Page 1 P-660HN-51 802.11n Wireless ADSL2+ 4-port Gateway Default Login Details IP Address http://192.168.1.1 User Name admin Password 1234 Firmware Version 1.10 Edition 1, 11/2010 www.zyxel.com www.zyxel.com Copyright © 2010 ZyXEL Communications Corporation...
Page 3: About This User's Guide
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Page 4 In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/ web/contact_us.php for contact information.
Page 5: Document Conventions
Syntax Conventions • The P-660HN-51 may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch P-660HN-51 User’s Guide...
Page 7: Safety Warnings
Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. •...
Page 8 Safety Warnings P-660HN-51 User’s Guide...
Page 9: Table Of Contents
Contents Overview Contents Overview User’s Guide ........................... 19 Introduction ..........................21 The Web Configurator ....................... 27 Network Map and Status Screens ..................... 35 Tutorials ............................. 41 Technical Reference ......................61 Broadband ..........................63 Wireless ............................. 77 Home Networking ........................113 Network Address Translation (NAT) ..................133 MAC Filter ..........................
Page 10 Contents Overview P-660HN-51 User’s Guide...
Page 11: Table Of Contents
Introduction ..........................21 1.1 Overview ..........................21 1.2 Ways to Manage the ZyXEL Device ..................21 1.3 Good Habits for Managing the ZyXEL Device ..............22 1.4 Applications for the ZyXEL Device ..................22 1.4.1 Internet Access ......................22 1.5 Wireless Access ........................23 1.5.1 Using the WLAN/WPS Button ..................
Page 12 4.4 Setting Up Multiple Wireless Groups ................... 52 4.5 Configuring Static Route for Routing to Another Network ........... 55 4.6 Access the ZyXEL Device Using DDNS ................58 4.6.1 Registering a DDNS Account on www.dyndns.org ............ 58 4.6.2 Configuring DDNS on Your ZyXEL Device ..............59 4.6.3 Testing the DDNS Setting ..................
Page 13 7.5 Installing UPnP in Windows Example ................120 7.6 Using UPnP in Windows XP Example ................123 7.7 Technical Reference ......................128 7.7.1 LANs, WANs and the ZyXEL Device ................ 129 7.7.2 DHCP Setup ......................129 7.7.3 DNS Server Addresses .................... 129 7.7.4 LAN TCP/IP ......................
Page 14 Table of Contents 8.1.1 What You Can Do in this Chapter ................133 8.1.2 What You Need To Know ..................133 8.2 The Port Forwarding Screen .................... 134 8.2.1 Add/Edit Port Forwarding ..................136 8.3 The Applications Screen ....................137 8.3.1 Add New Application ....................
Page 15 Table of Contents 12.3 The Local Certificates Screen ..................166 12.3.1 Create Certificate Request ..................167 12.3.2 Import Certificate ....................168 12.3.3 Certificate Details ....................170 12.4 The Trusted CA Screen ....................172 12.4.1 View Trusted CA Certificate ................... 173 12.4.2 Import Trusted CA Certificate .................
Page 16 Table of Contents 16.1.1 What You Can Do in this Chapter ................206 16.1.2 What You Need To Know ..................207 16.2 The DNS Entry Screen ....................207 16.2.1 Add/Edit DNS Entry ....................208 16.3 The Dynamic DNS Screen ....................208 Chapter 17 Quality of Service (QoS).......................
Page 17 Table of Contents Chapter 22 Logs ............................245 22.1 Overview .......................... 245 22.1.1 What You Can Do in this Chapter ................245 22.1.2 What You Need To Know ..................245 22.2 The System Log Screen ....................246 22.3 The Security Log Screen ....................248 Chapter 23 Introduction to the ARP Table .....................
Page 18 29.3 The OAM Ping Test Screen ..................... 272 Chapter 30 Troubleshooting........................275 30.1 Power, Hardware Connections, and LEDs ..............275 30.2 ZyXEL Device Access and Login ..................276 30.3 Internet Access ........................ 278 30.4 Wireless Internet Access ....................279 Chapter 31 Product Specifications ......................
Page 19: User's Guide
User’s Guide...
Page 21: Introduction
1.2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.
Page 22: Good Habits For Managing The Zyxel Device
Chapter 1 Introduction 1.3 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
Page 23: Wireless Access
Chapter 1 Introduction You can also configure firewall and filtering feature on the ZyXEL Device for secure Internet access. When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files.
Page 24 Press the WLAN/WPS button for five to ten seconds and release it. Press the WPS button on another WPS-enabled device within range of the ZyXEL Device. The WPS/WLAN LED should flash while the ZyXEL Device sets up a WPS connection with the other wireless device.
Page 25: Leds (Lights)
Chapter 1 Introduction 1.6 LEDs (Lights) The following graphic displays the labels of the LEDs. Figure 3 LEDs None of the LEDs are on if the ZyXEL Device is not receiving power. Table 1 LED Descriptions COLOR STATUS DESCRIPTION POWER Green The ZyXEL Device is receiving power and ready for use.
Page 26: The Reset Button
The DSL line is down. INTERNET Green The ZyXEL Device has an IP connection but no traffic. Your device has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up.
Page 27: The Web Configurator
Internet Explorer. 2.1.1 Accessing the Web Configurator Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). Launch your web browser. Type "192.168.1.1" as the URL.
Page 28 Login. For security reasons, you will be temporarily denied access to the ZyXEL Device for a period of time (15 minutes by default) if you have entered the incorrect username and password for a certain number of times (three times by default).
Page 29: The Web Configurator Layout
The Network Map page appears. Figure 6 Network Map Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for ten minutes (default). If this happens, log in again. Click Status to display the Status screen, where you can view the ZyXEL Device’s interface and system information.
Page 30: Title Bar
Chapter 3 on page 37 for more information about the Status screen. 2.2.3 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL Device features. The following tables describe each menu item.2 Table 2 Navigation Panel Summary...
Page 31 Use this screen to configure the wireless LAN settings and WLAN authentication/security settings. More AP Use this screen to configure multiple BSSs on the ZyXEL Device. Use this screen to block or allow wireless traffic from wireless Authentication devices of certain SSIDs and MAC addresses to the ZyXEL Device.
Page 32 Use this screen to block web sites with the specific URL. Control Control Advanced Routing Routing Use this screen to view and set up static routes on the ZyXEL Device. DNS Setting DNS Entry Use this screen to view and configure DNS entries. Dynamic DNS Use this screen to allow a static hostname alias for a dynamic IP address.
Page 33 Chapter 2 The Web Configurator Table 2 Navigation Panel Summary (continued) LINK FUNCTION Diagnostic Ping & Use this screen to identify problems with the DSL connection. You TraceRoute & can use Ping, TraceRoute, or Nslookup to help you identify NsLookup problems.
Page 34 Chapter 2 The Web Configurator P-660HN-51 User’s Guide...
Page 35: Network Map And Status Screens
After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the ZyXEL Device and clients connected to You can use the Status screen to look at the current status of the ZyXEL Device, system resources, and interfaces (LAN, WAN, and WLAN).
Page 36 Chapter 3 Network Map and Status Screens If you prefer to view the status in a list, click List View in the Viewing Mode selection box. You can configure how often you want the ZyXEL Device to update this screen in Refresh Interval.
Page 37: The Status Screen
Chapter 3 Network Map and Status Screens 3.3 The Status Screen Use this screen to view the status of the ZyXEL Device. Click Network Map > Status to open this screen. Figure 10 Status Screen Each field is described in the following table.
Page 38 This field displays what DHCP services the ZyXEL Device is providing to the LAN. Choices are: Server - The ZyXEL Device is a DHCP server in the LAN. It assigns IP addresses to other computers in the LAN. Relay - The ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients.
Page 39 This field displays how long the ZyXEL Device has been running since it Time last started up. The ZyXEL Device starts up when you plug it in, when you restart it (Maintenance > Reboot), or when you reset it. Current This field displays the current date and time in the ZyXEL Device.
Page 40 Chapter 3 Network Map and Status Screens P-660HN-51 User’s Guide...
Page 41: Tutorials
Configurator. If you connect to the Internet through a DSL connection, use the information from your Internet Service Provider (ISP) to configure the ZyXEL Device. Be sure to contact your service provider for any information you need to configure the Broadband screens.
Page 42 Chapter 4 Tutorials General Connection Name MyDSLConnection Connection Mode Routing Encapsulation PPPoE ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode LLC/SNAP-Bridging Service Category UBR without PCR Account Information PPP User Name 1234@DSL-Ex.com PPP Password ABCDEF! PPPoE Service Name My DSL Static IP Address 192.168.1.32 Others PPPoE Passthrough: Disabled...
Page 43 Chapter 4 Tutorials Click Apply to save your settings. You should see a summary of your new DSL connection setup in the Broadband screen as follows. P-660HN-51 User’s Guide...
Page 44: Setting Up A Secure Wireless Network
Chapter 4 Tutorials Try to connect to a website, such as zyxel.com to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens.
Page 45 Go to the Wireless > Others screen and select 802.11b/g/n Mixed in the 802.11 Mode field. Click Apply. You can now use the WPS feature to establish a wireless connection between your notebook and the ZyXEL Device (see Section 4.3.2 on page 46). You can also use...
Page 46: Using Wps
4.3.2 Using WPS This section shows you how to set up a wireless network using WPS. It uses the ZyXEL Device as the AP and ZyXEL NWD210N as the wireless client which connects to the notebook. f your wireless devices display the WPS logo, you can use Wi-Fi Protected Setup (WPS) to add wireless devices to your wireless network.
Page 47 In the wireless client utility, go to the WPS setting page. Enable WPS and press the WPS button (Start or WPS button). Push and hold the WPS button located on the ZyXEL Device’s front panel for 5 to 10 seconds. The WLAN/WPS LED starts blinking orange. Alternatively, you can log into ZyXEL Device’s web configurator and go to the Network Settings >...
Page 48: Wireless Client
Chapter 4 Tutorials The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both ZyXEL Device and wireless client. Example WPS Process: PBC Method ZyXEL Device Wireless Client...
Page 49 Chapter 4 Tutorials Method 2: Register Wireless Client’s PIN Number When you use the PIN configuration method, you need to use both the ZyXEL Device’s web configurator and the wireless client’s utility. Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get the wireless client’s PIN number.
Page 50 Chapter 4 Tutorials The following figure shows you how to set up a wireless network and its security on a ZyXEL Device and a wireless client by using PIN method. Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES...
Page 51: Without Wps
