ZyXEL Communications 802.11g HomePlug AV ADSL2+ Gateway P-660HWP-Dx User Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. 802.11g HomePlug AV ADSL2+ Gateway...
  6. User manual
ZyXEL Communications 802.11g HomePlug AV ADSL2+ Gateway P-660HWP-Dx User Manual

ZyXEL Communications 802.11g HomePlug AV ADSL2+ Gateway P-660HWP-Dx User Manual

802.11g homeplug av adsl2+ gateway
Hide thumbs
1
2
3
4
5
6
7
8
Table Of Contents
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
Table of Contents

Advertisement

Quick Links

Download this manual
P-660HWP-Dx
802.11g HomePlug AV ADSL2+ Gateway
User's Guide
Version 3.40
7/2007
Edition 1
www.zyxel.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 802.11g HomePlug AV ADSL2+ Gateway P-660HWP-Dx and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ZyXEL Communications 802.11g HomePlug AV ADSL2+ Gateway P-660HWP-Dx

Summary of Contents for ZyXEL Communications 802.11g HomePlug AV ADSL2+ Gateway P-660HWP-Dx

  • Page 1 P-660HWP-Dx 802.11g HomePlug AV ADSL2+ Gateway User’s Guide Version 3.40 7/2007 Edition 1 www.zyxel.com...

  • Page 3: About This User's Guide

    Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.

  • Page 4: Warnings And Notes

    Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
  • Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The P-660HWP-Dx icon is not an exact representation of your device. P-660HWP-Dx Server Telephone P-660HWP-Dx User’s Guide Computer Notebook computer DSLAM Firewall Switch Router Document Conventions...

  • Page 6: Safety Warnings

    Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
  • Page 7 Safety Warnings P-660HWP-Dx User’s Guide...
  • Page 8 Safety Warnings P-660HWP-Dx User’s Guide...

  • Page 9: Table Of Contents

    Introduction ... 33 Introducing the P-660HWP-Dx ... 35 Introducing the Web Configurator ... 43 Wizards ... 57 Wizard Setup for Internet/Wireless Access ... 59 Bandwidth Management Wizard ... 73 Network ... 79 WAN Setup ... 81 LAN Setup ... 99 Wireless LAN ...111 Powerline ...
  • Page 10 Contents Overview P-660HWP-Dx User’s Guide...

  • Page 11: Table Of Contents

    About This User's Guide ... 3 Document Conventions... 4 Safety Warnings... 6 Contents Overview ... 9 Table of Contents... 11 List of Figures ... 21 List of Tables... 27 Part I: Introduction... 33 Chapter 1 Introducing the P-660HWP-Dx ... 35 1.1 Overview ...
  • Page 12 Table of Contents 2.4.4 Status: WLAN Status ... 52 2.4.5 Status: Bandwidth Status ... 52 2.4.6 Status: Powerline Statistics ... 53 2.4.7 Status: Packet Statistics ... 53 2.4.8 Changing Login Password ... 55 Part II: Wizards ... 57 Chapter 3 Wizard Setup for Internet/Wireless Access...
  • Page 13 5.5 Internet Connection ... 86 5.5.1 Configuring Advanced Internet Connection Setup ... 88 5.6 Configuring More Connections ... 90 5.6.1 More Connections Edit ... 91 5.6.2 Configuring More Connections Advanced Setup ... 94 5.7 Traffic Redirect ... 95 5.8 Configuring WAN Backup ... 95 Chapter 6 LAN Setup...
  • Page 14 Table of Contents 7.4.5 Wireless LAN Advanced Setup ... 122 7.5 OTIST ... 123 7.5.1 Enabling OTIST ... 123 7.5.2 Starting OTIST ... 125 7.5.3 Notes on OTIST ... 126 7.6 MAC Filter ... 127 7.7 WMM QoS ... 128 7.7.1 WMM QoS Example ...
  • Page 15 Part IV: Security ... 155 Chapter 10 Firewalls... 157 10.1 Firewall Overview ... 157 10.2 Types of Firewalls ... 157 10.2.1 Packet Filtering Firewalls ... 157 10.2.2 Application-level Firewalls ... 158 10.2.3 Stateful Inspection Firewalls ... 158 10.3 Introduction to ZyXEL’s Firewall ... 158 10.3.1 Denial of Service Attacks ...
  • Page 16 Table of Contents 11.8 Predefined Services ... 183 11.9 Anti-Probing ... 185 11.10 DoS Thresholds ... 186 11.10.1 Threshold Values ... 186 11.10.2 Half-Open Sessions ... 187 11.10.3 Configuring Firewall Thresholds ... 187 Chapter 12 Content Filtering ... 191 12.1 Content Filtering Overview ... 191 12.2 Configuring Keyword Blocking ...
  • Page 17 14.2 Configuring Static Route ... 219 14.2.1 Static Route Edit ... 220 Chapter 15 Bandwidth Management... 223 15.1 Bandwidth Management Overview ... 223 15.2 Application-based Bandwidth Management ... 223 15.3 Subnet-based Bandwidth Management ... 223 15.4 Application and Subnet-based Bandwidth Management ... 224 15.5 Scheduler ...
  • Page 18 Table of Contents 17.6.3 Configuring SNMP ... 245 17.7 Configuring DNS ... 246 17.8 Configuring ICMP ... 247 17.9 TR-069 ... 248 Chapter 18 Universal Plug-and-Play (UPnP)... 251 18.1 Introducing Universal Plug and Play ... 251 18.1.1 How do I know if I'm using UPnP? ... 251 18.1.2 NAT Traversal ...
  • Page 19 21.2 Configuration Screen ... 291 21.2.1 Backup Configuration ... 291 21.2.2 Restore Configuration ... 292 21.2.3 Back to Factory Defaults ... 293 21.3 Restart ... 293 Chapter 22 Diagnostic... 295 22.1 General Diagnostic ... 295 22.2 DSL Line Diagnostic ... 296 Chapter 23 Troubleshooting...
  • Page 20 Table of Contents P-660HWP-Dx User’s Guide...

  • Page 21: List Of Figures

    List of Figures List of Figures Figure 1 Protected Internet Access Applications ... 36 Figure 2 LAN-to-LAN Application Example ... 36 Figure 3 Front Panel ... 38 Figure 4 Connecting a POTS Splitter ... 39 Figure 5 Connecting a Microfilter ... 40 Figure 6 Connecting a Microfilter and Y-Connector ...
  • Page 22 List of Figures Figure 39 Select a Mode ... 74 Figure 40 Wizard: Welcome ... 75 Figure 41 Bandwidth Management Wizard: General Information ... 75 Figure 42 Bandwidth Management Wizard: Configuration ... 76 Figure 43 Bandwidth Management Wizard: Complete ... 77 Figure 44 Example of Traffic Shaping ...
  • Page 23 List of Figures Figure 82 Network > Powerline > Remote Setting ... 139 Figure 83 Network > Powerline > Status ... 140 Figure 84 How NAT Works ... 144 Figure 85 NAT Application With IP Alias ... 145 Figure 86 NAT General ... 147 Figure 87 Multiple Servers Behind NAT Example ...
  • Page 24 List of Figures Figure 125 Security > Certificates > Directory Server > Add ... 216 Figure 126 Example of Static Routing Topology ... 219 Figure 127 Static Route ... 220 Figure 128 Static Route Edit ... 221 Figure 129 Subnet-based Bandwidth Management Example ... 224 Figure 130 Bandwidth Management: Summary ...
  • Page 25 List of Figures Figure 168 Error Message ... 291 Figure 169 Maintenance > Tools > Configuration ... 291 Figure 170 Configuration Restore Successful ... 292 Figure 171 Temporarily Disconnected ... 293 Figure 172 Configuration Restore Error ... 293 Figure 173 Restart Screen ... 293 Figure 174 Diagnostic: General ...
  • Page 26 List of Figures Figure 211 Red Hat 9.0: Checking TCP/IP Properties ... 356 Figure 212 Displaying Log Categories Example ... 366 Figure 213 Displaying Log Parameters Example ... 366 Figure 214 Pop-up Blocker ... 375 Figure 215 Internet Options: Privacy ... 376 Figure 216 Internet Options: Privacy ...

  • Page 27: List Of Tables

    List of Tables List of Tables Table 1 ADSL Standards ... 36 Table 2 Front Panel LEDs ... 38 Table 3 Web Configurator Screens Summary ... 47 Table 4 Status Screen ... 50 Table 5 Status: Any IP Table ... 52 Table 6 Status: WLAN Status ...
  • Page 28 List of Tables Table 39 MAC Address Filter ... 127 Table 40 WMM QoS Priorities ... 128 Table 41 Commonly Used Services ... 129 Table 42 Wireless Lan: QoS ... 131 Table 43 Application Priority Configuration ... 132 Table 44 Network > Powerline > Local Setting ... 138 Table 45 Network >...
  • Page 29 List of Tables Table 82 Security > Certificates > Directory Server > Add ... 216 Table 83 Static Route ... 220 Table 84 Static Route Edit ... 221 Table 85 Application and Subnet-based Bandwidth Management Example ... 224 Table 86 Maximize Bandwidth Usage Example ... 226 Table 87 Priority-based Allotment of Unused and Unbudgeted Bandwidth Example ...
  • Page 30 List of Tables Table 125 Certificate Path Verification Failure Reason Codes ... 285 Table 126 ACL Setting Notes ... 285 Table 127 ICMP Notes ... 286 Table 128 Syslog Logs ... 287 Table 129 RFC-2408 ISAKMP Payload Types ... 287 Table 130 Firmware Upgrade ...
  • Page 31 List of Tables Table 168 Firewall Commands ... 369 Table 169 NetBIOS Filter Default Settings ... 382 P-660HWP-Dx User’s Guide...
  • Page 32 List of Tables P-660HWP-Dx User’s Guide...

  • Page 33: Part I Introduction

    Introduction Introducing the P-660HWP-Dx (35) Introducing the Web Configurator (43)

  • Page 35: Introducing The P-660Hwp-Dx

    H A P T E R Introducing the P-660HWP-Dx This chapter introduces the main applications and features of the P-660HWP-Dx. It also introduces the ways you can manage the P-660HWP-Dx. 1.1 Overview The P-660HWP-Dx is an IEEE 802.11b/g wireless ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS), digital (ISDN) telephone lines (depending on your model) or by wireless.

  • Page 36: Figure 1 Protected Internet Access Applications

    Chapter 1 Introducing the P-660HWP-Dx Figure 1 Protected Internet Access Applications You can also use the P-660HWP-Dx to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application example is shown as follows. Figure 2 LAN-to-LAN Application Example The P-660HWP-Dx is compatible with the ADSL/ADSL2/ADSL2+ standards.

  • Page 37: Ways To Manage The P-660Hwp-Dx

    The standard your ISP supports determines the maximum upstream and downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, line quality, etc. 1.2 Ways to Manage the P-660HWP-Dx Use any of the following methods to manage the P-660HWP-Dx. •...

  • Page 38: Hardware Connections

    Chapter 1 Introducing the P-660HWP-Dx Figure 3 Front Panel The following table describes the LEDs. Table 2 Front Panel LEDs COLOR STATUS DESCRIPTION POWER Green ETHERNET Green WLAN Green Green INTERNET Green POWERLINE Green 1.5 Hardware Connections Refer to the Quick Start Guide for information on hardware connections. The P-660HWP-Dx is receiving power and functioning properly.

  • Page 39: Connecting A Pots Splitter

    1.5.1 Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals. This allows simultaneous Internet access and telephone service on the same line. A splitter also eliminates the destructive interference conditions caused by telephone sets.

  • Page 40: P-660Hwp-Dx With Isdn

    Chapter 1 Introducing the P-660HWP-Dx Figure 5 Connecting a Microfilter You can also use a Y-Connector with a microfilter in order to connect both your modem and a telephone to the same wall jack without using a POTS splitter. 1 Connect a phone cable from the wall jack to the single jack end of the Y-Connector. 2 Connect a cable from the double jack end of the Y-Connector to the “wall side”...

  • Page 41: Figure 7 P-660Hwp-Dx With Isdn

    Chapter 1 Introducing the P-660HWP-Dx Figure 7 P-660HWP-Dx with ISDN P-660HWP-Dx User’s Guide...
  • Page 42 Chapter 1 Introducing the P-660HWP-Dx P-660HWP-Dx User’s Guide...

