Documentation Feedback Send your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Need More Help? More help is available at www.zyxel.com.
Page 4
Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate. P-660N-T1A User’s Guide...
Syntax Conventions • The P-660N-T1A may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 6
Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch P-660N-T1A User’s Guide...
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. P-660N-T1A User’s Guide...
2.2 Main Screen ........................30 2.2.1 Title Bar ........................31 2.2.2 Navigation Panel ......................31 2.2.3 Main Window ......................33 2.2.4 Status Bar ........................34 Chapter 3 Status Screen .......................... 35 3.1 Overview ..........................35 3.2 The Status Screen ....................... 35 P-660N-T1A User’s Guide...
Page 13
8.3 The More AP Screen ......................109 8.3.1 More AP Edit ......................110 8.4 The WPS Screen ........................111 8.5 The WPS Station Screen ....................112 8.6 The WDS Screen ........................113 8.7 The Scheduling Screen ......................115 8.8 Technical Reference ......................116 8.8.1 Wireless Network Overview ..................116 P-660N-T1A User’s Guide...
Page 14
11.1.1 What You Can Do in the Filter Screens ..............151 11.1.2 What You Need to Know ..................151 11.2 The URL Filter Screen ....................152 11.3 The Application Filter Screen ................... 153 11.4 The IP/MAC Filter Screen ....................154 P-660N-T1A User’s Guide...
Page 15
16.1.1 What You Can Do in the Remote Management Screens ........178 16.1.2 What You Need to Know ..................178 16.2 The WWW Screen ......................179 16.2.1 Configuring the WWW Screen ................179 16.3 The Telnet Screen ......................180 P-660N-T1A User’s Guide...
Page 16
Tools............................215 21.1 Overview .......................... 215 21.1.1 What You Can Do in the Tool Screens ..............215 21.1.2 What You Need To Know ..................215 21.1.3 Before You Begin ....................216 21.2 The Firmware Screen ...................... 216 P-660N-T1A User’s Guide...
Page 17
Appendix B IP Addresses and Subnetting ................269 Appendix C Pop-up Windows, JavaScripts and Java Permissions ........279 Appendix D Wireless LANs ....................289 Appendix E Services ......................305 Appendix F Legal Information ....................309 Index............................313 P-660N-T1A User’s Guide...
Page 18
Table of Contents P-660N-T1A User’s Guide...
Please refer to the following description of the product name format. • Models ending in “1”, for example P-660N-T1A, denote a device that works over the analog telephone system, POTS (Plain Old Telephone Service). Models ending in “3”...
Internet and download files. Use the filtering feaure to block access to specific web sites or Internet applications such as MSN or Yahoo Messanger. You can also configure IP/MAC filtering rules for incoming or outgoing traffic. P-660N-T1A User’s Guide...
WPS/WLAN LED turns green, the wireless network is active. You can also use the WPS/WLAN button to quickly set up a secure wireless connection between the ZyXEL Device and a WPS-compatible client by adding one device at a time. To activate WPS: P-660N-T1A User’s Guide...
Page 24
Press the WPS button on another WPS-enabled device within range of the ZyXEL Device. The WPS/WLAN LED should flash while the ZyXEL Device sets up a WPS connection with the other wireless device. Once the connection is successfully made, the WPS/WLAN LED shines green. P-660N-T1A User’s Guide...
The ZyXEL Device has an Ethernet connection with a device on the Local Area Network (LAN). Blinking The ZyXEL Device is sending/receiving data to /from the LAN. The ZyXEL Device does not have an Ethernet connection with the LAN. P-660N-T1A User’s Guide...
To set the device back to the factory default settings, press the RESET button for ten seconds or until the POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have been restored and the device restarts. P-660N-T1A User’s Guide...
Internet Explorer. 2.1.1 Accessing the Web Configurator Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). Launch your web browser. Type "192.168.1.1" as the URL. P-660N-T1A User’s Guide...
Page 28
Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now. Figure 5 Change Password Screen P-660N-T1A User’s Guide...
Page 29
Figure 6 Replace Factory Default Certificate Screen Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. P-660N-T1A User’s Guide...
This section introduces the Web Configurator’s main screen. Figure 7 Main Screen The main screen is divided into these parts: • A - title bar • B - navigation panel • C - main window • D - status bar P-660N-T1A User’s Guide...
