About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Syntax Conventions • The P-660HN-Fx may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch P-660HN-Fx User’s Guide...
• Use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s). This product is recyclable. Dispose of it properly. P-660HN-Fx User’s Guide...
Contents Overview Contents Overview Introduction ..........................31 Introducing the ZyXEL Device ....................33 Introducing the Web Configurator ....................39 Status Screens .......................... 45 Wizard ............................. 51 Internet and Wireless Setup Wizard ..................53 Network ........................... 67 WAN Setup ..........................69 LAN Setup ..........................
Page 10
Contents Overview Appendices and Index ......................317 P-660HN-Fx User’s Guide...
Introducing the ZyXEL Device ....................33 1.1 Overview ..........................33 1.2 Ways to Manage the ZyXEL Device ..................33 1.3 Good Habits for Managing the ZyXEL Device ..............34 1.4 Applications for the ZyXEL Device ..................34 1.4.1 Internet Access ......................34 1.5 LEDs (Lights) ........................
Page 12
5.3.2 Configuring More Connections Advanced Setup ............79 5.4 The WAN Backup Setup Screen ..................80 5.5 WAN Technical Reference ....................82 5.5.1 Encapsulation ......................82 5.5.2 Multiplexing ........................ 83 5.5.3 VPI and VCI ....................... 83 5.5.4 IP Address Assignment ....................84 P-660HN-Fx User’s Guide...
Page 13
6.5 The IP Alias Screen ......................96 6.5.1 Configuring the LAN IP Alias Screen ................. 97 6.6 LAN Technical Reference ....................98 6.6.1 LANs, WANs and the ZyXEL Device ................98 6.6.2 DHCP Setup ....................... 99 6.6.3 DNS Server Addresses ....................99 6.6.4 LAN TCP/IP ........................
Page 14
8.6.5 NAT Mapping Types ....................146 Part IV: Security ................... 149 Chapter 9 Firewalls..........................151 9.1 Overview ..........................151 9.1.1 What You Can Do in the Firewall Screens ............... 151 9.1.2 What You Need to Know About Firewall ..............152 P-660HN-Fx User’s Guide...
Page 16
14.1.3 802.1Q/1P Example ....................216 14.2 The 802.1Q/1P Group Setting Screen ................219 14.2.1 Editing 802.1Q/1P Group Setting ................221 14.3 The 802.1Q/1P Port Setting Screen ................222 Chapter 15 Quality of Service (QoS)....................... 225 15.1 Overview .......................... 225 P-660HN-Fx User’s Guide...
Page 17
Chapter 18 Universal Plug-and-Play (UPnP)..................255 18.1 Overview .......................... 255 18.1.1 What You Can Do in the UPnP Screen ..............255 18.1.2 What You Need to Know About UPnP ..............255 18.2 The UPnP Screen ......................256 P-660HN-Fx User’s Guide...
Page 18
21.4 The Restart Screen ......................297 Chapter 22 Diagnostic..........................299 22.1 Overview .......................... 299 22.1.1 What You Can Do in the Diagnostic Screens ............299 22.2 The General Diagnostic Screen ..................299 22.3 The DSL Line Diagnostic Screen ..................300 P-660HN-Fx User’s Guide...
Page 19
Chapter 24 Troubleshooting........................313 24.1 Power, Hardware Connections, and LEDs ..............313 24.2 ZyXEL Device Access and Login ..................314 24.3 Internet Access ........................ 316 Part VIII: Appendices and Index ............317 Appendix A Setting up Your Computer’s IP Address............319 Appendix B Pop-up Windows, JavaScripts and Java Permissions ........
Page 20
Table of Contents P-660HN-Fx User’s Guide...
List of Figures List of Figures Figure 1 ZyXEL Device’s Router Features ..................... 35 Figure 2 LEDs on the Top of the Device ....................35 Figure 3 Password Screen ........................40 Figure 4 Change Password Screen ......................40 Figure 5 Replace Factory Default Certificate Screen ................41 Figure 6 Main Screen ..........................
Page 22
Figure 77 How NAT Works ........................145 Figure 78 NAT Application With IP Alias ....................146 Figure 79 Default Firewall Action ......................151 Figure 80 Firewall Example: Rules ....................... 153 Figure 81 Edit Custom Port Example ....................153 P-660HN-Fx User’s Guide...
Page 24
Figure 163 Internet Connection Status ....................263 Figure 164 Network Connections ......................264 Figure 165 Network Connections: My Network Places ................ 265 Figure 166 Network Connections: My Network Places: Properties: Example ........265 Figure 167 Maintenance > System > General ..................270 P-660HN-Fx User’s Guide...
Page 25
Figure 206 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties ........332 Figure 207 Macintosh OS 8/9: Apple Menu ..................333 Figure 208 Macintosh OS 8/9: TCP/IP ....................333 Figure 209 Macintosh OS X: Apple Menu .................... 334 Figure 210 Macintosh OS X: Network ....................335 P-660HN-Fx User’s Guide...
Page 26
Figure 240 Invalid Parameter Entered: Command Line Example ............376 Figure 241 Valid Parameter Entered: Command Line Example ............376 Figure 242 Internal SPTGEN FTP Download Example ................ 377 Figure 243 Internal SPTGEN FTP Upload Example ................377 P-660HN-Fx User’s Guide...
• “N” denotes 802.11n draft 2.0. The “N” models support 802.11n wireless connection mode. • Models ending in “1”, for example P-660HN-F1, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3”...
• TR-069. This is an auto-configuration server used to remotely configure your device. 1.3 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effectively.
Chapter 1 Introducing the ZyXEL Device Figure 1 ZyXEL Device’s Router Features You can also configure firewall and content filtering on the ZyXEL Device for secure Internet access. When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network.
COLOR STATUS DESCRIPTION ETHERNET Green The ZyXEL Device has an Ethernet connection with a device on the Local Area Network (LAN). Blinking The ZyXEL Device is sending/receiving data to /from the LAN. The ZyXEL Device does not have an Ethernet connection with the LAN.
2 Press the WPS WLAN ON/OFF button for five to ten seconds and release it. Press the WPS button on another WPS -enabled device within range of the ZyXEL Device. The WLAN/WPS LED should flash while the ZyXEL Device sets up a WPS connection with the wireless device.
Internet Explorer. 2.1.1 Accessing the Web Configurator 1 Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). 2 Launch your web browser. 3 Type "192.168.1.1" as the URL.
Click Apply to create a specific certificate for the device using your computer’s MAC address. For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again.
As illustrated above, the main screen is divided into these parts: • A - title bar • B - navigation panel • C - main window • D - status bar 2.2.1 Title Bar The title bar provides some icons in the upper right corner. P-660HN-Fx User’s Guide...
Logout: Click this icon to log out of the web configurator. 2.2.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL Device features. The following tables describe each menu item. Table 3 Navigation Panel Summary...
Page 43
Use this screen to generate and export self-signed certificates or certification requests and import the ZyXEL Device’s CA-signed certificates. Trusted CAs Use this screen to save CA certificates to the ZyXEL Device. Trusted Remote Use this screen to import self-signed certificates.
