ZyXEL Communications P-870HW-I Series User Manual
ZyXEL Communications P-870HW-I Series User Manual

ZyXEL Communications P-870HW-I Series User Manual

802.11g wireless vdsl2 4-port gateway
Hide thumbs Also See for P-870HW-I Series:
Table of Contents

Advertisement

Quick Links

P-870HW-I Series
802.11g Wireless VDSL2 4-port Gateway
User's Guide
Version 3.50
8/2006
Edition 1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the P-870HW-I Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for ZyXEL Communications P-870HW-I Series

  • Page 1 P-870HW-I Series 802.11g Wireless VDSL2 4-port Gateway User’s Guide Version 3.50 8/2006 Edition 1...
  • Page 3: Copyright

    ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
  • Page 4: Federal Communications Commission (Fcc) Interference Statement

    P-870HW-I1 User’s Guide Federal Communications Commission (FCC) Interference Statement The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
  • Page 5 第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用 者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現 有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。 前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍 受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。 減少電磁波影響,請妥適使用。 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device has been designed for the WLAN 2.4 GHz and 5 GHz networks throughout the EC region and Switzerland, with restrictions in France.
  • Page 6: Safety Warnings

    P-870HW-I1 User’s Guide For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
  • Page 7 P-870HW-I1 User’s Guide This product is recyclable. Dispose of it properly. Safety Warnings...
  • Page 8: Zyxel Limited Warranty

    P-870HW-I1 User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
  • Page 9: Customer Support

    +7-3272-590-689 1-800-255-4101 www.us.zyxel.com +1-714-632-0882 +1-714-632-0858 ftp.us.zyxel.com P-870HW-I1 User’s Guide REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Costa Rica Plaza Roble Escazú Etapa El Patio, Tercer Piso San José, Costa Rica ZyXEL Communications Czech s.r.o.
  • Page 10 +46-31-744-7701 www.ua.zyxel.com +380-44-494-49-32 +44-1344 303044 www.zyxel.co.uk 08707 555779 (UK only) +44-1344 303034 ftp.zyxel.co.uk REGULAR MAIL ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway ZyXEL Communications ul. Okrzei 1A 03-715 Warszawa Poland ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279...
  • Page 11: Table Of Contents

    Copyright ... 3 Certifications ... 4 Safety Warnings ... 6 ZyXEL Limited Warranty... 8 Customer Support... 9 Table of Contents ... 11 List of Figures ... 23 List of Tables ... 31 Preface ... 37 Chapter 1 Getting To Know Your ZyXEL Device ... 39 1.1 Introducing the ZyXEL Device ...39 1.2 Features ...39 1.2.1 Wireless Features ...41...
  • Page 12 P-870HW-I1 User’s Guide 3.2 Welcome Screen ...56 3.3 System Information Screen ...56 3.4 Wireless LAN Screen ...57 3.5 Wireless Security Screens ...59 3.5.1 Wireless Security: None ...59 3.5.2 Wireless Security: Basic Security Screen 1 ...59 3.5.3 Wireless Security: Basic Security Screen 2 ...60 3.5.4 Wireless Security: Auto ...61 3.5.5 Wireless Security: Extend (WPA-PSK) Security Screen 1 ...62 3.5.6 Wireless Security: Extend (WPA-PSK) Security Screen 2 ...63...
  • Page 13 Chapter 6 Wireless LAN ... 93 6.1 Wireless Network Overview ...93 6.2 Wireless Security Overview ...94 6.2.1 SSID ...94 6.2.2 MAC Address Filter ...94 6.2.3 User Authentication ...94 6.2.4 Encryption ...95 6.2.5 One-Touch Intelligent Security Technology (OTIST) ...96 6.3 Wireless Performance Overview ...96 6.3.1 Quality of Service (QoS) ...96 6.4 General Wireless LAN Screen ...96 6.4.1 General Wireless LAN Screen: No Security ...97...
  • Page 14 P-870HW-I1 User’s Guide 8.1.4 LAN IP Alias ...128 8.2 LAN IP Screen ...129 8.3 LAN IP Alias Screen ...129 8.4 Advanced LAN Screen ...131 Chapter 9 DHCP Server ... 133 9.1 DHCP Overview ...133 9.2 General DHCP Screen ...134 9.3 Static DHCP Screen ...135 9.4 Client List Screen ...136 Chapter 10 NAT ...
  • Page 15 11.3 Guidelines for Enhancing Security with Your Firewall ...153 11.3.1 Security In General ...153 11.4 General Firewall Screen ...154 11.5 Firewall Rules Screen ...155 11.5.1 Firewall Rule Edit Screen ...157 11.5.2 Customized Services Screen ...160 11.5.3 Customized Service Edit Screen ...160 11.6 Anti-Probing Screen ...161 11.7 Firewall Threshold Screen ...162 Chapter 12...
  • Page 16 P-870HW-I1 User’s Guide Chapter 15 Bandwidth MGMT ... 197 15.1 Bandwidth Management Overview ...197 15.1.1 Priority-based Scheduler ...197 15.1.2 Bandwidth Management Priorities ...197 15.1.3 Example: Unused and Unbudgeted Bandwidth ...198 15.1.4 Reserving Bandwidth for Other Applications ...198 15.1.5 Over Allotment of Bandwidth ...199 15.2 Bandwidth Management Configuration Screen ...199 15.3 Edit Bandwidth Management Rule Screen ...202 15.4 Bandwidth Monitor ...204...
  • Page 17 Chapter 18 System ... 229 18.1 General Setup ...229 18.1.1 General Setup and System Name ...229 18.1.2 Dynamic DNS Overview ...229 18.1.2.1 DYNDNS Wildcard ...230 18.1.3 Resetting the Time ...230 18.2 General System Screen ...230 18.3 Dynamic DNS Screen ...231 18.4 Time Setting Screen ...233 Chapter 19 Logs ...
  • Page 18 P-870HW-I1 User’s Guide 24.3 IP Alias Setup ...262 24.4 Wireless LAN Setup ...263 24.5 WLAN MAC Address Filter ...265 Chapter 25 Internet Access Setup ... 267 Chapter 26 Remote Node Setup ... 269 26.1 Remote Node Profile ...269 26.2 Remote Node Network Layer Options ...270 26.3 Remote Node Filter ...272 26.4 Traffic Redirect Setup ...273 Chapter 27...
  • Page 19 30.6 Applying a Filter ...300 30.6.1 Applying LAN Filters ...300 30.6.2 Applying Remote Node Filters ...301 30.7 Remote Node Profile ...301 Chapter 31 Firewall Setup ... 305 Chapter 32 SNMP Configuration ... 307 Chapter 33 System Security ... 309 33.1 Change Password ...309 33.2 RADIUS Server ...309 33.3 IEEE802.1x ...310 Chapter 34...
  • Page 20 P-870HW-I1 User’s Guide 35.4.7 Uploading Firmware File Via Console Port ...329 35.4.8 Example Xmodem Firmware Upload Using HyperTerminal ...330 35.4.9 Uploading Configuration File Via Console Port ...330 35.4.10 Example Xmodem Configuration Upload Using HyperTerminal ...331 Chapter 36 System Maintenance 24.8 - 24.11... 333 36.1 Command Interpreter Mode ...333 36.2 Budget Management ...333 36.3 Call History ...334...
  • Page 21 Appendix B Setting up Your Computer’s IP Address... 365 Windows 95/98/Me... 365 Windows 2000/NT/XP ... 368 Macintosh OS X ... 373 Linux... 375 Appendix C NetBIOS Filter Commands ... 379 Introduction ... 379 Display NetBIOS Filter Settings ... 379 NetBIOS Filter Configuration... 380 Appendix D NAT...
  • Page 22 P-870HW-I1 User’s Guide Example Internal SPTGEN Menus... 418 Appendix I Services ... 431 Index... 435 Table of Contents...
  • Page 23: List Of Figures

    P-870HW-I1 User’s Guide List of Figures Figure 1 Applications: Protected Internet Access ... 43 Figure 2 Applications: Management Server ... 43 Figure 3 LEDs ... 43 Figure 4 Connecting a POTS Splitter ... 45 Figure 5 Connecting a Microfilter ... 45 Figure 6 Login Screen ...
  • Page 24 P-870HW-I1 User’s Guide Figure 39 Status ... 85 Figure 40 Status > BW MGMT Monitor ... 88 Figure 41 Status > DHCP Table ... 89 Figure 42 Status > Packet Statistics ... 89 Figure 43 Status > WLAN Station Status ... 90 Figure 44 Example of a Wireless Network ...
  • Page 25 P-870HW-I1 User’s Guide Figure 82 Ideal Firewall Setup ... 151 Figure 83 “Triangle Route” Problem ... 152 Figure 84 IP Alias ... 153 Figure 85 Security > Firewall > General ... 154 Figure 86 Security > Firewall > Rules ... 156 Figure 87 Security >...
  • Page 26 P-870HW-I1 User’s Guide Figure 125 Add/Remove Programs: Windows Setup: Communication ... 219 Figure 126 Add/Remove Programs: Windows Setup: Communication: Components ... 220 Figure 127 Network Connections ... 220 Figure 128 Windows Optional Networking Components Wizard ... 221 Figure 129 Networking Services ... 221 Figure 130 Network Connections ...
  • Page 27 P-870HW-I1 User’s Guide Figure 168 Menu 11.1.5: Traffic Redirect Setup ... 274 Figure 169 Menu 12: IP Static Route Setup ... 275 Figure 170 Menu 12.1: Edit IP Static Route ... 276 Figure 171 Menu 14: Dial-in User Setup ... 277 Figure 172 Menu 14.1: Edit Dial-in User ...
  • Page 28 P-870HW-I1 User’s Guide Figure 211 Menu 24.6: Restore Configuration ... 325 Figure 212 Menu 24.7: System Maintenance - Upload Firmware ... 325 Figure 213 Menu 24.7.1: System Maintenance - Upload System Firmware ... 326 Figure 214 Menu 24.7.2: System Maintenance - Upload System Configuration File ... 327 Figure 215 FTP Session Example ...
  • Page 29 Figure 254 Macintosh OS X: Network ... 374 Figure 255 Red Hat 9.0: KDE: Network Configuration: Devices ... 375 Figure 256 Red Hat 9.0: KDE: Ethernet Device: General ... 376 Figure 257 Red Hat 9.0: KDE: Network Configuration: DNS ... 376 Figure 258 Red Hat 9.0: KDE: Network Configuration: Activate ...
  • Page 30 P-870HW-I1 User’s Guide List of Figures...
  • Page 31: List Of Tables

    P-870HW-I1 User’s Guide List of Tables Table 1 LEDs ... 44 Table 2 Web Configurator: Navigation Panel and Icons ... 50 Table 3 Main Wizard Screen ... 55 Table 4 Connection Wizard: Welcome ... 56 Table 5 Connection Wizard: System Information ... 57 Table 6 Connection Wizard: Wireless LAN ...
  • Page 32 P-870HW-I1 User’s Guide Table 39 Network > Wireless LAN > General > 802.1x + Dynamic WEP ... 102 Table 40 Network > Wireless LAN > General > 802.1x + Static WEP ... 104 Table 41 Network > Wireless LAN > General > 802.1x + No WEP ... 105 Table 42 Network >...
  • Page 33 P-870HW-I1 User’s Guide Table 82 Security > Certificates > Trusted Remote Hosts > Edit ... 188 Table 83 Security > Certificates > Directory Servers ... 190 Table 84 Security > Certificates > Directory Servers > Edit ... 191 Table 85 Management > Static Route > IP Static Route ... 194 Table 86 Management >...
  • Page 34 P-870HW-I1 User’s Guide Table 125 Menu 11.1.4: Remote Node Filter ... 273 Table 126 Menu 11.1.5: Traffic Redirect Setup ... 274 Table 127 Menu 12: IP Static Route Setup ... 275 Table 128 Menu 12.1: Edit IP Static Route ... 276 Table 129 Menu 14: Dial-in User Setup ...
  • Page 35 P-870HW-I1 User’s Guide Table 168 Device Specifications ... 363 Table 169 NetBIOS Filter Default Settings ... 380 Table 170 NAT Definitions ... 381 Table 171 NAT Mapping Types ... 384 Table 172 NAT Types ... 385 Table 173 Firewall Commands ... 391 Table 174 System Maintenance Logs ...
  • Page 36 P-870HW-I1 User’s Guide List of Tables...
  • Page 37: Syntax Conventions

    Congratulations on your purchase of the P-870HW-I1 (“ZyXEL Device“) VDSL router with built-in IEEE 802.11g wireless capability. This ZyXEL Device also has a 4-port hub that allows you to connect up to 4 computers to the ZyXEL Device without purchasing a switch/ hub.
  • Page 38: User Guide Feedback

    Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
  • Page 39: Getting To Know Your Zyxel Device

    Getting To Know Your ZyXEL This chapter describes the key features and applications of your ZyXEL Device 1.1 Introducing the ZyXEL Device Your ZyXEL Device is a VDSL router that provides super high-speed Internet access through a telephone line. The ZyXEL Device supports high bandwidth applications such as video streaming, movies on demand, on-line gaming, video and Voice over IP (VoIP).
  • Page 40: Content Filtering

    P-870HW-I1 User’s Guide TR-069 Compliance TR-069 is a protocol that defines how your ZyXEL Device can be managed via a management server such as ZyXEL’s Vantage CNM Access. The management server can securely manage and update configuration changes in ZyXEL Devices. PPPoE (RFC2516) PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection.
  • Page 41: Port Switch

    Media Bandwidth Management ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes. Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the ZyXEL Device and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.
  • Page 42: Application

    P-870HW-I1 User’s Guide Note: The ZyXEL Device may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs. Wi-Fi Protected Access and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification standard. Key differences between WPA and WEP are user authentication and improved data encryption.
  • Page 43: Management Server

    Figure 1 Applications: Protected Internet Access 1.3.2 Management Server Your ZyXEL Device can be managed via a management server such as ZyXEL’s Vantage CNM Access. The management server can securely manage and update configuration changes for you. Figure 2 Applications: Management Server 1.4 LEDs The following figure shows the LEDs.
  • Page 44: Splitters And Microfilters

    P-870HW-I1 User’s Guide The following table describes the LEDs. Table 1 LEDs COLOR PWR/SYS Green LAN (1-4) Green WLAN/ Green OTIST Amber Green INTERNET Green 1.5 Splitters and Microfilters This section describes how to connect VDSL splitters and microfilters. See your Quick Start Guide for details on other hardware connections.
  • Page 45: Telephone Microfilters

    Figure 4 Connecting a POTS Splitter 1 Connect the side labeled “Phone” to your telephone. 2 Connect the side labeled “Modem” or “DSL” to your ZyXEL Device. 3 Connect the side labeled “Line” to the telephone wall jack. 1.5.2 Telephone Microfilters Telephone voice transmissions take place in the lower frequency range, 0-4 KHz, while VDSL transmissions take place in the higher bandwidth range, above 4KHz.
  • Page 46 P-870HW-I1 User’s Guide Chapter 1 Getting To Know Your ZyXEL Device...
  • Page 47: Introducing The Web Configurator

    This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
  • Page 48: Figure 6 Login Screen

    P-870HW-I1 User’s Guide Figure 6 Login Screen 3 The Password field may already contain the default password it. Click Login. The following screen appears. Figure 7 Login: Change Password Screen 4 Follow the directions to change your password, or click Cancel to keep the default password.
  • Page 49: Navigating The Web Configurator

    Figure 8 Login: Replace Certificate Screen 5 Follow the directions in this screen. If you click Ignore, this screen appears the next time you log in. Afterwards, the following screen appears. Figure 9 Login: Select Mode Screen 6 Select Go to Wizard setup to use the wizards. See on page 77.
  • Page 50: Figure 10 Main Screen

