P-870HW-I1 User’s Guide Federal Communications Commission (FCC) Interference Statement The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 5
第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用 者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現 有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。 前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍 受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。 減少電磁波影響,請妥適使用。 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device has been designed for the WLAN 2.4 GHz and 5 GHz networks throughout the EC region and Switzerland, with restrictions in France.
P-870HW-I1 User’s Guide For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 7
P-870HW-I1 User’s Guide This product is recyclable. Dispose of it properly. Safety Warnings...
P-870HW-I1 User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
+7-3272-590-689 1-800-255-4101 www.us.zyxel.com +1-714-632-0882 +1-714-632-0858 ftp.us.zyxel.com P-870HW-I1 User’s Guide REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Costa Rica Plaza Roble Escazú Etapa El Patio, Tercer Piso San José, Costa Rica ZyXEL Communications Czech s.r.o.
Page 10
+46-31-744-7701 www.ua.zyxel.com +380-44-494-49-32 +44-1344 303044 www.zyxel.co.uk 08707 555779 (UK only) +44-1344 303034 ftp.zyxel.co.uk REGULAR MAIL ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway ZyXEL Communications ul. Okrzei 1A 03-715 Warszawa Poland ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279...
Page 13
Chapter 6 Wireless LAN ... 93 6.1 Wireless Network Overview ...93 6.2 Wireless Security Overview ...94 6.2.1 SSID ...94 6.2.2 MAC Address Filter ...94 6.2.3 User Authentication ...94 6.2.4 Encryption ...95 6.2.5 One-Touch Intelligent Security Technology (OTIST) ...96 6.3 Wireless Performance Overview ...96 6.3.1 Quality of Service (QoS) ...96 6.4 General Wireless LAN Screen ...96 6.4.1 General Wireless LAN Screen: No Security ...97...
Page 14
P-870HW-I1 User’s Guide 8.1.4 LAN IP Alias ...128 8.2 LAN IP Screen ...129 8.3 LAN IP Alias Screen ...129 8.4 Advanced LAN Screen ...131 Chapter 9 DHCP Server ... 133 9.1 DHCP Overview ...133 9.2 General DHCP Screen ...134 9.3 Static DHCP Screen ...135 9.4 Client List Screen ...136 Chapter 10 NAT ...
Page 15
11.3 Guidelines for Enhancing Security with Your Firewall ...153 11.3.1 Security In General ...153 11.4 General Firewall Screen ...154 11.5 Firewall Rules Screen ...155 11.5.1 Firewall Rule Edit Screen ...157 11.5.2 Customized Services Screen ...160 11.5.3 Customized Service Edit Screen ...160 11.6 Anti-Probing Screen ...161 11.7 Firewall Threshold Screen ...162 Chapter 12...
Page 17
Chapter 18 System ... 229 18.1 General Setup ...229 18.1.1 General Setup and System Name ...229 18.1.2 Dynamic DNS Overview ...229 18.1.2.1 DYNDNS Wildcard ...230 18.1.3 Resetting the Time ...230 18.2 General System Screen ...230 18.3 Dynamic DNS Screen ...231 18.4 Time Setting Screen ...233 Chapter 19 Logs ...
Page 20
P-870HW-I1 User’s Guide 35.4.7 Uploading Firmware File Via Console Port ...329 35.4.8 Example Xmodem Firmware Upload Using HyperTerminal ...330 35.4.9 Uploading Configuration File Via Console Port ...330 35.4.10 Example Xmodem Configuration Upload Using HyperTerminal ...331 Chapter 36 System Maintenance 24.8 - 24.11... 333 36.1 Command Interpreter Mode ...333 36.2 Budget Management ...333 36.3 Call History ...334...
Page 21
Appendix B Setting up Your Computer’s IP Address... 365 Windows 95/98/Me... 365 Windows 2000/NT/XP ... 368 Macintosh OS X ... 373 Linux... 375 Appendix C NetBIOS Filter Commands ... 379 Introduction ... 379 Display NetBIOS Filter Settings ... 379 NetBIOS Filter Configuration... 380 Appendix D NAT...
Page 22
P-870HW-I1 User’s Guide Example Internal SPTGEN Menus... 418 Appendix I Services ... 431 Index... 435 Table of Contents...
Page 27
P-870HW-I1 User’s Guide Figure 168 Menu 11.1.5: Traffic Redirect Setup ... 274 Figure 169 Menu 12: IP Static Route Setup ... 275 Figure 170 Menu 12.1: Edit IP Static Route ... 276 Figure 171 Menu 14: Dial-in User Setup ... 277 Figure 172 Menu 14.1: Edit Dial-in User ...
Page 28
P-870HW-I1 User’s Guide Figure 211 Menu 24.6: Restore Configuration ... 325 Figure 212 Menu 24.7: System Maintenance - Upload Firmware ... 325 Figure 213 Menu 24.7.1: System Maintenance - Upload System Firmware ... 326 Figure 214 Menu 24.7.2: System Maintenance - Upload System Configuration File ... 327 Figure 215 FTP Session Example ...
Page 29
Figure 254 Macintosh OS X: Network ... 374 Figure 255 Red Hat 9.0: KDE: Network Configuration: Devices ... 375 Figure 256 Red Hat 9.0: KDE: Ethernet Device: General ... 376 Figure 257 Red Hat 9.0: KDE: Network Configuration: DNS ... 376 Figure 258 Red Hat 9.0: KDE: Network Configuration: Activate ...
Page 30
P-870HW-I1 User’s Guide List of Figures...
Congratulations on your purchase of the P-870HW-I1 (“ZyXEL Device“) VDSL router with built-in IEEE 802.11g wireless capability. This ZyXEL Device also has a 4-port hub that allows you to connect up to 4 computers to the ZyXEL Device without purchasing a switch/ hub.
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Getting To Know Your ZyXEL This chapter describes the key features and applications of your ZyXEL Device 1.1 Introducing the ZyXEL Device Your ZyXEL Device is a VDSL router that provides super high-speed Internet access through a telephone line. The ZyXEL Device supports high bandwidth applications such as video streaming, movies on demand, on-line gaming, video and Voice over IP (VoIP).
P-870HW-I1 User’s Guide TR-069 Compliance TR-069 is a protocol that defines how your ZyXEL Device can be managed via a management server such as ZyXEL’s Vantage CNM Access. The management server can securely manage and update configuration changes in ZyXEL Devices. PPPoE (RFC2516) PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection.
Media Bandwidth Management ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes. Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the ZyXEL Device and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.
P-870HW-I1 User’s Guide Note: The ZyXEL Device may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs. Wi-Fi Protected Access and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification standard. Key differences between WPA and WEP are user authentication and improved data encryption.
Figure 1 Applications: Protected Internet Access 1.3.2 Management Server Your ZyXEL Device can be managed via a management server such as ZyXEL’s Vantage CNM Access. The management server can securely manage and update configuration changes for you. Figure 2 Applications: Management Server 1.4 LEDs The following figure shows the LEDs.
P-870HW-I1 User’s Guide The following table describes the LEDs. Table 1 LEDs COLOR PWR/SYS Green LAN (1-4) Green WLAN/ Green OTIST Amber Green INTERNET Green 1.5 Splitters and Microfilters This section describes how to connect VDSL splitters and microfilters. See your Quick Start Guide for details on other hardware connections.
Figure 4 Connecting a POTS Splitter 1 Connect the side labeled “Phone” to your telephone. 2 Connect the side labeled “Modem” or “DSL” to your ZyXEL Device. 3 Connect the side labeled “Line” to the telephone wall jack. 1.5.2 Telephone Microfilters Telephone voice transmissions take place in the lower frequency range, 0-4 KHz, while VDSL transmissions take place in the higher bandwidth range, above 4KHz.
Page 46
P-870HW-I1 User’s Guide Chapter 1 Getting To Know Your ZyXEL Device...
This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
P-870HW-I1 User’s Guide Figure 6 Login Screen 3 The Password field may already contain the default password it. Click Login. The following screen appears. Figure 7 Login: Change Password Screen 4 Follow the directions to change your password, or click Cancel to keep the default password.
Figure 8 Login: Replace Certificate Screen 5 Follow the directions in this screen. If you click Ignore, this screen appears the next time you log in. Afterwards, the following screen appears. Figure 9 Login: Select Mode Screen 6 Select Go to Wizard setup to use the wizards. See on page 77.
P-870HW-I1 User’s Guide Figure 10 Main Screen Note: Click the embedded help. The panel on the left side is the navigation panel. You can use this panel to open various screens in the web configurator. The following table describes the icons in the upper right corner and the menu items in the navigation panel.
Page 51
Table 2 Web Configurator: Navigation Panel and Icons (continued) LINK/ICON SUB-LINK Wireless LAN General OTIST MAC Filter Advanced Internet Connection Advanced Traffic Redirect IP Alias Advanced DHCP Server General Static DHCP Client List General Port Forwarding Trigger Port Address Mapping Security Firewall General...
Page 52
P-870HW-I1 User’s Guide Table 2 Web Configurator: Navigation Panel and Icons (continued) LINK/ICON SUB-LINK Certificates My Certificates Trusted CAs Trusted Remote Hosts Directory Servers Management Static Route IP Static Route Bandwidth Configuration MGMT Monitor Remote MGMT Telnet SNMP Security UPnP General Maintenance System...
2.4 Resetting the ZyXEL Device Reset the ZyXEL Device in the following situations: • You forgot your password. • You cannot access the device using the web configurator or SMT. Check Troubleshooting to make sure you cannot access the device anymore. If you reset the ZyXEL Device, you lose all of the changes you have made.
Page 54
P-870HW-I1 User’s Guide Chapter 2 Introducing the Web Configurator...
This chapter provides information on the Wizard Setup screens for wireless settings and Internet access in the web configurator. 3.1 Main Wizard Screen Use this screen to select which wizard you want to run. Figure 11 Main Wizard Screen The following table describes the labels in this screen. Table 3 Main Wizard Screen LABEL DESCRIPTION...
P-870HW-I1 User’s Guide 3.2 Welcome Screen Use this screen to look at a preview of the Connection Wizard. Figure 12 Connection Wizard: Welcome The following table describes the labels in this screen. Table 4 Connection Wizard: Welcome LABEL DESCRIPTION Back Click this to return to the previous screen.
Figure 13 Connection Wizard: System Information The following table describes the labels in this screen. Table 5 Connection Wizard: System Information LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long.
P-870HW-I1 User’s Guide Figure 14 Connection Wizard: Wireless LAN The following table describes the labels in this screen. Table 6 Connection Wizard: Wireless LAN LABEL DESCRIPTION Name(SSID) The Service Set IDentity (SSID) is the name of the wireless network. Every wireless client in the same wireless network must use the same SSID.
3.5 Wireless Security Screens The next screens depend on which type of Security you select in the previous screen. 3.5.1 Wireless Security: None Use this screen to enable OTIST for your wireless network. Figure 15 Connection Wizard: Wireless Security: None The following table describes the labels in this screen.
P-870HW-I1 User’s Guide Figure 16 Connection Wizard: Wireless Security: Basic Security Screen 1 The following table describes the labels in this screen. Table 8 Connection Wizard: Wireless Security: Basic Security Screen 1 LABEL DESCRIPTION WEP Key Enter the key you want to use. You can enter the key using printable ASCII characters or hexadecimal (0-9, A-F, a-f) characters.
