Page 1 P-660HN-Tx v2 Wireless N ADSL2+ 4-port Gateway P-660HN-TxA v2 Wireless N-lite ADSL2+ 4-port Gateway Default Login Details LAN IP http://192.168.1.1 Address User Name admin Password 1234 Version 2.00 Edition 1, 3/2012 www.zyxel.com www.zyxel.com Copyright © 2012 ZyXEL Communications Corporation...
Page 2: Read Carefully Before Use
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Note: This guide is a reference for a series of products. Therefore some features or options in this guide may not be available in your product. Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device.
Page 3: Table Of Contents
Contents Overview Contents Overview User’s Guide ............................13 Introduction .............................15 Introducing the Web Configurator ......................21 Tutorials ..............................27 Technical Reference ..........................55 Connection Status and System Info Screens ..................57 Broadband ...............................63 Wireless LAN ............................79 Home Networking ..........................109 Static Route ............................123 Quality of Service (QoS) ........................127 Network Address Translation (NAT) ......................139 Port Binding ............................149 Dynamic DNS Setup ..........................153...
Page 4 Contents Overview P-660HN-Tx(A) v2 User’s Guide...
Page 5: Table Of Contents
Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................5 Part I: User’s Guide ..................13 Chapter 1 Introduction............................15 1.1 Overview ............................15 1.2 Ways to Manage the ADSL Router ....................15 1.3 Good Habits for Managing the ADSL Router ..................15 1.4 Applications for the ADSL Router .....................16 1.4.1 Internet Access ........................16 1.4.2 Wireless Access ........................16...
Page 6 Table of Contents 3.6 Setting Up NAT Forwarding for a Game Server ................38 3.6.1 Port Forwarding ........................39 3.7 Configuring Firewall Rules to Allow a Specified Service ..............40 3.8 Configuring Static Route for Routing to Another Network ..............43 3.9 Port Binding Configuration ........................45 3.9.1 Configuring ATM QoS for Multiple WAN Connections .............45 3.9.2 Configuring Port Binding ......................48 3.10 Configuring QoS to Prioritize Traffic ....................49...
Page 7 Table of Contents Chapter 6 Wireless LAN............................79 6.1 Overview ............................79 6.1.1 What You Can Do in the Wireless LAN Screens ..............79 6.1.2 What You Need to Know About Wireless ................80 6.1.3 Before You Start ........................80 6.2 The General Screen ..........................80 6.2.1 No Security ..........................82 6.2.2 Basic (WEP Encryption) ......................82 6.2.3 More Secure (WPA(2)-PSK) ....................83...
Page 8 Table of Contents 7.7.2 DHCP Setup .......................... 119 7.7.3 DNS Server Addresses ......................119 7.7.4 LAN TCP/IP ...........................120 7.7.5 RIP Setup ..........................121 7.7.6 Multicast ..........................121 Chapter 8 Static Route ............................123 8.1 Overview ............................123 8.1.1 What You Can Do in the Static Route Screens ..............124 8.2 The Static Route Screen .........................124 8.2.1 Static Route Add/Edit ......................124 8.3 IPv6 Static Route ..........................125...
Page 9 Table of Contents 10.5.2 What NAT Does ........................145 10.5.3 How NAT Works ........................145 10.5.4 NAT Application ........................146 10.5.5 NAT Mapping Types ......................146 Chapter 11 Port Binding ............................149 11.1 Overview ............................149 11.1.1 What You Can Do in the Port Binding Screens ..............150 11.2 The Port Binding General Screen ....................150 11.3 The Port Binding Screen .......................150 11.3.1 Port Binding Summary Screen .....................151...
Page 10 Table of Contents 14.6.1 Firewall Rules Overview ......................174 14.6.2 Guidelines For Enhancing Security With Your Firewall ............175 14.6.3 Security Considerations .......................176 14.6.4 Triangle Route ........................176 Chapter 15 Parental Control ..........................179 15.1 Overview ............................179 15.2 The Parental Control Screen ......................179 15.2.1 Add/Edit Parental Control Rule ....................180 Chapter 16 Certificate ............................183 16.1 Overview ............................183...
Page 11 Table of Contents 20.1 Overview ............................197 20.2 The TR-069 Client Screen ......................197 Chapter 21 System Settings..........................201 21.1 Overview ............................201 21.1.1 What You Can Do in the System Settings Screens .............201 21.2 The System Screen ........................201 21.3 The Time Screen ..........................201 Chapter 22 Firmware Upgrade ..........................205 22.1 Overview ............................205...
Page 12 Table of Contents Chapter 26 Troubleshooting..........................227 26.1 Power, Hardware Connections, and LEDs ..................227 26.2 ADSL Router Access and Login ....................228 26.3 Internet Access ..........................229 Chapter 27 Product Specifications ........................231 27.1 Hardware Specifications ........................231 Appendix A Setting up Your Computer’s IP Address ...............233 Appendix B IP Addresses and Subnetting..................253 Appendix C Pop-up Windows, JavaScripts and Java Permissions ..........261 Appendix D Wireless LANs......................269...
Page 13: Part I User's Guide
User’s Guide...
Page 15: Introduction
Introduction 1.1 Overview The P-660HN-Tx v2/P-660HN-TxA v2 are ADSL2+ routers. By integrating DSL and NAT, you are provided with ease of installation and high-speed, shared Internet access. The ADSL Router is also a complete security solution with a robust firewall and content filtering.
Page 16: Applications For The Adsl Router
Chapter 1 Introduction • Write down the password and put it in a safe place. • Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the ADSL Router to its factory default settings.
Page 17: Using The Wps/Wlan Button
Chapter 1 Introduction rely on inconvenient Ethernet cables. You can set up a wireless network with WPS (WiFi Protected Setup) or manually add a client to your wireless network. Figure 2 Wireless Access Example 1.4.3 Using the WPS/WLAN Button By default, the wireless network on the ADSL Router is turned on. To turn it off, simply press the WPS/WLAN button on top of the device for over 5 seconds.
Page 18: The Reset Button
Chapter 1 Introduction Press the WPS button on another WPS-enabled device within range of the ADSL Router. The WPS/ WLAN LED should flash while the ADSL Router sets up a WPS connection with the other wireless device. Once the connection is successfully made, the WPS/WLAN LED shines green. 1.5 The RESET Button If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the device to reload the factory-default configuration file.
Page 19: Using The Reset Button
Chapter 1 Introduction 1.5.1 Using the Reset Button Make sure the POWER LED is on (not blinking). To set the device back to the factory default settings, press the RESET button for ten seconds or until the POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have been restored and the device restarts.
Page 20 Chapter 1 Introduction P-660HN-Tx(A) v2 User’s Guide...
Page 21: Introducing The Web Configurator
H A PT ER Introducing the Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later versions, Mozilla Firefox 3 and later versions, or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
Page 22: The Web Configurator Layout
Chapter 2 Introducing the Web Configurator The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Skip to proceed to the Connection Status screen if you do not want to change the password now.
Page 23: Title Bar
Chapter 2 Introducing the Web Configurator Figure 6 Web Configurator Layout Screen As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar shows the following icon in the upper right corner.
Page 24: Main Window
Chapter 2 Introducing the Web Configurator 2.2.2 Main Window The main window displays information and configuration fields. It is discussed in the rest of this document. After you click System Info on the Connection Status screen, the System Info screen is displayed.
Page 25 Chapter 2 Introducing the Web Configurator Table 1 Navigation Panel Summary LINK FUNCTION Home LAN Setup Use this screen to configure LAN TCP/IP settings, and other Networking advanced properties. Static DHCP Use this screen to assign specific IP addresses to individual MAC addresses.
Page 26 Chapter 2 Introducing the Web Configurator Table 1 Navigation Panel Summary LINK FUNCTION Certificates Local Certificates Use this screen to export self-signed certificates or certification requests and import the ADSL Router’s CA-signed certificates. Trusted CA Use this screen to save CA certificates to the ADSL Router. System Monitor Use this screen to view the logs for the level that you selected.
Page 27: Tutorials
H A PT ER Tutorials 3.1 Overview This chapter shows you how to use the ADSL Router’s various features. • Setting Up Your DSL Connection, see page 27 • IPv6 Address Configuration, see page 30 • Setting Up a Secure Wireless Network, see page 30 •...
Page 28: Account Configuration
Chapter 3 Tutorials Account Configuration For this example, the interface type is ADSL and the connection has the following information. General Mode Router Encapsulation PPPoE User Name 1234@DSL-Ex.com Password ABCDEF! Service Name My DSL Multiplex IPv6/IPv4 Dual Enabled Stack Auto Authentication Others IP Address: Obtain IP Address Automatically...
Page 29 Chapter 3 Tutorials Go to Network Setting > Broadband, enter or select these values and click Apply. This completes your DSL WAN connection setting. P-660HN-Tx(A) v2 User’s Guide...
Page 30: Ipv6 Address Configuration
Chapter 3 Tutorials 3.3 IPv6 Address Configuration If the ISP’s network supports IPv6, the ISP may assign an IPv6 address to the ADSL Router automatically. IPv6 IPv6 IPv6 In the Network Setting > Broadband screen’s IPv6 Address configuration section, select Obtain an IP Address Automatically.
