660HN-F1A. - Page 162 Normally, the P-660HN-F1A acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the P-660HN-F1A does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess.
-
Page 163: User Authentication
User’s Guide or other documentation. You can use the MAC address filter to tell the P-660HN-F1A which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security). -
Page 164: Signal Problems
Usually, you should set up the strongest encryption that every device in the wireless network supports. For example, suppose you have a wireless network with the P-660HN-F1A and you do not have a RADIUS server. Therefore, there is no authentication. Suppose the wireless network has two devices. Device A only supports WEP, and device B supports WEP and WPA. -
Page 165: Bss
Traditionally, you need to use different APs to configure different Basic Service Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The P-660HN-F1A’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs... -
Page 166: Wifi Protected Setup (Wps)
Wireless devices can use different BSSIDs to associate with the same AP. 8.7.7 WiFi Protected Setup (WPS) Your P-660HN-F1A supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. -
Page 167: Pin Configuration
Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the P-660HN-F1A, see Section 8.4 on page 156). - Page 168 WPS-enabled AP via the PIN method. Figure 60 Example WPS Process: PIN Method ENROLLEE REGISTRAR This device’s WPS PIN: 123456 Enter WPS PIN from other device: START START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION P-660HN-F1A User’s Guide...
-
Page 169: How Wps Works
The WPS connection process is like a handshake; only two devices participate in each WPS transaction. If you want to add more devices you should repeat the process with one of the existing networked devices and the new device. P-660HN-F1A User’s Guide... -
Page 170: Example Wps Network Setup
AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network. In this case, AP1 must be the registrar, since it is configured (it P-660HN-F1A User’s Guide... - Page 171 AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. Figure 64 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 REGISTRAR CLIENT 2 ENROLLEE P-660HN-F1A User’s Guide...
-
Page 172: Limitations Of Wps
Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. P-660HN-F1A User’s Guide... -
Page 173: Network Address Translation (Nat)
(NAT) 9.1 Overview This chapter discusses how to configure NAT on the P-660HN-F1A. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. - Page 174 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The P-660HN-F1A also supports Full Feature NAT to map multiple global IP addresses to multiple private...
-
Page 175: The Nat General Setup Screen
Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the P-660HN-F1A. Figure 65 Network > NAT > General The following table describes the labels in this screen. -
Page 176: The Port Forwarding Screen
A default server receives packets from ports that are not specified in this screen. Note: If you do not assign a Default Server IP address, the P-660HN-F1A discards all packets received for ports that are not specified here or in the remote management setup. -
Page 177: Configuring The Port Forwarding Screen
9.3.1 Configuring the Port Forwarding Screen Click Network > NAT > Port Forwarding to open the following screen. Appendix E on page 413 for port numbers commonly used for particular services. Figure 67 Network > NAT > Port Forwarding P-660HN-F1A User’s Guide... - Page 178 A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP address, the P-660HN-F1A discards all packets received for ports that are not specified here or in the remote management setup.
-
Page 179: The Port Forwarding Rule Edit Screen
Click this to save your changes. Cancel Click this to restore your previously saved settings. 9.4 The Address Mapping Screen Note: The Address Mapping screen is available only when you select Full Feature in the NAT > General screen. P-660HN-F1A User’s Guide... - Page 180 Chapter 9 Network Address Translation (NAT) Ordering your rules is important because the P-660HN-F1A applies the rules in the order that you specify. When a rule matches the current packet, the P-660HN-F1A takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
-
Page 181: The Address Mapping Rule Edit Screen
9.4.1 The Address Mapping Rule Edit Screen Use this screen to edit an address mapping rule. Click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 70 Network > NAT > Address Mapping: Edit P-660HN-F1A User’s Guide... - Page 182 Server Mapping Set field. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1A User’s Guide...
-
Page 183: The Sip Alg Screen
SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your P-660HN-F1A is behind a SIP ALG. Use this screen to enable and disable the SIP (VoIP) ALG in the P-660HN-F1A. To access this screen, click Network > NAT > ALG. -
Page 184: What Nat Does
Table 51 on page 187), NAT offers the additional benefit of firewall protection. With no servers defined, your P-660HN-F1A filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT). -
Page 185: How Nat Works
IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The P-660HN-F1A keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. -
Page 186: Nat Application
9.6.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the P-660HN-F1A maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the P-660HN-F1A maps multiple local IP addresses to one global IP address. - Page 187 ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 P-660HN-F1A User’s Guide...
- Page 188 Chapter 9 Network Address Translation (NAT) P-660HN-F1A User’s Guide...
-
Page 189: Firewalls
• Use the General screen (Section 10.2 on page 194) to enable firewall and/or triangle route on the P-660HN-F1A, and set the default action that the firewall takes on packets that do not match any of the firewall rules. • Use the Rules screen (Section 10.3 on page... -
Page 190: What You Need To Know About Firewall
• Use the Threshold screen (Section 10.4 on page 202) to set the thresholds that the P-660HN-F1A uses to determine when to start dropping sessions that do not become fully established (half-open sessions). 10.1.2 What You Need to Know About Firewall Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. -
Page 191: Firewall Rule Setup Example
For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8. Click Add to display the firewall rule configuration screen. In the Edit Rule screen, click the Edit Customized Services link to open the Customized Service screen. P-660HN-F1A User’s Guide... - Page 192 Apply. Edit Custom Port Example Select Any in the Destination Address List box and then click Delete. Configure the destination address screen as follows and click Add. Firewall Example: Edit Rule: Destination Address P-660HN-F1A User’s Guide...
- Page 193 Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box. Firewall Example: Edit Rule: Select Customized Services P-660HN-F1A User’s Guide...
-
Page 194: The Firewall General Screen
10.0.0.15 on the LAN. Firewall Example: Rules: MyService 10.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 75 Security > Firewall > General P-660HN-F1A User’s Guide... - Page 195 If an alternate gateway on the LAN has an IP address in the same Route subnet as the P-660HN-F1A’s LAN IP address, return traffic may not go through the P-660HN-F1A. This is called an asymmetrical or “triangle” route. This causes the P-660HN-F1A to reset the connection, as the connection has not been acknowledged.
-
Page 196: The Firewall Rule Screen
Table 53 Security > Firewall > Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the P-660HN-F1A's memory for Storage recording firewall rules it is currently using. When you are using 80% or Space in Use less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red. - Page 197 The ordering of your rules is important as they are applied in order of their numbering. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1A User’s Guide...