  • Page 43: Introducing The Web Configurator

    H A P T E R This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy P-660HWP- Dx setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.

  • Page 44: User Access

    Chapter 2 Introducing the Web Configurator 5 A window displays as shown. Figure 8 Password Screen 2.2.1 User Access 1 For user access enter the default user password user to view the status only. The following window will appear. Figure 9 User status screen 2.2.2 Administrator Access 1 For administrator access enter the default admin password 1234 to configure the wizards and the advanced features.

  • Page 45: Figure 10 Change Password At Login

    Chapter 2 Introducing the Web Configurator If you do not change the password at least once, the following screen appears every time you log in with the admin password. Figure 10 Change Password at Login 4 Select Go to Wizard setup and click Apply to display the wizard main screen. Otherwise, select Go to Advanced setup and click Apply to display the Status screen.

  • Page 46: Resetting The P-660Hwp-Dx

    Chapter 2 Introducing the Web Configurator 2.3 Resetting the P-660HWP-Dx If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the P-660HWP-Dx to reload the factory-default configuration file.

  • Page 47: Table 3 Web Configurator Screens Summary

    Click the icon (located in the top right corner of most screens) to view embedded help. Table 3 Web Configurator Screens Summary LINK/ICON SUB-LINK Wizard INTERNET/ WIRELESS SETUP BANDWIDTH MANAGEMENT SETUP Logout Status Network Internet Connection More Connections Use this screen to view and configure other connections for WAN Backup Setup DHCP Setup...
  • Page 48 Chapter 2 Introducing the Web Configurator Table 3 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK General Port Forwarding Security Firewall General Rules Anti Probing Threshold Content Filter Keyword Schedule Trusted Certificates My Certificates Trusted CA’s Trusted Remote Hosts Directory Servers Advanced Static Route Static Route...

  • Page 49: Status Screen

    Table 3 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK Maintenance System General Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart Diagnostic General DSL Line 2.4.2 Status Screen The following summarizes how to navigate the web configurator from the Status screen. Some fields or links are not available if you entered the user password in the login password screen (see Figure 8 on page...

  • Page 50: Table 4 Status Screen

    Chapter 2 Introducing the Web Configurator The following table describes the labels shown in the Status screen. Table 4 Status Screen LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics.

  • Page 51: Status: Any Ip Table

    Table 4 Status Screen (continued) LABEL DESCRIPTION CPU Usage This number shows how many kilobytes of the heap memory the P-660HWP-Dx is using. Heap memory refers to the memory that is not used by ZyNOS (ZyXEL Network Operating System) and is thus available for running processes like NAT, VPN and the firewall.

  • Page 52: Status: Wlan Status

    Chapter 2 Introducing the Web Configurator The following table describes the labels in this screen. Table 5 Status: Any IP Table LABEL DESCRIPTION This is the index number of the host computer. IP Address This field displays the IP address of the network device. MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed IP address.

  • Page 53: Status: Powerline Statistics

    Figure 16 Status: Bandwidth Status 2.4.6 Status: Powerline Statistics Click the Powerline Statistics hyperlink in the Status screen. The following screen will appear. Figure 17 Status: Powerline Figure 46 on page 140 2.4.7 Status: Packet Statistics Click the Packet Statistics hyperlink in the Status screen. Read-only information here includes port status and packet specific statistics.

  • Page 54: Figure 18 Status: Packet Statistics

    Chapter 2 Introducing the Web Configurator Figure 18 Status: Packet Statistics The following table describes the fields in this screen. Table 7 Status: Packet Statistics LABEL System Monitor System up Time Current Date/Time CPU Usage Memory Usage WAN Port Statistics Link Status WAN IP Address Upstream Speed...

  • Page 55: Changing Login Password

    Table 7 Status: Packet Statistics (continued) LABEL DESCRIPTION Collisions This is the number of collisions on this port. Poll Interval(s) Type the time interval for the browser to refresh system statistics. Set Interval Click this button to apply the new poll interval you entered in the Poll Interval field above.
  • Page 56 Chapter 2 Introducing the Web Configurator P-660HWP-Dx User’s Guide...

  • Page 57: Wizards

    Wizards Wizard Setup for Internet/Wireless Access (59) Bandwidth Management Wizard (73)

  • Page 59: Wizard Setup For Internet/Wireless Access

    H A P T E R Wizard Setup for Internet/ This chapter provides information on the Wizard Setup screens for Internet/Wireless access in the web configurator. 3.1 Introduction Use the wizard setup screens to configure your system for Internet/Wireless access with the information given to you by your ISP.

  • Page 60: Figure 20 Select A Mode

    Chapter 3 Wizard Setup for Internet/Wireless Access Figure 20 Select a Mode 2 Click INTERNET/WIRELESS SETUP to configure the system for Internet access. Figure 21 Wizard: Welcome 3 The wizard attempts to detect which WAN connection type you are using. If the wizard detects your connection type and your ISP uses PPPoE or PPPoA, go to Section 3.2.1 on page If the wizard does not detect a connection type and the following screen appears (see...

  • Page 61: Automatic Detection

    Figure 22 Auto Detection: No DSL Connection If the wizard still cannot detect a connection type and the following screen appears (see Figure 23 on page configure the P-660HWP-Dx for Internet access manually. Figure 23 Auto Detection: Failed 3.2.1 Automatic Detection 1 If you have a PPPoE or PPPoA connection, a screen displays prompting you to enter your Internet account information.

  • Page 62: Manual Configuration

    Chapter 3 Wizard Setup for Internet/Wireless Access Figure 24 Auto-Detection: PPPoE 3.2.2 Manual Configuration 1 If the P-660HWP-Dx fails to detect your DSL connection type, enter the Internet access information given to you by your ISP exactly in the wizard screen. If not given, leave the fields set to the default.

  • Page 63: Figure 26 Internet Connection With Pppoe

    The following table describes the fields in this screen. Table 8 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.

  • Page 64: Figure 27 Internet Connection With Rfc 1483

    Chapter 3 Wizard Setup for Internet/Wireless Access The following table describes the fields in this screen. Table 9 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.

  • Page 65: Figure 28 Internet Connection With Enet Encap

    Figure 28 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Table 11 Internet Connection with ENET ENCAP LABEL DESCRIPTION Obtain an IP A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not Address fixed;...

  • Page 66: Figure 29 Internet Connection With Pppoa

    Chapter 3 Wizard Setup for Internet/Wireless Access Figure 29 Internet Connection with PPPoA The following table describes the fields in this screen. Table 12 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above.

  • Page 67: Wireless Connection Wizard Setup

    Figure 31 Connection Test Failed-2. 3.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. This section is available on the wireless devices only. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6.

  • Page 68: Figure 33 Wireless Lan Setup Wizard 1

    Chapter 3 Wizard Setup for Internet/Wireless Access Figure 33 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. Table 13 Wireless LAN Setup Wizard 1 LABEL Active Enable OTIST Setup Key Back Next Exit 3 Configure your wireless settings in this screen. Click Next. DESCRIPTION Select the check box to turn on the wireless LAN.

  • Page 69: Figure 34 Wireless Lan Setup Wizard 2

    Figure 34 Wireless LAN Setup Wizard 2 The following table describes the labels in this screen. Table 14 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Network Name Enter a descriptive name (up to 32 printable 7-bit English keyboard characters) for the (SSID) wireless LAN.

  • Page 70: Manually Assign A Wpa-Psk Key

    Chapter 3 Wizard Setup for Internet/Wireless Access The wireless stations and P-660HWP-Dx must use the same SSID, channel ID and WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) for wireless communication. 4 This screen varies depending on the security mode you selected in the previous screen. Fill in the field (if available) and click Next.

  • Page 71: Figure 36 Manually Assign A Wep Key

    Figure 36 Manually assign a WEP key The following table describes the labels in this screen. Table 16 Manually assign a WEP key LABEL DESCRIPTION The WEP keys are used to encrypt data. Both the P-660HWP-Dx and the wireless stations must use the same WEP key for data transmission. Enter any 5, 13 or 29 English keyboard characters or 10, 26 or 58 hexadecimal characters ("0-9", "A-F") for a 64-bit, 128-bit or 256-bit WEP key respectively.

  • Page 72: Figure 38 Internet Access And Wireless Wizard Setup Complete

    Chapter 3 Wizard Setup for Internet/Wireless Access Figure 38 Internet Access and Wireless Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of P-660HWP-Dx features.

  • Page 73: Bandwidth Management Wizard

    H A P T E R Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 4.1 Introduction Bandwidth management allows you to control the amount of bandwidth going out through the P-660HWP-Dx’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements.

  • Page 74: Bandwidth Management Wizard Setup

    Chapter 4 Bandwidth Management Wizard Table 17 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION NetMeeting A multimedia communications product from Microsoft that enables groups to (H.323) teleconference and videoconference over the Internet. NetMeeting supports VoIP, text chat sessions, a whiteboard, file transfers and application sharing. NetMeeting uses H.323.

  • Page 75: Figure 40 Wizard: Welcome

    2 Click BANDWIDTH MANAGEMENT SETUP to configure the system for Internet access. Figure 40 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the service requirements. Figure 41 Bandwidth Management Wizard: General Information The following fields describe the label in this screen. Table 18 Bandwidth Management Wizard: General Information LABEL DESCRIPTION...

  • Page 76: Figure 42 Bandwidth Management Wizard: Configuration

    Chapter 4 Bandwidth Management Wizard Figure 42 Bandwidth Management Wizard: Configuration The following table describes the labels in this screen. Table 19 Bandwidth Management Wizard: Configuration LABEL DESCRIPTION Active Select an entry’s Active check box to turn on bandwidth management for the service/ application.

  • Page 77: Figure 43 Bandwidth Management Wizard: Complete

    Chapter 4 Bandwidth Management Wizard Figure 43 Bandwidth Management Wizard: Complete P-660HWP-Dx User’s Guide...
  • Page 78 Chapter 4 Bandwidth Management Wizard P-660HWP-Dx User’s Guide...

  • Page 79: Network

    Network WAN Setup (81) LAN Setup (99) Wireless LAN (111) Powerline (135) Network Address Translation (NAT) (143)

  • Page 81: Wan Setup

    H A P T E R This chapter describes how to configure WAN settings. 5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 5.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The P-660HWP-Dx supports the following methods.

  • Page 82: Multiplexing

    Chapter 5 WAN Setup 5.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The P-660HWP-Dx encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP) DSLAM (digital access multiplexer).

  • Page 83: Vpi And Vci

    5.1.3.2 Scenario 2: One VC, One Protocol (IP) Selecting RFC-1483 encapsulation with VC-based multiplexing requires the least amount of overhead (0 octets). However, if there is a potential need for multiple protocol support in the future, it may be safer to select PPPoA encapsulation instead of RFC-1483, so you do not need to reconfigure either computer later.

  • Page 84: Nat

    Chapter 5 WAN Setup Do not specify a nailed-up connection unless your telephone company offers flat-rate service or you need a constant connection and the cost is of no concern 5.1.7 NAT NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.

  • Page 85: Figure 44 Example Of Traffic Shaping

    Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again.

  • Page 86: Zero Configuration Internet Access

    Chapter 5 WAN Setup The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level.

  • Page 87: Figure 45 Internet Connection (Pppoe)

    Figure 45 Internet Connection (PPPoE) The following table describes the labels in this screen. Table 20 Internet Connection LABEL DESCRIPTION General Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.

  • Page 88: Configuring Advanced Internet Connection Setup

    Chapter 5 WAN Setup Table 20 Internet Connection (continued) LABEL IP Address Obtain an IP Address Automatically Static IP Address IP Address Subnet Mask (ENET ENCAP encapsulation only) Gateway IP address (ENET ENCAP encapsulation only) Connection (PPPoA and PPPoE encapsulation only) Nailed-Up Connection Connect on...

  • Page 89: Figure 46 Advanced Internet Connection Setup

    Figure 46 Advanced Internet Connection Setup The following table describes the labels in this screen. Table 21 Advanced Internet Connection Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.

  • Page 90: Configuring More Connections

    Chapter 5 WAN Setup Table 21 Advanced Internet Connection Setup (continued) LABEL DESCRIPTION Zero This feature is not applicable/available when you configure the P-660HWP-Dx to Configuration use a static WAN IP address or in bridge mode. Select Yes to set the P-660HWP-Dx to automatically detect the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and make the necessary configuration changes.