Page 31: Configuring The Wireless Network Settings
Chapter 3 Tutorials 3.4.1 Configuring the Wireless Network Settings This example uses the following parameters to set up a wireless network. In the client, choose the AP with the SSID configured here. When prompted for a key, use the Pre-Shared Key configured here.
Page 32: Using Wps
Chapter 3 Tutorials Thomas can now use the WPS feature to establish a wireless connection between his notebook and the ADSL Router (see Section 3.4.2 on page 32). He can also use the notebook’s wireless client to search for the ADSL Router (see Section 3.4.3 on page 35).
Page 33: Wireless Client
Chapter 3 Tutorials Note: It doesn’t matter which button (on the client or the ADSL Router) is pressed first. You must press the second button within two minutes of pressing the first one. The ADSL Router sends the proper configuration settings to the wireless client. This may take up to two minutes.
Page 34 Chapter 3 Tutorials Click the Start and Register buttons (or the button next to the PIN field) on both the wireless client utility screen and the ADSL Router’s WPS screen within two minutes. The ADSL Router authenticates the wireless client and sends the proper configuration settings to the wireless client.
Page 35: Connecting Wirelessly To Your Adsl Router
Chapter 3 Tutorials Example WPS Process: PIN Method Wireless Client The Device WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION 3.4.3 Connecting Wirelessly to your ADSL Router This section describes how to connect wirelessly to your ADSL Router. The connection procedure is shown here using Windows XP as an example.
Page 36 Chapter 3 Tutorials Tutorial: Status Select the ADSL Router’s SSID name and click Connect (A). The SSID “SecureWirelessNetwork” is given here as an example. Tutorial: Network > Wireless LAN > SecuritOpen the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status Tutorial: Status You are prompted to enter a password.
Page 37: Configuring The Mac Address Filter For Restricting Wireless Internet Access
Chapter 3 Tutorials Congratulations! Your computer is now ready to connect to the Internet wirelessly through your ADSL Router. Note: If you cannot connect wirelessly to the ADSL Router, check you have selected the correct SSID and entered the correct security key. If that does not work, ensure your wireless network adapter is enabled by clicking on the wireless adapter icon and clicking Enable.
Page 38: Setting Up Nat Forwarding For A Game Server
Chapter 3 Tutorials C:\>ipconfig /all Ethernet adapter Wireless Network Connection: Media State ... : Media connected Description ... : Wireless USB Adapter Physical Address.
Page 39: Port Forwarding
Chapter 3 Tutorials Tutorial: NAT Port Forwarding Setup D=192.168.1.34 port 666 3.6.1 Port Forwarding Thomas needs to configure the port settings and IP address on the ADSL Router. Traffic should be forwarded to port 666 of the Doom server computer which has an IP address of 192.168.1.34. Thomas may set up the port settings by configuring the port settings for the Doom server computer (see Section 10.3 on page 141...
Page 40: Configuring Firewall Rules To Allow A Specified Service
Chapter 3 Tutorials The port forwarding settings you configured appear in the table. The ADSL Router forwards port 666 traffic to the computer with IP address 192.168.1.34. Players on the Internet then can have access to Thomas’ Doom server. 3.7 Configuring Firewall Rules to Allow a Specified Service By default the firewall will block traffic originating from the WAN (1).
Page 41 Chapter 3 Tutorials Click Security > Firewall and select Custom. Click Apply to save your settings. Tutorial: Advanced > QoS Click the Rules tab. In the Packet Direction field select WAN to LAN and click Add. Tutorial: Advanced > QoS > Queue Setup The Add New Firewall Rule screen will appear.
Page 42 Chapter 3 Tutorials In the Add New Firewall Rule screen, select Active. In the Available Services field, select the service you configured, My_Service. Click OK. Tutorial: Advanced > QoS > Queue Setup The firewall rule you configured appears in the table. The ADSL Router allows traffic from the WAN to LAN if it matches port 123.
Page 43: Configuring Static Route For Routing To Another Network
Chapter 3 Tutorials 3.8 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the ADSL Router’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings.
Page 44 Chapter 3 Tutorials This tutorial uses the following example IP settings: Table 2 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS The ADSL Router’s WAN 172.16.1.1 The ADSL Router’s LAN 192.168.1.1 192.168.1.34 R’s N1 192.168.1.253 R’s N2 192.168.10.2 192.168.10.33 To configure a static route to route traffic from N1 to N2: Log into the ADSL Router’s Web Configurator.
Page 45: Port Binding Configuration
Chapter 3 Tutorials 3.9 Port Binding Configuration This tutorial shows you how to configure port binding for WAN connections with different ATM QoS settings for different types of traffic. The port binding feature is used to group each WAN connection with specific LAN ports and WLANs.
Page 46 Chapter 3 Tutorials To configure bandwidth for the data connection, select UBR with PCR in the ATM QoS Type field. Click Apply. P-660HN-Tx(A) v2 User’s Guide...
Page 47 Chapter 3 Tutorials To configure dedicated bandwidth of 400 kbps for the VoIP connection, select CBR in the ATM QoS Type field and enter the Peak Cell Rate as 943 (divide the bandwidth 400000 bps by 424). Click Apply to save the settings. To configure variable bandwidth of 2 Mbps for MOD data connection, select Realtime VBR in the ATM QoS Type field.
Page 48: Configuring Port Binding
Chapter 3 Tutorials Configured WAN connections can be viewed by clicking the More Connections tab under Network Setting > Broadband. See the WAN Setup chapter (Chapter 5 on page 63) for more information on configuring WAN connections and ATM QoS settings. 3.9.2 Configuring Port Binding You can then group specific WAN PVCs with LAN ports or WLANs, so traffic from these ports is forwarded through specific WAN PVCs.
Page 49: Configuring Qos To Prioritize Traffic
Chapter 3 Tutorials The configured groups can be viewed by clicking the Port Binding Summary button. See the Port Binding chapter (Chapter 11 on page 149) for more details on configuring port binding. 3.10 Configuring QoS to Prioritize Traffic This section contains tutorials on how you can configure the QoS screen. Let’s say you are a team leader of a small sales branch office.
Page 50 Chapter 3 Tutorials Traffic that does not match this class is assigned a priority queue based on the internal QoS mapping table on the ADSL Router. Your computer MAC=AA:FF:AA:FF:AA:FF E-mail: Queue 1 A colleague’s computer Other traffic: Automatic classifier Click Network Setting > QoS and check Active QoS. Click Apply. Tutorial: Advanced >...
Page 51 Chapter 3 Tutorials Go to Network Setting > QoS > Class Setup and click Add new Classifier. Select Active and follow the settings as shown in the screen below. Then click OK. Note that you have to select TCP in the IP Protocol field first, then you can configure the source port range setting.
Page 52 Chapter 3 Tutorials Tutorial: Advanced > QoS > Class Setup Interface Select From LAN. To Queue Link this to a queue created in the Network Setting > QoS > Queue Setup screen, which is the 1 queue created in this example. P-660HN-Tx(A) v2 User’s Guide...
Page 53: Access The Adsl Router From The Internet Using Ddns
Chapter 3 Tutorials Source MAC Address Type the MAC address of your computer - AA:FF:AA:FF:AA:FF. Type the Source Mac Netmask if you know it. Source Port Range Enter the port number to which the rule should be applied - 25 for SMTP. Protocol ID Select the IP protocol type - TCP.
Page 54: Configuring Ddns On Your Adsl Router
Chapter 3 Tutorials • Hostname: zyxelrouter.dyndns.org • Service Type: Host with IP address • IP Address: Enter the WAN IP address that your ADSL Router is currently using. You can find the IP address on the ADSL Router’s web configurator Status page. Then you will need to configure the same account and host name on the ADSL Router later.
Page 55: Technical Reference
Technical Reference...
Page 57: Connection Status And System Info Screens
H A PT ER Connection Status and System Info Screens 4.1 Overview After you log into the web configurator, the Connection Status screen appears. This shows the network connection status of the ADSL Router and clients connected to it. Use the System Info screen to look at the current status of the device, system resources and interfaces (LAN, WAN, WLAN).
Page 58: The System Info Screen
Chapter 4 Connection Status and System Info Screens Figure 8 Connection Status: List View In Icon View, if you want to view information about a client, click the client’s name and then click on Info.. In List View, you can also view the client’s information. 4.3 The System Info Screen Click Connection Status >...
Page 59 Chapter 4 Connection Status and System Info Screens Each field is described in the following table. Table 4 System Info Screen LABEL DESCRIPTION Refresh Interval Select how often you want the ADSL Router to update this screen from the drop-down list box.
Page 60 Chapter 4 Connection Status and System Info Screens LABEL DESCRIPTION DHCP This field displays what DHCP services the ADSL Router is providing to the LAN. Choices are: Server - The ADSL Router is a DHCP server in the LAN. It assigns IP addresses to other computers in the LAN.
Page 61 Chapter 4 Connection Status and System Info Screens LABEL DESCRIPTION Current Date/ This field displays the current date and time in the ADSL Router. You can change this in Time Maintenance > Time Setting. System Resource CPU Usage This field displays what percentage of the ADSL Router’s processing ability is currently used.