-
Page 198: Configuring Firewall Rules
Use this screen to configure firewall rules. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. Figure 77 Security > Firewall > Rules: Edit P-660HN-F1A User’s Guide... - Page 199 This field determines if a log for packets that match the rule is created Information or not. Go to the Log Settings page and select the Access Control logs category to have the P-660HN-F1A record these logs. Alert P-660HN-F1A User’s Guide...
-
Page 200: Customized Services
Chapter 10 Firewalls Table 54 Security > Firewall > Rules: Edit (continued) LABEL DESCRIPTION Send Alert Select the check box to have the P-660HN-F1A generate an alert when Message to the rule is matched. Administrator When Matched Back Click this to return to the previous screen without saving. -
Page 201: Configuring A Customized Service
Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. Delete Click this to delete the current rule. P-660HN-F1A User’s Guide... -
Page 202: The Firewall Threshold Screen
Chapter 10 Firewalls 10.4 The Firewall Threshold Screen For DoS attacks, the P-660HN-F1A uses thresholds to determine when to start dropping sessions that do not become fully established (half-open sessions). These thresholds apply globally to all sessions. For TCP, half-open means that the session has not reached the established state- the TCP three-way handshake has not yet been completed. -
Page 203: Configuring Firewall Thresholds
• If you often use P2P applications such as file sharing with eMule or eDonkey, it’s recommended that you increase the threshold values since lots of sessions will be established during a small period of time and the P-660HN-F1A may classify them as DoS attacks. - Page 204 For example, if you set the one minute high to 100, the P-660HN-F1A starts deleting half-open sessions when more than 100 session establishment attempts have been detected in the last minute. It stops...
-
Page 205: Firewall Technical Reference
The P-660HN-F1A checks the source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them). When the traffic matches a rule, the P-660HN-F1A takes the action specified in the rule. -
Page 206: Guidelines For Enhancing Security With Your Firewall
Chapter 10 Firewalls • WAN to WAN/ Router By default the P-660HN-F1A stops computers on the WAN from managing the P- 660HN-F1A or using the P-660HN-F1A as a gateway to communicate with other computers on the WAN. You could configure one of these rules to allow a WAN computer to manage the P-660HN-F1A. -
Page 207: Security Considerations
10.5.4 Triangle Route When the firewall is on, your P-660HN-F1A acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the P-660HN-F1A to protect your LAN against attacks. - Page 208 (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the P-660HN-F1A’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may occur. The steps below describe the “triangle route”...
- Page 209 The P-660HN-F1A reroutes the packet to Gateway A, which is in Subnet 2. The reply from the WAN goes to the P-660HN-F1A. The P-660HN-F1A then sends it to the computer on the LAN in Subnet 1. Figure 84 IP Alias...
- Page 210 Chapter 10 Firewalls P-660HN-F1A User’s Guide...
-
Page 211: Content Filtering
Internet browser, for example “http://www.zyxel.com”. 11.1.3 Before You Begin To use the Trusted screen, you need the IP addresses of devices on your network. See the LAN section (Section 11.4 on page 216) for more information. P-660HN-F1A User’s Guide... -
Page 212: Content Filtering Example
Click Security > Content Filter > Schedule. Click Edit Daily to Block and select all weekdays. Under Start Time and End Time, type the times for blocking to begin and end (16:00 ~ 17:00 in this example). P-660HN-F1A User’s Guide... - Page 213 Click Security > Content Filter > Trusted. In the Start IP Address and End IP Address fields, type 192.168.1.3. Click Apply. Security > Content Filter > Trusted: Example That finishes setting up keyword blocking on the home computer. P-660HN-F1A User’s Guide...
-
Page 214: The Keyword Screen
11.2 The Keyword Screen Use this screen to block sites containing certain keywords in the URL. For example, if you enable the keyword "bad", the P-660HN-F1A blocks all sites containing this keyword including the URL http://www.example.com/bad.html. To have your P-660HN-F1A block websites containing keywords in their URLs, click Security >... -
Page 215: The Schedule Screen
Click this to restore your previously saved settings. 11.3 The Schedule Screen Use this screen to set the days and times for the P-660HN-F1A to perform content filtering. Click Security > Content Filter > Schedule. The screen appears as shown. -
Page 216: The Trusted Screen
11.4 The Trusted Screen Use this screen to exclude a range of users on the LAN from content filtering on your P-660HN-F1A. Click Security > Content Filter > Trusted. The screen appears as shown. Figure 87 Security > Content Filter: Trusted The following table describes the labels in this screen. -
Page 217: Packet Filter
LAN and WAN. Protocol filter rules act on IP packets. Filter Structure A filter set consists of one or more filter rules. The P-660HN-F1A allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. -
Page 218: The Packet Filter Screen
Chapter 12 Packet Filter 12.2 The Packet Filter Screen Use this screen to set up packet filters on your P-660HN-F1A. Click Security > Packet Filter to display the following screen. Figure 88 Security > Packet Filter The following table describes the labels in this screen. -
Page 219: Editing Protocol Filters
Chapter 12 Packet Filter 12.2.1 Editing Protocol Filters Use this screen to display a protocol filter set on your P-660HN-F1A. Protocol rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers. -
Page 220: Configuring Protocol Filter Rules
0 to 65535. This field is ignored if it is 0. Port Compare Select the comparison to apply to the destination port in the packet against the value given in the Destination Port field. Options are None, Equal, Not Equal, Less and Greater. P-660HN-F1A User’s Guide... -
Page 221: Editing Generic Filters
Click this to restore your previously saved settings. 12.2.3 Editing Generic Filters Use this screen to display a generic filter set on your P-660HN-F1A. The purpose of generic rules is to allow you to filter non-IP packets. For IP packets, it is generally easier to use the IP rules directly. - Page 222 Click the Edit icon to configure a filter rule. Click the Remove icon to delete a filter rule. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1A User’s Guide...
-
Page 223: Configuring Generic Packet Rules
None – No packets will be logged. Match - Only packets that match the rule parameters will be logged. Not Match - Only packets that do not match the rule parameters will be logged. Both – All packets will be logged. P-660HN-F1A User’s Guide... -
Page 224: Packet Filter Technical Reference
On the other hand, the generic filters are applied to the raw packets that appear on the wire. They are applied at the point when the P-660HN-F1A is receiving and sending the packets; that is the interface. The interface can be an Ethernet port or any other hardware port. - Page 225 To prevent DoS attacks and prevent hackers cracking your network. A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required. P-660HN-F1A User’s Guide...
- Page 226 Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. P-660HN-F1A User’s Guide...