Chapter 4 Tutorials Copy the PIN number of the ZyXEL Device shown in step 2 of Method 3 . You can click on the Generate New PIN Number button if you want the ZyXEL Device to auto-generate a new PIN number.
Page 52: Setting Up Multiple Wireless Groups
Chapter 4 Tutorials 4.4 Setting Up Multiple Wireless Groups You want to create different wireless network groups for different types of users in your company as shown in the following figure. Each group has its own SSID and security mode. Company Guest •...
Page 53 Chapter 4 Tutorials Click Network Settings > Wireless to open the General screen. Use this screen to set up the company’s general wireless network group. Configure the screen using the provided parameters and click Apply. Click Network Settings > Wireless > More AP to open the following screen. Click the Edit icon to configure the second wireless network group.
Page 54 Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. In the More AP screen, click the Edit icon to configure the third wireless network group. P-660HN-51 User’s Guide...
Page 55: Configuring Static Route For Routing To Another Network
In order to extend your Intranet and control traffic flowing directions, you may connect a router to the ZyXEL Device’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings.
Page 56 In this case, B will never receive the traffic. You need to specify a static routing rule on the ZyXEL Device to specify R as the router in charge of forwarding traffic to N2. In this case, the ZyXEL Device routes traffic from A to R and then R routes the traffic to B.
Page 57 192.168.10.2 192.168.10.33 To configure a static route to route traffic from N1 to N2: Log into the ZyXEL Device’s Web Configurator in advanced mode. Click Advanced > Routing. Click Add New Static Route Entry in the Static Route screen. Configure the Static Route Setup screen using the following settings: Select the Active check box.
Page 58: Access The Zyxel Device Using Ddns
B’s firewall settings to allow specific traffic to pass through. 4.6 Access the ZyXEL Device Using DDNS If you connect your ZyXEL Device to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The ZyXEL Device’s WAN IP address changes dynamically.
Page 59: Configuring Ddns On Your Zyxel Device
Chapter 4 Tutorials • IP Address: Enter the WAN IP address that your ZyXEL Device is currently using. You can find the IP address on the ZyXEL Device’s Web Configurator Status page. Then you will need to configure the same account and host name on the ZyXEL Device later.
Page 60 Chapter 4 Tutorials P-660HN-51 User’s Guide...
Page 61: Technical Reference
Technical Reference...
Page 63: Broadband
5.1 Overview This chapter describes how to configure WAN settings from the Broadband screen. Use this screen to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Page 64: Before You Begin
Chapter 5 Broadband WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the ZyXEL Device tries to access the Internet.
Page 65: The Broadband Screen
ATM QoS This is the type of ATM QoS of the connection. IGMP Proxy This shows whether the ZyXEL Device act as an IGMP proxy on this connection. This shows whether NAT is activated or not for this connection. Default Gateway This shows whether the ZyXEL Device use the WAN interface of this connection as the system default gateway.
Page 66: Add/Edit Broadband
Chapter 5 Broadband 5.2.1 Add/Edit Broadband Click Add new WAN interface in the Broadband screen or the Edit icon next to an existing WAN interface to configure a WAN connection. The screen differs according to the mode and encapsulation you choose. This screen displays when you select the Routing mode and PPPoE encapsulation.
Page 67 Chapter 5 Broadband Figure 13 Broadband: Add/Edit: Routing Mode The following table describes the labels in this screen. Table 6 Broadband: Add/Edit: Routing Mode LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. Name Specify a descriptive name of up to 15 alphanumeric characters for this connection.
Page 68 • VC/MUX: In VC multiplexing, each protocol is carried on a single ATM virtual circuit (VC). To transport multiple protocols, the ZyXEL Device needs separate VCs. There is a binding between a VC and the type of the network protocol carried on the VC. This reduces payload overhead since there is no need to carry protocol information in each Protocol Data Unit (PDU) payload.
Page 69 PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the ZyXEL Device. Each host can have a separate account and a public WAN IP address.
Page 70 Multicast group - it is not used to carry user data. Select this option to have the ZyXEL Device act as an IGMP proxy on this connection. This allows the ZyXEL Device to get subscribing information and maintain a joined member list for each multicast group.
Page 71 • VC/MUX: In VC multiplexing, each protocol is carried on a single ATM virtual circuit (VC). To transport multiple protocols, the ZyXEL Device needs separate VCs. There is a binding between a VC and the type of the network protocol carried on the VC. This reduces payload overhead since there is no need to carry protocol information in each Protocol Data Unit (PDU) payload.
Page 72 Type the MBS, which is less than 65535. This field is available only when you select Non Realtime VBR or Realtime VBR. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to exit this screen without saving. P-660HN-51 User’s Guide...
Page 73: Technical Reference
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 74: Multiplexing
Chapter 5 Broadband 5.3.2 Multiplexing There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the multiplexing method required by your ISP. VC-based Multiplexing In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit;...
Page 75: Nat
Chapter 5 Broadband 5.3.5 NAT NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 76: Atm Traffic Classes
Chapter 5 Broadband 5.4.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Page 77: Wireless
• Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 6.2 on page 78). • Use the More AP screen to set up multiple wireless networks on your ZyXEL Device (Section 6.3 on page 86).
Page 78: What You Need To Know
Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the ZyXEL Device from a computer connected to the wireless LAN and you change the ZyXEL Device’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Page 79 Channel Set the channel depending on your particular region. Select a channel or use Auto to have the ZyXEL Device automatically determine a channel to use. If you are having problems with wireless interference, changing the channel may help. Try to use a channel that is as many channels away from any channels used by neighboring APs as possible.
Page 80 Table 8 Network Settings > Wireless > General (continued) LABEL DESCRIPTION Bandwidth Select whether the ZyXEL Device uses a wireless channel width of 20MHz or 40MHz. A standard 20MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300 Mbps.
Page 81: No Security
Select No Security to allow wireless stations to communicate with the access points without any data encryption or authentication. Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range.
Page 82 Click more... to show more fields in this section. Click less to hide them. Password The password (WEP keys) are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same password (WEP key) for data transmission.
Page 83: More Secure (Wpa(2)-Psk)
6.2.3 More Secure (WPA(2)-PSK) The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the ZyXEL Device and the connecting client share a common password in order to validate the connection.
Page 84: Wpa(2) Authentication
This field appears when you choose WPA-PSK2 as the Security Mode. Compatible Check this field to allow wireless devices using WPA-PSK security mode to connect to your ZyXEL Device. The ZyXEL Device supports WPA-PSK and WPA2-PSK simultaneously. Encryption Select the encryption type (TKIP, AES or TKIP+AES) for data encryption.
Page 85 Click more... to show more fields in this section. Click less to hide them. WPA Compatible This field is only available for WPA2. Select this if you want the ZyXEL Device to support WPA and WPA2 simultaneously. P-660HN-51 User’s Guide...
Page 86: The More Ap Screen
6.3 The More AP Screen This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the ZyXEL Device. Click Network Settings > Wireless > More AP. The following screen displays. Figure 21 Network Settings > Wireless > More AP The following table describes the labels in this screen.
Page 87: Edit More Ap
LABEL DESCRIPTION SSID An SSID profile is the set of parameters relating to one of the ZyXEL Device’s BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated. This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
Page 88: Mac Authentication
Click Cancel to exit this screen without saving. 6.4 MAC Authentication This screen allows you to configure the ZyXEL Device to give exclusive access to specific devices (Allow) or exclude specific devices from accessing the ZyXEL Device (Deny). Every Ethernet device has a unique MAC (Media Access Control) address.
Page 89 Chapter 6 Wireless Use this screen to view your ZyXEL Device’s MAC filter settings and add new MAC filter rules. Click Wireless > MAC Authentication. The screen appears as shown. Figure 23 Wireless > MAC Authentication The following table describes the labels in this screen.
Page 90: The Wps Screen
Chapter 6 Wireless 6.5 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your ZyXEL Device. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices.
Page 91: The Wmm Screen
Connect Click this button to add another WPS-enabled wireless device (within wireless range of the ZyXEL Device) to your wireless network. This button may either be a physical button on the outside of device, or a menu button similar to the Connect button on this screen.
Page 92: The Wds Screen
Note: WDS security is independent of the security settings between the ZyXEL Device and any wireless clients. Note: At the time of writing, WDS is compatible with other ZyXEL APs only. Not all models support WDS links. Check your other AP’s documentation.
Page 93 Wireless Bridge Setup AP Mode Select the operating mode for your ZyXEL Device. • Access Point - The ZyXEL Device functions as a bridge and access point simultaneously. • Wireless Bridge - The ZyXEL Device acts as a wireless network bridge and establishes wireless links with other APs.
Page 94: Wds Scan
Click Cancel to restore your previously saved settings. 6.7.1 WDS Scan You can click the Scan icon in Wireless > WDS to have the ZyXEL Device automatically search and display the available APs within range. Select an AP and click Apply to have the ZyXEL Device establish a wireless link with the selected wireless device.
Page 95: The Wireless Others Screen
Device scans for the best channel. Enter 0 to disable the periodical scan. Output Power Set the output power of the ZyXEL Device. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs.
Page 96: Technical Reference
Select 802.11b/g/n Mixed to allow IEEE 802.11b, IEEE 802.11g or IEEE802.11n compliant WLAN devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL Device might be reduced. 802.11 Enabling this feature can help prevent collisions in mixed-mode networks Protection (networks with both IEEE 802.11b and IEEE 802.11g traffic).
Page 97 The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your ZyXEL Device is the AP. Every wireless network must follow these basic guidelines.
Page 98: Additional Wireless Terms
By setting this value lower than the default value, the wireless devices must sometimes get permission to send information to the ZyXEL Device. The lower the value, the more often the devices must get permission. If this value is greater than the fragmentation threshold value (see below), then wireless devices never have to get permission to send information to the ZyXEL Device.