  • Page 91: More Connections Edit

    The following table describes the labels in this screen. Table 22 More Connections LABEL DESCRIPTION This is the index number of a connection. Active This display whether this connection is activated. Clear the check box to disable the connection. Select the check box to enable it. Name This is the descriptive name for this connection.

  • Page 92: Figure 48 More Connections Edit

    Chapter 5 WAN Setup Figure 48 More Connections Edit The following table describes the labels in this screen. Table 23 More Connections Edit LABEL Active Name Mode Encapsulation User Name Password Service Name DESCRIPTION Select the check box to activate or clear the check box to deactivate this connection.
  • Page 93 Table 23 More Connections Edit (continued) LABEL DESCRIPTION Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. By prior agreement, a protocol is assigned a specific virtual circuit, for example, VC1 will carry IP.

  • Page 94: Configuring More Connections Advanced Setup

    Chapter 5 WAN Setup 5.6.2 Configuring More Connections Advanced Setup To edit your P-660HWP-Dx's advanced WAN settings, click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 49 More Connections Advanced Setup The following table describes the labels in this screen. Table 24 More Connections Advanced Setup LABEL DESCRIPTION...

  • Page 95: Traffic Redirect

    5.7 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the P-660HWP-Dx cannot connect to the Internet. An example is shown in the figure below. Figure 50 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN.

  • Page 96: Figure 52 Wan Backup Setup

    Chapter 5 WAN Setup Figure 52 WAN Backup Setup The following table describes the labels in this screen. Table 25 WAN Backup Setup LABEL DESCRIPTION WAN Backup Setup Backup Type Select the method that the P-660HWP-Dx uses to check the DSL connection. Select DSL Link to have the P-660HWP-Dx check if the connection to the DSLAM is up.
  • Page 97 Table 25 WAN Backup Setup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your P-660HWP-Dx to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request. The WAN connection is considered "down" after the P-660HWP-Dx times out the number of times specified in the Fail Tolerance field.
  • Page 98 Chapter 5 WAN Setup P-660HWP-Dx User’s Guide...

  • Page 99: Lan Setup

    H A P T E R This chapter describes how to configure LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.

  • Page 100: Dhcp Setup

    Chapter 6 LAN Setup 6.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the P- 660HWP-Dx as a DHCP server or disable it. When configured as a server, the P-660HWP-Dx provides the TCP/IP configuration for the clients.

  • Page 101: Lan Tcp/Ip

    • The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. •...

  • Page 102: Rip Setup

    Chapter 6 LAN Setup You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.

  • Page 103: Any Ip

    224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.

  • Page 104: How Any Ip Works

    Chapter 6 LAN Setup You must enable NAT/SUA to use the Any IP feature on the P-660HWP-Dx. 6.2.4.1 How Any IP Works Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.

  • Page 105: Configuring Advanced Lan Setup

    The following table describes the fields in this screen. Table 26 LAN IP LABEL DESCRIPTION LAN TCP/IP IP Address Enter the IP address of your P-660HWP-Dx in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given). Apply Click Apply to save your changes to the P-660HWP-Dx.

  • Page 106: Dhcp Setup

    Chapter 6 LAN Setup Table 27 Advanced LAN Setup (continued) LABEL DESCRIPTION Active Select the Active check box to enable the Any IP feature. This allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the P-660HWP-Dx are not in the same subnet.

  • Page 107: Lan Client List

    Table 28 DHCP Setup LABEL DHCP Setup DHCP IP Pool Starting Address This field specifies the first of the contiguous addresses in the IP Pool Size Remote DHCP Server DNS Server DNS Servers Assigned by DHCP Server Primary DNS Server Secondary DNS Server Apply Cancel...

  • Page 108: Lan Ip Alias

    Chapter 6 LAN Setup Figure 58 LAN Client List The following table describes the labels in this screen. Table 29 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address specified below.

  • Page 109: Figure 59 Physical Network & Partitioned Logical Networks

    Chapter 6 LAN Setup When you use IP alias, you can also configure firewall rules to control access between the LAN's logical networks (subnets). Make sure that the subnets of the logical networks do not overlap. The following figure shows a LAN divided into subnets A, B, and C. Figure 59 Physical Network &...

  • Page 110: Table 30 Lan Ip Alias

    Chapter 6 LAN Setup The following table describes the labels in this screen. Table 30 LAN IP Alias LABEL DESCRIPTION IP Alias 1, 2 Select the check box to configure another LAN network for the P-660HWP-Dx. IP Address Enter the IP address of your P-660HWP-Dx in dotted decimal notation. Alternatively, click the right mouse button to copy and/or paste the IP address.

  • Page 111: Wireless Lan

    H A P T E R This chapter discusses how to configure the wireless network settings in your P-660HWP-Dx. See the appendices for more detailed information about wireless networks. 7.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 61 Example of a Wireless Network The wireless network is the part in the blue circle.

  • Page 112: Wireless Network Setup

    Chapter 7 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 7.2 Wireless Network Setup If you want to access the Internet wirelessly, you must have an Internet account setup already.

  • Page 113: Wireless Security Overview

    ( ) WPA2-PSK (TKIP or AES):______________ ( ) WPA2 (TKIP or AES) • Preamble type (if available): auto, short or long To set up your wireless network without an AP or wireless router, make sure wireless network cards/adapters use the same following settings: •...

  • Page 114: User Authentication

    Chapter 7 Wireless LAN This type of security does not protect the information that is sent in the wireless network. Furthermore, there are ways for unauthorized devices to get the MAC address of an authorized wireless client. Then, they can use that MAC address to use the wireless network. 7.3.3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network.

  • Page 115: One-Touch Intelligent Security Technology (Otist)

    It is recommended that wireless networks use WPA-PSK, WPA, or stronger encryption. IEEE 802.1x and WEP encryption are better than none at all, but it is still possible for unauthorized devices to figure out the original information pretty quickly. It is not possible to use WPA-PSK, WPA or stronger encryption with a local user database.

  • Page 116: Figure 62 Wireless Lan: General

    Chapter 7 Wireless LAN Figure 62 Wireless LAN: General The following table describes the general wireless LAN labels in this screen. Table 32 Wireless LAN: General LABEL DESCRIPTION Wireless Setup Active Wireless Click the check box to activate wireless LAN. Network Name (Service Set IDentity) The SSID identifies the Service Set with which a wireless client (SSID)

  • Page 117: No Security

    If you do not enable any wireless security on your P-660HWP-Dx, your network is accessible to any wireless networking device that is within range. Figure 63 Wireless: No Security The following table describes the labels in this screen. Table 33 Wireless No Security LABEL DESCRIPTION Security Mode...

  • Page 118: Wpa-Psk/Wpa2-Psk

    Chapter 7 Wireless LAN Figure 64 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 34 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box. Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate.

  • Page 119: Figure 65 Wireless: Wpa-Psk/Wpa2-Psk

    Figure 65 Wireless: WPA-PSK/WPA2-PSK The following table describes the wireless LAN security labels in this screen. Table 35 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK from the drop-down list box. WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.

  • Page 120: Wpa/Wpa2

    Chapter 7 Wireless LAN Table 35 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Group Key The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ Update Timer (In WPA2-PSK key management) or RADIUS server (if using WPA(2) key Seconds) management) sends a new group key out to all clients.

  • Page 121: Table 36 Wireless: Wpa/Wpa2

    The following table describes the wireless LAN security labels in this screen. Table 36 Wireless: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the P-660HWP-Dx even when the P-660HWP-Dx is using WPA2-PSK or WPA2.

  • Page 122: Wireless Lan Advanced Setup

    Chapter 7 Wireless LAN 7.4.5 Wireless LAN Advanced Setup To configure advanced wireless settings, click the Advanced Setup button in the General screen. The screen appears as shown. Figure 67 Advanced The following table describes the labels in this screen. Table 37 Wireless LAN: Advanced LABEL DESCRIPTION...

  • Page 123: Otist

    Table 37 Wireless LAN: Advanced (continued) LABEL DESCRIPTION Max. Frame Enable Maximum Frame Burst to help eliminate collisions in mixed-mode Burst networks (networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks. Maximum Frame Burst sets the maximum time, in micro-seconds, that the ZP- 660HWP-Dx transmits IEEE 802.11g wireless traffic only.

  • Page 124: Wireless Client

    Chapter 7 Wireless LAN If you hold in the RESET button too long, the device will reset to the factory defaults! 7.5.1.1.2 Web Configurator Click the Network > Wireless LAN > OTIST. The following screen displays. Figure 68 OTIST The following table describes the labels in this screen. Table 38 OTIST LABEL Setup Key...

  • Page 125: Starting Otist

    Figure 69 Example Wireless Client OTIST Screen 7.5.2 Starting OTIST You must click Start in the AP OTIST web configurator screen and in the wireless client(s) Adapter screen all within three minutes (at the time of writing). You can start OTIST in the wireless clients and AP in any order but they must all be within range and have OTIST enabled.

  • Page 126: Notes On Otist

    Chapter 7 Wireless LAN Figure 72 OTIST in progress (Client) In the wireless client, you see this screen if it can’t find an OTIST-enabled AP (with the same Setup key). Click OK to go back to the ZyXEL utility main screen. Figure 73 No AP with OTIST Found •...

  • Page 127: Mac Filter

    7.6 MAC Filter The MAC filter screen allows you to configure the P-660HWP-Dx to give exclusive access to up to 32 devices (Allow) or exclude up to 32 devices from accessing the P-660HWP-Dx (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.

  • Page 128: Wmm Qos

    Chapter 7 Wireless LAN Table 39 MAC Address Filter LABEL DESCRIPTION This is the index number of the MAC address. Enter the MAC addresses of the wireless client that are allowed or denied access to Address the P-660HWP-Dx in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.

  • Page 129: Services

    7.7.3 Services The commonly used services and port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP). The second field indicates the IP port number that defines the service.

  • Page 130: Qos Screen

    Chapter 7 Wireless LAN Table 41 Commonly Used Services SERVICE AIM/New-ICQ(TCP:5190) AUTH(TCP:113) BGP(TCP:179) BOOTP_CLIENT(UDP:68) BOOTP_SERVER(UDP:67) CU-SEEME(TCP/UDP:7648, 24032) DNS(UDP/TCP:53) FINGER(TCP:79) FTP(TCP:20.21) H.323(TCP:1720) HTTP(TCP:80) HTTPS(TCP:443) ICQ(UDP:4000) IKE(UDP:500) IPSEC_TUNNEL(AH:0) IPSEC_TUNNEL(ESP:0) IRC(TCP/UDP:6667) MSN Messenger(TCP:1863) MULTICAST(IGMP:0) NEW-ICQ(TCP:5190) NEWS(TCP:144) NFS(UDP:2049) NNTP(TCP:119) PING(ICMP:0) POP3(TCP:110) PPTP(TCP:1723) PPTP_TUNNEL(GRE:0) RCMD(TCP:512) DESCRIPTION AOL’s Internet Messenger service, used as a listening port by ICQ.

  • Page 131: Qos Screen

    Table 41 Commonly Used Services (continued) SERVICE REAL_AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP-TRAPS(TCP/UDP:162) SQL-NET(TCP:1521) SSH(TCP/UDP:22) STRM WORKS(UDP:1558) SYSLOG(UDP:514) TACACS(UDP:49) TELNET(TCP:23) TFTP(UDP:69) VDOLIVE(TCP:7000) 7.8 QoS Screen The QoS screen by default allows you to automatically give a service a priority level according to the ToS value in the IP header of the packets it sends.

  • Page 132: Application Priority Configuration

    Chapter 7 Wireless LAN Click Network > Wireless LAN > QoS. The following screen displays. Figure 76 Wireless LAN: QoS The following table describes the fields in this screen. Table 42 Wireless Lan: QoS LABEL Enable WMM QoS WMM QoS Policy Name Service Dest Port...

  • Page 133: Figure 77 Application Priority Configuration

    7.8.2 Application Priority Configuration To edit a WMM QoS application entry, click the edit icon ( screen displays. Figure 77 Application Priority Configuration The following table describes the fields in this screen. Table 43 Application Priority Configuration LABEL Application Priority Configuration Name Service Dest Port...
  • Page 134 Chapter 7 Wireless LAN Table 43 Application Priority Configuration (continued) LABEL Apply Cancel DESCRIPTION Click Apply to save your changes back to the P-660HWP-Dx. Click Cancel to return to the previous screen without saving your changes. P-660HWP-Dx User’s Guide...