-
Page 227: Certificates
Figure 94 Certificates Example In the figure above, the P-660HN-F1A (Z) checks the identity of the notebook (A) using a certificate before granting it access to the network. 13.1.1 What You Need to Know About Certificates... -
Page 228: Verifying A Certificate
13.1.2 Verifying a Certificate Before you import a trusted certificate into the P-660HN-F1A, you should verify that you have the correct certificate. You can do this using the certificate’s fingerprint. A certificate’s fingerprint is a message digest calculated using the MD5 or SHA1 algorithm. -
Page 229: The Trusted Cas Screen
13.2 The Trusted CAs Screen This screen displays a summary list of certificates of the certification authorities that you have set the P-660HN-F1A to accept as trusted. The P-660HN-F1A accepts any valid certificate signed by a certification authority on this list as being trustworthy;... - Page 230 LABEL DESCRIPTION PKI Storage This bar displays the percentage of the P-660HN-F1A’s PKI storage Space in Use space that is currently in use. The bar turns from blue to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
-
Page 231: Trusted Ca Import
13.2.1 Trusted CA Import Follow the instructions in this screen to save a trusted certification authority’s certificate to the P-660HN-F1A. Click Security > Certificates to open the Trusted CAs screen and then click Import to open the Trusted CA Import screen. -
Page 232: Trusted Ca Details
Certification Authority signed the certificate. Self-signed means that the certificate’s owner signed the certificate (not a certification authority). X.509 means that this certificate was created and signed according to the ITU-T X.509 recommendation that defines the formats for public-key certificates. P-660HN-F1A User’s Guide... - Page 233 Apply Click this to save your changes. You can only change the name and/or set whether or not you want the P-660HN-F1A to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority.
-
Page 234: Certificates Technical Reference
Advantages of Certificates Certificates offer the following benefits. • The P-660HN-F1A only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate. - Page 235 (because they cannot re-sign the message with Tim’s private key). Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message. P-660HN-F1A User’s Guide...
- Page 236 Chapter 13 Certificates P-660HN-F1A User’s Guide...
-
Page 237: Static Route
14.1 Overview The P-660HN-F1A usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the P-660HN-F1A send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the P-660HN- F1A’s LAN interface. -
Page 238: The Static Route Screen
Click the Edit icon to go to the screen where you can set up a static route on the P-660HN-F1A. Click the Remove icon to remove a static route from the P-660HN-F1A. A window displays asking you to confirm that you want to delete the route. -
Page 239: Static Route Edit
LAN or WAN port. The gateway helps forward packets to their destinations. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1A User’s Guide... - Page 240 Chapter 14 Static Route P-660HN-F1A User’s Guide...
-
Page 241: Q/1P
Each group can have its own rules about where and how to forward traffic. You can assign any ports on the P-660HN-F1A to a VLAN group and configure the settings for the group. You may also set the priority level for traffic trasmitted through the ports. - Page 242 802.1Q VLAN-aware device to an 802.1Q VLAN-unaware device, the P-660HN-F1A first decides where to forward the frame and then strips off the VLAN tag. To forward a frame from an 802.1Q VLAN-unaware device to an 802.1Q VLAN-aware switch, the P-660HN-F1A first decides where to forward the...
-
Page 243: Q/1P Example
In the VLAN ID field type in 2 to identify the VLAN group. Select PVC1 from the Default Gateway drop-down list box. In the Control field, select Fixed for LAN1, LAN2 and PVC1 to be permanent members of the VLAN group. P-660HN-F1A User’s Guide... - Page 244 Click Advanced > 802.1Q/1P > Port Setting to display the following screen. Type 2 in the 802.1Q PVID column for LAN1, LAN2 and PVC1. Select 7 from the 802.1P Priority drop-down list box for LAN1, LAN2 and PVC1. P-660HN-F1A User’s Guide...
- Page 245 SSID1 and SSID2 are two wireless networks. You want to create medium priority for this type of traffic, so you want to group these ports and PVC3 into one VLAN (VLAN4). PVC3 priority is set to medium level of service. P-660HN-F1A User’s Guide...
- Page 246 Chapter 15 802.1Q/1P Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4. The summary screen should then display as follows. Advanced > 802.1Q/1P > Group Setting: Example This completes the 802.1Q/1P setup. P-660HN-F1A User’s Guide...
-
Page 247: The 802.1Q/1P Group Setting Screen
Enter the ID number of a VLAN group. All interfaces (ports, SSIDs and PVCs) are in the management VLAN by default. If you disable the management VLAN, you will not be able to access the P-660HN-F1A. Summary This field displays the index number of the VLAN group. -
Page 248: Editing 802.1Q/1P Group Setting
Use this screen to configure the settings for each VLAN group. In the 802.1Q/1P screen, click the Edit button from the Modify filed to display the following screen. Figure 105 Advanced > 802.1Q/1P > Group Setting > Edit P-660HN-F1A User’s Guide... - Page 249 Select Tx Tagging if you want the port to tag all outgoing traffic trasmitted through this VLAN. You select this if you want to create VLANs across different devices and not just the P-660HN-F1A. Back Click this to return to the previous screen without saving.
-
Page 250: The 802.1Q/1P Port Setting Screen
This field displays the types of ports available to join the VLAN group. 802.1Q PVID Assign a VLAN ID for the port. The valid VID range is between 1 and 4094. The P-660HN-F1A assigns the PVID to untagged frames or priority-tagged frames received on this port. 802.1P Priority Assign a priority for the traffic transmitted through the port. -
Page 251: Quality Of Service (Qos)
H A P T E R Quality of Service (QoS) 16.1 Overview Use the QoS screens to set up your P-660HN-F1A to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth. -
Page 252: Qos Overview
• Use the Queue Setup screen (Section 16.9 on page 268) to configure QoS queue assignment. • Use the Monitor screen (Section 16.9 on page 268) to view the P-660HN-F1A’s QoS-related packet statistics. P-660HN-F1A User’s Guide... -
Page 253: What You Need To Know About Qos
(6) to VoIP traffic from the LAN interface, so that voice traffic would not get delayed when there is network congestion. Traffic from the boss’s IP address (192.168.1.23 for example) is mapped to queue 5. Traffic that does not match P-660HN-F1A User’s Guide... - Page 254 Chapter 16 Quality of Service (QoS) these two classes are assigned priority queue based on the internal QoS mapping table on the P-660HN-F1A. Figure 107 QoS Example VoIP: Queue 6 50 Mbps Boss: Queue 5 IP=192.168.1.23 Figure 108 QoS Class Example: VoIP -1...
- Page 255 Chapter 16 Quality of Service (QoS) Figure 109 QoS Class Example: VoIP -2 Figure 110 QoS Class Example: Boss -1 P-660HN-F1A User’s Guide...