Page 99: Wireless Security Overview
Chapter 6 Wireless 6.9.3 Wireless Security Overview By their nature, radio communications are simple to intercept. For wireless data networks, this means that anyone within range of a wireless network without security can not only read the data passing over the airwaves, but also join the network.
Page 100: Mac Address Filter
Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the ZyXEL Device does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess.
Page 101 Usually, you should set up the strongest encryption that every device in the wireless network supports. For example, suppose you have a wireless network with the ZyXEL Device and you do not have a RADIUS server. Therefore, there is no authentication. Suppose the wireless network has two devices. Device A only supports WEP, and device B supports WEP and WPA.
Page 102: Signal Problems
Chapter 6 Wireless Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. 6.9.4 Signal Problems Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption.
Page 103: Mbssid
Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The ZyXEL Device’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously.
Page 104: Wireless Distribution System (Wds)
APs you want to link to. Once the security settings of peer sides match one another, the connection between devices is made. At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details.
Page 105: Push Button Configuration
Section 6.6 on page 91). Press the button on one of the devices (it doesn’t matter which). For the ZyXEL Device you must press the WPS button for more than three seconds. Within two minutes, press the button on the other device. The registrar sends the network name (SSID) and security key through an secure connection to the enrollee.
Page 106 Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the ZyXEL Device, see Section 6.5 on page 90).
Page 107: How Wps Works
Chapter 6 Wireless The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. Figure 32 Example WPS Process: PIN Method ENROLLEE REGISTRAR This device’s WPS PIN: 123456 Enter WPS PIN from other device: START START...
Page 108 Chapter 6 Wireless The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. Figure 33 How WPS works ACTIVATE ACTIVATE WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes).
Page 109 Chapter 6 Wireless 6.9.8.4 Example WPS Network Setup This section shows how security settings are distributed in an example WPS setup. The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee.
Page 110: Limitations Of Wps
Chapter 6 Wireless point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. Figure 36 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 REGISTRAR CLIENT 2 ENROLLEE 6.9.8.5 Limitations of WPS WPS has some limitations of which you should be aware.
Page 111: Preamble Type
Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it, otherwise the ZyXEL Device uses long preamble. Note: The wireless devices MUST use the same preamble mode in order to communicate.
Page 112 Chapter 6 Wireless P-660HN-51 User’s Guide...
Page 113: Home Networking
• Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses (Section 7.3 on page 118). • Use the UPnP screen to enable UPnP on the ZyXEL Device (Section 7.4 on page 119). P-660HN-51 User’s Guide...
Page 114: What You Need To Know
You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your ZyXEL Device an IP address, subnet mask, DNS and other routing information when it's turned on.
Page 115: Before You Begin
All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0.
Page 116: The Lan Setup Screen
7.2 The LAN Setup Screen Use this screen to set the Local Area Network IP address and subnet mask of your ZyXEL Device. Click Network Settings > Home Networking to open the LAN Setup screen. Follow these steps to configure your LAN settings.
Page 117 DESCRIPTION LAN IP Setup IP Address Enter the LAN IP address you want to assign to your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Page 118: The Static Dhcp Screen
00:A0:C5:00:00:02. Use this screen to change your ZyXEL Device’s static DHCP settings. Click Network Settings > Home Networking > Static DHCP to open the following screen.
Page 119: The Upnp Screen
Chapter 7 Home Networking If you click Add new static lease in the Static DHCP screen or the Edit icon next to a static DHCP entry, the following screen displays. Figure 39 Static DHCP: Add/Edit The following table describes the labels in this screen. Table 25 Static DHCP: Add/Edit LABEL DESCRIPTION...
Page 120: Installing Upnp In Windows Example
Chapter 7 Home Networking Use the following screen to configure the UPnP settings on your ZyXEL Device. Click Network Settings > Home Networking > UPnP to display the screen shown next. Figure 40 Network Settings > Home Networking > UPnP The following table describes the labels in this screen.
Page 121 Chapter 7 Home Networking Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication In the Communications window, select the Universal Plug and Play check box in the Components selection box. Add/Remove Programs: Windows Setup: Communication: Components P-660HN-51 User’s Guide...
Page 122 Chapter 7 Home Networking Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections.
Page 123: Using Upnp In Windows Xp Example
UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network Device Click Start and Control Panel.
Page 124 Chapter 7 Home Networking Right-click the icon and select Properties. Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties P-660HN-51 User’s Guide...
Page 125 Chapter 7 Home Networking You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Page 126 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.
Page 127 Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Network Connections: My Network Places P-660HN-51 User’s Guide...
Page 128: Technical Reference
Chapter 7 Home Networking Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Network Connections: My Network Places: Properties: Example 7.7 Technical Reference This section provides some technical background information about the topics covered in this chapter.
Page 129: Lans, Wans And The Zyxel Device
TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Page 130: Lan Tcp/Ip
IP addresses in the DHCP Setup screen. 7.7.4 LAN TCP/IP The ZyXEL Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.
Page 131 Chapter 7 Home Networking The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise.
Page 132 Chapter 7 Home Networking P-660HN-51 User’s Guide...
Page 133: Network Address Translation (Nat)
139). • Use the DMZ screen to configure a default server (Section 8.5 on page 143). • Use the ALG screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device (Section 8.6 on page 144). • Use the Sessions screen to limit the number of concurrent NAT sessions all clients can use (Section 8.7 on page...
Page 134: The Port Forwarding Screen
Chapter 8 Network Address Translation (NAT) Global/Local Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.
Page 135 Chapter 8 Network Address Translation (NAT) Note: Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Page 136: Add/Edit Port Forwarding
Chapter 8 Network Address Translation (NAT) The following table describes the fields in this screen. Table 27 Network Settings > NAT > Port Forwarding LABEL DESCRIPTION Add new rule Click this to add a new rule. This is the index number of the entry. Status This field displays whether the NAT rule is active or not.
Page 137: The Applications Screen
External Start Port field above. Internal Start This shows the port number to which you want the ZyXEL Device to Port translate the incoming port. For a range of ports, enter the first number of the range to which you want the incoming ports translated.
Page 138: Add New Application
Chapter 8 Network Address Translation (NAT) To access this screen, click Network Settings > NAT > Applications. The following screen appears. Figure 45 Network Settings > NAT > Applications The following table describes the labels in this screen. Table 29 Network Settings > NAT > Applications LABEL DESCRIPTION Add new...
Page 139: The Port Triggering Screen
WAN port receives a response with a specific port number and protocol ("open" port), the ZyXEL Device forwards the traffic to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner.
Page 140 Figure 47 Trigger Port Forwarding Process: Example Jane requests a file from the Real Audio server (port 7070). Port 7070 is a “trigger” port and causes the ZyXEL Device to record Jane’s computer IP address. The ZyXEL Device associates Jane's computer IP address with the "open"...
Page 141: Add/Edit Port Triggering Rule
Trigger Port The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN. Start This is the first port number that identifies a service.
Page 142 The trigger port is a port (or a range of ports) that causes (or triggers) Port the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN. Type a port number or the starting port number in a range of port numbers.
Page 143: The Dmz Screen
Address ports that are not specified in the NAT Port Forwarding screen. Note: If you do not assign a Default Server Address, the ZyXEL Device discards all packets received for ports that are not specified in the NAT Port Forwarding screen.
Page 144: The Alg Screen
SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG. Use this screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device. To access this screen, click Network Settings > NAT > ALG.
Page 145: Technical Reference
This part contains more information regarding NAT. 8.8.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Page 146: What Nat Does
If you do not define any servers (for Many-to-One and Many-to- Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
Page 147: How Nat Works
IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored.
Page 148: Nat Application
Chapter 8 Network Address Translation (NAT) 8.8.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Figure 54 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table.
Page 149 Chapter 8 Network Address Translation (NAT) Table 37 Services and Port Numbers (continued) SERVICES PORT NUMBER SNMP trap PPTP (Point-to-Point Tunneling Protocol) 1723 Port Forwarding Example Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 150 Chapter 8 Network Address Translation (NAT) P-660HN-51 User’s Guide...
Page 151: Mac Filter
MAC Filter 9.1 Overview This screen allows you to configure the ZyXEL Device to give exclusive access to specific devices or exclude specific devices from accessing the ZyXEL Device. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 152 Select Enable to activate the MAC filter function. Otherwise, select Disable. Add new devices to the Select this check box if you want the ZyXEL Device to Allow List automatically automatically add the newly connected devices to the Allow List.
Page 153: Firewall
Firewall 10.1 Overview This chapter shows you how to enable and configure the ZyXEL Device firewall. Use the firewall to protect your ZyXEL Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Page 154: What You Need To Know
Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks.
Page 155: The Firewall Screen
Chapter 10 Firewall 10.2 The Firewall Screen Use this screen to set the security level of the firewall on the ZyXEL Device. Firewall rules are grouped based on the direction of travel of packets to which they apply. Click Security Settings > Firewall to display the following screen. Select a direction of travel of packets for which you want to configure firewall rules.
Page 156: Add A Protocol
Chapter 10 Firewall Click Security Settings > Protocol to display the following screen. Figure 59 Security Settings > Protocol The following table describes the labels in this screen. Table 40 Security Settings > Protocol LABEL DESCRIPTION Add New Click this to add a new protocol. Protocol Entry Name...