Client List Use this screen to view current DHCP client information and to always assign specific IP addresses to individual MAC addresses (and host names). IP Alias Use this screen to partition your LAN interface into subnets. P-660N-T1A User’s Guide...
Page 32
General Use this screen to enable QoS and traffic prioritizing. You can also configure the QoS rules and actions. Dynamic DNS This screen allows you to use a static hostname alias for a dynamic IP address. P-660N-T1A User’s Guide...
The main window displays information and configuration fields. It is discussed in the rest of this document. Right after you log in, the Status screen is displayed. See Chapter 3 on page 35 for more information about the Status screen. P-660N-T1A User’s Guide...
Chapter 2 The Web Configurator 2.2.4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated. P-660N-T1A User’s Guide...
(LAN and WAN). The Status screen also provides information from DHCP and statistics from bandwidth management and traffic. 3.2 The Status Screen Use this screen to view the status of the ZyXEL Device. Click Status to open this screen. Figure 8 Status Screen P-660N-T1A User’s Guide...
Page 36
DHCP requests and responses between the remote server and the clients. None - The ZyXEL Device is not providing any DHCP services to the LAN. Click this to go to the screen where you can change it. WLAN Information P-660N-T1A User’s Guide...
Page 37
See Section 21.4 on page 221, or turn off the device (unplug the power) for a few seconds. Interface Status Interface This column displays each interface the ZyXEL Device has. P-660N-T1A User’s Guide...
Page 38
For the LAN interface, this displays the port speed and duplex setting. For the DSL interface, it displays the downstream and upstream transmission rate. For the WLAN interface, it displays the maximum transmission rate when WLAN is enabled or N/A when WLAN is disabled. P-660N-T1A User’s Guide...
41) or manual configuration (Section 4.2.3 on page 45). 4.2.1 Configuring the Wireless Network Settings This example uses the following parameters to set up a wireless network. SSID Example Security Mode WPA-PSK Pre-Shared Key 1234567key7654321yek 802.11 Mode 802.11b+g+n P-660N-T1A User’s Guide...
Page 40
Thomas can now use the WPS feature to establish a wireless connection between his notebook and the ZyXEL Device (see Section 4.2.2 on page 41). He can also use the notebook’s wireless client to search for the ZyXEL Device (see Section 4.2.3 on page 45). P-660N-T1A User’s Guide...
Note: Your ZyXEL Device has a WPS button located on its rear panel as well as a WPS button in its configuration utility. Both buttons have exactly the same function: you can use one or the other. P-660N-T1A User’s Guide...
Page 42
The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both ZyXEL Device and wireless client. Example WPS Process: PBC Method ZyXEL Device Wireless Client WITHIN 2 MINUTES Press and hold for 5 seconds SECURITY INFO COMMUNICATION P-660N-T1A User’s Guide...
Page 43
The ZyXEL Device authenticates the wireless client and sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the ZyXEL Device securely. P-660N-T1A User’s Guide...
Page 44
The following figure shows you how to set up a wireless network and its security on a ZyXEL Device and a wireless client by using PIN method. Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION P-660N-T1A User’s Guide...
Here is how Thomas can set up a schedule to turn on the wireless network at specific time and days. Click Network > Wireless Network > Scheduling to open the following screen. P-660N-T1A User’s Guide...
Internet so that she can concentrate on preparing for her final exams. Josephine’s computer connects wirelessly to the Internet through the ZyXEL Device. Thomas can deny access to the wireless network using the MAC address of Josephine’s computer. Thomas Josephine P-660N-T1A User’s Guide...
Page 47
Click Network > LAN > Client List to open the following screen. Look for the MAC address of Josephine’s computer. Click Network > Wireless LAN to open the AP screen. Click the Edit button in the MAC Filter field. P-660N-T1A User’s Guide...
Figure 9, three WAN connections are configured over the ADSL line: • The connection with VPI/VCI, 0/33, is dedicated for Media-On-Demand (MOD) service. • The connection with VPI/VCI, 0/34, is dedicated for VoIP service. P-660N-T1A User’s Guide...
Page 49
Chapter 4 Tutorials • The connection with VPI/VCI, 0/35, is dedicated for general data transmission. Figure 9 Example for Multiple WAN Connections P-660N-T1A User’s Guide...
After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon in the top right corner of the web configurator to go to the wizards. Figure 10 Select a Mode P-660N-T1A User’s Guide...