Figure 17 Connection Wizard: Wireless Security: Basic Security Screen 2 The following table describes the labels in this screen. Table 9 Connection Wizard: Wireless Security: Basic Security Screen 2 LABEL DESCRIPTION Do you want to Select Yes if you want to set up OTIST security. If you set up OTIST, your wireless enable OTIST? network uses WPA-PSK security, not the security you selected and set up in the previous screen(s).
P-870HW-I1 User’s Guide Figure 18 Connection Wizard: Wireless Security: Auto The following table describes the labels in this screen. Table 10 Connection Wizard: Wireless Security: Auto LABEL DESCRIPTION Do you want to Select Yes if you want to set up OTIST security. If you set up OTIST, your wireless enable OTIST? network uses WPA-PSK security, not the security you selected and set up in the previous screen(s).
Figure 19 Connection Wizard: Wireless Security: Extend (WPA-PSK) Security Screen 1 The following table describes the labels in this screen. Table 11 Connection Wizard: Wireless Security: Extend (WPA-PSK) Security Screen 1 LABEL DESCRIPTION Pre-Shared Key Type a pre-shared key from 8 to 63 ASCII characters (including spaces and symbols).
P-870HW-I1 User’s Guide Figure 20 Connection Wizard: Wireless Security: Extend (WPA-PSK) Security Screen 2 The following table describes the labels in this screen. Table 12 Connection Wizard: Wireless Security: Extend (WPA-PSK) Security Screen 2 LABEL DESCRIPTION Do you want to Select Yes if you want to set up OTIST security.
Figure 21 Connection Wizard: Wireless Security: Extend (WPA2-PSK) Security Screen 1 The following table describes the labels in this screen. Table 13 Connection Wizard: Wireless Security: Extend (WPA2-PSK) Security Screen 1 LABEL DESCRIPTION Pre-Shared Key Type a pre-shared key from 8 to 63 ASCII characters (including spaces and symbols).
Figure 23 Connection Wizard: Internet Connection: Auto-Detection 3.7 ISP Parameters Screen Use these screens to set up your Internet connection. The screen depends on which type of Connection Type your Internet connection uses. If your ISP provided you a user name and password, select PPP over Ethernet.
P-870HW-I1 User’s Guide Figure 24 Connection Wizard: ISP Parameters: Ethernet The following table describes the labels in this screen. Table 15 Connection Wizard: ISP Parameters: Ethernet LABEL DESCRIPTION Connection Type Select Ethernet. Back Click this to return to the previous screen. Next Click this to save your changes on this screen and to proceed to the next screen.
Figure 25 Connection Wizard: ISP Parameters: PPPoE The following table describes the labels in this screen. Table 16 Connection Wizard: ISP Parameters: PPPoE LABEL DESCRIPTION Connection Type Select PPP over Ethernet. Service Name Enter the service name provided by your ISP. Leave this field blank if your ISP did not provide one.
P-870HW-I1 User’s Guide Figure 26 Connection Wizard: IP Address Type The following table describes the labels in this screen. Table 17 Connection Wizard: IP Address Type LABEL DESCRIPTION Get automatically Select this if your ISP did not give you a fixed (static) IP address. from ISP Use fixed IP Select this if your ISP gave you a fixed (static) IP address.
Figure 27 Connection Wizard: Static IP Address: Ethernet The following table describes the labels in this screen. Table 18 Connection Wizard: Static IP Address: Ethernet LABEL DESCRIPTION My WAN IP Enter the fixed (static) IP address provided by your ISP. Address My WAN IP Enter the subnet mask provided by your ISP.
P-870HW-I1 User’s Guide Figure 28 Connection Wizard: ISP Parameters: PPPoE The following table describes the labels in this screen. Table 19 Connection Wizard: ISP Parameters: PPPoE LABEL DESCRIPTION My WAN IP Enter the fixed (static) IP address provided by your ISP. Address DNS Servers DNS (Domain Name System) manages the relationships between domain names...
Figure 29 Connection Wizard: MAC Address The following table describes the labels in this screen. Table 20 Connection Wizard: MAC Address LABEL DESCRIPTION Factory default Select this, unless you have spoofed (cloned) your computer’s MAC address before. Spoof this Select this if you want the ZyXEL Device to use the MAC address of another computer’s MAC computer, instead of its default MAC address.
P-870HW-I1 User’s Guide 3.11 Internet Configuration Screen Figure 30 Connection Wizard: Internet Configuration The following table describes the labels in this screen. Table 21 Connection Wizard: Internet Configuration LABEL DESCRIPTION Back Click this to return to the previous screen. Apply Click this to save your changes on this screen and to proceed to the next screen.
Figure 31 Connection Wizard: OTIST: Start 3.13 Congratulations Screen Use this screen to finish the Connection Wizard. Figure 32 Connection Wizard: Congratulations The following table describes the labels in this screen. Table 22 Connection Wizard: Congratulations LABEL DESCRIPTION Finish Click this to close the wizard. Chapter 3 Connection Wizard P-870HW-I1 User’s Guide...
Bandwidth Management Wizard This chapter provides information on the Wizard Setup screens for bandwidth management. Bandwidth management is only useful when the ZyXEL Device is trying to send more traffic out through than the WAN port than the WAN port can support. In this case, bandwidth management allows you to control the amount of traffic going out through the WAN port and which applications can use this traffic.
P-870HW-I1 User’s Guide Figure 33 Main Wizard Screen The following table describes the labels in this screen. Table 23 Main Wizard Screen LABEL DESCRIPTION Connection Select this to set up a basic wireless network and your Internet connection. Wizard Bandwidth Select this to set the priority of various applications, in case there is not enough Management bandwidth for all of them.
Figure 34 BWM Wizard: Welcome The following table describes the labels in this screen. Table 24 BWM Wizard: Welcome LABEL DESCRIPTION Back Click this to return to the previous screen. Next Click this to save your changes on this screen and to proceed to the next screen. Exit Click this to close the wizard without saving the changes on this screen.
P-870HW-I1 User’s Guide Figure 35 BWM Wizard: General Information The following table describes the labels in this screen. Table 25 BWM Wizard: General Information LABEL DESCRIPTION Active Select this to enable bandwidth management. LAN Managed Enter the amount of bandwidth for this interface that you want to allocate using Bandwidth bandwidth management.
Table 25 BWM Wizard: General Information (continued) LABEL DESCRIPTION WAN Managed Enter the amount of bandwidth for this interface that you want to allocate using Bandwidth bandwidth management. It is recommended to set this speed to match what the WAN port’s connection can handle.
P-870HW-I1 User’s Guide The following table describes the labels in this screen. Table 26 BWM Wizard: Services Setup LABEL DESCRIPTION Xbox Live This is Microsoft’s online gaming service that lets you play multiplayer Xbox games on the Internet via broadband technology. Xbox Live uses port 3074. VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP.
Figure 37 BWM Wizard: Priority Setup The following table describes the labels in this screen. Table 27 BWM Wizard: Priority Setup LABEL DESCRIPTION Service This field displays the applications you selected in the previous screen. Priority Select the priority of each application. Other applications have lower priority than all the applications in this screen, including ones to which you assign Low priority.
P-870HW-I1 User’s Guide Figure 38 BWM Wizard: Congratulations The following table describes the labels in this screen. Table 28 BWM Wizard: Congratulations LABEL DESCRIPTION Finish Click this to close the wizard. Chapter 4 Bandwidth Management Wizard...
This chapter introduces the Status screen and the summary screens you can open from it. 5.1 Status Screen To open this screen, click Status. This screen also appears when you log in and select Go to Advanced setup. Figure 39 Status Chapter 5 Status Screen P-870HW-I1 User’s Guide H A P T E R...
P-870HW-I1 User’s Guide The following table describes the labels shown in the Status screen. Table 29 Status LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics.
Table 29 Status LABEL DESCRIPTION Memory Usage This field displays what percentage of the ZyXEL Device’s memory is currently used. Usually, this percentage should not increase much. If memory usage does get close to 100%, the ZyXEL Device is probably becoming unstable, and you should restart the device.
P-870HW-I1 User’s Guide Figure 40 Status > BW MGMT Monitor 5.1.2 Status: DHCP Table To access this screen, click Status, and then click (Details...) next to DHCP Table. Chapter 5 Status Screen...
Figure 41 Status > DHCP Table Each field is described in the following table. Table 30 Status > DHCP Table LABEL DESCRIPTION This field is a sequential value. It is not associated with a specific entry. IP Address This field displays the IP address the ZyXEL Device assigned to a computer in the network.
P-870HW-I1 User’s Guide The following table describes the fields in this screen. Table 31 Status > Packet Statistics LABEL DESCRIPTION Packet Statistics Port This field displays the ZyXEL Device ports. Status This field displays the status of each ZyXEL Device port. The values are the same ones shown in the Status screen.
The following table describes the labels in this screen. Table 32 Status > WLAN Station Status LABEL DESCRIPTION This field is a sequential value. It is not associated with a specific entry. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station.
Page 92
P-870HW-I1 User’s Guide Chapter 5 Status Screen...
This chapter discusses how to configure the wireless network settings in your ZyXEL Device. 6.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 44 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients.
P-870HW-I1 User’s Guide • Every wireless client in the same wireless network must use security compatible with the Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 6.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
For wireless networks, there are two typical places to store the user names and passwords for each user. • In the AP: this feature is called a local user database or a local database. • In a RADIUS server: this is a server used in businesses more than in homes. If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users.
P-870HW-I1 User’s Guide Note: It is recommended that wireless networks use WPA-PSK, WPA, or stronger encryption. IEEE 802.1x and WEP encryption are better than none at all, but it is still possible for unauthorized devices to figure out the original information pretty quickly.
To open this screen, click Network > Wireless LAN. Figure 45 Network > Wireless LAN > General The following table describes the general wireless LAN labels in this screen. Table 34 Network > Wireless LAN > General LABEL DESCRIPTION Wireless Setup Enable Click the check box to activate wireless LAN.
P-870HW-I1 User’s Guide Figure 46 Network > Wireless LAN > General > No Security The following table describes the labels in this screen. Table 35 Network > Wireless LAN > General > No Security LABEL DESCRIPTION Security Mode Select No Security. 6.4.2 General Wireless LAN Screen: Static WEP Use this screen to enable and configure WEP encryption in your wireless network.To open this screen, click Network >...
The following table describes the labels in this screen. Table 36 Network > Wireless LAN > General > Static WEP LABEL DESCRIPTION Security Mode Select Static WEP. WEP Key Enter the key you want to use. You can enter the key using printable ASCII characters or hexadecimal (0-9, A-F, a-f) characters.
P-870HW-I1 User’s Guide Table 37 Network > Wireless LAN > General > WPA-PSK (continued) LABEL DESCRIPTION Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to enter the username and password again before it can use the wireless network again.
The following table describes the labels in this screen. Table 38 Network > Wireless LAN > General > WPA LABEL DESCRIPTION Security Mode Select WPA. ReAuthenticati Specify how often wireless stations have to resend usernames and passwords in on Timer order to stay connected.
Table 39 Network > Wireless LAN > General > 802.1x + Dynamic WEP (continued) LABEL DESCRIPTION IP Address Enter the IP address of the external accounting server in dotted decimal notation. Port Number Enter the port number of the external accounting server. You need not change this value unless your network administrator instructs you to do so.
P-870HW-I1 User’s Guide The following table describes the labels in this screen. Table 40 Network > Wireless LAN > General > 802.1x + Static WEP LABEL DESCRIPTION Security Mode Select 802.1x + Static WEP. WEP Key Enter the key you want to use. You can enter the key using printable ASCII characters or hexadecimal (0-9, A-F, a-f) characters.