Page 157: The Access Control Screen
Chapter 10 Firewall The following table describes the labels in this screen. Table 41 Protocol: Add LABEL DESCRIPTION Add Protocol Protocol Choose the IP port (TCP, UDP, ICMP, or Other) that defines your customized port from the drop-down list box. Select Other to apply the rule to any protocol.
Page 158 Chapter 10 Firewall The following table describes the labels in this screen. Table 42 Security Settings > Access Control LABEL DESCRIPTION DoS Protection DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and connection requests, using so much bandwidth and so many resources that Internet access becomes unavailable.
Page 159: Add/Edit An Acl Rule
Chapter 10 Firewall 10.4.1 Add/Edit an ACL Rule Click Add New ACL Rule or the Edit icon next to an existing ACL rule in the Access Control screen. The following screen displays. Figure 62 Access Control: Add/Edit The following table describes the labels in this screen. Table 43 Access Control: Add/Edit LABEL DESCRIPTION...
Page 160 If a flag is set, the bit number is 1. If a flag is not set, the bit number is 0. The ZyXEL Device will take the action that you select in the Policy field below to the TCP flags that are set.
Page 161 Chapter 10 Firewall Table 43 Access Control: Add/Edit (continued) LABEL DESCRIPTION Scheduler Rules Select a schedule rule for this ACL rule form the drop-down list box. You can configure a new schedule rule by click Add new rule. This will bring you to the Advanced > Scheduler Rules screen. Apply Click Apply to save your changes.
Page 162 Chapter 10 Firewall P-660HN-51 User’s Guide...
Page 163: Remote Management
H A P T E R Remote Management 11.1 Overview This chapter provides information on the Remote MGMT screen. Service Control allows you to manage your ZyXEL Device from a remote location through the following interfaces: • LAN • WAN Note: The ZyXEL Device is managed using the Web Configurator.
Page 164 Certificate HTTPS Certificate Select a certificate the HTTPS server (the ZyXEL Device) uses to authenticate itself to the HTTPS client. You must have certificates already configured in the Certificates screen.
Page 165: Certificates
CyberTrust or VeriSign and government certification authorities. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority's public key to verify the certificates. You can use the ZyXEL Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority.
Page 166: The Local Certificates Screen
The following table describes the labels in this screen. Table 45 Security Settings > Certificates > Local Certificates LABEL DESCRIPTION Create Click this button to go to the screen where you can have the ZyXEL Certificate Device generate a certification request. Request Import...
Page 167: Create Certificate Request
Organization Name Type up to 63 characters to identify the company or group to which the certificate owner belongs. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. State/Province Type up to 32 characters to identify the state or province where the Name certificate owner is located.
Page 168: Import Certificate
Figure 66 Certificate Request Details 12.3.2 Import Certificate Click Security Settings > Local Certificates and then Import Certificate to open the Import Local Certificate screen. Follow the instructions in this screen to save an existing certificate to the ZyXEL Device. P-660HN-51 User’s Guide...
Page 169 Name certificate. Certificate Copy and paste the certificate into the text box to store it on the ZyXEL Device. Private Copy and paste the private key into the text box to store it on the ZyXEL Device. P-660HN-51 User’s Guide...
Page 170: Certificate Details
Type in the location of the certificate you want to upload in this field or click File Path Browse ... to find it. Private Enter the private key into the text box to store it on the ZyXEL Device. The Key is private key should not exceed 63 ASCII characters (not including spaces). protected...
Page 171 Chapter 12 Certificates Figure 69 Certificate Details The following table describes the labels in this screen. Table 49 Certificate Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 63 characters to identify this certificate.
Page 172: The Trusted Ca Screen
Click Security Settings > Certificates > Trusted CA to open the following screen. This screen displays a summary list of certificates of the certification authorities that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy;...
Page 173: View Trusted Ca Certificate
Chapter 12 Certificates Table 50 Security Settings > Certificates > Trusted CA (continued) LABEL DESCRIPTION Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), OU (Organizational Unit or department), Organization (O), State (ST) and Country (C). It is recommended that each certificate have unique subject information.
Page 174: Import Trusted Ca Certificate
12.4.2 Import Trusted CA Certificate Click the Import Certificate button in the Trusted CA screen to open the following screen. The ZyXEL Device trusts any valid certificate signed by any of the imported trusted CA certificates. Figure 72 Trusted CA: Import Certificate...
Page 175 Click this check box to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the ZyXEL Device. Certificate Name Enter the name that identifies this certificate. The certificate name should not exceed 63 ASCII characters (not including spaces).
Page 176 Chapter 12 Certificates P-660HN-51 User’s Guide...
Page 177: Ipsec
H A P T E R IPSec 13.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Page 178: What You Need To Know
Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The ZyXEL Device has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP...
Page 179: The Ipsec Settings Screen
Chapter 13 IPSec Finding Out More Section 13.4 on page 188 for advanced technical information on IPSec VPN. 13.2 The IPSec Settings Screen The following figure helps explain the main fields in the web configurator. Figure 76 IPSec Summary Fields Remote Network Local Network Remote...
Page 180: Add/Edit Ipsec Setting
Click Add New Connection or a policy’s Edit icon in the IPSec > Settings screen to edit VPN policies. Note: The ZyXEL Device uses the system default gateway interface’s WAN IP address as its WAN IP address to set up a VPN tunnel.
Page 181 Chapter 13 IPSec Figure 78 Settings > Add/Edit: Auto(IKE) P-660HN-51 User’s Guide...
Page 182 VPN connection. Address Tunnel access Specify the IP addresses of the devices behind the ZyXEL Device that from local IP can use the VPN tunnel. The local IP addresses must correspond to the addresses remote IPSec router's configured remote IP addresses.
Page 183 Local/Remote ID Content field. When you select DNS or E-mail in the Local/Remote ID Type field, type a domain name or e-mail address by which to identify this ZyXEL Device in the Local/Remote ID Content field. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated.
Page 184: Manual Key Setup
Chapter 13 IPSec Table 55 Settings > Add/Edit: Auto(IKE) (continued) LABEL DESCRIPTION Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. Encryption Select DES, 3DES, AES-128, ES-192 or AES-256 from the drop- Algorithm down list box.
Page 185: Configuring Manual Key
SPI to establish the tunnel. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 13.2.2 Configuring Manual Key You only configure VPN manual key when you select Manual in the Key Exchange Method field on the IPSec >...
Page 186 VPN connection. Address Tunnel access Specify the IP addresses of the devices behind the ZyXEL Device that from local IP can use the VPN tunnel. The local IP addresses must correspond to the addresses remote IPSec router's configured remote IP addresses.
Page 187 IPSec router. Protocol This field displays ESP and the ZyXEL Device uses ESP (Encapsulation Security Payload) for VPN. The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH.
Page 188: The Ipsec Status Screen
This is the static WAN IP address or URL of the remote IPSec router. Gateway Local This is the IP address of computer(s) on your local network behind your Addresses ZyXEL Device. Remote This is the IP address of computer(s) on the remote network behind the Addresses remote IPSec router.
Page 189: Ipsec Architecture
Chapter 13 IPSec 13.4.1 IPSec Architecture The overall IPSec architecture is shown as follows. Figure 81 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).
Page 190: Encapsulation
Chapter 13 IPSec 13.4.2 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. At the time of writing, the ZyXEL Device supports Tunnel mode only. Figure 82 Transport and Tunnel Mode IPSec Encapsulation Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet.
Page 191: Ike Phases
• Set the IPSec SA lifetime. This field allows you to determine how long the IPSec SA should stay up before it times out. The ZyXEL Device automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires.
Page 192: Negotiation Mode
13.4.5 IPSec and NAT Read this section if you are running IPSec on a host computer behind the ZyXEL Device. NAT is incompatible with the AH protocol in both Transport and Tunnel mode.
Page 193: Vpn, Nat, And Nat Traversal
VPN device at the receiving end finds a mismatch between the hash value and the data and assumes that the data has been maliciously altered. NAT is not normally compatible with ESP in transport mode either, but the ZyXEL Device’s NAT Traversal feature provides a way to handle this. NAT traversal allows you to set up an IKE SA when there are NAT routers between the two IPSec routers.
Page 194: Id Type And Content
PROTOCOL Transport Tunnel Transport Tunnel Y* - This is supported in the ZyXEL Device if you enable NAT traversal. 13.4.7 ID Type and Content With aggressive negotiation mode (see Section 13.4.4 on page 192), the ZyXEL Device identifies incoming SAs by ID type and content since this identifying information is not encrypted.
Page 195: Id Type And Content Examples
The two ZyXEL Devices in this example cannot complete their negotiation because ZyXEL Device B’s Local ID type is IP, but ZyXEL Device A’s Remote ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG.
Page 196: Diffie-Hellman (Dh) Key Groups
Chapter 13 IPSec 13.4.9 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie- Hellman is used within IKE SA setup to establish session keys. 768-bit, 1024-bit 1536-bit, 2048-bit, and 3072-bit Diffie-Hellman groups are supported.
Page 197: Parental Control
Parental control allows you to permit or block certain web sites to home network computers. You can define time periods and days during which the ZyXEL Device performs parental control on a specific user in the Advanced > Scheduler Rules screen...
Page 198: Add/Edit Parental Control Rule
Add new rule Click this to create a new parental control rule. This is the index number of the rule. PC Name/IP/MAC The ZyXEL Device allows or prohibits the users from viewing the Web sites with the URLs listed below. Access Type This shows the access type that is applied on the user to the web site of this rule.
Page 199 If you select Block All, the ZyXEL Device blocks access to all URLs. Web Site Enter the URL of web site to which the ZyXEL Device blocks or allows access. Click Add to add this URL to the list below.
Page 200 Chapter 14 Parental Control P-660HN-51 User’s Guide...
Page 201: Routing
15.1 Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes.
Page 202: The Routing Screen
Chapter 15 Routing 15.2 The Routing Screen Use this screen to view and configure the static route rules on the ZyXEL Device. Click Advanced > Routing to open the following screen. Figure 88 Advanced >Routing The following table describes the labels in this screen.
Page 203: Add/Edit Static Route
Chapter 15 Routing 15.2.1 Add/Edit Static Route Use this screen to add or edit a static route. Click Add new Static Route Entry in the Routing screen or the Edit icon next to the static route you want to edit. The screen shown next appears.