Page 54
ISP. See Section 5.2.1 on page 56 for more details. If you would like to skip your Internet setup and configure the wireless LAN settings, leave Yes selected and click Next. Figure 12 Auto Detection: No DSL Connection P-660N-T1A User’s Guide...
Page 55
The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 5.2.1 on page 56 on how to manually configure the ZyXEL Device for Internet access. Figure 14 Auto Detection: Failed P-660N-T1A User’s Guide...
Choices vary depending on what you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. P-660N-T1A User’s Guide...
Page 57
The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 5.3 on page 62 for wireless connection wizard setup Figure 16 Internet Connection with PPPoE P-660N-T1A User’s Guide...
Page 58
Type the name of your PPPoE service here. Name Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 17 Internet Connection with RFC 1483 P-660N-T1A User’s Guide...
Page 59
Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. Figure 18 Internet Connection with ENET ENCAP P-660N-T1A User’s Guide...
Page 60
As above. Server Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 19 Internet Connection with PPPoA P-660N-T1A User’s Guide...
Page 61
Password setup to go back to the screen where you can modify them. Figure 20 Connection Test Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wireless Setup Wizard to verify your Internet access settings. Figure 21 Connection Test Failed-2. P-660N-T1A User’s Guide...
The following table describes the labels in this screen. Table 10 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Back Click this to return to the previous screen without saving. P-660N-T1A User’s Guide...
Page 63
Select Disable wireless security to have no wireless LAN security configured and your network is accessible to any wireless networking device that is within range. Back Click this to return to the previous screen without saving. P-660N-T1A User’s Guide...
You need to configure an authentication server to do this. Back Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. P-660N-T1A User’s Guide...
Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. Click Apply to save your wireless LAN settings. Figure 27 Wireless LAN Setup 3 P-660N-T1A User’s Guide...
Page 66
Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. P-660N-T1A User’s Guide...
To set up a WAN connection to the Internet, you need to use the same encapsulation method used by your ISP (Internet Service Provider). If your ISP offers a dial-up Internet connection using PPPoE (PPP over Ethernet) or PPPoA, P-660N-T1A User’s Guide...
Finding Out More Section 6.4 on page 78 for technical background information on WAN. 6.1.3 Before You Begin You need to know your Internet access settings such as encapsulation and WAN IP address. Get this information from your ISP. P-660N-T1A User’s Guide...
6.2 The Internet Connection Screen Use this screen to change your ZyXEL Device’s WAN settings. Click Network > WAN > Internet Connection. The screen differs by the WAN type and encapsulation you select. Figure 30 Network > WAN >Internet Connection (PPPoE) P-660N-T1A User’s Guide...
Page 70
The valid range for the VPI is 0 to 255. Enter the VPI assigned to you. The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you. P-660N-T1A User’s Guide...
Page 71
Internet session will not timeout. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. Advanced Setup Click this to display the Advanced WAN Setup screen and edit more details of your WAN setup. P-660N-T1A User’s Guide...
Select the RIP direction from None, Both, In Only and Out Only. RIP Version This field is not configurable if you select None in the RIP Direction field. Select the RIP version from RIP-1, RIP-2B and RIP-2M. P-660N-T1A User’s Guide...
Page 73
For PPPoE, the MTU value is 1492. For PPPoA and RFC 1483, the MTU is 65535. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
Internet access setup. Click the Remove icon to delete the Internet access setup from your connection list. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account. If you select Bridge, the ZyXEL Device will forward any packet that it does not route to this remote node; otherwise, the packets are discarded. P-660N-T1A User’s Guide...
Page 76
The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field. P-660N-T1A User’s Guide...
Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 34 Network > WAN > More Connections: Edit: Advanced Setup P-660N-T1A User’s Guide...
6.4 Technical Reference This section provides some technical background information about the topics covered in this chapter. 6.4.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods. P-660N-T1A User’s Guide...
Page 79
PPPoA. Refer to RFC 1661 for more information on PPP. 6.4.1.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second P-660N-T1A User’s Guide...
If you have a dynamic IP, then the IP Address and Gateway IP Address fields are not applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and not the Gateway IP Address field. P-660N-T1A User’s Guide...
(but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not guaranteed because it is dependent on the line speed. P-660N-T1A User’s Guide...
Variable Bit Rate (VBR) The Variable Bit Rate (VBR) ATM traffic class is used with bursty connections. Connections that use the Variable Bit Rate (VBR) traffic class can be grouped into real time (VBR-RT) or non-real time (VBR-nRT) connections. P-660N-T1A User’s Guide...