Figure 52 Network > Wireless LAN > General > 802.1x + No WEP The following table describes the labels in this screen. Table 41 Network > Wireless LAN > General > 802.1x + No WEP LABEL DESCRIPTION Security Mode Select 802.1x + No WEP. ReAuthenticati Specify how often wireless stations have to resend usernames and passwords in on Timer...
P-870HW-I1 User’s Guide Table 41 Network > Wireless LAN > General > 802.1x + No WEP (continued) LABEL DESCRIPTION Accounting These settings are optional. Server Active Select this to enable user accounting through an external authentication server. IP Address Enter the IP address of the external accounting server in dotted decimal notation. Port Number Enter the port number of the external accounting server.
Table 42 Network > Wireless LAN > General > WPA2-PSK (continued) LABEL DESCRIPTION Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.
P-870HW-I1 User’s Guide The following table describes the labels in this screen. Table 43 Network > Wireless LAN > General > WPA2 LABEL DESCRIPTION Security Mode Select WPA2. Select this if the ZyXEL Device should be able to handle WPA-PSK and WPA2-PSK, Compatible depending on the abilities of each wireless station.
Figure 55 Network > Wireless LAN > OTIST The following table describes the labels in this screen. Table 44 Network > Wireless LAN > OTIST LABEL Setup Key Yes! Start Before you click Start, you should enable OTIST on all the OTIST-enabled wireless clients in the wireless network.
P-870HW-I1 User’s Guide Figure 56 Example: Wireless Client OTIST Screen To start OTIST in the wireless client, click Start in this screen. Note: You must click Start in the ZyXEL Device and in the wireless client(s) within three minutes of each other. You can start OTIST in the wireless clients and the ZyXEL Device in any order.
Figure 59 OTIST: In Progress on the Wireless Client These screens close when the transfer is complete. 6.5.1 Notes on OTIST 1 If you enable OTIST in a wireless client, you see this screen each time you start the utility. Click Yes to search for an OTIST-enabled AP (in other words, the ZyXEL Device).
P-870HW-I1 User’s Guide Figure 61 Network > Wireless LAN > MAC Filter The following table describes the labels in this menu. Table 45 Network > Wireless LAN > MAC Filter LABEL DESCRIPTION Active Select this to enable MAC address filtering. Filter Action Define the filter action for the MAC addresses in the MAC Address table.
6.7 Advanced Wireless LAN Screen Use this screen to enable and configure roaming and other advanced wireless settings in your wireless network. To open this screen, click Network > Wireless LAN > Advanced. Figure 62 Network > Wireless LAN > Advanced The following table describes the labels in this screen.
This chapter describes how to configure outside connections to another network or the Internet. 7.1 WAN Overview 7.1.1 Nailed-Up Connection (PPP) A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The ZyXEL Device does two things when you specify a nailed-up connection. The first is that the idle timeout is disabled.
P-870HW-I1 User’s Guide 7.2 Internet Connection Screens This screen depends on the Encapsulation your ISP uses. 7.2.1 Internet Connection Screen: Ethernet Use this screen to set up an Ethernet connection to the Internet. To open this screen, click Network > WAN > Internet Connection, and set the Encapsulation to Ethernet. Figure 63 Network >...
Table 47 Network > WAN > Internet Connection > Ethernet (continued) LABEL Spoof WAN MAC Address IP Address Apply Reset 7.2.2 Internet Connection Screen: PPP over Ethernet (PPPoE) Use this screen to set up a PPP over Ethernet (PPPoE) connection to the Internet. To open this screen, click Network >...
P-870HW-I1 User’s Guide The following table describes the labels in this screen. Table 48 Network > WAN > Internet Connection > PPP over Ethernet LABEL ISP Parameters for Internet Access Encapsulation Service Name User Name Password Retype to Confirm Nailed-Up Connection Idle Timeout (sec) WAN IP Address...
7.3 Advanced WAN Screen Use this screen to edit the advanced settings for your Internet connection. To open this screen, click Network > WAN > Advanced. Figure 65 Network > WAN > Advanced The following table describes the labels in this screen. Table 49 Network >...
P-870HW-I1 User’s Guide Table 49 Network > WAN > Advanced (continued) LABEL RIP Direction RIP Version Multicast Windows Networking Allow between LAN and WAN Allow Trigger Dial Apply Reset 7.4 Traffic Redirect Screen Use this screen to specify a backup gateway in case the default gateway (your ISP) is not available.
Figure 66 Network > WAN > Traffic Redirect The following table describes the labels in this screen. Table 50 Network > WAN > Traffic Redirect LABEL Active Backup Gateway IP Address Check WAN IP Address Fail Tolerance Period (sec) Timeout (sec) Apply Reset Chapter 7 WAN...
This chapter describes how to configure settings for the LAN port. 8.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
P-870HW-I1 User’s Guide The Version field controls the format and the broadcasting method of the RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.
Figure 67 Example: IP Alias 8.2 LAN IP Screen Use this screen to set up the IP address and subnet mask of your LAN port. To open this screen, click Network > LAN > IP. Figure 68 Network > LAN > IP The following table describes the fields in this screen.
P-870HW-I1 User’s Guide Figure 69 Network > LAN > IP Alias The following table describes the fields in this screen. Table 52 Network > LAN > IP Alias LABEL DESCRIPTION IP Alias 1 IP Alias 1 Select this to add the specified subnet to the LAN port. IP Address Enter the IP address of the ZyXEL Device on the subnet.
Table 52 Network > LAN > IP Alias (continued) LABEL DESCRIPTION RIP Direction Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet. None - The ZyXEL Device does not send or receive routing information on the subnet.
P-870HW-I1 User’s Guide The following table describes the fields in this screen. Table 53 Network > LAN > Advanced LABEL DESCRIPTION RIP & Multicast Setup RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet.
This chapter describes how to configure the DHCP server for the LAN and WLAN ports. 9.1 DHCP Overview Dynamic Host Configuration Protocol (DHCP, RFC 2131, RFC 2132) provides a way to automatically set up and maintain IP addresses, subnet masks, gateways, and some network information (such as the IP addresses of DNS servers) on computers in the network.
P-870HW-I1 User’s Guide • DNS servers - The ZyXEL Device provides IP addresses for up to three DNS servers that provide DNS services for DHCP clients. You can specify each IP address manually (for example, a company’s own DNS server), or you can refer to the DNS servers the ZyXEL Device received from the ISP.
Table 55 Network > DHCP Server > General (continued) LABEL DESCRIPTION First DNS Server Specify the IP addresses of a maximum of three DNS servers that the network can use. The ZyXEL Device provides these IP addresses to DHCP clients. You can Second DNS specify these IP addresses the following ways: Server...
P-870HW-I1 User’s Guide Table 56 DHCP Setup LABEL IP Address Apply Reset 9.4 Client List Screen Use this screen to look at the current list of DHCP clients. It is empty if the DHCP server is disabled. To open this screen, click Network > DHCP Server > Client List. Figure 73 Network >...
Use these screens to configure port forwarding, trigger ports, and other NAT rules for the ZyXEL Device. See 10.1 NAT Overview 10.1.1 Port Forwarding: Services and Port Numbers A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world.
P-870HW-I1 User’s Guide 10.1.2 Trigger Port Forwarding Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN).
10.1.2.2 Two Points To Remember About Trigger Ports 1 Trigger events only happen on data that is going coming from inside the ZyXEL Device and going to the outside. 2 If an application needs a continuous data stream, that port (range) will be tied up so that another computer on the LAN can’t trigger it.
P-870HW-I1 User’s Guide 10.3 Port Forwarding Screen Use this screen to look at the current port-forwarding rules in the ZyXEL Device, and to enable, disable, activate, and deactivate each one. You can also set up a default server to handle ports not covered by rules. To open this screen, click Network > NAT > Port Forwarding.
Table 59 Network > NAT > Port Forwarding (continued) LABEL Server IP Address This field displays the IP address of the server to which packet for the selected port(s) are forwarded. Modify This column provides icons to edit and delete rules. To edit a rule, click the Edit icon next to the rule.
P-870HW-I1 User’s Guide Table 60 Network > NAT > Port Forwarding > Edit (continued) LABEL Apply Click this to save your changes back to the ZyXEL Device. Reset Click this to return to the previous screen without saving any changes. 10.4 Trigger Port Screen Use this screen to maintain port-triggering rules in the ZyXEL Device.
Table 61 Network > NAT > Trigger Port (continued) LABEL DESCRIPTION Start Port Enter the incoming port number or range of port numbers you want to forward to the IP address the ZyXEL Device records. End Port To forward one port number, enter the port number in the Start Port and End Port fields.
P-870HW-I1 User’s Guide The following table describes the fields in this screen. Table 62 Network > NAT > Address Mapping LABEL DESCRIPTION This is the rule index number. Local Start IP This is the range of IP addresses on the LAN port. Local End IP Local Start IP is N/A for Server port mapping.
The following table describes the fields in this screen. Table 63 Network > NAT > Address Mapping > Edit LABEL Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address.
This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 11.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
P-870HW-I1 User’s Guide • The DSL port connects to the Internet. • The LAN (Local Area Network) ports attach to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service.
• Restrict use of certain protocols, such as Telnet, to authorized users on the LAN. These custom rules work by comparing the Source IP address, Destination IP address and IP protocol type of network traffic to rules set by the administrator. Your customized rules take precedence and override the ZyXEL Device’s default rules.
P-870HW-I1 User’s Guide In general, services are consist of two parts. First, each service has one or two IP protocol types (for example, TCP, UDP, or TCP/UDP). Second, each service has one or more port numbers. Together, these parts define the service. See services.
When the number of existing half-open sessions rises above a threshold (max-incomplete high), the ZyXEL Device starts deleting half-open sessions as required to accommodate new connection requests. The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below another threshold (max- incomplete low).
P-870HW-I1 User’s Guide 11.2.1 The “Triangle Route” Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices. You may have more than one connection to the Internet (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL Device’s LAN IP address), the “triangle route”...
3 The reply from the WAN goes to the ZyXEL Device. 4 The ZyXEL Device then sends it to the computer on the LAN in Subnet 1. Figure 84 IP Alias 11.3 Guidelines for Enhancing Security with Your Firewall • Change the default password via CLI (Command Line Interpreter) or web configurator. •...
P-870HW-I1 User’s Guide • Never e-mail sensitive information such as passwords, credit card information, etc., without encrypting the information first. • Never submit sensitive information via a web page unless the web site uses secure connections. You can identify a secure connection by looking for a small “key” icon on the bottom of your browser (Internet Explorer 3.02 or better or Netscape 3.0 or better).
The following table describes the labels in this screen. Table 64 Security > Firewall > General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
P-870HW-I1 User’s Guide Figure 86 Security > Firewall > Rules The following table describes the labels in this screen. Table 65 Security > Firewall > Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using.
Table 65 Security > Firewall > Rules (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule. A window displays asking you to confirm that you want to delete the firewall rule.
The following table describes the labels in this screen. Table 66 Security > Firewall > Rules > Edit LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select what the firewall is to do with packets that Packet match this rule.
P-870HW-I1 User’s Guide Table 66 Security > Firewall > Rules > Edit (continued) LABEL DESCRIPTION Apply Click this to save your changes back to the ZyXEL Device. Cancel Click this to begin configuring this screen afresh. 11.5.2 Customized Services Screen Use this screen to create or edit customized services for firewall rules.