Configuration Use this screen to backup and restore your device’s configuration (settings) or reset the factory default settings. Restart This screen allows you to reboot the ZyXEL Device without turning the power off. Diagnostic General Use this screen to test the connections to other devices.
IP and DHCP and statistics from bandwidth management, and traffic. 3.2 The Status Screen Use this screen to view the status of the ZyXEL Device. Click Status to open this screen. Figure 7 Status Screen Each field is described in the following table.
Page 46
This field displays what DHCP services the ZyXEL Device is providing to the LAN. Choices are: Server - The ZyXEL Device is a DHCP server in the LAN. It assigns IP addresses to other computers in the LAN. Relay - The ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients.
Page 47
This field displays how long the ZyXEL Device has been running since it last Uptime started up. The ZyXEL Device starts up when you plug it in, when you restart it (Maintenance > Tools > Restart), or when you reset it.
Section 6.4 on page 95 for information on this screen. 3.4 WLAN Status Use this screen to view the wireless stations that are currently associated to the ZyXEL Device. Click Status > WLAN Status to access this screen. Figure 8 WLAN Status The following table describes the labels in this screen.
WAN Port Statistics Link Status This is the status of your WAN link. WAN IP Address This is the IP address of the ZyXEL Device’s WAN port. Upstream Speed This is the upstream speed of your ZyXEL Device. Downstream Speed This is the downstream speed of your ZyXEL Device.
3.6 Any IP Table Click Status > AnyIP Table to access this screen. Use this screen to view the IP address and MAC address of each computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device.
Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to go to the wizards. Figure 11 Select a Mode 2 Click INTERNET/WIRELESS SETUP to configure the system for Internet access and wireless connection. P-660HN-Fx User’s Guide...
Chapter 4 Internet and Wireless Setup Wizard Figure 12 Wizard Welcome 3 Your ZyXEL device attempts to detect your DSL connection and your connection type. 3a The following screen appears if a connection is not detected. Check your hardware connections and click Restart the INTERNET/WIRELESS SETUP Wizard to return to the wizard welcome screen.
Figure 15 Auto Detection: Failed 4.2.1 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen exactly as your service provider gave it to you. Leave the defaults in any fields for which you were not given information.
Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly. If you select Bridge, you cannot use Firewall, DHCP server and NAT on the ZyXEL Device.
Type the name of your PPPoE service here. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 18 Internet Connection with RFC 1483 P-660HN-Fx User’s Guide...
Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP Server clients along with the IP address and the subnet mask. Second DNS As above. Server Back Click this to return to the previous screen without saving. P-660HN-Fx User’s Guide...
• If the user name and/or password you entered for PPPoE or PPPoA connection are not correct, the screen displays as shown next. Click Back to Username and Password setup to go back to the screen where you can modify them. P-660HN-Fx User’s Guide...
4.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. P-660HN-Fx User’s Guide...
Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. 3 Configure your wireless settings in this screen. Click Next. P-660HN-Fx User’s Guide...
Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless Name(SSID) LAN. If you change this field on the ZyXEL Device, make sure all wireless stations use the same SSID in order to access the network. Channel The range of radio frequencies used by IEEE 802.11b/g wireless devices is called a...
Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. 4.3.2 Manually Assign a WEP Key Choose Manually assign a WEP key to setup WEP Encryption parameters. Figure 27 Manually Assign a WEP key P-660HN-Fx User’s Guide...
LABEL DESCRIPTION The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. Enter any 5 or 13 ASCII characters, or 10 or 26 hexadecimal characters ("0-9", "A-F") for a 64-bit or 128-bit WEP key respectively.
Chapter 4 Internet and Wireless Setup Wizard Figure 29 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features.
Page 66
Chapter 4 Internet and Wireless Setup Wizard P-660HN-Fx User’s Guide...
5.1 Overview This chapter describes how to configure WAN settings from the WAN screens. Use these screens to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet.
Chapter 5 WAN Setup WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other devices in other networks.
Modulation Select the modulation supported by your ISP. Use Multi Mode if you are not sure which mode to choose from. The ZyXEL Device dynamically diagnoses the mode supported by the ISP and selects the best compatible one for your connection.
Page 72
Specify a gateway IP address (supplied by your ISP). DNS Server First DNS Server Select Obtained From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address) and you select Obtain Second DNS Server an IP Address Automatically. Third DNS Server Select User-Defined if you have the IP address of a DNS server.
Nailed-Up Select Nailed-Up Connection when you want your connection up all the time. Connection The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on Select Connect on Demand when you don't want the connection up all the time Demand and specify an idle time-out in the Max Idle Timeout field.
LAN to use PPPoE client software encapsulation only) on their computers to connect to the ISP via the ZyXEL Device. Each host can have a separate account and a public WAN IP address.
Click this to restore your previously saved settings. 5.3 The More Connections Screen The ZyXEL Device allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network > WAN > More Connections. The screen differs by the encapsulation you select. When you use the WAN >...
Click this to save your changes. Cancel Click this to restore your previously saved settings. 5.3.1 More Connections Edit Use this screen to configure a connection. Click the edit icon in the More Connections screen to display the following screen. P-660HN-Fx User’s Guide...
Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account. If you select Bridge, the ZyXEL Device will forward any packet that it does not route to this remote node; otherwise, the packets are discarded.
Page 78
Connection Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field.
WAN setup. 5.3.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown.
Click this to save your changes. Cancel Click this to restore your previously saved settings. 5.4 The WAN Backup Setup Screen Use this screen to configure your ZyXEL Device’s WAN backup. Click Network > WAN > WAN Backup Setup. P-660HN-Fx User’s Guide...
Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields.
Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. Active Traffic Select this check box to have the ZyXEL Device use traffic redirect if the normal Redirect WAN connection goes down. Note: If you activate traffic redirect, you must configure at least one Check WAN IP Address.
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
The ZyXEL Device does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the ZyXEL Device will try to bring up the connection when turned on and whenever the connection is down. A nailed-up connection can be very expensive for obvious reasons.
Chapter 5 WAN Setup The metric sets the priority for the ZyXEL Device’s routes to the Internet. If any two of the default routes have the same metric, the ZyXEL Device uses the following pre-defined priorities: • Normal route: designated by the ISP (see Section 5.2 on page...
An example application is background file transfer. 5.8 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below. P-660HN-Fx User’s Guide...
LAN. Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
Page 88
Chapter 5 WAN Setup P-660HN-Fx User’s Guide...
(Section 6.2 on page 90) to set the LAN IP address and subnet mask of your ZyXEL device. You can also edit your ZyXEL Device's RIP, multicast, any IP and Windows Networking settings from this screen. • Use the DHCP Setup screen (Section 6.3 on page...
Client List screen. 6.2 The LAN IP Screen Use this screen to set the Local Area Network IP address and subnet mask of your ZyXEL Device. Click Network > LAN to open the IP screen. Follow these steps to configure your LAN settings.
LABEL DESCRIPTION IP Address Enter the LAN IP address you want to assign to your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Internet via the ZyXEL Device without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the ZyXEL Device are not in the same subnet.
Click this to restore your previously saved settings. 6.3 The DHCP Setup Screen Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Click Network > DHCP Setup to open this screen.
