About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Page 4
In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/ web/contact_us.php for contact information.
Syntax Conventions • The P-660HN-51 may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 6
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch P-660HN-51 User’s Guide...
Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. •...
Introduction ..........................21 1.1 Overview ..........................21 1.2 Ways to Manage the ZyXEL Device ..................21 1.3 Good Habits for Managing the ZyXEL Device ..............22 1.4 Applications for the ZyXEL Device ..................22 1.4.1 Internet Access ......................22 1.5 Wireless Access ........................23 1.5.1 Using the WLAN/WPS Button ..................
Page 12
4.4 Setting Up Multiple Wireless Groups ................... 52 4.5 Configuring Static Route for Routing to Another Network ........... 55 4.6 Access the ZyXEL Device Using DDNS ................58 4.6.1 Registering a DDNS Account on www.dyndns.org ............ 58 4.6.2 Configuring DDNS on Your ZyXEL Device ..............59 4.6.3 Testing the DDNS Setting ..................
Page 13
7.5 Installing UPnP in Windows Example ................120 7.6 Using UPnP in Windows XP Example ................123 7.7 Technical Reference ......................128 7.7.1 LANs, WANs and the ZyXEL Device ................ 129 7.7.2 DHCP Setup ......................129 7.7.3 DNS Server Addresses .................... 129 7.7.4 LAN TCP/IP ......................
Page 14
Table of Contents 8.1.1 What You Can Do in this Chapter ................133 8.1.2 What You Need To Know ..................133 8.2 The Port Forwarding Screen .................... 134 8.2.1 Add/Edit Port Forwarding ..................136 8.3 The Applications Screen ....................137 8.3.1 Add New Application ....................
Page 15
Table of Contents 12.3 The Local Certificates Screen ..................166 12.3.1 Create Certificate Request ..................167 12.3.2 Import Certificate ....................168 12.3.3 Certificate Details ....................170 12.4 The Trusted CA Screen ....................172 12.4.1 View Trusted CA Certificate ................... 173 12.4.2 Import Trusted CA Certificate .................
Page 16
Table of Contents 16.1.1 What You Can Do in this Chapter ................206 16.1.2 What You Need To Know ..................207 16.2 The DNS Entry Screen ....................207 16.2.1 Add/Edit DNS Entry ....................208 16.3 The Dynamic DNS Screen ....................208 Chapter 17 Quality of Service (QoS).......................
Page 17
Table of Contents Chapter 22 Logs ............................245 22.1 Overview .......................... 245 22.1.1 What You Can Do in this Chapter ................245 22.1.2 What You Need To Know ..................245 22.2 The System Log Screen ....................246 22.3 The Security Log Screen ....................248 Chapter 23 Introduction to the ARP Table .....................
Page 18
29.3 The OAM Ping Test Screen ..................... 272 Chapter 30 Troubleshooting........................275 30.1 Power, Hardware Connections, and LEDs ..............275 30.2 ZyXEL Device Access and Login ..................276 30.3 Internet Access ........................ 278 30.4 Wireless Internet Access ....................279 Chapter 31 Product Specifications ......................
1.2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.
Chapter 1 Introduction 1.3 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
Chapter 1 Introduction You can also configure firewall and filtering feature on the ZyXEL Device for secure Internet access. When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files.
Page 24
Press the WLAN/WPS button for five to ten seconds and release it. Press the WPS button on another WPS-enabled device within range of the ZyXEL Device. The WPS/WLAN LED should flash while the ZyXEL Device sets up a WPS connection with the other wireless device.
Chapter 1 Introduction 1.6 LEDs (Lights) The following graphic displays the labels of the LEDs. Figure 3 LEDs None of the LEDs are on if the ZyXEL Device is not receiving power. Table 1 LED Descriptions COLOR STATUS DESCRIPTION POWER Green The ZyXEL Device is receiving power and ready for use.
The DSL line is down. INTERNET Green The ZyXEL Device has an IP connection but no traffic. Your device has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up.
Internet Explorer. 2.1.1 Accessing the Web Configurator Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). Launch your web browser. Type "192.168.1.1" as the URL.
Page 28
Login. For security reasons, you will be temporarily denied access to the ZyXEL Device for a period of time (15 minutes by default) if you have entered the incorrect username and password for a certain number of times (three times by default).
The Network Map page appears. Figure 6 Network Map Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for ten minutes (default). If this happens, log in again. Click Status to display the Status screen, where you can view the ZyXEL Device’s interface and system information.
Chapter 3 on page 37 for more information about the Status screen. 2.2.3 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL Device features. The following tables describe each menu item.2 Table 2 Navigation Panel Summary...
Page 31
Use this screen to configure the wireless LAN settings and WLAN authentication/security settings. More AP Use this screen to configure multiple BSSs on the ZyXEL Device. Use this screen to block or allow wireless traffic from wireless Authentication devices of certain SSIDs and MAC addresses to the ZyXEL Device.
Page 32
Use this screen to block web sites with the specific URL. Control Control Advanced Routing Routing Use this screen to view and set up static routes on the ZyXEL Device. DNS Setting DNS Entry Use this screen to view and configure DNS entries. Dynamic DNS Use this screen to allow a static hostname alias for a dynamic IP address.
Page 33
Chapter 2 The Web Configurator Table 2 Navigation Panel Summary (continued) LINK FUNCTION Diagnostic Ping & Use this screen to identify problems with the DSL connection. You TraceRoute & can use Ping, TraceRoute, or Nslookup to help you identify NsLookup problems.
Page 34
Chapter 2 The Web Configurator P-660HN-51 User’s Guide...
After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the ZyXEL Device and clients connected to You can use the Status screen to look at the current status of the ZyXEL Device, system resources, and interfaces (LAN, WAN, and WLAN).
Page 36
Chapter 3 Network Map and Status Screens If you prefer to view the status in a list, click List View in the Viewing Mode selection box. You can configure how often you want the ZyXEL Device to update this screen in Refresh Interval.
Chapter 3 Network Map and Status Screens 3.3 The Status Screen Use this screen to view the status of the ZyXEL Device. Click Network Map > Status to open this screen. Figure 10 Status Screen Each field is described in the following table.
Page 38
This field displays what DHCP services the ZyXEL Device is providing to the LAN. Choices are: Server - The ZyXEL Device is a DHCP server in the LAN. It assigns IP addresses to other computers in the LAN. Relay - The ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients.
Page 39
This field displays how long the ZyXEL Device has been running since it Time last started up. The ZyXEL Device starts up when you plug it in, when you restart it (Maintenance > Reboot), or when you reset it. Current This field displays the current date and time in the ZyXEL Device.
Page 40
Chapter 3 Network Map and Status Screens P-660HN-51 User’s Guide...
Configurator. If you connect to the Internet through a DSL connection, use the information from your Internet Service Provider (ISP) to configure the ZyXEL Device. Be sure to contact your service provider for any information you need to configure the Broadband screens.
Page 42
Chapter 4 Tutorials General Connection Name MyDSLConnection Connection Mode Routing Encapsulation PPPoE ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode LLC/SNAP-Bridging Service Category UBR without PCR Account Information PPP User Name 1234@DSL-Ex.com PPP Password ABCDEF! PPPoE Service Name My DSL Static IP Address 192.168.1.32 Others PPPoE Passthrough: Disabled...
Page 43
Chapter 4 Tutorials Click Apply to save your settings. You should see a summary of your new DSL connection setup in the Broadband screen as follows. P-660HN-51 User’s Guide...
Chapter 4 Tutorials Try to connect to a website, such as zyxel.com to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens.