- Page 256 Chapter 16 Quality of Service (QoS) Figure 111 QoS Class Example: Boss -2 P-660HN-F1A User’s Guide...
-
Page 257: The Qos General Screen
Chapter 16 Quality of Service (QoS) 16.3 The QoS General Screen Use this screen to enable or disable QoS and have the P-660HN-F1A automatically assign priority to traffic according to the IEEE 802.1p priority level, IP precedence and/or packet length. -
Page 258: The Class Setup Screen
If you select ON and traffic does not match a class configured in the assigned by Class Setup screen, the P-660HN-F1A assigns priority to unmatched traffic based on the IEEE 802.1p priority level, IP precedence and/or packet length. See Section 16.10.4 on page 271... - Page 259 Click the Edit icon to go to the screen where you can edit the classifier. Click the Remove icon to delete an existing classifier. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1A User’s Guide...
-
Page 260: The Class Configuration Screen
16.4.1 The Class Configuration Screen Use this screen to configure a classifier. Click the Add button or the Edit icon in the Modify field to display the following screen. Figure 114 Advanced > QoS > Class Setup: Edit P-660HN-F1A User’s Guide... - Page 261 "0" is the lowest priority level and "7" is the highest. Routing Policy Select the next hop to which traffic of this class should be forwarded. Select By Routing Table to have the P-660HN-F1A use the routing table to find a next hop and forward the matched packets automatically.
- Page 262 Select the check box and enter the port number of the destination. 0 means any source port number. See Appendix E on page 413 for some common services and port numbers. Select the check box and enter the destination MAC address of the packet. P-660HN-F1A User’s Guide...
- Page 263 Select this option to exclude the packets that match the specified criteria from this classifier. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1A User’s Guide...
-
Page 264: Traffic Shaping
The algorithm allows bursts of up to b bytes which is also the bucket size. In your P-660HN-F1A, each token represents 1 byte, so the bucket can hold up to b tokens. A token is generated and added into the bucket every 1/t seconds. If a b+1 token arrives (a token that arrives after the bucket is full), that token will be discarded. -
Page 265: Token Bucket Example
1500 bytes arrives and the P-660HN-F1A transmits it directly as there are already enough tokens in the bucket to cover the size of the packet. The P-660HN-F1A then deducts 1500 tokens from the bucket leaving 600 tokens in the bucket (2100-1500). -
Page 266: The Queue Setup Screen
Chapter 16 Quality of Service (QoS) 16.8 The Queue Setup Screen Use this screen to view or modify the P-660HN-F1A’s Queue Setup. Click Advanced > QoS > Queue Setup. The screen appears as shown. The following table describes the labels in this screen. -
Page 267: The Queue Configuration Screen
Weight Specify the weight of this queue. If two queues have the same priority level, the P-660HN-F1A divides the bandwidth across the queues according to their weights. Queues with larger weights get more bandwidth than queues with smaller weights. -
Page 268: The Qos Monitor Screen
Drop Tail (DT) is a simple queue management algorithm that allows the P-660HN-F1A buffer to accept as many packets as it can until it is full. Once the buffer is full, new packets that arrive are dropped until there is space in the buffer again (packets are transmitted out of it). -
Page 269: Qos Technical Reference
Typically used for voice traffic that is especially sensitive to jitter (jitter is the variations in delay). Level 5 Typically used for video that consumes high bandwidth and is sensitive to jitter. Level 4 Typically used for controlled load, latency-sensitive traffic such as SNA (Systems Network Architecture) transactions. P-660HN-F1A User’s Guide... -
Page 270: Ip Precedence
DiffServ defines a new Differentiated Services (DS) field to replace the Type of Service (TOS) field in the IP header. The DS field contains a 2-bit unused field and a 6-bit DSCP field which can define up to 64 service levels. The following figure illustrates the DS field. P-660HN-F1A User’s Guide... -
Page 271: Automatic Priority Queue Assignment
DSCP values and the configured policies. 16.10.4 Automatic Priority Queue Assignment If you enable QoS on the P-660HN-F1A, the P-660HN-F1A can automatically base on the IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class. - Page 272 Table 82 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3 IEEE 802.1P PRIORITY QUEUE USER PRIORITY TOS (IP IP PACKET PRECEDENCE) DSCP (ETHERNET LENGTH (BYTE) PRIORITY) 011110 <250 011100 011010 011000 100110 100100 100010 100000 101110 101000 110000 111000 P-660HN-F1A User’s Guide...
-
Page 273: Dynamic Dns Setup
Use the Dynamic DNS screen (Section 17.2 on page 274) to enable DDNS and configure the DDNS settings on the P-660HN-F1A. 17.1.2 What You Need To Know About DDNS DYNDNS Wildcard Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. -
Page 274: The Dynamic Dns Screen
Chapter 17 Dynamic DNS Setup 17.2 The Dynamic DNS Screen Use this screen to change your P-660HN-F1A’s DDNS. Click Advanced > Dynamic DNS. The screen appears as shown. Figure 118 Advanced > Dynamic DNS The following table describes the fields in this screen. - Page 275 Select this option only when there are one or more NAT routers between server auto the P-660HN-F1A and the DDNS server. This feature has the DDNS detect IP server automatically detect and use the IP address of the NAT router Address that has a public IP address.
- Page 276 Chapter 17 Dynamic DNS Setup P-660HN-F1A User’s Guide...