DHCP client. If set to None, the DHCP server will be disabled. If set to Relay, the ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients.
Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply. Select DNS Relay to have the ZyXEL Device act as a DNS proxy only when the ISP uses IPCP DNS server extensions. The ZyXEL Device's LAN IP address displays in the field to the right (read-only).
IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The ZyXEL Device supports three logical LAN interfaces via its single physical Ethernet interface with the ZyXEL Device itself as the gateway for each LAN network.
C: 192.168.3.1 - 192.168.3.24 6.5.1 Configuring the LAN IP Alias Screen Use this screen to change your ZyXEL Device’s IP alias settings. Click Network > LAN > IP Alias to open the following screen. Figure 45 Network > LAN > IP Alias The following table describes the labels in this screen.
RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the ZyXEL Device will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives;...
The ZyXEL Device supports the IPCP DNS server extensions through the DNS proxy feature. If the DNS Server fields in the DHCP Setup screen are set to DNS Relay, the ZyXEL Device tells the DHCP clients that it itself is the DNS server. When a computer sends a...
Page 100
Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your ZyXEL Device, but make sure that no other device on your network is using that IP address.
• Both - the ZyXEL Device will broadcast its routing table periodically and incorporate the RIP information that it receives. • In Only - the ZyXEL Device will not send any RIP packets but will accept all RIP packets received.
Traditionally, you must set the IP addresses and the subnet masks of a computer and the ZyXEL Device to be in the same subnet to allow the computer to access the Internet (through the ZyXEL Device). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the ZyXEL Device.
Page 103
ZyXEL Device. 1 When a computer (which is in a different subnet) first attempts to access the Internet, it sends packets to its default gateway (which is not the ZyXEL Device) by looking at the MAC address in its ARP table.
Page 104
Chapter 6 LAN Setup P-660HN-Fx User’s Guide...
• Use the WDS screen (see Section 7.6 on page 119) to set up a Wireless Distribution System, in which the ZyXEL Device acts as a bridge with other ZyXEL access points. • Use the QoS screen (see Section 7.7 on page 120) to enable or disable Quality of Service.
• What advanced options do you want to configure, if any? If you want to configure advanced options such as Quality of Service, ensure that you know precisely what you want to do. If you do not want to configure advanced options, leave them as they are. P-660HN-Fx User’s Guide...
Select a channel from the drop-down list box. Channel Width Select whether the ZyXEL Device uses a wireless channel width of 20 or 40 MHz. A standard 20 MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300 Mbps.
WLAN setup. 7.2.1 No Security In the Network > Wireless LAN > AP screen, select No Security from the Security Mode list to allow wireless devices to communicate with the ZyXEL Device without any data encryption or authentication. P-660HN-Fx User’s Guide...
Chapter 7 Wireless LAN If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 49 Network > Wireless LAN > AP: No Security The following table describes the labels in this screen.
Device automatically generates a WEP key. WEP Key The WEP key is used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. If you want to manually set the WEP key, enter any 5 or 13 characters (ASCII string) or 10 or 26 hexadecimal characters ("0-9", "A-F") for a 64-bit or 128-bit WEP key...
DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK or WPAPSKMixed from the drop-down list box. Select WPAPSK Mixed if you want the ZyXEL Device to support WPA-PSK and WPA2-PSK simultaneously. Pre-Shared Key The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same.
DESCRIPTION Security Mode Choose WPA, WPA2 or WPAMixed from the drop-down list box. Select WPAMixed if you want the ZyXEL Device to support WPA and WPA2 simultaneously. ReAuthentication Specify how often wireless stations have to resend usernames and passwords in Timer order to stay connected.
Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the ZyXEL Device. The key must be the same on the external authentication server and your ZyXEL Device. The key is not sent over the network.
2432. Output Power Set the output power of the ZyXEL Device. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs. Select one of the following Maximum, Middle or Minimum.
Define the filter action for the list of MAC addresses in the MAC Address table. Filter Action Select Deny to block access to the ZyXEL Device. MAC addresses not listed will be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device. MAC addresses not listed will be denied access to the ZyXEL Device.
LABEL DESCRIPTION SSID An SSID profile is the set of parameters relating to one of the ZyXEL Device’s BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated. This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
Click this to restore your previously saved settings. 7.4 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your ZyXEL Device. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually.
Click this to add another WPS-enabled wireless device (within wireless range of the ZyXEL Device) to your wireless network. This button may either be a physical button on the outside of device, or a menu button similar to the Push Button on this screen.
An AP using the Wireless Distribution System (WDS) can function as a wireless network bridge allowing you to wirelessly connect two wired network segments. The WDS screen allows you to configure the ZyXEL Device to connect to two or more APs wirelessly when WDS is enabled.
This is the index number of the individual WDS link. Active Select this to activate the link between the ZyXEL Device and the peer device to which this entry refers. When you do not select the check box this link is down.
Table 41 Network > Wireless LAN > QoS LABEL DESCRIPTION Enable Wireless Select this box to activate wireless LAN scheduling on your ZyXEL Device. LAN Scheduling WLAN status Select On or Off to enable or disable the wireless LAN. Check the day(s) you want to turn the wireless LAN on or off.
The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your ZyXEL Device is the AP. Every wireless network must follow these basic guidelines.
Since the available unlicensed spectrum varies from one country to another, the number of available channels also varies. 7.9.2 Additional Wireless Terms The following table describes some wireless network terms and acronyms used in the ZyXEL Device’s Web Configurator. Table 42 Additional Wireless Terms...
Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the ZyXEL Device does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess.
Chapter 7 Wireless LAN You can use the MAC address filter to tell the ZyXEL Device which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security). If a device is not allowed to use the wireless network, it does not matter if it has the correct information.
When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA compatible) to support WPA as well. In this case, if some of the devices support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the ZyXEL Device.
Once the security settings of peer sides match one another, the connection between devices is made. At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details.
AP 1 AP 2 7.9.8 WiFi Protected Setup (WPS) Your ZyXEL Device supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance.
Page 129
3 Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the ZyXEL Device, see Section 7.4 on page 117).
If not, it generates the SSID and WPA(2)-PSK randomly. The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. P-660HN-Fx User’s Guide...
When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information. P-660HN-Fx User’s Guide...
In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. P-660HN-Fx User’s Guide...
WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a possible way for a hacker to gain access to a network. P-660HN-Fx User’s Guide...
Page 134
Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. P-660HN-Fx User’s Guide...
8.1.2 What You Need To Know About NAT Inside/Outside Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Table 51 on page 147. • Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device.
Select this check box to enable NAT. Address Translation (NAT) SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device. Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device.
If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
The Address Mapping screen is available only when you select Full Feature in the NAT > General screen. Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored.
4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. To change your ZyXEL Device’s address mapping settings, click Network > NAT > Address Mapping to open the following screen.
Note that port numbers do not change for One-to-one NAT mapping type. Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
ZyXEL Device’s private IP address inside the SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG. Use this screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device. To access this screen, click Network >...
Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this.
