Page 1 P-660HN-Fx Series 802.11n Wireless ADSL2+ 4-port Gateway User’s Guide Version 3.70 9/2008 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 Admin Password 1234 User Password user www.zyxel.com...
Page 3: About This User's Guide
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Page 4: Document Conventions
Syntax Conventions • The P-660HN-Fx may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch P-660HN-Fx User’s Guide...
Page 6: Safety Warnings
• Use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s). This product is recyclable. Dispose of it properly. P-660HN-Fx User’s Guide...
Page 7 Safety Warnings P-660HN-Fx User’s Guide...
Page 8 Safety Warnings P-660HN-Fx User’s Guide...
Page 9: Table Of Contents
Contents Overview Contents Overview Introduction ..........................31 Introducing the ZyXEL Device ....................33 Introducing the Web Configurator ....................39 Status Screens .......................... 45 Wizard ............................. 51 Internet and Wireless Setup Wizard ..................53 Network ........................... 67 WAN Setup ..........................69 LAN Setup ..........................
Page 10 Contents Overview Appendices and Index ......................317 P-660HN-Fx User’s Guide...
Page 11: Table Of Contents
Introducing the ZyXEL Device ....................33 1.1 Overview ..........................33 1.2 Ways to Manage the ZyXEL Device ..................33 1.3 Good Habits for Managing the ZyXEL Device ..............34 1.4 Applications for the ZyXEL Device ..................34 1.4.1 Internet Access ......................34 1.5 LEDs (Lights) ........................
Page 12 5.3.2 Configuring More Connections Advanced Setup ............79 5.4 The WAN Backup Setup Screen ..................80 5.5 WAN Technical Reference ....................82 5.5.1 Encapsulation ......................82 5.5.2 Multiplexing ........................ 83 5.5.3 VPI and VCI ....................... 83 5.5.4 IP Address Assignment ....................84 P-660HN-Fx User’s Guide...
Page 13 6.5 The IP Alias Screen ......................96 6.5.1 Configuring the LAN IP Alias Screen ................. 97 6.6 LAN Technical Reference ....................98 6.6.1 LANs, WANs and the ZyXEL Device ................98 6.6.2 DHCP Setup ....................... 99 6.6.3 DNS Server Addresses ....................99 6.6.4 LAN TCP/IP ........................
Page 14 8.6.5 NAT Mapping Types ....................146 Part IV: Security ................... 149 Chapter 9 Firewalls..........................151 9.1 Overview ..........................151 9.1.1 What You Can Do in the Firewall Screens ............... 151 9.1.2 What You Need to Know About Firewall ..............152 P-660HN-Fx User’s Guide...
Page 15 11.2.3 Editing Generic Filters .................... 181 11.2.4 Configuring Generic Packet Rules ................. 182 11.3 Packet Filter Technical Reference ................... 183 11.3.1 Filter Types and NAT ....................183 11.3.2 Firewall Versus Filters .................... 184 Chapter 12 Certificates ..........................185 12.1 Overview ......................... 185 P-660HN-Fx User’s Guide...
Page 16 14.1.3 802.1Q/1P Example ....................216 14.2 The 802.1Q/1P Group Setting Screen ................219 14.2.1 Editing 802.1Q/1P Group Setting ................221 14.3 The 802.1Q/1P Port Setting Screen ................222 Chapter 15 Quality of Service (QoS)....................... 225 15.1 Overview .......................... 225 P-660HN-Fx User’s Guide...
Page 17 Chapter 18 Universal Plug-and-Play (UPnP)..................255 18.1 Overview .......................... 255 18.1.1 What You Can Do in the UPnP Screen ..............255 18.1.2 What You Need to Know About UPnP ..............255 18.2 The UPnP Screen ......................256 P-660HN-Fx User’s Guide...
Page 18 21.4 The Restart Screen ......................297 Chapter 22 Diagnostic..........................299 22.1 Overview .......................... 299 22.1.1 What You Can Do in the Diagnostic Screens ............299 22.2 The General Diagnostic Screen ..................299 22.3 The DSL Line Diagnostic Screen ..................300 P-660HN-Fx User’s Guide...
Page 19 Chapter 24 Troubleshooting........................313 24.1 Power, Hardware Connections, and LEDs ..............313 24.2 ZyXEL Device Access and Login ..................314 24.3 Internet Access ........................ 316 Part VIII: Appendices and Index ............317 Appendix A Setting up Your Computer’s IP Address............319 Appendix B Pop-up Windows, JavaScripts and Java Permissions ........
Page 20 Table of Contents P-660HN-Fx User’s Guide...
Page 21: List Of Figures
List of Figures List of Figures Figure 1 ZyXEL Device’s Router Features ..................... 35 Figure 2 LEDs on the Top of the Device ....................35 Figure 3 Password Screen ........................40 Figure 4 Change Password Screen ......................40 Figure 5 Replace Factory Default Certificate Screen ................41 Figure 6 Main Screen ..........................
Page 22 Figure 77 How NAT Works ........................145 Figure 78 NAT Application With IP Alias ....................146 Figure 79 Default Firewall Action ......................151 Figure 80 Firewall Example: Rules ....................... 153 Figure 81 Edit Custom Port Example ....................153 P-660HN-Fx User’s Guide...
Page 23 Figure 120 Remote Host Certificates ....................208 Figure 121 Certificate Details ......................208 Figure 122 Example of Static Routing Topology ..................211 Figure 123 Advanced > Static Route ....................212 Figure 124 Advanced > Static Route: Edit .................... 213 P-660HN-Fx User’s Guide...
Page 24 Figure 163 Internet Connection Status ....................263 Figure 164 Network Connections ......................264 Figure 165 Network Connections: My Network Places ................ 265 Figure 166 Network Connections: My Network Places: Properties: Example ........265 Figure 167 Maintenance > System > General ..................270 P-660HN-Fx User’s Guide...
Page 25 Figure 206 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties ........332 Figure 207 Macintosh OS 8/9: Apple Menu ..................333 Figure 208 Macintosh OS 8/9: TCP/IP ....................333 Figure 209 Macintosh OS X: Apple Menu .................... 334 Figure 210 Macintosh OS X: Network ....................335 P-660HN-Fx User’s Guide...
Page 26 Figure 240 Invalid Parameter Entered: Command Line Example ............376 Figure 241 Valid Parameter Entered: Command Line Example ............376 Figure 242 Internal SPTGEN FTP Download Example ................ 377 Figure 243 Internal SPTGEN FTP Upload Example ................377 P-660HN-Fx User’s Guide...
Page 27: List Of Tables
Table 35 Network > Wireless LAN > More AP ..................115 Table 36 Network > Wireless LAN > More AP: Edit ................116 Table 37 Network > Wireless LAN > WPS ....................117 Table 38 Network > Wireless LAN > WPS Station ................118 P-660HN-Fx User’s Guide...
Page 28 Table 78 Advanced > Static Route ....................... 212 Table 79 Advanced > Static Route: Edit ....................213 Table 80 Advanced > 802.1Q/1P > Group Setting ................220 Table 81 Advanced > 802.1Q/1P > Group Setting > Edit ..............221 P-660HN-Fx User’s Guide...
Page 29 Table 120 General Commands for GUI-based FTP Clients ..............292 Table 121 General Commands for GUI-based TFTP Clients .............. 293 Table 122 Maintenance > Tools > Firmware ..................294 Table 123 Restore Configuration ......................296 Table 124 Maintenance > Diagnostic > General .................. 300 P-660HN-Fx User’s Guide...
Page 30 Table 127 Firmware Specifications ...................... 305 Table 128 Wireless Features ....................... 308 Table 129 Standards Supported ......................309 Table 130 ZyXEL Device Series Power Adaptor Specifications ............310 Table 131 Subnet Masks ........................350 Table 132 Subnet Masks ........................351 Table 133 Maximum Host Numbers ....................
Page 31: Introduction
Introduction Introducing the ZyXEL Device (33) Introducing the Web Configurator (39) Status Screens (45)
Page 33: Introducing The Zyxel Device
• “N” denotes 802.11n draft 2.0. The “N” models support 802.11n wireless connection mode. • Models ending in “1”, for example P-660HN-F1, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3”...
Page 34: Good Habits For Managing The Zyxel Device
• TR-069. This is an auto-configuration server used to remotely configure your device. 1.3 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effectively.
Page 35: Leds (Lights)
Chapter 1 Introducing the ZyXEL Device Figure 1 ZyXEL Device’s Router Features You can also configure firewall and content filtering on the ZyXEL Device for secure Internet access. When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network.
Page 36: The Reset Button
COLOR STATUS DESCRIPTION ETHERNET Green The ZyXEL Device has an Ethernet connection with a device on the Local Area Network (LAN). Blinking The ZyXEL Device is sending/receiving data to /from the LAN. The ZyXEL Device does not have an Ethernet connection with the LAN.
Page 37: Turn The Wireless Lan Off Or On
2 Press the WPS WLAN ON/OFF button for five to ten seconds and release it. Press the WPS button on another WPS -enabled device within range of the ZyXEL Device. The WLAN/WPS LED should flash while the ZyXEL Device sets up a WPS connection with the wireless device.
Page 38 Chapter 1 Introducing the ZyXEL Device P-660HN-Fx User’s Guide...
Page 39: Introducing The Web Configurator
Internet Explorer. 2.1.1 Accessing the Web Configurator 1 Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). 2 Launch your web browser. 3 Type "192.168.1.1" as the URL.
Page 40: Figure 3 Password Screen
Click Apply to create a specific certificate for the device using your computer’s MAC address. For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again.
Page 41: Web Configurator Main Screen
As illustrated above, the main screen is divided into these parts: • A - title bar • B - navigation panel • C - main window • D - status bar 2.2.1 Title Bar The title bar provides some icons in the upper right corner. P-660HN-Fx User’s Guide...
Page 42: Navigation Panel
Logout: Click this icon to log out of the web configurator. 2.2.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL Device features. The following tables describe each menu item. Table 3 Navigation Panel Summary...
Page 43 Use this screen to generate and export self-signed certificates or certification requests and import the ZyXEL Device’s CA-signed certificates. Trusted CAs Use this screen to save CA certificates to the ZyXEL Device. Trusted Remote Use this screen to import self-signed certificates.