Page 45
Go to the Wireless > Others screen and select 802.11b/g/n Mixed in the 802.11 Mode field. Click Apply. You can now use the WPS feature to establish a wireless connection between your notebook and the ZyXEL Device (see Section 4.3.2 on page 46). You can also use...
4.3.2 Using WPS This section shows you how to set up a wireless network using WPS. It uses the ZyXEL Device as the AP and ZyXEL NWD210N as the wireless client which connects to the notebook. f your wireless devices display the WPS logo, you can use Wi-Fi Protected Setup (WPS) to add wireless devices to your wireless network.
Page 47
In the wireless client utility, go to the WPS setting page. Enable WPS and press the WPS button (Start or WPS button). Push and hold the WPS button located on the ZyXEL Device’s front panel for 5 to 10 seconds. The WLAN/WPS LED starts blinking orange. Alternatively, you can log into ZyXEL Device’s web configurator and go to the Network Settings >...
Chapter 4 Tutorials The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both ZyXEL Device and wireless client. Example WPS Process: PBC Method ZyXEL Device Wireless Client...
Page 49
Chapter 4 Tutorials Method 2: Register Wireless Client’s PIN Number When you use the PIN configuration method, you need to use both the ZyXEL Device’s web configurator and the wireless client’s utility. Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get the wireless client’s PIN number.
Page 50
Chapter 4 Tutorials The following figure shows you how to set up a wireless network and its security on a ZyXEL Device and a wireless client by using PIN method. Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES...
Chapter 4 Tutorials Copy the PIN number of the ZyXEL Device shown in step 2 of Method 3 . You can click on the Generate New PIN Number button if you want the ZyXEL Device to auto-generate a new PIN number.
Chapter 4 Tutorials 4.4 Setting Up Multiple Wireless Groups You want to create different wireless network groups for different types of users in your company as shown in the following figure. Each group has its own SSID and security mode. Company Guest •...
Page 53
Chapter 4 Tutorials Click Network Settings > Wireless to open the General screen. Use this screen to set up the company’s general wireless network group. Configure the screen using the provided parameters and click Apply. Click Network Settings > Wireless > More AP to open the following screen. Click the Edit icon to configure the second wireless network group.
Page 54
Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. In the More AP screen, click the Edit icon to configure the third wireless network group. P-660HN-51 User’s Guide...
In order to extend your Intranet and control traffic flowing directions, you may connect a router to the ZyXEL Device’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings.
Page 56
In this case, B will never receive the traffic. You need to specify a static routing rule on the ZyXEL Device to specify R as the router in charge of forwarding traffic to N2. In this case, the ZyXEL Device routes traffic from A to R and then R routes the traffic to B.
Page 57
192.168.10.2 192.168.10.33 To configure a static route to route traffic from N1 to N2: Log into the ZyXEL Device’s Web Configurator in advanced mode. Click Advanced > Routing. Click Add New Static Route Entry in the Static Route screen. Configure the Static Route Setup screen using the following settings: Select the Active check box.
B’s firewall settings to allow specific traffic to pass through. 4.6 Access the ZyXEL Device Using DDNS If you connect your ZyXEL Device to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The ZyXEL Device’s WAN IP address changes dynamically.
Chapter 4 Tutorials • IP Address: Enter the WAN IP address that your ZyXEL Device is currently using. You can find the IP address on the ZyXEL Device’s Web Configurator Status page. Then you will need to configure the same account and host name on the ZyXEL Device later.
5.1 Overview This chapter describes how to configure WAN settings from the Broadband screen. Use this screen to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Chapter 5 Broadband WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the ZyXEL Device tries to access the Internet.
ATM QoS This is the type of ATM QoS of the connection. IGMP Proxy This shows whether the ZyXEL Device act as an IGMP proxy on this connection. This shows whether NAT is activated or not for this connection. Default Gateway This shows whether the ZyXEL Device use the WAN interface of this connection as the system default gateway.
Chapter 5 Broadband 5.2.1 Add/Edit Broadband Click Add new WAN interface in the Broadband screen or the Edit icon next to an existing WAN interface to configure a WAN connection. The screen differs according to the mode and encapsulation you choose. This screen displays when you select the Routing mode and PPPoE encapsulation.
Page 67
Chapter 5 Broadband Figure 13 Broadband: Add/Edit: Routing Mode The following table describes the labels in this screen. Table 6 Broadband: Add/Edit: Routing Mode LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. Name Specify a descriptive name of up to 15 alphanumeric characters for this connection.
Page 68
• VC/MUX: In VC multiplexing, each protocol is carried on a single ATM virtual circuit (VC). To transport multiple protocols, the ZyXEL Device needs separate VCs. There is a binding between a VC and the type of the network protocol carried on the VC. This reduces payload overhead since there is no need to carry protocol information in each Protocol Data Unit (PDU) payload.
Page 69
PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the ZyXEL Device. Each host can have a separate account and a public WAN IP address.
Page 70
Multicast group - it is not used to carry user data. Select this option to have the ZyXEL Device act as an IGMP proxy on this connection. This allows the ZyXEL Device to get subscribing information and maintain a joined member list for each multicast group.
Page 71
• VC/MUX: In VC multiplexing, each protocol is carried on a single ATM virtual circuit (VC). To transport multiple protocols, the ZyXEL Device needs separate VCs. There is a binding between a VC and the type of the network protocol carried on the VC. This reduces payload overhead since there is no need to carry protocol information in each Protocol Data Unit (PDU) payload.
Page 72
Type the MBS, which is less than 65535. This field is available only when you select Non Realtime VBR or Realtime VBR. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to exit this screen without saving. P-660HN-51 User’s Guide...
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Chapter 5 Broadband 5.3.2 Multiplexing There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the multiplexing method required by your ISP. VC-based Multiplexing In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit;...
Chapter 5 Broadband 5.3.5 NAT NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Chapter 5 Broadband 5.4.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
• Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 6.2 on page 78). • Use the More AP screen to set up multiple wireless networks on your ZyXEL Device (Section 6.3 on page 86).
Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the ZyXEL Device from a computer connected to the wireless LAN and you change the ZyXEL Device’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Page 79
Channel Set the channel depending on your particular region. Select a channel or use Auto to have the ZyXEL Device automatically determine a channel to use. If you are having problems with wireless interference, changing the channel may help. Try to use a channel that is as many channels away from any channels used by neighboring APs as possible.
Page 80
Table 8 Network Settings > Wireless > General (continued) LABEL DESCRIPTION Bandwidth Select whether the ZyXEL Device uses a wireless channel width of 20MHz or 40MHz. A standard 20MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300 Mbps.
Select No Security to allow wireless stations to communicate with the access points without any data encryption or authentication. Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range.
Page 82
Click more... to show more fields in this section. Click less to hide them. Password The password (WEP keys) are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same password (WEP key) for data transmission.
6.2.3 More Secure (WPA(2)-PSK) The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the ZyXEL Device and the connecting client share a common password in order to validate the connection.
This field appears when you choose WPA-PSK2 as the Security Mode. Compatible Check this field to allow wireless devices using WPA-PSK security mode to connect to your ZyXEL Device. The ZyXEL Device supports WPA-PSK and WPA2-PSK simultaneously. Encryption Select the encryption type (TKIP, AES or TKIP+AES) for data encryption.
Page 85
Click more... to show more fields in this section. Click less to hide them. WPA Compatible This field is only available for WPA2. Select this if you want the ZyXEL Device to support WPA and WPA2 simultaneously. P-660HN-51 User’s Guide...