    P-870HW-I1 User’s Guide Figure 10 Main Screen Note: Click the embedded help. The panel on the left side is the navigation panel. You can use this panel to open various screens in the web configurator. The following table describes the icons in the upper right corner and the menu items in the navigation panel.
  • Page 51 Table 2 Web Configurator: Navigation Panel and Icons (continued) LINK/ICON SUB-LINK Wireless LAN General OTIST MAC Filter Advanced Internet Connection Advanced Traffic Redirect IP Alias Advanced DHCP Server General Static DHCP Client List General Port Forwarding Trigger Port Address Mapping Security Firewall General...
  • Page 52 P-870HW-I1 User’s Guide Table 2 Web Configurator: Navigation Panel and Icons (continued) LINK/ICON SUB-LINK Certificates My Certificates Trusted CAs Trusted Remote Hosts Directory Servers Management Static Route IP Static Route Bandwidth Configuration MGMT Monitor Remote MGMT Telnet SNMP Security UPnP General Maintenance System...
  • Page 53: Resetting The Zyxel Device

    2.4 Resetting the ZyXEL Device Reset the ZyXEL Device in the following situations: • You forgot your password. • You cannot access the device using the web configurator or SMT. Check Troubleshooting to make sure you cannot access the device anymore. If you reset the ZyXEL Device, you lose all of the changes you have made.
  • Page 54 P-870HW-I1 User’s Guide Chapter 2 Introducing the Web Configurator...
  • Page 55: Chapter 3 Connection Wizard

    This chapter provides information on the Wizard Setup screens for wireless settings and Internet access in the web configurator. 3.1 Main Wizard Screen Use this screen to select which wizard you want to run. Figure 11 Main Wizard Screen The following table describes the labels in this screen. Table 3 Main Wizard Screen LABEL DESCRIPTION...
  • Page 56: Welcome Screen

    P-870HW-I1 User’s Guide 3.2 Welcome Screen Use this screen to look at a preview of the Connection Wizard. Figure 12 Connection Wizard: Welcome The following table describes the labels in this screen. Table 4 Connection Wizard: Welcome LABEL DESCRIPTION Back Click this to return to the previous screen.
  • Page 57: Wireless Lan Screen

    Figure 13 Connection Wizard: System Information The following table describes the labels in this screen. Table 5 Connection Wizard: System Information LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long.
  • Page 58: Figure 14 Connection Wizard: Wireless Lan

    P-870HW-I1 User’s Guide Figure 14 Connection Wizard: Wireless LAN The following table describes the labels in this screen. Table 6 Connection Wizard: Wireless LAN LABEL DESCRIPTION Name(SSID) The Service Set IDentity (SSID) is the name of the wireless network. Every wireless client in the same wireless network must use the same SSID.
  • Page 59: Wireless Security Screens

    3.5 Wireless Security Screens The next screens depend on which type of Security you select in the previous screen. 3.5.1 Wireless Security: None Use this screen to enable OTIST for your wireless network. Figure 15 Connection Wizard: Wireless Security: None The following table describes the labels in this screen.
  • Page 60: Wireless Security: Basic Security Screen 2

    P-870HW-I1 User’s Guide Figure 16 Connection Wizard: Wireless Security: Basic Security Screen 1 The following table describes the labels in this screen. Table 8 Connection Wizard: Wireless Security: Basic Security Screen 1 LABEL DESCRIPTION WEP Key Enter the key you want to use. You can enter the key using printable ASCII characters or hexadecimal (0-9, A-F, a-f) characters.
  • Page 61: Wireless Security: Auto

    Figure 17 Connection Wizard: Wireless Security: Basic Security Screen 2 The following table describes the labels in this screen. Table 9 Connection Wizard: Wireless Security: Basic Security Screen 2 LABEL DESCRIPTION Do you want to Select Yes if you want to set up OTIST security. If you set up OTIST, your wireless enable OTIST? network uses WPA-PSK security, not the security you selected and set up in the previous screen(s).
  • Page 62: Wireless Security: Extend (Wpa-Psk) Security Screen 1

    P-870HW-I1 User’s Guide Figure 18 Connection Wizard: Wireless Security: Auto The following table describes the labels in this screen. Table 10 Connection Wizard: Wireless Security: Auto LABEL DESCRIPTION Do you want to Select Yes if you want to set up OTIST security. If you set up OTIST, your wireless enable OTIST? network uses WPA-PSK security, not the security you selected and set up in the previous screen(s).
  • Page 63: Wireless Security: Extend (Wpa-Psk) Security Screen 2

    Figure 19 Connection Wizard: Wireless Security: Extend (WPA-PSK) Security Screen 1 The following table describes the labels in this screen. Table 11 Connection Wizard: Wireless Security: Extend (WPA-PSK) Security Screen 1 LABEL DESCRIPTION Pre-Shared Key Type a pre-shared key from 8 to 63 ASCII characters (including spaces and symbols).
  • Page 64: Wireless Security: Extend (Wpa2-Psk) Security Screen 1

    P-870HW-I1 User’s Guide Figure 20 Connection Wizard: Wireless Security: Extend (WPA-PSK) Security Screen 2 The following table describes the labels in this screen. Table 12 Connection Wizard: Wireless Security: Extend (WPA-PSK) Security Screen 2 LABEL DESCRIPTION Do you want to Select Yes if you want to set up OTIST security.
  • Page 65: Figure 21 Connection Wizard: Wireless Security: Extend (Wpa2-Psk) Security Screen 1

    Figure 21 Connection Wizard: Wireless Security: Extend (WPA2-PSK) Security Screen 1 The following table describes the labels in this screen. Table 13 Connection Wizard: Wireless Security: Extend (WPA2-PSK) Security Screen 1 LABEL DESCRIPTION Pre-Shared Key Type a pre-shared key from 8 to 63 ASCII characters (including spaces and symbols).
  • Page 66: Wireless Security: Extend (Wpa2-Psk) Security Screen 2

    P-870HW-I1 User’s Guide 3.5.8 Wireless Security: Extend (WPA2-PSK) Security Screen 2 Figure 22 Connection Wizard: Wireless Security: Extend (WPA2-PSK) Security Screen 2 The following table describes the labels in this screen. Table 14 Connection Wizard: Wireless Security: Extend (WPA2-PSK) Security Screen 2 LABEL DESCRIPTION Back...
  • Page 67: Isp Parameters Screen

    Figure 23 Connection Wizard: Internet Connection: Auto-Detection 3.7 ISP Parameters Screen Use these screens to set up your Internet connection. The screen depends on which type of Connection Type your Internet connection uses. If your ISP provided you a user name and password, select PPP over Ethernet.
  • Page 68: Isp Parameters: Pppoe Screen

    P-870HW-I1 User’s Guide Figure 24 Connection Wizard: ISP Parameters: Ethernet The following table describes the labels in this screen. Table 15 Connection Wizard: ISP Parameters: Ethernet LABEL DESCRIPTION Connection Type Select Ethernet. Back Click this to return to the previous screen. Next Click this to save your changes on this screen and to proceed to the next screen.
  • Page 69: Ip Address Type Screen

    Figure 25 Connection Wizard: ISP Parameters: PPPoE The following table describes the labels in this screen. Table 16 Connection Wizard: ISP Parameters: PPPoE LABEL DESCRIPTION Connection Type Select PPP over Ethernet. Service Name Enter the service name provided by your ISP. Leave this field blank if your ISP did not provide one.
  • Page 70: Static Ip Address Settings Screen

    P-870HW-I1 User’s Guide Figure 26 Connection Wizard: IP Address Type The following table describes the labels in this screen. Table 17 Connection Wizard: IP Address Type LABEL DESCRIPTION Get automatically Select this if your ISP did not give you a fixed (static) IP address. from ISP Use fixed IP Select this if your ISP gave you a fixed (static) IP address.
  • Page 71: Isp Parameters: Pppoe Screen

    Figure 27 Connection Wizard: Static IP Address: Ethernet The following table describes the labels in this screen. Table 18 Connection Wizard: Static IP Address: Ethernet LABEL DESCRIPTION My WAN IP Enter the fixed (static) IP address provided by your ISP. Address My WAN IP Enter the subnet mask provided by your ISP.
  • Page 72: Mac Address Screen

    P-870HW-I1 User’s Guide Figure 28 Connection Wizard: ISP Parameters: PPPoE The following table describes the labels in this screen. Table 19 Connection Wizard: ISP Parameters: PPPoE LABEL DESCRIPTION My WAN IP Enter the fixed (static) IP address provided by your ISP. Address DNS Servers DNS (Domain Name System) manages the relationships between domain names...
  • Page 73: Figure 29 Connection Wizard: Mac Address

    Figure 29 Connection Wizard: MAC Address The following table describes the labels in this screen. Table 20 Connection Wizard: MAC Address LABEL DESCRIPTION Factory default Select this, unless you have spoofed (cloned) your computer’s MAC address before. Spoof this Select this if you want the ZyXEL Device to use the MAC address of another computer’s MAC computer, instead of its default MAC address.
  • Page 74: Internet Configuration Screen

    P-870HW-I1 User’s Guide 3.11 Internet Configuration Screen Figure 30 Connection Wizard: Internet Configuration The following table describes the labels in this screen. Table 21 Connection Wizard: Internet Configuration LABEL DESCRIPTION Back Click this to return to the previous screen. Apply Click this to save your changes on this screen and to proceed to the next screen.
  • Page 75: Congratulations Screen

    Figure 31 Connection Wizard: OTIST: Start 3.13 Congratulations Screen Use this screen to finish the Connection Wizard. Figure 32 Connection Wizard: Congratulations The following table describes the labels in this screen. Table 22 Connection Wizard: Congratulations LABEL DESCRIPTION Finish Click this to close the wizard. Chapter 3 Connection Wizard P-870HW-I1 User’s Guide...
  • Page 76 P-870HW-I1 User’s Guide Chapter 3 Connection Wizard...
  • Page 77: Bandwidth Management Wizard

    Bandwidth Management Wizard This chapter provides information on the Wizard Setup screens for bandwidth management. Bandwidth management is only useful when the ZyXEL Device is trying to send more traffic out through than the WAN port than the WAN port can support. In this case, bandwidth management allows you to control the amount of traffic going out through the WAN port and which applications can use this traffic.
  • Page 78: Welcome Screen

    P-870HW-I1 User’s Guide Figure 33 Main Wizard Screen The following table describes the labels in this screen. Table 23 Main Wizard Screen LABEL DESCRIPTION Connection Select this to set up a basic wireless network and your Internet connection. Wizard Bandwidth Select this to set the priority of various applications, in case there is not enough Management bandwidth for all of them.
  • Page 79: General Information Screen

    Figure 34 BWM Wizard: Welcome The following table describes the labels in this screen. Table 24 BWM Wizard: Welcome LABEL DESCRIPTION Back Click this to return to the previous screen. Next Click this to save your changes on this screen and to proceed to the next screen. Exit Click this to close the wizard without saving the changes on this screen.
  • Page 80: Figure 35 Bwm Wizard: General Information

    P-870HW-I1 User’s Guide Figure 35 BWM Wizard: General Information The following table describes the labels in this screen. Table 25 BWM Wizard: General Information LABEL DESCRIPTION Active Select this to enable bandwidth management. LAN Managed Enter the amount of bandwidth for this interface that you want to allocate using Bandwidth bandwidth management.
  • Page 81: Services Setup Screen

    Table 25 BWM Wizard: General Information (continued) LABEL DESCRIPTION WAN Managed Enter the amount of bandwidth for this interface that you want to allocate using Bandwidth bandwidth management. It is recommended to set this speed to match what the WAN port’s connection can handle.
  • Page 82: Priority Setup Screen

    P-870HW-I1 User’s Guide The following table describes the labels in this screen. Table 26 BWM Wizard: Services Setup LABEL DESCRIPTION Xbox Live This is Microsoft’s online gaming service that lets you play multiplayer Xbox games on the Internet via broadband technology. Xbox Live uses port 3074. VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP.
  • Page 83: Congratulations Screen

    Figure 37 BWM Wizard: Priority Setup The following table describes the labels in this screen. Table 27 BWM Wizard: Priority Setup LABEL DESCRIPTION Service This field displays the applications you selected in the previous screen. Priority Select the priority of each application. Other applications have lower priority than all the applications in this screen, including ones to which you assign Low priority.
  • Page 84: Figure 38 Bwm Wizard: Congratulations

    P-870HW-I1 User’s Guide Figure 38 BWM Wizard: Congratulations The following table describes the labels in this screen. Table 28 BWM Wizard: Congratulations LABEL DESCRIPTION Finish Click this to close the wizard. Chapter 4 Bandwidth Management Wizard...
  • Page 85: Chapter 5 Status Screen

    This chapter introduces the Status screen and the summary screens you can open from it. 5.1 Status Screen To open this screen, click Status. This screen also appears when you log in and select Go to Advanced setup. Figure 39 Status Chapter 5 Status Screen P-870HW-I1 User’s Guide H A P T E R...
  • Page 86: Table 29 Status

    P-870HW-I1 User’s Guide The following table describes the labels shown in the Status screen. Table 29 Status LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics.
  • Page 87: Status: Bw Mgmt Monitor

    Table 29 Status LABEL DESCRIPTION Memory Usage This field displays what percentage of the ZyXEL Device’s memory is currently used. Usually, this percentage should not increase much. If memory usage does get close to 100%, the ZyXEL Device is probably becoming unstable, and you should restart the device.
  • Page 88: Status: Dhcp Table

    P-870HW-I1 User’s Guide Figure 40 Status > BW MGMT Monitor 5.1.2 Status: DHCP Table To access this screen, click Status, and then click (Details...) next to DHCP Table. Chapter 5 Status Screen...
  • Page 89: Status: Packet Statistics

    Figure 41 Status > DHCP Table Each field is described in the following table. Table 30 Status > DHCP Table LABEL DESCRIPTION This field is a sequential value. It is not associated with a specific entry. IP Address This field displays the IP address the ZyXEL Device assigned to a computer in the network.
  • Page 90: Status: Wlan Station Status

    P-870HW-I1 User’s Guide The following table describes the fields in this screen. Table 31 Status > Packet Statistics LABEL DESCRIPTION Packet Statistics Port This field displays the ZyXEL Device ports. Status This field displays the status of each ZyXEL Device port. The values are the same ones shown in the Status screen.
  • Page 91: Table 32 Status > Wlan Station Status

    The following table describes the labels in this screen. Table 32 Status > WLAN Station Status LABEL DESCRIPTION This field is a sequential value. It is not associated with a specific entry. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station.
  • Page 92 P-870HW-I1 User’s Guide Chapter 5 Status Screen...
  • Page 93: Chapter 6 Wireless Lan

    This chapter discusses how to configure the wireless network settings in your ZyXEL Device. 6.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 44 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients.
  • Page 94: Wireless Security Overview

    P-870HW-I1 User’s Guide • Every wireless client in the same wireless network must use security compatible with the Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 6.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
  • Page 95: Encryption

    For wireless networks, there are two typical places to store the user names and passwords for each user. • In the AP: this feature is called a local user database or a local database. • In a RADIUS server: this is a server used in businesses more than in homes. If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users.
  • Page 96: One-Touch Intelligent Security Technology (Otist)

    P-870HW-I1 User’s Guide Note: It is recommended that wireless networks use WPA-PSK, WPA, or stronger encryption. IEEE 802.1x and WEP encryption are better than none at all, but it is still possible for unauthorized devices to figure out the original information pretty quickly.
  • Page 97: General Wireless Lan Screen: No Security

    To open this screen, click Network > Wireless LAN. Figure 45 Network > Wireless LAN > General The following table describes the general wireless LAN labels in this screen. Table 34 Network > Wireless LAN > General LABEL DESCRIPTION Wireless Setup Enable Click the check box to activate wireless LAN.
  • Page 98: General Wireless Lan Screen: Static Wep

    P-870HW-I1 User’s Guide Figure 46 Network > Wireless LAN > General > No Security The following table describes the labels in this screen. Table 35 Network > Wireless LAN > General > No Security LABEL DESCRIPTION Security Mode Select No Security. 6.4.2 General Wireless LAN Screen: Static WEP Use this screen to enable and configure WEP encryption in your wireless network.To open this screen, click Network >...
  • Page 99: General Wireless Lan Screen: Wpa-Psk