Page 62 Chapter 4 Connection Status and System Info Screens P-660HN-Tx(A) v2 User’s Guide...
Page 63: Broadband
H A PT ER Broadband 5.1 Overview This chapter describes the ADSL Router’s Broadband screens. Use these screens to configure your ADSL Router for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet.
Page 64: Before You Begin
Chapter 5 Broadband networks. It can be static (fixed) or dynamically assigned by the ISP each time the ADSL Router tries to access the Internet. If your ISP assigns you a static WAN IP address, they should also assign you the subnet mask and DNS server IP address(es) (and a gateway IP address if you use the Ethernet or ENET ENCAP encapsulation method).
Page 65 Chapter 5 Broadband Figure 11 Network Setting > Broadband > Internet Connection The following table describes the labels in this screen. Table 5 Network Setting > Broadband > Internet Connection LABEL DESCRIPTION Line ADSL Mode Select the mode supported by your ISP. Use Auto Sync-Up if you are not sure which mode to choose from.
Page 66 Chapter 5 Broadband Table 5 Network Setting > Broadband > Internet Connection (continued) LABEL DESCRIPTION Mode Select Router (default) from the drop-down list box if your ISP gives you one IP address only and you want multiple computers to share an Internet account. Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly.
Page 67: Advanced Setup
Chapter 5 Broadband Table 5 Network Setting > Broadband > Internet Connection (continued) LABEL DESCRIPTION Primary DNS Enter the first DNS server address assigned by the ISP. Server Secondary DNS Enter the second DNS server address assigned by the ISP. Server IPv6 Address Obtain an IP Address...
Page 68 Chapter 5 Broadband Figure 12 Network Setting > Broadband > Internet Connection: Advanced Setup The following table describes the labels in this screen. Table 6 Network Setting > Broadband > Internet Connection: Advanced Setup LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers.
Page 69: The More Connections Screen
Chapter 5 Broadband Table 6 Network Setting > Broadband > Internet Connection: Advanced Setup (continued) LABEL DESCRIPTION Maximum Burst Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at Size the peak rate. Type the MBS, which is less than 65535. PPPoE Passthrough If encapsulation type is PPPoE, select this to enable PPPoE Passthrough.
Page 70: More Connections Edit
Chapter 5 Broadband Table 7 Network Setting > Broadband > More Connections (continued) LABEL DESCRIPTION Encapsulation This field indicates the encapsulation method of the Internet connection. Modify The first (ISP) connection is read-only in this screen. Use the Broadband > Internet Connection screen to edit it.
Page 71 Chapter 5 Broadband Table 8 Network Setting > Broadband > More Connections: Edit (continued) LABEL DESCRIPTION Mode Select Router from the drop-down list box if your ISP allows multiple computers to share an Internet account. If you select Bridge, the ADSL Router will forward any packet that it does not route to this remote node;...
Page 72: Configuring More Connections Advanced Setup
Chapter 5 Broadband 5.3.2 Configuring More Connections Advanced Setup Use this screen to edit your ADSL Router's advanced WAN settings. Click the Advanced Setup arrow icon in the More Connections Edit screen. The screen appears as shown. Figure 15 Network Setting > Broadband > More Connections: Edit: Advanced Setup The following table describes the labels in this screen.
Page 73: Wan Technical Reference
Chapter 5 Broadband Table 9 Network Setting > Broadband > More Connections: Edit: Advanced Setup (continued) LABEL DESCRIPTION The Maximum Transmission Unit (MTU) defines the size of the largest packet allowed on an interface or connection. Enter the MTU in this field. For ENET ENCAP, the MTU value is 1500.
Page 74: Multiplexing
Chapter 5 Broadband 5.4.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The ADSL Router encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP) DSLAM (Digital Subscriber Line (DSL) Access Multiplexer).
Page 75: Nailed-Up Connection (Ppp)
Chapter 5 Broadband IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP, then the IP Address and Gateway IP Address fields are not applicable (N/A). If you have a Static IP Address assigned by your ISP, then they should also assign you a Subnet Mask and a Gateway IP Address.
Page 76: Atm Traffic Classes
Chapter 5 Broadband Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again.
Page 77: Unspecified Bit Rate (Ubr)
Chapter 5 Broadband Unspecified Bit Rate (UBR) The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An example application is background file transfer. P-660HN-Tx(A) v2 User’s Guide...
Page 78 Chapter 5 Broadband P-660HN-Tx(A) v2 User’s Guide...
Page 79: Wireless Lan
H A PT ER Wireless LAN 6.1 Overview This chapter describes how to perform tasks related to setting up and optimizing your wireless network, including the following. • Turning the wireless connection on or off. • Configuring a name, wireless channel and security for the network. •...
Page 80: What You Need To Know About Wireless
Chapter 6 Wireless LAN 6.1.2 What You Need to Know About Wireless Wireless Basics “Wireless” is essentially radio communication. In the same way that walkie-talkie radios send and receive information over the airwaves, wireless networking devices exchange information with one another.
Page 81 Chapter 6 Wireless LAN Figure 17 Network Setting > Wireless > General The following table describes the labels in this screen. Table 10 Network Setting > Wireless > General LABEL DESCRIPTION Wireless Network Setup Wireless Select Enable Wireless LAN to activate wireless LAN. Wireless Network Settings Wireless The SSID (Service Set IDentity) identifies the service set with which a wireless device is...
Page 82: No Security
Chapter 6 Wireless LAN Table 10 Network Setting > Wireless > General LABEL DESCRIPTION Security Level Security Mode Select Basic (WEP) or More Secure (WPA(2)-PSK, WPA(2)) to add security on this wireless network. The wireless clients which want to associate to this network must have same wireless security settings as the ADSL Router.
Page 83: More Secure (Wpa(2)-Psk)
Chapter 6 Wireless LAN In order to configure and enable WEP encryption, click Network Setting > Wireless to display the General screen, then select Basic as the security level. Figure 19 Wireless > General: Basic (WEP) The following table describes the wireless LAN security labels in this screen. Table 11 Wireless >...
Page 84: Wpa(2) Authentication
Chapter 6 Wireless LAN Click Network Setting > Wireless to display the General screen. Select More Secure as the security level. Then select WPA-PSK or WPA2-PSK from the Security Mode list. Figure 20 Wireless > General: More Secure: WPA(2)-PSK The following table describes the wireless LAN security labels in this screen. Table 12 Wireless >...
Page 85 Chapter 6 Wireless LAN The WPA security mode is a security subset of WPA2. It requires the presence of a RADIUS server on your network in order to validate user credentials. This encryption standard is slightly older than WPA2 and therefore is more compatible with older devices. Click Network Setting >...
Page 86: The More Ap Screen
Chapter 6 Wireless LAN Table 13 Wireless > General: More Secure: WPA(2) (continued) LABEL DESCRIPTION WPA Compatible This field is only available for WPA2. Select this if you want the ADSL Router to support WPA and WPA2 simultaneously. Group Key Update The Group Key Update Timer is the rate at which the RADIUS server sends a new Timer group key out to all clients.
Page 87 Chapter 6 Wireless LAN Figure 23 More AP: Edit The following table describes the fields in this screen. Table 15 More AP: Edit LABEL DESCRIPTION Wireless Network Setup Wireless Select Enable Wireless LAN to activate wireless LAN. Wireless Network Settings Wireless Network Name The SSID (Service Set IDentity) identifies the service set with which a wireless (SSID)
Page 88: The Mac Authentication Screen
Chapter 6 Wireless LAN 6.4 The MAC Authentication Screen This screen allows you to configure the ADSL Router to give exclusive access to specific devices (Allow) or exclude specific devices from accessing the ADSL Router (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 89: The Wps Screen
Chapter 6 Wireless LAN 6.5 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your ADSL Router. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices. Both devices must support WPS.
Page 90: The Wds Screen
Chapter 6 Wireless LAN Table 17 Network Setting > Wireless > WPS LABEL DESCRIPTION Method 1 PBC Use this section to set up a WPS wireless network using Push Button Configuration (PBC). Click this button to add another WPS-enabled wireless device (within wireless range of the ADSL Router) to your wireless network.
Page 91 Chapter 6 Wireless LAN Use this screen to set up your WDS (Wireless Distribution System) links between the ADSL Router and other wireless APs. You need to know the MAC address of the peer device. Once the security settings of peer sides match one another, the connection between devices is made. Note: WDS security is independent of the security settings between the ADSL Router and any wireless clients.
Page 92: The Wmm Screen
Chapter 6 Wireless LAN 6.7 The WMM Screen Use this screen to enable Wi-Fi MultiMedia (WMM) and WMM Power Save in wireless networks for multimedia applications. Click Network Setting > Wireless > WMM. The following screen displays. Figure 27 Network Setting > Wireless > WMM The following table describes the labels in this screen.