6.3 The More AP Screen This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the ZyXEL Device. Click Network Settings > Wireless > More AP. The following screen displays. Figure 21 Network Settings > Wireless > More AP The following table describes the labels in this screen.
LABEL DESCRIPTION SSID An SSID profile is the set of parameters relating to one of the ZyXEL Device’s BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated. This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
Click Cancel to exit this screen without saving. 6.4 MAC Authentication This screen allows you to configure the ZyXEL Device to give exclusive access to specific devices (Allow) or exclude specific devices from accessing the ZyXEL Device (Deny). Every Ethernet device has a unique MAC (Media Access Control) address.
Page 89
Chapter 6 Wireless Use this screen to view your ZyXEL Device’s MAC filter settings and add new MAC filter rules. Click Wireless > MAC Authentication. The screen appears as shown. Figure 23 Wireless > MAC Authentication The following table describes the labels in this screen.
Chapter 6 Wireless 6.5 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your ZyXEL Device. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices.
Connect Click this button to add another WPS-enabled wireless device (within wireless range of the ZyXEL Device) to your wireless network. This button may either be a physical button on the outside of device, or a menu button similar to the Connect button on this screen.
Note: WDS security is independent of the security settings between the ZyXEL Device and any wireless clients. Note: At the time of writing, WDS is compatible with other ZyXEL APs only. Not all models support WDS links. Check your other AP’s documentation.
Page 93
Wireless Bridge Setup AP Mode Select the operating mode for your ZyXEL Device. • Access Point - The ZyXEL Device functions as a bridge and access point simultaneously. • Wireless Bridge - The ZyXEL Device acts as a wireless network bridge and establishes wireless links with other APs.
Click Cancel to restore your previously saved settings. 6.7.1 WDS Scan You can click the Scan icon in Wireless > WDS to have the ZyXEL Device automatically search and display the available APs within range. Select an AP and click Apply to have the ZyXEL Device establish a wireless link with the selected wireless device.
Device scans for the best channel. Enter 0 to disable the periodical scan. Output Power Set the output power of the ZyXEL Device. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs.
Select 802.11b/g/n Mixed to allow IEEE 802.11b, IEEE 802.11g or IEEE802.11n compliant WLAN devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL Device might be reduced. 802.11 Enabling this feature can help prevent collisions in mixed-mode networks Protection (networks with both IEEE 802.11b and IEEE 802.11g traffic).
Page 97
The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your ZyXEL Device is the AP. Every wireless network must follow these basic guidelines.
By setting this value lower than the default value, the wireless devices must sometimes get permission to send information to the ZyXEL Device. The lower the value, the more often the devices must get permission. If this value is greater than the fragmentation threshold value (see below), then wireless devices never have to get permission to send information to the ZyXEL Device.
Chapter 6 Wireless 6.9.3 Wireless Security Overview By their nature, radio communications are simple to intercept. For wireless data networks, this means that anyone within range of a wireless network without security can not only read the data passing over the airwaves, but also join the network.
Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the ZyXEL Device does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess.
Page 101
Usually, you should set up the strongest encryption that every device in the wireless network supports. For example, suppose you have a wireless network with the ZyXEL Device and you do not have a RADIUS server. Therefore, there is no authentication. Suppose the wireless network has two devices. Device A only supports WEP, and device B supports WEP and WPA.
Chapter 6 Wireless Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. 6.9.4 Signal Problems Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption.
Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The ZyXEL Device’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously.
APs you want to link to. Once the security settings of peer sides match one another, the connection between devices is made. At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details.
Section 6.6 on page 91). Press the button on one of the devices (it doesn’t matter which). For the ZyXEL Device you must press the WPS button for more than three seconds. Within two minutes, press the button on the other device. The registrar sends the network name (SSID) and security key through an secure connection to the enrollee.
Page 106
Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the ZyXEL Device, see Section 6.5 on page 90).
Chapter 6 Wireless The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. Figure 32 Example WPS Process: PIN Method ENROLLEE REGISTRAR This device’s WPS PIN: 123456 Enter WPS PIN from other device: START START...
Page 108
Chapter 6 Wireless The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. Figure 33 How WPS works ACTIVATE ACTIVATE WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes).
Page 109
Chapter 6 Wireless 6.9.8.4 Example WPS Network Setup This section shows how security settings are distributed in an example WPS setup. The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee.
Chapter 6 Wireless point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. Figure 36 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 REGISTRAR CLIENT 2 ENROLLEE 6.9.8.5 Limitations of WPS WPS has some limitations of which you should be aware.
Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it, otherwise the ZyXEL Device uses long preamble. Note: The wireless devices MUST use the same preamble mode in order to communicate.
• Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses (Section 7.3 on page 118). • Use the UPnP screen to enable UPnP on the ZyXEL Device (Section 7.4 on page 119). P-660HN-51 User’s Guide...
You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your ZyXEL Device an IP address, subnet mask, DNS and other routing information when it's turned on.
All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0.
7.2 The LAN Setup Screen Use this screen to set the Local Area Network IP address and subnet mask of your ZyXEL Device. Click Network Settings > Home Networking to open the LAN Setup screen. Follow these steps to configure your LAN settings.
Page 117
DESCRIPTION LAN IP Setup IP Address Enter the LAN IP address you want to assign to your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
00:A0:C5:00:00:02. Use this screen to change your ZyXEL Device’s static DHCP settings. Click Network Settings > Home Networking > Static DHCP to open the following screen.
Chapter 7 Home Networking If you click Add new static lease in the Static DHCP screen or the Edit icon next to a static DHCP entry, the following screen displays. Figure 39 Static DHCP: Add/Edit The following table describes the labels in this screen. Table 25 Static DHCP: Add/Edit LABEL DESCRIPTION...
Chapter 7 Home Networking Use the following screen to configure the UPnP settings on your ZyXEL Device. Click Network Settings > Home Networking > UPnP to display the screen shown next. Figure 40 Network Settings > Home Networking > UPnP The following table describes the labels in this screen.
Page 121
Chapter 7 Home Networking Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication In the Communications window, select the Universal Plug and Play check box in the Components selection box. Add/Remove Programs: Windows Setup: Communication: Components P-660HN-51 User’s Guide...
Page 122
Chapter 7 Home Networking Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections.
UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network Device Click Start and Control Panel.
Page 124
Chapter 7 Home Networking Right-click the icon and select Properties. Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties P-660HN-51 User’s Guide...
Page 125
Chapter 7 Home Networking You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Page 126
Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.
Page 127
Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Network Connections: My Network Places P-660HN-51 User’s Guide...
Chapter 7 Home Networking Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Network Connections: My Network Places: Properties: Example 7.7 Technical Reference This section provides some technical background information about the topics covered in this chapter.
TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.
IP addresses in the DHCP Setup screen. 7.7.4 LAN TCP/IP The ZyXEL Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.
Page 131
Chapter 7 Home Networking The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise.
Page 132
Chapter 7 Home Networking P-660HN-51 User’s Guide...
139). • Use the DMZ screen to configure a default server (Section 8.5 on page 143). • Use the ALG screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device (Section 8.6 on page 144). • Use the Sessions screen to limit the number of concurrent NAT sessions all clients can use (Section 8.7 on page...
Chapter 8 Network Address Translation (NAT) Global/Local Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.
Page 135
Chapter 8 Network Address Translation (NAT) Note: Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Chapter 8 Network Address Translation (NAT) The following table describes the fields in this screen. Table 27 Network Settings > NAT > Port Forwarding LABEL DESCRIPTION Add new rule Click this to add a new rule. This is the index number of the entry. Status This field displays whether the NAT rule is active or not.