  • Page 135: Powerline

    H A P T E R This chapter introduces the main applications and management of the powerline feature. 8.1 Overview The P-660HWP-Dx is a HomePlug AV adaptor integrated DSL product. The P-660HWP-Dx and other HomePlug AV powerline adapters in your network communicate with each other by sending and receiving information over your home’s electrical wiring.

  • Page 136: Privacy And Powerline Adapters

    Chapter 8 Powerline In this User’s Guide the electrical wiring network may be referred to as the “powerline network”. 8.2 Privacy and Powerline Adapters When the P-660HWP-Dx communicates with each other HomePlug AV compliant powerline adapters, they use encryption to scramble the information that is sent in the powerline network.

  • Page 137: Setting Up Multiple Powerline Networks

    In both cases the powerline adapters reside on the same electrical circuit. In scenario A all the powerline adapters can communicate with each other. In scenario B only the adapters with the same NMK can receive and unscramble communication between each other. 8.2.2 Setting Up Multiple Powerline Networks.

  • Page 138: Configuring Local Settings

    Chapter 8 Powerline 8.3 Configuring Local Settings Use the Local Setting screen to enter the network password for the network you wish to configure. You can also change the Device Access Key for your P-660HWP-Dx from this screen. Click Network > Powerline to access the settings of your local station. Figure 81 Network >...

  • Page 139: Configuring Remote Settings

    LABEL DESCRIPTION Apply Click Apply to apply your changes. The new network password and DAK is applied to the selected P-660HWP-Dx. Note: You must enter the correct Device Access Cancel Click this button to cancel any changes you have made. 8.4 Configuring Remote Settings Use this screen to access the other powerline adapters on your network.

  • Page 140: Powerline Network Status

    Chapter 8 Powerline LABEL Login Remote Device Access Key Apply Cancel 8.5 Powerline Network Status Use this screen to check the status of your powerline network and for expert troubleshooting. Click on Network > Powerline > Status to access advanced information on the status of your powerline network.
  • Page 141 LABEL DESCRIPTION TEI refers to Terminal Equipment Identifier. In this case the number identifies the CCo on the powerline network. NID refers to Network Identifier. This number identifies a network with a common password. SNID SNID refers to Short Network Identifier. This number is a short form of the NID.
  • Page 142 Chapter 8 Powerline P-660HWP-Dx User’s Guide...

  • Page 143: Network Address Translation (Nat)

    H A P T E R Network Address Translation This chapter discusses how to configure NAT on the P-660HWP-Dx. 9.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.

  • Page 144: What Nat Does

    Chapter 9 Network Address Translation (NAT) 9.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.

  • Page 145: Nat Mapping Types

    Figure 85 NAT Application With IP Alias 9.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the P-660HWP-Dx maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the P-660HWP-Dx maps multiple local IP addresses to one global IP address.

  • Page 146: Sua (Single User Account) Versus Nat

    Chapter 9 Network Address Translation (NAT) The following table summarizes these types. Table 48 NAT Mapping Types TYPE One-to-One Many-to-One (SUA/PAT) Many-to-Many Overload Many-to-Many No Overload Server 9.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.

  • Page 147: Nat General Setup

    9.4 NAT General Setup You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the P-660HWP-Dx. Click Network > NAT to open the following screen. Figure 86 NAT General The following table describes the labels in this screen.

  • Page 148: Port Forwarding

    Chapter 9 Network Address Translation (NAT) 9.5 Port Forwarding A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.

  • Page 149: Configuring Servers Behind Port Forwarding (Example)

    Table 50 Services and Port Numbers SERVICES SNMP trap PPTP (Point-to-Point Tunneling Protocol) 9.5.3 Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).

  • Page 150: Port Forwarding Rule Edit

    Chapter 9 Network Address Translation (NAT) Figure 88 NAT Port Forwarding The following table describes the fields in this screen. Table 51 NAT Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen.

  • Page 151: Address Mapping

    Figure 89 Port Forwarding Rule Setup The following table describes the fields in this screen. Table 52 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this check box to enable the rule. Service Name Enter a name to identify this port-forwarding rule. Start Port Enter a port number in this field.

  • Page 152: Figure 90 Address Mapping Rules

    Chapter 9 Network Address Translation (NAT) rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9. In the set summary screen, the new rule will be rule 7, not 9. Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6.

  • Page 153: Address Mapping Rule Edit

    9.7.1 Address Mapping Rule Edit To edit an address mapping rule, click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 91 Edit Address Mapping Rule The following table describes the fields in this screen. Table 54 Edit Address Mapping Rule LABEL DESCRIPTION...
  • Page 154 Chapter 9 Network Address Translation (NAT) Table 54 Edit Address Mapping Rule (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the P-660HWP-Dx. Cancel Click Cancel to begin configuring this screen afresh. P-660HWP-Dx User’s Guide...

  • Page 155: Security

    Security Firewalls (157) Firewall Configuration (169) Content Filtering (191) Certificates (195)

  • Page 157: Firewalls

    H A P T E R This chapter gives some background information on firewalls and introduces the P-660HWP- Dx firewall. 10.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.

  • Page 158: Application-Level Firewalls

    Chapter 10 Firewalls 10.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts: Information hiding prevents the names of internal systems from being made known via DNS...

  • Page 159: Denial Of Service Attacks

    10.3.1 Denial of Service Attacks Figure 92 Firewall Application 10.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.

  • Page 160: Types Of Dos Attacks

    Chapter 10 Firewalls 10.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing.

  • Page 161: Figure 94 Syn Flood

    Figure 94 SYN Flood • In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.

  • Page 162: Icmp Vulnerability

    Chapter 10 Firewalls 10.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 56 ICMP Commands That Trigger Alerts 10.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal. Table 57 Legal NetBIOS Commands MESSAGE: REQUEST:...

  • Page 163: Stateful Inspection Process

    are allowed in. The P-660HWP-Dx uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the P-660HWP-Dx’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet.

  • Page 164: Stateful Inspection And The P-660Hwp-Dx

    Chapter 10 Firewalls 6 Later, an inbound packet reaches the interface. This packet is part of the connection previously established with the outbound packet. The inbound packet is evaluated against the inbound access list, and is permitted because of the temporary access list entry previously created.

  • Page 165: Udp/Icmp Security

    If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the Internet. Assuming that this is an acceptable part of the security policy (as is the case with the default policy), the connection will be allowed. A cache entry is added which includes connection information such as IP addresses, TCP ports, sequence numbers, etc.

  • Page 166: Guidelines For Enhancing Security With Your Firewall

    Chapter 10 Firewalls 10.6 Guidelines for Enhancing Security with Your Firewall • Change the default password via CLI (Command Line Interpreter) or web configurator. • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk.

  • Page 167: Packet Filtering Vs Firewall

    • Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 10.7 Packet Filtering Vs Firewall Below are some comparisons between the P-660HWP-Dx’s filtering and firewall functions. 10.7.1 Packet Filtering: •...
  • Page 168 Chapter 10 Firewalls • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address. • The firewall performs better than filtering if you need to check many rules. •...

  • Page 169: Firewall Configuration

    H A P T E R Firewall Configuration This chapter shows you how to enable and configure the P-660HWP-Dx firewall. 11.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your P- 660HWP-Dx has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.CLI (Command Line Interpreter) commands provide limited configuration options and are only recommended for advanced users.

  • Page 170: Rule Logic Overview

    Chapter 11 Firewall Configuration If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...

  • Page 171: Key Fields For Configuring Rules

    3 Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will a rule that blocks just certain users be more effective? 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers.

  • Page 172: Lan To Wan Rules

    Chapter 11 Firewall Configuration 11.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.

  • Page 173: Firewall Rules Summary

    The following table describes the labels in this screen. Table 59 Firewall: General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The P-660HWP-Dx performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.

  • Page 174: Figure 98 Firewall Rules

    Chapter 11 Firewall Configuration Figure 98 Firewall Rules The following table describes the labels in this screen. Table 60 Firewall Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the P-660HWP-Dx's memory for recording Storage Space firewall rules it is currently using. When you are using 80% or less of the storage in Use space, the bar is green.

  • Page 175: Configuring Firewall Rules

    Table 60 Firewall Rules (continued) LABEL DESCRIPTION This field shows you whether a log is created when packets match this rule (Yes) or not (No). Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule.

  • Page 176: Figure 99 Firewall: Edit Rule

    Chapter 11 Firewall Configuration Figure 99 Firewall: Edit Rule P-660HWP-Dx User’s Guide...

  • Page 177: Table 61 Firewall: Edit Rule

    The following table describes the labels in this screen. Table 61 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select what the firewall is to do with packets that Packet match this rule.

  • Page 178: Customized Services

    Chapter 11 Firewall Configuration Table 61 Firewall: Edit Rule (continued) LABEL Apply Cancel 11.6.2 Customized Services Configure customized services and port numbers not predefined by the P-660HWP-Dx. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.

  • Page 179: Example Firewall Rule

    Refer to Section 10.1 on page 35 Figure 101 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 63 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.

  • Page 180: Figure 102 Firewall Example: Rules

    Chapter 11 Firewall Configuration Figure 102 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.

  • Page 181: Figure 104 Firewall Example: Edit Rule: Destination Address

    Chapter 11 Firewall Configuration Figure 104 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box.

  • Page 182: Figure 105 Firewall Example: Edit Rule: Select Customized Services

    Chapter 11 Firewall Configuration Figure 105 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.

  • Page 183: Predefined Services

    Figure 106 Firewall Example: Rules: MyService 11.8 Predefined Services The Available Services list box in the Edit Rule screen (see displays all predefined services that the P-660HWP-Dx already supports. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP).
  • Page 184 Chapter 11 Firewall Configuration Table 64 Predefined Services (continued) SERVICE HTTP(TCP:80) HTTPS ICQ(UDP:4000) IPSEC_TRANSPORT/ TUNNEL(AH:0) IPSEC_TUNNEL(ESP:0) IRC(TCP/UDP:6667) MSN Messenger(TCP:1863) MULTICAST(IGMP:0) NEWS(TCP:144) NFS(UDP:2049) NNTP(TCP:119) PING(ICMP:0) POP3(TCP:110) PPTP(TCP:1723) PPTP_TUNNEL(GRE:0) RCMD(TCP:512) REAL_AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP-TRAPS (TCP/ UDP:162) SQL-NET(TCP:1521) SSDP(UDP:1900) DESCRIPTION Hyper Text Transfer Protocol - a client/server protocol for the world...

  • Page 185: Anti-Probing

    Table 64 Predefined Services (continued) SERVICE SSH(TCP/UDP:22) STRMWORKS(UDP:1558) SYSLOG(UDP:514) TACACS(UDP:49) TELNET(TCP:23) TFTP(UDP:69) VDOLIVE(TCP:7000) 11.9 Anti-Probing If an outside user attempts to probe an unsupported port on your P-660HWP-Dx, an ICMP response packet is automatically returned. This allows the outside user to know the P- 660HWP-Dx exists.

  • Page 186: Dos Thresholds

    Chapter 11 Firewall Configuration The following table describes the labels in this screen. Table 65 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING The P-660HWP-Dx does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests.

  • Page 187: Half-Open Sessions

    11.10.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "half- open" means that the session has not reached the established state-the TCP three-way handshake has not yet been completed (see means that the firewall has detected no return traffic.

  • Page 188: Figure 108 Firewall: Threshold

    Chapter 11 Firewall Configuration Figure 108 Firewall: Threshold The following table describes the labels in this screen. Table 66 Firewall: Threshold LABEL DESCRIPTION Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions that causes the firewall to stop deleting half- open sessions.
  • Page 189 Table 66 Firewall: Threshold (continued) LABEL DESCRIPTION Maximum This is the number of existing half-open Incomplete High sessions that causes the firewall to start deleting half-open sessions. When the number of existing half-open sessions rises above this number, the P-660HWP-Dx deletes half-open sessions as required to accommodate new connection requests.
  • Page 190 Chapter 11 Firewall Configuration P-660HWP-Dx User’s Guide...

  • Page 191: Content Filtering

    H A P T E R This chapter covers how to configure content filtering. 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.

  • Page 192: Configuring The Schedule

    Chapter 12 Content Filtering The following table describes the labels in this screen. Table 67 Content Filter: Keyword LABEL Active Keyword Blocking Block Websites that contain these keywords in the URL: Delete Clear All Keyword Add Keyword Apply Cancel 12.3 Configuring the Schedule To set the days and times for the P-660HWP-Dx to perform content filtering, click Security >...