Page 83
Unspecified Bit Rate (UBR) The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An example application is background file transfer. P-660N-T1A User’s Guide...
Page 84
Chapter 6 WAN Setup P-660N-T1A User’s Guide...
(Section 7.4 on page 90) to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. • Use the IP Alias screen (Section 7.5 on page 91) to change your ZyXEL Device’s IP alias settings. P-660N-T1A User’s Guide...
There are three versions of IGMP. IGMP version 2 and 3 are improvements over version 1, but IGMP version 1 is still in wide use. DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because P-660N-T1A User’s Guide...
Enter the IP subnet mask into the IP Subnet Mask field. Unless instructed otherwise it is best to leave this alone, the configurator will automatically compute a subnet mask based upon the IP address you entered. Click Apply to save your settings. Figure 36 Network > LAN > IP P-660N-T1A User’s Guide...
The ZyXEL Device supports IGMP-v1, IGMP-v2 and IGMP-v3. Select None to disable Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
This field specifies the size, or count of the IP address pool. Remote DHCP If Relay is selected in the DHCP field above then enter the IP Server address of the actual remote DHCP server here. DNS Server P-660N-T1A User’s Guide...
IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify. MAC Address Enter the MAC address of a computer on your LAN. P-660N-T1A User’s Guide...
LAN network. When you use IP alias, you can also configure firewall rules to control access between the LAN's logical networks (subnets). Note: Make sure that the subnets of the logical networks do not overlap. P-660N-T1A User’s Guide...
Alternatively, click the right mouse button to copy and/or paste the IP address. IP Subnet Mask Your ZyXEL Device will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the ZyXEL Device. P-660N-T1A User’s Guide...
Page 93
By default, RIP direction is set to Both and the Version set to RIP-1. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
DNS (Domain Name System) maps a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The DNS P-660N-T1A User’s Guide...
Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network. P-660N-T1A User’s Guide...
• In Only - the ZyXEL Device will not send any RIP packets but will accept all RIP packets received. • Out Only - the ZyXEL Device will send out RIP packets but will not accept any RIP packets received. P-660N-T1A User’s Guide...
After that, the ZyXEL Device periodically updates this information. IP multicasting can be enabled/ disabled on the ZyXEL Device LAN and/or WAN interfaces in the web configurator (LAN; WAN). Select None to disable IP multicasting on these interfaces. P-660N-T1A User’s Guide...
Page 98
Chapter 7 LAN Setup P-660N-T1A User’s Guide...
Distribution System, in which the ZyXEL Device acts as a bridge with other ZyXEL access points. • Use the Scheduling screen (see Section 8.7 on page 115) to configure the dates/times to enable or disable the wireless LAN. P-660N-T1A User’s Guide...
The MAC address filter controls access to the wireless network. You can use the MAC address of each wireless client to allow or deny access to the wireless network. Finding Out More Section 8.8 on page 116 for advanced technical information on wireless networks. P-660N-T1A User’s Guide...
8.2 The AP Screen Use this screen to configure the wireless settings of your ZyXEL Device. Click Network > Wireless LAN to open the AP screen. Figure 43 Network > Wireless LAN > AP P-660N-T1A User’s Guide...
8.2.1 No Security In the Network > Wireless LAN > AP screen, select No Security from the Security Mode list to allow wireless devices to communicate with the ZyXEL Device without any data encryption or authentication. P-660N-T1A User’s Guide...
WPA2-PSK if all your wireless devices support it, or use WPA or WPA2 if your wireless devices support it and you have a RADIUS server. If your wireless devices support nothing stronger than WEP, use the highest encryption level available. Figure 45 Network > Wireless LAN > AP: Static WEP P-660N-T1A User’s Guide...
The re- keying process is the WPA(2) equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. P-660N-T1A User’s Guide...
The re- keying process is the WPA(2) equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. P-660N-T1A User’s Guide...
Table 29 Network > Wireless LAN > AP: Advanced Setup LABEL DESCRIPTION RTS/CTS Enter a value between 0 and 2432. Threshold Fragmentation This is the maximum data fragment size that can be sent. Enter a value Threshold between 256 and 2432. P-660N-T1A User’s Guide...
Page 107
Device. The transmission rate of your ZyXEL Device might be reduced. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
Enter the MAC addresses of the wireless devices that are allowed or denied Address access to the ZyXEL Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc. P-660N-T1A User’s Guide...