    The following table describes the labels in this screen. Table 36 Network > Wireless LAN > General > Static WEP LABEL DESCRIPTION Security Mode Select Static WEP. WEP Key Enter the key you want to use. You can enter the key using printable ASCII characters or hexadecimal (0-9, A-F, a-f) characters.
  • Page 100: General Wireless Lan Screen: Wpa

    P-870HW-I1 User’s Guide Table 37 Network > Wireless LAN > General > WPA-PSK (continued) LABEL DESCRIPTION Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to enter the username and password again before it can use the wireless network again.
  • Page 101: General Wireless Lan Screen: 802.1X + Dynamic Wep

    The following table describes the labels in this screen. Table 38 Network > Wireless LAN > General > WPA LABEL DESCRIPTION Security Mode Select WPA. ReAuthenticati Specify how often wireless stations have to resend usernames and passwords in on Timer order to stay connected.
  • Page 102: Figure 50 Network > Wireless Lan > General > 802.1X + Dynamic Wep

    P-870HW-I1 User’s Guide Figure 50 Network > Wireless LAN > General > 802.1x + Dynamic WEP The following table describes the labels in this screen. Table 39 Network > Wireless LAN > General > 802.1x + Dynamic WEP LABEL DESCRIPTION Security Mode Select 802.1x + Dynamic WEP.
  • Page 103: General Wireless Lan Screen: 802.1X + Static Wep

    Table 39 Network > Wireless LAN > General > 802.1x + Dynamic WEP (continued) LABEL DESCRIPTION IP Address Enter the IP address of the external accounting server in dotted decimal notation. Port Number Enter the port number of the external accounting server. You need not change this value unless your network administrator instructs you to do so.
  • Page 104: General Wireless Lan Screen: 802.1X + No Wep

    P-870HW-I1 User’s Guide The following table describes the labels in this screen. Table 40 Network > Wireless LAN > General > 802.1x + Static WEP LABEL DESCRIPTION Security Mode Select 802.1x + Static WEP. WEP Key Enter the key you want to use. You can enter the key using printable ASCII characters or hexadecimal (0-9, A-F, a-f) characters.
  • Page 105: Figure 52 Network > Wireless Lan > General > 802.1X + No Wep

    Figure 52 Network > Wireless LAN > General > 802.1x + No WEP The following table describes the labels in this screen. Table 41 Network > Wireless LAN > General > 802.1x + No WEP LABEL DESCRIPTION Security Mode Select 802.1x + No WEP. ReAuthenticati Specify how often wireless stations have to resend usernames and passwords in on Timer...
  • Page 106: General Wireless Lan Screen: Wpa2-Psk

    P-870HW-I1 User’s Guide Table 41 Network > Wireless LAN > General > 802.1x + No WEP (continued) LABEL DESCRIPTION Accounting These settings are optional. Server Active Select this to enable user accounting through an external authentication server. IP Address Enter the IP address of the external accounting server in dotted decimal notation. Port Number Enter the port number of the external accounting server.
  • Page 107: General Wireless Lan Screen: Wpa2

    Table 42 Network > Wireless LAN > General > WPA2-PSK (continued) LABEL DESCRIPTION Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed.
  • Page 108: Otist Screen

    P-870HW-I1 User’s Guide The following table describes the labels in this screen. Table 43 Network > Wireless LAN > General > WPA2 LABEL DESCRIPTION Security Mode Select WPA2. Select this if the ZyXEL Device should be able to handle WPA-PSK and WPA2-PSK, Compatible depending on the abilities of each wireless station.
  • Page 109: Figure 55 Network > Wireless Lan > Otist

    Figure 55 Network > Wireless LAN > OTIST The following table describes the labels in this screen. Table 44 Network > Wireless LAN > OTIST LABEL Setup Key Yes! Start Before you click Start, you should enable OTIST on all the OTIST-enabled wireless clients in the wireless network.
  • Page 110: Figure 56 Example: Wireless Client Otist Screen

    P-870HW-I1 User’s Guide Figure 56 Example: Wireless Client OTIST Screen To start OTIST in the wireless client, click Start in this screen. Note: You must click Start in the ZyXEL Device and in the wireless client(s) within three minutes of each other. You can start OTIST in the wireless clients and the ZyXEL Device in any order.
  • Page 111: Notes On Otist

    Figure 59 OTIST: In Progress on the Wireless Client These screens close when the transfer is complete. 6.5.1 Notes on OTIST 1 If you enable OTIST in a wireless client, you see this screen each time you start the utility. Click Yes to search for an OTIST-enabled AP (in other words, the ZyXEL Device).
  • Page 112: Figure 61 Network > Wireless Lan > Mac Filter

    P-870HW-I1 User’s Guide Figure 61 Network > Wireless LAN > MAC Filter The following table describes the labels in this menu. Table 45 Network > Wireless LAN > MAC Filter LABEL DESCRIPTION Active Select this to enable MAC address filtering. Filter Action Define the filter action for the MAC addresses in the MAC Address table.
  • Page 113: Advanced Wireless Lan Screen

    6.7 Advanced Wireless LAN Screen Use this screen to enable and configure roaming and other advanced wireless settings in your wireless network. To open this screen, click Network > Wireless LAN > Advanced. Figure 62 Network > Wireless LAN > Advanced The following table describes the labels in this screen.
  • Page 114 P-870HW-I1 User’s Guide Chapter 6 Wireless LAN...
  • Page 115 P-870HW-I1 User’s Guide Chapter 6 Wireless LAN...
  • Page 116 P-870HW-I1 User’s Guide Chapter 6 Wireless LAN...
  • Page 117 P-870HW-I1 User’s Guide Chapter 6 Wireless LAN...
  • Page 118 P-870HW-I1 User’s Guide Chapter 6 Wireless LAN...
  • Page 119: Chapter 7 Wan

    This chapter describes how to configure outside connections to another network or the Internet. 7.1 WAN Overview 7.1.1 Nailed-Up Connection (PPP) A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The ZyXEL Device does two things when you specify a nailed-up connection. The first is that the idle timeout is disabled.
  • Page 120: Internet Connection Screens

    P-870HW-I1 User’s Guide 7.2 Internet Connection Screens This screen depends on the Encapsulation your ISP uses. 7.2.1 Internet Connection Screen: Ethernet Use this screen to set up an Ethernet connection to the Internet. To open this screen, click Network > WAN > Internet Connection, and set the Encapsulation to Ethernet. Figure 63 Network >...
  • Page 121: Internet Connection Screen: Ppp Over Ethernet (Pppoe)

    Table 47 Network > WAN > Internet Connection > Ethernet (continued) LABEL Spoof WAN MAC Address IP Address Apply Reset 7.2.2 Internet Connection Screen: PPP over Ethernet (PPPoE) Use this screen to set up a PPP over Ethernet (PPPoE) connection to the Internet. To open this screen, click Network >...
  • Page 122: Table 48 Network > Wan > Internet Connection > Ppp Over Ethernet

    P-870HW-I1 User’s Guide The following table describes the labels in this screen. Table 48 Network > WAN > Internet Connection > PPP over Ethernet LABEL ISP Parameters for Internet Access Encapsulation Service Name User Name Password Retype to Confirm Nailed-Up Connection Idle Timeout (sec) WAN IP Address...
  • Page 123: Advanced Wan Screen

    7.3 Advanced WAN Screen Use this screen to edit the advanced settings for your Internet connection. To open this screen, click Network > WAN > Advanced. Figure 65 Network > WAN > Advanced The following table describes the labels in this screen. Table 49 Network >...
  • Page 124: Traffic Redirect Screen

    P-870HW-I1 User’s Guide Table 49 Network > WAN > Advanced (continued) LABEL RIP Direction RIP Version Multicast Windows Networking Allow between LAN and WAN Allow Trigger Dial Apply Reset 7.4 Traffic Redirect Screen Use this screen to specify a backup gateway in case the default gateway (your ISP) is not available.
  • Page 125: Figure 66 Network > Wan > Traffic Redirect

    Figure 66 Network > WAN > Traffic Redirect The following table describes the labels in this screen. Table 50 Network > WAN > Traffic Redirect LABEL Active Backup Gateway IP Address Check WAN IP Address Fail Tolerance Period (sec) Timeout (sec) Apply Reset Chapter 7 WAN...
  • Page 126 P-870HW-I1 User’s Guide Chapter 7 WAN...
  • Page 127: Chapter 8 Lan

    This chapter describes how to configure settings for the LAN port. 8.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
  • Page 128: Multicast

    P-870HW-I1 User’s Guide The Version field controls the format and the broadcasting method of the RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.
  • Page 129: Lan Ip Screen

    Figure 67 Example: IP Alias 8.2 LAN IP Screen Use this screen to set up the IP address and subnet mask of your LAN port. To open this screen, click Network > LAN > IP. Figure 68 Network > LAN > IP The following table describes the fields in this screen.
  • Page 130: Figure 69 Network > Lan > Ip Alias

    P-870HW-I1 User’s Guide Figure 69 Network > LAN > IP Alias The following table describes the fields in this screen. Table 52 Network > LAN > IP Alias LABEL DESCRIPTION IP Alias 1 IP Alias 1 Select this to add the specified subnet to the LAN port. IP Address Enter the IP address of the ZyXEL Device on the subnet.
  • Page 131: Advanced Lan Screen

    Table 52 Network > LAN > IP Alias (continued) LABEL DESCRIPTION RIP Direction Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet. None - The ZyXEL Device does not send or receive routing information on the subnet.
  • Page 132: Table 53 Network > Lan > Advanced

    P-870HW-I1 User’s Guide The following table describes the fields in this screen. Table 53 Network > LAN > Advanced LABEL DESCRIPTION RIP & Multicast Setup RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet.
  • Page 133: Chapter 9 Dhcp Server

    This chapter describes how to configure the DHCP server for the LAN and WLAN ports. 9.1 DHCP Overview Dynamic Host Configuration Protocol (DHCP, RFC 2131, RFC 2132) provides a way to automatically set up and maintain IP addresses, subnet masks, gateways, and some network information (such as the IP addresses of DNS servers) on computers in the network.
  • Page 134: General Dhcp Screen

    P-870HW-I1 User’s Guide • DNS servers - The ZyXEL Device provides IP addresses for up to three DNS servers that provide DNS services for DHCP clients. You can specify each IP address manually (for example, a company’s own DNS server), or you can refer to the DNS servers the ZyXEL Device received from the ISP.
  • Page 135: Static Dhcp Screen

    Table 55 Network > DHCP Server > General (continued) LABEL DESCRIPTION First DNS Server Specify the IP addresses of a maximum of three DNS servers that the network can use. The ZyXEL Device provides these IP addresses to DHCP clients. You can Second DNS specify these IP addresses the following ways: Server...
  • Page 136: Client List Screen

    P-870HW-I1 User’s Guide Table 56 DHCP Setup LABEL IP Address Apply Reset 9.4 Client List Screen Use this screen to look at the current list of DHCP clients. It is empty if the DHCP server is disabled. To open this screen, click Network > DHCP Server > Client List. Figure 73 Network >...
  • Page 137: Chapter 10 Nat

    Use these screens to configure port forwarding, trigger ports, and other NAT rules for the ZyXEL Device. See 10.1 NAT Overview 10.1.1 Port Forwarding: Services and Port Numbers A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world.
  • Page 138: Trigger Port Forwarding

    P-870HW-I1 User’s Guide 10.1.2 Trigger Port Forwarding Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN).
  • Page 139: Two Points To Remember About Trigger Ports

    10.1.2.2 Two Points To Remember About Trigger Ports 1 Trigger events only happen on data that is going coming from inside the ZyXEL Device and going to the outside. 2 If an application needs a continuous data stream, that port (range) will be tied up so that another computer on the LAN can’t trigger it.
  • Page 140: Port Forwarding Screen

    P-870HW-I1 User’s Guide 10.3 Port Forwarding Screen Use this screen to look at the current port-forwarding rules in the ZyXEL Device, and to enable, disable, activate, and deactivate each one. You can also set up a default server to handle ports not covered by rules. To open this screen, click Network > NAT > Port Forwarding.
  • Page 141: Port Forwarding Edit Screen

    Table 59 Network > NAT > Port Forwarding (continued) LABEL Server IP Address This field displays the IP address of the server to which packet for the selected port(s) are forwarded. Modify This column provides icons to edit and delete rules. To edit a rule, click the Edit icon next to the rule.
  • Page 142: Trigger Port Screen

    P-870HW-I1 User’s Guide Table 60 Network > NAT > Port Forwarding > Edit (continued) LABEL Apply Click this to save your changes back to the ZyXEL Device. Reset Click this to return to the previous screen without saving any changes. 10.4 Trigger Port Screen Use this screen to maintain port-triggering rules in the ZyXEL Device.
  • Page 143: Address Mapping Screen

    Table 61 Network > NAT > Trigger Port (continued) LABEL DESCRIPTION Start Port Enter the incoming port number or range of port numbers you want to forward to the IP address the ZyXEL Device records. End Port To forward one port number, enter the port number in the Start Port and End Port fields.
  • Page 144: Address Mapping Edit Screen

    P-870HW-I1 User’s Guide The following table describes the fields in this screen. Table 62 Network > NAT > Address Mapping LABEL DESCRIPTION This is the rule index number. Local Start IP This is the range of IP addresses on the LAN port. Local End IP Local Start IP is N/A for Server port mapping.
  • Page 145: Table 63 Network > Nat > Address Mapping > Edit

    The following table describes the fields in this screen. Table 63 Network > NAT > Address Mapping > Edit LABEL Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address.
  • Page 146 P-870HW-I1 User’s Guide Chapter 10 NAT...
  • Page 147: Chapter 11 Firewalls

    This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 11.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
  • Page 148: Firewall Rule Direction

    P-870HW-I1 User’s Guide • The DSL port connects to the Internet. • The LAN (Local Area Network) ports attach to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service.
  • Page 149: Firewall Rule Logic

    • Restrict use of certain protocols, such as Telnet, to authorized users on the LAN. These custom rules work by comparing the Source IP address, Destination IP address and IP protocol type of network traffic to rules set by the administrator. Your customized rules take precedence and override the ZyXEL Device’s default rules.
  • Page 150: Dos Thresholds

    P-870HW-I1 User’s Guide In general, services are consist of two parts. First, each service has one or two IP protocol types (for example, TCP, UDP, or TCP/UDP). Second, each service has one or more port numbers. Together, these parts define the service. See services.
  • Page 151: Tcp Maximum Incomplete And Blocking Time

    When the number of existing half-open sessions rises above a threshold (max-incomplete high), the ZyXEL Device starts deleting half-open sessions as required to accommodate new connection requests. The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below another threshold (max- incomplete low).
  • Page 152: The "Triangle Route" Problem

    P-870HW-I1 User’s Guide 11.2.1 The “Triangle Route” Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices. You may have more than one connection to the Internet (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL Device’s LAN IP address), the “triangle route”...
  • Page 153: Guidelines For Enhancing Security With Your Firewall

    3 The reply from the WAN goes to the ZyXEL Device. 4 The ZyXEL Device then sends it to the computer on the LAN in Subnet 1. Figure 84 IP Alias 11.3 Guidelines for Enhancing Security with Your Firewall • Change the default password via CLI (Command Line Interpreter) or web configurator. •...
  • Page 154: General Firewall Screen

    P-870HW-I1 User’s Guide • Never e-mail sensitive information such as passwords, credit card information, etc., without encrypting the information first. • Never submit sensitive information via a web page unless the web site uses secure connections. You can identify a secure connection by looking for a small “key” icon on the bottom of your browser (Internet Explorer 3.02 or better or Netscape 3.0 or better).
  • Page 155: Firewall Rules Screen

    The following table describes the labels in this screen. Table 64 Security > Firewall > General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
  • Page 156: Figure 86 Security > Firewall > Rules