-
Page 277: Remote Management
18.1 Overview Remote management allows you to determine which services/protocols can access which P-660HN-F1A interface (if any) from which computers. The following figure shows remote management of the P-660HN-F1A coming in from the WAN. Figure 119 Remote Management From the WAN... -
Page 278: What You Can Do In The Remote Management Screens
IP address(es) users can use FTP to access the P- 660HN-F1A. • Your P-660HN-F1A can act as an SNMP agent, which allows a manager station to manage and monitor the P-660HN-F1A through the network. Use the SNMP screen (see Section 18.5 on page... -
Page 279: The Www Screen
Use this screen to specify how to connect to the P-660HN-F1A from a web browser, such as Internet Explorer. You can also specify which IP addresses the access can come from. Note: If you disable the WWW service in this screen, then the P-660HN-F1A blocks all HTTP connection attempts. P-660HN-F1A User’s Guide... -
Page 280: Configuring The Www Screen
A secured client is a “trusted” computer that is allowed to communicate with the P-660HN-F1A using this service. Select All to allow any computer to access the P-660HN-F1A using this service. Choose Selected to just allow the computer with the IP address that you specify to access the P-660HN-F1A using this service. -
Page 281: The Ftp Screen
A secured client is a “trusted” computer that is allowed to communicate with the P-660HN-F1A using this service. Select All to allow any computer to access the P-660HN-F1A using this service. Choose Selected to just allow the computer with the IP address that you specify to access the P-660HN-F1A using this service. -
Page 282: The Snmp Screen
Chapter 18 Remote Management Use this screen to specify which interfaces allow FTP access and from which IP address the access can come. To change your P-660HN-F1A’s FTP settings, click Advanced > Remote MGMT > FTP. The screen appears as shown. - Page 283 An agent is a management software module that resides in a managed device (the P-660HN-F1A). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
-
Page 284: Configuring Snmp
The SNMP agent listens on port 161 by default. If you change the SNMP server port to a different number on the P-660HN-F1A, for example 8161, then you must notify people who need to access the P-660HN-F1A SNMP agent to use the same port. -
Page 285: The Dns Screen
Use this screen to set from which IP address the P-660HN-F1A will accept DNS queries and on which interface it can send them your P-660HN-F1A’s DNS settings. This feature is not available when the P-660HN-F1A is set to bridge mode. -
Page 286: The Icmp Screen
To change your P-660HN-F1A’s security settings, click Advanced > Remote MGMT > ICMP. The screen appears as shown. If an outside user attempts to probe an unsupported port on your P-660HN-F1A, an ICMP response packet is automatically returned. This allows the outside user to know the P-660HN-F1A exists. - Page 287 P-660HN-F1A unseen. If this option is not selected, the P- 660HN-F1A will reply with an ICMP port unreachable packet for a port probe on its unused UDP ports and a TCP reset packet for a port probe on its unused TCP ports.
- Page 288 Chapter 18 Remote Management P-660HN-F1A User’s Guide...
-
Page 289: Universal Plug-And-Play (Upnp)
NAT. UPnP network devices can automatically configure network addressing, announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following: • Dynamic port mapping • Learning public IP addresses P-660HN-F1A User’s Guide... - Page 290 When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the P-660HN-F1A allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.
-
Page 291: The Upnp Screen
Chapter 19 Universal Plug-and-Play (UPnP) 19.2 The UPnP Screen Use the following screen to configure the UPnP settings on your P-660HN-F1A. Click Advanced > UPnP to display the screen shown next. Section 19.1 on page 289 for more information. Figure 127 Advanced > UPnP > General The following table describes the fields in this screen. -
Page 292: Installing Upnp In Windows Example
Follow the steps below to install the UPnP in Windows Me. Click Start and Control Panel. Double-click Add/Remove Programs. Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication P-660HN-F1A User’s Guide... - Page 293 Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections. P-660HN-F1A User’s Guide...
- Page 294 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Network Connections The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Windows Optional Networking Components Wizard P-660HN-F1A User’s Guide...
-
Page 295: Using Upnp In Windows Xp Example
This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the P-660HN- F1A. Make sure the computer is connected to a LAN port of the P-660HN-F1A. Turn on your computer and the P-660HN-F1A. Auto-discover Your UPnP-enabled Network Device Click Start and Control Panel. - Page 296 Chapter 19 Universal Plug-and-Play (UPnP) Right-click the icon and select Properties. Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties P-660HN-F1A User’s Guide...
- Page 297 You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. P-660HN-F1A User’s Guide...
- Page 298 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the P-660HN-F1A without finding out the IP address of the P-660HN-F1A first. This comes helpful if you do not know the IP address of the P-660HN-F1A. Follow the steps below to access the web configurator.
- Page 299 Chapter 19 Universal Plug-and-Play (UPnP) Select My Network Places under Other Places. Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. P-660HN-F1A User’s Guide...
- Page 300 Chapter 19 Universal Plug-and-Play (UPnP) Right-click on the icon for your P-660HN-F1A and select Invoke. The web configurator login screen displays. Network Connections: My Network Places Right-click on the icon for your P-660HN-F1A and select Properties. A properties window displays with basic information about the P-660HN-F1A.
-
Page 301: System Settings
DHCP Server. Often your ISP or a router on your network performs this function. A LAN (local area network) is typically a network which covers a small area, made up of computers and other devices which share resources such as Internet access, printers etc. P-660HN-F1A User’s Guide... -
Page 302: The General Screen
• In Windows XP, click start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the P-660HN-F1A System Name. Click Maintenance > System to open the General screen. - Page 303 After you change the password, use the new password to access the P- 660HN-F1A. Retype to Type the new password again for confirmation. confirm Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1A User’s Guide...
-
Page 304: The Time Setting Screen
Chapter 20 System Settings 20.3 The Time Setting Screen Use this screen to configure the P-660HN-F1A’s time based on your local time zone. To change your P-660HN-F1A’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. - Page 305 When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. Get from Time Select this radio button to have the P-660HN-F1A get the time and date Server from the time server you specified below.
- Page 306 In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-F1A User’s Guide...
-
Page 307: Logs
The web configurator allows you to choose which categories of events and/or alerts to have the P-660HN-F1A log and then display the logs or have the P- 660HN-F1A send them to an administrator (as e-mail) or to a syslog server. -
Page 308: The View Log Screen
This field is a sequential value and is not associated with a specific entry. Time This field displays the time the log was recorded. Message This field states the reason for the log. Source This field lists the source IP address and the port number of the incoming packet. P-660HN-F1A User’s Guide... -
Page 309: The Log Settings Screen
Use the Log Settings screen to configure the mail server, the syslog server, when to send logs and what logs to send. To change your P-660HN-F1A’s log settings, click Maintenance > Logs > Log Settings. The screen appears as shown. - Page 310 Send Log to The P-660HN-F1A sends logs to the e-mail address specified in this field. If this field is left blank, the P-660HN-F1A does not send logs via e-mail. Send Alerts to Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs.
-
Page 311: Smtp Error Messages
Chapter 21 Logs Table 94 Maintenance > Logs > Log Settings LABEL DESCRIPTION Send Select log categories for which you want the P-660HN-F1A to send E-mail Immediate alerts immediately. Alert Apply Click this to save your customized settings and exit this screen. -
Page 312: Log Descriptions
Someone has logged on to the router via telnet. Successful TELNET login Someone has failed to log on to the router via telnet. TELNET login failed Someone has logged on to the router via ftp. Successful FTP login P-660HN-F1A User’s Guide... - Page 313 The router failed to allocate memory for the NetBIOS setNetBIOSFilter: calloc filter settings. error The router failed to allocate memory for the NetBIOS readNetBIOSFilter: calloc filter settings. error A WAN connection is down. You cannot access the WAN connection is down. network through this interface. P-660HN-F1A User’s Guide...