Page 44: Main Window
Configuration Use this screen to backup and restore your device’s configuration (settings) or reset the factory default settings. Restart This screen allows you to reboot the ZyXEL Device without turning the power off. Diagnostic General Use this screen to test the connections to other devices.
Page 45: Status Screens
IP and DHCP and statistics from bandwidth management, and traffic. 3.2 The Status Screen Use this screen to view the status of the ZyXEL Device. Click Status to open this screen. Figure 7 Status Screen Each field is described in the following table.
Page 46 This field displays what DHCP services the ZyXEL Device is providing to the LAN. Choices are: Server - The ZyXEL Device is a DHCP server in the LAN. It assigns IP addresses to other computers in the LAN. Relay - The ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients.
Page 47 This field displays how long the ZyXEL Device has been running since it last Uptime started up. The ZyXEL Device starts up when you plug it in, when you restart it (Maintenance > Tools > Restart), or when you reset it.
Page 48: Client List
Section 6.4 on page 95 for information on this screen. 3.4 WLAN Status Use this screen to view the wireless stations that are currently associated to the ZyXEL Device. Click Status > WLAN Status to access this screen. Figure 8 WLAN Status The following table describes the labels in this screen.
Page 49: Figure 9 Packet Statistics
WAN Port Statistics Link Status This is the status of your WAN link. WAN IP Address This is the IP address of the ZyXEL Device’s WAN port. Upstream Speed This is the upstream speed of your ZyXEL Device. Downstream Speed This is the downstream speed of your ZyXEL Device.
Page 50: Any Ip Table
3.6 Any IP Table Click Status > AnyIP Table to access this screen. Use this screen to view the IP address and MAC address of each computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device.
Page 51: Wizard
Wizard Internet and Wireless Setup Wizard (53)
Page 53: Internet And Wireless Setup Wizard
Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to go to the wizards. Figure 11 Select a Mode 2 Click INTERNET/WIRELESS SETUP to configure the system for Internet access and wireless connection. P-660HN-Fx User’s Guide...
Page 54: Figure 12 Wizard Welcome
Chapter 4 Internet and Wireless Setup Wizard Figure 12 Wizard Welcome 3 Your ZyXEL device attempts to detect your DSL connection and your connection type. 3a The following screen appears if a connection is not detected. Check your hardware connections and click Restart the INTERNET/WIRELESS SETUP Wizard to return to the wizard welcome screen.
Page 55: Manual Configuration
Figure 15 Auto Detection: Failed 4.2.1 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen exactly as your service provider gave it to you. Leave the defaults in any fields for which you were not given information.
Page 56: Figure 16 Internet Access Wizard Setup: Isp Parameters
Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly. If you select Bridge, you cannot use Firewall, DHCP server and NAT on the ZyXEL Device.
Page 57: Figure 17 Internet Connection With Pppoe
Type the name of your PPPoE service here. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 18 Internet Connection with RFC 1483 P-660HN-Fx User’s Guide...
Page 58: Figure 19 Internet Connection With Enet Encap
Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP Server clients along with the IP address and the subnet mask. Second DNS As above. Server Back Click this to return to the previous screen without saving. P-660HN-Fx User’s Guide...
Page 59: Figure 20 Internet Connection With Pppoa
• If the user name and/or password you entered for PPPoE or PPPoA connection are not correct, the screen displays as shown next. Click Back to Username and Password setup to go back to the screen where you can modify them. P-660HN-Fx User’s Guide...
Page 60: Wireless Connection Wizard Setup
4.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. P-660HN-Fx User’s Guide...
Page 61: Figure 23 Connection Test Successful
Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. 3 Configure your wireless settings in this screen. Click Next. P-660HN-Fx User’s Guide...
Page 62: Figure 25 Wireless Lan
Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless Name(SSID) LAN. If you change this field on the ZyXEL Device, make sure all wireless stations use the same SSID in order to access the network. Channel The range of radio frequencies used by IEEE 802.11b/g wireless devices is called a...
Page 63: Manually Assign A Wpa-Psk Key
Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. 4.3.2 Manually Assign a WEP Key Choose Manually assign a WEP key to setup WEP Encryption parameters. Figure 27 Manually Assign a WEP key P-660HN-Fx User’s Guide...
Page 64: Figure 28 Wireless Lan Setup 3
LABEL DESCRIPTION The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. Enter any 5 or 13 ASCII characters, or 10 or 26 hexadecimal characters ("0-9", "A-F") for a 64-bit or 128-bit WEP key respectively.
Page 65: Figure 29 Internet Access And Wlan Wizard Setup Complete
Chapter 4 Internet and Wireless Setup Wizard Figure 29 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features.
Page 66 Chapter 4 Internet and Wireless Setup Wizard P-660HN-Fx User’s Guide...
Page 67: Network
Network WAN Setup (69) LAN Setup (89) Wireless LAN (105) Network Address Translation (NAT) (135)
Page 69: Wan Setup
5.1 Overview This chapter describes how to configure WAN settings from the WAN screens. Use these screens to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet.
Page 70: Before You Begin
Chapter 5 WAN Setup WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other devices in other networks.
Page 71: Figure 31 Network > Wan >Internet Access Setup (Pppoe)
Modulation Select the modulation supported by your ISP. Use Multi Mode if you are not sure which mode to choose from. The ZyXEL Device dynamically diagnoses the mode supported by the ISP and selects the best compatible one for your connection.
Page 72 Specify a gateway IP address (supplied by your ISP). DNS Server First DNS Server Select Obtained From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address) and you select Obtain Second DNS Server an IP Address Automatically. Third DNS Server Select User-Defined if you have the IP address of a DNS server.
Page 73: Advanced Internet Access Setup
Nailed-Up Select Nailed-Up Connection when you want your connection up all the time. Connection The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on Select Connect on Demand when you don't want the connection up all the time Demand and specify an idle time-out in the Max Idle Timeout field.
Page 74: Table 18 Network > Wan > Internet Access Setup: Advanced Setup
LAN to use PPPoE client software encapsulation only) on their computers to connect to the ISP via the ZyXEL Device. Each host can have a separate account and a public WAN IP address.
Page 75: The More Connections Screen
Click this to restore your previously saved settings. 5.3 The More Connections Screen The ZyXEL Device allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network > WAN > More Connections. The screen differs by the encapsulation you select. When you use the WAN >...
Page 76: More Connections Edit
Click this to save your changes. Cancel Click this to restore your previously saved settings. 5.3.1 More Connections Edit Use this screen to configure a connection. Click the edit icon in the More Connections screen to display the following screen. P-660HN-Fx User’s Guide...
Page 77: Figure 34 Network > Wan > More Connections: Edit
Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account. If you select Bridge, the ZyXEL Device will forward any packet that it does not route to this remote node; otherwise, the packets are discarded.
Page 78 Connection Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field.
Page 79: Configuring More Connections Advanced Setup
WAN setup. 5.3.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown.
Page 80: The Wan Backup Setup Screen
Click this to save your changes. Cancel Click this to restore your previously saved settings. 5.4 The WAN Backup Setup Screen Use this screen to configure your ZyXEL Device’s WAN backup. Click Network > WAN > WAN Backup Setup. P-660HN-Fx User’s Guide...
Page 81: Figure 36 Network > Wan > Wan Backup
Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields.
Page 82: Wan Technical Reference
Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. Active Traffic Select this check box to have the ZyXEL Device use traffic redirect if the normal Redirect WAN connection goes down. Note: If you activate traffic redirect, you must configure at least one Check WAN IP Address.
Page 83: Multiplexing
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 84: Ip Address Assignment
The ZyXEL Device does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the ZyXEL Device will try to bring up the connection when turned on and whenever the connection is down. A nailed-up connection can be very expensive for obvious reasons.
Page 85: Traffic Shaping
Chapter 5 WAN Setup The metric sets the priority for the ZyXEL Device’s routes to the Internet. If any two of the default routes have the same metric, the ZyXEL Device uses the following pre-defined priorities: • Normal route: designated by the ISP (see Section 5.2 on page...
Page 86: Atm Traffic Classes
An example application is background file transfer. 5.8 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below. P-660HN-Fx User’s Guide...
Page 87: Figure 38 Traffic Redirect Example
LAN. Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
Page 88 Chapter 5 WAN Setup P-660HN-Fx User’s Guide...
Page 89: Lan Setup
(Section 6.2 on page 90) to set the LAN IP address and subnet mask of your ZyXEL device. You can also edit your ZyXEL Device's RIP, multicast, any IP and Windows Networking settings from this screen. • Use the DHCP Setup screen (Section 6.3 on page...
Page 90: Before You Begin
Client List screen. 6.2 The LAN IP Screen Use this screen to set the Local Area Network IP address and subnet mask of your ZyXEL Device. Click Network > LAN to open the IP screen. Follow these steps to configure your LAN settings.
Page 91: The Advanced Lan Ip Setup Screen
LABEL DESCRIPTION IP Address Enter the LAN IP address you want to assign to your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Page 92: Figure 41 Network > Lan > Ip: Advanced Setup
Internet via the ZyXEL Device without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the ZyXEL Device are not in the same subnet.
Page 93: The Dhcp Setup Screen
Click this to restore your previously saved settings. 6.3 The DHCP Setup Screen Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Click Network > DHCP Setup to open this screen.
Page 94: Figure 42 Network > Lan > Dhcp Setup
DHCP client. If set to None, the DHCP server will be disabled. If set to Relay, the ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients.
Page 95: The Client List Screen
Apply. If you set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply. Select DNS Relay to have the ZyXEL Device act as a DNS proxy only when the ISP uses IPCP DNS server extensions. The ZyXEL Device's LAN IP address displays in the field to the right (read-only).
Page 96: The Ip Alias Screen
IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The ZyXEL Device supports three logical LAN interfaces via its single physical Ethernet interface with the ZyXEL Device itself as the gateway for each LAN network.
Page 97: Configuring The Lan Ip Alias Screen
C: 192.168.3.1 - 192.168.3.24 6.5.1 Configuring the LAN IP Alias Screen Use this screen to change your ZyXEL Device’s IP alias settings. Click Network > LAN > IP Alias to open the following screen. Figure 45 Network > LAN > IP Alias The following table describes the labels in this screen.
Page 98: Lan Technical Reference
RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the ZyXEL Device will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives;...