    P-870HW-I1 User’s Guide Figure 86 Security > Firewall > Rules The following table describes the labels in this screen. Table 65 Security > Firewall > Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using.
  • Page 157: Firewall Rule Edit Screen

    Table 65 Security > Firewall > Rules (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule. A window displays asking you to confirm that you want to delete the firewall rule.
  • Page 158: Figure 87 Security > Firewall > Rules > Edit

    P-870HW-I1 User’s Guide Figure 87 Security > Firewall > Rules > Edit Chapter 11 Firewalls...
  • Page 159: Table 66 Security > Firewall > Rules > Edit

    The following table describes the labels in this screen. Table 66 Security > Firewall > Rules > Edit LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select what the firewall is to do with packets that Packet match this rule.
  • Page 160: Customized Services Screen

    P-870HW-I1 User’s Guide Table 66 Security > Firewall > Rules > Edit (continued) LABEL DESCRIPTION Apply Click this to save your changes back to the ZyXEL Device. Cancel Click this to begin configuring this screen afresh. 11.5.2 Customized Services Screen Use this screen to create or edit customized services for firewall rules.
  • Page 161: Anti-Probing Screen

    Figure 89 Security > Firewall > Rules > Edit > Edit Customized Services > Edit The following table describes the labels in this screen. Table 68 Security > Firewall > Rules > Edit > Edit Customized Services > Edit LABEL DESCRIPTION Service Name Type a unique name for your custom port.
  • Page 162: Firewall Threshold Screen

    P-870HW-I1 User’s Guide Figure 90 Security > Firewall > Anti Probing The following table describes the labels in this screen. Table 69 Security > Firewall > Anti Probing LABEL DESCRIPTION Respond to PING The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected.
  • Page 163: Figure 91 Security > Firewall > Threshold

    Figure 91 Security > Firewall > Threshold The following table describes the labels in this screen. Table 70 Security > Firewall > Threshold LABEL DESCRIPTION Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions that causes the firewall to stop deleting half-open sessions.
  • Page 164 P-870HW-I1 User’s Guide Table 70 Security > Firewall > Threshold (continued) LABEL DESCRIPTION Deny New Select this radio button and specify for how long the ZyXEL Device should block Connection new connection requests when TCP Maximum Incomplete is reached. Request for Enter the length of blocking time in minutes (between 1 and 256).
  • Page 165: Content Filter

    Use these screens to create and enforce policies that restrict access to the Internet based on content. 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to their needs. Content filtering is the ability to block certain web features or specific URL keywords.
  • Page 166: Figure 92 Security > Content Filter > Filter

    P-870HW-I1 User’s Guide Figure 92 Security > Content Filter > Filter Each field is described in the following table. Table 71 Security > Content Filter > Filter LABEL DESCRIPTION Trusted IP Setup Trusted Computer You can allow a specific computer to access all Internet resources without the IP Address restrictions you set in these screens.
  • Page 167: Content Filter Schedule Screen

    Table 71 Security > Content Filter > Filter LABEL DESCRIPTION Keyword Type a keyword you want to block in this field. You can use up to 64 printable ASCII characters. There is no wildcard character, however. Click this to add the specified Keyword to the Keyword List. You can enter up to 64 keywords.
  • Page 168 P-870HW-I1 User’s Guide Chapter 12 Content Filter...
  • Page 169: Chapter 13 Certificates

    This chapter explains how to use certificates with your ZyXEL Device. 13.1 Certificates Overview The ZyXEL Device can use certificates (also called digital IDs) to authenticate users and to let users authenticate the ZyXEL Device. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key.
  • Page 170: Advantages Of Certificates

    P-870HW-I1 User’s Guide Certification authorities maintain directory servers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled expiration is called a CRL (Certificate Revocation List). The ZyXEL Device can check a peer’s certificate against a directory server’s list of revoked certificates.
  • Page 171: Figure 94 Security > Certificates > My Certificates

    Figure 94 Security > Certificates > My Certificates The following table describes the labels in this screen. Table 73 Security > Certificates > My Certificates LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
  • Page 172: Import My Certificate Screen

    P-870HW-I1 User’s Guide Table 73 Security > Certificates > My Certificates (continued) LABEL DESCRIPTION Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable.
  • Page 173: Create My Certificate Screen

    Figure 95 Security > Certificates > My Certificates > Import The following table describes the labels in this screen. Table 74 Security > Certificates > My Certificates > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click this to find the certificate file you want to upload.
  • Page 174: Figure 96 Security > Certificates > My Certificates > Create

    P-870HW-I1 User’s Guide Figure 96 Security > Certificates > My Certificates > Create The following table describes the labels in this screen. Table 75 Security > Certificates > My Certificates > Create LABEL Certificate Name Subject Information Common Name Organizational Unit Organization Country DESCRIPTION...
  • Page 175 Table 75 Security > Certificates > My Certificates > Create (continued) LABEL Key Length Enrollment Options Create a self-signed certificate Create a certification request and save it locally for later manual enrollment Create a certification request and enroll for a certificate immediately online Enrollment Protocol CA Server Address...
  • Page 176: Edit My Certificates Screen

    P-870HW-I1 User’s Guide Figure 97 Security > Certificates > My Certificates > Create > In Progress Wait while the ZyXEL Device generates the self-signed certificate or certification request. Afterwards, the following screen should appear. Figure 98 Security > Certificates > My Certificates > Create > Successful If the ZyXEL Device is successful, click Return to go to the Security >...
  • Page 177: Figure 99 Security > Certificates > My Certificates > Edit

    Figure 99 Security > Certificates > My Certificates > Edit The following table describes the labels in this screen. Table 76 Security > Certificates > My Certificates > Edit LABEL Name Property Default self-signed certificate which signs the imported remote host certificates.
  • Page 178 P-870HW-I1 User’s Guide Table 76 Security > Certificates > My Certificates > Edit (continued) LABEL Refresh Certificate Informations Type Version Serial Number Subject Issuer Signature Algorithm Valid From Valid To Key Algorithm Subject Alternative Name Key Usage Basic Constraint MD5 Fingerprint SHA1 Fingerprint DESCRIPTION Click this to display the certification path.
  • Page 179: Trusted Cas Screen

    Table 76 Security > Certificates > My Certificates > Edit (continued) LABEL -- BEGIN CERTIFICATE -- Export Apply Cancel 13.6 Trusted CAs Screen Use this screen to look at certificates from certification authorities that the ZyXEL Device trusts. The ZyXEL Device accepts any valid certificate signed by these certification authorities as being trustworthy so that you do not need to import such certificates.
  • Page 180: Figure 100 Security > Certificates > Trusted Cas

    P-870HW-I1 User’s Guide Figure 100 Security > Certificates > Trusted CAs The following table describes the labels in this screen. Table 77 Security > Certificates > Trusted CAs LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
  • Page 181: Import Trusted Ca Screen

    Table 77 Security > Certificates > Trusted CAs (continued) LABEL DESCRIPTION Import Click this to open the Import Trusted CA screen. Refresh Click this to update the screen. 13.7 Import Trusted CA Screen Use this screen to add the certificate of a trusted certification authority to the ZyXEL Device. To open this screen, click Import in Security >...
  • Page 182: Figure 102 Security > Certificates > Trusted Cas > Edit

    P-870HW-I1 User’s Guide Figure 102 Security > Certificates > Trusted CAs > Edit The following table describes the labels in this screen. Table 79 Security > Certificates > Trusted CAs > Edit LABEL Name Check incoming certificates issued by this CA against a Certification Path DESCRIPTION This field displays the identifying name of this certificate.
  • Page 183 Table 79 Security > Certificates > Trusted CAs > Edit (continued) LABEL Refresh Certificate Information Type Version Serial Number Subject Issuer Signature Algorithm Valid From Valid To Key Algorithm Subject Alternative Name Key Usage Basic Constraint MD5 Fingerprint SHA1 Fingerprint Chapter 13 Certificates DESCRIPTION Click this to display the certification path.
  • Page 184: Trusted Remote Hosts Screen

    P-870HW-I1 User’s Guide Table 79 Security > Certificates > Trusted CAs > Edit (continued) LABEL Certificate in PEM (Base-64) Encoded Format Export Apply Cancel 13.9 Trusted Remote Hosts Screen Use this screen to look at the certificates of peers that you trust but which are not signed by one of the trusted certification authorities (on the Security >...
  • Page 185: Figure 103 Security > Certificates > Trusted Remote Hosts

    Figure 103 Security > Certificates > Trusted Remote Hosts The following table describes the labels in this screen. Table 80 Security > Certificates > Trusted Remote Hosts LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
  • Page 186: Verifying A Trusted Remote Host's Certificate

    P-870HW-I1 User’s Guide 13.10 Verifying a Trusted Remote Host’s Certificate Self-signed certificates only have the signature of the host itself. You should be very careful about importing (and thereby trusting) a remote host’s self-signed certificate. You can follow these steps to check that you have the remote host’s actual certificate. 1 Open Windows Explorer.
  • Page 187: Edit Trusted Remote Host Screen

    Figure 105 Security > Certificates > Trusted Remote Host > Import The following table describes the labels in this screen. Table 81 Security > Certificates > Trusted Remote Host > Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click this to find the certificate file you want to upload.
  • Page 188: Figure 106 Security > Certificates > Trusted Remote Hosts > Edit

    P-870HW-I1 User’s Guide Figure 106 Security > Certificates > Trusted Remote Hosts > Edit The following table describes the labels in this screen. Table 82 Security > Certificates > Trusted Remote Hosts > Edit LABEL Name Certification Path Refresh Certificate Information These read-only fields display detailed information about the certificate. Type DESCRIPTION This field displays the identifying name of this certificate.
  • Page 189 Table 82 Security > Certificates > Trusted Remote Hosts > Edit (continued) LABEL Version Serial Number Subject Issuer Signature Algorithm Valid From Valid To Key Algorithm Subject Alternative Name Key Usage Basic Constraint MD5 Fingerprint SHA1 Fingerprint Certificate in PEM (Base-64) Encoded Format Export...
  • Page 190: Directory Servers Screen

    P-870HW-I1 User’s Guide Table 82 Security > Certificates > Trusted Remote Hosts > Edit (continued) LABEL Apply Cancel 13.13 Directory Servers Screen Use this screen to look at the current list of directory servers, which the ZyXEL Device checks if the certificate does not list a server or if the listed server is not available. To open this screen, click Security >...
  • Page 191: Edit Directory Server Screen

    13.14 Edit Directory Server Screen Use this screen to create or edit a directory server the ZyXEL Device should use if the certificate does not list a server or if the listed server is not available. To open this screen, click Add or an Edit icon in Security >...
  • Page 192 P-870HW-I1 User’s Guide Table 84 Security > Certificates > Directory Servers > Edit (continued) LABEL DESCRIPTION Apply Click this to save your changes to the ZyXEL Device. Cancel Click this to return to the previous screen without saving any changes. At the time of writing, LDAP is the only choice of directory server access protocol.
  • Page 193: Chapter 14 Static Route

    Use these screens to configure static routes in the ZyXEL Device. 14.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
  • Page 194: Edit Ip Static Route Screen

    P-870HW-I1 User’s Guide Figure 110 Management > Static Route > IP Static Route Each field is described in the following table. Table 85 Management > Static Route > IP Static Route LABEL DESCRIPTION This field is a sequential value, and it is not associated with a specific rule. The sequence is important, however.
  • Page 195: Figure 111 Management > Static Route > Ip Static Route > Edit

    Figure 111 Management > Static Route > IP Static Route > Edit Each field is described in the following table. Table 86 Management > Static Route > IP Static Route > Edit LABEL DESCRIPTION Route Name Enter the name of the static route. Active Select this if you want the static route to be used.
  • Page 196 P-870HW-I1 User’s Guide Chapter 14 Static Route...
  • Page 197: Chapter 15 Bandwidth Mgmt

    This chapter explains how to configure bandwidth management in your ZyXEL Device. 15.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on application. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules. The ZyXEL Device applies bandwidth management to all traffic, regardless of the source, that it forwards out through an interface.
  • Page 198: Example: Unused And Unbudgeted Bandwidth

    P-870HW-I1 User’s Guide 15.1.3 Example: Unused and Unbudgeted Bandwidth The following table shows the priorities of applications and the amount of bandwidth that each application gets. Table 88 Example: Priority-based Allotment of Unused and Unbudgeted Bandwidth BANDWIDTH CLASSES, PRIORITIES AND ALLOTMENTS Root Class: 10240 kbps Suppose that all of the applications except for administration need more bandwidth.
  • Page 199: Over Allotment Of Bandwidth

    15.1.5 Over Allotment of Bandwidth You can set the bandwidth management speed for an interface higher than the interface’s actual transmission speed. Higher priority traffic gets to use up to its allocated bandwidth, even if it takes up all of the interface’s available bandwidth. This could stop lower priority traffic from being sent.
  • Page 200: Figure 112 Management > Bandwidth Mgmt > Configuration

    P-870HW-I1 User’s Guide Figure 112 Management > Bandwidth MGMT > Configuration Chapter 15 Bandwidth MGMT...
  • Page 201: Table 90 Management > Bandwidth Mgmt > Configuration

    Appendix I on page 431 in this screen. Table 90 Management > Bandwidth MGMT > Configuration LABEL DESCRIPTION Active Select this to enable bandwidth management. LAN BW Enter the amount of bandwidth for this interface that you want to allocate using Budget(kbps) bandwidth management.
  • Page 202: Edit Bandwidth Management Rule Screen

    P-870HW-I1 User’s Guide Table 90 Management > Bandwidth MGMT > Configuration (continued) LABEL DESCRIPTION Priority Select a priority from the drop down list box. Choose High, Mid or Low. Modify Use this field to edit or erase the rule. Click the Edit icon to open the Edit Bandwidth Management Rule screen. Click the Remove icon to erase this rule.
  • Page 203: Table 91 Management > Bandwidth Mgmt > Configuration > Edit

    Appendix I on page 431 in this screen. Table 91 Management > Bandwidth MGMT > Configuration > Edit LABEL Rule Configuration Active Rule Name BW Budget Priority Use All Managed Bandwidth Filter Configuration Service Destination Address Enter the destination IP address in dotted decimal notation. Destination Subnet Netmask Destination Port...
  • Page 204: Bandwidth Monitor

    P-870HW-I1 User’s Guide Table 91 Management > Bandwidth MGMT > Configuration > Edit (continued) LABEL DESCRIPTION Source Port Enter the port number of the source. Protocol Select the protocol (TCP or UDP) or select User defined and enter the protocol (service type) number.
  • Page 205: Chapter 16 Remote Mgmt

    Use these screens to control which computers can use which services to access the ZyXEL Device on each interface. 16.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. You may manage your ZyXEL Device from a remote location via: •...
  • Page 206: Remote Management And Nat

    P-870HW-I1 User’s Guide 16.1.2 Remote Management and NAT When NAT is enabled: • Use the ZyXEL Device’s WAN IP address when configuring from the WAN. • Use the ZyXEL Device’s LAN IP address when configuring from the LAN. 16.1.3 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds).
  • Page 207: Supported Mibs

    An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP.
  • Page 208: Www Screen

    P-870HW-I1 User’s Guide Table 93 SNMPv2 Traps TRAP NAME Generic Traps coldStart warmStart linkDown linkUp Traps defined in the ZyXEL Private MIB. whyReboot Some traps include an SNMP interface index. The following table maps the SNMP interface indexes to the ZyXEL Device’s physical ports. Table 94 SNMP Interface Index to Physical Port Mapping INTERFACE TYPE enet0...
  • Page 209: Figure 116 Management > Remote Mgmt > Www

    Figure 116 Management > Remote MGMT > WWW Each field is described in the following table. Table 95 Management > Remote MGMT > WWW LABEL DESCRIPTION HTTPS Server Certificate Select the certificate the ZyXEL Device provides to clients using this service. Authenticate This field is disabled if you have not set up any trusted certification authorities.
  • Page 210: Telnet Screen