Page 204 Chapter 15 Routing P-660HN-51 User’s Guide...
Page 205: Dynamic Dns Setup
DNS queries for certain domain names through a specific WAN interface to its DNS server(s). The ZyXEL Device uses a system DNS server (in the order you specify in the Broadband screen) to resolve domain names that do not match any DNS routing entry.
Page 206: What You Can Do In This Chapter
• Use the DNS Entry screen to view, configure, or remove DNS routes (Section 16.2 on page 207). • Use the Dynamic DNS screen to enable DDNS and configure the DDNS settings on the ZyXEL Device (Section 16.3 on page 208). P-660HN-51 User’s Guide...
Page 207: What You Need To Know
If you have a private WAN IP address, then you cannot use Dynamic DNS. 16.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the ZyXEL Device. Click Advanced > DNS Setting to open the DNS Entry screen.
Page 208: Add/Edit Dns Entry
Chapter 16 Dynamic DNS Setup 16.2.1 Add/Edit DNS Entry You can manually add or edit the ZyXEL Device’s DNS name and IP address entry. Click Add new DNS entry in the DNS Entry screen or the Edit icon next to the entry you want to edit.
Page 209 Select your Dynamic DNS service provider from the drop-down list box. Provider Hostname Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (",").
Page 210 Chapter 16 Dynamic DNS Setup P-660HN-51 User’s Guide...
Page 211: Quality Of Service (Qos)
Configure QoS on the ZyXEL Device to group and prioritize application traffic and fine-tune network performance. Setting up QoS involves these steps: Configure classifiers to sort traffic into different flows.
Page 212: What You Need To Know
Bursty traffic may cause network congestion. Traffic shaping regulates packets to be transmitted with a pre-configured data transmission rate using buffers (or queues). Your ZyXEL Device uses the Token Bucket algorithm to allow a certain amount of large bursts while keeping a limit at the average rate.
Page 213: The Quality Of Service General Screen
(Before Traffic Policing) (After Traffic Policing) The ZyXEL Device supports three incoming traffic metering algorithms: Token Bucket Filter (TBF), Single Rate Two Color Maker (srTCM), and Two Rate Two Color Marker (trTCM). You can specify actions which are performed on the colored packets.
Page 214: The Queue Setup Screen
100 Mbps. You can set this number higher than the interface’s actual transmission speed. The ZyXEL Device uses up to 95% of the DSL port’s actual upstream transmission speed even if you set this number higher than the DSL port’s actual transmission speed.
Page 215: Adding A Qos Queue
A gray bulb signifies that this queue is not active. Name This shows the descriptive name of this queue. Outgoing This shows the name of the ZyXEL Device’s interface through which traffic Interface in this queue passes. Priority This shows the priority of this queue.
Page 216: The Class Setup Screen
Weight Select the weight (from 1 to 8) of this queue. If two queues have the same priority level, the ZyXEL Device divides the bandwidth across the queues according to their weights. Queues with larger weights get more bandwidth than queues with smaller weights.
Page 217 Chapter 17 Quality of Service (QoS) Click Advanced > QoS > Class Setup to open the following screen. Figure 97 Advanced > QoS > Class Setup The following table describes the labels in this screen. Table 73 Advanced > QoS > Class Setup LABEL DESCRIPTION Add new...
Page 218: Add/Edit Qos Class
Chapter 17 Quality of Service (QoS) 17.5.1 Add/Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen. Figure 98 Class Setup: Add/Edit P-660HN-51 User’s Guide...
Page 219 Chapter 17 Quality of Service (QoS) The following table describes the labels in this screen. Table 74 Class Setup: Add/Edit LABEL DESCRIPTION Active Select this to enable this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces.
Page 220 Chapter 17 Quality of Service (QoS) Table 74 Class Setup: Add/Edit (continued) LABEL DESCRIPTION MAC Mask Type the mask for the specified MAC address to determine which bits a packet’s MAC address should match. Enter “f” for each bit of the specified source MAC address that the traffic’s MAC address should match.
Page 221 DSCP Mark This field is available only when you select IP in the Ether Type field. If you select Mark, enter a DSCP value with which the ZyXEL Device replaces the DSCP field in the packets. If you select Unchange, the ZyXEL Device keep the DSCP field in the packets.
Page 222: The Qos Policer Setup Screen
Chapter 17 Quality of Service (QoS) 17.6 The QoS Policer Setup Screen Use this screen to configure QoS policers that allow you to limit the transmission rate of incoming traffic. Click Advanced > QoS > Policer Setup. The screen appears as shown. Figure 99 Advanced >...
Page 223: Add/Edit A Qos Policer
Chapter 17 Quality of Service (QoS) 17.6.1 Add/Edit a QoS Policer Click Add new Officer in the Policer Setup screen or the Edit icon next to a policer to show the following screen. Figure 100 Policer Setup: Add/Edit The following table describes the labels in this screen. Table 76 Policer Setup: Add/Edit LABEL DESCRIPTION...
Page 224: The Qos Monitor Screen
Cancel Click Cancel to exit this screen without saving. 17.7 The QoS Monitor Screen To view the ZyXEL Device’s QoS packet statistics, click Advanced > QoS > Monitor. The screen appears as shown. Figure 101 Advanced > QoS > Monitor The following table describes the labels in this screen.
Page 225: Technical Reference
Chapter 17 Quality of Service (QoS) 17.8 Technical Reference The following section contains additional technical information about the ZyXEL Device features described in this chapter. IEEE 802.1Q Tag The IEEE 802.1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges.
Page 226 Chapter 17 Quality of Service (QoS) DiffServ (Differentiated Services) is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow. Packets are marked with DiffServ Code Points (DSCPs) indicating the level of service desired.
Page 227 Chapter 17 Quality of Service (QoS) Automatic Priority Queue Assignment If you enable QoS on the ZyXEL Device, the ZyXEL Device can automatically base on the IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class.
Page 228 • After a packet is transmitted, a number of tokens corresponding to the packet size is removed from the bucket. • If there are no tokens in the bucket, the ZyXEL Device stops transmitting until enough tokens are generated. • If not enough tokens are available, the ZyXEL Device treats the packet in either...
Page 229 • After a packet is transmitted, a number of tokens corresponding to the packet size is removed from the CBS bucket. • If there are not enough tokens in the CBS bucket, the ZyXEL Device checks the EBS bucket. The packet is marked yellow if there are sufficient tokens in the EBS bucket.
Page 230 Chapter 17 Quality of Service (QoS) P-660HN-51 User’s Guide...
Page 231: Client
RPCs are sent in Extensible Markup Language (XML) format over HTTP or HTTPS. An administrator can use an ACS to remotely set up the ZyXEL Device, modify settings, perform firmware upgrades as well as monitor and diagnose the ZyXEL Device.
Page 232 Table 80 Advanced > TR-069 Clients LABEL DESCRIPTION Inform Select Enable for the ZyXEL Device to send periodic inform via TR-069 on the WAN. Otherwise, select Disable. Inform Interval Enter the time interval (in seconds) at which the ZyXEL Device sends information to the auto-configuration server.
Page 233 Password password is used to authenticate the ACS. Connection This shows the connection request URL. Request URL The ACS can use this URL to make a connection request to the ZyXEL Device. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
Page 234 Chapter 18 TR-069 Client P-660HN-51 User’s Guide...
Page 235: Time Settings
19.2 The Time Setting Screen To change your ZyXEL Device’s time and date, click Advanced >Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 103 Advanced >Time Setting...
Page 236 LABEL DESCRIPTION Current Date/Time System Time This field displays the time and fate of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time and date with the time server. NTP Time Server First ~ Fifth NTP Select an NTP time server from the drop-down list box.
Page 237 Chapter 19 Time Settings Table 81 Advanced >Time Setting (continued) LABEL DESCRIPTION End rule Configure the day and time when Daylight Saving Time ends if you selected Daylight Savings. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November.
Page 238 Chapter 19 Time Settings P-660HN-51 User’s Guide...
Page 239: Scheduler Rules
H A P T E R Scheduler Rules 20.1 Overview You can define time periods and days during which the ZyXEL Device performs scheduled rules of certain features (such as Firewall Access Control, Parental Control) on a specific user in the Scheduler Rules screen.
Page 240: Add/Edit A Schedule
Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this schedule. Select check boxes for the days that you want the ZyXEL Device to perform this scheduler rule. Time if Day Enter the time period of each day, in 24-hour format, during which Range parental control will be enforced.
Page 241: Policy Forwarding
Policy Forwarding 21.1 Overview Traditionally, routing is based on the destination address only and the ZyXEL Device takes the shortest path to forward a packet. Policy forwarding allows the ZyXEL Device to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 242: Add/Edit Policy Forwarding
Chapter 21 Policy Forwarding Table 84 Advanced > Policy Forwarding (continued) LABEL DESCRIPTION Source IP This is the source IP address. Source This is the source subnet mask address. Subnet Mask Protocol This is the transport layer protocol. SourcePort This is the source port number. Source MAC This is the source MAC address.
Page 243 Chapter 21 Policy Forwarding Table 85 Policy Forwarding: Add/Edit (continued) LABEL DESCRIPTION Select a WAN interface through which the traffic is sent. You must have the WAN interface(s) already configured in the Broadband screens. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
Page 244 Chapter 21 Policy Forwarding P-660HN-51 User’s Guide...
Page 245: Logs
The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Page 246: The System Log Screen
Chapter 22 Logs Refer to the documentation of your syslog program for details. The following table describes the syslog severity levels. Table 86 Syslog Severity Levels CODE SEVERITY Emergency: The system is unusable. Alert: Action must be taken immediately. Critical: The system condition is critical. Error: There is an error condition on the system.
Page 247 Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the ZyXEL Device searches through all logs of that severity or higher. Clear Log Click this to delete all the logs.
Page 248: The Security Log Screen
Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the ZyXEL Device searches through all logs of that severity or higher. Clear Log Click this to delete all the logs.
Page 249 Chapter 22 Logs Table 88 System Monitor > Log > Security Log (continued) LABEL DESCRIPTION Level This field displays the severity level of the logs that the device is to send to this syslog server. Messages This field states the reason for the log. P-660HN-51 User’s Guide...
Page 250 Chapter 22 Logs P-660HN-51 User’s Guide...
Page 251: Introduction To The Arp Table
H A P T E R Introduction to the ARP Table 23.1 Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long.
Page 252: Arp Table Screen
Chapter 23 Introduction to the ARP Table 23.2 ARP Table Screen Use the ARP table to view IP-to-MAC address mapping(s). To open this screen, click System Monitor > ARP Table. Figure 110 System Monitor > ARP Table The following table describes the labels in this screen. Table 89 System Monitor >...
Page 253: Traffic Status