External Start Port field above. Internal Start This shows the port number to which you want the ZyXEL Device to Port translate the incoming port. For a range of ports, enter the first number of the range to which you want the incoming ports translated.
WAN port receives a response with a specific port number and protocol ("open" port), the ZyXEL Device forwards the traffic to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner.
Page 140
Figure 47 Trigger Port Forwarding Process: Example Jane requests a file from the Real Audio server (port 7070). Port 7070 is a “trigger” port and causes the ZyXEL Device to record Jane’s computer IP address. The ZyXEL Device associates Jane's computer IP address with the "open"...
Trigger Port The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN. Start This is the first port number that identifies a service.
Page 142
The trigger port is a port (or a range of ports) that causes (or triggers) Port the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN. Type a port number or the starting port number in a range of port numbers.
Address ports that are not specified in the NAT Port Forwarding screen. Note: If you do not assign a Default Server Address, the ZyXEL Device discards all packets received for ports that are not specified in the NAT Port Forwarding screen.
SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG. Use this screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device. To access this screen, click Network Settings > NAT > ALG.
This part contains more information regarding NAT. 8.8.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
If you do not define any servers (for Many-to-One and Many-to- Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored.
Chapter 8 Network Address Translation (NAT) 8.8.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Figure 54 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table.
Page 149
Chapter 8 Network Address Translation (NAT) Table 37 Services and Port Numbers (continued) SERVICES PORT NUMBER SNMP trap PPTP (Point-to-Point Tunneling Protocol) 1723 Port Forwarding Example Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
MAC Filter 9.1 Overview This screen allows you to configure the ZyXEL Device to give exclusive access to specific devices or exclude specific devices from accessing the ZyXEL Device. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 152
Select Enable to activate the MAC filter function. Otherwise, select Disable. Add new devices to the Select this check box if you want the ZyXEL Device to Allow List automatically automatically add the newly connected devices to the Allow List.
Firewall 10.1 Overview This chapter shows you how to enable and configure the ZyXEL Device firewall. Use the firewall to protect your ZyXEL Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks.
Chapter 10 Firewall 10.2 The Firewall Screen Use this screen to set the security level of the firewall on the ZyXEL Device. Firewall rules are grouped based on the direction of travel of packets to which they apply. Click Security Settings > Firewall to display the following screen. Select a direction of travel of packets for which you want to configure firewall rules.
Chapter 10 Firewall Click Security Settings > Protocol to display the following screen. Figure 59 Security Settings > Protocol The following table describes the labels in this screen. Table 40 Security Settings > Protocol LABEL DESCRIPTION Add New Click this to add a new protocol. Protocol Entry Name...
Chapter 10 Firewall The following table describes the labels in this screen. Table 41 Protocol: Add LABEL DESCRIPTION Add Protocol Protocol Choose the IP port (TCP, UDP, ICMP, or Other) that defines your customized port from the drop-down list box. Select Other to apply the rule to any protocol.
Page 158
Chapter 10 Firewall The following table describes the labels in this screen. Table 42 Security Settings > Access Control LABEL DESCRIPTION DoS Protection DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and connection requests, using so much bandwidth and so many resources that Internet access becomes unavailable.
Chapter 10 Firewall 10.4.1 Add/Edit an ACL Rule Click Add New ACL Rule or the Edit icon next to an existing ACL rule in the Access Control screen. The following screen displays. Figure 62 Access Control: Add/Edit The following table describes the labels in this screen. Table 43 Access Control: Add/Edit LABEL DESCRIPTION...
Page 160
If a flag is set, the bit number is 1. If a flag is not set, the bit number is 0. The ZyXEL Device will take the action that you select in the Policy field below to the TCP flags that are set.
Page 161
Chapter 10 Firewall Table 43 Access Control: Add/Edit (continued) LABEL DESCRIPTION Scheduler Rules Select a schedule rule for this ACL rule form the drop-down list box. You can configure a new schedule rule by click Add new rule. This will bring you to the Advanced > Scheduler Rules screen. Apply Click Apply to save your changes.
H A P T E R Remote Management 11.1 Overview This chapter provides information on the Remote MGMT screen. Service Control allows you to manage your ZyXEL Device from a remote location through the following interfaces: • LAN • WAN Note: The ZyXEL Device is managed using the Web Configurator.
Page 164
Certificate HTTPS Certificate Select a certificate the HTTPS server (the ZyXEL Device) uses to authenticate itself to the HTTPS client. You must have certificates already configured in the Certificates screen.
CyberTrust or VeriSign and government certification authorities. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority's public key to verify the certificates. You can use the ZyXEL Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority.
The following table describes the labels in this screen. Table 45 Security Settings > Certificates > Local Certificates LABEL DESCRIPTION Create Click this button to go to the screen where you can have the ZyXEL Certificate Device generate a certification request. Request Import...
Organization Name Type up to 63 characters to identify the company or group to which the certificate owner belongs. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. State/Province Type up to 32 characters to identify the state or province where the Name certificate owner is located.
Figure 66 Certificate Request Details 12.3.2 Import Certificate Click Security Settings > Local Certificates and then Import Certificate to open the Import Local Certificate screen. Follow the instructions in this screen to save an existing certificate to the ZyXEL Device. P-660HN-51 User’s Guide...
Page 169
Name certificate. Certificate Copy and paste the certificate into the text box to store it on the ZyXEL Device. Private Copy and paste the private key into the text box to store it on the ZyXEL Device. P-660HN-51 User’s Guide...
Type in the location of the certificate you want to upload in this field or click File Path Browse ... to find it. Private Enter the private key into the text box to store it on the ZyXEL Device. The Key is private key should not exceed 63 ASCII characters (not including spaces). protected...
Page 171
Chapter 12 Certificates Figure 69 Certificate Details The following table describes the labels in this screen. Table 49 Certificate Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 63 characters to identify this certificate.
Click Security Settings > Certificates > Trusted CA to open the following screen. This screen displays a summary list of certificates of the certification authorities that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy;...
Chapter 12 Certificates Table 50 Security Settings > Certificates > Trusted CA (continued) LABEL DESCRIPTION Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), OU (Organizational Unit or department), Organization (O), State (ST) and Country (C). It is recommended that each certificate have unique subject information.
12.4.2 Import Trusted CA Certificate Click the Import Certificate button in the Trusted CA screen to open the following screen. The ZyXEL Device trusts any valid certificate signed by any of the imported trusted CA certificates. Figure 72 Trusted CA: Import Certificate...
Page 175
Click this check box to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the ZyXEL Device. Certificate Name Enter the name that identifies this certificate. The certificate name should not exceed 63 ASCII characters (not including spaces).
H A P T E R IPSec 13.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The ZyXEL Device has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP...
Chapter 13 IPSec Finding Out More Section 13.4 on page 188 for advanced technical information on IPSec VPN. 13.2 The IPSec Settings Screen The following figure helps explain the main fields in the web configurator. Figure 76 IPSec Summary Fields Remote Network Local Network Remote...
Click Add New Connection or a policy’s Edit icon in the IPSec > Settings screen to edit VPN policies. Note: The ZyXEL Device uses the system default gateway interface’s WAN IP address as its WAN IP address to set up a VPN tunnel.
Page 182
VPN connection. Address Tunnel access Specify the IP addresses of the devices behind the ZyXEL Device that from local IP can use the VPN tunnel. The local IP addresses must correspond to the addresses remote IPSec router's configured remote IP addresses.