    P-870HW-I1 User’s Guide 16.3 Telnet Screen Use this screen to control Telnet access to your ZyXEL Device. To open this screen, click Management > Remote MGMT > Telnet. Figure 117 Management > Remote MGMT > Telnet Each field is described in the following table. Table 96 Management >...
  • Page 211: Snmp Screen

    Figure 118 Management > Remote MGMT > FTP Each field is described in the following table. Table 97 Management > Remote MGMT > FTP LABEL DESCRIPTION Server Port Enter the port number this service can use to access the ZyXEL Device. The computer must use the same port number.
  • Page 212: Figure 119 Management > Remote Mgmt > Snmp

    P-870HW-I1 User’s Guide Figure 119 Management > Remote MGMT > SNMP Each field is described in the following table. Table 98 Management > Remote MGMT > SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the password for incoming Get requests and GetNext requests from the management station.
  • Page 213: Dns Screen

    16.6 DNS Screen Use this screen to control DNS access to your ZyXEL Device. To open this screen, click Management > Remote MGMT > DNS. Figure 120 Management > Remote MGMT > DNS Each field is described in the following table. Table 99 Management >...
  • Page 214: Ssh Screen

    P-870HW-I1 User’s Guide Each field is described in the following table. Table 100 Management > Remote MGMT > Security LABEL DESCRIPTION Respond to Ping Select the interface(s) on which the ZyXEL Device should respond to incoming ping requests. Disable - the ZyXEL Device does not respond to any ping requests. LAN - the ZyXEL Device only responds to ping requests received from the LAN.
  • Page 215: 215

    Each field is described in the following table. Table 101 Management > Remote MGMT > SSH LABEL DESCRIPTION Server Host Key Select the certificate the ZyXEL Device provides to clients using this service. Server Port This field is read-only. It displays the port number this service uses to access the ZyXEL Device.
  • Page 216: Table 102 Tr-069 Commands

    P-870HW-I1 User’s Guide The following table gives a description of TR-069 commands. Table 102 TR-069 Commands Command or Root Command Subdirectory tr069 load active [0:no/ 1:yes] acsUrl <URL> username [maxlength:15] password [maxlength:15] periodicEnable [0:Disable/ 1:Enable] informInterval [sec] save Description All TR-069 related commands must be preceded by wan tr069. Start configuring TR-069 on your ZyXEL Device.
  • Page 217: Chapter 17 Upnp

    This chapter introduces the Universal Plug-and-Play (UPnP) feature. 17.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
  • Page 218: Upnp And Zyxel

    P-870HW-I1 User’s Guide When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.
  • Page 219: Installing Upnp In Windows Example

    Table 103 Configuring UPnP LABEL Allow UPnP to pass through Firewall Apply Reset 17.4 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel.
  • Page 220: Figure 126 Add/Remove Programs: Windows Setup: Communication: Components

    P-870HW-I1 User’s Guide Figure 126 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
  • Page 221: Figure 128 Windows Optional Networking Components Wizard

    P-870HW-I1 User’s Guide Figure 128 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 129 Networking Services Chapter 17 UPnP...
  • Page 222: Using Upnp In Windows Xp Example

    P-870HW-I1 User’s Guide 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 17.5 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device.
  • Page 223: Figure 131 Internet Connection Properties

    P-870HW-I1 User’s Guide Figure 131 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Chapter 17 UPnP...
  • Page 224: Figure 132 Internet Connection Properties: Advanced Settings

    P-870HW-I1 User’s Guide Figure 132 Internet Connection Properties: Advanced Settings Figure 133 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
  • Page 225: Figure 134 System Tray Icon

    Figure 134 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 135 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first.
  • Page 226: Figure 136 Network Connections

    P-870HW-I1 User’s Guide Figure 136 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Chapter 17 UPnP...
  • Page 227: Figure 137 Network Connections: My Network Places

    P-870HW-I1 User’s Guide Figure 137 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 138 Network Connections: My Network Places: Properties: Example Chapter 17 UPnP...
  • Page 228 P-870HW-I1 User’s Guide Chapter 17 UPnP...
  • Page 229: Chapter 18 System

    Use this screen to configure the ZyXEL Device’s time and date settings. 18.1 General Setup 18.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
  • Page 230: Dyndns Wildcard

    P-870HW-I1 User’s Guide 18.1.2.1 DYNDNS Wildcard Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. 18.1.3 Resetting the Time If you use a time server, the ZyXEL Device updates the current date and time when the ZyXEL Device starts up and in 24-hour intervals after that (until you turn off the ZyXEL...
  • Page 231: Dynamic Dns Screen

    Table 104 Maintenance > System > General (continued) LABEL DESCRIPTION Domain Name Enter the domain name (if you know it) here. If you leave this field blank, the ISP may assign a domain name via DHCP. The domain name entered by you is given priority over the ISP assigned domain name.
  • Page 232: Figure 140 Maintenance > System > Dynamic Dns

    P-870HW-I1 User’s Guide Figure 140 Maintenance > System > Dynamic DNS The following table describes the fields in this screen. Table 105 Maintenance > System > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Enable Dynamic Select this to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider.
  • Page 233: Time Setting Screen

    Table 105 Maintenance > System > Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. With this feature, the DDNS server automatically detect IP detects and uses the IP address of the appropriate NAT router that has a public IP Address...
  • Page 234: Table 106 Maintenance > System > Time Setting

    P-870HW-I1 User’s Guide The following table describes the fields in this screen. Table 106 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server.
  • Page 235 Table 106 Maintenance > System > Time Setting (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the first Sunday of April.
  • Page 236 P-870HW-I1 User’s Guide Chapter 18 System...
  • Page 237: Chapter 19 Logs

    This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for examples of log message explanations. 19.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
  • Page 238: Log Settings Screen

    P-870HW-I1 User’s Guide Log entries in red indicate alerts. The log wraps around and deletes the old entries after it fills up. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order. The following table describes the fields in this screen. Table 107 Maintenance >...
  • Page 239: Figure 143 Maintenance > Logs > Log Settings

    Figure 143 Maintenance > Logs > Log Settings The following table describes the fields in this screen. Table 108 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
  • Page 240 P-870HW-I1 User’s Guide Table 108 Log Settings LABEL DESCRIPTION Send Log To The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail. Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs.
  • Page 241: Chapter 20 Tools

    This chapter upload new firmware, manage configuration and restart your ZyXEL Device. 20.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a.bin extension, for example, "Prestige.bin". Only use firmware for your device’s specific model.
  • Page 242: Configuration Screen

    P-870HW-I1 User’s Guide Figure 145 Upload Firmware: In Progress Wait two minutes before logging into the ZyXEL Device again. The ZyXEL Device automatically restarts in this time, which causes a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 146 Upload Firmware: Network Temporarily Disconnected Log in again, and check your new firmware version in the Status screen.
  • Page 243: Figure 148 Maintenance > Tools > Configuration

    Figure 148 Maintenance > Tools > Configuration The following table describes each field in the screen. Table 110 Maintenance > Tools > Configuration LABEL DESCRIPTION Backup Once your ZyXEL Device is configured and functioning properly, it is highly Configuration recommended that you back up your configuration file before making configuration changes.
  • Page 244: Restart Screen

    P-870HW-I1 User’s Guide Figure 149 Restore Configuration: Successful Wait one minute before logging into the ZyXEL Device again. The ZyXEL Device automatically restarts in this time, which causes a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 150 Restore Configuration: Network Temporarily Disconnected If the IP address of the ZyXEL Device is different in the new configuration, you may need to change the IP address in your browser and maybe put your computer in the same subnet as the...
  • Page 245: Figure 152 Restart Screen

    P-870HW-I1 User’s Guide Figure 152 Restart Screen Click Restart to have the ZyXEL Device reboot. Chapter 20 Tools...
  • Page 246 P-870HW-I1 User’s Guide Chapter 20 Tools...
  • Page 247: Chapter 21 Introducing The Smt

    The System Management Terminal (SMT) provides a text-based, menu-driven console to manage the ZyXEL Device. This chapter describes how to access the SMT and then provides an overview of its menus. 21.1 Accessing the SMT Use Telnet to access the SMT. Follow these steps. 1 In Windows, click Start >...
  • Page 248: Smt Menu Items

    P-870HW-I1 User’s Guide Figure 154 SMT Main Menu Copyright (c) 1994 - 2003 ZyXEL Communications Corp. Getting Started 1. General Setup 2. WAN Setup 3. LAN Setup 4. Internet Access Setup Advanced Applications 11. Remote Node Setup 12. Static Routing Setup 14.
  • Page 249 Table 111 SMT Menus Overview (continued) MENUS 3.2 TCP/IP and DHCP Ethernet Setup 3.5 Wireless LAN Setup 4 Internet Access Setup 11 Remote Node Setup 11.1 Remote Node Profile 12 Static Routing Setup 12.1 Edit IP Static Route 14 Dial-in User Setup 14.1 Edit Dial-in User 15 NAT Setup 15.1 Address...
  • Page 250 P-870HW-I1 User’s Guide Table 111 SMT Menus Overview (continued) MENUS 21.1 Filter Set Configuration 21.2 Firewall Setup 22 SNMP Configuration 23 System Security 23.1 Change Password 23.2 RADIUS Server 23.4 IEEE802.1X 24 System Maintenance 24.1 System Status 24.2 System Information and Console Port Speed 24.3 Log and Trace 24.4 Diagnostic...
  • Page 251: Navigating The Smt Interface

    Table 111 SMT Menus Overview (continued) MENUS 24.8 Command Interpreter Mode 24.9 Call Control 24.10 Time and Date Setting 24.11 Remote Management Control 25 IP Routing Policy Summary 25.1 IP Routing Policy Setup 26 Schedule Setup 26.1 Schedule Set Setup 99 Exit 21.3 Navigating the SMT Interface Several operations that you should be familiar with before you attempt to modify the...
  • Page 252 P-870HW-I1 User’s Guide Table 112 Main Menu Commands OPERATION KEYSTROKE Entering information Type in or press [SPACE BAR], then press [ENTER]. Required fields < N/A fields <N/A> Save your [ENTER] configuration Exit the SMT Type 99, then press [ENTER]. DESCRIPTION You need to fill in two types of fields.
  • Page 253: Chapter 22 General Setup

    Use this menu to set up the system name, domain name, DNS servers, and dynamic DNS. 22.1 General Setup Use this menu to set up the system name, domain name, and DNS servers. See page 229 Chapter 7 on page 119 in the main menu.
  • Page 254: Configure Dynamic Dns

    P-870HW-I1 User’s Guide Table 113 Menu 1: General Setup (continued) FIELD First System DNS Server Second System DNS Server Third System DNS Server IP Address Edit Dynamic DNS 22.2 Configure Dynamic DNS Use this menu to configure your dynamic DNS account settings. See for background information.
  • Page 255: Configure Dynamic Dns

    22.3 Configure Dynamic DNS Use this menu to configure your dynamic DNS domain name settings. See for background information. To open this menu, select Yes in Edit Host in menu 1.1. Figure 157 Menu 1.1.1: DDNS Edit Host Hostname= DDNS Type= DynamicDNS Enable Wildcard Option= No Enable Off Line Option= N/A IP Address Update Policy:...
  • Page 256 P-870HW-I1 User’s Guide Chapter 22 General Setup...
  • Page 257: Chapter 23 Wan Setup

    Use this menu to configure the WAN MAC address. See background information. To open this menu, enter 2 in the main menu. Figure 158 Menu 2: WAN Setup The following table describes the labels in this menu. Table 116 Menu 2: WAN Setup FIELD MAC Address Assigned By...
  • Page 258 P-870HW-I1 User’s Guide Chapter 23 WAN Setup...
  • Page 259: Chapter 24 Lan Setup

    Use this menu to set up the LAN IP address, DHCP server, additional subnets, and input and output filter sets for the LAN port. You can also use this menu to configure the wireless network. 24.1 LAN Port Filter Setup Use this menu to specify input and output filter sets for the LAN port.
  • Page 260: Tcp/Ip And Dhcp Ethernet Setup

    P-870HW-I1 User’s Guide 24.2 TCP/IP and DHCP Ethernet Setup Use this menu to set up the LAN IP address and to configure the ZyXEL Device’s DHCP server. The DHCP server assigns IP addresses and provides DNS server information to other computers on the LAN or WLAN.
  • Page 261 Table 118 Menu 3.2: TCP/IP and DHCP Ethernet Setup (continued) FIELD First DNS Server Second DNS Server Third DNS Server IP Address DHCP Server Address TCP/IP Setup IP Address IP Subnet Mask RIP Direction Version Multicast Edit IP Alias Chapter 24 LAN Setup DESCRIPTION Press [SPACE BAR] to select From ISP, User Defined or None and press [ENTER].
  • Page 262: Ip Alias Setup

    P-870HW-I1 User’s Guide 24.3 IP Alias Setup Use this menu to partition your LAN interface into subnets. See Chapter 30 on page 287 Alias in menu 3.2. Figure 161 Menu 3.2.1: IP Alias Setup The following table describes the labels in this menu. Table 119 Menu 3.2.1: IP Alias Setup FIELD IP Alias 1...
  • Page 263: Wireless Lan Setup

    Table 119 Menu 3.2.1: IP Alias Setup (continued) FIELD Outgoing protocol filters IP Alias 2 IP Address IP Subnet Mask RIP Direction Version Incoming protocol filters Outgoing protocol filters 24.4 Wireless LAN Setup Use this menu to configure basic wireless settings and wireless security. See page 93 for background information.
  • Page 264: Figure 162 Menu 3.5: Wireless Lan Setup

    P-870HW-I1 User’s Guide Figure 162 Menu 3.5: Wireless LAN Setup The ESSID in the SMT is the same as the SSID in the web configurator. The following table describes the labels in this menu. Table 120 Menu 3.5: Wireless LAN Setup FIELD Enable Wireless LAN ESSID...
  • Page 265: Wlan Mac Address Filter

    24.5 WLAN MAC Address Filter Use this menu to block or allow other devices to access the ZyXEL Device. See page 93 for background information. To open this menu, select Yes in Edit MAC Address Filter in menu 3.5. Figure 163 Menu 3.5.1: WLAN MAC Address Filter -------------------------------------------------------------------------- 00:00:00:00:00:00 00:00:00:00:00:00...
  • Page 266 P-870HW-I1 User’s Guide Chapter 24 LAN Setup...
  • Page 267: Chapter 25 Internet Access Setup

    Use this menu to set up your Internet connection. See on page 137 for background information. To open this menu, enter 4 in the main menu. Figure 164 Menu 4: Internet Access Setup The following table describes the labels in this menu. Table 122 Menu 4: Internet Access Setup FIELD ISP’s Name...
  • Page 268 P-870HW-I1 User’s Guide Table 122 Menu 4: Internet Access Setup (continued) FIELD Gateway IP Address Network Address Translation DESCRIPTION This field is not available if your ISP uses PPPoE encapsulation. Enter the IP address of the gateway provided by your ISP. Select None if you do not want to use port forwarding, trigger ports, or NAT.
  • Page 269: Chapter 26 Remote Node Setup

    Use this menu to set up your Internet connection, input and output filter sets for the WAN port, advanced features for the WAN port, or a backup gateway. 26.1 Remote Node Profile Use this menu to set up your Internet connection. See on page 347 for background information.
  • Page 270: Remote Node Network Layer Options

    P-870HW-I1 User’s Guide Table 123 Menu 11.1: Remote Node Profile (continued) FIELD My Login My Password Retype to Confirm Authen Route Edit IP Telco Option Allocated Budget(min) Enter the maximum amount of time (in minutes) each call can last. Enter 0 if Period(hr) Schedules Nailed-Up Connection Select this if you want the ZyXEL Device to automatically connect to your ISP...
  • Page 271: Figure 166 Menu 11.1.2: Remote Node Network Layer Options

    Figure 166 Menu 11.1.2: Remote Node Network Layer Options The following table describes the labels in this menu. Table 124 Menu 11.1.2: Remote Node Network Layer Options FIELD IP Address Assignment IP Address IP Subnet Mask Gateway IP Addr Rem IP Addr Rem Subnet Mask My WAN Addr Network Address...
  • Page 272: Remote Node Filter