- Page 314 Firewall session time firewall session timed out.Default timeout values:ICMP out, sent TCP RST idle timeout (s): 60UDP idle timeout (s): 60TCP connection (three way handshaking) timeout (s): 30TCP FIN-wait timeout (s): 60TCP idle (established) timeout (s): 3600 P-660HN-F1A User’s Guide...
- Page 315 ICMP The firewall does not support this kind of ICMP Unsupported/out-of-order ICMP: packets or the ICMP packets are out of order. ICMP The router sent an ICMP reply packet to the Router reply ICMP packet: ICMP sender. P-660HN-F1A User’s Guide...
- Page 316 UPnP packets can pass through the firewall. UPnP pass through Firewall Table 105 Content Filtering Logs LOG MESSAGE DESCRIPTION The content of a requested web page matched a user defined %s: block keyword keyword. The system forwarded web content. P-660HN-F1A User’s Guide...
- Page 317 A user was not authenticated by the RADIUS RADIUS rejects user. Pls check Server. Please check the RADIUS Server. RADIUS Server. The router logged out a user whose session User logout because of session expired. timeout expired. P-660HN-F1A User’s Guide...
- Page 318 (L to L/P-660HN- LAN to LAN/P- ACL set for packets traveling from the LAN to the F1A) 660HN-F1A LAN or the P-660HN-F1A. (W to W/P-660HN- WAN to WAN/P- ACL set for packets traveling from the WAN to the F1A) 660HN-F1A WAN or the P-660HN-F1A.
- Page 319 The “devID” is the last three characters of the MAC address of the router’s LAN port. The “cat” is the same as the category in the router’s logs. P-660HN-F1A User’s Guide...
- Page 320 Please refer to RFC 2408 for detailed information on each type. Table 111 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID P-660HN-F1A User’s Guide...
-
Page 321: Tools
ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your P-660HN-F1A. 22.1.1 What You Can Do in the Tool Screens • Use the Firmware Upgrade screen (Section 22.2 on page... -
Page 322: What You Need To Know About Tools
P-660HN-F1A and the external filename refers to the filename not on the P-660HN-F1A, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the Status screen to confirm that you have uploaded the correct firmware version. -
Page 323: Before You Begin
FTP is faster. Please note that you must wait for the system to automatically restart after the file transfer is complete. Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE your device. When the Restore Configuration process is complete, the device automatically restarts. P-660HN-F1A User’s Guide... - Page 324 “rom-0”. Likewise “get rom-0 config.rom” transfers the configuration file on the device to your computer and renames it “config.rom.” See earlier in this chapter for more information on filename conventions. Enter “quit” to exit the ftp prompt. P-660HN-F1A User’s Guide...
- Page 325 Note that the telnet connection must be active and the device in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For P-660HN-F1A User’s Guide...
- Page 326 Using the FTP Commands to Back Up Configuration Launch the FTP client on your computer. Enter “open”, followed by a space and the IP address of your P-660HN-F1A. Press [ENTER] when prompted for a username. Enter your password as requested (the default is “1234”).
- Page 327 Specify the default local directory (path). Backup Configuration Using TFTP The P-660HN-F1A supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended.
- Page 328 Host Enter the IP address of the P-660HN-F1A. 192.168.1.1 is the P-660HN-F1A’s default IP address when shipped. Send/ Use “Send” to upload the file to the P-660HN-F1A and “Fetch” to back up the Fetch file on your computer. Local File Enter the path and name of the firmware file (*.bin extension) or...
-
Page 329: The Firmware Screen
22.2 The Firmware Screen Click Maintenance > Tools to open the Firmware screen. Follow the instructions in this screen to upload firmware to your P-660HN-F1A. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. - Page 330 After you see the Firmware Upload in Progress screen, wait two minutes before logging into the P-660HN-F1A again. Figure 137 Firmware Upload In Progress The P-660HN-F1A automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
-
Page 331: The Configuration Screen
FTP/TFTP commands. Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next. Figure 140 Maintenance > Tools > Configuration P-660HN-F1A User’s Guide... - Page 332 Backup Configuration Backup Configuration allows you to back up (save) the P-660HN-F1A’s current configuration to a file on your computer. Once your P-660HN-F1A is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
- Page 333 Chapter 22 Tools The P-660HN-F1A automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 142 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address (192.168.1.1).
-
Page 334: The Restart Screen
22.4 The Restart Screen System restart allows you to reboot the P-660HN-F1A remotely without turning the power off. You may need to do this if the P-660HN-F1A hangs, for example. Click Maintenance > Tools > Restart. Click Restart to have the P-660HN-F1A reboot. -
Page 335: Diagnostic
336) to view the DSL line statistics and reset the ADSL line. 23.2 The General Diagnostic Screen Use this screen to ping an IP address. Click Maintenance > Diagnostic to open the screen shown next. Figure 147 Maintenance > Diagnostic > General P-660HN-F1A User’s Guide... -
Page 336: The Dsl Line Diagnostic Screen
23.3 The DSL Line Diagnostic Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 148 Maintenance > Diagnostic > DSL Line P-660HN-F1A User’s Guide... - Page 337 PVC with proper VPIs/VCIs before you begin this test. The P- 660HN-F1A sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the P-660HN-F1A. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network.
- Page 338 Status noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the P-660HN-F1A from the ISP). It is measured in decibels. The higher the number the more signal and less noise there is.
-
Page 339: Troubleshooting
Make sure you are using the power adaptor or cord included with the P-660HN- F1A. Make sure the power adaptor or cord is connected to the P-660HN-F1A and plugged in to an appropriate power source. Make sure the power source is turned Turn the P-660HN-F1A off and on. -
Page 340: P-660Hn-F1A Access And Login
If you changed the IP address and have forgotten it, you might get the IP address of the P-660HN-F1A by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig. - Page 341 Advanced Suggestions • Try to access the P-660HN-F1A using another service, such as Telnet. If you can access the P-660HN-F1A, check the remote management settings and firewall rules to find out why the P-660HN-F1A does not respond to HTTP.
-
Page 342: Internet Access
Chapter 24 Troubleshooting I cannot Telnet to the P-660HN-F1A. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload new firmware. - Page 343 Check the signal strength. If the signal strength is low, try moving your computer closer to the P-660HN-F1A if possible, and look around to see if there are any devices that might be interfering with the wireless network (for example, microwaves, other wireless networks, and so on).
- Page 344 Chapter 24 Troubleshooting P-660HN-F1A User’s Guide...