H A P T E R Traffic Status 24.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN and LAN interfaces. 24.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 24.2 on page 254).
Page 254: The Wan Status Screen
24.2 The WAN Status Screen Click System Monitor > Traffic Status to open the WAN screen. The figure in this screen shows the number of bytes received and sent on the ZyXEL Device. Figure 111 System Monitor > Traffic Status > WAN The following table describes the fields in this screen.
Page 255: The Lan Status Screen
24.3 The LAN Status Screen Click System Monitor > Traffic Status > LAN to open the following screen. The figure in this screen shows the interface that is currently connected on the ZyXEL Device. Figure 112 System Monitor > Traffic Status > LAN...
Page 256 The following table describes the fields in this screen. Table 91 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Polls Select how often you want the ZyXEL Device to update this screen. Interval(s) Interface This shows the LAN or WLAN interface. Bytes Sent This indicates the number of bytes transmitted on this interface.
Page 257: Users Configuration
Lock Period This field indicates the number of minutes for the lockout period. A user cannot log into the ZyXEL Device during the lockout period, even if he/ she enters correct account information. Group This field displays the login account type of the user.
Page 258: Add/Edit A Users Account
Enter the exact same password that you just entered in the above field. Password Retry Times The ZyXEL Device can lock a user out if you use a wrong user name or password to log in the ZyXEL Device. Enter up to how many times a user can re-enter his/her account information before the ZyXEL Device locks the user out.
Page 259: Types Of Accounts
Click Cancel to exit this screen without saving. 25.2.2 Types of Accounts The ZyXEL Device provides two account types with different privilege levels. The web configurator screens vary depending on which account you use to log in. The following table describes the privileges of the different accounts.
Page 260 Chapter 25 Users Configuration P-660HN-51 User’s Guide...
Page 261: Logs Setting
H A P T E R Logs Setting 26.1 Overview You can configure where the ZyXEL Device sends logs and which logs and/or immediate alerts the ZyXEL Device records in the Logs Setting screen. 26.2 The Log Settings Screen To change your ZyXEL Device’s log settings, click Maintenance > Logs Setting.
Page 262 The following table describes the fields in this screen. Table 95 Maintenance > Logs Setting LABEL DESCRIPTION Syslog The ZyXEL Device sends a log to an external syslog server. Logging Active Select the Active check box to enable syslog logging. P-660HN-51 User’s Guide...
Page 263 Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via E-mail. Send Alarm to Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs.
Page 264 Chapter 26 Logs Setting P-660HN-51 User’s Guide...
Page 265: Firmware Upgrade
H A P T E R Firmware Upgrade 27.1 Overview This chapter explains how to upload new firmware to your ZyXEL Device. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance.
Page 266 After you see the firmware updating screen, wait two minutes before logging into the ZyXEL Device again. Figure 117 Firmware Uploading The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
Page 267: Configuration
Backup Configuration Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Page 268 Chapter 28 Configuration Click Backup to save the ZyXEL Device’s current configuration to your computer. Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 97 Restore Configuration...
Page 269 Figure 122 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears. Figure 123 Reset Warning Message Figure 124 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device.
Page 270: The Reboot Screen
System restart allows you to reboot the ZyXEL Device remotely without turning the power off. You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Reboot. Click Reboot to have the ZyXEL Device reboot.
Page 271: Diagnostic
You can use different diagnostic methods to test a connection and see the detailed information. These read-only screens display information to help you identify problems with the ZyXEL Device. 29.1.1 What You Can Do in this Chapter • The Ping & TraceRoute & NsLookup screen lets you identify problems with the DSL connection.
Page 272: The Oam Ping Test Screen
Maintenance) F4 or F5 loopback test on a PVC. The ZyXEL Device sends an OAM F4 or F5 packet to the DSLAM or ATM switch and then returns it to the ZyXEL Device. The test result then displays in the text box.
Page 273 ATM device. End-to-end loopback tests allow you to verify integrity of an end-to- end PVC. Note: The DSLAM to which the ZyXEL Device is connected must also support ATM F4 and/or F5 to use this test. Note: This screen is available only when you configure an ATM layer-2 interface.
Page 274 Chapter 29 Diagnostic P-660HN-51 User’s Guide...
Page 275: Troubleshooting
The ZyXEL Device does not turn on. None of the LEDs turn on. Make sure the ZyXEL Device is turned on. Make sure you are using the power adaptor or cord included with the ZyXEL Device. Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source.
Page 276: Zyxel Device Access And Login
If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Page 277 Advanced Suggestions • Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings and firewall rules to find out why the ZyXEL Device does not respond to HTTP.
Page 278: Internet Access
Start Guide again. If the problem continues, contact your ISP. I cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device), but my Internet connection is not available anymore. Check the hardware connections, and make sure the LEDs are behaving as expected.
Page 279: Wireless Internet Access
Chapter 30 Troubleshooting 30.4 Wireless Internet Access What factors may cause intermittent or unstabled wireless connection? How can I solve this problem? The following factors may cause interference: • Obstacles: walls, ceilings, furniture, and so on. • Building Materials: metal doors, aluminum studs. •...
Page 280 Wireless security is vital to your network. It protects communications between wireless stations, access points and the wired network. The available security modes in your ZyXEL device are as follows: • WPA2-PSK: (recommended) This uses a pre-shared key with the WPA2 standard.
Page 281: Product Specifications
H A P T E R Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. 31.1 Hardware Specifications Table 100 Hardware Specifications Dimensions 188(H) x 40(W) x 132(D) mm Weight 374 g Power Specification 12VDC 1A...
Page 282 Configuration Backup Make a copy of the ZyXEL Device’s configuration. You can put it & Restoration back on the ZyXEL Device later if you decide to revert back to an earlier configuration. Network Address Each computer on your network must have its own unique IP Translation (NAT) address.
Page 283 Remote Management This allows you to decide whether a service (HTTP or FTP traffic for example) from a computer on a network (LAN or WAN for example) can access the ZyXEL Device. PPPoE Support PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up (RFC2516) connection.
Page 284: Wireless Features
TR-069 HTTPS 31.3 Wireless Features Table 102 Wireless Features Internal Antennas The ZyXEL Device is equipped with two internal antennas to provide a clear radio signal between the wireless stations and the access points. Wireless LAN MAC Address Your device can check the MAC addresses of wireless stations Filtering against a list of allowed or denied MAC addresses.
Page 285 IEEE 802.1x (EAP-TLS) Multi BSSID (4 BSSIDs) Wireless Scheduling Auto-channel selection Output power adjustment The following list, which is not exhaustive, illustrates the standards supported in the ZyXEL Device. Table 103 Standards Supported STANDARD DESCRIPTION RFC 867 Daytime Protocol RFC 868 Time Protocol.
Page 286 Chapter 31 Product Specifications Table 103 Standards Supported (continued) STANDARD DESCRIPTION RFC 2236 Internet Group Management Protocol, Version 2. RFC 2364 PPP over AAL5 (PPP over ATM over ADSL) RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP) RFC 2516 A Method for Transmitting PPP Over Ethernet (PPPoE) RFC 2684 Multiprotocol Encapsulation over ATM Adaptation Layer 5.
Page 287: Appendix A Setting Up Your Computer's Ip Address
"communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. P-660HN-51 User’s Guide...
Page 288 Appendix A Setting up Your Computer’s IP Address Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. Figure 129 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks.
Page 289 Appendix A Setting up Your Computer’s IP Address Select Microsoft from the list of manufacturers. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: Click Add. Select Client and then click Add. Select Microsoft from the list of manufacturers.
Page 290 Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings Click Start and then Run.
Page 291 Appendix A Setting up Your Computer’s IP Address Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 132 Windows XP: Start Menu In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT).
Page 292 Appendix A Setting up Your Computer’s IP Address Right-click Local Area Connection and then click Properties. Figure 134 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 135 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 293 Appendix A Setting up Your Computer’s IP Address • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. •...
Page 294 Appendix A Setting up Your Computer’s IP Address • Click OK when finished. Figure 137 Windows XP: Advanced TCP/IP Properties In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 295: Windows Vista
Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.
Page 296 Appendix A Setting up Your Computer’s IP Address Click the Start icon, Control Panel. Figure 139 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 140 Windows Vista: Control Panel Click Network and Sharing Center. Figure 141 Windows Vista: Network And Internet P-660HN-51 User’s Guide...
Page 297 Appendix A Setting up Your Computer’s IP Address Click Manage network connections. Figure 142 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 143 Windows Vista: Network and Sharing Center P-660HN-51 User’s Guide...
Page 298 Appendix A Setting up Your Computer’s IP Address Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 144 Windows Vista: Local Area Connection Properties The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically.
Page 299 Appendix A Setting up Your Computer’s IP Address • Click Advanced. Figure 145 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 300 Appendix A Setting up Your Computer’s IP Address • Click OK when finished. Figure 146 Windows Vista: Advanced TCP/IP Properties In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 301 11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window. 13 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt.
Page 302 Appendix A Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 148 Macintosh OS 8/9: Apple Menu P-660HN-51 User’s Guide...
Page 303 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration.
Page 304: Macintosh Os X
Appendix A Setting up Your Computer’s IP Address Macintosh OS X Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 150 Macintosh OS X: Apple Menu Click Network in the icon bar. • Select Automatic from the Location list. •...
Page 305 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. Click Apply Now and close the window.
Page 306 Appendix A Setting up Your Computer’s IP Address Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 153 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list.