Figure 89 Security > Firewall > Rules > Edit > Edit Customized Services > Edit The following table describes the labels in this screen. Table 68 Security > Firewall > Rules > Edit > Edit Customized Services > Edit LABEL DESCRIPTION Service Name Type a unique name for your custom port.
P-870HW-I1 User’s Guide Figure 90 Security > Firewall > Anti Probing The following table describes the labels in this screen. Table 69 Security > Firewall > Anti Probing LABEL DESCRIPTION Respond to PING The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected.
Figure 91 Security > Firewall > Threshold The following table describes the labels in this screen. Table 70 Security > Firewall > Threshold LABEL DESCRIPTION Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions that causes the firewall to stop deleting half-open sessions.
Page 164
P-870HW-I1 User’s Guide Table 70 Security > Firewall > Threshold (continued) LABEL DESCRIPTION Deny New Select this radio button and specify for how long the ZyXEL Device should block Connection new connection requests when TCP Maximum Incomplete is reached. Request for Enter the length of blocking time in minutes (between 1 and 256).
Use these screens to create and enforce policies that restrict access to the Internet based on content. 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to their needs. Content filtering is the ability to block certain web features or specific URL keywords.
P-870HW-I1 User’s Guide Figure 92 Security > Content Filter > Filter Each field is described in the following table. Table 71 Security > Content Filter > Filter LABEL DESCRIPTION Trusted IP Setup Trusted Computer You can allow a specific computer to access all Internet resources without the IP Address restrictions you set in these screens.
Table 71 Security > Content Filter > Filter LABEL DESCRIPTION Keyword Type a keyword you want to block in this field. You can use up to 64 printable ASCII characters. There is no wildcard character, however. Click this to add the specified Keyword to the Keyword List. You can enter up to 64 keywords.
This chapter explains how to use certificates with your ZyXEL Device. 13.1 Certificates Overview The ZyXEL Device can use certificates (also called digital IDs) to authenticate users and to let users authenticate the ZyXEL Device. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key.
P-870HW-I1 User’s Guide Certification authorities maintain directory servers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled expiration is called a CRL (Certificate Revocation List). The ZyXEL Device can check a peer’s certificate against a directory server’s list of revoked certificates.
Figure 94 Security > Certificates > My Certificates The following table describes the labels in this screen. Table 73 Security > Certificates > My Certificates LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
P-870HW-I1 User’s Guide Table 73 Security > Certificates > My Certificates (continued) LABEL DESCRIPTION Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable.
Figure 95 Security > Certificates > My Certificates > Import The following table describes the labels in this screen. Table 74 Security > Certificates > My Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click this to find the certificate file you want to upload.
P-870HW-I1 User’s Guide Figure 96 Security > Certificates > My Certificates > Create The following table describes the labels in this screen. Table 75 Security > Certificates > My Certificates > Create LABEL Certificate Name Subject Information Common Name Organizational Unit Organization Country DESCRIPTION...
Page 175
Table 75 Security > Certificates > My Certificates > Create (continued) LABEL Key Length Enrollment Options Create a self-signed certificate Create a certification request and save it locally for later manual enrollment Create a certification request and enroll for a certificate immediately online Enrollment Protocol CA Server Address...
P-870HW-I1 User’s Guide Figure 97 Security > Certificates > My Certificates > Create > In Progress Wait while the ZyXEL Device generates the self-signed certificate or certification request. Afterwards, the following screen should appear. Figure 98 Security > Certificates > My Certificates > Create > Successful If the ZyXEL Device is successful, click Return to go to the Security >...
Figure 99 Security > Certificates > My Certificates > Edit The following table describes the labels in this screen. Table 76 Security > Certificates > My Certificates > Edit LABEL Name Property Default self-signed certificate which signs the imported remote host certificates.
Page 178
P-870HW-I1 User’s Guide Table 76 Security > Certificates > My Certificates > Edit (continued) LABEL Refresh Certificate Informations Type Version Serial Number Subject Issuer Signature Algorithm Valid From Valid To Key Algorithm Subject Alternative Name Key Usage Basic Constraint MD5 Fingerprint SHA1 Fingerprint DESCRIPTION Click this to display the certification path.
Table 76 Security > Certificates > My Certificates > Edit (continued) LABEL -- BEGIN CERTIFICATE -- Export Apply Cancel 13.6 Trusted CAs Screen Use this screen to look at certificates from certification authorities that the ZyXEL Device trusts. The ZyXEL Device accepts any valid certificate signed by these certification authorities as being trustworthy so that you do not need to import such certificates.
P-870HW-I1 User’s Guide Figure 100 Security > Certificates > Trusted CAs The following table describes the labels in this screen. Table 77 Security > Certificates > Trusted CAs LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
Table 77 Security > Certificates > Trusted CAs (continued) LABEL DESCRIPTION Import Click this to open the Import Trusted CA screen. Refresh Click this to update the screen. 13.7 Import Trusted CA Screen Use this screen to add the certificate of a trusted certification authority to the ZyXEL Device. To open this screen, click Import in Security >...
P-870HW-I1 User’s Guide Figure 102 Security > Certificates > Trusted CAs > Edit The following table describes the labels in this screen. Table 79 Security > Certificates > Trusted CAs > Edit LABEL Name Check incoming certificates issued by this CA against a Certification Path DESCRIPTION This field displays the identifying name of this certificate.
Page 183
Table 79 Security > Certificates > Trusted CAs > Edit (continued) LABEL Refresh Certificate Information Type Version Serial Number Subject Issuer Signature Algorithm Valid From Valid To Key Algorithm Subject Alternative Name Key Usage Basic Constraint MD5 Fingerprint SHA1 Fingerprint Chapter 13 Certificates DESCRIPTION Click this to display the certification path.
P-870HW-I1 User’s Guide Table 79 Security > Certificates > Trusted CAs > Edit (continued) LABEL Certificate in PEM (Base-64) Encoded Format Export Apply Cancel 13.9 Trusted Remote Hosts Screen Use this screen to look at the certificates of peers that you trust but which are not signed by one of the trusted certification authorities (on the Security >...
Figure 103 Security > Certificates > Trusted Remote Hosts The following table describes the labels in this screen. Table 80 Security > Certificates > Trusted Remote Hosts LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
P-870HW-I1 User’s Guide 13.10 Verifying a Trusted Remote Host’s Certificate Self-signed certificates only have the signature of the host itself. You should be very careful about importing (and thereby trusting) a remote host’s self-signed certificate. You can follow these steps to check that you have the remote host’s actual certificate. 1 Open Windows Explorer.
Figure 105 Security > Certificates > Trusted Remote Host > Import The following table describes the labels in this screen. Table 81 Security > Certificates > Trusted Remote Host > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click this to find the certificate file you want to upload.
P-870HW-I1 User’s Guide Figure 106 Security > Certificates > Trusted Remote Hosts > Edit The following table describes the labels in this screen. Table 82 Security > Certificates > Trusted Remote Hosts > Edit LABEL Name Certification Path Refresh Certificate Information These read-only fields display detailed information about the certificate. Type DESCRIPTION This field displays the identifying name of this certificate.
Page 189
Table 82 Security > Certificates > Trusted Remote Hosts > Edit (continued) LABEL Version Serial Number Subject Issuer Signature Algorithm Valid From Valid To Key Algorithm Subject Alternative Name Key Usage Basic Constraint MD5 Fingerprint SHA1 Fingerprint Certificate in PEM (Base-64) Encoded Format Export...
P-870HW-I1 User’s Guide Table 82 Security > Certificates > Trusted Remote Hosts > Edit (continued) LABEL Apply Cancel 13.13 Directory Servers Screen Use this screen to look at the current list of directory servers, which the ZyXEL Device checks if the certificate does not list a server or if the listed server is not available. To open this screen, click Security >...
13.14 Edit Directory Server Screen Use this screen to create or edit a directory server the ZyXEL Device should use if the certificate does not list a server or if the listed server is not available. To open this screen, click Add or an Edit icon in Security >...
Page 192
P-870HW-I1 User’s Guide Table 84 Security > Certificates > Directory Servers > Edit (continued) LABEL DESCRIPTION Apply Click this to save your changes to the ZyXEL Device. Cancel Click this to return to the previous screen without saving any changes. At the time of writing, LDAP is the only choice of directory server access protocol.
Use these screens to configure static routes in the ZyXEL Device. 14.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
P-870HW-I1 User’s Guide Figure 110 Management > Static Route > IP Static Route Each field is described in the following table. Table 85 Management > Static Route > IP Static Route LABEL DESCRIPTION This field is a sequential value, and it is not associated with a specific rule. The sequence is important, however.
Figure 111 Management > Static Route > IP Static Route > Edit Each field is described in the following table. Table 86 Management > Static Route > IP Static Route > Edit LABEL DESCRIPTION Route Name Enter the name of the static route. Active Select this if you want the static route to be used.
This chapter explains how to configure bandwidth management in your ZyXEL Device. 15.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on application. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules. The ZyXEL Device applies bandwidth management to all traffic, regardless of the source, that it forwards out through an interface.
P-870HW-I1 User’s Guide 15.1.3 Example: Unused and Unbudgeted Bandwidth The following table shows the priorities of applications and the amount of bandwidth that each application gets. Table 88 Example: Priority-based Allotment of Unused and Unbudgeted Bandwidth BANDWIDTH CLASSES, PRIORITIES AND ALLOTMENTS Root Class: 10240 kbps Suppose that all of the applications except for administration need more bandwidth.
15.1.5 Over Allotment of Bandwidth You can set the bandwidth management speed for an interface higher than the interface’s actual transmission speed. Higher priority traffic gets to use up to its allocated bandwidth, even if it takes up all of the interface’s available bandwidth. This could stop lower priority traffic from being sent.
Appendix I on page 431 in this screen. Table 90 Management > Bandwidth MGMT > Configuration LABEL DESCRIPTION Active Select this to enable bandwidth management. LAN BW Enter the amount of bandwidth for this interface that you want to allocate using Budget(kbps) bandwidth management.
P-870HW-I1 User’s Guide Table 90 Management > Bandwidth MGMT > Configuration (continued) LABEL DESCRIPTION Priority Select a priority from the drop down list box. Choose High, Mid or Low. Modify Use this field to edit or erase the rule. Click the Edit icon to open the Edit Bandwidth Management Rule screen. Click the Remove icon to erase this rule.
Appendix I on page 431 in this screen. Table 91 Management > Bandwidth MGMT > Configuration > Edit LABEL Rule Configuration Active Rule Name BW Budget Priority Use All Managed Bandwidth Filter Configuration Service Destination Address Enter the destination IP address in dotted decimal notation. Destination Subnet Netmask Destination Port...
P-870HW-I1 User’s Guide Table 91 Management > Bandwidth MGMT > Configuration > Edit (continued) LABEL DESCRIPTION Source Port Enter the port number of the source. Protocol Select the protocol (TCP or UDP) or select User defined and enter the protocol (service type) number.
Use these screens to control which computers can use which services to access the ZyXEL Device on each interface. 16.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. You may manage your ZyXEL Device from a remote location via: •...
P-870HW-I1 User’s Guide 16.1.2 Remote Management and NAT When NAT is enabled: • Use the ZyXEL Device’s WAN IP address when configuring from the WAN. • Use the ZyXEL Device’s LAN IP address when configuring from the LAN. 16.1.3 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds).
An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP.
P-870HW-I1 User’s Guide Table 93 SNMPv2 Traps TRAP NAME Generic Traps coldStart warmStart linkDown linkUp Traps defined in the ZyXEL Private MIB. whyReboot Some traps include an SNMP interface index. The following table maps the SNMP interface indexes to the ZyXEL Device’s physical ports. Table 94 SNMP Interface Index to Physical Port Mapping INTERFACE TYPE enet0...