Page 93: The Advanced Screen
Chapter 6 Wireless LAN Figure 28 Network Setting > Wireless > Scheduling The following table describes the labels in this screen. Table 20 Network Setting > Wireless > Scheduling LABEL DESCRIPTION Wireless LAN Select Enable or Disable to activate or deactivate wireless LAN scheduling on your Scheduling ADSL Router.
Page 94 Chapter 6 Wireless LAN Figure 29 Network Setting > Wireless> Advanced The following table describes the labels in this screen. Table 21 Network Setting > Wireless> Advanced LABEL DESCRIPTION Fragmentation This is the maximum data fragment size that can be sent. Enter a value between 256 and Threshold 2346.
Page 95: Wireless Lan Technical Reference
Chapter 6 Wireless LAN 6.10 Wireless LAN Technical Reference This section discusses wireless LANs in depth. For more information, see the appendix. 6.10.1 Wireless Network Overview Wireless networks consist of wireless clients, access points and bridges. • A wireless client is a radio connected to a user’s computer. •...
Page 96: Radio Channels
Chapter 6 Wireless LAN Every wireless network must follow these basic guidelines. • Every device in the same wireless network must use the same SSID. The SSID is the name of the wireless network. It stands for Service Set IDentifier. •...
Page 97: Mac Address Filter
Chapter 6 Wireless LAN people with the code key can understand the information, and only people who have been authenticated are given the code key. These security standards vary in effectiveness. Some can be broken, such as the old Wired Equivalent Protocol (WEP).
Page 98 Chapter 6 Wireless LAN 6.10.3.3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before using it. However, every device in the wireless network has to support IEEE 802.1x to do this.
Page 99: Signal Problems
Chapter 6 Wireless LAN Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. 6.10.4 Signal Problems Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption.
Page 100: Mbssid
Chapter 6 Wireless LAN 6.10.6 MBSSID Traditionally, you need to use different APs to configure different Basic Service Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The ADSL Router’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously.
Page 101: Push Button Configuration
Chapter 6 Wireless LAN to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two minutes to find another device that also has WPS activated. Then, the two devices connect and set up a secure network by themselves.
Page 102 Chapter 6 Wireless LAN Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the ADSL Router, see Section 6.5 on page 89).
Page 103 Chapter 6 Wireless LAN Figure 33 Example WPS Process: PIN Method ENROLLEE REGISTRAR This device’s WPS PIN: 123456 Enter WPS PIN from other device: START START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 6.10.8.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role. One device acts as the registrar (the device that supplies network and security settings) and the other device acts as the enrollee (the device that receives network and security settings.
Page 104 Chapter 6 Wireless LAN Figure 34 How WPS works ACTIVATE ACTIVATE WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes).
Page 105 Chapter 6 Wireless LAN Figure 35 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO CLIENT 1 In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network.
Page 106 Chapter 6 Wireless LAN Figure 37 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 REGISTRAR CLIENT 2 ENROLLEE 6.10.8.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It does not work in Ad-Hoc networks (where there is no AP).
Page 107 Chapter 6 Wireless LAN access point is the WPS registrar, the enrollee, or was not involved in the WPS handshake; a rogue device must still associate with the access point to gain access to the network. Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP.
Page 108 Chapter 6 Wireless LAN P-660HN-Tx(A) v2 User’s Guide...
Page 109: Home Networking
H A PT ER Home Networking 7.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses.
Page 110 Chapter 7 Home Networking Subnet Mask Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your ADSL Router an IP address, subnet mask, DNS and other routing information when it's turned on.
Page 111: Upnp And Zyxel
Chapter 7 Home Networking UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0. Finding Out More Section 7.7 on page 119 for technical background information on LANs.
Page 112 Chapter 7 Home Networking The following table describes the fields in this screen. Table 24 Network Setting > Home Networking > LAN Setup LABEL DESCRIPTION LAN IP Setup IP Address Enter the LAN IP address you want to assign to your ADSL Router in dotted decimal notation, for example, 192.168.1.1 (factory default).
Page 113: The Static Dhcp Screen
Chapter 7 Home Networking 7.3 The Static DHCP Screen This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 114: The Upnp Screen
Chapter 7 Home Networking The following table describes the labels in this screen. Table 26 Static DHCP: Add/Edit LABEL DESCRIPTION MAC Address If you select Manual Input in the Select Device Info field, enter the MAC address of a computer on your LAN. IP Address If you select Manual Input in the Select Device Info field, enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will...
Page 115: Configuring The Lan Ip Alias Screen
Chapter 7 Home Networking When you use IP alias, you can also configure firewall rules to control access to the LAN's logical network (subnet). 7.5.1 Configuring the LAN IP Alias Screen Use this screen to change your ADSL Router’s IP alias settings. Click Network Setting > Home Networking >...
Page 116 Chapter 7 Home Networking Figure 43 Network Setting > Home Networking > IPv6 LAN Setup The following table describes the labels in this screen. P-660HN-Tx(A) v2 User’s Guide...
Page 117 Chapter 7 Home Networking Table 29 Network Setting > Home Networking > IPv6 LAN Setup LABEL DESCRIPTION IPv6 LAN Setup Link Local Address Select Manual to manually enter a link local address. Select EUI64 to use the EUI-64 Type format to generate a link local address from the Ethernet MAC address. IPv6 Address If you selected Manual in the Link Local Address Type field, enter the LAN IPv6 address you want to assign to your ADSL Router in hexadecimal notation, for example,...
Page 118 Chapter 7 Home Networking LABEL DESCRIPTION Managed config Select this to have the ADSL Router indicate to hosts to obtain network settings (such flag on as prefix and DNS settings) through DHCPv6. Clear this to have the ADSL Router indicate to hosts that DHCPv6 is not available and they should use the prefix in the router advertisement message.
Page 119: Home Networking Technical Reference
Chapter 7 Home Networking 7.7 Home Networking Technical Reference This section provides some technical background information about the topics covered in this chapter. 7.7.1 LANs, WANs and the ADSL Router The actual physical connection determines whether the ADSL Router ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
Page 120: Lan Tcp/Ip
Chapter 7 Home Networking • Some ISPs choose to disseminate the DNS server addresses using the DNS server extensions of IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The ADSL Router supports the IPCP DNS server extensions through the DNS proxy feature.
Page 121: Rip Setup
Chapter 7 Home Networking • 192.168.0.0 — 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
Page 122 Chapter 7 Home Networking (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group. At start up, the ADSL Router queries all directly connected networks to gather group membership. After that, the ADSL Router periodically updates this information.
Page 123: Static Route
H A PT ER Static Route 8.1 Overview The ADSL Router usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ADSL Router send data to devices not reachable through the default gateway, use static routes.
Page 124: What You Can Do In The Static Route Screens
Chapter 8 Static Route 8.1.1 What You Can Do in the Static Route Screens • Use the Static Route screens (Section 8.2 on page 124) to view and configure IP static routes on the ADSL Router. • Use the IPv6 Static Route screens (Section 8.3 on page 125) to view and configure IPv6 static routes on the ADSL Router.
Page 125: Ipv6 Static Route
Chapter 8 Static Route Figure 47 Network Setting > Static Route Add/Edit The following table describes the labels in this screen. Table 31 Network Setting > Static Route Add/Edit LABEL DESCRIPTION Destination IP This parameter specifies the IP network address of the final destination. Routing is always Address based on network number.
Page 126: Ipv6 Static Route Edit
Chapter 8 Static Route Table 32 Network Setting > Static Route > IPv6 Static Route LABEL DESCRIPTION Prefix Length An IPv6 prefix length specifies how many most significant bits (starting from the left) in the address compose the network address. This field displays the bit number of the IPv6 subnet mask.
Page 127: Quality Of Service (Qos)
H A PT ER Quality of Service (QoS) 9.1 Overview Use the QoS screen to set up your ADSL Router to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth.
Page 128: What You Need To Know About Qos
Chapter 9 Quality of Service (QoS) • Use the Queue screen (Section 9.3 on page 129) to configure QoS settings on the ADSL Router. • Use the Class Setup screen (Section 9.4 on page 131) to configure QoS settings on the ADSL Router.
Page 129: The Queue Screen
Chapter 9 Quality of Service (QoS) The following table describes the labels in this screen. Table 34 Network Setting > QoS > General LABEL DESCRIPTION Active QoS Use this field to turn on QoS to improve your network performance. Traffic priority will be Select how the ADSL Router assigns priorities to various incoming and outgoing automatically assigned by traffic flows.
Page 130: Adding A Qos Queue
Chapter 9 Quality of Service (QoS) Table 35 Network Setting > QoS > Queue LABEL DESCRIPTION Interface This shows the name of the ADSL Router’s interface through which traffic in this queue passes. Priority This shows the priority of this queue. Weight This shows the weight of this queue.
Page 131: The Class Setup Screen
Chapter 9 Quality of Service (QoS) 9.4 The Class Setup Screen Use this screen to add, edit or delete QoS classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming interface.
Page 132 Chapter 9 Quality of Service (QoS) Figure 55 QoS > Class Setup Add/Edit P-660HN-Tx(A) v2 User’s Guide...