    P-870HW-I1 User’s Guide Table 124 Menu 11.1.2: Remote Node Network Layer Options (continued) FIELD Private RIP Direction Version Multicast 26.3 Remote Node Filter Use this menu to specify input and output filter sets for the WAN port. See for background information. To open this menu, select Yes in Edit Filter Sets in menu 11.1.
  • Page 273: Traffic Redirect Setup

    Figure 167 Menu 11.1.4: Remote Node Filter The following table describes the labels in this menu. Table 125 Menu 11.1.4: Remote Node Filter FIELD Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Call Filter Sets protocol filters device filters 26.4 Traffic Redirect Setup...
  • Page 274: Figure 168 Menu 11.1.5: Traffic Redirect Setup

    P-870HW-I1 User’s Guide Figure 168 Menu 11.1.5: Traffic Redirect Setup The following table describes the labels in this menu. Table 126 Menu 11.1.5: Traffic Redirect Setup FIELD Active Configuration Backup Gateway IP Address Metric Check WAN IP Address Fail Tolerance Period(sec) Timeout(sec) Menu 11.1.5 - Traffic Redirect Setup...
  • Page 275: Chapter 27 Static Routing Setup

    Use this menu to look at and configure IP static routes. 27.1 IP Static Route Setup Use this menu to look at IP static routes. See information. To open this menu, enter 12 in the main menu. Figure 169 Menu 12: IP Static Route Setup 1.
  • Page 276: Edit Ip Static Route

    P-870HW-I1 User’s Guide 27.2 Edit IP Static Route Use this menu to configure IP static routes. See information. To open this menu, enter an IP static route number in Enter selection number in menu 12. Figure 170 Menu 12.1: Edit IP Static Route The following table describes the labels in this menu.
  • Page 277: Chapter 28 Dial-In User Setup

    Use this menu to look at and configure local user profiles on the ZyXEL Device. 28.1 Dial-in User Setup Use this menu to look at local user profiles on the ZyXEL Device. See for background information. To open this menu, enter 14 in the main menu. Figure 171 Menu 14: Dial-in User Setup 1.
  • Page 278: Figure 172 Menu 14.1: Edit Dial-In User

    P-870HW-I1 User’s Guide Figure 172 Menu 14.1: Edit Dial-in User The following table describes the labels in this menu. Table 130 Menu 14.1: Edit Dial-in User FIELD User Name Active Password Menu 14.1 - Edit Dial-in User User Name= ? Active= No Password= ? DESCRIPTION...
  • Page 279: Chapter 29 Nat Setup

    Use this menu to configure address mapping, port forwarding, and trigger ports. 29.1 Address Mapping Sets Use this menu to select which address mapping set you want to configure. See page 137 for background information. To open this menu, enter 1 in menu 15. Figure 173 Menu 15.1: Address Mapping Sets You cannot create The following table describes the labels in this menu.
  • Page 280: Figure 174 Menu 15.1.1: Address Mapping Rules

    P-870HW-I1 User’s Guide Figure 174 Menu 15.1.1: Address Mapping Rules Menu 15.1.1 - Address Mapping Rules Set Name= ACL Default Set Local Start IP --------------- The following table describes the labels in this menu. Table 132 Menu 15.1.1: Address Mapping Rules FIELD Set Name Local Start IP...
  • Page 281: Address Mapping Rule

    Table 132 Menu 15.1.1: Address Mapping Rules (continued) FIELD Type Action Select Rule 29.3 Address Mapping Rule Use this menu to configure network address translation mapping rules. See for background information. To open this menu, select one of the address mapping rules in menu 15.1.1.
  • Page 282: Nat Server Setup

    P-870HW-I1 User’s Guide The following table describes the labels in this menu. Table 133 Menu 15.1.1.1: Address Mapping Rule FIELD Type Local IP: Start Global IP: Start 29.4 NAT Server Setup Use this menu to look at servers for which you have configured port forwarding rules. See Chapter 10 on page 137 DESCRIPTION Choose the port mapping type from one of the following.
  • Page 283: Nat Server Configuration

    Figure 176 Menu 15.2: NAT Server Setup Rule ------------------------------------------------------ Select Command= None The following table describes the labels in this menu. Table 134 Menu 15.2: NAT Server Setup FIELD Default Server Rule Act. Start Port End Port IP Address Select Command Select Rule 29.5 NAT Server Configuration Use this menu to configure port forwarding rules for servers behind the ZyXEL Device.
  • Page 284: Trigger Port Setup

    P-870HW-I1 User’s Guide Figure 177 Menu 15.2.1: NAT Server Configuration Wan= 1 ----------------------------------------------------------------- Name= Active= No Start port= 0 IP Address= 0.0.0.0 The following table describes the labels in this menu. Table 135 Menu 15.2.1: NAT Server Configuration FIELD Index Name Active Start port...
  • Page 285: Figure 178 Menu 15.3: Trigger Port Setup

    Figure 178 Menu 15.3: Trigger Port Setup Rule ---------------------------------------------------------------------- The following table describes the labels in this menu. Table 136 Menu 15.3: Trigger Port Setup FIELD Name Incoming Start Port End Port Trigger Start Port End Port Chapter 29 NAT Setup Menu 15.3 - Trigger Port Setup Incoming Name...
  • Page 286 P-870HW-I1 User’s Guide Chapter 29 NAT Setup...
  • Page 287: Chapter 30 Filter Setup

    This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Your ZyXEL Device uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
  • Page 288: The Filter Structure Of The Zyxel Device

    P-870HW-I1 User’s Guide 30.1.1 The Filter Structure of the ZyXEL Device A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
  • Page 289: Configuring A Filter Set

    Figure 180 Filter Rule Process You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
  • Page 290: Figure 181 Menu 21: Filter And Firewall Setup

    P-870HW-I1 User’s Guide Figure 181 Menu 21: Filter and Firewall Setup 2 Enter 1 to bring up the following menu. Figure 182 Menu 21.1: Filter Set Configuration Filter Set # ------ ----------------- _______________ NetBIOS_WAN NetBIOS_LAN IGMP _______________ _______________ Select the filter set you wish to configure (1-12) and press [ENTER] Enter a descriptive name or comment in the Edit Comments field and press [ENTER].
  • Page 291: Figure 183 Menu 21.1.1: Filter Rules Summary

    Figure 183 Menu 21.1.1: Filter Rules Summary # A Type - - ---- --------------------------------------------------------------- - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138 3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 5 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 6 Y IP...
  • Page 292: Configuring A Filter Rule

    P-870HW-I1 User’s Guide Table 138 Rule Abbreviations Used (continued) ABBREVIATION Refer to the next section for information on configuring the filter rules. 30.2.1 Configuring a Filter Rule To configure a filter rule, type its number in Menu 21.1.1 - Filter Rules Summary and press [ENTER] to open menu 21.1.1.1 for the rule.
  • Page 293: Figure 184 Menu 21.1.1.1 Tcp/Ip Filter Rule

    Figure 184 Menu 21.1.1.1 TCP/IP Filter Rule. The following table describes how to configure your TCP/IP filter rule. Table 139 TCP/IP Filter Rule FIELD DESCRIPTION Filter # This is the filter set, filter rule coordinates, i.e., 2,3 refers to the second filter set and the third rule of that set.
  • Page 294 P-870HW-I1 User’s Guide Table 139 TCP/IP Filter Rule (continued) FIELD DESCRIPTION Port # Comp Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the destination port in the packet against the value given in Destination: Port #. Source IP Addr Enter the source IP Address of the packet you wish to filter.
  • Page 295: Configuring A Generic Filter Rule

    Figure 185 Executing an IP Filter 30.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. Chapter 30 Filter Setup P-870HW-I1 User’s Guide...
  • Page 296: Figure 186 Menu 21.1.1.1 Generic Filter Rule

    P-870HW-I1 User’s Guide For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
  • Page 297: Example Filter

    Table 140 Generic Filter Rule Menu Fields FIELD DESCRIPTION Filter # This is the filter set, filter rule coordinates, i.e., 2,3 refers to the second filter set and the third rule of that set. Filter Type Use [SPACE BAR] and then [ENTER] to select a rule type. Parameters displayed below each type will be different.
  • Page 298: Figure 187 Telnet Filter Example

    P-870HW-I1 User’s Guide Figure 187 Telnet Filter Example 1 Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup. 2 Enter 1 to open Menu 21.1 - Filter Set Configuration. 3 Enter the index of the filter set you wish to configure (say 3) and press [ENTER] 4 Enter a descriptive name or comment in the Edit Comments field and press [ENTER].
  • Page 299: Figure 189 Example Filter Rules Summary: Menu 21.1.3

    • The Port # for the telnet service (TCP protocol) is 23. See RFC 1060 for port numbers of well-known services. • Select Equal from the Port # Comp field as you are looking for packets going to port 23 only.
  • Page 300: Filter Types And Nat

    P-870HW-I1 User’s Guide 30.4 Filter Types and NAT There are two classes of filter rules, Generic Filter (Device) rules and protocol filter (TCP/ IP) rules. Generic filter rules act on the raw data from/to LAN and WAN. Protocol filter rules act on the IP packets.
  • Page 301: Applying Remote Node Filters

    Figure 191 Filtering LAN Traffic Menu 3.1 - LAN Port Filter Setup Press ENTER to Confirm or ESC to Cancel: 30.6.2 Applying Remote Node Filters Go to menu 11.5 (shown below – note that call filter sets are only present for PPPoE encapsulation) and enter the number(s) of the filter set(s) as appropriate.
  • Page 302: Figure 193 Menu 11.1: Remote Node Profile

    P-870HW-I1 User’s Guide Figure 193 Menu 11.1: Remote Node Profile Rem Node Name= ChangeMe Active= Yes Encapsulation= PPPoE Service Name= Outgoing: My Login= hello My Password= ******** Retype to Confirm= ******** Authen= CHAP/PAP The following table describes the labels in this menu. Table 141 Menu 11.1: Remote Node Profile FIELD Rem Node Name...
  • Page 303 Table 141 Menu 11.1: Remote Node Profile (continued) FIELD Nailed-Up Connection Select this if you want the ZyXEL Device to automatically connect to your ISP Session Options Edit Filter Sets Idle Timeout(sec) Edit Traffic Redirect Chapter 30 Filter Setup DESCRIPTION when it is turned on and to remain connected all the time.
  • Page 304 P-870HW-I1 User’s Guide Chapter 30 Filter Setup...
  • Page 305: Chapter 31 Firewall Setup

    Use this menu to activate or deactivate the firewall. See background information. To open this menu, enter 2 in menu 21. Figure 194 Menu 21.2: Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is turned off.
  • Page 306 P-870HW-I1 User’s Guide Chapter 31 Firewall Setup...
  • Page 307: Chapter 32 Snmp Configuration

    Use this menu to configure your ZyXEL Device’s settings for Simple Network Management Protocol (SNMP) management. See open this menu, enter 22 in the main menu. Figure 195 Menu 22: SNMP Configuration The following table describes the labels in this menu. Table 142 Menu 22: SNMP Configuration FIELD Get Community...
  • Page 308 P-870HW-I1 User’s Guide Chapter 32 SNMP Configuration...
  • Page 309: Chapter 33 System Security

    Use this menu to configure the administrator password and to configure wireless authentication for the ZyXEL Device. 33.1 Change Password Use this menu to change the administrator password for the ZyXEL Device. This is the same password used to access the web configurator. To open this menu, enter 1 in menu 23. Figure 196 Menu 23.1: System Security - Change Password The following table describes the labels in this menu.
  • Page 310: Ieee802.1X

    P-870HW-I1 User’s Guide Figure 197 Menu 23.2: System Security - RADIUS Server The following table describes the labels in this menu. Table 144 Menu 23.2: System Security - RADIUS Server FIELD Authentication Server Active Server Address Port # Shared Secret Accounting Server Active Server Address...
  • Page 311: Figure 198 Menu 23.4: System Security - Ieee802.1X

    Figure 198 Menu 23.4: System Security - IEEE802.1x Wireless Port Control= No Authentication Required ReAuthentication Timer (in second)= N/A Idle Timeout (in second)= N/A Key Management Protocol= N/A Dynamic WEP Key Exchange= N/A PSK = N/A WPA Mixed Mode= N/A WPA Broadcast/Multicast Key Update Timer= N/A Authentication Databases= N/A The following table describes the labels in this menu.
  • Page 312 P-870HW-I1 User’s Guide Table 145 Menu 23.4: System Security - IEEE802.1x (continued) FIELD WPA Mixed Mode WPA Broadcast/ Multicast Key Update Timer Authentication Databases DESCRIPTION This field is enabled if the Key Management Protocol is WPA-PSK or WPA2- PSK. Type a pre-shared key from 8 to 63 ASCII characters (including spaces and symbols).
  • Page 313: Chapter 34 System Maintenance 24.1 - 24.4

    System Maintenance 24.1 - 24.4 This chapter covers menus 24.1 through 24.4. Use these menus to get a variety of system information and to perform system diagnostics. 34.1 Status Use this menu to look at packet statistics, interface status, and basic device information. See Chapter 5 on page 85 Figure 199 Menu 24.1: System Maintenance - Status Port...
  • Page 314: Information

    P-870HW-I1 User’s Guide Table 146 Menu 24.1: System Maintenance - Status (continued) FIELD Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time Port Ethernet Address IP Address IP Mask DHCP System up Time Name Routing ZyNOS F/W Version Press Command 34.2 Information Use this menu to look at basic device information and LAN interface settings.
  • Page 315: Change Console Port Speed

    Figure 200 Menu 24.2.1: System Maintenance - Information The following table describes the labels in this menu. Table 147 Menu 24.2.1: System Maintenance - Information FIELD Name Routing ZyNOS F/W Version Country Code Ethernet Address IP Address IP Mask DHCP 34.3 Change Console Port Speed Note: The console port is internal and reserved for technician use only.
  • Page 316: Syslog Logging

    P-870HW-I1 User’s Guide Figure 201 Menu 24.2.2: System Maintenance - Change Console Port Speed Menu 24.2.2 - System Maintenance - Change Console Port Speed The following table describes the labels in this menu. Table 148 Menu 24.2.2: System Maintenance - Change Console Port Speed FIELD Console Port Speed 34.4 Syslog Logging...
  • Page 317: Call-Triggering Packet

    34.5 Call-Triggering Packet Use this menu to look at information about the packet that triggered a dial-out call. The packet is displayed in an easy-to-read format. To open this menu, enter 4 in menu 24.3. Figure 203 Menu 24.3.4: Call-Triggering Packet (Example) IP Frame: ENET0-RECV Size: Frame Type: IP Header:...
  • Page 318: Figure 204 Menu 24.4: System Maintenance - Diagnostic

    P-870HW-I1 User’s Guide Figure 204 Menu 24.4: System Maintenance - Diagnostic The following table describes the labels in this menu. Table 150 Menu 24.4: System Maintenance - Diagnostics FIELD Ping Host WAN DHCP Release WAN DHCP Renewal Select this if you want to get a new IP address, subnet mask, and other network PPPoE Setup Test Reboot System Enter Menu Selection...
  • Page 319: Chapter 35 System Maintenance 24.5 - 24.7

    System Maintenance 24.5 - 24.7 This chapter covers menus 24.5 through 24.7. Use these menus to backup and restore your configuration file, as well as upload new firmware and configuration files. 35.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password and TCP/IP Setup, etc.
  • Page 320: Backup Configuration

    P-870HW-I1 User’s Guide The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) will vary.
  • Page 321: Using The Ftp Command From The Dos Prompt

    Figure 205 Menu 24.5: Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "admin" and SMT password as requested.
  • Page 322: Figure 206 Ftp Session Example

    P-870HW-I1 User’s Guide Figure 206 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec.
  • Page 323: Example: Tftp Command