Figure 116 Management > Remote MGMT > WWW Each field is described in the following table. Table 95 Management > Remote MGMT > WWW LABEL DESCRIPTION HTTPS Server Certificate Select the certificate the ZyXEL Device provides to clients using this service. Authenticate This field is disabled if you have not set up any trusted certification authorities.
P-870HW-I1 User’s Guide 16.3 Telnet Screen Use this screen to control Telnet access to your ZyXEL Device. To open this screen, click Management > Remote MGMT > Telnet. Figure 117 Management > Remote MGMT > Telnet Each field is described in the following table. Table 96 Management >...
Figure 118 Management > Remote MGMT > FTP Each field is described in the following table. Table 97 Management > Remote MGMT > FTP LABEL DESCRIPTION Server Port Enter the port number this service can use to access the ZyXEL Device. The computer must use the same port number.
P-870HW-I1 User’s Guide Figure 119 Management > Remote MGMT > SNMP Each field is described in the following table. Table 98 Management > Remote MGMT > SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the password for incoming Get requests and GetNext requests from the management station.
16.6 DNS Screen Use this screen to control DNS access to your ZyXEL Device. To open this screen, click Management > Remote MGMT > DNS. Figure 120 Management > Remote MGMT > DNS Each field is described in the following table. Table 99 Management >...
P-870HW-I1 User’s Guide Each field is described in the following table. Table 100 Management > Remote MGMT > Security LABEL DESCRIPTION Respond to Ping Select the interface(s) on which the ZyXEL Device should respond to incoming ping requests. Disable - the ZyXEL Device does not respond to any ping requests. LAN - the ZyXEL Device only responds to ping requests received from the LAN.
Each field is described in the following table. Table 101 Management > Remote MGMT > SSH LABEL DESCRIPTION Server Host Key Select the certificate the ZyXEL Device provides to clients using this service. Server Port This field is read-only. It displays the port number this service uses to access the ZyXEL Device.
P-870HW-I1 User’s Guide The following table gives a description of TR-069 commands. Table 102 TR-069 Commands Command or Root Command Subdirectory tr069 load active [0:no/ 1:yes] acsUrl <URL> username [maxlength:15] password [maxlength:15] periodicEnable [0:Disable/ 1:Enable] informInterval [sec] save Description All TR-069 related commands must be preceded by wan tr069. Start configuring TR-069 on your ZyXEL Device.
This chapter introduces the Universal Plug-and-Play (UPnP) feature. 17.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
P-870HW-I1 User’s Guide When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Table 103 Configuring UPnP LABEL Allow UPnP to pass through Firewall Apply Reset 17.4 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel.
P-870HW-I1 User’s Guide Figure 126 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
P-870HW-I1 User’s Guide 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 17.5 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device.
P-870HW-I1 User’s Guide Figure 131 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Chapter 17 UPnP...
P-870HW-I1 User’s Guide Figure 132 Internet Connection Properties: Advanced Settings Figure 133 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Figure 134 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 135 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first.
P-870HW-I1 User’s Guide Figure 136 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Chapter 17 UPnP...
P-870HW-I1 User’s Guide Figure 137 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 138 Network Connections: My Network Places: Properties: Example Chapter 17 UPnP...
Use this screen to configure the ZyXEL Device’s time and date settings. 18.1 General Setup 18.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
P-870HW-I1 User’s Guide 18.1.2.1 DYNDNS Wildcard Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. 18.1.3 Resetting the Time If you use a time server, the ZyXEL Device updates the current date and time when the ZyXEL Device starts up and in 24-hour intervals after that (until you turn off the ZyXEL...
Table 104 Maintenance > System > General (continued) LABEL DESCRIPTION Domain Name Enter the domain name (if you know it) here. If you leave this field blank, the ISP may assign a domain name via DHCP. The domain name entered by you is given priority over the ISP assigned domain name.
P-870HW-I1 User’s Guide Figure 140 Maintenance > System > Dynamic DNS The following table describes the fields in this screen. Table 105 Maintenance > System > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Enable Dynamic Select this to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider.
Table 105 Maintenance > System > Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. With this feature, the DDNS server automatically detect IP detects and uses the IP address of the appropriate NAT router that has a public IP Address...
P-870HW-I1 User’s Guide The following table describes the fields in this screen. Table 106 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server.
Page 235
Table 106 Maintenance > System > Time Setting (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the first Sunday of April.
This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for examples of log message explanations. 19.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
P-870HW-I1 User’s Guide Log entries in red indicate alerts. The log wraps around and deletes the old entries after it fills up. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order. The following table describes the fields in this screen. Table 107 Maintenance >...
Figure 143 Maintenance > Logs > Log Settings The following table describes the fields in this screen. Table 108 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 240
P-870HW-I1 User’s Guide Table 108 Log Settings LABEL DESCRIPTION Send Log To The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail. Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs.
This chapter upload new firmware, manage configuration and restart your ZyXEL Device. 20.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a.bin extension, for example, "Prestige.bin". Only use firmware for your device’s specific model.
P-870HW-I1 User’s Guide Figure 145 Upload Firmware: In Progress Wait two minutes before logging into the ZyXEL Device again. The ZyXEL Device automatically restarts in this time, which causes a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 146 Upload Firmware: Network Temporarily Disconnected Log in again, and check your new firmware version in the Status screen.
Figure 148 Maintenance > Tools > Configuration The following table describes each field in the screen. Table 110 Maintenance > Tools > Configuration LABEL DESCRIPTION Backup Once your ZyXEL Device is configured and functioning properly, it is highly Configuration recommended that you back up your configuration file before making configuration changes.
P-870HW-I1 User’s Guide Figure 149 Restore Configuration: Successful Wait one minute before logging into the ZyXEL Device again. The ZyXEL Device automatically restarts in this time, which causes a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 150 Restore Configuration: Network Temporarily Disconnected If the IP address of the ZyXEL Device is different in the new configuration, you may need to change the IP address in your browser and maybe put your computer in the same subnet as the...
The System Management Terminal (SMT) provides a text-based, menu-driven console to manage the ZyXEL Device. This chapter describes how to access the SMT and then provides an overview of its menus. 21.1 Accessing the SMT Use Telnet to access the SMT. Follow these steps. 1 In Windows, click Start >...
P-870HW-I1 User’s Guide Figure 154 SMT Main Menu Copyright (c) 1994 - 2003 ZyXEL Communications Corp. Getting Started 1. General Setup 2. WAN Setup 3. LAN Setup 4. Internet Access Setup Advanced Applications 11. Remote Node Setup 12. Static Routing Setup 14.
Page 249
Table 111 SMT Menus Overview (continued) MENUS 3.2 TCP/IP and DHCP Ethernet Setup 3.5 Wireless LAN Setup 4 Internet Access Setup 11 Remote Node Setup 11.1 Remote Node Profile 12 Static Routing Setup 12.1 Edit IP Static Route 14 Dial-in User Setup 14.1 Edit Dial-in User 15 NAT Setup 15.1 Address...
Page 250
P-870HW-I1 User’s Guide Table 111 SMT Menus Overview (continued) MENUS 21.1 Filter Set Configuration 21.2 Firewall Setup 22 SNMP Configuration 23 System Security 23.1 Change Password 23.2 RADIUS Server 23.4 IEEE802.1X 24 System Maintenance 24.1 System Status 24.2 System Information and Console Port Speed 24.3 Log and Trace 24.4 Diagnostic...
Table 111 SMT Menus Overview (continued) MENUS 24.8 Command Interpreter Mode 24.9 Call Control 24.10 Time and Date Setting 24.11 Remote Management Control 25 IP Routing Policy Summary 25.1 IP Routing Policy Setup 26 Schedule Setup 26.1 Schedule Set Setup 99 Exit 21.3 Navigating the SMT Interface Several operations that you should be familiar with before you attempt to modify the...
Page 252
P-870HW-I1 User’s Guide Table 112 Main Menu Commands OPERATION KEYSTROKE Entering information Type in or press [SPACE BAR], then press [ENTER]. Required fields < N/A fields <N/A> Save your [ENTER] configuration Exit the SMT Type 99, then press [ENTER]. DESCRIPTION You need to fill in two types of fields.
Use this menu to set up the system name, domain name, DNS servers, and dynamic DNS. 22.1 General Setup Use this menu to set up the system name, domain name, and DNS servers. See page 229 Chapter 7 on page 119 in the main menu.
P-870HW-I1 User’s Guide Table 113 Menu 1: General Setup (continued) FIELD First System DNS Server Second System DNS Server Third System DNS Server IP Address Edit Dynamic DNS 22.2 Configure Dynamic DNS Use this menu to configure your dynamic DNS account settings. See for background information.
22.3 Configure Dynamic DNS Use this menu to configure your dynamic DNS domain name settings. See for background information. To open this menu, select Yes in Edit Host in menu 1.1. Figure 157 Menu 1.1.1: DDNS Edit Host Hostname= DDNS Type= DynamicDNS Enable Wildcard Option= No Enable Off Line Option= N/A IP Address Update Policy:...
Page 256
P-870HW-I1 User’s Guide Chapter 22 General Setup...
Use this menu to configure the WAN MAC address. See background information. To open this menu, enter 2 in the main menu. Figure 158 Menu 2: WAN Setup The following table describes the labels in this menu. Table 116 Menu 2: WAN Setup FIELD MAC Address Assigned By...
Page 258
P-870HW-I1 User’s Guide Chapter 23 WAN Setup...
Use this menu to set up the LAN IP address, DHCP server, additional subnets, and input and output filter sets for the LAN port. You can also use this menu to configure the wireless network. 24.1 LAN Port Filter Setup Use this menu to specify input and output filter sets for the LAN port.
P-870HW-I1 User’s Guide 24.2 TCP/IP and DHCP Ethernet Setup Use this menu to set up the LAN IP address and to configure the ZyXEL Device’s DHCP server. The DHCP server assigns IP addresses and provides DNS server information to other computers on the LAN or WLAN.
Page 261
Table 118 Menu 3.2: TCP/IP and DHCP Ethernet Setup (continued) FIELD First DNS Server Second DNS Server Third DNS Server IP Address DHCP Server Address TCP/IP Setup IP Address IP Subnet Mask RIP Direction Version Multicast Edit IP Alias Chapter 24 LAN Setup DESCRIPTION Press [SPACE BAR] to select From ISP, User Defined or None and press [ENTER].
P-870HW-I1 User’s Guide 24.3 IP Alias Setup Use this menu to partition your LAN interface into subnets. See Chapter 30 on page 287 Alias in menu 3.2. Figure 161 Menu 3.2.1: IP Alias Setup The following table describes the labels in this menu. Table 119 Menu 3.2.1: IP Alias Setup FIELD IP Alias 1...
Table 119 Menu 3.2.1: IP Alias Setup (continued) FIELD Outgoing protocol filters IP Alias 2 IP Address IP Subnet Mask RIP Direction Version Incoming protocol filters Outgoing protocol filters 24.4 Wireless LAN Setup Use this menu to configure basic wireless settings and wireless security. See page 93 for background information.
P-870HW-I1 User’s Guide Figure 162 Menu 3.5: Wireless LAN Setup The ESSID in the SMT is the same as the SSID in the web configurator. The following table describes the labels in this menu. Table 120 Menu 3.5: Wireless LAN Setup FIELD Enable Wireless LAN ESSID...