Page 99: Dhcp Setup
The ZyXEL Device supports the IPCP DNS server extensions through the DNS proxy feature. If the DNS Server fields in the DHCP Setup screen are set to DNS Relay, the ZyXEL Device tells the DHCP clients that it itself is the DNS server. When a computer sends a...
Page 100 Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your ZyXEL Device, but make sure that no other device on your network is using that IP address.
Page 101: Rip Setup
• Both - the ZyXEL Device will broadcast its routing table periodically and incorporate the RIP information that it receives. • In Only - the ZyXEL Device will not send any RIP packets but will accept all RIP packets received.
Page 102: Any Ip
Traditionally, you must set the IP addresses and the subnet masks of a computer and the ZyXEL Device to be in the same subnet to allow the computer to access the Internet (through the ZyXEL Device). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the ZyXEL Device.
Page 103 ZyXEL Device. 1 When a computer (which is in a different subnet) first attempts to access the Internet, it sends packets to its default gateway (which is not the ZyXEL Device) by looking at the MAC address in its ARP table.
Page 104 Chapter 6 LAN Setup P-660HN-Fx User’s Guide...
Page 105: Wireless Lan
• Use the WDS screen (see Section 7.6 on page 119) to set up a Wireless Distribution System, in which the ZyXEL Device acts as a bridge with other ZyXEL access points. • Use the QoS screen (see Section 7.7 on page 120) to enable or disable Quality of Service.
Page 106: What You Need To Know About Wireless
• What advanced options do you want to configure, if any? If you want to configure advanced options such as Quality of Service, ensure that you know precisely what you want to do. If you do not want to configure advanced options, leave them as they are. P-660HN-Fx User’s Guide...
Page 107: The Ap Screen
Select a channel from the drop-down list box. Channel Width Select whether the ZyXEL Device uses a wireless channel width of 20 or 40 MHz. A standard 20 MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300 Mbps.
Page 108: No Security
WLAN setup. 7.2.1 No Security In the Network > Wireless LAN > AP screen, select No Security from the Security Mode list to allow wireless devices to communicate with the ZyXEL Device without any data encryption or authentication. P-660HN-Fx User’s Guide...
Page 109: Wep Encryption
Chapter 7 Wireless LAN If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 49 Network > Wireless LAN > AP: No Security The following table describes the labels in this screen.
Page 110: Wpa(2)-Psk
Device automatically generates a WEP key. WEP Key The WEP key is used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. If you want to manually set the WEP key, enter any 5 or 13 characters (ASCII string) or 10 or 26 hexadecimal characters ("0-9", "A-F") for a 64-bit or 128-bit WEP key...
Page 111: Wpa(2) Authentication
DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK or WPAPSKMixed from the drop-down list box. Select WPAPSK Mixed if you want the ZyXEL Device to support WPA-PSK and WPA2-PSK simultaneously. Pre-Shared Key The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same.
Page 112: Figure 52 Network > Wireless Lan > Ap: Wpa(2)
DESCRIPTION Security Mode Choose WPA, WPA2 or WPAMixed from the drop-down list box. Select WPAMixed if you want the ZyXEL Device to support WPA and WPA2 simultaneously. ReAuthentication Specify how often wireless stations have to resend usernames and passwords in Timer order to stay connected.
Page 113: Wireless Lan Advanced Setup
Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external authentication server and the ZyXEL Device. The key must be the same on the external authentication server and your ZyXEL Device. The key is not sent over the network.
Page 114: Mac Filter
2432. Output Power Set the output power of the ZyXEL Device. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs. Select one of the following Maximum, Middle or Minimum.
Page 115: The More Ap Screen
Define the filter action for the list of MAC addresses in the MAC Address table. Filter Action Select Deny to block access to the ZyXEL Device. MAC addresses not listed will be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device. MAC addresses not listed will be denied access to the ZyXEL Device.
Page 116: More Ap Edit
LABEL DESCRIPTION SSID An SSID profile is the set of parameters relating to one of the ZyXEL Device’s BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated. This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
Page 117: The Wps Screen
Click this to restore your previously saved settings. 7.4 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your ZyXEL Device. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually.
Page 118: The Wps Station Screen
Click this to add another WPS-enabled wireless device (within wireless range of the ZyXEL Device) to your wireless network. This button may either be a physical button on the outside of device, or a menu button similar to the Push Button on this screen.
Page 119: The Wds Screen
An AP using the Wireless Distribution System (WDS) can function as a wireless network bridge allowing you to wirelessly connect two wired network segments. The WDS screen allows you to configure the ZyXEL Device to connect to two or more APs wirelessly when WDS is enabled.
Page 120: The Qos Screen
This is the index number of the individual WDS link. Active Select this to activate the link between the ZyXEL Device and the peer device to which this entry refers. When you do not select the check box this link is down.
Page 121: The Scheduling Screen
Table 41 Network > Wireless LAN > QoS LABEL DESCRIPTION Enable Wireless Select this box to activate wireless LAN scheduling on your ZyXEL Device. LAN Scheduling WLAN status Select On or Off to enable or disable the wireless LAN. Check the day(s) you want to turn the wireless LAN on or off.
Page 122: Figure 62 Example Of A Wireless Network
The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your ZyXEL Device is the AP. Every wireless network must follow these basic guidelines.
Page 123: Additional Wireless Terms
Since the available unlicensed spectrum varies from one country to another, the number of available channels also varies. 7.9.2 Additional Wireless Terms The following table describes some wireless network terms and acronyms used in the ZyXEL Device’s Web Configurator. Table 42 Additional Wireless Terms...
Page 124: Wireless Security Overview
Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the ZyXEL Device does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess.
Page 125: Table 43 Types Of Encryption For Each Type Of Authentication
Chapter 7 Wireless LAN You can use the MAC address filter to tell the ZyXEL Device which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security). If a device is not allowed to use the wireless network, it does not matter if it has the correct information.
Page 126: Signal Problems
When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA compatible) to support WPA as well. In this case, if some of the devices support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the ZyXEL Device.
Page 127: Mbssid
Once the security settings of peer sides match one another, the connection between devices is made. At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details.
Page 128: Push Button Configuration
AP 1 AP 2 7.9.8 WiFi Protected Setup (WPS) Your ZyXEL Device supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance.
Page 129 3 Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the ZyXEL Device, see Section 7.4 on page 117).
Page 130: Figure 65 Example Wps Process: Pin Method
If not, it generates the SSID and WPA(2)-PSK randomly. The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. P-660HN-Fx User’s Guide...
Page 131: Figure 66 How Wps Works
When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information. P-660HN-Fx User’s Guide...
Page 132: Figure 67 Wps: Example Network Step 1
In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. P-660HN-Fx User’s Guide...
Page 133: Figure 69 Wps: Example Network Step 3
WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a possible way for a hacker to gain access to a network. P-660HN-Fx User’s Guide...
Page 134 Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. P-660HN-Fx User’s Guide...
Page 135: Network Address Translation (Nat)
8.1.2 What You Need To Know About NAT Inside/Outside Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Page 136: The Nat General Setup Screen
Table 51 on page 147. • Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device.
Page 137: The Port Forwarding Screen
Select this check box to enable NAT. Address Translation (NAT) SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device. Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device.
Page 138: Configuring The Port Forwarding Screen
If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
Page 139: The Port Forwarding Rule Edit Screen
If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
Page 140: The Address Mapping Screen
The Address Mapping screen is available only when you select Full Feature in the NAT > General screen. Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored.
Page 141: Figure 74 Network > Nat > Address Mapping
4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. To change your ZyXEL Device’s address mapping settings, click Network > NAT > Address Mapping to open the following screen.
Page 142: The Address Mapping Rule Edit Screen
Note that port numbers do not change for One-to-one NAT mapping type. Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
Page 143: The Sip Alg Screen
ZyXEL Device’s private IP address inside the SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG. Use this screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device. To access this screen, click Network >...
Page 144: What Nat Does
Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this.
Page 145: Nat Application
Address (ILA) Address (IGA) 192.168.1.11 192.168.1.10 8.6.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the ZyXEL Device can communicate with three distinct WAN networks. P-660HN-Fx User’s Guide...
Page 146: Nat Mapping Types
8.6.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the ZyXEL Device maps multiple local IP addresses to one global IP address.
Page 147: Table 51 Nat Mapping Types
ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 P-660HN-Fx User’s Guide...
Page 148 Chapter 8 Network Address Translation (NAT) P-660HN-Fx User’s Guide...
Page 149: Security
Security Firewalls (151) Content Filtering (171) Packet Filter (177) Certificates (185)
Page 151: Firewalls
(Section 9.2 on page 156) to enable firewall and/or triangle route on the ZyXEL Device, and set the default action that the firewall takes on packets that do not match any of the firewall rules. • Use the Rules screen (Section 9.3 on page...
Page 152: What You Need To Know About Firewall
DoS attacks. Anti-Probing If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. The ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent.
Page 153: Figure 80 Firewall Example: Rules
Apply. Figure 81 Edit Custom Port Example 7 Select Any in the Destination Address List box and then click Delete. 8 Configure the destination address screen as follows and click Add. P-660HN-Fx User’s Guide...
Page 154: Figure 82 Firewall Example: Edit Rule: Destination Address
9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box. P-660HN-Fx User’s Guide...
Page 155: Figure 83 Firewall Example: Edit Rule: Select Customized Services
Figure 83 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. P-660HN-Fx User’s Guide...
Page 156: The Firewall General Screen
Chapter 9 Firewalls Figure 84 Firewall Example: Rules: MyService 9.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 85 Security > Firewall > General P-660HN-Fx User’s Guide...
Page 157: The Firewall Rule Screen
Device. This is called an asymmetrical or “triangle” route. This causes the ZyXEL Device to reset the connection, as the connection has not been acknowledged. Select this check box to have the ZyXEL Device permit the use of asymmetrical route topology on the network (not reset the connection).
Page 158: Figure 86 Security > Firewall > Rules
Table 53 Security > Firewall > Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using. When you are using 80% or less of the storage in Use space, the bar is green.
Page 159: Configuring Firewall Rules
Use this screen to configure firewall rules. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. P-660HN-Fx User’s Guide...
Page 160: Figure 87 Security > Firewall > Rules: Edit
Figure 87 Security > Firewall > Rules: Edit The following table describes the labels in this screen. Table 54 Security > Firewall > Rules: Edit LABEL DESCRIPTION Edit Rule Active Select this option to enable this firewall rule. P-660HN-Fx User’s Guide...