Page 183
Local/Remote ID Content field. When you select DNS or E-mail in the Local/Remote ID Type field, type a domain name or e-mail address by which to identify this ZyXEL Device in the Local/Remote ID Content field. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated.
Chapter 13 IPSec Table 55 Settings > Add/Edit: Auto(IKE) (continued) LABEL DESCRIPTION Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. Encryption Select DES, 3DES, AES-128, ES-192 or AES-256 from the drop- Algorithm down list box.
SPI to establish the tunnel. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 13.2.2 Configuring Manual Key You only configure VPN manual key when you select Manual in the Key Exchange Method field on the IPSec >...
Page 186
VPN connection. Address Tunnel access Specify the IP addresses of the devices behind the ZyXEL Device that from local IP can use the VPN tunnel. The local IP addresses must correspond to the addresses remote IPSec router's configured remote IP addresses.
Page 187
IPSec router. Protocol This field displays ESP and the ZyXEL Device uses ESP (Encapsulation Security Payload) for VPN. The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH.
This is the static WAN IP address or URL of the remote IPSec router. Gateway Local This is the IP address of computer(s) on your local network behind your Addresses ZyXEL Device. Remote This is the IP address of computer(s) on the remote network behind the Addresses remote IPSec router.
Chapter 13 IPSec 13.4.2 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. At the time of writing, the ZyXEL Device supports Tunnel mode only. Figure 82 Transport and Tunnel Mode IPSec Encapsulation Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet.
• Set the IPSec SA lifetime. This field allows you to determine how long the IPSec SA should stay up before it times out. The ZyXEL Device automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires.
13.4.5 IPSec and NAT Read this section if you are running IPSec on a host computer behind the ZyXEL Device. NAT is incompatible with the AH protocol in both Transport and Tunnel mode.
VPN device at the receiving end finds a mismatch between the hash value and the data and assumes that the data has been maliciously altered. NAT is not normally compatible with ESP in transport mode either, but the ZyXEL Device’s NAT Traversal feature provides a way to handle this. NAT traversal allows you to set up an IKE SA when there are NAT routers between the two IPSec routers.
PROTOCOL Transport Tunnel Transport Tunnel Y* - This is supported in the ZyXEL Device if you enable NAT traversal. 13.4.7 ID Type and Content With aggressive negotiation mode (see Section 13.4.4 on page 192), the ZyXEL Device identifies incoming SAs by ID type and content since this identifying information is not encrypted.
The two ZyXEL Devices in this example cannot complete their negotiation because ZyXEL Device B’s Local ID type is IP, but ZyXEL Device A’s Remote ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG.
Chapter 13 IPSec 13.4.9 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie- Hellman is used within IKE SA setup to establish session keys. 768-bit, 1024-bit 1536-bit, 2048-bit, and 3072-bit Diffie-Hellman groups are supported.
Parental control allows you to permit or block certain web sites to home network computers. You can define time periods and days during which the ZyXEL Device performs parental control on a specific user in the Advanced > Scheduler Rules screen...
Add new rule Click this to create a new parental control rule. This is the index number of the rule. PC Name/IP/MAC The ZyXEL Device allows or prohibits the users from viewing the Web sites with the URLs listed below. Access Type This shows the access type that is applied on the user to the web site of this rule.
Page 199
If you select Block All, the ZyXEL Device blocks access to all URLs. Web Site Enter the URL of web site to which the ZyXEL Device blocks or allows access. Click Add to add this URL to the list below.
Page 200
Chapter 14 Parental Control P-660HN-51 User’s Guide...
15.1 Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes.
Chapter 15 Routing 15.2 The Routing Screen Use this screen to view and configure the static route rules on the ZyXEL Device. Click Advanced > Routing to open the following screen. Figure 88 Advanced >Routing The following table describes the labels in this screen.
Chapter 15 Routing 15.2.1 Add/Edit Static Route Use this screen to add or edit a static route. Click Add new Static Route Entry in the Routing screen or the Edit icon next to the static route you want to edit. The screen shown next appears.
DNS queries for certain domain names through a specific WAN interface to its DNS server(s). The ZyXEL Device uses a system DNS server (in the order you specify in the Broadband screen) to resolve domain names that do not match any DNS routing entry.
• Use the DNS Entry screen to view, configure, or remove DNS routes (Section 16.2 on page 207). • Use the Dynamic DNS screen to enable DDNS and configure the DDNS settings on the ZyXEL Device (Section 16.3 on page 208). P-660HN-51 User’s Guide...
If you have a private WAN IP address, then you cannot use Dynamic DNS. 16.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the ZyXEL Device. Click Advanced > DNS Setting to open the DNS Entry screen.
Chapter 16 Dynamic DNS Setup 16.2.1 Add/Edit DNS Entry You can manually add or edit the ZyXEL Device’s DNS name and IP address entry. Click Add new DNS entry in the DNS Entry screen or the Edit icon next to the entry you want to edit.
Page 209
Select your Dynamic DNS service provider from the drop-down list box. Provider Hostname Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (",").
Page 210
Chapter 16 Dynamic DNS Setup P-660HN-51 User’s Guide...
Configure QoS on the ZyXEL Device to group and prioritize application traffic and fine-tune network performance. Setting up QoS involves these steps: Configure classifiers to sort traffic into different flows.
Bursty traffic may cause network congestion. Traffic shaping regulates packets to be transmitted with a pre-configured data transmission rate using buffers (or queues). Your ZyXEL Device uses the Token Bucket algorithm to allow a certain amount of large bursts while keeping a limit at the average rate.
(Before Traffic Policing) (After Traffic Policing) The ZyXEL Device supports three incoming traffic metering algorithms: Token Bucket Filter (TBF), Single Rate Two Color Maker (srTCM), and Two Rate Two Color Marker (trTCM). You can specify actions which are performed on the colored packets.
100 Mbps. You can set this number higher than the interface’s actual transmission speed. The ZyXEL Device uses up to 95% of the DSL port’s actual upstream transmission speed even if you set this number higher than the DSL port’s actual transmission speed.
A gray bulb signifies that this queue is not active. Name This shows the descriptive name of this queue. Outgoing This shows the name of the ZyXEL Device’s interface through which traffic Interface in this queue passes. Priority This shows the priority of this queue.
Weight Select the weight (from 1 to 8) of this queue. If two queues have the same priority level, the ZyXEL Device divides the bandwidth across the queues according to their weights. Queues with larger weights get more bandwidth than queues with smaller weights.
Page 217
Chapter 17 Quality of Service (QoS) Click Advanced > QoS > Class Setup to open the following screen. Figure 97 Advanced > QoS > Class Setup The following table describes the labels in this screen. Table 73 Advanced > QoS > Class Setup LABEL DESCRIPTION Add new...
Chapter 17 Quality of Service (QoS) 17.5.1 Add/Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen. Figure 98 Class Setup: Add/Edit P-660HN-51 User’s Guide...
Page 219
Chapter 17 Quality of Service (QoS) The following table describes the labels in this screen. Table 74 Class Setup: Add/Edit LABEL DESCRIPTION Active Select this to enable this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces.
Page 220
Chapter 17 Quality of Service (QoS) Table 74 Class Setup: Add/Edit (continued) LABEL DESCRIPTION MAC Mask Type the mask for the specified MAC address to determine which bits a packet’s MAC address should match. Enter “f” for each bit of the specified source MAC address that the traffic’s MAC address should match.
Page 221
DSCP Mark This field is available only when you select IP in the Ether Type field. If you select Mark, enter a DSCP value with which the ZyXEL Device replaces the DSCP field in the packets. If you select Unchange, the ZyXEL Device keep the DSCP field in the packets.