24.5 WLAN MAC Address Filter Use this menu to block or allow other devices to access the ZyXEL Device. See page 93 for background information. To open this menu, select Yes in Edit MAC Address Filter in menu 3.5. Figure 163 Menu 3.5.1: WLAN MAC Address Filter -------------------------------------------------------------------------- 00:00:00:00:00:00 00:00:00:00:00:00...
Page 266
P-870HW-I1 User’s Guide Chapter 24 LAN Setup...
Use this menu to set up your Internet connection. See on page 137 for background information. To open this menu, enter 4 in the main menu. Figure 164 Menu 4: Internet Access Setup The following table describes the labels in this menu. Table 122 Menu 4: Internet Access Setup FIELD ISP’s Name...
Page 268
P-870HW-I1 User’s Guide Table 122 Menu 4: Internet Access Setup (continued) FIELD Gateway IP Address Network Address Translation DESCRIPTION This field is not available if your ISP uses PPPoE encapsulation. Enter the IP address of the gateway provided by your ISP. Select None if you do not want to use port forwarding, trigger ports, or NAT.
Use this menu to set up your Internet connection, input and output filter sets for the WAN port, advanced features for the WAN port, or a backup gateway. 26.1 Remote Node Profile Use this menu to set up your Internet connection. See on page 347 for background information.
P-870HW-I1 User’s Guide Table 123 Menu 11.1: Remote Node Profile (continued) FIELD My Login My Password Retype to Confirm Authen Route Edit IP Telco Option Allocated Budget(min) Enter the maximum amount of time (in minutes) each call can last. Enter 0 if Period(hr) Schedules Nailed-Up Connection Select this if you want the ZyXEL Device to automatically connect to your ISP...
Figure 166 Menu 11.1.2: Remote Node Network Layer Options The following table describes the labels in this menu. Table 124 Menu 11.1.2: Remote Node Network Layer Options FIELD IP Address Assignment IP Address IP Subnet Mask Gateway IP Addr Rem IP Addr Rem Subnet Mask My WAN Addr Network Address...
P-870HW-I1 User’s Guide Table 124 Menu 11.1.2: Remote Node Network Layer Options (continued) FIELD Private RIP Direction Version Multicast 26.3 Remote Node Filter Use this menu to specify input and output filter sets for the WAN port. See for background information. To open this menu, select Yes in Edit Filter Sets in menu 11.1.
P-870HW-I1 User’s Guide Figure 168 Menu 11.1.5: Traffic Redirect Setup The following table describes the labels in this menu. Table 126 Menu 11.1.5: Traffic Redirect Setup FIELD Active Configuration Backup Gateway IP Address Metric Check WAN IP Address Fail Tolerance Period(sec) Timeout(sec) Menu 11.1.5 - Traffic Redirect Setup...
Use this menu to look at and configure IP static routes. 27.1 IP Static Route Setup Use this menu to look at IP static routes. See information. To open this menu, enter 12 in the main menu. Figure 169 Menu 12: IP Static Route Setup 1.
P-870HW-I1 User’s Guide 27.2 Edit IP Static Route Use this menu to configure IP static routes. See information. To open this menu, enter an IP static route number in Enter selection number in menu 12. Figure 170 Menu 12.1: Edit IP Static Route The following table describes the labels in this menu.
Use this menu to look at and configure local user profiles on the ZyXEL Device. 28.1 Dial-in User Setup Use this menu to look at local user profiles on the ZyXEL Device. See for background information. To open this menu, enter 14 in the main menu. Figure 171 Menu 14: Dial-in User Setup 1.
P-870HW-I1 User’s Guide Figure 172 Menu 14.1: Edit Dial-in User The following table describes the labels in this menu. Table 130 Menu 14.1: Edit Dial-in User FIELD User Name Active Password Menu 14.1 - Edit Dial-in User User Name= ? Active= No Password= ? DESCRIPTION...
Use this menu to configure address mapping, port forwarding, and trigger ports. 29.1 Address Mapping Sets Use this menu to select which address mapping set you want to configure. See page 137 for background information. To open this menu, enter 1 in menu 15. Figure 173 Menu 15.1: Address Mapping Sets You cannot create The following table describes the labels in this menu.
P-870HW-I1 User’s Guide Figure 174 Menu 15.1.1: Address Mapping Rules Menu 15.1.1 - Address Mapping Rules Set Name= ACL Default Set Local Start IP --------------- The following table describes the labels in this menu. Table 132 Menu 15.1.1: Address Mapping Rules FIELD Set Name Local Start IP...
Table 132 Menu 15.1.1: Address Mapping Rules (continued) FIELD Type Action Select Rule 29.3 Address Mapping Rule Use this menu to configure network address translation mapping rules. See for background information. To open this menu, select one of the address mapping rules in menu 15.1.1.
P-870HW-I1 User’s Guide The following table describes the labels in this menu. Table 133 Menu 15.1.1.1: Address Mapping Rule FIELD Type Local IP: Start Global IP: Start 29.4 NAT Server Setup Use this menu to look at servers for which you have configured port forwarding rules. See Chapter 10 on page 137 DESCRIPTION Choose the port mapping type from one of the following.
Figure 176 Menu 15.2: NAT Server Setup Rule ------------------------------------------------------ Select Command= None The following table describes the labels in this menu. Table 134 Menu 15.2: NAT Server Setup FIELD Default Server Rule Act. Start Port End Port IP Address Select Command Select Rule 29.5 NAT Server Configuration Use this menu to configure port forwarding rules for servers behind the ZyXEL Device.
P-870HW-I1 User’s Guide Figure 177 Menu 15.2.1: NAT Server Configuration Wan= 1 ----------------------------------------------------------------- Name= Active= No Start port= 0 IP Address= 0.0.0.0 The following table describes the labels in this menu. Table 135 Menu 15.2.1: NAT Server Configuration FIELD Index Name Active Start port...
Figure 178 Menu 15.3: Trigger Port Setup Rule ---------------------------------------------------------------------- The following table describes the labels in this menu. Table 136 Menu 15.3: Trigger Port Setup FIELD Name Incoming Start Port End Port Trigger Start Port End Port Chapter 29 NAT Setup Menu 15.3 - Trigger Port Setup Incoming Name...
This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Your ZyXEL Device uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
P-870HW-I1 User’s Guide 30.1.1 The Filter Structure of the ZyXEL Device A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
Figure 180 Filter Rule Process You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
P-870HW-I1 User’s Guide Figure 181 Menu 21: Filter and Firewall Setup 2 Enter 1 to bring up the following menu. Figure 182 Menu 21.1: Filter Set Configuration Filter Set # ------ ----------------- _______________ NetBIOS_WAN NetBIOS_LAN IGMP _______________ _______________ Select the filter set you wish to configure (1-12) and press [ENTER] Enter a descriptive name or comment in the Edit Comments field and press [ENTER].
Figure 183 Menu 21.1.1: Filter Rules Summary # A Type - - ---- --------------------------------------------------------------- - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138 3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 5 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 6 Y IP...
P-870HW-I1 User’s Guide Table 138 Rule Abbreviations Used (continued) ABBREVIATION Refer to the next section for information on configuring the filter rules. 30.2.1 Configuring a Filter Rule To configure a filter rule, type its number in Menu 21.1.1 - Filter Rules Summary and press [ENTER] to open menu 21.1.1.1 for the rule.
Figure 184 Menu 21.1.1.1 TCP/IP Filter Rule. The following table describes how to configure your TCP/IP filter rule. Table 139 TCP/IP Filter Rule FIELD DESCRIPTION Filter # This is the filter set, filter rule coordinates, i.e., 2,3 refers to the second filter set and the third rule of that set.
Page 294
P-870HW-I1 User’s Guide Table 139 TCP/IP Filter Rule (continued) FIELD DESCRIPTION Port # Comp Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the destination port in the packet against the value given in Destination: Port #. Source IP Addr Enter the source IP Address of the packet you wish to filter.
Figure 185 Executing an IP Filter 30.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. Chapter 30 Filter Setup P-870HW-I1 User’s Guide...
P-870HW-I1 User’s Guide For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
Table 140 Generic Filter Rule Menu Fields FIELD DESCRIPTION Filter # This is the filter set, filter rule coordinates, i.e., 2,3 refers to the second filter set and the third rule of that set. Filter Type Use [SPACE BAR] and then [ENTER] to select a rule type. Parameters displayed below each type will be different.
P-870HW-I1 User’s Guide Figure 187 Telnet Filter Example 1 Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup. 2 Enter 1 to open Menu 21.1 - Filter Set Configuration. 3 Enter the index of the filter set you wish to configure (say 3) and press [ENTER] 4 Enter a descriptive name or comment in the Edit Comments field and press [ENTER].
• The Port # for the telnet service (TCP protocol) is 23. See RFC 1060 for port numbers of well-known services. • Select Equal from the Port # Comp field as you are looking for packets going to port 23 only.
P-870HW-I1 User’s Guide 30.4 Filter Types and NAT There are two classes of filter rules, Generic Filter (Device) rules and protocol filter (TCP/ IP) rules. Generic filter rules act on the raw data from/to LAN and WAN. Protocol filter rules act on the IP packets.
Figure 191 Filtering LAN Traffic Menu 3.1 - LAN Port Filter Setup Press ENTER to Confirm or ESC to Cancel: 30.6.2 Applying Remote Node Filters Go to menu 11.5 (shown below – note that call filter sets are only present for PPPoE encapsulation) and enter the number(s) of the filter set(s) as appropriate.
P-870HW-I1 User’s Guide Figure 193 Menu 11.1: Remote Node Profile Rem Node Name= ChangeMe Active= Yes Encapsulation= PPPoE Service Name= Outgoing: My Login= hello My Password= ******** Retype to Confirm= ******** Authen= CHAP/PAP The following table describes the labels in this menu. Table 141 Menu 11.1: Remote Node Profile FIELD Rem Node Name...
Page 303
Table 141 Menu 11.1: Remote Node Profile (continued) FIELD Nailed-Up Connection Select this if you want the ZyXEL Device to automatically connect to your ISP Session Options Edit Filter Sets Idle Timeout(sec) Edit Traffic Redirect Chapter 30 Filter Setup DESCRIPTION when it is turned on and to remain connected all the time.
Use this menu to activate or deactivate the firewall. See background information. To open this menu, enter 2 in menu 21. Figure 194 Menu 21.2: Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is turned off.
Use this menu to configure your ZyXEL Device’s settings for Simple Network Management Protocol (SNMP) management. See open this menu, enter 22 in the main menu. Figure 195 Menu 22: SNMP Configuration The following table describes the labels in this menu. Table 142 Menu 22: SNMP Configuration FIELD Get Community...
Use this menu to configure the administrator password and to configure wireless authentication for the ZyXEL Device. 33.1 Change Password Use this menu to change the administrator password for the ZyXEL Device. This is the same password used to access the web configurator. To open this menu, enter 1 in menu 23. Figure 196 Menu 23.1: System Security - Change Password The following table describes the labels in this menu.
P-870HW-I1 User’s Guide Figure 197 Menu 23.2: System Security - RADIUS Server The following table describes the labels in this menu. Table 144 Menu 23.2: System Security - RADIUS Server FIELD Authentication Server Active Server Address Port # Shared Secret Accounting Server Active Server Address...
Figure 198 Menu 23.4: System Security - IEEE802.1x Wireless Port Control= No Authentication Required ReAuthentication Timer (in second)= N/A Idle Timeout (in second)= N/A Key Management Protocol= N/A Dynamic WEP Key Exchange= N/A PSK = N/A WPA Mixed Mode= N/A WPA Broadcast/Multicast Key Update Timer= N/A Authentication Databases= N/A The following table describes the labels in this menu.