Address (ILA) Address (IGA) 192.168.1.11 192.168.1.10 8.6.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the ZyXEL Device can communicate with three distinct WAN networks. P-660HN-Fx User’s Guide...
8.6.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the ZyXEL Device maps multiple local IP addresses to one global IP address.
ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 P-660HN-Fx User’s Guide...
(Section 9.2 on page 156) to enable firewall and/or triangle route on the ZyXEL Device, and set the default action that the firewall takes on packets that do not match any of the firewall rules. • Use the Rules screen (Section 9.3 on page...
DoS attacks. Anti-Probing If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. The ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent.
Apply. Figure 81 Edit Custom Port Example 7 Select Any in the Destination Address List box and then click Delete. 8 Configure the destination address screen as follows and click Add. P-660HN-Fx User’s Guide...
9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box. P-660HN-Fx User’s Guide...
Figure 83 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. P-660HN-Fx User’s Guide...
Chapter 9 Firewalls Figure 84 Firewall Example: Rules: MyService 9.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 85 Security > Firewall > General P-660HN-Fx User’s Guide...
Device. This is called an asymmetrical or “triangle” route. This causes the ZyXEL Device to reset the connection, as the connection has not been acknowledged. Select this check box to have the ZyXEL Device permit the use of asymmetrical route topology on the network (not reset the connection).
Table 53 Security > Firewall > Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using. When you are using 80% or less of the storage in Use space, the bar is green.
Use this screen to configure firewall rules. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. P-660HN-Fx User’s Guide...
Figure 87 Security > Firewall > Rules: Edit The following table describes the labels in this screen. Table 54 Security > Firewall > Rules: Edit LABEL DESCRIPTION Edit Rule Active Select this option to enable this firewall rule. P-660HN-Fx User’s Guide...
Page 161
Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert Send Alert Select the check box to have the ZyXEL Device generate an alert when the rule Message to is matched. Administrator When...
Chapter 9 Firewalls 9.3.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. See Appendix E on page 371 for some examples.
Click this to delete the current rule. 9.4 The Firewall Threshold Screen For DoS attacks, the ZyXEL Device uses thresholds to determine when to start dropping sessions that do not become fully established (half-open sessions). These thresholds apply globally to all sessions.
Tune these parameters when you believe the ZyXEL Device has been receiving DoS attacks that are not recorded in the logs or the logs show that the ZyXEL Device is classifying normal traffic as DoS attacks.
ZyXEL Device deletes half-open sessions as required to accommodate new connection attempts. For example, if you set the one minute high to 100, the ZyXEL Device starts deleting half-open sessions when more than 100 session establishment attempts have been detected in the last minute.
Your customized rules take precedence and override the ZyXEL Device’s default settings. The ZyXEL Device checks the source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them). When the traffic matches a rule, the ZyXEL Device takes the action specified in the rule.
Page 167
By default the ZyXEL Device stops computers on the WAN from managing the ZyXEL Device or using the ZyXEL Device as a gateway to communicate with other computers on the WAN. You could configure one of these rules to allow a WAN computer to manage the ZyXEL Device.
9.5.4 Triangle Route When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks.
You may have more than one connection to the Internet (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL Device’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may occur.
2 The ZyXEL Device reroutes the packet to Gateway A, which is in Subnet 2. 3 The reply from the WAN goes to the ZyXEL Device. 4 The ZyXEL Device then sends it to the computer on the LAN in Subnet 1. Figure 94 IP Alias...
The URL (Uniform Resource Locator) identifies and helps locates resources on a network. On the Internet the URL is the web address that you type in the address bar of your Internet browser, for example “http://www.zyxel.com”. 10.1.3 Before You Begin To use the Trusted screen, you need the IP addresses of devices on your network.
“192.168.1.xxx”. Bob gave his home computer a static IP address of 192.168.1.2 and the study computer a static IP address of 192.168.1.3. To exclude the study computer from keyword blocking he follows these steps. 1 Click Security > Content Filter > Trusted to display the following screen. P-660HN-Fx User’s Guide...
10.2 The Keyword Screen Use this screen to block sites containing certain keywords in the URL. For example, if you enable the keyword "bad", the ZyXEL Device blocks all sites containing this keyword including the URL http://www.website.com/bad.html. To have your ZyXEL Device block websites containing keywords in their URLs, click Security >...
Click this to restore your previously saved settings. 10.3 The Schedule Screen Use this screen to set the days and times for the ZyXEL Device to perform content filtering. Click Security > Content Filter > Schedule. The screen appears as shown.
Click this to restore your previously saved settings. 10.4 The Trusted Screen Use this screen to exclude a range of users on the LAN from content filtering on your ZyXEL Device. Click Security > Content Filter > Trusted. The screen appears as shown.
Filter Structure A filter set consists of one or more filter rules. The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix generic filter rules and protocol filter rules within the same set.
11.2.1 Editing Protocol Filters Use this screen to display a protocol filter set on your ZyXEL Device. Protocol rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Cancel Click this to restore your previously saved settings. 11.2.2 Configuring Protocol Filter Rules Use this screen to configure protocol filter rules. In the Edit (Protocol Filter) screen, click an Edit icon to display the following screen. P-660HN-Fx User’s Guide...
TCP Estab This field is only available when you select TCP in the Protocol field. Select Yes to have the rule match packets that want to establish a TCP connection. This field is ignored if you select No. P-660HN-Fx User’s Guide...
For IP packets, it is generally easier to use the IP rules directly. For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
Enter the byte count of the data portion in the packet that you wish to compare. The range for this field is 0 to 8. Mask Enter the mask (in hexadecimal notation) to apply to the data portion before comparison. P-660HN-Fx User’s Guide...
On the other hand, the generic filters are applied to the raw packets that appear on the wire. They are applied at the point when the ZyXEL Device is receiving and sending the packets; that is the interface. The interface can be an Ethernet port or any other hardware port.
Chapter 11 Packet Filter 11.3.2 Firewall Versus Filters Below are some comparisons between the ZyXEL Device’s filtering and firewall functions. Packet Filtering • The router filters packets as they pass through the router’s interface according to the filter rules you designed.
Figure 107 Certificates Example In the figure above, the ZyXEL Device (Z) checks the identity of the notebook (A) using a certificate before granting it access to the network. 12.1.1 What You Can Do in the Certificates Screens •...
12.2 The My Certificates Screen This is the ZyXEL Device’s summary list of certificates and certification requests. Certificates display in black and certification requests display in gray. Click Security > Certificates > My Certificates to open the My Certificates screen.
Note that subsequent certificates move up by one when you take this action Create Click this to go to the screen where you can have the ZyXEL Device generate a certificate or a certification request. P-660HN-Fx User’s Guide...
Click this to display the current validity status of the certificates. 12.2.1 My Certificate Import Follow the instructions in this screen to save an existing certificate to the ZyXEL Device. Click Security > Certificates > My Certificates and then Import to open the My Certificate Import screen.
Click this to clear your settings. 12.2.2 My Certificate Create Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. Click Security > Certificates > My Certificates > Create to open the My Certificate Create screen.
Page 190
Select Create a certification request and save it locally for later manual request and save it enrollment to have the ZyXEL Device generate and store a request for a locally for later certificate. Use the My Certificate Details screen to view the certification manual enrollment request and copy it to send to the certification authority.