  • Page 193: Configuring Trusted Computers

    The following table describes the labels in this screen. Table 68 Content Filter: Schedule LABEL DESCRIPTION Schedule Select Active Everyday to Block to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active.
  • Page 194 Chapter 12 Content Filtering P-660HWP-Dx User’s Guide...

  • Page 195: Certificates

    H A P T E R This chapter gives background information about public-key certificates and explains how to use them. 13.1 Certificates Overview The P-660HWP-Dx can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key.

  • Page 196: Advantages Of Certificates

    Chapter 13 Certificates Certification authorities maintain directory servers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled expiration is called a CRL (Certificate Revocation List). The P-660HWP-Dx can check a peer’s certificate against a directory server’s list of revoked certificates.

  • Page 197: Configuration Summary

    Figure 113 Certificate Details 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may very based on your situation. Possible examples would be over the telephone or through an HTTPS connection.

  • Page 198: My Certificates

    Chapter 13 Certificates 13.5 My Certificates Click Security > Certificates > My Certificates to open the My Certificates screen. This is the P-660HWP-Dx’s summary list of certificates and certification requests. Certificates display in black and certification requests display in gray. Figure 115 Security >...

  • Page 199: My Certificates > Details

    Table 70 Security > Certificates > My Certificates (continued) LABEL DESCRIPTION Subject This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have unique subject information.

  • Page 200: Table 71 Security > Certificates > My Certificates > Edit

    Chapter 13 Certificates Table 71 Security > Certificates > My Certificates > Edit The following table describes the labels in this screen. Table 72 Security > Certificates > My Certificates > Details LABEL Certificate Name Property Default self-signed certificate which signs the imported remote host certificates.
  • Page 201 Table 72 Security > Certificates > My Certificates > Details (continued) LABEL DESCRIPTION Type This field displays general information about the certificate. CA-signed means that a Certification Authority signed the certificate. Self-signed means that the certificate’s owner signed the certificate (not a certification authority). “X.509” means that this certificate was created and signed according to the ITU-T X.509 recommendation that defines the formats for public-key certificates.

  • Page 202: My Certificates > Create

    Chapter 13 Certificates Table 72 Security > Certificates > My Certificates > Details (continued) LABEL Back Export Apply Cancel 13.7 My Certificates > Create Click Security > Certificates > My Certificates > Create to open the My Certificate Create screen. Use this screen to have the P-660HWP-Dx create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request.

  • Page 203: Table 73 Security > Certificates > My Certificates > Create

    The following table describes the labels in this screen. Table 73 Security > Certificates > My Certificates > Create LABEL Certificate Name Subject Information Common Name Host IP Address Host Domain Name Email Organizational Unit Organization Country Key Length Enrollment Options Create a self-signed certificate Create a certification...

  • Page 204: My Certificates > Import

    Chapter 13 Certificates Table 73 Security > Certificates > My Certificates > Create (continued) LABEL Enrollment Protocol CA Server Address CA Certificate Request Authentication Back Apply Cancel After you click Apply in the My Certificate Create screen, you see a screen that tells you the P-660HWP-Dx is generating the self-signed certificate or certification request.

  • Page 205: Certificate File Formats

    • You can only import a certificate that matches a corresponding certification request that was generated by the P-660HWP-Dx (the certification request contains the private key). The certificate you import replaces the corresponding request in the My Certificates screen. One exception is that you can import a PKCS#12 format certificate without a corresponding certification request since the certificate includes the private key.

  • Page 206: Trusted Cas

    Chapter 13 Certificates 13.9 Trusted CAs Click Security > Certificates > Trusted CAs to open the Trusted CAs screen. This screen displays a summary list of certificates of the certification authorities that you have set the P- 660HWP-Dx to accept as trusted. The P-660HWP-Dx accepts any valid certificate signed by a certification authority on this list as being trustworthy;...

  • Page 207: Trusted Ca Details

    Table 75 Security > Certificates > Trusted CAs (continued) LABEL DESCRIPTION Modify Click the details icon to open a screen with an in-depth list of information about the certificate. Use the export icon to save the certificate to a computer. Click the icon and then Save in the File Download screen.

  • Page 208: Table 76 Security > Certificates > Trusted Cas > Details

    Chapter 13 Certificates The following table describes the labels in this screen. Table 76 Security > Certificates > Trusted CAs > Details LABEL Certificate Name Property Check incoming certificates issued by this CA against a Certification Path Refresh Certificate Information Type Version Serial Number...

  • Page 209: Trusted Ca > Import

    Table 76 Security > Certificates > Trusted CAs > Details (continued) LABEL DESCRIPTION Subject Alternative This field displays the certificate’s owner‘s IP address (IP), domain name (DNS) Name or e-mail address (EMAIL). Key Usage This field displays for what functions the certificate’s key can be used. For example, “DigitalSignature”...

  • Page 210: Trusted Remote Hosts

    Chapter 13 Certificates Figure 120 Security > Certificates > Trusted CAs > Import The following table describes the labels in this screen. Table 77 Security > Certificates > Trusted CAs Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click Browse to find the certificate file you want to upload.

  • Page 211: Trusted Remote Hosts > Import

    The following table describes the labels in this screen. Table 78 Security > Certificates > Trusted Remote Hosts LABEL DESCRIPTION PKI Storage This bar displays the percentage of the P-660HWP-Dx’s PKI storage space that is Space in Use currently in use. When the storage space is almost full, you should consider deleting expired or unnecessary certificates before adding more certificates.

  • Page 212: Trusted Remote Host Certificate Details

    Chapter 13 Certificates The trusted remote host certificate must be a self-signed certificate; and you must remove any spaces from its filename before you can import it. Figure 122 Security > Certificates > Trusted Remote Hosts > Import The following table describes the labels in this screen. Table 79 Security >...

  • Page 213: Figure 123 Security > Certificates > Trusted Remote Hosts > Details

    Figure 123 Security > Certificates > Trusted Remote Hosts > Details The following table describes the labels in this screen. Table 80 Security > Certificates > Trusted Remote Hosts > Details LABEL Certification Name Certificate Path Refresh Certificate Information Type Version Serial Number P-660HWP-Dx User’s Guide...
  • Page 214 Chapter 13 Certificates Table 80 Security > Certificates > Trusted Remote Hosts > Details (continued) LABEL Subject Issuer Signature Algorithm Valid From Valid To Key Algorithm Subject Alternative Name Key Usage Basic Constraint MD5 Fingerprint SHA1 Fingerprint Certificate in PEM (Base-64) Encoded Format Back...

  • Page 215: Directory Servers

    13.15 Directory Servers Click Security > Certificates > Directory Servers to open the Directory Servers screen. This screen displays a summary list of directory servers (that contain lists of valid and revoked certificates) that have been saved into the P-660HWP-Dx. If you decide to have the P- 660HWP-Dx check incoming certificates against the issuing certification authority’s list of revoked certificates, the P-660HWP-Dx first checks the server(s) listed in the CRL Distribution Points field of the incoming certificate.

  • Page 216: Figure 125 Security > Certificates > Directory Server > Add

    Chapter 13 Certificates Figure 125 Security > Certificates > Directory Server > Add The following table describes the labels in this screen. Table 82 Security > Certificates > Directory Server > Add LABEL DESCRIPTION Directory Service Setting Name Type up to 31 ASCII characters (spaces are not permitted) to identify this directory server.

  • Page 217: Advanced

    Advanced Static Route (219) Bandwidth Management (223) Dynamic DNS Setup (235) Remote Management Configuration (239) Universal Plug-and-Play (UPnP) (251)

  • Page 219: Static Route

    H A P T E R This chapter shows you how to configure static routes for your P-660HWP-Dx. 14.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the P-660HWP-Dx has no knowledge of the networks beyond. For instance, the P-660HWP- Dx knows about network N2 in the following figure through remote node Router 1.

  • Page 220: Static Route Edit

    Chapter 14 Static Route Figure 127 Static Route The following table describes the labels in this screen. Table 83 Static Route LABEL DESCRIPTION This is the number of an individual static route. Active Select the check box to activate this static route. Otherwise, clear the check box. Name This is the name that describes or identifies this route.

  • Page 221: Figure 128 Static Route Edit

    Figure 128 Static Route Edit The following table describes the labels in this screen. Table 84 Static Route Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route.
  • Page 222 Chapter 14 Static Route P-660HWP-Dx User’s Guide...

  • Page 223: Bandwidth Management

    H A P T E R Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the P-660HWP-Dx’s bandwidth management logs. 15.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet.

  • Page 224: Application And Subnet-Based Bandwidth Management

    Chapter 15 Bandwidth Management Figure 129 Subnet-based Bandwidth Management Example 15.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.

  • Page 225: Fairness-Based Scheduler

    15.5.2 Fairness-based Scheduler The P-660HWP-Dx divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 15.6 Maximize Bandwidth Usage The maximize bandwidth usage option (see to divide up any available bandwidth on the interface (including unallocated bandwidth and any allocated bandwidth that a class is not using) among the bandwidth classes that require more bandwidth.

  • Page 226: Maximize Bandwidth Usage Example

    Chapter 15 Bandwidth Management 15.6.2 Maximize Bandwidth Usage Example Here is an example of a P-660HWP-Dx that has maximize bandwidth usage enabled on an interface. The following table shows each bandwidth class’s bandwidth budget. The classes are set up based on subnets. The interface is set to 10240 kbps. Each subnet is allocated 2048 kbps.

  • Page 227: Bandwidth Management Priorities

    15.6.2.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth The following table shows the amount of bandwidth that each class gets. Table 88 Fairness-based Allotment of Unused and Unbudgeted Bandwidth Example BANDWIDTH CLASSES AND ALLOTMENTS Root Class: 10240 kbps Suppose that all of the classes except for the administration class need more bandwidth. •...

  • Page 228: Configuring Summary

    Chapter 15 Bandwidth Management If you use VoIP and NetMeeting at the same time, the device allocates up to 500 Kbps of bandwidth to each of them before it allocates any bandwidth to FTP. As a result, FTP can only use bandwidth when VoIP and NetMeeting do not use all of their allocated bandwidth.

  • Page 229: Bandwidth Management Rule Setup

    Table 91 Media Bandwidth Management: Summary (continued) LABEL DESCRIPTION Scheduler Select either Priority-Based or Fairness-Based from the drop-down menu to control the traffic flow. Select Priority-Based to give preference to bandwidth classes with higher priorities. Select Fairness-Based to treat all bandwidth classes equally. Select this check box to have the P-660HWP-Dx divide up all of the interface’s Bandwidth unallocated and/or unused bandwidth among the bandwidth classes that require...

  • Page 230: Diffserv

    Chapter 15 Bandwidth Management Table 92 Bandwidth Management: Rule Setup (continued) LABEL Active Rule Name Destination Port Priority Bandwidth (kbps) Modify Apply Cancel 15.10 DiffServ DiffServ is a class of service (CoS) model that marks packets so that they receive specific per- hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow.

  • Page 231: Rule Configuration

    PHB consists of two types of services: EF (Expedited Forwarding) and AF (Assured Forwarding). EF has higher priority. EF guarantees services with minimal loss and delay. AF has four sub-classes, each with three levels of importance (drop precedence). A high drop precedence means low importance.

  • Page 232: Table 94 Bandwidth Management Rule Configuration

    Chapter 15 Bandwidth Management The following table describes the labels in this screen. Table 94 Bandwidth Management Rule Configuration LABEL Rule Configuration Active Rule Name BW Budget Priority Use All Managed Bandwidth Enable DiffServ Marking DiffServ mark Filter Configuration Service Destination Address DESCRIPTION...

  • Page 233: Table 95 Services And Port Numbers

    Table 94 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION Destination Subnet Enter the destination subnet mask. This field is N/A if you do not specify a Netmask Destination Address. Refer to the appendices for more information on IP subnetting. Destination Port Enter the port number of the destination.

  • Page 234: Bandwidth Monitor

    Chapter 15 Bandwidth Management 15.11 Bandwidth Monitor To view the P-660HWP-Dx’s bandwidth usage and allotments, click Advanced > Bandwidth MGMT > Monitor. The screen appears as shown. Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth rules. The gray section of the bar represents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use.

  • Page 235: Dynamic Dns Setup

    H A P T E R This chapter discusses how to configure your P-660HWP-Dx to use Dynamic DNS. 16.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.