Page 161 Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert Send Alert Select the check box to have the ZyXEL Device generate an alert when the rule Message to is matched. Administrator When...
Page 162: Customized Services
Chapter 9 Firewalls 9.3.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. See Appendix E on page 371 for some examples.
Page 163: The Firewall Threshold Screen
Click this to delete the current rule. 9.4 The Firewall Threshold Screen For DoS attacks, the ZyXEL Device uses thresholds to determine when to start dropping sessions that do not become fully established (half-open sessions). These thresholds apply globally to all sessions.
Page 164: Threshold Values
Tune these parameters when you believe the ZyXEL Device has been receiving DoS attacks that are not recorded in the logs or the logs show that the ZyXEL Device is classifying normal traffic as DoS attacks.
Page 165: Figure 91 Security > Firewall > Threshold
ZyXEL Device deletes half-open sessions as required to accommodate new connection attempts. For example, if you set the one minute high to 100, the ZyXEL Device starts deleting half-open sessions when more than 100 session establishment attempts have been detected in the last minute.
Page 166: Firewall Technical Reference
Your customized rules take precedence and override the ZyXEL Device’s default settings. The ZyXEL Device checks the source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them). When the traffic matches a rule, the ZyXEL Device takes the action specified in the rule.
Page 167 By default the ZyXEL Device stops computers on the WAN from managing the ZyXEL Device or using the ZyXEL Device as a gateway to communicate with other computers on the WAN. You could configure one of these rules to allow a WAN computer to manage the ZyXEL Device.
Page 168: Guidelines For Enhancing Security With Your Firewall
9.5.4 Triangle Route When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks.
Page 169: Figure 92 Ideal Firewall Setup
You may have more than one connection to the Internet (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL Device’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may occur.
Page 170: Figure 94 Ip Alias
2 The ZyXEL Device reroutes the packet to Gateway A, which is in Subnet 2. 3 The reply from the WAN goes to the ZyXEL Device. 4 The ZyXEL Device then sends it to the computer on the LAN in Subnet 1. Figure 94 IP Alias...
Page 171: Content Filtering
The URL (Uniform Resource Locator) identifies and helps locates resources on a network. On the Internet the URL is the web address that you type in the address bar of your Internet browser, for example “http://www.zyxel.com”. 10.1.3 Before You Begin To use the Trusted screen, you need the IP addresses of devices on your network.
Page 172: Figure 95 Security > Content Filter > Keyword: Example
“192.168.1.xxx”. Bob gave his home computer a static IP address of 192.168.1.2 and the study computer a static IP address of 192.168.1.3. To exclude the study computer from keyword blocking he follows these steps. 1 Click Security > Content Filter > Trusted to display the following screen. P-660HN-Fx User’s Guide...
Page 173: The Keyword Screen
10.2 The Keyword Screen Use this screen to block sites containing certain keywords in the URL. For example, if you enable the keyword "bad", the ZyXEL Device blocks all sites containing this keyword including the URL http://www.website.com/bad.html. To have your ZyXEL Device block websites containing keywords in their URLs, click Security >...
Page 174: The Schedule Screen
Click this to restore your previously saved settings. 10.3 The Schedule Screen Use this screen to set the days and times for the ZyXEL Device to perform content filtering. Click Security > Content Filter > Schedule. The screen appears as shown.
Page 175: The Trusted Screen
Click this to restore your previously saved settings. 10.4 The Trusted Screen Use this screen to exclude a range of users on the LAN from content filtering on your ZyXEL Device. Click Security > Content Filter > Trusted. The screen appears as shown.
Page 176 Chapter 10 Content Filtering P-660HN-Fx User’s Guide...
Page 177: Packet Filter
Filter Structure A filter set consists of one or more filter rules. The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix generic filter rules and protocol filter rules within the same set.
Page 178: Editing Protocol Filters
11.2.1 Editing Protocol Filters Use this screen to display a protocol filter set on your ZyXEL Device. Protocol rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 179: Configuring Protocol Filter Rules
Cancel Click this to restore your previously saved settings. 11.2.2 Configuring Protocol Filter Rules Use this screen to configure protocol filter rules. In the Edit (Protocol Filter) screen, click an Edit icon to display the following screen. P-660HN-Fx User’s Guide...
Page 180: Figure 103 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule
TCP Estab This field is only available when you select TCP in the Protocol field. Select Yes to have the rule match packets that want to establish a TCP connection. This field is ignored if you select No. P-660HN-Fx User’s Guide...
Page 181: Editing Generic Filters
For IP packets, it is generally easier to use the IP rules directly. For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
Page 182: Configuring Generic Packet Rules
Enter the byte count of the data portion in the packet that you wish to compare. The range for this field is 0 to 8. Mask Enter the mask (in hexadecimal notation) to apply to the data portion before comparison. P-660HN-Fx User’s Guide...
Page 183: Packet Filter Technical Reference
On the other hand, the generic filters are applied to the raw packets that appear on the wire. They are applied at the point when the ZyXEL Device is receiving and sending the packets; that is the interface. The interface can be an Ethernet port or any other hardware port.
Page 184: Firewall Versus Filters
Chapter 11 Packet Filter 11.3.2 Firewall Versus Filters Below are some comparisons between the ZyXEL Device’s filtering and firewall functions. Packet Filtering • The router filters packets as they pass through the router’s interface according to the filter rules you designed.
Page 185: Certificates
Figure 107 Certificates Example In the figure above, the ZyXEL Device (Z) checks the identity of the notebook (A) using a certificate before granting it access to the network. 12.1.1 What You Can Do in the Certificates Screens •...
Page 186: What You Need To Know About Certificates
12.2 The My Certificates Screen This is the ZyXEL Device’s summary list of certificates and certification requests. Certificates display in black and certification requests display in gray. Click Security > Certificates > My Certificates to open the My Certificates screen.
Page 187: Table 66 My Certificates
Note that subsequent certificates move up by one when you take this action Create Click this to go to the screen where you can have the ZyXEL Device generate a certificate or a certification request. P-660HN-Fx User’s Guide...
Page 188: My Certificate Import
Click this to display the current validity status of the certificates. 12.2.1 My Certificate Import Follow the instructions in this screen to save an existing certificate to the ZyXEL Device. Click Security > Certificates > My Certificates and then Import to open the My Certificate Import screen.
Page 189: My Certificate Create
Click this to clear your settings. 12.2.2 My Certificate Create Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. Click Security > Certificates > My Certificates > Create to open the My Certificate Create screen.
Page 190 Select Create a certification request and save it locally for later manual request and save it enrollment to have the ZyXEL Device generate and store a request for a locally for later certificate. Use the My Certificate Details screen to view the certification manual enrollment request and copy it to send to the certification authority.
Page 191: My Certificate Details
Use this screen to view in-depth certificate information and change the certificate’s name. In the case of a self-signed certificate, you can set it to be the one that the ZyXEL Device uses to sign the trusted remote host certificates that you import to the ZyXEL Device. Click Security >...
Page 192: Figure 111 My Certificate Details
31 characters to identify this certificate. You may use any character (not including spaces). Property Select this check box to have the ZyXEL Device use this certificate to sign the Default self-signed trusted remote host certificates that you import to the ZyXEL Device. This check certificate which box is only available with self-signed certificates.
Page 193 If the certificate is a self-signed certificate, the certificate itself is the only one in the list. The ZyXEL Device does not trust the certificate and displays “Not trusted” in this field if any certificate on the path has expired or been revoked.
Page 194: The Trusted Cas Screen
This screen displays a summary list of certificates of the certification authorities that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities.
Page 195: Trusted Ca Import
LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use. The bar turns from blue to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
Page 196: Trusted Ca Details
Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyXEL Device to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
Page 197: Figure 114 Trusted Ca Details
31 characters to identify this key certificate. You may use any character (not including spaces). Property Select this check box to have the ZyXEL Device check incoming certificates that Issues certificate are issued by this certification authority against a Certificate Revocation List revocation lists (CRL).
Page 198 Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). Subject Alternative This field displays the certificate’s owner‘s IP address (IP), domain name (DNS)
Page 199: The Trusted Remote Hosts Screens
Apply Click this to save your changes. You can only change the name and/or set whether or not you want the ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority.
Page 200: Figure 115 Trusted Remote Hosts
Issuer (My Default This field displays identifying information about the default self-signed certificate Self-signed on the ZyXEL Device that the ZyXEL Device uses to sign the trusted remote host Certificate) certificates. This field displays the certificate index number. The certificates are listed in alphabetical order.
Page 201: Trusted Remote Hosts Import
Import to open the Trusted Remote Host Import screen. Follow the instructions in this screen to save a trusted host’s certificate to the ZyXEL Device. The trusted remote host certificate must be a self-signed certificate; and you must remove any spaces from its filename before you can import it.
Page 202: Figure 117 Trusted Remote Host Details
For a trusted host, the list consists of the end entity’s own certificate and the default self-signed certificate that the ZyXEL Device uses to sign remote host certificates. Refresh Click this to display the certification path.
Page 203 ZyXEL Device that the ZyXEL Device uses to sign the trusted remote host certificates. Signature Algorithm This field displays the type of algorithm that the ZyXEL Device used to sign the certificate, which is rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm).
Page 204: The Directory Servers Screens
This screen displays a summary list of directory servers (that contain lists of valid and revoked certificates) that have been saved into the ZyXEL Device. If you decide to have the ZyXEL Device check incoming certificates against the issuing certification authority’s list of revoked certificates, the ZyXEL Device first checks the server(s) listed in the CRL Distribution Points field of the incoming certificate.
Page 205: Directory Server Add And Edit
ZyXEL Device can access it. 12.5.1 Directory Server Add and Edit Use this screen to configure information about a directory server that the ZyXEL Device can access. Click Security > Certificates > Directory Servers to open the Directory Servers screen.
Page 206: Certificates Technical Reference
A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked.
Page 207: Private-Public Certificates
Self-signed Certificates You can have the ZyXEL Device act as a certification authority and sign its own certificates. 12.6.2 Private-Public Certificates When using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available.
Page 208: Figure 120 Remote Host Certificates
3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 121 Certificate Details 4 Verify (over the phone for example) that the remote host has the same information in the Thumbprint Algorithm and Thumbprint fields. P-660HN-Fx User’s Guide...