Use this screen to view in-depth certificate information and change the certificate’s name. In the case of a self-signed certificate, you can set it to be the one that the ZyXEL Device uses to sign the trusted remote host certificates that you import to the ZyXEL Device. Click Security >...
31 characters to identify this certificate. You may use any character (not including spaces). Property Select this check box to have the ZyXEL Device use this certificate to sign the Default self-signed trusted remote host certificates that you import to the ZyXEL Device. This check certificate which box is only available with self-signed certificates.
Page 193
If the certificate is a self-signed certificate, the certificate itself is the only one in the list. The ZyXEL Device does not trust the certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked.
This screen displays a summary list of certificates of the certification authorities that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities.
LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use. The bar turns from blue to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyXEL Device to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
31 characters to identify this key certificate. You may use any character (not including spaces). Property Select this check box to have the ZyXEL Device check incoming certificates that Issues certificate are issued by this certification authority against a Certificate Revocation List revocation lists (CRL).
Page 198
Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). Subject Alternative This field displays the certificate’s owner‘s IP address (IP), domain name (DNS)
Apply Click this to save your changes. You can only change the name and/or set whether or not you want the ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority.
Issuer (My Default This field displays identifying information about the default self-signed certificate Self-signed on the ZyXEL Device that the ZyXEL Device uses to sign the trusted remote host Certificate) certificates. This field displays the certificate index number. The certificates are listed in alphabetical order.
Import to open the Trusted Remote Host Import screen. Follow the instructions in this screen to save a trusted host’s certificate to the ZyXEL Device. The trusted remote host certificate must be a self-signed certificate; and you must remove any spaces from its filename before you can import it.
For a trusted host, the list consists of the end entity’s own certificate and the default self-signed certificate that the ZyXEL Device uses to sign remote host certificates. Refresh Click this to display the certification path.
Page 203
ZyXEL Device that the ZyXEL Device uses to sign the trusted remote host certificates. Signature Algorithm This field displays the type of algorithm that the ZyXEL Device used to sign the certificate, which is rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm).
This screen displays a summary list of directory servers (that contain lists of valid and revoked certificates) that have been saved into the ZyXEL Device. If you decide to have the ZyXEL Device check incoming certificates against the issuing certification authority’s list of revoked certificates, the ZyXEL Device first checks the server(s) listed in the CRL Distribution Points field of the incoming certificate.
ZyXEL Device can access it. 12.5.1 Directory Server Add and Edit Use this screen to configure information about a directory server that the ZyXEL Device can access. Click Security > Certificates > Directory Servers to open the Directory Servers screen.
A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked.
Self-signed Certificates You can have the ZyXEL Device act as a certification authority and sign its own certificates. 12.6.2 Private-Public Certificates When using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available.
3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 121 Certificate Details 4 Verify (over the phone for example) that the remote host has the same information in the Thumbprint Algorithm and Thumbprint fields. P-660HN-Fx User’s Guide...
13.1 Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes.
Click the Edit icon to go to the screen where you can set up a static route on the ZyXEL Device. Click the Remove icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route.
Section 5.3 on page 75 for details on configuring a remote node. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-Fx User’s Guide...
You can assign any ports on the ZyXEL Device to a VLAN group and configure the settings for the group. You may also set the priority level for traffic trasmitted through the ports.
802.1Q VLAN-unaware device to an 802.1Q VLAN-aware switch, the ZyXEL Device first decides where to forward the frame, and then inserts a VLAN tag reflecting the ingress port's default VID. The default PVID is VLAN 1 for all ports, but this can be changed.
1 Click Advanced > 802.1Q/1P > Port Setting to display the following screen. 2 Type 2 in the 802.1Q PVID column for LAN1, LAN2 and PVC1. 3 Select 7 from the 802.1P Priority drop-down list box for LAN1, LAN2 and PVC1. 4 Click Apply. P-660HN-Fx User’s Guide...
PVC3 into one VLAN (VLAN4). PVC3 priority is set to medium level of service. Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4. The summary screen should then display as follows. P-660HN-Fx User’s Guide...
Figure 129 Advanced > 802.1Q/1P > Group Setting: Example This completes the 802.1Q/1P setup. 14.2 The 802.1Q/1P Group Setting Screen Use this screen to activate 802.1Q/1P and display the VLAN groups. Click Advanced > 802.1Q/1P to display the following screen. P-660HN-Fx User’s Guide...
Enter the ID number of a VLAN group. All interfaces (ports, SSIDs and PVCs) are in the management VLAN by default. If you disable the management VLAN, you will not be able to access the ZyXEL Device. Summary This field displays the index number of the VLAN group.
This field displays the types of ports available to join the VLAN group. Control Select Fixed for the port to be a permanent member of the VLAN group. Select Forbidden if you want to prohibit the port from joining the VLAN group. P-660HN-Fx User’s Guide...
This field displays the types of ports available to join the VLAN group. 802.1Q PVID Assign a VLAN ID for the port. The valid VID range is between 1 and 4094. The ZyXEL Device assigns the PVID to untagged frames or priority-tagged frames received on this port. P-660HN-Fx User’s Guide...
Page 223
You may choose a priority level from 0-7, with 0 being the lowest level and 7 being the highest level. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-Fx User’s Guide...
Quality of Service (QoS) 15.1 Overview Use the QoS screens to set up your ZyXEL Device to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth. QoS allows the ZyXEL Device to group and prioritize application traffic and fine-tune network performance.
Traffic from the boss’s IP address (192.168.1.23 for example) is mapped to queue 5. Traffic that does not match these two classes are assigned priority queue based on the internal QoS mapping table on the ZyXEL Device. Figure 133 QoS Example...
Chapter 15 Quality of Service (QoS) 15.2 The QoS General Screen Use this screen to enable or disable QoS and have the ZyXEL Device automatically assign priority to traffic according to the IEEE 802.1p priority level, IP precedence and/or packet length.
Click this to restore your previously saved settings. 15.3.1 The Class Configuration Screen Use this screen to configure a classifier. Click the Add button or the Edit icon in the Modify field to display the following screen. P-660HN-Fx User’s Guide...
Select from which interface traffic of this class should come. Priority Select a priority level (between 0 and 7) or select Auto to have the ZyXEL Device map the matched traffic to a queue according to the internal QoS mapping table. See Section 15.5.4 on page 236...
Page 233
Select this option and enter the minimum and maximum packet length (from 28 to 1500) in the fields provided. DSCP Select this option and specify a DSCP (DiffServ Code Point) number between 0 and 63 in the field provided. P-660HN-Fx User’s Guide...
Click this to restore your previously saved settings. 15.4 The QoS Monitor Screen Use this screen to view the ZyXEL Device’s QoS packet statistics. Click Advanced > QoS > Monitor. The screen appears as shown. Figure 141 Advanced > QoS > Monitor The following table describes the labels in this screen.
IP precedence uses three bits of the eight-bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest. P-660HN-Fx User’s Guide...