  • Page 236: Figure 135 Dynamic Dns

    Chapter 16 Dynamic DNS Setup Figure 135 Dynamic DNS The following table describes the fields in this screen. Table 97 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Select the type of service that you are registered for from your Dynamic DNS Type...
  • Page 237 Table 97 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this option only when there are one or more NAT routers between the P- server auto 660HWP-Dx and the DDNS server. This feature has the DDNS server detect IP automatically detect and use the IP address of the NAT router that has a public IP Address address.
  • Page 238 Chapter 16 Dynamic DNS Setup P-660HWP-Dx User’s Guide...

  • Page 239: Remote Management Configuration

    H A P T E R This chapter provides information on configuring remote management. 17.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which P- 660HWP-Dx interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.

  • Page 240: Remote Management Limitations

    Chapter 17 Remote Management Configuration 17.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the P-660HWP-Dx will disconnect the session immediately.

  • Page 241: Telnet

    The following table describes the labels in this screen. Table 98 Remote Management: WWW LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the P-660HWP-Dx using this service.

  • Page 242: Configuring Telnet

    Chapter 17 Remote Management Configuration 17.4 Configuring Telnet Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. Figure 138 Remote Management: Telnet The following table describes the labels in this screen. Table 99 Remote Management: Telnet LABEL DESCRIPTION Port...

  • Page 243: Snmp

    Figure 139 Remote Management: FTP The following table describes the labels in this screen. Table 100 Remote Management: FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the P-660HWP-Dx using this service.

  • Page 244: Supported Mibs

    Chapter 17 Remote Management Configuration Figure 140 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the P-660HWP- Dx).

  • Page 245: Snmp Traps

    17.6.2 SNMP Traps The P-660HWP-Dx will send traps to the SNMP manager when any one of the following events occurs: Table 101 SNMP Traps TRAP # TRAP NAME coldStart (defined in RFC-1215) warmStart (defined in RFC-1215) whyReboot (defined in ZYXEL- MIB) For intentional reboot: For fatal error:...

  • Page 246: Configuring Dns

    Chapter 17 Remote Management Configuration The following table describes the labels in this screen. Table 102 Remote Management: SNMP LABEL SNMP Port Access Status Secured Client IP SNMP Configuration Get Community Set Community TrapCommunity TrapDestination Apply Cancel 17.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa.

  • Page 247: Configuring Icmp

    Figure 142 Remote Management: DNS The following table describes the labels in this screen. Table 103 Remote Management: DNS LABEL DESCRIPTION Port The DNS service port number is 53. Access Status Select the interface(s) through which a computer may send DNS queries to the P- 660HWP-Dx.

  • Page 248: 248

    Chapter 17 Remote Management Configuration Figure 143 Remote Management: ICMP The following table describes the labels in this screen. Table 104 Remote Management: ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.

  • Page 249: Figure 144 Enabling Tr-069

    Follow the procedure below to configure your P-660HWP-Dx to be managed by CNM Access. See the Command Interpreter appendix for information on the command structure and how to access the CLI (Command Line Interface) on the P-660HWP-Dx. In this example a.b.c.d is the IP address of CNM Access. You must change this value to reflect your actual management server IP address or domain name.
  • Page 250 Chapter 17 Remote Management Configuration P-660HWP-Dx User’s Guide...

  • Page 251: Universal Plug-And-Play (Upnp)

    H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 18.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.

  • Page 252: Upnp And Zyxel

    Chapter 18 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the P-660HWP-Dx allows multicast messages only on the LAN. All UPnP-enabled devices may communicate freely with each other without additional configuration.

  • Page 253: Installing Upnp In Windows Example

    Table 106 Configuring UPnP LABEL Allow UPnP to pass through Firewall Apply Cancel 18.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. 18.3.1 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel.

  • Page 254: Installing Upnp In Windows Xp

    Chapter 18 Universal Plug-and-Play (UPnP) Figure 147 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. 18.3.2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP.

  • Page 255: Using Upnp In Windows Xp Example

    Figure 149 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 150 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 18.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP.

  • Page 256: Auto-Discover Your Upnp-Enabled Network Device

    Chapter 18 Universal Plug-and-Play (UPnP) Make sure the computer is connected to a LAN port of the P-660HWP-Dx. Turn on your computer and the P-660HWP-Dx. 18.4.1 Auto-discover Your UPnP-enabled Network Device 1 Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway.

  • Page 257: Figure 152 Internet Connection Properties

    Chapter 18 Universal Plug-and-Play (UPnP) Figure 152 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 153 Internet Connection Properties: Advanced Settings P-660HWP-Dx User’s Guide...

  • Page 258: Figure 154 Internet Connection Properties: Advanced Settings: Add

    Chapter 18 Universal Plug-and-Play (UPnP) Figure 154 Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 5 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.

  • Page 259: Web Configurator Easy Access

    Figure 156 Internet Connection Status 18.4.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the P-660HWP-Dx without finding out the IP address of the P-660HWP-Dx first. This comes helpful if you do not know the IP address of the P-660HWP-Dx.

  • Page 260: Figure 157 Network Connections

    Chapter 18 Universal Plug-and-Play (UPnP) Figure 157 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your P-660HWP-Dx and select Invoke. The web configurator login screen displays. P-660HWP-Dx User’s Guide...

  • Page 261: Figure 158 Network Connections: My Network Places

    Chapter 18 Universal Plug-and-Play (UPnP) Figure 158 Network Connections: My Network Places 6 Right-click on the icon for your P-660HWP-Dx and select Properties. A properties window displays with basic information about the P-660HWP-Dx. Figure 159 Network Connections: My Network Places: Properties: Example P-660HWP-Dx User’s Guide...
  • Page 262 Chapter 18 Universal Plug-and-Play (UPnP) P-660HWP-Dx User’s Guide...

  • Page 263: Maintenance And Troubleshooting

    Maintenance and Troubleshooting System (265) Logs (271) Tools (289) Diagnostic (295) Troubleshooting (297)

  • Page 265: System

    H A P T E R Use this screen to configure the P-660HWP-Dx’s time and date settings. 19.1 General Setup 19.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".

  • Page 266: Figure 160 System General Setup

    Chapter 19 System Figure 160 System General Setup The following table describes the labels in this screen. Table 107 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name”...

  • Page 267: Time Setting

    Table 107 System General Setup LABEL DESCRIPTION Old Password Type the default admin password (1234) or the existing password you use to access the system for configuring advanced features. New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type.

  • Page 268: Table 108 System Time Setting

    Chapter 19 System The following table describes the fields in this screen. Table 108 System Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your P-660HWP-Dx. Each time you reload this page, the P-660HWP-Dx synchronizes the time with the time server.
  • Page 269 Table 108 System Time Setting (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the first Sunday of April.
  • Page 270 Chapter 19 System P-660HWP-Dx User’s Guide...

  • Page 271: Logs

    H A P T E R This chapter contains information about configuring general log settings and viewing the P- 660HWP-Dx’s logs. Refer to the appendix for example log message explanations. 20.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the P-660HWP-Dx log and then display the logs or have the P-660HWP-Dx send them to an administrator (as e-mail) or to a syslog server.

  • Page 272: Configuring Log Settings

    Chapter 20 Logs Figure 162 View Log The following table describes the fields in this screen. Table 109 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.

  • Page 273: Figure 163 Log Settings

    Figure 163 Log Settings The following table describes the fields in this screen. Table 110 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.

  • Page 274: Example E-Mail Log

    Chapter 20 Logs Table 110 Log Settings LABEL DESCRIPTION Enable SMTP Simple Mail Transfer Protocol is the message-exchange standard for the Internet. Authentication SMTP enables you to move messages from one e-mail server to another User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name.

  • Page 275: Log Descriptions

    Figure 164 E-mail Log Example Subject: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 | 09:54:03 |UDP src port:00520 dest port:00520 2|Apr 7 00 |From:192.168.1.131 | 09:54:17 |UDP src port:00520 dest port:00520 3|Apr 7 00 |From:192.168.1.6 | 09:54:19 |UDP...

  • Page 276: Table 112 System Error Logs

    Chapter 20 Logs Table 111 System Maintenance Logs (continued) LOG MESSAGE Starting Connectivity Monitor Time initialized by Daytime Server Time initialized by Time server Time initialized by NTP server Connect to Daytime server fail Connect to Time server fail Connect to NTP server fail Too large ICMP packet has been dropped Configuration Change: PC =...

  • Page 277: Table 114 Tcp Reset Logs

    Table 113 Access Control Logs (continued) LOG MESSAGE Triangle route packet forwarded: [TCP | UDP | IGMP | ESP | GRE | OSPF] Packet without a NAT table entry blocked: [TCP | UDP | IGMP | ESP | GRE | OSPF] Router sent blocked web site message: TCP Table 114 TCP Reset Logs...

  • Page 278: Table 116 Icmp Logs

    Chapter 20 Logs Table 116 ICMP Logs LOG MESSAGE Firewall default policy: ICMP <Packet Direction>, <type:%d>, <code:%d> Firewall rule [NOT] match: ICMP <Packet Direction>, <rule:%d>, <type:%d>, <code:%d> Triangle route packet forwarded: ICMP Packet without a NAT table entry blocked: ICMP Unsupported/out-of-order ICMP: ICMP Router reply ICMP packet: ICMP...

  • Page 279: Table 119 Upnp Logs

    Table 119 UPnP Logs LOG MESSAGE UPnP pass through Firewall Table 120 Content Filtering Logs LOG MESSAGE %s: Keyword blocking %s: Not in trusted web list %s: Forbidden Web site The web site is in the forbidden web site list. %s: Contains ActiveX %s: Contains Java applet...

  • Page 280: Table 121 Attack Logs

    Chapter 20 Logs Table 121 Attack Logs LOG MESSAGE attack [TCP | UDP | IGMP | ESP | GRE | OSPF] attack ICMP (type:%d, code:%d) land [TCP | UDP | IGMP | ESP | GRE | OSPF] land ICMP (type:%d, code:%d) ip spoofing - WAN [TCP | UDP | IGMP | ESP | GRE |...

  • Page 281: Table 123 Ike Logs

    Table 122 IPSec Logs (continued) LOG MESSAGE Rule <%d> idle time out, disconnect WAN IP changed to <IP> Table 123 IKE Logs LOG MESSAGE Active connection allowed exceeded Start Phase 2: Quick Mode Verifying Remote ID failed: Verifying Local ID failed: IKE Packet Retransmit Failed to send IKE Packet Too many errors! Deleting SA...
  • Page 282 Chapter 20 Logs Table 123 IKE Logs (continued) LOG MESSAGE Recv <packet> Recv <Main or Aggressive> Mode request from <IP> Send <Main or Aggressive> Mode request to <IP> Invalid IP <Peer local> / <Peer local> Remote IP <Remote IP> / <Remote IP>...
  • Page 283 Table 123 IKE Logs (continued) LOG MESSAGE Rule [%d] Phase 1 authentication method mismatch Rule [%d] Phase 1 key group mismatch Rule [%d] Phase 2 protocol mismatch Rule [%d] Phase 2 encryption algorithm mismatch Rule [%d] Phase 2 authentication algorithm mismatch Rule [%d] Phase 2 encapsulation mismatch...

  • Page 284: Table 124 Pki Logs

    Chapter 20 Logs Table 124 PKI Logs LOG MESSAGE Enrollment successful Enrollment failed Failed to resolve <SCEP CA server url> Enrollment successful Enrollment failed Failed to resolve <CMP CA server url> Rcvd ca cert: <subject name> Rcvd user cert: <subject name> Rcvd CRL <size>: <issuer name>...

  • Page 285: Table 125 Certificate Path Verification Failure Reason Codes

    Table 125 Certificate Path Verification Failure Reason Codes CODE DESCRIPTION Algorithm mismatch between the certificate and the search constraints. Key usage mismatch between the certificate and the search constraints. Certificate was not valid in the time interval. (Not used) Certificate is not valid. Certificate signature was not verified correctly.

  • Page 286: Table 127 Icmp Notes

    Chapter 20 Logs Table 127 ICMP Notes TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space...

  • Page 287: Table 128 Syslog Logs

    Table 128 Syslog Logs LOG MESSAGE <Facility*8 + Severity>Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" devID="<mac address last three numbers>" cat="<category> The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. Table 129 RFC-2408 ISAKMP Payload Types LOG DISPLAY PROP...
  • Page 288 Chapter 20 Logs P-660HWP-Dx User’s Guide...