Page 209: Advanced
Advanced Static Route (211) 802.1Q/1P (215) Quality of Service (QoS) (225) Dynamic DNS Setup (239) Remote Management (243) Universal Plug-and-Play (UPnP) (255)
Page 211: Static Route
13.1 Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes.
Page 212: The Static Route Screen
Click the Edit icon to go to the screen where you can set up a static route on the ZyXEL Device. Click the Remove icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route.
Page 213: Static Route Edit
Section 5.3 on page 75 for details on configuring a remote node. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-Fx User’s Guide...
Page 214 Chapter 13 Static Route P-660HN-Fx User’s Guide...
Page 215: Q/1P
You can assign any ports on the ZyXEL Device to a VLAN group and configure the settings for the group. You may also set the priority level for traffic trasmitted through the ports.
Page 216: Q/1P Example
802.1Q VLAN-unaware device to an 802.1Q VLAN-aware switch, the ZyXEL Device first decides where to forward the frame, and then inserts a VLAN tag reflecting the ingress port's default VID. The default PVID is VLAN 1 for all ports, but this can be changed.
Page 217: Figure 127 Advanced > 802.1Q/1P > Group Setting > Edit: Example
1 Click Advanced > 802.1Q/1P > Port Setting to display the following screen. 2 Type 2 in the 802.1Q PVID column for LAN1, LAN2 and PVC1. 3 Select 7 from the 802.1P Priority drop-down list box for LAN1, LAN2 and PVC1. 4 Click Apply. P-660HN-Fx User’s Guide...
Page 218: Figure 128 Advanced > 802.1Q/1P > Port Setting: Example
PVC3 into one VLAN (VLAN4). PVC3 priority is set to medium level of service. Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4. The summary screen should then display as follows. P-660HN-Fx User’s Guide...
Page 219: The 802.1Q/1P Group Setting Screen
Figure 129 Advanced > 802.1Q/1P > Group Setting: Example This completes the 802.1Q/1P setup. 14.2 The 802.1Q/1P Group Setting Screen Use this screen to activate 802.1Q/1P and display the VLAN groups. Click Advanced > 802.1Q/1P to display the following screen. P-660HN-Fx User’s Guide...
Page 220: Figure 130 Advanced > 802.1Q/1P > Group Setting
Enter the ID number of a VLAN group. All interfaces (ports, SSIDs and PVCs) are in the management VLAN by default. If you disable the management VLAN, you will not be able to access the ZyXEL Device. Summary This field displays the index number of the VLAN group.
Page 221: Editing 802.1Q/1P Group Setting
This field displays the types of ports available to join the VLAN group. Control Select Fixed for the port to be a permanent member of the VLAN group. Select Forbidden if you want to prohibit the port from joining the VLAN group. P-660HN-Fx User’s Guide...
Page 222: The 802.1Q/1P Port Setting Screen
This field displays the types of ports available to join the VLAN group. 802.1Q PVID Assign a VLAN ID for the port. The valid VID range is between 1 and 4094. The ZyXEL Device assigns the PVID to untagged frames or priority-tagged frames received on this port. P-660HN-Fx User’s Guide...
Page 223 You may choose a priority level from 0-7, with 0 being the lowest level and 7 being the highest level. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-Fx User’s Guide...
Page 224 Chapter 14 802.1Q/1P P-660HN-Fx User’s Guide...
Page 225: Quality Of Service (Qos)
Quality of Service (QoS) 15.1 Overview Use the QoS screens to set up your ZyXEL Device to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth. QoS allows the ZyXEL Device to group and prioritize application traffic and fine-tune network performance.
Page 226: Qos Class Setup Example
Traffic from the boss’s IP address (192.168.1.23 for example) is mapped to queue 5. Traffic that does not match these two classes are assigned priority queue based on the internal QoS mapping table on the ZyXEL Device. Figure 133 QoS Example...
Page 227: Figure 134 Qos Class Example: Voip -1
Chapter 15 Quality of Service (QoS) Figure 134 QoS Class Example: VoIP -1 Figure 135 QoS Class Example: VoIP -2 P-660HN-Fx User’s Guide...
Page 228: Figure 136 Qos Class Example: Boss -1
Chapter 15 Quality of Service (QoS) Figure 136 QoS Class Example: Boss -1 Figure 137 QoS Class Example: Boss -2 P-660HN-Fx User’s Guide...
Page 229: The Qos General Screen
Chapter 15 Quality of Service (QoS) 15.2 The QoS General Screen Use this screen to enable or disable QoS and have the ZyXEL Device automatically assign priority to traffic according to the IEEE 802.1p priority level, IP precedence and/or packet length.
Page 230: The Class Setup Screen
Click this to restore your previously saved settings. 15.3.1 The Class Configuration Screen Use this screen to configure a classifier. Click the Add button or the Edit icon in the Modify field to display the following screen. P-660HN-Fx User’s Guide...
Page 231: Figure 140 Advanced > Qos > Class Setup: Edit
Chapter 15 Quality of Service (QoS) Figure 140 Advanced > QoS > Class Setup: Edit P-660HN-Fx User’s Guide...
Page 232: Table 85 Advanced > Qos > Class Setup: Edit
Select from which interface traffic of this class should come. Priority Select a priority level (between 0 and 7) or select Auto to have the ZyXEL Device map the matched traffic to a queue according to the internal QoS mapping table. See Section 15.5.4 on page 236...
Page 233 Select this option and enter the minimum and maximum packet length (from 28 to 1500) in the fields provided. DSCP Select this option and specify a DSCP (DiffServ Code Point) number between 0 and 63 in the field provided. P-660HN-Fx User’s Guide...
Page 234: The Qos Monitor Screen
Click this to restore your previously saved settings. 15.4 The QoS Monitor Screen Use this screen to view the ZyXEL Device’s QoS packet statistics. Click Advanced > QoS > Monitor. The screen appears as shown. Figure 141 Advanced > QoS > Monitor The following table describes the labels in this screen.
Page 235: Qos Technical Reference
IP precedence uses three bits of the eight-bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest. P-660HN-Fx User’s Guide...
Page 236: Diffserv
DSCP values and the configured policies. 15.5.4 Automatic Priority Queue Assignment If you enable QoS on the ZyXEL Device, the ZyXEL Device can automatically base on the IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class.
Page 237 IEEE 802.1P USER QUEUE PRIORITY TOS (IP IP PACKET DSCP (ETHERNET PRECEDENCE) LENGTH (BYTE) PRIORITY) 001110 250~1100 001100 001010 001000 010110 010100 010010 010000 011110 <250 011100 011010 011000 100110 100100 100010 100000 101110 101000 110000 111000 P-660HN-Fx User’s Guide...
Page 238 Chapter 15 Quality of Service (QoS) P-660HN-Fx User’s Guide...
Page 239: Dynamic Dns Setup
If you have a private WAN IP address, then you cannot use Dynamic DNS. 16.2 The Dynamic DNS Screen Use this screen to change your ZyXEL Device’s DDNS. Click Advanced > Dynamic DNS. The screen appears as shown. P-660HN-Fx User’s Guide...
Page 240: Figure 142 Advanced > Dynamic Dns
Select the type of service that you are registered for from your Dynamic DNS Type service provider. Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (","). User Name Type your user name.
Page 241 Table 89 Advanced > Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this option only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. This feature has the DDNS server automatically detect IP detect and use the IP address of the NAT router that has a public IP address.
Page 242 Chapter 16 Dynamic DNS Setup P-660HN-Fx User’s Guide...
Page 243: Remote Management
To disable remote management of a service, select Disable in the corresponding Access Status field. You may only have one remote management session running at a time. The ZyXEL Device automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts.
Page 244: What You Can Do In The Remote Management Screens
• Use the WWW screen (Section 17.2 on page 245) to configure through which interface(s) and from which IP address(es) users can use HTTP to manage the ZyXEL Device. • Use the Telnet screen (Section 17.3 on page 247) to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the ZyXEL Device.
Page 245: The Www Screen
Chapter 17 Remote Management 17.2 The WWW Screen Use this screen to specify how to connect to the ZyXEL Device from a web browser, such as Internet Explorer. 17.2.1 WWW and HTTPS HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages.
Page 246: Configuring The Www Screen
HTTPS Server Host Key Select the Server Host Key that the ZyXEL Device will use to identify itself. The ZyXEL Device is the SSL server and must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the ZyXEL Device).
Page 247: The Telnet Screen
Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Page 248: The Ftp Screen
Chapter 17 Remote Management 17.4 The FTP Screen You can use FTP (File Transfer Protocol) to upload and download the ZyXEL Device’s firmware and configuration files. Please see the User’s Guide chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client.
Page 249: Figure 148 Snmp Management Model
An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP.
Page 250: Supported Mibs
MIBs is to let administrators collect statistical data and monitor status and performance. 17.5.2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 93 SNMP Traps...
Page 251: Figure 149 Advanced > Remote Management > Snmp
A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Page 252: The Dns Screen
Chapter 6 on page 89 for background information. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS settings. This feature is not available when the ZyXEL Device is set to bridge mode.
Page 253: Figure 151 Advanced > Remote Management > Icmp
ZyXEL Device services unseen. If this option is not selected, the ZyXEL Device will reply with an ICMP port unreachable packet for a port probe on its unused UDP ports and a TCP reset packet for a port probe on its unused TCP ports.
Page 254 Chapter 17 Remote Management P-660HN-Fx User’s Guide...
Page 255: Universal Plug-And-Play (Upnp)
18.1.1 What You Can Do in the UPnP Screen Use the UPnP screen (Section 18.2 on page 256) to enable UPnP on the ZyXEL Device and allow UPnP-enabled applications to automatically configure the ZyXEL Device. 18.1.2 What You Need to Know About UPnP Identifying UPnP Devices UPnP hardware is identified as an icon in the Network Connections folder (Windows XP).
Page 256: The Upnp Screen
See the following sections for examples of installing and using UPnP. 18.2 The UPnP Screen Use the following screen to configure the UPnP settings on your ZyXEL Device. Click Advanced > UPnP to display the screen shown next. Section 18.1 on page 255 for more information.
Page 257: Installing Upnp In Windows Example
2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Figure 153 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. P-660HN-Fx User’s Guide...