DSCP values and the configured policies. 15.5.4 Automatic Priority Queue Assignment If you enable QoS on the ZyXEL Device, the ZyXEL Device can automatically base on the IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class.
If you have a private WAN IP address, then you cannot use Dynamic DNS. 16.2 The Dynamic DNS Screen Use this screen to change your ZyXEL Device’s DDNS. Click Advanced > Dynamic DNS. The screen appears as shown. P-660HN-Fx User’s Guide...
Select the type of service that you are registered for from your Dynamic DNS Type service provider. Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (","). User Name Type your user name.
Page 241
Table 89 Advanced > Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this option only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. This feature has the DDNS server automatically detect IP detect and use the IP address of the NAT router that has a public IP address.
Page 242
Chapter 16 Dynamic DNS Setup P-660HN-Fx User’s Guide...
To disable remote management of a service, select Disable in the corresponding Access Status field. You may only have one remote management session running at a time. The ZyXEL Device automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts.
• Use the WWW screen (Section 17.2 on page 245) to configure through which interface(s) and from which IP address(es) users can use HTTP to manage the ZyXEL Device. • Use the Telnet screen (Section 17.3 on page 247) to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the ZyXEL Device.
Chapter 17 Remote Management 17.2 The WWW Screen Use this screen to specify how to connect to the ZyXEL Device from a web browser, such as Internet Explorer. 17.2.1 WWW and HTTPS HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages.
HTTPS Server Host Key Select the Server Host Key that the ZyXEL Device will use to identify itself. The ZyXEL Device is the SSL server and must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the ZyXEL Device).
Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Chapter 17 Remote Management 17.4 The FTP Screen You can use FTP (File Transfer Protocol) to upload and download the ZyXEL Device’s firmware and configuration files. Please see the User’s Guide chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client.
An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP.
MIBs is to let administrators collect statistical data and monitor status and performance. 17.5.2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 93 SNMP Traps...
A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Chapter 6 on page 89 for background information. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS settings. This feature is not available when the ZyXEL Device is set to bridge mode.
ZyXEL Device services unseen. If this option is not selected, the ZyXEL Device will reply with an ICMP port unreachable packet for a port probe on its unused UDP ports and a TCP reset packet for a port probe on its unused TCP ports.
18.1.1 What You Can Do in the UPnP Screen Use the UPnP screen (Section 18.2 on page 256) to enable UPnP on the ZyXEL Device and allow UPnP-enabled applications to automatically configure the ZyXEL Device. 18.1.2 What You Need to Know About UPnP Identifying UPnP Devices UPnP hardware is identified as an icon in the Network Connections folder (Windows XP).
See the following sections for examples of installing and using UPnP. 18.2 The UPnP Screen Use the following screen to configure the UPnP settings on your ZyXEL Device. Click Advanced > UPnP to display the screen shown next. Section 18.1 on page 255 for more information.
2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Figure 153 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. P-660HN-Fx User’s Guide...
3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 155 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. P-660HN-Fx User’s Guide...
Figure 156 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 157 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. P-660HN-Fx User’s Guide...
This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 159 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. P-660HN-Fx User’s Guide...
5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. P-660HN-Fx User’s Guide...
Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 164 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-660HN-Fx User’s Guide...
Chapter 18 Universal Plug-and-Play (UPnP) Figure 165 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 166 Network Connections: My Network Places: Properties: Example...
• In Windows 2000, click Start, Settings, Control Panel and then double-click System. Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name. P-660HN-Fx User’s Guide...
Type your new user password (up to 30 characters). Note that as you type a Password password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the ZyXEL Device. P-660HN-Fx User’s Guide...
Click this to restore your previously saved settings. 19.3 The Time Setting Screen Use this screen to configure the ZyXEL Device’s time based on your local time zone. To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting.
When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. Get from Time Select this radio button to have the ZyXEL Device get the time and date from the Server time server you specified below.
Page 273
In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-Fx User’s Guide...
Page 274
Chapter 19 System Settings P-660HN-Fx User’s Guide...
The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Use the Log Settings screen to configure the mail server, the syslog server, when to send logs and what logs to send. To change your ZyXEL Device’s log settings, click Maintenance > Logs > Log Settings. The screen appears as shown.
ZyXEL Device sends. Not all ZyXEL Device models have this field. Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail.
Enter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to Sending Log send the logs. Clear log after Select the checkbox to delete all the logs after the ZyXEL Device sends an E-mail of sending mail the logs. Syslog Logging The ZyXEL Device sends a log to an external syslog server.
Someone has logged on to the router's web configurator Successful WEB login interface. Someone has failed to log on to the router's web configurator WEB login failed interface. Someone has logged on to the router via telnet. Successful TELNET login P-660HN-Fx User’s Guide...
The router failed to allocate memory for the NetBIOS filter setNetBIOSFilter: calloc settings. error The router failed to allocate memory for the NetBIOS filter readNetBIOSFilter: calloc settings. error A WAN connection is down. You cannot access the network WAN connection is down. through this interface. P-660HN-Fx User’s Guide...
TOS (firewall dynamic sessions) until incomplete connections < “Maximum Incomplete Low”. The router sends a TCP RST packet and generates this log if you Access block, sent TCP turn on the firewall TCP reset mechanism (via CI command: "sys firewall tcprst"). P-660HN-Fx User’s Guide...
LOG MESSAGE DESCRIPTION The PPP connection’s Link Control Protocol stage has started. ppp:LCP Starting The PPP connection’s Link Control Protocol stage is opening. ppp:LCP Opening The PPP connection’s Challenge Handshake Authentication Protocol stage is ppp:CHAP Opening opening. P-660HN-Fx User’s Guide...
ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN. (L to L/ZyXEL Device) LAN to LAN/ ACL set for packets traveling from the LAN to the LAN or ZyXEL Device the ZyXEL Device.
Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message P-660HN-Fx User’s Guide...
The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension. Once you have customized the ZyXEL Device's settings, they can be saved back to your computer under a filename of your choosing.
The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary.
FTP client. The following sections give examples of how to upload the firmware and the configuration files. FTP File Upload Command from the DOS Prompt Example 1 Launch the FTP client on your computer. P-660HN-Fx User’s Guide...
Enter “command sys stdio 5” to restore the five-minute management idle timeout (default) when the file transfer is complete. 3 Launch the TFTP client on your computer and connect to the device. Set the transfer mode to binary before starting data transfer. P-660HN-Fx User’s Guide...
5 Enter “ ” to set transfer mode to binary. 6 Use “ ” to transfer files from the ZyXEL Device to the computer, for example, “ ” transfers the configuration file on the ZyXEL Device to your rom-0 config.rom computer and renames it “...
To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next. 1 Use telnet from your computer to connect to the ZyXEL Device and log in. Because TFTP does not have any security checks, the ZyXEL Device records the IP address of the telnet client and accepts TFTP requests only from this address.
Enter the IP address of the ZyXEL Device. 192.168.1.1 is the ZyXEL Device’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the ZyXEL Device and “Fetch” to back up the file on your computer. Local File Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom...
ZyXEL Device again. Figure 176 Firmware Upload In Progress The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 177 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Upload Click this to begin the upload process. Do not turn off the ZyXEL Device while configuration file upload is in progress. After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again.