  • Page 289: Tools

    H A P T E R This chapter describes how to upload new firmware, manage configuration and restart your P- 660HWP-Dx. 21.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "P-660HWP-Dx.bin".

  • Page 290: Figure 166 Firmware Upload In Progress

    Chapter 21 Tools Table 130 Firmware Upgrade (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.

  • Page 291: Configuration Screen

    Figure 168 Error Message 21.2 Configuration Screen Use this screen to manage your the configuration settings on your device. 21.2.1 Backup Configuration Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 169 Maintenance >...

  • Page 292: Restore Configuration

    Chapter 21 Tools LABEL DESCRIPTION Upload Restore your router to a previous configuration by uploading a previously saved configuration file from your computer. Reset to Factory Default Settings Reset Clear all settings entered by the user and return the router to its original factory- specified configuration.

  • Page 293: Back To Factory Defaults

    Figure 171 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default P-660HWP-Dx IP address (192.168.1.1). See the appendix for details on how to set up your computer’s IP address. If the upload was not successful, the following screen will appear.
  • Page 294 Chapter 21 Tools P-660HWP-Dx User’s Guide...

  • Page 295: Diagnostic

    H A P T E R These read-only screens display information to help you identify problems with the P- 660HWP-Dx. 22.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 174 Diagnostic: General The following table describes the fields in this screen. Table 133 Diagnostic: General LABEL DESCRIPTION...

  • Page 296: Dsl Line Diagnostic

    Chapter 22 Diagnostic 22.2 DSL Line Diagnostic Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 175 Diagnostic: DSL Line The following table describes the fields in this screen. Table 134 Diagnostic: DSL Line LABEL DESCRIPTION ATM Status Click this button to view ATM status.

  • Page 297: Troubleshooting

    H A P T E R This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • P-660HWP-Dx Access and Login • Internet Access •...

  • Page 298: P-660Hwp-Dx Access And Login

    Chapter 23 Troubleshooting 23.2 P-660HWP-Dx Access and Login I forgot the IP address for the P-660HWP-Dx. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the P-660HWP-Dx by looking up the IP address of the default gateway for your computer.

  • Page 299: Internet Access

    5 Reset the device to its factory defaults, and try to access the P-660HWP-Dx with the default IP address. See 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions •...
  • Page 300 Chapter 23 Troubleshooting 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and 2 If your ISP gave you Internet connection information, make sure you entered it correctly in the Network > WAN > Internet Connection screen. These fields are case-sensitive, so make sure [Caps Lock] is not on.

  • Page 301: Powerline Issues

    Advanced Suggestions • Check the settings for bandwidth management. If it is disabled, you might consider activating it. If it is enabled, you might consider changing the allocations. 23.4 Powerline Issues I cannot start my powerline device. 1 Check your power supply. Powerline adapters operate from the power supplied by your home wiring and cannot operate without a working power supply.
  • Page 302 Chapter 23 Troubleshooting 4 Avoid wiring that is old, low quality or with a long wiring path, as this may affect the quality of your powerline signal. P-660HWP-Dx User’s Guide...

  • Page 303: Appendices And Index

    Appendices and Index Product Specifications and Wall Mounting (305) Wireless LANs (311) Internal SPTGEN (325) Setting up Your Computer’s IP Address (341) IP Subnetting (357) Command Interpreter (365) Firewall Commands (369) Pop-up Windows, JavaScripts and Java Permissions (375) NetBIOS Filter Commands (381) Triangle Route (383) Legal Information (385) Customer Support (389)

  • Page 305: Product Specifications

    P P E N D I X Product Specifications and Wall Product Specifications The following tables summarize the P-660HWP-Dx’s hardware and firmware features.M4 Table 135 Hardware Specifications Dimensions (W x D x H) Power Specification Built-in Switch Operation Temperature Storage Temperature Operation Humidity Storage Humidity Distance between the...
  • Page 306 Appendix A Product Specifications and Wall Mounting Table 136 Firmware Specifications FEATURE Firmware Upgrade Configuration Backup & Restoration Network Address Translation (NAT) Port Forwarding DHCP (Dynamic Host Configuration Protocol) Dynamic DNS Support HomePlugAV IP Multicast IP Alias Time and Date Logging and Tracing PPPoE PPTP Encapsulation...

  • Page 307: Table 137 Wireless Firmware Specifications

    Table 136 Firmware Specifications FEATURE Content Filter Bandwidth Management Remote Management TR-069 Compliance Any IP Traffic Redirect Triple Play IP Policy Routing (IPPR) Table 137 Wireless Firmware Specifications FEATURE Wireless LAN WEP Encryption Wi-Fi Protected Access (WPA) WPA2 WPA2-PSK P-660HWP-Dx User’s Guide Appendix A Product Specifications and Wall Mounting DESCRIPTION The P-660HWP-Dx blocks or allows access to web sites that you specify...

  • Page 308: Table 138 Standards Supported

    Appendix A Product Specifications and Wall Mounting FEATURE Output Power Management Wireless LAN MAC Address Filtering The following list, which is not exhaustive, illustrates the standards supported in the P- 660HWP-Dx. Table 138 Standards Supported STANDARD RFC 867 RFC 868 RFC 1058 RFC 1112 RFC 1157...

  • Page 309: Wall Mounting Instructions

    Table 138 Standards Supported (continued) STANDARD IEEE 802.1x ANSI T1.413, Issue 2 G dmt(G.992.1) ITU G.992.1 (G.DMT) ITU G.992.3 (G.dmt.bis) ITU G.992.5 (ADSL2+) Microsoft PPTP MBM v2 RFC 2383 TR-069 1.363.5 Wall-mounting Instructions Complete the following steps to hang your P-660HWP-Dx on a wall. See the Hardware Specifications table for the size of screws to use and how far apart to place them.

  • Page 310: Figure 176 Wall-Mounting Example

    Appendix A Product Specifications and Wall Mounting Figure 176 Wall-mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 177 Masonry Plug and M4 Tap Screw P-660HWP-Dx User’s Guide...

  • Page 311: Wireless Lan Topologies

    P P E N D I X Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).

  • Page 312: Figure 179 Basic Service Set

    Appendix B Wireless LANs Figure 179 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.

  • Page 313: Figure 180 Infrastructure Wlan

    Figure 180 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.

  • Page 314: Fragmentation Threshold

    Appendix B Wireless LANs Figure 181 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.

  • Page 315: Preamble Type

    If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver.

  • Page 316: Table 140 Wireless Security Levels

    Appendix B Wireless LANs Wireless security methods available on the P-660HWP-Dx are data encryption, wireless client authentication, restricting access by device MAC address and hiding the P-660HWP-Dx identity. The following figure shows the relative effectiveness of these wireless security methods available on your P-660HWP-Dx.

  • Page 317: Types Of Eap Authentication

    Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
  • Page 318 Appendix B Wireless LANs For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.

  • Page 319: Dynamic Wep Key Exchange

    Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen.
  • Page 320 Appendix B Wireless LANs Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP.

  • Page 321: Wireless Client Wpa Supplicants

    Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built- in "Zero Configuration"...

  • Page 322: Security Parameters Summary

    Appendix B Wireless LANs 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them. Figure 183 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type.

  • Page 323: Antenna Characteristics

    Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b) or 5GHz(IEEE 802.11a) is needed to communicate efficiently in a wireless LAN. Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area.
  • Page 324 Appendix B Wireless LANs For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible.

  • Page 325: The Configuration Text File Format

    P P E N D I X This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple P-660HWP-Dxs.

  • Page 326: Internal Sptgen Ftp Download Example

    Appendix C Internal SPTGEN DO NOT alter or delete any field except parameters in the Input column. This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space.

  • Page 327: Figure 187 Internal Sptgen Ftp Download Example

    Figure 187 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) You can rename your “...

  • Page 328: Example Internal Sptgen Menus

    Appendix C Internal SPTGEN Example Internal SPTGEN Menus This section provides example Internal SPTGEN menus. Table 143 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number Field Name Parameter Values Allowed INPUT An example of what you may enter Applies to the P-660HWP-Dx.
  • Page 329 Table 145 Menu 3 / Menu 3.2 TCP/IP and DHCP Ethernet Setup 30200001 = DHCP 30200002 = Client IP Pool Starting Address 30200003 = Size of Client IP Pool 30200004 = Primary DNS Server 30200005 = Secondary DNS Server 30200006 = Remote DHCP Server 30200008 = IP Address...

  • Page 330: Table 146 Menu 4 Internet Access Setup

    Appendix C Internal SPTGEN Table 145 Menu 3 30201008 = IP Alias #1 Incoming protocol filters Set 3 30201009 = IP Alias #1 Incoming protocol filters Set 4 30201010 = IP Alias #1 Outgoing protocol filters Set 1 30201011 = IP Alias #1 Outgoing protocol filters Set 2 30201012 =...
  • Page 331 Table 146 Menu 4 Internet Access Setup (continued) 40000001 = 40000002 = Active 40000003 = ISP's Name 40000004 = Encapsulation 40000005 = Multiplexing 40000006 = VPI # 40000007 = VCI # 40000008 = Service Name 40000009 = My Login 40000010 = My Password 40000011 = Single User Account...

  • Page 332: Table 147 Menu 12

    Appendix C Internal SPTGEN Table 146 Menu 4 Internet Access Setup (continued) 40000031= RIP Direction 40000032= RIP Version 40000033= Nailed-up Connection Table 147 Menu 12 / Menu 12.1.1 IP Static Route Setup 120101001 = IP Static Route set #1, Name 120101002 = IP Static Route set #1, Active 120101003 =...
  • Page 333 Table 148 Menu 15 SUA Server Setup (continued) 150000004 = SUA Server #2 Port Start 150000005 = SUA Server #2 Port End 150000006 = SUA Server #2 Local IP address 150000007 = SUA Server #3 Active 150000008 = SUA Server #3 Protocol 150000009 = SUA Server #3 Port Start 150000010 =...

  • Page 334: Table 149 Menu 21.1 Filter Set #1

    Appendix C Internal SPTGEN Table 148 Menu 15 SUA Server Setup (continued) 150000038 = SUA Server #9 Protocol 150000039 = SUA Server #9 Port Start 150000040 = SUA Server #9 Port End 150000041 = SUA Server #9 Local IP address 150000042 = SUA Server #10 Active 150000043 =...

  • Page 335: Table 150 Menu 21.1 Filter Set #2

    Table 149 Menu 21.1 Filter Set #1 (continued) 210101009 = IP Filter Set 1,Rule 1 Src Subnet Mask 210101010 = IP Filter Set 1,Rule 1 Src Port 210101011 = IP Filter Set 1,Rule 1 Src Port Comp 210101013 = IP Filter Set 1,Rule 1 Act Match 210101014 = IP Filter Set 1,Rule 1 Act Not Match / Menu 21.1.1.2 set #1, rule #2...
  • Page 336 Appendix C Internal SPTGEN Table 150 Menu 21.1 Filter Set #2 (continued) 210201001 = IP Filter Set 2, Rule 1 Type 210201002 = IP Filter Set 2, Rule 1 Active 210201003 = IP Filter Set 2, Rule 1 Protocol 210201004 = IP Filter Set 2, Rule 1 Dest IP address 210201005 =...

  • Page 337: Table 151 Menu 23 System Menus

    Table 150 Menu 21.1 Filter Set #2 (continued) 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask 210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port Comp 210202013 = IP Filter Set 2, Rule 2 Act Match 210202014 = IP Filter Set 2, Rule 2 Act Not...

  • Page 338: Table 152 Menu 24.11 Remote Management Control

    Appendix C Internal SPTGEN Table 151 Menu 23 System Menus (continued) 230400002 = ReAuthentication Timer (in second) 230400003 = Idle Timeout (in second) 230400004 = Authentication Databases 230400005 = Key Management Protocol 230400006 = Dynamic WEP Key Exchange 230400007 = 230400008 = WPA Mixed Mode 230400009 =...

  • Page 339: Table 153 Command Examples

    Command Examples The following are example Internal SPTGEN screens associated with the P-660HWP-Dx’s command interpreter commands. Table 153 Command Examples /ci command (for annex a): wan adsl opencmd 990000001 = ADSL OPMD /ci command (for annex B): wan adsl opencmd 990000001 = ADSL OPMD P-660HWP-Dx User’s Guide...
  • Page 340 Appendix C Internal SPTGEN P-660HWP-Dx User’s Guide...