Page 258: Figure 154 Add/Remove Programs: Windows Setup: Communication: Components
3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 155 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. P-660HN-Fx User’s Guide...
Page 259: Figure 156 Windows Optional Networking Components Wizard
Figure 156 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 157 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. P-660HN-Fx User’s Guide...
Page 260: Using Upnp In Windows Xp Example
This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device.
Page 261: Figure 159 Internet Connection Properties
Chapter 18 Universal Plug-and-Play (UPnP) Figure 159 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. P-660HN-Fx User’s Guide...
Page 262: Figure 160 Internet Connection Properties: Advanced Settings
5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. P-660HN-Fx User’s Guide...
Page 263: Figure 162 System Tray Icon
Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.
Page 264: Figure 164 Network Connections
Chapter 18 Universal Plug-and-Play (UPnP) Figure 164 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-660HN-Fx User’s Guide...
Page 265: Figure 165 Network Connections: My Network Places
Chapter 18 Universal Plug-and-Play (UPnP) Figure 165 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 166 Network Connections: My Network Places: Properties: Example...
Page 266 Chapter 18 Universal Plug-and-Play (UPnP) P-660HN-Fx User’s Guide...
Page 267: Maintenance
Maintenance System Settings (269) Logs (275) Tools (287) Diagnostic (299)
Page 269: System Settings
• In Windows 2000, click Start, Settings, Control Panel and then double-click System. Click the Network Identification tab and then the Properties button. Note the entry for the Computer name field and enter it as the System Name. P-660HN-Fx User’s Guide...
Page 270: Figure 167 Maintenance > System > General
Type your new user password (up to 30 characters). Note that as you type a Password password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the ZyXEL Device. P-660HN-Fx User’s Guide...
Page 271: The Time Setting Screen
Click this to restore your previously saved settings. 19.3 The Time Setting Screen Use this screen to configure the ZyXEL Device’s time based on your local time zone. To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting.
Page 272: Table 99 Maintenance > System > Time Setting
When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. Get from Time Select this radio button to have the ZyXEL Device get the time and date from the Server time server you specified below.
Page 273 In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HN-Fx User’s Guide...
Page 274 Chapter 19 System Settings P-660HN-Fx User’s Guide...
Page 275: Logs
The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Page 276: The Log Settings Screen
Use the Log Settings screen to configure the mail server, the syslog server, when to send logs and what logs to send. To change your ZyXEL Device’s log settings, click Maintenance > Logs > Log Settings. The screen appears as shown.
Page 277: Figure 170 Maintenance > Logs > Log Settings
ZyXEL Device sends. Not all ZyXEL Device models have this field. Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail.
Page 278: Smtp Error Messages
Enter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to Sending Log send the logs. Clear log after Select the checkbox to delete all the logs after the ZyXEL Device sends an E-mail of sending mail the logs. Syslog Logging The ZyXEL Device sends a log to an external syslog server.
Page 279: Example E-Mail Log
Someone has logged on to the router's web configurator Successful WEB login interface. Someone has failed to log on to the router's web configurator WEB login failed interface. Someone has logged on to the router via telnet. Successful TELNET login P-660HN-Fx User’s Guide...
Page 280: Table 104 System Error Logs
The router failed to allocate memory for the NetBIOS filter setNetBIOSFilter: calloc settings. error The router failed to allocate memory for the NetBIOS filter readNetBIOSFilter: calloc settings. error A WAN connection is down. You cannot access the network WAN connection is down. through this interface. P-660HN-Fx User’s Guide...
Page 281: Table 105 Access Control Logs
TOS (firewall dynamic sessions) until incomplete connections < “Maximum Incomplete Low”. The router sends a TCP RST packet and generates this log if you Access block, sent TCP turn on the firewall TCP reset mechanism (via CI command: "sys firewall tcprst"). P-660HN-Fx User’s Guide...
Page 282: Table 107 Packet Filter Logs
LOG MESSAGE DESCRIPTION The PPP connection’s Link Control Protocol stage has started. ppp:LCP Starting The PPP connection’s Link Control Protocol stage is opening. ppp:LCP Opening The PPP connection’s Challenge Handshake Authentication Protocol stage is ppp:CHAP Opening opening. P-660HN-Fx User’s Guide...
Page 283: Table 111 Upnp Logs
The firewall detected a TCP teardrop attack. teardrop TCP The firewall detected an UDP teardrop attack. teardrop UDP The firewall detected an ICMP teardrop attack. teardrop ICMP (type:%d, code:%d) The firewall detected a TCP illegal command attack. illegal command TCP P-660HN-Fx User’s Guide...
Page 284: Table 114 802.1X Logs
ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN. (L to L/ZyXEL Device) LAN to LAN/ ACL set for packets traveling from the LAN to the LAN or ZyXEL Device the ZyXEL Device.
Page 285: Table 116 Icmp Notes
Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message P-660HN-Fx User’s Guide...
Page 286: Table 117 Syslog Logs
RFC 2408 for detailed information on each type. Table 118 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID P-660HN-Fx User’s Guide...
Page 287: Tools
The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension. Once you have customized the ZyXEL Device's settings, they can be saved back to your computer under a filename of your choosing.
Page 288: Before You Begin
The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary.
Page 289: Tool Examples
FTP client. The following sections give examples of how to upload the firmware and the configuration files. FTP File Upload Command from the DOS Prompt Example 1 Launch the FTP client on your computer. P-660HN-Fx User’s Guide...
Page 290: Figure 173 Ftp Session Example Of Firmware File Upload
Enter “command sys stdio 5” to restore the five-minute management idle timeout (default) when the file transfer is complete. 3 Launch the TFTP client on your computer and connect to the device. Set the transfer mode to binary before starting data transfer. P-660HN-Fx User’s Guide...
Page 291: Figure 174 Ftp Session Example
5 Enter “ ” to set transfer mode to binary. 6 Use “ ” to transfer files from the ZyXEL Device to the computer, for example, “ ” transfers the configuration file on the ZyXEL Device to your rom-0 config.rom computer and renames it “...
Page 292: Table 120 General Commands For Gui-Based Ftp Clients
To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next. 1 Use telnet from your computer to connect to the ZyXEL Device and log in. Because TFTP does not have any security checks, the ZyXEL Device records the IP address of the telnet client and accepts TFTP requests only from this address.
Page 293: The Firmware Screen
Enter the IP address of the ZyXEL Device. 192.168.1.1 is the ZyXEL Device’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the ZyXEL Device and “Fetch” to back up the file on your computer. Local File Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom...
Page 294: Figure 176 Firmware Upload In Progress
ZyXEL Device again. Figure 176 Firmware Upload In Progress The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 177 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
Page 295: The Configuration Screen
Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 296: Figure 180 Configuration Upload Successful
Upload Click this to begin the upload process. Do not turn off the ZyXEL Device while configuration file upload is in progress. After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again.
Page 297: The Restart Screen
System restart allows you to reboot the ZyXEL Device remotely without turning the power off. You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
Page 298: Figure 185 Maintenance > Tools >Restart
Chapter 21 Tools Figure 185 Maintenance > Tools >Restart P-660HN-Fx User’s Guide...
Page 299: Diagnostic
H A P T E R Diagnostic 22.1 Overview These read-only screens display information to help you identify problems with the ZyXEL Device. 22.1.1 What You Can Do in the Diagnostic Screens • Use the General Diagnostic screen (Section 22.2 on page 299) to ping an IP address.
Page 300: The Dsl Line Diagnostic Screen
22.3 The DSL Line Diagnostic Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 187 Maintenance > Diagnostic > DSL Line P-660HN-Fx User’s Guide...
Page 301: Table 125 Maintenance > Diagnostic > Dsl Line
ATM OAM F5 cells that have been received. outF5Pkts is the number of ATM OAM F5 cells that have been sent. openChan is the number of times that the ZyXEL Device has opened a logical DSL channel.
Page 302 Loading ADSL modem F/W... Reset ADSL Line Successfully!" Capture All Logs Click this to display information and statistics about your ZyXEL Device’s ATM statistics, DSL connection statistics, DHCP settings, firmware version, WAN and gateway IP address, VPI/VCI and LAN IP address.
Page 303: Troubleshooting And Specifications
Troubleshooting and Specifications Product Specifications (305) Troubleshooting (313)
Page 305: Product Specifications
H A P T E R Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. 23.1 Hardware Specifications Table 126 Hardware Specifications Dimensions (362 W) x (200 D) x (110 H) mm Weight 365 g Power Specification...
Page 306 Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, an FTP or a TFTP tool to put it on the ZyXEL Device. Note: Only upload firmware for your specific model! Configuration Backup &...
Page 307 Table 127 Firmware Specifications (continued) Any IP The Any IP feature allows a computer to access the Internet and the ZyXEL Device without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the ZyXEL Device are not in the same subnet.
Page 308: Wireless Features
F4/F5 OAM 23.3 Wireless Features Table 128 Wireless Features External Antenna The ZyXEL Device is equipped with two fixed antenna to provide a clear radio signal between the wireless stations and the access points. Wireless LAN MAC Address Your device can check the MAC addresses of wireless stations Filtering against a list of allowed or denied MAC addresses.
Page 309: Table 129 Standards Supported
Store up to 32 built-in user profiles using EAP-MD5 (Local User Database) External RADIUS server using EAP-MD5, TLS, TTLS Wireless scheduling The following list, which is not exhaustive, illustrates the standards supported in the ZyXEL Device. Table 129 Standards Supported STANDARD...
Page 310: Power Adaptor Specifications
TR-069 TR-069 DSL Forum Standard for CPE Wan Management. 1.363.5 Compliant AAL5 SAR (Segmentation And Re-assembly) 23.4 Power Adaptor Specifications Table 130 ZyXEL Device Series Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model 12V 1A SOCB PA...
Page 311 Chapter 23 Product Specifications Table 130 ZyXEL Device Series Power Adaptor Specifications (continued) Output Power DC 12Volts/1.0A Power Consumption 8.3 Watt max Safety Standards CE, GS or TUV, EN60950-1 P-660HN-Fx User’s Guide...
Page 312 Chapter 23 Product Specifications P-660HN-Fx User’s Guide...
Page 313: Troubleshooting
2 Make sure you are using the power adaptor or cord included with the ZyXEL Device. 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source. Make sure the power source is turned on.