Page 133 Chapter 9 Quality of Service (QoS) The following table describes the labels in this screen. Table 38 QoS > Class Setup Add/Edit LABEL DESCRIPTION Rule Index Select the rule’s index number from the drop-down list box. Class Configuration Active Use this field to enable or disable the QoS class rule. Ether Type Select a predefined application to configure a class for the matched traffic.
Page 134 Chapter 9 Quality of Service (QoS) Table 38 QoS > Class Setup Add/Edit (continued) LABEL DESCRIPTION Mac Netmask Type the mask for the specified MAC address to determine which bits a packet’s MAC address should match. Enter “f” for each bit of the specified source MAC address that the traffic’s MAC address should match.
Page 135: The Qos Game List Screen
Chapter 9 Quality of Service (QoS) Table 38 QoS > Class Setup Add/Edit (continued) LABEL DESCRIPTION Type Of Select a type of service to re-assign the priority level to matched traffic. Service Mark Available options are: Normal service, Minimize delay, Maximize throughput, Maximize reliability and Minimize monetary cost.
Page 136: Qos Technical Reference
Chapter 9 Quality of Service (QoS) The following table describes the labels in this screen. Table 39 Network Setting > QoS > Game List LABEL DESCRIPTION Enable Game List Select this to have QoS give the highest priority to traffic for the games you specify. This priority is higher than the other QoS queues.
Page 137: Automatic Priority Queue Assignment
Chapter 9 Quality of Service (QoS) 9.6.3 Automatic Priority Queue Assignment If you enable QoS on the ADSL Router, the ADSL Router can automatically base on the IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class.
Page 138 Chapter 9 Quality of Service (QoS) P-660HN-Tx(A) v2 User’s Guide...
Page 139: Network Address Translation (Nat)
HAPTER Network Address Translation (NAT) 10.1 Overview This chapter discusses how to configure NAT on the ADSL Router. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 140: The Nat General Screen
Chapter 10 Network Address Translation (NAT) Port Forwarding A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.
Page 141: The Port Forwarding Screen
Chapter 10 Network Address Translation (NAT) 10.3 The Port Forwarding Screen Use this screen to forward incoming service requests to the server(s) on your local network. You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server.
Page 142: Port Forwarding Rule Add/Edit
Chapter 10 Network Address Translation (NAT) Appendix F on page 293 for port numbers commonly used for particular services. Note: Make sure NAT is activated on the WAN connection before you configure a port forwarding rule for it. For the default WAN connection (PVC0), activate NAT in the Network Setting >...
Page 143 Chapter 10 Network Address Translation (NAT) Figure 60 Network Setting > NAT > Port Forwarding: Add/Edit The following table describes the fields in this screen. Table 44 Network Setting > NAT > Port Forwarding: Edit LABEL DESCRIPTION Active Click this check box to enable the rule. Service Name Enter a name to identify this port-forwarding rule.
Page 144: The Dmz Screen
Chapter 10 Network Address Translation (NAT) 10.4 The DMZ Screen If you need to allow packets from a specific WAN connection to your local network, NAT supports a default server IP address. A default server receives packets from the specified WAN connection and the ports that are not specified in the NAT Port Forwarding Setup screen.
Page 145: What Nat Does
Chapter 10 Network Address Translation (NAT) a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside host when the packet is on the WAN side. The following table summarizes this information.
Page 146: Nat Application
Chapter 10 Network Address Translation (NAT) Figure 62 How NAT Works NAT Table Inside Local Inside Global IP Address IP Address 192.168.1.10 IGA 1 192.168.1.13 192.168.1.11 IGA 2 192.168.1.12 IGA 3 192.168.1.13 IGA 4 192.168.1.12 192.168.1.10 IGA1 Inside Local Inside Global Address (ILA) Address (IGA) 192.168.1.11...
Page 147 Chapter 10 Network Address Translation (NAT) • Many to One: In Many-to-One mode, the ADSL Router maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for instance, PAT, port address translation), ZyXEL’s Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today’s routers).
Page 148 Chapter 10 Network Address Translation (NAT) P-660HN-Tx(A) v2 User’s Guide...
Page 149: Port Binding
HAPTER Port Binding 11.1 Overview This chapter describes how to configure the port binding settings. Port binding allows you to aggregate port connections into logical groups. You may bind WAN PVCs to Ethernet ports and WLANs to specify how traffic is forwarded. Different ATM QoS settings can be specified for each WAN PVC to meet bandwidth requirements for the type of traffic to be transferred.
Page 150: What You Can Do In The Port Binding Screens
Chapter 11 Port Binding If a WAN PVC is bound to an ethernet port, traffic from the ethernet port will only be forwarded through the specified WAN PVC and vice versa. If a port is not in a port binding group, traffic to and from the port will be forwarded according to the routing table.
Page 151: Port Binding Summary Screen
Chapter 11 Port Binding Figure 66 Network Setting > Port Binding > Port Binding The following table describes the labels in this screen. Table 49 Network Setting > Port Binding > Port Binding LABEL DESCRIPTION Port Binding Active Activate or deactivate port binding for the port binding group. Group Index Select the index number for the port binding group.
Page 152 Chapter 11 Port Binding Figure 67 Network Setting > Port Binding > Port Binding Summary The following table describes the labels in this screen. Table 50 Network Setting > Port Binding > Port Binding Summary LABEL DESCRIPTION Group ID This field displays the group index number. Group port This field displays the ports included in the group.
Page 153: Dynamic Dns Setup
HAPTER Dynamic DNS Setup 12.1 Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 154 Chapter 12 Dynamic DNS Setup Figure 68 Network Setting > Dynamic DNS The following table describes the fields in this screen. Table 51 Network Setting > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the website of your Dynamic DNS service provider.
Page 155: Filters
HAPTER Filters 13.1 Overview This chapter introduces three types of filters supported by the ADSL Router. You can configure rules to restrict traffic by IP addresses, MAC addresses, IPv6 addresses and/or URLs. 13.1.1 What You Can Do in the Filter Screens •...
Page 156 Chapter 13 Filters Figure 69 Security > Filter > IP/MAC Filter The following table describes the labels in this screen. Table 52 Security > Filter > IP/MAC Filter LABEL DESCRIPTION Rule Type Rule Type selection Select White List to specify traffic to allow and Black List to specify traffic to disallow.
Page 157: Ipv6/Mac Filter
Chapter 13 Filters Table 52 Security > Filter > IP/MAC Filter (continued) LABEL DESCRIPTION Port Number Enter the source port of the packets that you wish to filter. The range of this field is 0 to 65535. This field is ignored if it is 0. Destination IP Address Enter the destination IP address of the packets you wish to filter.
Page 158 Chapter 13 Filters Figure 70 Security > Filter > IPv6/MAC Filter The following table describes the labels in this screen. Table 53 Security > Filter > IPv6/MAC Filter LABEL DESCRIPTION Rule Type Rule Type selection Select White List to specify traffic to allow and Black List to specify traffic to block.
Page 159 Chapter 13 Filters Table 53 Security > Filter > IPv6/MAC Filter (continued) LABEL DESCRIPTION Destination IPv6 Address Enter the destination IPv6 address of the packets you wish to filter. This field is ignored if it is ::. Destination Prefix Length Enter the prefix length for the destination IPv6 address.
Page 160 Chapter 13 Filters P-660HN-Tx(A) v2 User’s Guide...
Page 161: Firewall
HAPTER Firewall 14.1 Overview This chapter shows you how to enable the ADSL Router firewall. Use the firewall to protect your ADSL Router and network from attacks by hackers on the Internet and control access to it. The firewall: • allows traffic that originates from your LAN computers to go to all other networks. •...
Page 162: What You Need To Know About Firewall
Chapter 14 Firewall 14.1.2 What You Need to Know About Firewall SYN Attack A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue.
Page 163: Anti-Probing
Chapter 14 Firewall Anti-Probing If an outside user attempts to probe an unsupported port on your ADSL Router, an ICMP response packet is automatically returned. This allows the outside user to know the ADSL Router exists. The ADSL Router supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ADSL Router when unsupported ports are probed.
Page 164: The Firewall General Screen
Chapter 14 Firewall 14.2 The Firewall General Screen Use this screen to select the firewall protection level on the ADSL Router. Click Security > Firewall > General to display the following screen. Figure 72 Security > Firewall > General The following table describes the labels in this screen. Table 54 Security >...
Page 165: The Default Action Screen
Chapter 14 Firewall 14.3 The Default Action Screen Use this screen to set the default action that the firewall takes on packets that do not match any of the firewall rules. Click Security > Firewall > Default Action to display the following screen. Figure 73 Security >...
Page 166: The Rules Screen
Chapter 14 Firewall 14.4 The Rules Screen Click Security > Firewall > Rules to display the following screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. Note: The firewall configuration screen shown in this section is specific to the following devices: P-The ordering of your rules is very important as rules are applied in turn.
Page 167: The Rules Add Screen
Chapter 14 Firewall Table 56 Security > Firewall > Rules LABEL DESCRIPTION Action This field displays whether the firewall silently discards packets (Drop), discards packets and sends a TCP reset packet or an ICMP destination-unreachable message to the sender (Reject) or allows the passage of packets (Permit). Source Interface This column displays the source interface to which this firewall rule applies.