Page 312
P-870HW-I1 User’s Guide Table 145 Menu 23.4: System Security - IEEE802.1x (continued) FIELD WPA Mixed Mode WPA Broadcast/ Multicast Key Update Timer Authentication Databases DESCRIPTION This field is enabled if the Key Management Protocol is WPA-PSK or WPA2- PSK. Type a pre-shared key from 8 to 63 ASCII characters (including spaces and symbols).
System Maintenance 24.1 - 24.4 This chapter covers menus 24.1 through 24.4. Use these menus to get a variety of system information and to perform system diagnostics. 34.1 Status Use this menu to look at packet statistics, interface status, and basic device information. See Chapter 5 on page 85 Figure 199 Menu 24.1: System Maintenance - Status Port...
P-870HW-I1 User’s Guide Table 146 Menu 24.1: System Maintenance - Status (continued) FIELD Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time Port Ethernet Address IP Address IP Mask DHCP System up Time Name Routing ZyNOS F/W Version Press Command 34.2 Information Use this menu to look at basic device information and LAN interface settings.
Figure 200 Menu 24.2.1: System Maintenance - Information The following table describes the labels in this menu. Table 147 Menu 24.2.1: System Maintenance - Information FIELD Name Routing ZyNOS F/W Version Country Code Ethernet Address IP Address IP Mask DHCP 34.3 Change Console Port Speed Note: The console port is internal and reserved for technician use only.
P-870HW-I1 User’s Guide Figure 201 Menu 24.2.2: System Maintenance - Change Console Port Speed Menu 24.2.2 - System Maintenance - Change Console Port Speed The following table describes the labels in this menu. Table 148 Menu 24.2.2: System Maintenance - Change Console Port Speed FIELD Console Port Speed 34.4 Syslog Logging...
34.5 Call-Triggering Packet Use this menu to look at information about the packet that triggered a dial-out call. The packet is displayed in an easy-to-read format. To open this menu, enter 4 in menu 24.3. Figure 203 Menu 24.3.4: Call-Triggering Packet (Example) IP Frame: ENET0-RECV Size: Frame Type: IP Header:...
P-870HW-I1 User’s Guide Figure 204 Menu 24.4: System Maintenance - Diagnostic The following table describes the labels in this menu. Table 150 Menu 24.4: System Maintenance - Diagnostics FIELD Ping Host WAN DHCP Release WAN DHCP Renewal Select this if you want to get a new IP address, subnet mask, and other network PPPoE Setup Test Reboot System Enter Menu Selection...
System Maintenance 24.5 - 24.7 This chapter covers menus 24.5 through 24.7. Use these menus to backup and restore your configuration file, as well as upload new firmware and configuration files. 35.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc.
P-870HW-I1 User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary.
Figure 205 Menu 24.5: Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "admin" and SMT password as requested.
P-870HW-I1 User’s Guide Figure 206 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec.
3 Enter command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete. 4 Launch the TFTP client on your computer and connect to the ZyXEL Device. Set the transfer mode to binary before starting data transfer.
P-870HW-I1 User’s Guide 1 Display menu 24.5 and enter “y” at the following screen. Figure 207 System Maintenance: Backup Configuration Ready to backup Configuration via Xmodem. Do you want to continue (y/n): 2 The following screen indicates that the Xmodem download has started. Figure 208 System Maintenance: Starting Xmodem Download Screen You can enter ctrl-x to terminate operation any time.
35.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter. Figure 211 Menu 24.6: Restore Configuration To transfer the firmware and the configuration file, follow the procedure below: 1.
P-870HW-I1 User’s Guide 35.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyXEL Device, you will see the following screens for uploading firmware and the configuration file using FTP.
Figure 214 Menu 24.7.2: System Maintenance - Upload System Configuration File Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "admin" and SMT password as requested.
P-870HW-I1 User’s Guide Figure 215 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec.
TFTP [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyXEL Device’s IP address, “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the ZyXEL Device).
P-870HW-I1 User’s Guide 35.4.8 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 217 Example Xmodem Upload After the firmware upload process has completed, the ZyXEL Device will automatically restart. 35.4.9 Uploading Configuration File Via Console Port Note: The console port is internal and reserved for technician use only.
Figure 218 Menu 24.7.2 as seen using the Console Port Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload system configuration file: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atlc" after "Enter Debug Mode" message. 3.
System Maintenance 24.8 - 24.11 This chapter covers menus 24.8 through 24.11. Use these menus to get a use CI commands, see how long you have accessed the Internet and how much budgeted time remains, set the current date and time, and configure remote access to the ZyXEL Device. 36.1 Command Interpreter Mode Use this menu to use CI commands.
P-870HW-I1 User’s Guide Figure 221 Menu 24.9.1: Budget Management Remote Node 1.ChangeMe The following table describes the labels in this menu. Table 154 Menu 24.9.1: Budget Management FIELD Remote Node Connection Time/ Total Budget Elapsed Time/Total Period Reset Node 36.3 Call History This menu is only applicable your Internet connection uses PPPoE encapsulation.
Figure 222 Menu 24.9.2: Call History Phone Number The following table describes the labels in this menu. Table 155 Menu 24.9.2: Call History FIELD Phone Number Rate #call Total Enter Entry to Delete 36.4 Time and Date Setting Use this menu to change your ZyXEL Device’s time and date. See background information.
P-870HW-I1 User’s Guide Figure 223 Menu 24.10: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= Manual Time Server Address= N/A Current Time: New Time (hh:mm:ss): Current Date: New Date (yyyy-mm-dd): Time Zone= (GMT+03:00) Baghdad, Kuwait, Nairobi, Riyadh, Moscow Daylight Saving= No Start Date (mm-nth-week-hr): End Date (mm-nth-week-hr):...
Table 156 Menu 24.10: Time and Date Setting (continued) FIELD Start Date End Date 36.5 Remote Management Control Use this screen to configure through which interface(s) and from which IP address(es) users can use various protocols to manage the ZyXEL Device. See background information.
P-870HW-I1 User’s Guide Figure 224 Menu 24.11: Remote Management Control TELNET Server: FTP Server: SSH Server: HTTPS Server: HTTP Server: SNMP Service: DNS Service: The following table describes the labels in this menu. Table 157 Menu 24.11: Remote Management Control FIELD Port Access...
IP Routing Policy Setup Use this menu to look at and configure policy routes. 37.1 Policy Route Traditionally, routing is based on the destination address only and the ZyXEL Device takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
P-870HW-I1 User’s Guide IPPR follows the existing packet filtering facility of RAS in style and in implementation. 37.4 IP Routing Policy Summary Use this menu to look at policy routes. To open this menu, enter 25 in the main menu. Figure 225 Menu 25: IP Routing Policy Summary --- - --------------------------------------------------------------------- 001 N SA=1.1.1.1-1.1.1.1 DA=2.2.2.2-2.2.2.5...
Table 159 Menu 25: IP Routing Policy Summary, Abbreviations (continued) ABBREVIATION MEANING Precedence of incoming packet Action Gateway IP address Outgoing Type of service Outgoing Precedence Service Normal Minimum Delay Maximum Throughput Maximum Reliability Minimum Cost 37.5 IP Routing Policy Setup Use this menu to configure policy routes.
P-870HW-I1 User’s Guide Table 160 Menu 25.1: IP Routing Policy Setup (continued) FIELD Criteria IP Protocol Type of Service Precedence Packet Length Len Comp Source addr start / end port start / end Destination addr start / end port start / end Action Gateway addr Type of Service...
Figure 227 Menu 25.1.1: IP Routing Policy Setup Apply policy to packets received from: LAN= No WAN= No The following table describes the labels in this menu. Table 161 Menu 25.1.1: IP Routing Policy Setup FIELD 37.7 IP Policy Routing Example If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy.
P-870HW-I1 User’s Guide 1 Create a rule in Menu 25.1 - IP Routing Policy Setup as shown next. Figure 229 IP Routing Policy Example 1 Menu 25.1 - IP Routing Policy Setup Rule Index= 1 Criteria: IP Protocol Type of Service= Don't Care Precedence Source: Destination:...
Figure 230 IP Routing Policy Example 2 Menu 25.1 - IP Routing Policy Setup Rule Index= 2 Criteria: IP Protocol Type of Service= Don't Care Precedence Source: Destination: Action= Matched Edit policy to packets received from= No 5 Select Yes in the LAN field in menu 25.1.1 to apply the policy to packets received on the LAN port.
Use this menu to look at and configure the schedule sets in the ZyXEL Device. 38.1 Schedule Set Overview Call scheduling (applicable for PPPoE encapsulation only) allows the ZyXEL Device to manage a remote node and dictate when a remote node should be called and for how long. This feature is similar to the scheduler that lets you specify a time period to record a television program in a VCR or TiVo.
P-870HW-I1 User’s Guide Figure 231 Menu 26: Schedule Setup Schedule Set # ------ ----------------- _______________ _______________ _______________ _______________ _______________ _______________ The following table describes the labels in this menu. Table 162 Menu 26: Schedule Setup FIELD 1-12 Enter Schedule Set Number to Configure Edit Name 38.3 Schedule Set Setup...
Figure 232 Menu 26.1: Schedule Set Setup Active= Yes How Often= Once Start Date(yyyy-mm-dd)= N/A Once: Date(yyyy-mm-dd)= 2000 - 01 - 01 Weekdays: Sunday= N/A Monday= N/A Tuesday= N/A Wednesday= N/A Thursday= N/A Friday= N/A Saturday= N/A Start Time(hh:mm)= 00 : 00 Duration(hh:mm)= 00 : 00 Action= Forced On The following table describes the labels in this menu.
Page 350
P-870HW-I1 User’s Guide Table 163 Menu 26.1: Schedule Set Setup (continued) FIELD Duration Action DESCRIPTION Enter the maximum length of time this connection is allowed in hour-minute format. Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field.
This chapter covers potential problems and the corresponding remedies. 39.1 Problems Starting Up the ZyXEL Device The following table identifies some remedies if you have problems starting up the ZyXEL Device. Table 164 Troubleshooting Starting Up Your ZyXEL Device PROBLEM CORRECTIVE ACTION None of the Make sure that the ZyXEL Device’s power adaptor is connected to the ZyXEL Device...
P-870HW-I1 User’s Guide 39.3 Problems with the WAN The following table identifies some remedies if you have problems with the Internet connection. Table 166 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL light is Check the telephone wire and connections between the ZyXEL Device DSL port off.
39.4 Problems Accessing the ZyXEL Device The following table identifies some remedies if you have problems accessing the ZyXEL Device. Table 167 Troubleshooting Accessing the ZyXEL Device PROBLEM CORRECTIVE ACTION I cannot The default password is access the If you have changed the password and have now forgotten it, you have to reset the ZyXEL Device.
P-870HW-I1 User’s Guide Figure 233 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled.
P-870HW-I1 User’s Guide Figure 235 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Chapter 39 Troubleshooting...
P-870HW-I1 User’s Guide Figure 236 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 39.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
P-870HW-I1 User’s Guide Figure 237 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
P-870HW-I1 User’s Guide Figure 238 Security Settings - Java Scripting 39.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Figure 239 Security Settings - Java 39.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Chapter 39 Troubleshooting P-870HW-I1 User’s Guide...