System restart allows you to reboot the ZyXEL Device remotely without turning the power off. You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
H A P T E R Diagnostic 22.1 Overview These read-only screens display information to help you identify problems with the ZyXEL Device. 22.1.1 What You Can Do in the Diagnostic Screens • Use the General Diagnostic screen (Section 22.2 on page 299) to ping an IP address.
22.3 The DSL Line Diagnostic Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 187 Maintenance > Diagnostic > DSL Line P-660HN-Fx User’s Guide...
ATM OAM F5 cells that have been received. outF5Pkts is the number of ATM OAM F5 cells that have been sent. openChan is the number of times that the ZyXEL Device has opened a logical DSL channel.
Page 302
Loading ADSL modem F/W... Reset ADSL Line Successfully!" Capture All Logs Click this to display information and statistics about your ZyXEL Device’s ATM statistics, DSL connection statistics, DHCP settings, firmware version, WAN and gateway IP address, VPI/VCI and LAN IP address.
H A P T E R Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. 23.1 Hardware Specifications Table 126 Hardware Specifications Dimensions (362 W) x (200 D) x (110 H) mm Weight 365 g Power Specification...
Page 306
Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, an FTP or a TFTP tool to put it on the ZyXEL Device. Note: Only upload firmware for your specific model! Configuration Backup &...
Page 307
Table 127 Firmware Specifications (continued) Any IP The Any IP feature allows a computer to access the Internet and the ZyXEL Device without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the ZyXEL Device are not in the same subnet.
F4/F5 OAM 23.3 Wireless Features Table 128 Wireless Features External Antenna The ZyXEL Device is equipped with two fixed antenna to provide a clear radio signal between the wireless stations and the access points. Wireless LAN MAC Address Your device can check the MAC addresses of wireless stations Filtering against a list of allowed or denied MAC addresses.
Store up to 32 built-in user profiles using EAP-MD5 (Local User Database) External RADIUS server using EAP-MD5, TLS, TTLS Wireless scheduling The following list, which is not exhaustive, illustrates the standards supported in the ZyXEL Device. Table 129 Standards Supported STANDARD...
TR-069 TR-069 DSL Forum Standard for CPE Wan Management. 1.363.5 Compliant AAL5 SAR (Segmentation And Re-assembly) 23.4 Power Adaptor Specifications Table 130 ZyXEL Device Series Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model 12V 1A SOCB PA...
Page 311
Chapter 23 Product Specifications Table 130 ZyXEL Device Series Power Adaptor Specifications (continued) Output Power DC 12Volts/1.0A Power Consumption 8.3 Watt max Safety Standards CE, GS or TUV, EN60950-1 P-660HN-Fx User’s Guide...
2 Make sure you are using the power adaptor or cord included with the ZyXEL Device. 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source. Make sure the power source is turned on.
To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig. The IP address of the Default Gateway might be the IP address of the ZyXEL Device (it depends on the network), so enter this IP address in your Internet browser.
Page 315
Chapter 24 Troubleshooting 5 Reset the device to its factory defaults, and try to access the ZyXEL Device with the default IP address. See Section 1.6 on page 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.
2 Check the signal strength. If the signal strength is low, try moving your computer closer to the ZyXEL Device if possible, and look around to see if there are any devices that might be interfering with the wireless network (for example, microwaves, other wireless networks, and so on).
VIII Appendices and Index The appendices provide general information. Some details may not apply to your ZyXEL Device. Setting up Your Computer’s IP Address (319) Pop-up Windows, JavaScripts and Java Permissions (341) IP Addresses and Subnetting (349) Wireless LANs (357)
After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window.
2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. P-660HN-Fx User’s Guide...
• If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). P-660HN-Fx User’s Guide...
5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings 1 Click Start and then Run.
Appendix A Setting up Your Computer’s IP Address Figure 191 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 192 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-660HN-Fx User’s Guide...
• If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. P-660HN-Fx User’s Guide...
To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. P-660HN-Fx User’s Guide...
• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. P-660HN-Fx User’s Guide...
Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.
2 In the Control Panel, double-click Network and Internet. Figure 199 Windows Vista: Control Panel 3 Click Network and Sharing Center. Figure 200 Windows Vista: Network And Internet 4 Click Manage network connections. Figure 201 Windows Vista: Network and Sharing Center P-660HN-Fx User’s Guide...
During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 202 Windows Vista: Network and Sharing Center 6 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 203 Windows Vista: Local Area Connection Properties P-660HN-Fx User’s Guide...
To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. P-660HN-Fx User’s Guide...
• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. P-660HN-Fx User’s Guide...
11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window. 13 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt.
2 Select Ethernet built-in from the Connect via list. Figure 208 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. P-660HN-Fx User’s Guide...
• Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel.
• Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window.
Figure 211 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 212 Red Hat 9.0: KDE: Ethernet Device: General P-660HN-Fx User’s Guide...
Ethernet card). Open the eth0 eth0 configuration file with any plain text editor. • If you have a dynamic IP address, enter in the field. The dhcp BOOTPROTO= following figure shows an example. P-660HN-Fx User’s Guide...
1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 220 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. P-660HN-Fx User’s Guide...
Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. P-660HN-Fx User’s Guide...
3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 223 Pop-up Blocker Settings P-660HN-Fx User’s Guide...
3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. P-660HN-Fx User’s Guide...
2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 226 Security Settings - Java P-660HN-Fx User’s Guide...
Figure 227 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. P-660HN-Fx User’s Guide...
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 228 Mozilla Firefox: Tools > Options Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 229 Mozilla Firefox Content Security P-660HN-Fx User’s Guide...
Page 348
Appendix B Pop-up Windows, JavaScripts and Java Permissions P-660HN-Fx User’s Guide...
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. P-660HN-Fx User’s Guide...
Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. P-660HN-Fx User’s Guide...
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Table 134 Alternative Subnet Mask Notation ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000 P-660HN-Fx User’s Guide...
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. P-660HN-Fx User’s Guide...
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 139 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS P-660HN-Fx User’s Guide...
You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. P-660HN-Fx User’s Guide...
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. P-660HN-Fx User’s Guide...
(AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. P-660HN-Fx User’s Guide...
AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. P-660HN-Fx User’s Guide...
Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it, otherwise the ZyXEL Device uses long preamble. The wireless devices MUST use the same preamble mode in order to communicate.
Appendix D Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . P-660HN-Fx User’s Guide...
Page 364
However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. P-660HN-Fx User’s Guide...
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. P-660HN-Fx User’s Guide...
Page 366
AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it. P-660HN-Fx User’s Guide...
(PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). 2 The AP checks each wireless client's password and allows it to join the network only if the password matches. P-660HN-Fx User’s Guide...
The angle of the beam determines the width of the coverage pattern. Angles typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications. P-660HN-Fx User’s Guide...
Page 370
For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. P-660HN-Fx User’s Guide...
A popular videoconferencing solution from White Pines Software. TCP/UDP 24032 TCP/UDP Domain Name Server, a service that matches web names (for instance www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation Security (IPSEC_TUNNEL) Protocol) tunneling protocol uses this service. FINGER...