Page 168 Chapter 14 Firewall Figure 75 Security > Firewall > Rules > Add The following table describes the labels in this screen. Table 57 Security > Firewall > Rules > Add LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select whether to discard (Drop), deny and send an Packets...
Page 169: Customized Services
Chapter 14 Firewall Table 57 Security > Firewall > Rules > Add LABEL DESCRIPTION Address Type Do you want your rule to apply to packets with a particular (single) IP, a range of IP addresses (for instance, 192.168.1.10 to 192.169.1.50), a subnet or any IP address? Select an option from the drop-down list box that includes: Single Address, Range Address, Subnet Address and Any Address.
Page 170: Customized Service Add/Edit
Chapter 14 Firewall The following table describes the labels in this screen. Table 58 Security > Firewall > Rules: Edit: Edit Customized Services LABEL DESCRIPTION This is the number of your customized port. Name This is the name of your customized service. Protocol This shows the IP protocol (TCP or UDP) that defines your customized service.
Page 171 Chapter 14 Firewall Table 59 Security > Firewall > Rules: Edit: Edit Customized Services: Add/Edit LABEL DESCRIPTION Port Number Type a single port number or the range of port numbers that define your customized service. Back Click this to return to the previous screen without saving. Apply Click this to save your changes.
Page 172: The Dos Screen
Chapter 14 Firewall 14.5 The DoS Screen Use this screen to enable DoS protection. Click Security > Firewall > Dos to display the following screen. Figure 78 Security > Firewall > Dos The following table describes the labels in this screen. Table 60 Security >...
Page 173: Threshold Values
Chapter 14 Firewall 14.5.1.1 Threshold Values If everything is working properly, you probably do not need to change the threshold settings as the default threshold values should work for most small offices. Tune these parameters when you believe the ADSL Router has been receiving DoS attacks that are not recorded in the logs or the logs show that the ADSL Router is classifying normal traffic as DoS attacks.
Page 174: Firewall Technical Reference
Chapter 14 Firewall The following table describes the labels in this screen. Table 61 Security > Firewall > DoS > Advanced LABEL DESCRIPTION TCP SYN-Request This is the rate of new TCP half-open sessions per second that causes the firewall to Count start deleting half-open sessions.
Page 175: Guidelines For Enhancing Security With Your Firewall
Chapter 14 Firewall • LAN to WAN These rules specify which computers on the LAN can access which computers or services on the WAN. By default, the ADSL Router’s stateful packet inspection drops packets traveling in the following directions: • WAN to LAN These rules specify which computers on the WAN can access which computers or services on the LAN.
Page 176: Security Considerations
Chapter 14 Firewall 12 Keep the firewall in a secured (locked) room. 14.6.3 Security Considerations Note: Incorrectly configuring the firewall may block valid access or introduce security risks to the ADSL Router and your protected network. Use caution when creating or deleting firewall rules and test your rules after you configure them.
Page 177: Solving The "Triangle Route" Problem
Chapter 14 Firewall The ADSL Router reroutes the SYN packet through Gateway A on the LAN to the WAN. The reply from the WAN goes directly to the computer on the LAN without going through the ADSL Router. As a result, the ADSL Router resets the connection, as the connection has not been acknowledged. Figure 82 “Triangle Route”...
Page 178 Chapter 14 Firewall Figure 83 IP Alias Subnet 1 ISP 1 ISP 2 Subnet 2 P-660HN-Tx(A) v2 User’s Guide...
Page 179: Parental Control
HAPTER Parental Control 15.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the ADSL Router performs parental control on a specific user. 15.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules.
Page 180: Add/Edit Parental Control Rule
Chapter 15 Parental Control Table 62 Security > Parental Control (continued) LABEL DESCRIPTION Website Blocked This shows whether the website block is configured. If not, None will be shown. Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Delete icon to delete an existing rule.
Page 181 Chapter 15 Parental Control The following table describes the fields in this screen. Table 63 Parental Control: Add/Edit LABEL DESCRIPTION General Active Select the checkbox to activate this parental control rule. Parental Control Enter a descriptive name for the rule. Profile Name Home Network User Select the LAN user that you want to apply this rule to from the drop-down list box.
Page 182 Chapter 15 Parental Control P-660HN-Tx(A) v2 User’s Guide...
Page 183: Certificate
HAPTER Certificate 16.1 Overview The ADSL Router can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 16.1.1 What You Can Do in this Chapter •...
Page 184 Chapter 16 Certificate • Web Server - This certificate secures HTTP connections. • SSH - This certificate secures remote connections. Click Security > Certificates to open the Local Certificates screen. Figure 86 Security > Certificates > Local Certificates The following table describes the labels in this screen. Table 64 Security >...
Page 185: The Trusted Ca Screen
Chapter 16 Certificate Table 64 Security > Certificates > Local Certificates (continued) LABEL DESCRIPTION Key Type This field applies to the SSH certificate. This shows the file format of the current certificate. Replace Click this to replace the certificate(s) and save your changes back to the ADSL Router.
Page 186: View Certificate
Chapter 16 Certificate Note: You must remove any spaces from the certificate’s filename before you can import the certificate. Figure 88 Trusted CA > Import The following table describes the labels in this screen. Table 66 Security > Certificates > Trusted CA > Import LABEL DESCRIPTION Certificate File...
Page 187 Chapter 16 Certificate The following table describes the labels in this screen. Table 67 Trusted CA: View LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Page 188 Chapter 16 Certificate P-660HN-Tx(A) v2 User’s Guide...
Page 189: Overview
HAPTER Logs 17.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the ADSL Router log and then display the logs or have the ADSL Router send them to an administrator (as e-mail) or to a syslog server. 17.1.1 What You Can Do in this Chapter •...
Page 190: The System Log Screen
Chapter 17 Logs Table 68 Syslog Severity Levels CODE SEVERITY Informational: The syslog contains an informational message. Debug: The message is intended for debug-level purposes. 17.2 The System Log Screen Click System Monitor > Log to open the System Log screen. Use the System Log screen to see the system logs for the categories that you select in the upper left drop-down list box.
Page 191: Traffic Status
HAPTER Traffic Status 18.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. 18.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 18.2 on page 191) .
Page 192: The Lan Status Screen
Chapter 18 Traffic Status Table 70 System Monitor > Traffic Status > WAN (continued) LABEL DESCRIPTION Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface. Drop This indicates the number of outgoing packets dropped on this interface.
Page 193: The Nat Screen
Chapter 18 Traffic Status Table 71 System Monitor > Traffic Status > LAN (continued) LABEL DESCRIPTION Sent (Packet) Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface. Drop This indicates the number of outgoing packets dropped on this interface.
Page 194 Chapter 18 Traffic Status P-660HN-Tx(A) v2 User’s Guide...
Page 195: User Account
HAPTER User Account 19.1 Overview You can configure system password for different user accounts in the User Account screen. 19.2 The User Account Screen Use the User Account screen to configure system password. Click Maintenance > User Account to open the following screen. Figure 94 Maintenance >...
Page 196 Chapter 19 User Account P-660HN-Tx(A) v2 User’s Guide...
Page 197: Client
HAPTER TR-069 Client 20.1 Overview The ADSL Router supports TR-069 Amendment 1 (CPE WAN Management Protocol Release 2.0) and TR-069 Amendment 2 (CPE WAN Management Protocol v1.1, Release 3.0). TR-069 is a protocol that defines how your ADSL Router (ZD) can be managed via a management server (MS) such as ZyXEL’s Vantage Access.
Page 198 Chapter 20 TR-069 Client Figure 96 Maintenance > TR-069 Client The following table describes the fields in this screen. Table 74 Maintenance > TR-069 Client LINK DESCRIPTION CWMP Select Enable to allow the ADSL Router to be managed by a management server or select Disable to not allow the ADSL Router to be managed by a management server.
Page 199 Chapter 20 TR-069 Client P-660HN-Tx(A) v2 User’s Guide...
Page 200 Chapter 20 TR-069 Client P-660HN-Tx(A) v2 User’s Guide...
Page 201: System Settings
HAPTER System Settings 21.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 21.1.1 What You Can Do in the System Settings Screens • Use the System screen (Section 21.2 on page 201) to configure system settings.
Page 202 Chapter 21 System Settings Figure 98 Maintenance > System > Time The following table describes the fields in this screen. Table 76 Maintenance > System > Time LABEL DESCRIPTION Current Date/Time Current Time This field displays the time and date of your ADSL Router. Each time you reload this page, the ADSL Router synchronizes the time and date with the time server.
Page 203 Chapter 21 System Settings Table 76 Maintenance > System > Time (continued) LABEL DESCRIPTION Daylight Savings Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Page 204 Chapter 21 System Settings P-660HN-Tx(A) v2 User’s Guide...
Page 205: Firmware Upgrade
HAPTER Firmware Upgrade 22.1 Overview This chapter explains how to upload new firmware to your ADSL Router. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your ADSL Router.
Page 206 Chapter 22 Firmware Upgrade Figure 100 Firmware Uploading The ADSL Router automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 101 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, an error screen will appear.