-
Page 345: Product Specifications
H A P T E R Product Specifications The following tables summarize the P-660HN-F1A’s hardware and firmware features. 25.1 Hardware Specifications Table 119 Hardware Specifications Dimensions 180 (W) x 128 (D) x 37 (H) mm Weight 285 g Power Specification... -
Page 346: Firmware Specifications
Configuration Backup Make a copy of the P-660HN-F1A’s configuration. You can put it & Restoration back on the P-660HN-F1A later if you decide to revert back to an earlier configuration. Network Address Each computer on your network must have its own unique IP Translation (NAT) address. - Page 347 (see RFC 2236). Time and Date Get the current time and date from an external server when you turn on your P-660HN-F1A. You can also set the time manually. These dates and times are then used in logs. Logs Use logs for troubleshooting.
- Page 348 ADSL physical connection ATM AAL5 (ATM Adaptation Layer type Multi-protocol over AAL5 (RFC2684/1483) PPP over ATM AAL5 (RFC2364) PPP over Ethernet for DSL connection (RFC2516) VC-based and LLC-based multiplexing I.610 F4/F5 OAM Annex L/M INP equals up to 16 TR-067/TR-100 P-660HN-F1A User’s Guide...
-
Page 349: Wireless Features
F4/F5 OAM 25.3 Wireless Features Table 121 Wireless Features External Antenna The P-660HN-F1A is equipped with one fixed antenna to provide a clear radio signal between the wireless stations and the access points. Wireless LAN MAC Address Your device can check the MAC addresses of wireless stations Filtering against a list of allowed or denied MAC addresses. - Page 350 Network Time Protocol (NTP version 3) RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 RFC 1631 IP Network Address Translator (NAT) RFC 1661 The Point-to-Point Protocol (PPP) RFC 1723 RIP-2 (Routing Information Protocol) RFC 2236 Internet Group Management Protocol, Version 2. P-660HN-F1A User’s Guide...
- Page 351 MS PPTP (Microsoft's implementation of Point to Point Tunneling Protocol) RFC 2383 ST2+ over ATM Protocol Specification - UNI 3.1 Version TR-069 TR-069 DSL Forum Standard for CPE Wan Management. 1.363.5 Compliant AAL5 SAR (Segmentation And Re-assembly) P-660HN-F1A User’s Guide...
-
Page 352: Power Adaptor Specifications
Chapter 25 Product Specifications 25.4 Power Adaptor Specifications Table 123 P-660HN-F1A Series Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS DC Power Adapter Model ADS0128-B 120100 Input Power 100V-240VAC,50/60HZ Output Power 12V DC,1A Power Consumption 8 Watt max Safety Standards ANSI/UL 60950-1, CSA... -
Page 353: Appendix A Setting Up Your Computer's Ip Address
"communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the P-660HN-F1A’s LAN port. P-660HN-F1A User’s Guide... - Page 354 In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: In the Network window, click Add. Select Protocol and then click Add. P-660HN-F1A User’s Guide...
- Page 355 • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 150 Windows 95/98/Me: TCP/IP Properties: IP Address P-660HN-F1A User’s Guide...
- Page 356 Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your P-660HN-F1A and restart your computer when prompted. Verifying Settings Click Start and then Run.
- Page 357 The following example figures use the default Windows XP GUI theme. Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 152 Windows XP: Start Menu In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT). Figure 153 Windows XP: Control Panel P-660HN-F1A User’s Guide...
- Page 358 Figure 154 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 155 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). P-660HN-F1A User’s Guide...
- Page 359 Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. P-660HN-F1A User’s Guide...
- Page 360 • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. P-660HN-F1A User’s Guide...
-
Page 361: Windows Vista
Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your P-660HN-F1A and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. - Page 362 Click the Start icon, Control Panel. Figure 159 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 160 Windows Vista: Control Panel Click Network and Sharing Center. Figure 161 Windows Vista: Network And Internet P-660HN-F1A User’s Guide...
- Page 363 Figure 162 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 163 Windows Vista: Network and Sharing Center P-660HN-F1A User’s Guide...
- Page 364 • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. P-660HN-F1A User’s Guide...
- Page 365 Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. P-660HN-F1A User’s Guide...
- Page 366 • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. P-660HN-F1A User’s Guide...
- Page 367 11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window. 13 Turn on your P-660HN-F1A and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt.
- Page 368 Appendix A Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 168 Macintosh OS 8/9: Apple Menu P-660HN-F1A User’s Guide...
- Page 369 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your P-660HN-F1A in the Router address box. Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration.
-
Page 370: Macintosh Os X
• Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. Figure 171 Macintosh OS X: Network For statically assigned settings, do the following: P-660HN-F1A User’s Guide... - Page 371 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your P-660HN-F1A in the Router address box. Click Apply Now and close the window.
- Page 372 If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 174 Red Hat 9.0: KDE: Network Configuration: DNS Click the Devices tab. P-660HN-F1A User’s Guide...
- Page 373 • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 176 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet P-660HN-F1A User’s Guide...
- Page 374 Figure 179 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] P-660HN-F1A User’s Guide...
-
Page 375: Verifying Settings
HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# P-660HN-F1A User’s Guide... - Page 376 Appendix A Setting up Your Computer’s IP Address P-660HN-F1A User’s Guide...
-
Page 377: Appendix B Pop-Up Windows, Javascripts And Java Permissions
Disable Pop-up Blockers In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 181 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. P-660HN-F1A User’s Guide... - Page 378 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. P-660HN-F1A User’s Guide...
- Page 379 Select Settings…to open the Pop-up Blocker Settings screen. Figure 183 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. P-660HN-F1A User’s Guide...
- Page 380 Figure 184 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. P-660HN-F1A User’s Guide...
- Page 381 Figure 185 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). P-660HN-F1A User’s Guide...
-
Page 382: Java Permissions
Figure 186 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. P-660HN-F1A User’s Guide... - Page 383 Click OK to close the window. Figure 187 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. P-660HN-F1A User’s Guide...
- Page 384 Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 189 Mozilla Firefox: Tools > Options P-660HN-F1A User’s Guide...
- Page 385 Appendix B Pop-up Windows, JavaScripts and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 190 Mozilla Firefox Content Security P-660HN-F1A User’s Guide...
- Page 386 Appendix B Pop-up Windows, JavaScripts and Java Permissions P-660HN-F1A User’s Guide...