Page 307 Appendix A Setting up Your Computer’s IP Address Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 155 Red Hat 9.0: KDE: Network Configuration: Activate After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.
Page 308 Appendix A Setting up Your Computer’s IP Address • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Page 309: Verifying Settings
Appendix A Setting up Your Computer’s IP Address Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 160 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1...
Page 310 Appendix A Setting up Your Computer’s IP Address P-660HN-51 User’s Guide...
Page 311: Appendix B Pop-Up Windows, Javascript And Java Permissions
P P E N D I X Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 312 Appendix B Pop-up Windows, JavaScript and Java Permissions In Internet Explorer, select Tools, Internet Options, Privacy. Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 162 Internet Options: Privacy Click Apply to save this setting.
Page 313 Appendix B Pop-up Windows, JavaScript and Java Permissions Select Settings…to open the Pop-up Blocker Settings screen. Figure 163 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. P-660HN-51 User’s Guide...
Page 314 Appendix B Pop-up Windows, JavaScript and Java Permissions Click Add to move the IP address to the list of Allowed sites. Figure 164 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed.
Page 315 Appendix B Pop-up Windows, JavaScript and Java Permissions In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 165 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default).
Page 316: Java Permissions
Appendix B Pop-up Windows, JavaScript and Java Permissions Click OK to close the window. Figure 166 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM.
Page 317 Appendix B Pop-up Windows, JavaScript and Java Permissions Click OK to close the window. Figure 167 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. P-660HN-51 User’s Guide...
Page 318 Appendix B Pop-up Windows, JavaScript and Java Permissions Click OK to close the window. Figure 168 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, JavaScript and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Page 319 Appendix B Pop-up Windows, JavaScript and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 170 Mozilla Firefox Content Security P-660HN-51 User’s Guide...
Page 320 Appendix B Pop-up Windows, JavaScript and Java Permissions P-660HN-51 User’s Guide...
Page 321: Appendix C Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 322: Subnet Masks
Appendix C IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 171 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Page 323 Appendix C IP Addresses and Subnetting By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number part (the bits with a “1”...
Page 324 Appendix C IP Addresses and Subnetting Notation Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
Page 325 Appendix C IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 172 Subnetting Example: Before Subnetting You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).
Page 326 Appendix C IP Addresses and Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 327 Appendix C IP Addresses and Subnetting Table 110 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.129 192.168.1.128 Broadcast Address: Highest Host ID: 192.168.1.190 192.168.1.191 Table 111 Subnet 4...
Page 328 Appendix C IP Addresses and Subnetting Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 113 24-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.128 (/25)
Page 329 You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
Page 330 Appendix C IP Addresses and Subnetting P-660HN-51 User’s Guide...
Page 331: Appendix D Wireless Lans
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Page 332 Appendix D Wireless LANs with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. Figure 175 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network.
Page 333 Appendix D Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. Figure 176 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data.
Page 334 Appendix D Wireless LANs hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other.
Page 335: Fragmentation Threshold
Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity.
Page 336 Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional...
Page 337 Appendix D Wireless LANs • Authorization Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Page 338 Appendix D Wireless LANs EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication.
Page 339: Dynamic Wep Key Exchange
Appendix D Wireless LANs TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity.
Page 340: Wpa And Wpa2
Appendix D Wireless LANs WPA and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication.
Page 341 Appendix D Wireless LANs The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
Page 342 Appendix D Wireless LANs The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret.
Page 343: Security Parameters Summary
Appendix D Wireless LANs The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys.
Page 344: Antenna Characteristics
Appendix D Wireless LANs Table 118 Wireless Security Relational Matrix (continued) AUTHENTICATION METHOD/ KEY ENCRYPTIO ENTER IEEE 802.1X MANAGEMENT N METHOD MANUAL KEY PROTOCOL WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air.
Page 345: Types Of Antennas For Wlan
Appendix D Wireless LANs Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment.
Page 346 Appendix D Wireless LANs P-660HN-51 User’s Guide...
Page 347: Appendix E Services
P P E N D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. •...
Page 348 A popular videoconferencing solution from White Pines Software. TCP/UDP 24032 TCP/UDP Domain Name Server, a service that matches web names (for instance www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation (IPSEC_TUNNEL) Security Protocol) tunneling protocol uses this service. FINGER...
Page 349 Appendix E Services Table 119 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION MSN Messenger 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDP The Network Basic Input/Output System is used for communication TCP/UDP between computers in a LAN. TCP/UDP TCP/UDP NEW-ICQ...
Page 350 Appendix E Services Table 119 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SFTP The Simple File Transfer Protocol is an old way of transferring files between computers. SMTP Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.
Page 351: Appendix F Open Software Announcements
CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM. IF YOU DO NOT AGREE TO THESE TERMS, THEN ZyXEL IS UNWILLING TO LICENSE THE SOFTWARE TO YOU, IN WHICH EVENT YOU SHOULD RETURN THE UNINSTALLED SOFTWARE AND PACKAGING TO THE PLACE FROM WHICH IT WAS ACQUIRED OR ZyXEL, AND YOUR MONEY WILL BE REFUNDED.
Page 352 Software as long as this License Agreement remains in full force and effect. Ownership of the Software, Documentation and all intellectual property rights therein shall remain at all times with ZyXEL. Any other use of the Software by any other entity is strictly forbidden and is a violation of this License Agreement.
Page 353 SOFTWARE, AND NO WARRANTIES SHALL APPLY AFTER THAT PERIOD. 7.Limitation of Liability IN NO EVENT WILL ZyXEL BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, INDIRECT, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES FOR LOSS OF...
Page 354 Software and Documentation in your possession or under your control. ZyXEL may terminate this License Agreement for any reason, including, but not limited to, if ZyXEL finds that you have violated any of the terms of this License Agreement. Upon notification of termination, you agree to destroy or return to ZyXEL all copies of the Software and Documentation and to certify in writing that all known copies, including backup copies, have been destroyed.
Page 355 For at least three (3) years from the date of distribution of the applicable product or software, we will give to anyone who contacts us at the ZyXEL Technical Support (support@zyxel.com.tw), for a charge of no more than our cost of physically performing source code distribution, a...
Page 356 Appendix F Open Software Announcements Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.
Page 357 Appendix F Open Software Announcements TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
Page 358 Appendix F Open Software Announcements These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works.
Page 359 Appendix F Open Software Announcements 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License.
Page 360 Appendix F Open Software Announcements places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9.
Page 361 Appendix F Open Software Announcements END OF TERMS AND CONDITIONS All other trademarks or trade names mentioned herein, if any, are the property of their respective owners. This Product includes ppp software under below license This directory contains source code and precompiled binaries for ppp-2.4, a package which implements the Point-to-Point Protocol (PPP) to provide Internet connections over serial lines.
Page 362 Appendix F Open Software Announcements FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Page 363: Appendix G Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice.
Page 364 Appendix G Legal Information • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 365: Zyxel Limited Warranty
Canada. Viewing Certifications Go to http://www.zyxel.com. Select your product on the ZyXEL home page to go to that product's page. Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Page 366 (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
Page 367: Index
Index Index ACL rule 165, 338 activation certificate firewalls details SIP ALG factory default SSID Certificate Authority Address Resolution Protocol See CA. administrator account certificates authentication algorithms creating alternative subnet mask notation importing antenna public key directional replacing gain storage space omni-directional Certification Authority AP (access point)
Page 368 Index data fragment threshold FCC interference statement 95, 98 DDoS filters MAC address default login accounts 88, 100 Finger default server address firewalls Denials of Service, see DoS add protocols configuration DHCP 114, 129 DDoS diagnostic Differentiated Services, see DiffServ LAND attack Diffie-Hellman key groups Ping of Death...
Page 369 Index importing certificates Independent Basic Service Set MAC address 89, 118 See IBSS filter 88, 100 initialization vector (IV) MAC authentication Inside Global Address, see IGA Mac filter inside header Inside Local Address, see ILA MBSSID Internet Key Exchange multicast IGMPInternet Group Multicast Protocol, see Internet Protocol Security, see IPSec IGMP...
Page 370 Index OAM Ping Test RADIUS message types outside header messages shared secret key RADIUS server registration product Pairwise Master Key (PMK) 340, 343 related documentation passwords remote management TR-069 Remote Procedure Calls, see RPCs Per-Hop Behavior, see PHB reset 26, 269 restart PIN, WPS restoring configuration...
Page 371 Index SMTP trademarks SNMP traffic shaping example SNMP trap transport mode 154, 184 trTCM srTCM tunnel mode SSID activation Two Rate Three Color Marker, see trTCM MBSSID static route configuration 203, 208, 258 example status 35, 39 firmware version unicast Universal Plug and Play, see UPnP wireless LAN upgrading firmware...
Page 372 Index multiplexing limitations status traffic shaping push button 23, 105 example wireless security Wireless tutorial WLAN warranty interference note security parameters 92, 104 101, 340 compatibility key caching example pre-authentication web configurator user authentication 21, 27 login vs WPA-PSK passwords wireless client supplicant with RADIUS application example WEP Encryption...
Page 373 Index P-660HN-51 User’s Guide...
Page 374 Index P-660HN-51 User’s Guide...