    3 Enter command “sys stdio 0” to disable the SMT timeout, so the TFTP transfer will not be interrupted. Enter command “sys stdio 5” to restore the five-minute SMT timeout (default) when the file transfer is complete. 4 Launch the TFTP client on your computer and connect to the ZyXEL Device. Set the transfer mode to binary before starting data transfer.
  • Page 324: Restore Configuration

    P-870HW-I1 User’s Guide 1 Display menu 24.5 and enter “y” at the following screen. Figure 207 System Maintenance: Backup Configuration Ready to backup Configuration via Xmodem. Do you want to continue (y/n): 2 The following screen indicates that the Xmodem download has started. Figure 208 System Maintenance: Starting Xmodem Download Screen You can enter ctrl-x to terminate operation any time.
  • Page 325: Restore Using Ftp

    35.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter. Figure 211 Menu 24.6: Restore Configuration To transfer the firmware and the configuration file, follow the procedure below: 1.
  • Page 326: Firmware Upload

    P-870HW-I1 User’s Guide 35.4.1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyXEL Device, you will see the following screens for uploading firmware and the configuration file using FTP.
  • Page 327: Using The Ftp Command From The Dos Prompt Example

    Figure 214 Menu 24.7.2: System Maintenance - Upload System Configuration File Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "admin" and SMT password as requested.
  • Page 328: Tftp File Upload

    P-870HW-I1 User’s Guide Figure 215 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec.
  • Page 329: Uploading Via Console Port

    TFTP [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyXEL Device’s IP address, “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the ZyXEL Device).
  • Page 330: Example Xmodem Firmware Upload Using Hyperterminal

    P-870HW-I1 User’s Guide 35.4.8 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 217 Example Xmodem Upload After the firmware upload process has completed, the ZyXEL Device will automatically restart. 35.4.9 Uploading Configuration File Via Console Port Note: The console port is internal and reserved for technician use only.
  • Page 331: Example Xmodem Configuration Upload Using Hyperterminal

    Figure 218 Menu 24.7.2 as seen using the Console Port Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload system configuration file: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atlc" after "Enter Debug Mode" message. 3.
  • Page 332 P-870HW-I1 User’s Guide Chapter 35 System Maintenance 24.5 - 24.7...
  • Page 333: Chapter 36 System Maintenance 24.8 - 24.11

    System Maintenance 24.8 - 24.11 This chapter covers menus 24.8 through 24.11. Use these menus to get a use CI commands, see how long you have accessed the Internet and how much budgeted time remains, set the current date and time, and configure remote access to the ZyXEL Device. 36.1 Command Interpreter Mode Use this menu to use CI commands.
  • Page 334: Call History

    P-870HW-I1 User’s Guide Figure 221 Menu 24.9.1: Budget Management Remote Node 1.ChangeMe The following table describes the labels in this menu. Table 154 Menu 24.9.1: Budget Management FIELD Remote Node Connection Time/ Total Budget Elapsed Time/Total Period Reset Node 36.3 Call History This menu is only applicable your Internet connection uses PPPoE encapsulation.
  • Page 335: Time And Date Setting

    Figure 222 Menu 24.9.2: Call History Phone Number The following table describes the labels in this menu. Table 155 Menu 24.9.2: Call History FIELD Phone Number Rate #call Total Enter Entry to Delete 36.4 Time and Date Setting Use this menu to change your ZyXEL Device’s time and date. See background information.
  • Page 336: Figure 223 Menu 24.10: Time And Date Setting

    P-870HW-I1 User’s Guide Figure 223 Menu 24.10: Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= Manual Time Server Address= N/A Current Time: New Time (hh:mm:ss): Current Date: New Date (yyyy-mm-dd): Time Zone= (GMT+03:00) Baghdad, Kuwait, Nairobi, Riyadh, Moscow Daylight Saving= No Start Date (mm-nth-week-hr): End Date (mm-nth-week-hr):...
  • Page 337: Remote Management Control

    Table 156 Menu 24.10: Time and Date Setting (continued) FIELD Start Date End Date 36.5 Remote Management Control Use this screen to configure through which interface(s) and from which IP address(es) users can use various protocols to manage the ZyXEL Device. See background information.
  • Page 338: Figure 224 Menu 24.11: Remote Management Control

    P-870HW-I1 User’s Guide Figure 224 Menu 24.11: Remote Management Control TELNET Server: FTP Server: SSH Server: HTTPS Server: HTTP Server: SNMP Service: DNS Service: The following table describes the labels in this menu. Table 157 Menu 24.11: Remote Management Control FIELD Port Access...
  • Page 339: Ip Routing Policy Setup

    IP Routing Policy Setup Use this menu to look at and configure policy routes. 37.1 Policy Route Traditionally, routing is based on the destination address only and the ZyXEL Device takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
  • Page 340: Ip Routing Policy Summary

    P-870HW-I1 User’s Guide IPPR follows the existing packet filtering facility of RAS in style and in implementation. 37.4 IP Routing Policy Summary Use this menu to look at policy routes. To open this menu, enter 25 in the main menu. Figure 225 Menu 25: IP Routing Policy Summary --- - --------------------------------------------------------------------- 001 N SA=1.1.1.1-1.1.1.1 DA=2.2.2.2-2.2.2.5...
  • Page 341: Ip Routing Policy Setup

    Table 159 Menu 25: IP Routing Policy Summary, Abbreviations (continued) ABBREVIATION MEANING Precedence of incoming packet Action Gateway IP address Outgoing Type of service Outgoing Precedence Service Normal Minimum Delay Maximum Throughput Maximum Reliability Minimum Cost 37.5 IP Routing Policy Setup Use this menu to configure policy routes.
  • Page 342: Ip Routing Policy Setup

    P-870HW-I1 User’s Guide Table 160 Menu 25.1: IP Routing Policy Setup (continued) FIELD Criteria IP Protocol Type of Service Precedence Packet Length Len Comp Source addr start / end port start / end Destination addr start / end port start / end Action Gateway addr Type of Service...
  • Page 343: Ip Policy Routing Example

    Figure 227 Menu 25.1.1: IP Routing Policy Setup Apply policy to packets received from: LAN= No WAN= No The following table describes the labels in this menu. Table 161 Menu 25.1.1: IP Routing Policy Setup FIELD 37.7 IP Policy Routing Example If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy.
  • Page 344: Figure 229 Ip Routing Policy Example 1

    P-870HW-I1 User’s Guide 1 Create a rule in Menu 25.1 - IP Routing Policy Setup as shown next. Figure 229 IP Routing Policy Example 1 Menu 25.1 - IP Routing Policy Setup Rule Index= 1 Criteria: IP Protocol Type of Service= Don't Care Precedence Source: Destination:...
  • Page 345: Figure 230 Ip Routing Policy Example 2

    Figure 230 IP Routing Policy Example 2 Menu 25.1 - IP Routing Policy Setup Rule Index= 2 Criteria: IP Protocol Type of Service= Don't Care Precedence Source: Destination: Action= Matched Edit policy to packets received from= No 5 Select Yes in the LAN field in menu 25.1.1 to apply the policy to packets received on the LAN port.
  • Page 346 P-870HW-I1 User’s Guide Chapter 37 IP Routing Policy Setup...
  • Page 347: Chapter 38 Schedule Setup

    Use this menu to look at and configure the schedule sets in the ZyXEL Device. 38.1 Schedule Set Overview Call scheduling (applicable for PPPoE encapsulation only) allows the ZyXEL Device to manage a remote node and dictate when a remote node should be called and for how long. This feature is similar to the scheduler that lets you specify a time period to record a television program in a VCR or TiVo.
  • Page 348: Schedule Set Setup

    P-870HW-I1 User’s Guide Figure 231 Menu 26: Schedule Setup Schedule Set # ------ ----------------- _______________ _______________ _______________ _______________ _______________ _______________ The following table describes the labels in this menu. Table 162 Menu 26: Schedule Setup FIELD 1-12 Enter Schedule Set Number to Configure Edit Name 38.3 Schedule Set Setup...
  • Page 349: Figure 232 Menu 26.1: Schedule Set Setup

    Figure 232 Menu 26.1: Schedule Set Setup Active= Yes How Often= Once Start Date(yyyy-mm-dd)= N/A Once: Date(yyyy-mm-dd)= 2000 - 01 - 01 Weekdays: Sunday= N/A Monday= N/A Tuesday= N/A Wednesday= N/A Thursday= N/A Friday= N/A Saturday= N/A Start Time(hh:mm)= 00 : 00 Duration(hh:mm)= 00 : 00 Action= Forced On The following table describes the labels in this menu.
  • Page 350 P-870HW-I1 User’s Guide Table 163 Menu 26.1: Schedule Set Setup (continued) FIELD Duration Action DESCRIPTION Enter the maximum length of time this connection is allowed in hour-minute format. Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field.
  • Page 351: Chapter 39 Troubleshooting

    This chapter covers potential problems and the corresponding remedies. 39.1 Problems Starting Up the ZyXEL Device The following table identifies some remedies if you have problems starting up the ZyXEL Device. Table 164 Troubleshooting Starting Up Your ZyXEL Device PROBLEM CORRECTIVE ACTION None of the Make sure that the ZyXEL Device’s power adaptor is connected to the ZyXEL Device...
  • Page 352: Problems With The Wan

    P-870HW-I1 User’s Guide 39.3 Problems with the WAN The following table identifies some remedies if you have problems with the Internet connection. Table 166 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL light is Check the telephone wire and connections between the ZyXEL Device DSL port off.
  • Page 353: Problems Accessing The Zyxel Device

    39.4 Problems Accessing the ZyXEL Device The following table identifies some remedies if you have problems accessing the ZyXEL Device. Table 167 Troubleshooting Accessing the ZyXEL Device PROBLEM CORRECTIVE ACTION I cannot The default password is access the If you have changed the password and have now forgotten it, you have to reset the ZyXEL Device.
  • Page 354: Figure 233 Pop-Up Blocker

    P-870HW-I1 User’s Guide Figure 233 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled.
  • Page 355: Figure 235 Internet Options

    P-870HW-I1 User’s Guide Figure 235 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Chapter 39 Troubleshooting...
  • Page 356: Javascripts

    P-870HW-I1 User’s Guide Figure 236 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 39.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
  • Page 357: Figure 237 Internet Options

    P-870HW-I1 User’s Guide Figure 237 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
  • Page 358: Java Permissions

    P-870HW-I1 User’s Guide Figure 238 Security Settings - Java Scripting 39.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
  • Page 359: Figure 239 Security Settings - Java

    Figure 239 Security Settings - Java 39.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Chapter 39 Troubleshooting P-870HW-I1 User’s Guide...
  • Page 360: Activex Controls In Internet Explorer

    P-870HW-I1 User’s Guide Figure 240 Java (Sun) 39.4.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX controls or to use Trend Micro Security Services. Make sure that ActiveX controls are allowed in Internet Explorer. Screen shots for Internet Explorer 6 are shown.
  • Page 361: Figure 241 Internet Options Security

    P-870HW-I1 User’s Guide Figure 241 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected.
  • Page 362: Figure 242 Security Setting Activex Controls

    P-870HW-I1 User’s Guide Figure 242 Security Setting ActiveX Controls Chapter 39 Troubleshooting...
  • Page 363: Appendix A Product Specifications

    The values are accurate at the time of writing. Table 168 Device Specifications Default IP Address Default Subnet Mask Default Password Dimensions (W x D x H) Power Specification Built-in Switch Antenna Operating Temperature Operating Humidity Appendix A Product Specifications Product Specifications 192.168.1.1 255.255.255.0 (24 bits)
  • Page 364 P-870HW-I1 User’s Guide Appendix A Product Specifications...
  • Page 365: Setting Up Your Computer's Ip Address

    P-870HW-I1 User’s Guide Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
  • Page 366: Figure 243 Windows 95/98/Me: Network: Configuration

    Figure 243 Windows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add.
  • Page 367: Figure 244 Windows 95/98/Me: Tcp/Ip Properties: Ip Address

    P-870HW-I1 User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
  • Page 368: Figure 245 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration

    Figure 245 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
  • Page 369: Figure 246 Windows Xp: Start Menu

    P-870HW-I1 User’s Guide Figure 246 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 247 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix B Setting up Your Computer’s IP Address...
  • Page 370: Figure 248 Windows Xp: Control Panel: Network Connections: Properties

    Figure 248 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 249 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
  • Page 371: Figure 250 Windows Xp: Internet Protocol (Tcp/Ip) Properties

    P-870HW-I1 User’s Guide • Click Advanced. Figure 250 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
  • Page 372: Figure 251 Windows Xp: Advanced Tcp/Ip Properties

    Figure 251 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
  • Page 373: Macintosh Os X

    P-870HW-I1 User’s Guide Figure 252 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
  • Page 374: Figure 253 Macintosh Os X: Apple Menu

    Figure 253 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 254 Macintosh OS X: Network 4 For statically assigned settings, do the following: •...
  • Page 375: Linux

    P-870HW-I1 User’s Guide 6 Restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. Linux This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version.
  • Page 376: Figure 256 Red Hat 9.0: Kde: Ethernet Device: General

    Figure 256 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
  • Page 377: Figure 258 Red Hat 9.0: Kde: Network Configuration: Activate

    P-870HW-I1 User’s Guide Figure 258 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
  • Page 378: Figure 260 Red Hat 9.0: Static Ip Address Setting In Ifconfig-Eth0

    Figure 260 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.10 NETMASK=255.255.255.0 USERCTL=no PEERDNS=yes TYPE=Ethernet 2 If you know your DNS server IP address(es), enter the DNS server information in the file in the resolv.conf two DNS server IP addresses are specified. Figure 261 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2...
  • Page 379: Netbios Filter Commands

    The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. You can configure NetBIOS filters to do the following: •...
  • Page 380: Netbios Filter Configuration

    P-870HW-I1 User’s Guide The filter types and their default settings are as follows. Table 169 NetBIOS Filter Default Settings NAME DESCRIPTION Between LAN This field displays whether NetBIOS packets are blocked or forwarded and WAN between the LAN and the WAN. IPSec Packets This field displays whether NetBIOS packets sent through a VPN connection are blocked or forwarded.
  • Page 381: Appendix Dnat

    NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network. NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device.
  • Page 382: What Nat Does

    P-870HW-I1 User’s Guide What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
  • Page 383: Nat Application

    NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 265 NAT Application With IP Alias NAT Mapping Types NAT supports five types of IP/port mapping.
  • Page 384: Nat Types

    P-870HW-I1 User’s Guide Note: Port numbers do not change for One-to-One and Many One-to-One NAT mapping types. The following table summarizes these types. Table 171 NAT Mapping Types TYPE One-to-One Many-to-One (SUA/PAT) Many-to-Many Overload Many One-to-One Server NAT Types This section discusses the following NAT types that may be implemented on a router in front of the ZyXEL Device.
  • Page 385: Full Cone Nat

    The following table summarizes how these NAT types handle outgoing and incoming packets. Read the following sections for more details and examples. Table 172 NAT Types FULL CONE Incoming Any external host Packets can send packets to the mapped external IP address and port.
  • Page 386: Figure 266 Full Cone Nat Example

    P-870HW-I1 User’s Guide Figure 266 Full Cone NAT Example Restricted Cone NAT As in full cone NAT, a restricted cone NAT router maps all outgoing packets from an internal IP address and port to a single IP address and port on the external network. In the following example, the NAT router maps the source address of all packets sent from internal IP address 1 and port A to IP address 2 and port B on the external network.
  • Page 387: Figure 267 Restricted Cone Nat Example

    Figure 267 Restricted Cone NAT Example Port Restricted Cone NAT As in full cone NAT, a port restricted cone NAT router maps all outgoing packets from an internal IP address and port to a single IP address and port on the external network. In the following example, the NAT router maps the source address of all packets sent from internal IP address 1 and port A to IP address 2 and port B on the external network.
  • Page 388: Figure 268 Port Restricted Cone Nat Example