Chapter 17 Quality of Service (QoS) 17.6 The QoS Policer Setup Screen Use this screen to configure QoS policers that allow you to limit the transmission rate of incoming traffic. Click Advanced > QoS > Policer Setup. The screen appears as shown. Figure 99 Advanced >...
Chapter 17 Quality of Service (QoS) 17.6.1 Add/Edit a QoS Policer Click Add new Officer in the Policer Setup screen or the Edit icon next to a policer to show the following screen. Figure 100 Policer Setup: Add/Edit The following table describes the labels in this screen. Table 76 Policer Setup: Add/Edit LABEL DESCRIPTION...
Cancel Click Cancel to exit this screen without saving. 17.7 The QoS Monitor Screen To view the ZyXEL Device’s QoS packet statistics, click Advanced > QoS > Monitor. The screen appears as shown. Figure 101 Advanced > QoS > Monitor The following table describes the labels in this screen.
Chapter 17 Quality of Service (QoS) 17.8 Technical Reference The following section contains additional technical information about the ZyXEL Device features described in this chapter. IEEE 802.1Q Tag The IEEE 802.1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges.
Page 226
Chapter 17 Quality of Service (QoS) DiffServ (Differentiated Services) is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired.
Page 227
Chapter 17 Quality of Service (QoS) Automatic Priority Queue Assignment If you enable QoS on the ZyXEL Device, the ZyXEL Device can automatically base on the IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class.
Page 228
• After a packet is transmitted, a number of tokens corresponding to the packet size is removed from the bucket. • If there are no tokens in the bucket, the ZyXEL Device stops transmitting until enough tokens are generated. • If not enough tokens are available, the ZyXEL Device treats the packet in either...
Page 229
• After a packet is transmitted, a number of tokens corresponding to the packet size is removed from the CBS bucket. • If there are not enough tokens in the CBS bucket, the ZyXEL Device checks the EBS bucket. The packet is marked yellow if there are sufficient tokens in the EBS bucket.
Page 230
Chapter 17 Quality of Service (QoS) P-660HN-51 User’s Guide...
RPCs are sent in Extensible Markup Language (XML) format over HTTP or HTTPS. An administrator can use an ACS to remotely set up the ZyXEL Device, modify settings, perform firmware upgrades as well as monitor and diagnose the ZyXEL Device.
Page 232
Table 80 Advanced > TR-069 Clients LABEL DESCRIPTION Inform Select Enable for the ZyXEL Device to send periodic inform via TR-069 on the WAN. Otherwise, select Disable. Inform Interval Enter the time interval (in seconds) at which the ZyXEL Device sends information to the auto-configuration server.
Page 233
Password password is used to authenticate the ACS. Connection This shows the connection request URL. Request URL The ACS can use this URL to make a connection request to the ZyXEL Device. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
19.2 The Time Setting Screen To change your ZyXEL Device’s time and date, click Advanced >Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 103 Advanced >Time Setting...
Page 236
LABEL DESCRIPTION Current Date/Time System Time This field displays the time and fate of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time and date with the time server. NTP Time Server First ~ Fifth NTP Select an NTP time server from the drop-down list box.
Page 237
Chapter 19 Time Settings Table 81 Advanced >Time Setting (continued) LABEL DESCRIPTION End rule Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November.
Page 238
Chapter 19 Time Settings P-660HN-51 User’s Guide...
H A P T E R Scheduler Rules 20.1 Overview You can define time periods and days during which the ZyXEL Device performs scheduled rules of certain features (such as Firewall Access Control, Parental Control) on a specific user in the Scheduler Rules screen.
Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this schedule. Select check boxes for the days that you want the ZyXEL Device to perform this scheduler rule. Time if Day Enter the time period of each day, in 24-hour format, during which Range parental control will be enforced.
Policy Forwarding 21.1 Overview Traditionally, routing is based on the destination address only and the ZyXEL Device takes the shortest path to forward a packet. Policy forwarding allows the ZyXEL Device to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Chapter 21 Policy Forwarding Table 84 Advanced > Policy Forwarding (continued) LABEL DESCRIPTION Source IP This is the source IP address. Source This is the source subnet mask address. Subnet Mask Protocol This is the transport layer protocol. SourcePort This is the source port number. Source MAC This is the source MAC address.
Page 243
Chapter 21 Policy Forwarding Table 85 Policy Forwarding: Add/Edit (continued) LABEL DESCRIPTION Select a WAN interface through which the traffic is sent. You must have the WAN interface(s) already configured in the Broadband screens. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Chapter 22 Logs Refer to the documentation of your syslog program for details. The following table describes the syslog severity levels. Table 86 Syslog Severity Levels CODE SEVERITY Emergency: The system is unusable. Alert: Action must be taken immediately. Critical: The system condition is critical. Error: There is an error condition on the system.
Page 247
Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the ZyXEL Device searches through all logs of that severity or higher. Clear Log Click this to delete all the logs.
Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the ZyXEL Device searches through all logs of that severity or higher. Clear Log Click this to delete all the logs.
Page 249
Chapter 22 Logs Table 88 System Monitor > Log > Security Log (continued) LABEL DESCRIPTION Level This field displays the severity level of the logs that the device is to send to this syslog server. Messages This field states the reason for the log. P-660HN-51 User’s Guide...
H A P T E R Introduction to the ARP Table 23.1 Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long.
Chapter 23 Introduction to the ARP Table 23.2 ARP Table Screen Use the ARP table to view IP-to-MAC address mapping(s). To open this screen, click System Monitor > ARP Table. Figure 110 System Monitor > ARP Table The following table describes the labels in this screen. Table 89 System Monitor >...
H A P T E R Traffic Status 24.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN and LAN interfaces. 24.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 24.2 on page 254).
24.2 The WAN Status Screen Click System Monitor > Traffic Status to open the WAN screen. The figure in this screen shows the number of bytes received and sent on the ZyXEL Device. Figure 111 System Monitor > Traffic Status > WAN The following table describes the fields in this screen.
24.3 The LAN Status Screen Click System Monitor > Traffic Status > LAN to open the following screen. The figure in this screen shows the interface that is currently connected on the ZyXEL Device. Figure 112 System Monitor > Traffic Status > LAN...
Page 256
The following table describes the fields in this screen. Table 91 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Polls Select how often you want the ZyXEL Device to update this screen. Interval(s) Interface This shows the LAN or WLAN interface. Bytes Sent This indicates the number of bytes transmitted on this interface.
Lock Period This field indicates the number of minutes for the lockout period. A user cannot log into the ZyXEL Device during the lockout period, even if he/ she enters correct account information. Group This field displays the login account type of the user.
Enter the exact same password that you just entered in the above field. Password Retry Times The ZyXEL Device can lock a user out if you use a wrong user name or password to log in the ZyXEL Device. Enter up to how many times a user can re-enter his/her account information before the ZyXEL Device locks the user out.
Click Cancel to exit this screen without saving. 25.2.2 Types of Accounts The ZyXEL Device provides two account types with different privilege levels. The web configurator screens vary depending on which account you use to log in. The following table describes the privileges of the different accounts.
H A P T E R Logs Setting 26.1 Overview You can configure where the ZyXEL Device sends logs and which logs and/or immediate alerts the ZyXEL Device records in the Logs Setting screen. 26.2 The Log Settings Screen To change your ZyXEL Device’s log settings, click Maintenance > Logs Setting.