Modify Click the Edit icon to configure the SSID profile. Click the Remove icon to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool. P-660N-T1A User’s Guide...
ZyXEL Device using this SSID. Edit Click this to go to the MAC Filter screen to configure MAC filter settings. See Section 8.2.6 on page 108 for more details. P-660N-T1A User’s Guide...
Figure 52 Network > Wireless LAN > WPS The following table describes the labels in this screen. Table 33 Network > Wireless LAN > WPS LABEL DESCRIPTION WPS Setup WPS Setup Select the check box to activate WPS on the ZyXEL Device. P-660N-T1A User’s Guide...
Use this screen to set up a WPS wireless network using either Push Button Configuration (PBC) or PIN Configuration. Click Network > Wireless LAN > WPS Station. The following screen displays. Figure 53 Network > Wireless LAN > WPS Station P-660N-T1A User’s Guide...
Note: WDS security is independent of the security settings between the ZyXEL Device and any wireless clients. Note: At the time of writing, WDS is compatible with other ZyXEL APs only. Not all models support WDS links. Check your other AP’s documentation. P-660N-T1A User’s Guide...
Page 114
(six hexadecimal character pairs, for example 12:34:56:78:9a:bc). Enter a Pre-Shared Key (PSK) from 8 to 63 case-sensitive ASCII characters (including spaces and symbols). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
For example, if you set the time range from 12:00 to 23:00, the wireless LAN will be turned on only during this time period. Apply Click this to save your changes. Reset Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
• An “ad-hoc” type of network is one in which there is no access point. Wireless clients connect to one another in order to exchange information. The following figure provides an example of a wireless network. Figure 56 Example of a Wireless Network P-660N-T1A User’s Guide...
Page 117
This allows a variety of networks to exist in the same place without interfering with one another. When you create a network, you must select a channel to use. Since the available unlicensed spectrum varies from one country to another, the number of available channels also varies. P-660N-T1A User’s Guide...
“key” phrase) can access the network. Second, they encrypt. This means that the information sent over the air is encoded. Only people with the code key can understand the information, and only people who have been authenticated are given the code key. P-660N-T1A User’s Guide...
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. P-660N-T1A User’s Guide...
Page 120
The types of encryption you can choose depend on the type of authentication. (See Section 8.8.3.3 on page 120 for information about this.) Table 38 Types of Encryption for Each Type of Authentication NO AUTHENTICATION RADIUS SERVER Weakest No Security Static WEP WPA-PSK Strongest WPA2-PSK WPA2 P-660N-T1A User’s Guide...
(AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is disabled, wireless station A and B can access the wired network P-660N-T1A User’s Guide...
BSSIDs (they are in different BSSs), but have the same keys, they may hear each other’s communications (but not communicate with each other). • MBSSID should not replace but rather be used in conjunction with 802.1x security. P-660N-T1A User’s Guide...
Number that allows one device to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two minutes to find another device that also has WPS activated. Then, the two devices connect and set up a secure network by themselves. P-660N-T1A User’s Guide...
Then, when WPS is activated on the first device, it presents its PIN to the second device. If the PIN matches, one device sends the network and security information to the other, allowing it to join the network. P-660N-T1A User’s Guide...
Page 125
On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. P-660N-T1A User’s Guide...
Page 126
PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly. P-660N-T1A User’s Guide...
Page 127
It will be the registrar in all subsequent WPS connections in which it is involved. If you want a configured AP to act as an enrollee, you must reset it to its factory defaults. P-660N-T1A User’s Guide...
Page 128
CLIENT 1 ENROLLEE CLIENT 2 In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access P-660N-T1A User’s Guide...
Page 129
(if the device supports this feature). Then, you can enter the key into the non-WPS device and join the network as normal (the non-WPS device must also support WPA-PSK or WPA2-PSK). P-660N-T1A User’s Guide...
Page 130
Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. P-660N-T1A User’s Guide...
Internet are the outside hosts. Global/Local Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the P-660N-T1A User’s Guide...
• Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device. Finding Out More Section 9.6 on page 142 for advanced technical information on NAT. P-660N-T1A User’s Guide...
NAT sessions they can establish. If your network has a large number of users using peer to peer applications, you can lower this number to ensure no single client is exhausting all of the available NAT sessions. P-660N-T1A User’s Guide...