P-870HW-I1 User’s Guide Figure 240 Java (Sun) 39.4.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX controls or to use Trend Micro Security Services. Make sure that ActiveX controls are allowed in Internet Explorer. Screen shots for Internet Explorer 6 are shown.
P-870HW-I1 User’s Guide Figure 241 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected.
The values are accurate at the time of writing. Table 168 Device Specifications Default IP Address Default Subnet Mask Default Password Dimensions (W x D x H) Power Specification Built-in Switch Antenna Operating Temperature Operating Humidity Appendix A Product Specifications Product Specifications 192.168.1.1 255.255.255.0 (24 bits)
Page 364
P-870HW-I1 User’s Guide Appendix A Product Specifications...
P-870HW-I1 User’s Guide Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Figure 243 Windows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add.
P-870HW-I1 User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
Figure 245 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
P-870HW-I1 User’s Guide Figure 246 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 247 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix B Setting up Your Computer’s IP Address...
Figure 248 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 249 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
P-870HW-I1 User’s Guide • Click Advanced. Figure 250 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Figure 251 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
P-870HW-I1 User’s Guide Figure 252 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Figure 253 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 254 Macintosh OS X: Network 4 For statically assigned settings, do the following: •...
P-870HW-I1 User’s Guide 6 Restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. Linux This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version.
Figure 256 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
P-870HW-I1 User’s Guide Figure 258 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
Figure 260 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.10 NETMASK=255.255.255.0 USERCTL=no PEERDNS=yes TYPE=Ethernet 2 If you know your DNS server IP address(es), enter the DNS server information in the file in the resolv.conf two DNS server IP addresses are specified. Figure 261 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2...
The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. You can configure NetBIOS filters to do the following: •...
P-870HW-I1 User’s Guide The filter types and their default settings are as follows. Table 169 NetBIOS Filter Default Settings NAME DESCRIPTION Between LAN This field displays whether NetBIOS packets are blocked or forwarded and WAN between the LAN and the WAN. IPSec Packets This field displays whether NetBIOS packets sent through a VPN connection are blocked or forwarded.
NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network. NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device.
P-870HW-I1 User’s Guide What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 265 NAT Application With IP Alias NAT Mapping Types NAT supports five types of IP/port mapping.
P-870HW-I1 User’s Guide Note: Port numbers do not change for One-to-One and Many One-to-One NAT mapping types. The following table summarizes these types. Table 171 NAT Mapping Types TYPE One-to-One Many-to-One (SUA/PAT) Many-to-Many Overload Many One-to-One Server NAT Types This section discusses the following NAT types that may be implemented on a router in front of the ZyXEL Device.
The following table summarizes how these NAT types handle outgoing and incoming packets. Read the following sections for more details and examples. Table 172 NAT Types FULL CONE Incoming Any external host Packets can send packets to the mapped external IP address and port.
P-870HW-I1 User’s Guide Figure 266 Full Cone NAT Example Restricted Cone NAT As in full cone NAT, a restricted cone NAT router maps all outgoing packets from an internal IP address and port to a single IP address and port on the external network. In the following example, the NAT router maps the source address of all packets sent from internal IP address 1 and port A to IP address 2 and port B on the external network.
Figure 267 Restricted Cone NAT Example Port Restricted Cone NAT As in full cone NAT, a port restricted cone NAT router maps all outgoing packets from an internal IP address and port to a single IP address and port on the external network. In the following example, the NAT router maps the source address of all packets sent from internal IP address 1 and port A to IP address 2 and port B on the external network.
P-870HW-I1 User’s Guide Figure 268 Port Restricted Cone NAT Example Symmetric NAT The full, restricted and port restricted cone NAT types use the same mapping for an outgoing packet’s source address regardless of the destination IP address and port. In symmetric NAT, the mapping of an outgoing packet’s source address to a source address in another network is different for each different destination IP address and port.
Figure 269 Symmetric NAT SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types.
Page 390
P-870HW-I1 User’s Guide Appendix D NAT...
This appendix provides descriptions of example log messages. Table 174 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s Successful WEB login WEB login failed Successful TELNET login TELNET login failed Successful FTP login FTP login failed...
Table 177 TCP Reset Logs LOG MESSAGE Under SYN flood attack, sent TCP RST Exceed TCP MAX incomplete, sent TCP RST Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP Table 178 Packet Filter Logs...
Table 181 PPP Logs (continued) LOG MESSAGE ppp:LCP Closing ppp:IPCP Closing Table 182 UPnP Logs LOG MESSAGE UPnP pass through Firewall Table 183 Content Filtering Logs LOG MESSAGE %s: Keyword blocking %s: Not in trusted web list %s: Forbidden Web site The web site is in the forbidden web site list. %s: Contains ActiveX %s: Contains Java applet...
Table 187 PKI Logs (continued) LOG MESSAGE Rcvd data <size> too large! Max size allowed: <max size> Cert trusted: <subject name> Due to <reason codes>, cert not trusted: <subject name> Table 188 Certificate Path Verification Failure Reason Codes CODE DESCRIPTION Algorithm mismatch between the certificate and the search constraints.
Table 190 ACL Setting Notes PACKET DIRECTION (L to W) (W to L) (L to L/ZW) (W to W/ZW) Table 191 ICMP Notes TYPE CODE Appendix F Log Descriptions DIRECTION DESCRIPTION LAN to WAN ACL set for packets traveling from the LAN to the WAN. WAN to LAN ACL set for packets traveling from the WAN to the LAN.
P-870HW-I1 User’s Guide Table 191 ICMP Notes (continued) TYPE CODE Table 192 Syslog Logs LOG MESSAGE <Facility*8 + Severity>Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" devID="<mac address last three numbers>" cat="<category> The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
ZyXEL Device is to record. 2 Use sys logs category to view a list of the log categories. Figure 270 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras>? Valid commands are: certificates ras>...
P-870HW-I1 User’s Guide • Use the sys logs display [log category] command to show the logs in an individual ZyXEL Device log category. • Use the sys logs clear command to erase all of the ZyXEL Device’s logs. Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results.
The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware is started. When you start up your ZyXEL Device, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen.
P-870HW-I1 User’s Guide Figure 273 Boot Module Commands just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA(y,m,d) change system date to year/month/day or show...
This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices.
P-870HW-I1 User’s Guide Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space. Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 274 on page If you enter a parameter that is invalid in the Input column, the ZyXEL Device will not save...
Figure 277 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “...
P-870HW-I1 User’s Guide Example Internal SPTGEN Menus This section provides example Internal SPTGEN menus. Table 194 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number Field Name Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device.
Page 419
Table 196 Menu 3 30100012 = Output protocol filters Set 4 30100013 = Output device filters Set 1 30100014 = Output device filters Set 2 30100015 = Output device filters Set 3 30100016 = Output device filters Set 4 / Menu 3.2 TCP/IP and DHCP Ethernet Setup 30200001 = DHCP 30200002 =...
Page 420
P-870HW-I1 User’s Guide Table 196 Menu 3 30201005 = Version 30201006 = IP Alias #1 Incoming protocol filters Set 1 30201007 = IP Alias #1 Incoming protocol filters Set 2 30201008 = IP Alias #1 Incoming protocol filters Set 3 30201009 = IP Alias #1 Incoming protocol filters Set 4...
P-870HW-I1 User’s Guide Table 199 Menu 15 SUA Server Setup / Menu 15 SUA Server Setup 150000001 = SUA Server IP address for default port 150000002 = SUA Server #2 Active 150000003 = SUA Server #2 Protocol 150000004 = SUA Server #2 Port Start 150000005 = SUA Server #2 Port End 150000006 =...
Table 199 Menu 15 SUA Server Setup (continued) 150000031 = SUA Server #7 Local IP address 150000032 = SUA Server #8 Active 150000033 = SUA Server #8 Protocol 150000034 = SUA Server #8 Port Start 150000035 = SUA Server #8 Port End 150000036 = SUA Server #8 Local IP address 150000037 =...
Page 426
P-870HW-I1 User’s Guide Table 200 Menu 21.1 Filter Set #1 (continued) 210101002 = IP Filter Set 1,Rule 1 Active 210101003 = IP Filter Set 1,Rule 1 Protocol 210101004 = IP Filter Set 1,Rule 1 Dest IP address 210101005 = IP Filter Set 1,Rule 1 Dest Subnet Mask 210101006 = IP Filter Set 1,Rule 1 Dest Port 210101007 =...
Table 200 Menu 21.1 Filter Set #1 (continued) 210102013 = IP Filter Set 1,Rule 2 Act Match 210102014 = IP Filter Set 1,Rule 2 Act Not Match Table 201 Menu 21.1 Filer Set #2 / Menu 21.1 filter set #2, 210200001 = Filter Set 2, Nam / Menu 21.1.2.1 Filter set #2, rule #1...
P-870HW-I1 User’s Guide Table 201 Menu 21.1 Filer Set #2 (continued) 210202001 = IP Filter Set 2, Rule 2 Type 210202002 = IP Filter Set 2, Rule 2 Active 210202003 = IP Filter Set 2, Rule 2 Protocol 210202004 = IP Filter Set 2, Rule 2 Dest IP address 210202005 =...
Table 202 Menu 23 System Menus (continued) 230200005 = Authentication Server Shared Secret 230200006 = Accounting Server Configured 230200007 = Accounting Server Active 230200008 = Accounting Server IP Address 230200009 = Accounting Server Port 230200010 = Accounting Server Shared Secret */ Menu 23.4 System security: IEEE802.1x 230400001 = Wireless Port Control...
Page 430
P-870HW-I1 User’s Guide Table 203 Menu 24.11 Remote Management Control (continued) 241100002 = TELNET Server Access 241100003 = TELNET Server Secured IP address 241100004 = FTP Server Port 241100005 = FTP Server Access 241100006 = FTP Server Secured IP address 241100007 = WEB Server Port 241100008 =...
The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP.
Page 432
P-870HW-I1 User’s Guide Table 204 Examples of Services (continued) NAME HTTPS ICMP IGMP (MULTICAST) IMAP4 IMAP4S MSN Messenger NetBIOS NEW-ICQ NEWS NNTP PING POP3 POP3S PPTP PPTP_TUNNEL (GRE) RCMD PROTOCOL PORT(S) DESCRIPTION HTTPS is a secured http session often used in e-commerce.
Page 433
Table 204 Examples of Services (continued) NAME REAL_AUDIO REXEC RLOGIN ROADRUNNER RTELNET RTSP SFTP SMTP SMTPS SNMP SNMP-TRAPS SQL-NET SSDP STRM WORKS SYSLOG TACACS TELNET TFTP VDOLIVE Appendix I Services PROTOCOL PORT(S) DESCRIPTION 7070 A streaming audio service that enables real time sound over the web.
Page 434
P-870HW-I1 User’s Guide Appendix I Services...
Page 437
mapping types outside port forwarding server sets symmetric what NAT does NAT mapping many one-to-one many-to-many overload many-to-one server NAT setup NAT traversal NAT types Network Address Translation. See NAT. one-minute high OTIST notes password 232, 247, 254 Point-to-Point Protocol over Ethernet. See PPPoE. policy-based routing port forwarding port numbers...
Page 438
P-870HW-I1 User’s Guide SNMPv1 SNMPv2 source-based routing splitters SPTGEN FTP upload example points to remember text file SSID 93, 94 hide SSID security weaknesses stateful inspection 40, 147 static routing setup SUA server set subnet mask 127, 159 supporting disk symmetric NAT outgoing syntax conventions...
Need help?
Do you have a question about the P-870HW-I Series and is the answer not in the manual?
Questions and answers