Page 262
The following table describes the fields in this screen. Table 95 Maintenance > Logs Setting LABEL DESCRIPTION Syslog The ZyXEL Device sends a log to an external syslog server. Logging Active Select the Active check box to enable syslog logging. P-660HN-51 User’s Guide...
Page 263
Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via E-mail. Send Alarm to Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs.
H A P T E R Firmware Upgrade 27.1 Overview This chapter explains how to upload new firmware to your ZyXEL Device. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance.
Page 266
After you see the firmware updating screen, wait two minutes before logging into the ZyXEL Device again. Figure 117 Firmware Uploading The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
Backup Configuration Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Page 268
Chapter 28 Configuration Click Backup to save the ZyXEL Device’s current configuration to your computer. Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 97 Restore Configuration...
Page 269
Figure 122 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears. Figure 123 Reset Warning Message Figure 124 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device.
System restart allows you to reboot the ZyXEL Device remotely without turning the power off. You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Reboot. Click Reboot to have the ZyXEL Device reboot.
You can use different diagnostic methods to test a connection and see the detailed information. These read-only screens display information to help you identify problems with the ZyXEL Device. 29.1.1 What You Can Do in this Chapter • The Ping & TraceRoute & NsLookup screen lets you identify problems with the DSL connection.
Maintenance) F4 or F5 loopback test on a PVC. The ZyXEL Device sends an OAM F4 or F5 packet to the DSLAM or ATM switch and then returns it to the ZyXEL Device. The test result then displays in the text box.
Page 273
ATM device. End-to-end loopback tests allow you to verify integrity of an end-to- end PVC. Note: The DSLAM to which the ZyXEL Device is connected must also support ATM F4 and/or F5 to use this test. Note: This screen is available only when you configure an ATM layer-2 interface.
The ZyXEL Device does not turn on. None of the LEDs turn on. Make sure the ZyXEL Device is turned on. Make sure you are using the power adaptor or cord included with the ZyXEL Device. Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source.
If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Page 277
Advanced Suggestions • Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings and firewall rules to find out why the ZyXEL Device does not respond to HTTP.
Start Guide again. If the problem continues, contact your ISP. I cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device), but my Internet connection is not available anymore. Check the hardware connections, and make sure the LEDs are behaving as expected.
Chapter 30 Troubleshooting 30.4 Wireless Internet Access What factors may cause intermittent or unstabled wireless connection? How can I solve this problem? The following factors may cause interference: • Obstacles: walls, ceilings, furniture, and so on. • Building Materials: metal doors, aluminum studs. •...
Page 280
Wireless security is vital to your network. It protects communications between wireless stations, access points and the wired network. The available security modes in your ZyXEL device are as follows: • WPA2-PSK: (recommended) This uses a pre-shared key with the WPA2 standard.
H A P T E R Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. 31.1 Hardware Specifications Table 100 Hardware Specifications Dimensions 188(H) x 40(W) x 132(D) mm Weight 374 g Power Specification 12VDC 1A...
Page 282
Configuration Backup Make a copy of the ZyXEL Device’s configuration. You can put it & Restoration back on the ZyXEL Device later if you decide to revert back to an earlier configuration. Network Address Each computer on your network must have its own unique IP Translation (NAT) address.
Page 283
Remote Management This allows you to decide whether a service (HTTP or FTP traffic for example) from a computer on a network (LAN or WAN for example) can access the ZyXEL Device. PPPoE Support PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up (RFC2516) connection.
TR-069 HTTPS 31.3 Wireless Features Table 102 Wireless Features Internal Antennas The ZyXEL Device is equipped with two internal antennas to provide a clear radio signal between the wireless stations and the access points. Wireless LAN MAC Address Your device can check the MAC addresses of wireless stations Filtering against a list of allowed or denied MAC addresses.
Page 285
IEEE 802.1x (EAP-TLS) Multi BSSID (4 BSSIDs) Wireless Scheduling Auto-channel selection Output power adjustment The following list, which is not exhaustive, illustrates the standards supported in the ZyXEL Device. Table 103 Standards Supported STANDARD DESCRIPTION RFC 867 Daytime Protocol RFC 868 Time Protocol.
Page 286
Chapter 31 Product Specifications Table 103 Standards Supported (continued) STANDARD DESCRIPTION RFC 2236 Internet Group Management Protocol, Version 2. RFC 2364 PPP over AAL5 (PPP over ATM over ADSL) RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP) RFC 2516 A Method for Transmitting PPP Over Ethernet (PPPoE) RFC 2684 Multiprotocol Encapsulation over ATM Adaptation Layer 5.
"communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. P-660HN-51 User’s Guide...
Page 288
Appendix A Setting up Your Computer’s IP Address Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. Figure 129 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks.
Page 289
Appendix A Setting up Your Computer’s IP Address Select Microsoft from the list of manufacturers. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: Click Add. Select Client and then click Add. Select Microsoft from the list of manufacturers.
Page 290
Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings Click Start and then Run.
Page 291
Appendix A Setting up Your Computer’s IP Address Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 132 Windows XP: Start Menu In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT).
Page 292
Appendix A Setting up Your Computer’s IP Address Right-click Local Area Connection and then click Properties. Figure 134 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 135 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 293
Appendix A Setting up Your Computer’s IP Address • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. •...
Page 294
Appendix A Setting up Your Computer’s IP Address • Click OK when finished. Figure 137 Windows XP: Advanced TCP/IP Properties In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.
Page 296
Appendix A Setting up Your Computer’s IP Address Click the Start icon, Control Panel. Figure 139 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 140 Windows Vista: Control Panel Click Network and Sharing Center. Figure 141 Windows Vista: Network And Internet P-660HN-51 User’s Guide...
Page 297
Appendix A Setting up Your Computer’s IP Address Click Manage network connections. Figure 142 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 143 Windows Vista: Network and Sharing Center P-660HN-51 User’s Guide...
Page 298
Appendix A Setting up Your Computer’s IP Address Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 144 Windows Vista: Local Area Connection Properties The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically.
Page 299
Appendix A Setting up Your Computer’s IP Address • Click Advanced. Figure 145 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 300
Appendix A Setting up Your Computer’s IP Address • Click OK when finished. Figure 146 Windows Vista: Advanced TCP/IP Properties In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 301
11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window. 13 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt.
Page 302
Appendix A Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 148 Macintosh OS 8/9: Apple Menu P-660HN-51 User’s Guide...
Page 303
• Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration.
Appendix A Setting up Your Computer’s IP Address Macintosh OS X Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 150 Macintosh OS X: Apple Menu Click Network in the icon bar. • Select Automatic from the Location list. •...
Page 305
• Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. Click Apply Now and close the window.
Page 306
Appendix A Setting up Your Computer’s IP Address Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 153 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list.
Page 307
Appendix A Setting up Your Computer’s IP Address Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 155 Red Hat 9.0: KDE: Network Configuration: Activate After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.
Page 308
Appendix A Setting up Your Computer’s IP Address • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Appendix A Setting up Your Computer’s IP Address Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 160 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1...
Page 310
Appendix A Setting up Your Computer’s IP Address P-660HN-51 User’s Guide...
P P E N D I X Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 312
Appendix B Pop-up Windows, JavaScript and Java Permissions In Internet Explorer, select Tools, Internet Options, Privacy. Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 162 Internet Options: Privacy Click Apply to save this setting.
Page 313
Appendix B Pop-up Windows, JavaScript and Java Permissions Select Settings…to open the Pop-up Blocker Settings screen. Figure 163 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. P-660HN-51 User’s Guide...
Page 314
Appendix B Pop-up Windows, JavaScript and Java Permissions Click Add to move the IP address to the list of Allowed sites. Figure 164 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed.