Page 372
(TCP/IP or other). POP3S This is a more secure version of POP3 that runs over SSL. PPTP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. P-660HN-Fx User’s Guide...
Page 373
Access Controller Access Control System). TELNET Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/ IP networks. Its primary function is to allow users to log into remote host systems. P-660HN-Fx User’s Guide...
Page 374
Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the application. user- defined P-660HN-Fx User’s Guide...
Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual screens for each ZyXEL Device.
Figure 239 on page 375), then you disable every field in this menu. If you enter a parameter that is invalid in the Input column, the ZyXEL Device will not save the configuration and the command line will display the Field Identification Number.
2 Enter " ". The command “ ” sets the transfer mode to binary. 3 Upload your “ ” file from your computer to the ZyXEL Device using the “ ” rom-t command. computer to the ZyXEL Device. 4 Exit this FTP application.
Table 147 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device. The following are the Internal SPTGEN menus. Table 148 Menu 1 General Setup / Menu 1 General Setup INPUT 10000000 = Configured <0(No) | 1(Yes)>...
Page 379
Set 2 30201008 = IP Alias #1 Incoming protocol filters = 256 Set 3 30201009 = IP Alias #1 Incoming protocol filters = 256 Set 4 30201010 = IP Alias #1 Outgoing protocol filters = 256 Set 1 P-660HN-Fx User’s Guide...
Page 383
IP Static Route set #4, Name <Str> 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> 120104003 = IP Static Route set #4, Destination = 0.0.0.0 IP address 120104004 = IP Static Route set #4, Destination IP subnetmask P-660HN-Fx User’s Guide...
/ Menu 12.1.8 IP Static Route Setup INPUT 120108001 = IP Static Route set #8, Name <Str> 120108002 = IP Static Route set #8, Active <0(No) |1(Yes)> 120108003 = IP Static Route set #8, Destination = 0.0.0.0 IP address P-660HN-Fx User’s Guide...
Page 385
120111007 = IP Static Route set #11, Private <0(No) |1(Yes)> */ Menu 12.1.12 IP Static Route Setup INPUT 120112001 = IP Static Route set #12, Name <Str> 120112002 = IP Static Route set #12, Active <0(No) |1(Yes)> P-660HN-Fx User’s Guide...
Page 386
IP subnetmask 120115005 = IP Static Route set #15, Gateway = 0.0.0.0 120115006 = IP Static Route set #15, Metric 120115007 = IP Static Route set #15, Private <0(No) |1(Yes)> */ Menu 12.1.16 IP Static Route Setup INPUT P-660HN-Fx User’s Guide...
SUA Server #5 Protocol <0(All)|6(TCP)|17(U DP)> 150000019 = SUA Server #5 Port Start 150000020 = SUA Server #5 Port End 150000021 = SUA Server #5 Local IP address = 0.0.0.0 150000022 = SUA Server #6 Active <0(No) | 1(Yes)> = P-660HN-Fx User’s Guide...
Page 388
SUA Server #12 Active <0(No) | 1(Yes)> 150000053 = SUA Server #12 Protocol <0(All)|6(TCP)|17(U DP)> 150000054 = SUA Server #12 Port Start 150000055 = SUA Server #12 Port End 150000056 = SUA Server #12 Local IP address = 0.0.0.0 P-660HN-Fx User’s Guide...
210102006 = IP Filter Set 1,Rule 2 Dest Port = 138 210102007 = IP Filter Set 1,Rule 2 Dest Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> 210102008 = IP Filter Set 1,Rule 2 Src IP address = 0.0.0.0 P-660HN-Fx User’s Guide...
Page 390
IP Filter Set 1,Rule 4 Type <2(TCP/IP)> 210104002 = IP Filter Set 1,Rule 4 Active <0(No)|1(Yes)> 210104003 = IP Filter Set 1,Rule 4 Protocol = 17 210104004 = IP Filter Set 1,Rule 4 Dest IP address = 0.0.0.0 P-660HN-Fx User’s Guide...
Page 391
IP Filter Set 1,Rule 5 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> 210105013 = IP Filter Set 1,Rule 5 Act Match <1(check next)|2(forward)| 3(drop)> 210105014 = IP Filter Set 1,Rule 5 Act Not Match <1(Check Next) |2(Forward)|3(Dro p)> P-660HN-Fx User’s Guide...
IP Filter Set 2, Rule 1 Protocol 210201004 = IP Filter Set 2, Rule 1 Dest IP = 0.0.0.0 address 210201005 = IP Filter Set 2, Rule 1 Dest Subnet Mask 210201006 = IP Filter Set 2, Rule 1 Dest Port = 137 P-660HN-Fx User’s Guide...
Page 393
210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port <0(none)|1(equal)| Comp 2(not equal)|3(less)|4(g reater)> 210202013 = IP Filter Set 2, Rule 2 Act Match <1(check next)|2(forward)|3 (drop)> P-660HN-Fx User’s Guide...
Page 394
= 17 210204004 = IP Filter Set 2, Rule 4 Dest IP = 0.0.0.0 address 210204005 = IP Filter Set 2, Rule 4 Dest Subnet Mask 210204006 = IP Filter Set 2, Rule 4 Dest Port = 137 P-660HN-Fx User’s Guide...
Page 395
210205010 = IP Filter Set 2, Rule 5 Src Port 210205011 = IP Filter Set 2, Rule 5 Src Port <0(none)|1(equal)| Comp 2(not equal)|3(less)|4(g reater)> 210205013 = IP Filter Set 2, Rule 5 Act Match <1(check next)|2(forward)|3 (drop)> P-660HN-Fx User’s Guide...
= 0.0.0.0 241100007 = WEB Server Port = 80 241100008 = WEB Server Access <0(all)|1(none)|2( Lan) |3(Wan)> 241100009 = WEB Server Secured IP address = 0.0.0.0 Table 155 Menu 23 System Menus */ Menu 23.1 System Password Setup P-660HN-Fx User’s Guide...
Lan) |3(Wan)> 241100009 = WEB Server Secured IP address = 0.0.0.0 Command Examples The following are example Internal SPTGEN screens associated with the ZyXEL Device’s command interpreter commands. Table 157 Command Examples INPUT /ci command (for annex a): wan adsl opencmd...
Page 398
Appendix F Internal SPTGEN P-660HN-Fx User’s Guide...
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 400
This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. P-660HN-Fx User’s Guide...
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 402
Appendix G Legal Information P-660HN-Fx User’s Guide...
In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional offices are listed below (see also http:// www.zyxel.com/web/contact_us.php).
Page 404
• Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France P-660HN-Fx User’s Guide...
Page 405
• Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan • Support E-mail: support@zyxel.co.jp •...
Page 406
• Sales E-mail: sales@zyxel.com.my • Telephone: +603-8076-9933 • Fax: +603-8076-9833 • Web: http://www.zyxel.com.my • Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • Support E-mail: support@zyxel.com •...
Page 407
• Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • Telephone: +65-6899-6678 • Fax: +65-6899-8887 • Web: http://www.zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • Support E-mail: support@zyxel.es • Sales E-mail: sales@zyxel.es •...