-
Page 387: Appendix C Ip Addresses And Subnetting
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. P-660HN-F1A User’s Guide... -
Page 388: Subnet Masks
ID of an IP address (192.168.1.2 in decimal). Table 124 Subnet Masks OCTET: OCTET: OCTET: OCTET (192) (168) IP Address (Binary) 11000000 10101000 00000001 00000010 Subnet Mask (Binary) 11111111 11111111 11111111 00000000 Network Number 11000000 10101000 00000001 Host ID 00000010 P-660HN-F1A User’s Guide... - Page 389 MAXIMUM NUMBER OF SUBNET MASK HOST ID SIZE HOSTS 8 bits 255.0.0.0 24 bits – 2 16777214 16 bits 255.255.0.0 16 bits – 2 65534 24 bits 255.255.255.0 8 bits – 2 29 bits 255.255.255.2 3 bits – 2 P-660HN-F1A User’s Guide...
- Page 390 In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 2 – 2 or 254 possible hosts. P-660HN-F1A User’s Guide...
- Page 391 The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 193 Subnetting Example: After Subnetting P-660HN-F1A User’s Guide...
- Page 392 Table 129 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 P-660HN-F1A User’s Guide...
- Page 393 Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 132 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS P-660HN-F1A User’s Guide...
- Page 394 255.255.255.248 (/29) 8192 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP P-660HN-F1A User’s Guide...
- Page 395 Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the P-660HN-F1A. Once you have decided on the network number, pick an IP address for your P- 660HN-F1A that is easy to remember (for instance, 192.168.1.1) but make sure...
- Page 396 Appendix C IP Addresses and Subnetting P-660HN-F1A User’s Guide...
-
Page 397: Appendix D Wireless Lans
(AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate P-660HN-F1A User’s Guide... - Page 398 This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. P-660HN-F1A User’s Guide...
- Page 399 A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or P-660HN-F1A User’s Guide...
- Page 400 RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. P-660HN-F1A User’s Guide...
-
Page 401: Fragmentation Threshold
Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it, otherwise the P-660HN-F1A uses long preamble. Note: The wireless devices MUST use the same preamble mode in order to communicate. - Page 402 IEEE802.1x EAP with RADIUS Server Authentication Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the P-660HN-F1A and on all wireless clients that you want to associate with it. P-660HN-F1A User’s Guide...
- Page 403 The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. P-660HN-F1A User’s Guide...
- Page 404 The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. P-660HN-F1A User’s Guide...
- Page 405 However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. P-660HN-F1A User’s Guide...
-
Page 406: Dynamic Wep Key Exchange
RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. P-660HN-F1A User’s Guide... - Page 407 The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption P-660HN-F1A User’s Guide...
- Page 408 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client. P-660HN-F1A User’s Guide...
- Page 409 The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. P-660HN-F1A User’s Guide...
-
Page 410: Security Parameters Summary
Enable without Dynamic WEP Open Enable with Dynamic WEP Key Enable without Dynamic WEP Disable Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Disable TKIP/AES Enable WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable P-660HN-F1A User’s Guide... -
Page 411: Antenna Characteristics
Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. P-660HN-F1A User’s Guide... -
Page 412: Positioning Antennas
For omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. P-660HN-F1A User’s Guide... -
Page 413: Appendix E Services
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. • If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. P-660HN-F1A User’s Guide... - Page 414 IMAP4 The Internet Message Access Protocol is used for e-mail. IMAP4S This is a more secure version of IMAP4 that runs over SSL. TCP/UDP 6667 This is another popular Internet chat program. P-660HN-F1A User’s Guide...
- Page 415 Remote Login. ROADRUNNER TCP/UDP 1026 This is an ISP that provides services mainly for cable modems. RTELNET Remote Telnet. RTSP TCP/UDP The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. P-660HN-F1A User’s Guide...
- Page 416 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the user- application. defined P-660HN-F1A User’s Guide...
-
Page 417: Appendix F Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. -
Page 418: Zyxel Limited Warranty
ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. P-660HN-F1A User’s Guide... - Page 419 To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http:// www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. P-660HN-F1A User’s Guide...
- Page 420 Appendix F Legal Information P-660HN-F1A User’s Guide...
-
Page 421: Index
Basic Service Set, See BSS UPnP Basic Service Set, see BSS wireless LAN broadcast scheduling 165, 397 example address mapping rules types 181, 182, 186 administrator password 30, 303 alerts firewalls 227, 405 P-660HN-F1A User’s Guide... - Page 422 109, 128, 132, 138, 285 backup 326, 327, 332 Domain Name System, see DNS classifiers 260, 267 DHCP three-way handshake file thresholds firewalls 190, 202, 203 194, 198, 203 DSCP IP alias 261, 263, 270 logs DSL connections, status P-660HN-F1A User’s Guide...
- Page 423 174, 176 content activation activation configuration example example keywords rules schedules fragmentation threshold 152, 161, 401 trusted IP addresses 24, 281 backing up configuration MAC address 155, 162 limitations activation packets restoring configuration 323, 324 P-660HN-F1A User’s Guide...
- Page 424 Inside Local Address, see ILA Internet Control Message Protocol, see ICMP Internet Group Multicast Protocol, see IGMP IP address 106, 109, 115, 123, 128, 139 default server 176, 178 MAC address 134, 155 ping filter 144, 146, 155, 162 private P-660HN-F1A User’s Guide...
- Page 425 176, 178 users example global 111, 118, 124 Peak Cell Rate, see PCR inside local PIN, WPS 156, 158, 167 outside example port forwarding 174, 176 packet filtering activation port forwarding 174, 176 configuration activation example configuration P-660HN-F1A User’s Guide...
- Page 426 IP precedence content filtering monitor 266, 268 firewalls priority queue logs remote node wireless LAN routing policy 111, 118, 124 security Quality of Service, see QoS network Queue Setup wireless LAN 146, 161 P-660HN-F1A User’s Guide...
- Page 427 32, 37, 40 152, 161 190, 202, 203 DSL connections firewalls RTS/CTS 152, 161 firmware version time TR-064 packet statistics TR-069 trademarks wireless LAN P-660HN-F1A User’s Guide...
- Page 428 Virtual Local Area Network, see VLAN wireless client WPA supplicants Virtual Path Identifier, see VPI wireless LAN 143, 159 VLAN activation 802.1P priority authentication 241, 250 161, 163 activation example example group settings channel management group configuration port settings P-660HN-F1A User’s Guide...
- Page 429 Wireless tutorial wizard configuration wireless LAN WLAN interference security parameters 150, 164, 406 authentication key caching pre-authentication user authentication vs WPA-PSK wireless client supplicant with RADIUS application example WPA2 user authentication vs WPA2-PSK wireless client supplicant P-660HN-F1A User’s Guide...
- Page 430 Index P-660HN-F1A User’s Guide...
Need help?
Do you have a question about the P-660HN-F1A and is the answer not in the manual?
Questions and answers