Page 314: Zyxel Device Access And Login
To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig. The IP address of the Default Gateway might be the IP address of the ZyXEL Device (it depends on the network), so enter this IP address in your Internet browser.
Page 315 Chapter 24 Troubleshooting 5 Reset the device to its factory defaults, and try to access the ZyXEL Device with the default IP address. See Section 1.6 on page 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.
Page 316: Internet Access
2 Check the signal strength. If the signal strength is low, try moving your computer closer to the ZyXEL Device if possible, and look around to see if there are any devices that might be interfering with the wireless network (for example, microwaves, other wireless networks, and so on).
Page 317: Part Viii: Appendices And Index
VIII Appendices and Index The appendices provide general information. Some details may not apply to your ZyXEL Device. Setting up Your Computer’s IP Address (319) Pop-up Windows, JavaScripts and Java Permissions (341) IP Addresses and Subnetting (349) Wireless LANs (357)
Page 319: Appendix A Setting Up Your Computer's Ip Address
After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window.
Page 320: Figure 188 Windows 95/98/Me: Network: Configuration
2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. P-660HN-Fx User’s Guide...
Page 321: Figure 189 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
• If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). P-660HN-Fx User’s Guide...
Page 322: Figure 190 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings 1 Click Start and then Run.
Page 323: Figure 191 Windows Xp: Start Menu
Appendix A Setting up Your Computer’s IP Address Figure 191 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 192 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-660HN-Fx User’s Guide...
Page 324: Figure 193 Windows Xp: Control Panel: Network Connections: Properties
• If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. P-660HN-Fx User’s Guide...
Page 325: Figure 195 Windows Xp: Internet Protocol (Tcp/Ip) Properties
To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. P-660HN-Fx User’s Guide...
Page 326: Figure 196 Windows Xp: Advanced Tcp/Ip Properties
• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. P-660HN-Fx User’s Guide...
Page 327: Figure 197 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt. 2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.
Page 328: Figure 198 Windows Vista: Start Menu
2 In the Control Panel, double-click Network and Internet. Figure 199 Windows Vista: Control Panel 3 Click Network and Sharing Center. Figure 200 Windows Vista: Network And Internet 4 Click Manage network connections. Figure 201 Windows Vista: Network and Sharing Center P-660HN-Fx User’s Guide...
Page 329: Figure 202 Windows Vista: Network And Sharing Center
During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 202 Windows Vista: Network and Sharing Center 6 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 203 Windows Vista: Local Area Connection Properties P-660HN-Fx User’s Guide...
Page 330: Figure 204 Windows Vista: Internet Protocol Version 4 (Tcp/Ipv4) Properties
To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. P-660HN-Fx User’s Guide...
Page 331: Figure 205 Windows Vista: Advanced Tcp/Ip Properties
• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. P-660HN-Fx User’s Guide...
Page 332: Figure 206 Windows Vista: Internet Protocol Version 4 (Tcp/Ipv4) Properties
11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window. 13 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt.
Page 333: Figure 207 Macintosh Os 8/9: Apple Menu
2 Select Ethernet built-in from the Connect via list. Figure 208 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. P-660HN-Fx User’s Guide...
Page 334: Figure 209 Macintosh Os X: Apple Menu
• Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel.
Page 335: Figure 210 Macintosh Os X: Network
• Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window.
Page 336: Figure 211 Red Hat 9.0: Kde: Network Configuration: Devices
Figure 211 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 212 Red Hat 9.0: KDE: Ethernet Device: General P-660HN-Fx User’s Guide...
Page 337: Figure 213 Red Hat 9.0: Kde: Network Configuration: Dns
Ethernet card). Open the eth0 eth0 configuration file with any plain text editor. • If you have a dynamic IP address, enter in the field. The dhcp BOOTPROTO= following figure shows an example. P-660HN-Fx User’s Guide...
Page 338: Figure 215 Red Hat 9.0: Dynamic Ip Address Setting In Ifconfig-Eth0
Figure 218 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] P-660HN-Fx User’s Guide...
Page 339: Figure 219 Red Hat 9.0: Checking Tcp/Ip Properties
HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# P-660HN-Fx User’s Guide...
Page 340 Appendix A Setting up Your Computer’s IP Address P-660HN-Fx User’s Guide...
Page 341: Appendix B Pop-Up Windows, Javascripts And Java Permissions
1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 220 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. P-660HN-Fx User’s Guide...
Page 342: Figure 221 Internet Options: Privacy
Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. P-660HN-Fx User’s Guide...
Page 343: Figure 222 Internet Options: Privacy
3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 223 Pop-up Blocker Settings P-660HN-Fx User’s Guide...
Page 344: Figure 224 Internet Options: Security
3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. P-660HN-Fx User’s Guide...
Page 345: Figure 225 Security Settings - Java Scripting
2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 226 Security Settings - Java P-660HN-Fx User’s Guide...
Page 346: Figure 227 Java (Sun)
Figure 227 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. P-660HN-Fx User’s Guide...
Page 347: Figure 228 Mozilla Firefox: Tools > Options
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 228 Mozilla Firefox: Tools > Options Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 229 Mozilla Firefox Content Security P-660HN-Fx User’s Guide...
Page 348 Appendix B Pop-up Windows, JavaScripts and Java Permissions P-660HN-Fx User’s Guide...
Page 349: Appendix C Ip Addresses And Subnetting
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. P-660HN-Fx User’s Guide...
Page 350: Figure 230 Network Number And Host Id
Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. P-660HN-Fx User’s Guide...
Page 351: Table 132 Subnet Masks
For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Table 134 Alternative Subnet Mask Notation ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000 P-660HN-Fx User’s Guide...
Page 352: Figure 231 Subnetting Example: Before Subnetting
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. P-660HN-Fx User’s Guide...
Page 353: Figure 232 Subnetting Example: After Subnetting
Table 135 Subnet 1 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address (Decimal) 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.1 192.168.1.0 Broadcast Address: Highest Host ID: 192.168.1.62 192.168.1.63 P-660HN-Fx User’s Guide...
Page 354: Table 136 Subnet 2
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 139 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS P-660HN-Fx User’s Guide...
Page 355: Table 140 24-Bit Network Number Subnet Planning
SUBNET 255.255.128.0 (/17) 32766 255.255.192.0 (/18) 16382 255.255.224.0 (/19) 8190 255.255.240.0 (/20) 4094 255.255.248.0 (/21) 2046 255.255.252.0 (/22) 1022 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25) 255.255.255.192 (/26) 1024 255.255.255.224 (/27) 2048 255.255.255.240 (/28) 4096 255.255.255.248 (/29) 8192 P-660HN-Fx User’s Guide...
Page 356: Private Ip Addresses
You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
Page 357: Appendix D Wireless Lans
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. P-660HN-Fx User’s Guide...
Page 358: Figure 234 Basic Service Set
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. P-660HN-Fx User’s Guide...
Page 359: Figure 235 Infrastructure Wlan
(AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. P-660HN-Fx User’s Guide...
Page 360: Figure 236 Rts/Cts
AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. P-660HN-Fx User’s Guide...
Page 361: Table 142 Ieee 802.11G
Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it, otherwise the ZyXEL Device uses long preamble. The wireless devices MUST use the same preamble mode in order to communicate.
Page 362: Table 143 Wireless Security Levels
Appendix D Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
Page 363: Types Of Radius Messages
EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . P-660HN-Fx User’s Guide...
Page 364 However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. P-660HN-Fx User’s Guide...
Page 365: Table 144 Comparison Of Eap Authentication Types
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. P-660HN-Fx User’s Guide...
Page 366 AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it. P-660HN-Fx User’s Guide...
Page 367: Wireless Client Wpa Supplicants
(PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). 2 The AP checks each wireless client's password and allows it to join the network only if the password matches. P-660HN-Fx User’s Guide...
Page 368: Figure 238 Wpa(2)-Psk Authentication
Enable without Dynamic WEP Key Open Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable TKIP/AES Enable WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable P-660HN-Fx User’s Guide...
Page 369: Antenna Characteristics
The angle of the beam determines the width of the coverage pattern. Angles typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications. P-660HN-Fx User’s Guide...
Page 370 For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. P-660HN-Fx User’s Guide...
Page 371: Appendix E Services
A popular videoconferencing solution from White Pines Software. TCP/UDP 24032 TCP/UDP Domain Name Server, a service that matches web names (for instance www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation Security (IPSEC_TUNNEL) Protocol) tunneling protocol uses this service. FINGER...
Page 372 (TCP/IP or other). POP3S This is a more secure version of POP3 that runs over SSL. PPTP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. P-660HN-Fx User’s Guide...
Page 373 Access Controller Access Control System). TELNET Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/ IP networks. Its primary function is to allow users to log into remote host systems. P-660HN-Fx User’s Guide...
Page 374 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the application. user- defined P-660HN-Fx User’s Guide...
Page 375: Appendix F Internal Sptgen
Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual screens for each ZyXEL Device.
Page 376: Figure 240 Invalid Parameter Entered: Command Line Example
Figure 239 on page 375), then you disable every field in this menu. If you enter a parameter that is invalid in the Input column, the ZyXEL Device will not save the configuration and the command line will display the Field Identification Number.
Page 377: Figure 242 Internal Sptgen Ftp Download Example
2 Enter " ". The command “ ” sets the transfer mode to binary. 3 Upload your “ ” file from your computer to the ZyXEL Device using the “ ” rom-t command. computer to the ZyXEL Device. 4 Exit this FTP application.
Page 378: Table 148 Menu 1 General Setup
Table 147 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device. The following are the Internal SPTGEN menus. Table 148 Menu 1 General Setup / Menu 1 General Setup INPUT 10000000 = Configured <0(No) | 1(Yes)>...
Page 379 Set 2 30201008 = IP Alias #1 Incoming protocol filters = 256 Set 3 30201009 = IP Alias #1 Incoming protocol filters = 256 Set 4 30201010 = IP Alias #1 Outgoing protocol filters = 256 Set 1 P-660HN-Fx User’s Guide...
Page 380 <0(No) | 1(Yes)> 30500003 = Channel ID <1|2|3|4|5|6| 7|8|9|10|11|1 2|13> 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)> P-660HN-Fx User’s Guide...