Page 315
Appendix B Pop-up Windows, JavaScript and Java Permissions In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 165 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix B Pop-up Windows, JavaScript and Java Permissions Click OK to close the window. Figure 166 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM.
Page 317
Appendix B Pop-up Windows, JavaScript and Java Permissions Click OK to close the window. Figure 167 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. P-660HN-51 User’s Guide...
Page 318
Appendix B Pop-up Windows, JavaScript and Java Permissions Click OK to close the window. Figure 168 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, JavaScript and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Page 319
Appendix B Pop-up Windows, JavaScript and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 170 Mozilla Firefox Content Security P-660HN-51 User’s Guide...
Page 320
Appendix B Pop-up Windows, JavaScript and Java Permissions P-660HN-51 User’s Guide...
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Appendix C IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 171 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Page 323
Appendix C IP Addresses and Subnetting By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number part (the bits with a “1”...
Page 324
Appendix C IP Addresses and Subnetting Notation Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
Page 325
Appendix C IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 172 Subnetting Example: Before Subnetting You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).
Page 326
Appendix C IP Addresses and Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 327
Appendix C IP Addresses and Subnetting Table 110 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.129 192.168.1.128 Broadcast Address: Highest Host ID: 192.168.1.190 192.168.1.191 Table 111 Subnet 4...
Page 328
Appendix C IP Addresses and Subnetting Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 113 24-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.128 (/25)
Page 329
You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
Page 330
Appendix C IP Addresses and Subnetting P-660HN-51 User’s Guide...
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Page 332
Appendix D Wireless LANs with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. Figure 175 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network.
Page 333
Appendix D Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. Figure 176 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data.
Page 334
Appendix D Wireless LANs hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other.
Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity.
Page 336
Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional...
Page 337
Appendix D Wireless LANs • Authorization Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Page 338
Appendix D Wireless LANs EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication.
Appendix D Wireless LANs TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity.
Appendix D Wireless LANs WPA and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication.
Page 341
Appendix D Wireless LANs The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
Page 342
Appendix D Wireless LANs The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret.
Appendix D Wireless LANs The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys.
Appendix D Wireless LANs Table 118 Wireless Security Relational Matrix (continued) AUTHENTICATION METHOD/ KEY ENCRYPTIO ENTER IEEE 802.1X MANAGEMENT N METHOD MANUAL KEY PROTOCOL WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air.
Appendix D Wireless LANs Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment.
Page 346
Appendix D Wireless LANs P-660HN-51 User’s Guide...
P P E N D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. •...
Page 348
A popular videoconferencing solution from White Pines Software. TCP/UDP 24032 TCP/UDP Domain Name Server, a service that matches web names (for instance www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation (IPSEC_TUNNEL) Security Protocol) tunneling protocol uses this service. FINGER...
Page 349
Appendix E Services Table 119 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION MSN Messenger 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDP The Network Basic Input/Output System is used for communication TCP/UDP between computers in a LAN. TCP/UDP TCP/UDP NEW-ICQ...
Page 350
Appendix E Services Table 119 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SFTP The Simple File Transfer Protocol is an old way of transferring files between computers. SMTP Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.
CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM. IF YOU DO NOT AGREE TO THESE TERMS, THEN ZyXEL IS UNWILLING TO LICENSE THE SOFTWARE TO YOU, IN WHICH EVENT YOU SHOULD RETURN THE UNINSTALLED SOFTWARE AND PACKAGING TO THE PLACE FROM WHICH IT WAS ACQUIRED OR ZyXEL, AND YOUR MONEY WILL BE REFUNDED.
Page 352
Software as long as this License Agreement remains in full force and effect. Ownership of the Software, Documentation and all intellectual property rights therein shall remain at all times with ZyXEL. Any other use of the Software by any other entity is strictly forbidden and is a violation of this License Agreement.
Page 353
SOFTWARE, AND NO WARRANTIES SHALL APPLY AFTER THAT PERIOD. 7.Limitation of Liability IN NO EVENT WILL ZyXEL BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, INDIRECT, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES FOR LOSS OF...
Page 354
Software and Documentation in your possession or under your control. ZyXEL may terminate this License Agreement for any reason, including, but not limited to, if ZyXEL finds that you have violated any of the terms of this License Agreement. Upon notification of termination, you agree to destroy or return to ZyXEL all copies of the Software and Documentation and to certify in writing that all known copies, including backup copies, have been destroyed.
Page 355
For at least three (3) years from the date of distribution of the applicable product or software, we will give to anyone who contacts us at the ZyXEL Technical Support (support@zyxel.com.tw), for a charge of no more than our cost of physically performing source code distribution, a...
Page 356
Appendix F Open Software Announcements Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.
Page 357
Appendix F Open Software Announcements TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
Page 358
Appendix F Open Software Announcements These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works.
Page 359
Appendix F Open Software Announcements 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License.
Page 360
Appendix F Open Software Announcements places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9.
Page 361
Appendix F Open Software Announcements END OF TERMS AND CONDITIONS All other trademarks or trade names mentioned herein, if any, are the property of their respective owners. This Product includes ppp software under below license This directory contains source code and precompiled binaries for ppp-2.4, a package which implements the Point-to-Point Protocol (PPP) to provide Internet connections over serial lines.
Page 362
Appendix F Open Software Announcements FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice.
Page 364
Appendix G Legal Information • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Canada. Viewing Certifications Go to http://www.zyxel.com. Select your product on the ZyXEL home page to go to that product's page. Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Page 366
(at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
Index Index ACL rule 165, 338 activation certificate firewalls details SIP ALG factory default SSID Certificate Authority Address Resolution Protocol See CA. administrator account certificates authentication algorithms creating alternative subnet mask notation importing antenna public key directional replacing gain storage space omni-directional Certification Authority AP (access point)
Page 368
Index data fragment threshold FCC interference statement 95, 98 DDoS filters MAC address default login accounts 88, 100 Finger default server address firewalls Denials of Service, see DoS add protocols configuration DHCP 114, 129 DDoS diagnostic Differentiated Services, see DiffServ LAND attack Diffie-Hellman key groups Ping of Death...
Page 369
Index importing certificates Independent Basic Service Set MAC address 89, 118 See IBSS filter 88, 100 initialization vector (IV) MAC authentication Inside Global Address, see IGA Mac filter inside header Inside Local Address, see ILA MBSSID Internet Key Exchange multicast IGMPInternet Group Multicast Protocol, see Internet Protocol Security, see IPSec IGMP...
Page 370
Index OAM Ping Test RADIUS message types outside header messages shared secret key RADIUS server registration product Pairwise Master Key (PMK) 340, 343 related documentation passwords remote management TR-069 Remote Procedure Calls, see RPCs Per-Hop Behavior, see PHB reset 26, 269 restart PIN, WPS restoring configuration...
Page 371
Index SMTP trademarks SNMP traffic shaping example SNMP trap transport mode 154, 184 trTCM srTCM tunnel mode SSID activation Two Rate Three Color Marker, see trTCM MBSSID static route configuration 203, 208, 258 example status 35, 39 firmware version unicast Universal Plug and Play, see UPnP wireless LAN upgrading firmware...
Page 372
Index multiplexing limitations status traffic shaping push button 23, 105 example wireless security Wireless tutorial WLAN warranty interference note security parameters 92, 104 101, 340 compatibility key caching example pre-authentication web configurator user authentication 21, 27 login vs WPA-PSK passwords wireless client supplicant with RADIUS application example WEP Encryption...