This manual is also suitable for:

P-660hn-51

ZyXEL Communications P-660HN-51 - V1.10 Manual

About this User's Guide

Document Conventions

Safety Warnings

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Introduction

Chapter 2 The Web Configurator

Chapter 3 Network Map and Status Screens

Chapter 4 Tutorials

Technical Reference

Part II: Technical Reference

Chapter 5 Broadband

Chapter 6 Wireless

Chapter 7 Home Networking

Chapter 8 Network Address Translation (NAT)

Chapter 9 MAC Filter

Chapter 10 Firewall

Chapter 11 Remote Management

Chapter 12 Certificates

Chapter 13 Ipsec

Chapter 14 Parental Control

Chapter 15 Routing

Chapter 16 Dynamic DNS Setup

Chapter 17 Quality of Service (Qos)

Chapter 18 TR-069 Client

Chapter 19 Time Settings

Chapter 20 Scheduler Rules

Chapter 21 Policy Forwarding

Chapter 22 Logs

Chapter 23 Introduction to the ARP Table

Chapter 24 Traffic Status

Chapter 25 Users Configuration

Chapter 26 Logs Setting

Chapter 27 Firmware Upgrade

Chapter 28 Configuration

Chapter 29 Diagnostic

Chapter 30 Troubleshooting

Chapter 31 Product Specifications

Appendix A Setting up Your Computer's IP Address

Appendix B Pop-Up Windows, Javascript and Java Permissions

Appendix C IP Addresses and Subnetting

Appendix D Wireless Lans

Quick Links

Related Manuals for ZyXEL Communications P-660HN-51 - V1.10

Summary of Contents for ZyXEL Communications P-660HN-51 - V1.10