    P-870HW-I1 User’s Guide Figure 268 Port Restricted Cone NAT Example Symmetric NAT The full, restricted and port restricted cone NAT types use the same mapping for an outgoing packet’s source address regardless of the destination IP address and port. In symmetric NAT, the mapping of an outgoing packet’s source address to a source address in another network is different for each different destination IP address and port.
  • Page 389: Sua (Single User Account) Versus Nat

    Figure 269 Symmetric NAT SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types.
  • Page 390 P-870HW-I1 User’s Guide Appendix D NAT...
  • Page 391: Appendix E Firewall Commands

    The following describes the firewall commands. Table 173 Firewall Commands FUNCTION COMMAND Firewall SetUp config edit firewall active <yes | no> config retrieve firewall config save firewall Display config display firewall config display firewall set <set #> config display firewall set <set #>...
  • Page 392 P-870HW-I1 User’s Guide Table 173 Firewall Commands (continued) FUNCTION COMMAND config edit firewall e-mail return-addr <e-mail address> config edit firewall e-mail email-to <e-mail address> config edit firewall e-mail policy <full | hourly | daily | weekly> config edit firewall e-mail day <sunday | monday | tuesday | wednesday | thursday | friday | saturday>...
  • Page 393 Table 173 Firewall Commands (continued) FUNCTION COMMAND config edit firewall attack minute-low <0-255> config edit firewall attack max-incomplete-high <0-255> config edit firewall attack max-incomplete-low <0-255> config edit firewall attack tcp-max-incomplete <0-255> Sets config edit firewall set <set #> name <desired name> Config edit firewall set <set #>...
  • Page 394 P-870HW-I1 User’s Guide Table 173 Firewall Commands (continued) FUNCTION COMMAND Config edit firewall set <set #> log <yes | no> Rules Config edit firewall set <set #> rule <rule #> permit <forward | block> Config edit firewall set <set #> rule <rule #> active <yes | no>...
  • Page 395 Table 173 Firewall Commands (continued) FUNCTION COMMAND config edit firewall set <set #> rule <rule #> destaddr- subnet <ip address> <subnet mask> config edit firewall set <set #> rule <rule #> destaddr- range <start ip address> <end ip address> config edit firewall set <set #>...
  • Page 396 P-870HW-I1 User’s Guide Appendix E Firewall Commands...
  • Page 397: Appendix F Log Descriptions

    This appendix provides descriptions of example log messages. Table 174 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s Successful WEB login WEB login failed Successful TELNET login TELNET login failed Successful FTP login FTP login failed...
  • Page 398: Table 175 System Error Logs

    P-870HW-I1 User’s Guide Table 174 System Maintenance Logs (continued) LOG MESSAGE Successful HTTPS login HTTPS login failed Table 175 System Error Logs LOG MESSAGE %s exceeds the max. number of session per host! setNetBIOSFilter: calloc error readNetBIOSFilter: calloc error WAN connection is down. Table 176 Access Control Logs LOG MESSAGE Firewall default policy: [TCP |...
  • Page 399: Table 177 Tcp Reset Logs

    Table 177 TCP Reset Logs LOG MESSAGE Under SYN flood attack, sent TCP RST Exceed TCP MAX incomplete, sent TCP RST Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP Table 178 Packet Filter Logs...
  • Page 400: Table 179 Icmp Logs

    P-870HW-I1 User’s Guide Table 179 ICMP Logs LOG MESSAGE Firewall default policy: ICMP <Packet Direction>, <type:%d>, <code:%d> Firewall rule [NOT] match: ICMP <Packet Direction>, <rule:%d>, <type:%d>, <code:%d> Triangle route packet forwarded: ICMP Packet without a NAT table entry blocked: ICMP Unsupported/out-of-order ICMP: ICMP Router reply ICMP packet: ICMP...
  • Page 401: Table 182 Upnp Logs

    Table 181 PPP Logs (continued) LOG MESSAGE ppp:LCP Closing ppp:IPCP Closing Table 182 UPnP Logs LOG MESSAGE UPnP pass through Firewall Table 183 Content Filtering Logs LOG MESSAGE %s: Keyword blocking %s: Not in trusted web list %s: Forbidden Web site The web site is in the forbidden web site list. %s: Contains ActiveX %s: Contains Java applet...
  • Page 402: Table 184 Attack Logs

    P-870HW-I1 User’s Guide Table 183 Content Filtering Logs (continued) LOG MESSAGE Connecting to content filter server fail License key is invalid The external content filtering license key is invalid. Table 184 Attack Logs LOG MESSAGE attack [TCP | UDP | IGMP | ESP | GRE | OSPF] attack ICMP (type:%d, code:%d)
  • Page 403: Table 185 Ipsec Logs

    Table 185 IPSec Logs LOG MESSAGE Discard REPLAY packet Inbound packet authentication failed Receive IPSec packet, but no corresponding tunnel exists Rule <%d> idle time out, disconnect WAN IP changed to <IP> Table 186 IKE Logs LOG MESSAGE Active connection allowed exceeded Start Phase 2: Quick Mode Verifying Remote ID failed:...
  • Page 404 P-870HW-I1 User’s Guide Table 186 IKE Logs (continued) LOG MESSAGE Cannot resolve Secure Gateway Addr for rule <%d> Peer ID: <peer id> <My remote type> -<My local type> vs. My Remote <My remote> - <My remote> vs. My Local <My local>-<My local>...
  • Page 405 Table 186 IKE Logs (continued) LOG MESSAGE XAUTH fail! Username: <Username> Rule[%d] Phase 1 negotiation mode mismatch Rule [%d] Phase 1 encryption algorithm mismatch Rule [%d] Phase 1 authentication algorithm mismatch Rule [%d] Phase 1 authentication method mismatch Rule [%d] Phase 1 key group mismatch Rule [%d] Phase 2 protocol mismatch...
  • Page 406: Table 187 Pki Logs

    P-870HW-I1 User’s Guide Table 186 IKE Logs (continued) LOG MESSAGE Rule [%d] phase 2 mismatch Rule [%d] Phase 2 key length mismatch Table 187 PKI Logs LOG MESSAGE Enrollment successful Enrollment failed Failed to resolve <SCEP CA server url> Enrollment successful Enrollment failed Failed to resolve <CMP CA server url>...
  • Page 407: Table 188 Certificate Path Verification Failure Reason Codes

    Table 187 PKI Logs (continued) LOG MESSAGE Rcvd data <size> too large! Max size allowed: <max size> Cert trusted: <subject name> Due to <reason codes>, cert not trusted: <subject name> Table 188 Certificate Path Verification Failure Reason Codes CODE DESCRIPTION Algorithm mismatch between the certificate and the search constraints.
  • Page 408: Table 189 802.1X Logs

    P-870HW-I1 User’s Guide Table 188 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Database method failed. Path was not verified. Maximum path length reached. Table 189 802.1X Logs LOG MESSAGE Local User Database accepts user. Local User Database reports user credential error.
  • Page 409: Table 190 Acl Setting Notes

    Table 190 ACL Setting Notes PACKET DIRECTION (L to W) (W to L) (L to L/ZW) (W to W/ZW) Table 191 ICMP Notes TYPE CODE Appendix F Log Descriptions DIRECTION DESCRIPTION LAN to WAN ACL set for packets traveling from the LAN to the WAN. WAN to LAN ACL set for packets traveling from the WAN to the LAN.
  • Page 410: Table 192 Syslog Logs

    P-870HW-I1 User’s Guide Table 191 ICMP Notes (continued) TYPE CODE Table 192 Syslog Logs LOG MESSAGE <Facility*8 + Severity>Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" devID="<mac address last three numbers>" cat="<category> The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type.
  • Page 411: Log Commands

    ZyXEL Device is to record. 2 Use sys logs category to view a list of the log categories. Figure 270 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras>? Valid commands are: certificates ras>...
  • Page 412: Log Command Example

    P-870HW-I1 User’s Guide • Use the sys logs display [log category] command to show the logs in an individual ZyXEL Device log category. • Use the sys logs clear command to erase all of the ZyXEL Device’s logs. Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results.
  • Page 413: Appendix G Boot Commands

    The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware is started. When you start up your ZyXEL Device, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen.
  • Page 414: Figure 273 Boot Module Commands

    P-870HW-I1 User’s Guide Figure 273 Boot Module Commands just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA(y,m,d) change system date to year/month/day or show...
  • Page 415: Appendix H Internal Sptgen

    This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices.
  • Page 416: Internal Sptgen File Modification - Important Points To Remember

    P-870HW-I1 User’s Guide Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space. Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 274 on page If you enter a parameter that is invalid in the Input column, the ZyXEL Device will not save...
  • Page 417: Internal Sptgen Ftp Upload Example

    Figure 277 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “...
  • Page 418: Example Internal Sptgen Menus

    P-870HW-I1 User’s Guide Example Internal SPTGEN Menus This section provides example Internal SPTGEN menus. Table 194 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number Field Name Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device.
  • Page 419 Table 196 Menu 3 30100012 = Output protocol filters Set 4 30100013 = Output device filters Set 1 30100014 = Output device filters Set 2 30100015 = Output device filters Set 3 30100016 = Output device filters Set 4 / Menu 3.2 TCP/IP and DHCP Ethernet Setup 30200001 = DHCP 30200002 =...
  • Page 420 P-870HW-I1 User’s Guide Table 196 Menu 3 30201005 = Version 30201006 = IP Alias #1 Incoming protocol filters Set 1 30201007 = IP Alias #1 Incoming protocol filters Set 2 30201008 = IP Alias #1 Incoming protocol filters Set 3 30201009 = IP Alias #1 Incoming protocol filters Set 4...
  • Page 421 Table 196 Menu 3 30500001 = ESSID 30500002 = Hide ESSID 30500003 = Channel ID 30500004 = RTS Threshold 30500005 = FRAG. Threshold 30500006 = 30500007 = Default Key 30500008 = WEP Key1 30500009 = WEP Key2 30500010 = WEP Key3 30500011 = WEP Key4 30500012 =...
  • Page 422: Table 197 Menu 4 Internet Access Setup

    P-870HW-I1 User’s Guide Table 197 Menu 4 Internet Access Setup / Menu 4 Internet Access Setup 40000000 = Configured 40000001 = 40000002 = Active 40000003 = ISP's Name 40000004 = Encapsulation 40000005 = Multiplexing 40000006 = VPI # 40000007 = VCI # 40000008 = Service Name...
  • Page 423: Table 198 Menu 12

    Table 197 Menu 4 Internet Access Setup (continued) 40000027 = ATM QoS Type 40000028 = Peak Cell Rate (PCR) 40000029 = Sustain Cell Rate (SCR) 40000030 = Maximum Burst Size(MBS) 40000031= RIP Direction 40000032= RIP Version 40000033= Nailed-up Connection Table 198 Menu 12 / Menu 12.1.1 IP Static Route Setup 120101001 = IP Static Route set #1, Name...
  • Page 424: Table 199 Menu 15 Sua Server Setup

    P-870HW-I1 User’s Guide Table 199 Menu 15 SUA Server Setup / Menu 15 SUA Server Setup 150000001 = SUA Server IP address for default port 150000002 = SUA Server #2 Active 150000003 = SUA Server #2 Protocol 150000004 = SUA Server #2 Port Start 150000005 = SUA Server #2 Port End 150000006 =...
  • Page 425: Table 200 Menu 21.1 Filter Set #1

    Table 199 Menu 15 SUA Server Setup (continued) 150000031 = SUA Server #7 Local IP address 150000032 = SUA Server #8 Active 150000033 = SUA Server #8 Protocol 150000034 = SUA Server #8 Port Start 150000035 = SUA Server #8 Port End 150000036 = SUA Server #8 Local IP address 150000037 =...
  • Page 426 P-870HW-I1 User’s Guide Table 200 Menu 21.1 Filter Set #1 (continued) 210101002 = IP Filter Set 1,Rule 1 Active 210101003 = IP Filter Set 1,Rule 1 Protocol 210101004 = IP Filter Set 1,Rule 1 Dest IP address 210101005 = IP Filter Set 1,Rule 1 Dest Subnet Mask 210101006 = IP Filter Set 1,Rule 1 Dest Port 210101007 =...
  • Page 427: Table 201 Menu 21.1 Filer Set #2

    Table 200 Menu 21.1 Filter Set #1 (continued) 210102013 = IP Filter Set 1,Rule 2 Act Match 210102014 = IP Filter Set 1,Rule 2 Act Not Match Table 201 Menu 21.1 Filer Set #2 / Menu 21.1 filter set #2, 210200001 = Filter Set 2, Nam / Menu 21.1.2.1 Filter set #2, rule #1...
  • Page 428: Table 202 Menu 23 System Menus

    P-870HW-I1 User’s Guide Table 201 Menu 21.1 Filer Set #2 (continued) 210202001 = IP Filter Set 2, Rule 2 Type 210202002 = IP Filter Set 2, Rule 2 Active 210202003 = IP Filter Set 2, Rule 2 Protocol 210202004 = IP Filter Set 2, Rule 2 Dest IP address 210202005 =...
  • Page 429: Table 203 Menu 24.11 Remote Management Control

    Table 202 Menu 23 System Menus (continued) 230200005 = Authentication Server Shared Secret 230200006 = Accounting Server Configured 230200007 = Accounting Server Active 230200008 = Accounting Server IP Address 230200009 = Accounting Server Port 230200010 = Accounting Server Shared Secret */ Menu 23.4 System security: IEEE802.1x 230400001 = Wireless Port Control...
  • Page 430 P-870HW-I1 User’s Guide Table 203 Menu 24.11 Remote Management Control (continued) 241100002 = TELNET Server Access 241100003 = TELNET Server Secured IP address 241100004 = FTP Server Port 241100005 = FTP Server Access 241100006 = FTP Server Secured IP address 241100007 = WEB Server Port 241100008 =...
  • Page 431: Table 204 Examples Of Services

    The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP.
  • Page 432 P-870HW-I1 User’s Guide Table 204 Examples of Services (continued) NAME HTTPS ICMP IGMP (MULTICAST) IMAP4 IMAP4S MSN Messenger NetBIOS NEW-ICQ NEWS NNTP PING POP3 POP3S PPTP PPTP_TUNNEL (GRE) RCMD PROTOCOL PORT(S) DESCRIPTION HTTPS is a secured http session often used in e-commerce.
  • Page 433 Table 204 Examples of Services (continued) NAME REAL_AUDIO REXEC RLOGIN ROADRUNNER RTELNET RTSP SFTP SMTP SMTPS SNMP SNMP-TRAPS SQL-NET SSDP STRM WORKS SYSLOG TACACS TELNET TFTP VDOLIVE Appendix I Services PROTOCOL PORT(S) DESCRIPTION 7070 A streaming audio service that enables real time sound over the web.
  • Page 434 P-870HW-I1 User’s Guide Appendix I Services...
  • Page 435: Index

    access point. See AP. backup bandwidth management 41, 197 bandwidth manager class configuration bandwidth manager monitor blocking time 151, 164 call control 333, 334 call scheduling precedence precedence example certifications notices viewing change password at login 48, 49 channel 93, 97 CI commands Command Interpreter (CI) computer’s IP address...
  • Page 436 P-870HW-I1 User’s Guide guidelines for enhancing security introduction policies rule checklist rule logic rule security ramifications services firewall setup firmware upgrade upload upload error 242, 244 205, 389 FTP file transfer FTP restrictions full cone NAT general setup 229, 253 half-open sessions hidden menus hide SSID...
  • Page 437 mapping types outside port forwarding server sets symmetric what NAT does NAT mapping many one-to-one many-to-many overload many-to-one server NAT setup NAT traversal NAT types Network Address Translation. See NAT. one-minute high OTIST notes password 232, 247, 254 Point-to-Point Protocol over Ethernet. See PPPoE. policy-based routing port forwarding port numbers...
  • Page 438 P-870HW-I1 User’s Guide SNMPv1 SNMPv2 source-based routing splitters SPTGEN FTP upload example points to remember text file SSID 93, 94 hide SSID security weaknesses stateful inspection 40, 147 static routing setup SUA server set subnet mask 127, 159 supporting disk symmetric NAT outgoing syntax conventions...

Table of Contents