Page 207: Overview
HAPTER Backup/Restore 23.1 Overview The Backup/Restore screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 23.2 The Backup/Restore Screen Click Maintenance > Backup/Restore. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Page 208 Chapter 23 Backup/Restore Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ADSL Router. Table 78 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse...
Page 209: The Reboot Screen
Chapter 23 Backup/Restore 23.3 The Reboot Screen System restart allows you to reboot the ADSL Router remotely without turning the power off. You may need to do this if the ADSL Router hangs, for example. Click Maintenance > Reboot. Click the Reboot button to have the ADSL Router reboot. This does not affect the ADSL Router's configuration.
Page 210 Chapter 23 Backup/Restore P-660HN-Tx(A) v2 User’s Guide...
Page 211: Remote Management
HAPTER Remote Management 24.1 Overview Remote management allows you to determine which services/protocols can access which ADSL Router interface (if any) from which computers. The following figure shows remote management of the ADSL Router coming in from the WAN. Figure 106 Remote Management From the WAN HTTP Telnet Note: When you configure remote management to allow management from the WAN, you...
Page 212: What You Need To Know About Remote Management
Chapter 24 Remote Management • Your ADSL Router can act as an SNMP agent, which allows a manager station to manage and monitor the ADSL Router through the network. Use the SNMP screen (see Section 24.5 on page 215) to configure through which interface(s) and from which IP address(es) users can use SNMP to access the ADSL Router.
Page 213 Chapter 24 Remote Management Figure 107 Maintenance > RemoteMGMT > WWW The following table describes the labels in this screen. Table 79 Maintenance > RemoteMGMT > WWW LABEL DESCRIPTION Server Port This displays the service port number for accessing the ADSL Router using HTTP or HTTPS.
Page 214: The Telnet Screen
Chapter 24 Remote Management 24.3 The Telnet Screen You can use Telnet to access the ADSL Router’s command line interface. Specify which interfaces allow Telnet access and from which IP address the access can come. Click Maintenance > RemoteMGMT > Telnet tab to display the screen as shown. Figure 108 Maintenance >...
Page 215: The Snmp Screen
Chapter 24 Remote Management Use this screen to specify which interfaces allow FTP access and from which IP address the access can come. To change your ADSL Router’s FTP settings, click Maintenance > RemoteMGMT > FTP. The screen appears as shown. Figure 109 Maintenance >...
Page 216: Configuring Snmp
Chapter 24 Remote Management Figure 110 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ADSL Router). An agent translates the local management information from the managed device into a form compatible with SNMP.
Page 217: The Dns Screen
Chapter 24 Remote Management Figure 111 Maintenance > RemoteMGMT > SNMP The following table describes the labels in this screen. Table 82 Maintenance > RemoteMGMT > SNMP LABEL DESCRIPTION Server Port This displays the port the SNMP agent listens on. If the number is grayed out, it is not editable.
Page 218: The Icmp Screen
Chapter 24 Remote Management ADSL Router is set to bridge mode. Click Maintenance > RemoteMGMT > DNS to change your ADSL Router’s DNS settings. Figure 112 Maintenance > RemoteMGMT > DNS The following table describes the labels in this screen. Table 83 Maintenance >...
Page 219: The Ssh Screen
Chapter 24 Remote Management Figure 113 Maintenance > RemoteMGMT > ICMP The following table describes the labels in this screen. Table 84 Maintenance > RemoteMGMT > ICMP LABEL DESCRIPTION Respond to Ping on The ADSL Router will not respond to any incoming Ping requests when Disable is selected.
Page 220: Ssh Example
Chapter 24 Remote Management Figure 114 Maintenance > RemoteMGMT > SSH The following table describes the labels in this screen. Table 85 Maintenance > RemoteMGMT > SSH LABEL DESCRIPTION Server Port This displays the service port number for accessing the ADSL Router. If the number is grayed out, it is not editable.
Page 221 Chapter 24 Remote Management A window displays prompting you to store the host key in your computer. Click Yes to continue. Enter your user name and password. The command line interface displays. P-660HN-Tx(A) v2 User’s Guide...
Page 222 Chapter 24 Remote Management P-660HN-Tx(A) v2 User’s Guide...
Page 223: Diagnostic
HAPTER Diagnostic 25.1 Overview These read-only screens display information to help you identify problems with the ADSL Router. 25.1.1 What You Can Do in the Diagnostic Screens • Use the Ping screen (Section 25.2 on page 223) to ping an IP address. •...
Page 224: The Dsl Line Screen
Chapter 25 Diagnostic 25.3 The DSL Line Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 116 Maintenance > Diagnostic > DSL Line The following table describes the fields in this screen.
Page 225 Chapter 25 Diagnostic Table 87 Maintenance > Diagnostic > DSL Line (continued) LABEL DESCRIPTION DSL Line Status Click this to view statistics about the DSL connections. noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the ADSL Router from the ISP).
Page 226 Chapter 25 Diagnostic P-660HN-Tx(A) v2 User’s Guide...
Page 227: Troubleshooting
HAPTER Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ADSL Router Access and Login • Internet Access 26.1 Power, Hardware Connections, and LEDs The ADSL Router does not turn on.
Page 228: Adsl Router Access And Login
Chapter 26 Troubleshooting 26.2 ADSL Router Access and Login I forgot the IP address for the ADSL Router. The default IP address is 192.168.1.1. If you changed the IP address and have forgotten it, you might get the IP address of the ADSL Router by looking up the IP address of the default gateway for your computer.
Page 229: Internet Access
Chapter 26 Troubleshooting • Try to access the ADSL Router using another service, such as Telnet. If you can access the ADSL Router, check the remote management settings and firewall rules to find out why the ADSL Router does not respond to HTTP. •...
Page 230 Chapter 26 Troubleshooting If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP. If you are trying to access the Internet wirelessly, make sure you enabled the wireless LAN and have selected the correct country and channel in which your ADSL Router operates in the Wireless LAN >...
Page 231: Product Specifications
HAPTER Product Specifications The following tables summarize the ADSL Router’s hardware and firmware features. 27.1 Hardware Specifications Table 88 LED Descriptions COLOR STATUS DESCRIPTION Green The ADSL Router is receiving power and ready for use. Blinking The ADSL Router is self-testing. (POWER) The ADSL Router detected an error while self-testing, or there is a device malfunction.
Page 232 Chapter 27 Product Specifications Table 89 LED Descriptions COLOR STATUS DESCRIPTION POWER Green The ADSL Router is receiving power and ready for use. Blinking The ADSL Router is self-testing. The ADSL Router detected an error while self-testing, or there is a device malfunction.
Page 233: Appendix A Setting Up Your Computer's Ip Address
PP EN D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP/Vista, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 234: Installing Components
Appendix A Setting up Your Computer’s IP Address Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add. Select Adapter and then click Add.
Page 235 Appendix A Setting up Your Computer’s IP Address Figure 118 Windows 95/98/Me: TCP/IP Properties: IP Address Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
Page 236: Verifying Settings
Appendix A Setting up Your Computer’s IP Address • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window.
Page 237 Appendix A Setting up Your Computer’s IP Address Figure 121 Windows XP: Control Panel Right-click Local Area Connection and then click Properties. Figure 122 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. P-660HN-Tx(A) v2 User’s Guide...
Page 238 Appendix A Setting up Your Computer’s IP Address Figure 123 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. •...
Page 239 Appendix A Setting up Your Computer’s IP Address If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 240: Windows Vista
Appendix A Setting up Your Computer’s IP Address Figure 126 Windows XP: Internet Protocol (TCP/IP) Properties Click OK to close the Internet Protocol (TCP/IP) Properties window. Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Page 241 Appendix A Setting up Your Computer’s IP Address Figure 127 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 128 Windows Vista: Control Panel Click Network and Sharing Center. Figure 129 Windows Vista: Network And Internet Click Manage network connections.
Page 242 Appendix A Setting up Your Computer’s IP Address Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 131 Windows Vista: Network and Sharing Center Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Page 243 Appendix A Setting up Your Computer’s IP Address • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. Figure 133 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Page 244 Appendix A Setting up Your Computer’s IP Address Figure 134 Windows Vista: Advanced TCP/IP Properties In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 245 Appendix A Setting up Your Computer’s IP Address Figure 135 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window. 11 Click Close to close the Local Area Connection Properties window. Close the Network Connections window.
Page 246 Appendix A Setting up Your Computer’s IP Address Figure 136 Macintosh OS 8/9: Apple Menu Select Ethernet built-in from the Connect via list. Figure 137 Macintosh OS 8/9: TCP/IP For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: P-660HN-Tx(A) v2 User’s Guide...
Page 247 Appendix A Setting up Your Computer’s IP Address • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ADSL Router in the Router address box. Close the TCP/IP Control Panel.
Page 248 Appendix A Setting up Your Computer’s IP Address Figure 139 Macintosh OS X: Network For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 249: Using The K Desktop Environment (Kde)
Appendix A Setting up Your Computer’s IP Address Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 250: Using Configuration Files
Appendix A Setting up Your Computer’s IP Address If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 142 Red Hat 9.0: KDE: Network Configuration: DNS Click the Devices tab.