Page 381: Table 150 Menu 4 Internet Access Setup
<0(No) | 1(Yes)> 40000001 = <0(No) | 1(Yes)> 40000002 = Active <0(No) | 1(Yes)> 40000003 = ISP's Name = ChangeMe 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> 40000005 = Multiplexing <1(LLC-based) | 2(VC-based) P-660HN-Fx User’s Guide...
Page 382 Peak Cell Rate (PCR) 40000029 = Sustain Cell Rate (SCR) 40000030 = Maximum Burst Size(MBS) 40000031= RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> 40000033= Nailed-up Connection <0(No) |1(Yes)> P-660HN-Fx User’s Guide...
Page 383 IP Static Route set #4, Name <Str> 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> 120104003 = IP Static Route set #4, Destination = 0.0.0.0 IP address 120104004 = IP Static Route set #4, Destination IP subnetmask P-660HN-Fx User’s Guide...
Page 384: Table 151 Menu 12
/ Menu 12.1.8 IP Static Route Setup INPUT 120108001 = IP Static Route set #8, Name <Str> 120108002 = IP Static Route set #8, Active <0(No) |1(Yes)> 120108003 = IP Static Route set #8, Destination = 0.0.0.0 IP address P-660HN-Fx User’s Guide...
Page 385 120111007 = IP Static Route set #11, Private <0(No) |1(Yes)> */ Menu 12.1.12 IP Static Route Setup INPUT 120112001 = IP Static Route set #12, Name <Str> 120112002 = IP Static Route set #12, Active <0(No) |1(Yes)> P-660HN-Fx User’s Guide...
Page 386 IP subnetmask 120115005 = IP Static Route set #15, Gateway = 0.0.0.0 120115006 = IP Static Route set #15, Metric 120115007 = IP Static Route set #15, Private <0(No) |1(Yes)> */ Menu 12.1.16 IP Static Route Setup INPUT P-660HN-Fx User’s Guide...
Page 387: Table 152 Menu 15 Sua Server Setup
SUA Server #5 Protocol <0(All)|6(TCP)|17(U DP)> 150000019 = SUA Server #5 Port Start 150000020 = SUA Server #5 Port End 150000021 = SUA Server #5 Local IP address = 0.0.0.0 150000022 = SUA Server #6 Active <0(No) | 1(Yes)> = P-660HN-Fx User’s Guide...
Page 388 SUA Server #12 Active <0(No) | 1(Yes)> 150000053 = SUA Server #12 Protocol <0(All)|6(TCP)|17(U DP)> 150000054 = SUA Server #12 Port Start 150000055 = SUA Server #12 Port End 150000056 = SUA Server #12 Local IP address = 0.0.0.0 P-660HN-Fx User’s Guide...
Page 389: Table 153 Menu 21.1 Filter Set #1
210102006 = IP Filter Set 1,Rule 2 Dest Port = 138 210102007 = IP Filter Set 1,Rule 2 Dest Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> 210102008 = IP Filter Set 1,Rule 2 Src IP address = 0.0.0.0 P-660HN-Fx User’s Guide...
Page 390 IP Filter Set 1,Rule 4 Type <2(TCP/IP)> 210104002 = IP Filter Set 1,Rule 4 Active <0(No)|1(Yes)> 210104003 = IP Filter Set 1,Rule 4 Protocol = 17 210104004 = IP Filter Set 1,Rule 4 Dest IP address = 0.0.0.0 P-660HN-Fx User’s Guide...
Page 391 IP Filter Set 1,Rule 5 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> 210105013 = IP Filter Set 1,Rule 5 Act Match <1(check next)|2(forward)| 3(drop)> 210105014 = IP Filter Set 1,Rule 5 Act Not Match <1(Check Next) |2(Forward)|3(Dro p)> P-660HN-Fx User’s Guide...
Page 392: Table 154 Menu 21.1 Filer Set #2
IP Filter Set 2, Rule 1 Protocol 210201004 = IP Filter Set 2, Rule 1 Dest IP = 0.0.0.0 address 210201005 = IP Filter Set 2, Rule 1 Dest Subnet Mask 210201006 = IP Filter Set 2, Rule 1 Dest Port = 137 P-660HN-Fx User’s Guide...
Page 393 210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port <0(none)|1(equal)| Comp 2(not equal)|3(less)|4(g reater)> 210202013 = IP Filter Set 2, Rule 2 Act Match <1(check next)|2(forward)|3 (drop)> P-660HN-Fx User’s Guide...
Page 394 = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP = 0.0.0.0 address 210204005 = IP Filter Set 2, Rule 4 Dest Subnet Mask 210204006 = IP Filter Set 2, Rule 4 Dest Port = 137 P-660HN-Fx User’s Guide...
Page 395 210205010 = IP Filter Set 2, Rule 5 Src Port 210205011 = IP Filter Set 2, Rule 5 Src Port <0(none)|1(equal)| Comp 2(not equal)|3(less)|4(g reater)> 210205013 = IP Filter Set 2, Rule 5 Act Match <1(check next)|2(forward)|3 (drop)> P-660HN-Fx User’s Guide...
Page 396: Table 155 Menu 23 System Menus
= 0.0.0.0 241100007 = WEB Server Port = 80 241100008 = WEB Server Access <0(all)|1(none)|2( Lan) |3(Wan)> 241100009 = WEB Server Secured IP address = 0.0.0.0 Table 155 Menu 23 System Menus */ Menu 23.1 System Password Setup P-660HN-Fx User’s Guide...
Page 397: Table 156 Menu 24.11 Remote Management Control
Lan) |3(Wan)> 241100009 = WEB Server Secured IP address = 0.0.0.0 Command Examples The following are example Internal SPTGEN screens associated with the ZyXEL Device’s command interpreter commands. Table 157 Command Examples INPUT /ci command (for annex a): wan adsl opencmd...
Page 398 Appendix F Internal SPTGEN P-660HN-Fx User’s Guide...
Page 399: Appendix G Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Page 400 This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. P-660HN-Fx User’s Guide...
Page 401: Zyxel Limited Warranty
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Page 402 Appendix G Legal Information P-660HN-Fx User’s Guide...
Page 403: Appendix H Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional offices are listed below (see also http:// www.zyxel.com/web/contact_us.php).
Page 404 • Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 • Web: www.zyxel.fr • Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France P-660HN-Fx User’s Guide...
Page 405 • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan • Support E-mail: support@zyxel.co.jp •...
Page 406 • Sales E-mail: sales@zyxel.com.my • Telephone: +603-8076-9933 • Fax: +603-8076-9833 • Web: http://www.zyxel.com.my • Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • Support E-mail: support@zyxel.com •...
Page 407 • Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • Telephone: +65-6899-6678 • Fax: +65-6899-8887 • Web: http://www.zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • Support E-mail: support@zyxel.es • Sales E-mail: sales@zyxel.es •...
Page 408 • Sales E-mail: sales@zyxel.co.uk • Telephone: +44-1344-303044, 0845 122 0301 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) P-660HN-Fx User’s Guide...
Page 409: Index
141, 142, 146 traffic redirect 82, 86 Address Resolution Protocol, see ARP bandwidth management administrator password 40, 271 Basic Service Set, See BSS Advanced Encryption Standard Basic Service Set, see BSS See AES. broadcast 126, 357 alerts example P-660HN-Fx User’s Guide...
Page 410 Class of Service, see CoS customized services 161, 162, 163 classifiers 802.1Q tags activation configuration creation DSCP 232, 233 data fragment threshold 114, 123 priority default server, NAT 138, 139 remote node deletion, certificates routing policy P-660HN-Fx User’s Guide...
Page 411 WPA-PSK packet filtering pre-shared key rules 158, 166 ENET ENCAP 72, 77, 82 schedules enrollment security options, certificates status protocols, certificates three-way handshake triangle route 157, 168, 169 solutions exporting firmware 288, 293 remote hosts, certificates P-660HN-Fx User’s Guide...
Page 412 81, 152, 252 limitations IEEE 802.11g wireless LAN IGMP 70, 90, 92, 101, 123 snooping 114, 123 Local Area Network, see LAN login importing directory servers cerfiticates passwords 39, 40 remote hosts logs remote hosts, certificates alerts trusted CA P-660HN-Fx User’s Guide...
Page 413 78, 135, 136, 143, 144, 356 users activation address mapping 74, 80, 85 rules Peak Cell Rate, see PCR types 141, 142, 146 194, 199, 203 applications PIN, WPS 117, 118, 129 IP alias example default server IP address 138, 139 P-660HN-Fx User’s Guide...
Page 414 RTS (Request To Send) DiffServ threshold 359, 360 DSCP 232, 233, 236 RTS threshold 114, 123 example rules, port forwarding IP precedence monitor priority queue remote node routing policy safety warnings Quality of Service, see QoS SCEP schedules P-660HN-Fx User’s Guide...
Page 415 TR-069 DSL connections trademarks firewalls traffic priority 215, 223 firmware version traffic redirect 82, 86 traffic shaping packet statistics example wireless LAN triangle route 157, 168, 169 WLAN solutions trusted CA 194, 196 136, 137 algorithm P-660HN-Fx User’s Guide...
Page 416 72, 78, 83 channel 107, 123 configuration encryption 108, 125 example fragmentation threshold 114, 123 IGMP snooping IGMP snooping ATM QoS 74, 80, 86 limitations backup MAC address filter 106, 108, 114, 115, 124 DSL link P-660HN-Fx User’s Guide...
Page 417 111, 126, 365 authentication key caching pre-authentication reauthentication user authentication vs WPA-PSK wireless client supplicant with RADIUS application example WPA2 user authentication vs WPA2-PSK wireless client supplicant with RADIUS application example WPA2-Pre-Shared Key WPA2-PSK 365, 366 P-660HN-Fx User’s Guide...
Page 418 Index P-660HN-Fx User’s Guide...

This manual is also suitable for:

P-660hn-fx series

ZyXEL Communications P-660HN User Manual

Chapter 1 Introducing the Zyxel Device

Chapter 2 Introducing the Web Configurator

Chapter 3 Status Screens

Chapter 4 Internet and Wireless Setup Wizard

Chapter 5 WAN Setup

Chapter 6 LAN Setup

Chapter 7 Wireless LAN

Chapter 8 Network Address Translation (NAT)

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications P-660HN

Summary of Contents for ZyXEL Communications P-660HN