  • Page 341: Appendix D Setting Up Your Computer's Ip Address

    P P E N D I X Setting up Your Computer’s IP All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.

  • Page 342: Installing Components

    Appendix D Setting up Your Computer’s IP Address Figure 189 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.

  • Page 343: Figure 190 Windows 95/98/Me: Tcp/Ip Properties: Ip Address

    Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.

  • Page 344: Verifying Settings

    Appendix D Setting up Your Computer’s IP Address Figure 191 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.

  • Page 345: Figure 192 Windows Xp: Start Menu

    Figure 192 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 193 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-660HWP-Dx User’s Guide Appendix D Setting up Your Computer’s IP Address...

  • Page 346: Figure 194 Windows Xp: Control Panel: Network Connections: Properties

    Appendix D Setting up Your Computer’s IP Address Figure 194 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 195 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).

  • Page 347: Figure 196 Windows Xp: Internet Protocol (Tcp/Ip) Properties

    Figure 196 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...

  • Page 348: Figure 197 Windows Xp: Advanced Tcp/Ip Properties

    Appendix D Setting up Your Computer’s IP Address Figure 197 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).

  • Page 349: Figure 198 Windows Xp: Internet Protocol (Tcp/Ip) Properties

    Figure 198 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).

  • Page 350: Figure 199 Macintosh Os 8/9: Apple Menu

    Appendix D Setting up Your Computer’s IP Address Figure 199 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 200 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: •...

  • Page 351: Macintosh Os X

    • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your P-660HWP-Dx in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your P-660HWP-Dx and restart your computer (if prompted).

  • Page 352: Figure 202 Macintosh Os X: Network

    Appendix D Setting up Your Computer’s IP Address Figure 202 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...

  • Page 353: Using The K Desktop Environment (Kde)

    Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.

  • Page 354: Using Configuration Files

    Appendix D Setting up Your Computer’s IP Address • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.

  • Page 355: Figure 207 Red Hat 9.0: Dynamic Ip Address Setting In Ifconfig-Eth0

    Figure 207 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter = followed by the IP address (in dotted decimal notation) and type IPADDR followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.

  • Page 356: Figure 211 Red Hat 9.0: Checking Tcp/Ip Properties

    Appendix D Setting up Your Computer’s IP Address Verifying Settings Enter in a terminal screen to check your TCP/IP properties. ifconfig Figure 211 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet inet addr:172.23.19.129 UP BROADCAST RUNNING MULTICAST RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100...

  • Page 357: Introduction To Ip Addresses

    P P E N D I X This appendix introduces addresses, IP address classes and subnet masks. Introduction to IP Addresses An IP address is made up of four octets, written in dotted decimal notation (for example, 192.168.1.1). An octet is an 8-digit binary number. Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 256 in decimal.

  • Page 358: Subnet Masks

    Appendix E IP Subnetting IP Address Classes and Network ID The value of the first octet of an IP address determines the class of an address. • Class A addresses have a 0 in the leftmost bit. • Class B addresses have a 1 in the leftmost bit and a 0 in the next leftmost bit. •...

  • Page 359: Table 157 Alternative Subnet Mask Notation

    By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.

  • Page 360: Table 159 Subnet 1

    Appendix E IP Subnetting In the following charts, shaded/bolded last octet bit values indicate host ID bits “borrowed” to make network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of host ID bits (after “borrowing”) determines the number of hosts you can have on each subnet.

  • Page 361: Example: Four Subnets

    Example: Four Subnets The above example illustrated using a 25-bit subnet mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192.

  • Page 362: Subnetting With Class A And Class B Networks

    Appendix E IP Subnetting Example Eight Subnets Similarly use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows class C IP address last octet values for each subnet. Table 165 Eight Subnets SUBNET SUBNET ADDRESS...
  • Page 363 Table 167 Class B Subnet Planning (continued) NO. “BORROWED” HOST BITS P-660HWP-Dx User’s Guide SUBNET MASK NO. SUBNETS 255.255.240.0 (/20) 255.255.248.0 (/21) 255.255.252.0 (/22) 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25) 255.255.255.192 (/26) 1024 255.255.255.224 (/27) 2048 255.255.255.240 (/28) 4096 255.255.255.248 (/29) 8192 255.255.255.252 (/30) 16384...
  • Page 364 Appendix E IP Subnetting P-660HWP-Dx User’s Guide...

  • Page 365: Accessing The Cli

    P P E N D I X The following describes how to use the command interpreter. You can telnet to access the CLI (Command Line Interface) on the P-660HWP-Dx. See the included disk or zyxel.com for more detailed information on these commands. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.

  • Page 366: Displaying Logs

    1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the P-660HWP-Dx is to record. 2 Use sys logs category to view a list of the log categories. Figure 212 Displaying Log Categories Example Copyright (c) 1994 - 2006 ZyXEL Communications Corp. ras>? Valid commands are: certificates ras>...

  • Page 367: Log Command Example

    • Use the sys logs display [log category] command to show the logs in an individual P- 660HWP-Dx log category. • Use the sys logs clear command to erase all of the P-660HWP-Dx’s logs. Log Command Example This example shows how to set the P-660HWP-Dx to record the access logs and alerts and then view the results.
  • Page 368 Appendix F Command Interpreter P-660HWP-Dx User’s Guide...

  • Page 369: Appendix G Firewall Commands

    P P E N D I X The following describes the firewall commands. Table 168 Firewall Commands FUNCTION COMMAND Firewall SetUp config edit firewall active <yes | no> config retrieve firewall config save firewall Display config display firewall config display firewall set <set #>...
  • Page 370 Appendix G Firewall Commands Table 168 Firewall Commands (continued) FUNCTION COMMAND Edit E-mail config edit firewall e-mail mail-server <ip address of mail server> config edit firewall e-mail return-addr <e-mail address> config edit firewall e-mail email-to <e-mail address> config edit firewall e-mail policy <full | hourly | daily | weekly>...
  • Page 371 Table 168 Firewall Commands (continued) FUNCTION COMMAND config edit firewall attack minute-high <0-255> config edit firewall attack minute-low <0-255> config edit firewall attack max-incomplete-high <0-255> config edit firewall attack max-incomplete-low <0-255> config edit firewall attack tcp-max-incomplete <0-255> Sets config edit firewall set <set #>...
  • Page 372 Appendix G Firewall Commands Table 168 Firewall Commands (continued) FUNCTION COMMAND Config edit firewall set <set #> tcp-idle-timeout <seconds> Config edit firewall set <set #> log <yes | no> Rules Config edit firewall set <set #> rule <rule #> permit <forward | block>...
  • Page 373 Table 168 Firewall Commands (continued) FUNCTION COMMAND config edit firewall set <set #> rule <rule #> destaddr- single <ip address> config edit firewall set <set #> rule <rule #> destaddr- subnet <ip address> <subnet mask> config edit firewall set <set #>...
  • Page 374 Appendix G Firewall Commands Table 168 Firewall Commands (continued) FUNCTION COMMAND config delete firewall set <set #> rule<rule #> DESCRIPTION This command removes the specified rule in a firewall configuration set. P-660HWP-Dx User’s Guide...

  • Page 375: Internet Explorer Pop-Up Blockers

    P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.

  • Page 376: Figure 215 Internet Options: Privacy

    Appendix H Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 215 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.

  • Page 377: Figure 216 Internet Options: Privacy

    Figure 216 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 217 Pop-up Blocker Settings P-660HWP-Dx User’s Guide Appendix H Pop-up Windows, JavaScripts and Java Permissions...

  • Page 378: Figure 218 Internet Options: Security

    Appendix H Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.

  • Page 379: Java Permissions

    Figure 219 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.

  • Page 380: Figure 221 Java (Sun)

    Appendix H Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 221 Java (Sun) P-660HWP-Dx User’s Guide...

  • Page 381: Display Netbios Filter Settings

    P P E N D I X NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.

  • Page 382: Netbios Filter Configuration

    Appendix I NetBIOS Filter Commands The filter types and their default settings are as follows. Table 169 NetBIOS Filter Default Settings NAME DESCRIPTION Between LAN This field displays whether NetBIOS packets are blocked or forwarded and WAN between the LAN and the WAN. IPSec Packets This field displays whether NetBIOS packets sent through a VPN connection are blocked or forwarded.

  • Page 383: The Ideal Setup

    P P E N D I X The Ideal Setup When the firewall is on, your P-660HWP-Dx acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the P-660HWP-Dx to protect your LAN against attacks.

  • Page 384: Figure 223 "Triangle Route" Problem

    Appendix J Triangle Route Figure 223 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.

  • Page 385: Appendix K Legal Information

    ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.

  • Page 386: Fcc Radiation Exposure Statement

    Appendix K Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.

  • Page 387: Zyxel Limited Warranty

    ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating...
  • Page 388 Appendix K Legal Information P-660HWP-Dx User’s Guide...

  • Page 389: Appendix L Customer Support

    • Sales E-mail: sales@zyxel.com.tw • Telephone: +886-3-578-3942 • Fax: +886-3-578-2439 • Web: www.zyxel.com, www.europe.zyxel.com • FTP: ftp.zyxel.com, ftp.europe.zyxel.com • Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, Taiwan Costa Rica • Support E-mail: soporte@zyxel.co.cr • Sales E-mail: sales@zyxel.co.cr •...
  • Page 390 Appendix L Customer Support • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk • Telephone: +45-39-55-07-00 • Fax: +45-39-55-07-07 • Web: www.zyxel.dk • Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark Finland •...
  • Page 391 India • Support E-mail: support@zyxel.in • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan •...
  • Page 392 Appendix L Customer Support • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no • Telephone: +47-22-80-61-80 • Fax: +47-22-80-61-81 • Web: www.zyxel.no • Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway Poland •...
  • Page 393 • Telephone: +44-1344-303044, 08707-555779 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • FTP: ftp.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) P-660HWP-Dx User’s Guide Appendix L Customer Support...
  • Page 394 Appendix L Customer Support P-660HWP-Dx User’s Guide...

  • Page 395: Index

    AAL5 access point see AP address assignment Address Resolution Protocol see ARP ADSL standards ADSL line reinitialize ADSL standards Advanced Encryption Standard See AES. alerts alternative subnet mask notation antenna directional gain omni-directional antenna gain Any IP 103, 307 how it works note Any IP Setup AP (access point)
  • Page 396 Index upload configuration text file connection failure contact information content filtering categories schedule trusted computers URL keyword blocking Continuous Bit Rate see CBR copyright CTS (Clear to Send) custom ports creating / editing customer support customized services date and time settings default default LAN IP address default settings...
  • Page 397 alerts anti-probing commands creating/editing rules custom ports enabling firewall vs filters guidelines for enhancing security introduction LAN to WAN rules policies rule checklist rule configuration key fields rule logic rule security ramifications services types when to use firmware 35, 289 upgrade upload upload error...
  • Page 398 Index action MAC address filtering MAC filter maintenance Management Information Base see MIB management server managing the device good habits using FTP. See FTP. using Telnet. See command interface. using the command interface. See command interface. maximize bandwidth usage Maximum Burst Size see MBS max-incomplete high max-incomplete low...
  • Page 399 quick start guide RADIUS message types messages shared secret key RADIUS server reboot registration product related documentation remote management and NAT remote management limitations reset reset button resetting the ZyXEL device restart 289, 293 restore configuration restore settings RFC 1483 RFC 1631 RFC-1483 RFC-2364...
  • Page 400 Index system errors system name 265, 266 System Parameter Table Generator see SPTGEN system restart system timeout TCP maximum incomplete TCP security TCP/IP 159, 160, 341 TCP/IP address teardrop Telnet 73, 241 temperature Temporal Key Integrity Protocol (TKIP) TFTP restrictions three-way handshake threshold values time and date settings...
  • Page 401 wireless networks channel encryption MAC address filter security SSID wireless security 112, 315 wizard icon WLAN interference security parameters world wide web key caching pre-authentication user authentication vs WPA-PSK wireless client supplicant with RADIUS application example WPA compatibility WPA2 user authentication vs WPA2-PSK wireless client supplicant with RADIUS application example...
  • Page 402 Index P-660HWP-Dx User’s Guide...

This manual is also suitable for:

P-660hwp-dx - v3.40P-660hwp-d1P-660hwp-d3P-660hwp-dx

Table of Contents