Page 251 Appendix A Setting up Your Computer’s IP Address Figure 144 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter in the BOOTPROTO= field. Type IPADDR= followed static by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask.
Page 252 Appendix A Setting up Your Computer’s IP Address Figure 148 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb)
Page 253: Introduction To Ip Addresses
PP EN D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 254: Subnet Masks
Appendix B IP Addresses and Subnetting Figure 149 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 255 Appendix B IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 91 Subnet Masks BINARY DECIMAL 4TH OCTET OCTET...
Page 256 Appendix B IP Addresses and Subnetting Table 93 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.224 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 257 Appendix B IP Addresses and Subnetting Figure 151 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 258 Appendix B IP Addresses and Subnetting Table 95 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 96 Subnet 3...
Page 259 Appendix B IP Addresses and Subnetting Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 99 24-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.128 (/25)
Page 260 Appendix B IP Addresses and Subnetting Once you have decided on the network number, pick an IP address for your ADSL Router that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
Page 261: Appendix C Pop-Up Windows, Javascripts And Java Permissions
PP EN D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 262: Enable Pop-Up Blockers With Exceptions
Appendix C Pop-up Windows, JavaScripts and Java Permissions Figure 153 Internet Options: Privacy Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Page 263 Appendix C Pop-up Windows, JavaScripts and Java Permissions Figure 154 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. Click Add to move the IP address to the list of Allowed sites. Figure 155 Pop-up Blocker Settings P-660HN-Tx(A) v2 User’s Guide...
Page 264 Appendix C Pop-up Windows, JavaScripts and Java Permissions Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. In Internet Explorer, click Tools, Internet Options and then the Security tab.
Page 265: Java Permissions
Appendix C Pop-up Windows, JavaScripts and Java Permissions Figure 157 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window.
Page 266 Appendix C Pop-up Windows, JavaScripts and Java Permissions Figure 158 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. Click OK to close the window.
Page 267: Mozilla Firefox
Appendix C Pop-up Windows, JavaScripts and Java Permissions Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Page 268 Appendix C Pop-up Windows, JavaScripts and Java Permissions P-660HN-Tx(A) v2 User’s Guide...
Page 269: Wireless Lan Topologies
PP EN D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Page 270 Appendix D Wireless LANs Figure 163 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 271 Appendix D Wireless LANs Figure 164 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference.
Page 272: Fragmentation Threshold
Appendix D Wireless LANs RTS/CTS Figure 165 When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 273: Preamble Type
Appendix D Wireless LANs Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet. Short preamble increases performance as less time sending preamble means more time for sending data.
Page 274 Appendix D Wireless LANs The following figure shows the relative effectiveness of these wireless security methods available on your ADSL Router. Table 102 Wireless Security Levels SECURITY SECURITY TYPE LEVEL Least Unique SSID (Default) Secure Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802.1x EAP with RADIUS Server Authentication...
Page 275: Types Of Radius Messages
Appendix D Wireless LANs RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: •...
Page 276 Appendix D Wireless LANs EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text.
Page 277 Appendix D Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled. Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
Page 278: Wireless Client Wpa Supplicants
Appendix D Wireless LANs called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice.
Page 279: Wpa(2) With Radius Application Example
Appendix D Wireless LANs WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows.
Page 280: Security Parameters Summary
Appendix D Wireless LANs The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. Figure 167 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type.
Page 281 Appendix D Wireless LANs Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.11a) is needed to communicate efficiently in a wireless LAN Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area.
Page 282 Appendix D Wireless LANs P-660HN-Tx(A) v2 User’s Guide...
Page 283: Ipv6 Addressing
PP EN D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 addresses.
Page 284 Appendix E IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address.
Page 285 Appendix E IPv6 Table 107 Reserved Multicast Address (continued) MULTICAST ADDRESS FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Page 286: Dhcp Relay Agent
Appendix E IPv6 address which combines its interface ID and global and subnet information advertised from the router. This is a routable global IP address. DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration information to DHCP clients.
Page 287 Appendix E IPv6 such as the system name. The interface-ID option provides slot number, port information and the VLAN ID to the DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply messages before the relay agent sends the packets to the clients. The DHCP server copies the interface-ID option from the Relay-Forward message into the Relay-Reply message and sends it to the relay agent.
Page 288 Appendix E IPv6 On the ADSL Router, you can either set up a configured tunnel or an automatic 6to4 tunnel. The following describes each method. Configured Tunnel A configured tunnel is a point-to-point tunnelling mechanism that encapsulates an IPv6 address with an IPv4 address.
Page 289 Appendix E IPv6 For example, if you have an IPv4 address of 192.168.1.1 (first converted to binary notation and then to the colon hexadecimal representation of ), then the 6to4 addresses is c0a8:0101 2002:c0a8:0101::1/ Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6.
Page 290 Appendix E IPv6 Click Start and then OK. Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
Page 291 Appendix E IPv6 Click Close to exit the Local Area Connection Status screen. Select Start > All Programs > Accessories > Command Prompt. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:...
Page 292 Appendix E IPv6 P-660HN-Tx(A) v2 User’s Guide...
Page 293: Appendix F Services
P P EN D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
Page 294 Appendix F Services Table 108 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined The IPSEC AH (Authentication Header) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. AUTH Authentication protocol used by some servers. Border Gateway Protocol. BOOTP_CLIENT DHCP Client.
Page 295 Appendix F Services Table 108 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION NEW-ICQ 5190 An Internet chat program. NEWS A protocol for news groups. 2049 Network File System - NFS is a client/ server distributed file service that provides transparent file sharing for network environments.
Page 296 Appendix F Services Table 108 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SQL-NET 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. SSDP 1900 The Simple Service Discovery Protocol...
Page 297: Appendix G Legal Information
This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 298 Appendix G Legal Information Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003.
Page 299 Appendix G Legal Information [Maltese] Hawnhekk, ZyXEL, jiddikjara li dan tagħmir jikkonforma mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC. [Hungarian] Alulírott, ZyXEL nyilatkozom, hogy a berendezés megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EK irányelv egyéb elõírásainak. [Polish] Niniejszym ZyXEL oświadcza, że sprzęt jest zgodny z zasadniczymi wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC.
Page 300 Appendix G Legal Information France For 2.4 GHz, the output power is restricted to 10 mW EIRP when the product is used outdoors in the band 2454 - 2483.5 MHz. There are no restrictions when used indoors or in other parts of the 2.4 GHz band. Check http://www.arcep.fr/ for more details.
Page 301: Index
Index Index Numbers 802.1p backup configuration Basic Service Set, See BSS Basic Service Set, see BSS broadcast 99, 269 activation example CWMP dynamic DNS DYNDNS wildcard port binding port forwarding 183, 276 68, 72, 76 SSID certificate wireless LAN factory default scheduling Certificate Authority See CA.
Page 302 Index CWMP activation DHCP wildcard IP alias activation IP precedence Dynamic Host Configuration Protocol, see DHCP IP/MAC filter dynamic WEP key exchange port forwarding DYNDNS wildcard reset activation restoring static route 124, 126 connection nailed-up copyright EAP Authentication CPE WAN Management Protocol, see CWMP encapsulation 63, 66, 71 ENET ENCAP...
Page 303 Index See IBSS packet direction initialization vector (IV) Ping of Death Inside Global Address, see IGA rules Inside Local Address, see ILA security Internet Control Message Protocol, see ICMP SYN attack Internet Protocol version 6, see IPv6 three-way handshake IP address triangle route 59, 63, 66, 71, 74, 109, 120 default...
Page 304 Index LAND attack address mapping types limitations applications wireless LAN IP alias default server IP address Local Area Network, see LAN example login global passwords logout automatic inside logs local firewalls outside port forwarding 140, 141 activation configuration example rules MAC address 88, 113 remote management...
Page 305 Index activation configuration example Telnet rules PPPoA reset 66, 71, 74 18, 208 PPPoE restart 66, 71, 73 preamble restoring configuration 94, 96 preamble mode RFC 1483 66, 71, 74 private IP address RFC 3164 probing, firewalls 68, 121 product registration Routing Information Protocol, see RIP RTS (Request To Send) threshold...
Page 306: Version Firmware Version
Index SSID activation MBSSID 68, 72, 77 static route unicast configuration 124, 126 Universal Plug and Play, see UPnP example upgrading firmware status UPnP cautions DSL connections NAT traversal subnet URL filter subnet mask 110, 120, 254 subnetting Sustain Cell Rate, see SCR SYN attack syslog protocol...
Page 307: Warranty
Index 66, 71, 74 push button warranty 17, 101 status note wireless security 90, 100 compatibility Wireless tutorial example WLAN Web Configurator interference security parameters web configurator passwords 98, 277 key caching pre-authentication WEP Encryption 83, 84 user authentication WEP encryption vs WPA-PSK WEP key wireless client supplicant...

This manual is also suitable for:

P-660hn-txa v2

ZyXEL Communications P-660HN-Tx v2 User Manual

Quick Links

Need help?

Questions and answers

Related Manuals for ZyXEL Communications P-660HN-Tx v2

Summary of Contents for ZyXEL Communications P-660HN-Tx v2