A default server receives packets from ports that are not specified in this screen. Note: If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. P-660N-T1A User’s Guide...
9.3.1 Configuring the Port Forwarding Screen Click Network > NAT > Port Forwarding to open the following screen. Appendix E on page 305 for port numbers commonly used for particular services. Figure 66 Network > NAT > Port Forwarding P-660N-T1A User’s Guide...
Page 136
Click the delete icon to delete an existing port forwarding rule. Note that subsequent address mapping rules move up by one when you take this action. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
Port translated, the device automatically calculates the last port of the translated port range. Back Click this to return to the previous screen without saving. P-660N-T1A User’s Guide...
4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. To change your ZyXEL Device’s address mapping settings, click Network > NAT > Address Mapping to open the following screen. Figure 68 Network > NAT > Address Mapping P-660N-T1A User’s Guide...
Page 139
Click the edit icon to go to the screen where you can edit the address mapping rule. Click the delete icon to delete an existing address mapping rule. Note that subsequent address mapping rules move up by one when you take this action. P-660N-T1A User’s Guide...
255.255.255.255 as the Local End IP address. This field is N/A for One-to-One and Server mapping types. Global Start This is the starting global IP address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. P-660N-T1A User’s Guide...
Table 44 Network > NAT > ALG LABEL DESCRIPTION Enable SIP ALG Select this to make sure SIP (VoIP) works correctly with port- forwarding and address-mapping rules. Apply Click this to save your changes. Reset Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In addition, you can designate servers, for example, a web server and a telnet server, on your local network and make them accessible to the P-660N-T1A User’s Guide...
Figure 71 How NAT Works NAT Table Inside Local Inside Global IP Address IP Address 192.168.1.10 IGA 1 192.168.1.13 192.168.1.11 IGA 2 192.168.1.12 IGA 3 192.168.1.13 IGA 4 192.168.1.12 192.168.1.10 IGA1 Inside Local Inside Global Address (ILA) Address (IGA) 192.168.1.11 192.168.1.10 P-660N-T1A User’s Guide...
• Many-to-Many No Overload: In Many-to-Many No Overload mode, the ZyXEL Device maps each local IP address to a unique global IP address. • Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. P-660N-T1A User’s Guide...
Page 145
ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 P-660N-T1A User’s Guide...
SYN-ACK responses on a backlog queue. SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer terminates the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable for legitimate users. P-660N-T1A User’s Guide...
Page 148
Filtering decisions are based not only on rules but also context. For example, traffic from the WAN may only be allowed to cross the firewall in response to a request from the LAN. P-660N-T1A User’s Guide...
SAVE Click this to save your changes. CANCEL Click this to restore your previously saved settings. Enabling SPI blocks all traffic initiated from the WAN side, including the DMZ, virtual server and ACL on the WAN side. P-660N-T1A User’s Guide...
An IP/MAC filter set consists of one or more filter rules. The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. P-660N-T1A User’s Guide...
This is the index number of the filter rule. This is the URL you have configured the ZyXEL Device to block. Apply Click this to save your changes. Delete Click this to remove the filter rule. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
Use this field to allow or deny ICQ traffic. Use this field to allow or deny MSN traffic. YMSG Use this field to allow or deny Yahoo Messenger traffic Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
Interface Select the PVC to which to apply the filter. Direction Apply the filter to Both, Incoming or Outgoing traffic direction. IP/MAC Filter Rule Editing IP/MAC Filter Rule Select the index number of the filter rule. Index P-660N-T1A User’s Guide...
Page 155
This is the destination port number. Protocol This is the upper layer protocol. Unmatched When a packet doesn’t match the rule, this is the action the ZyXEL Device takes on the packet. SAVE Click this to save your changes. P-660N-T1A User’s Guide...
Page 156
Chapter 11 Filters Table 50 Access Management > Filter (IP/MAC) (continued) LABEL DESCRIPTION DELETE Click this to remove the filter rule. CANCEL Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
ISP behind router R2. You create another static route to communicate with a separate network behind a router R3 connected to the LAN. Figure 77 Example of Static Routing Topology P-660N-T1A User’s Guide...
Gateway This is the IP address of the gateway. The gateway is a router or switch on the same network segment as the device's LAN or WAN port. The gateway helps forward packets to their destinations. P-660N-T1A User’s Guide...
LAN or WAN port. The gateway helps forward packets to their destinations. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
The following terms and concepts may help as you read this chapter. IEEE 802.1P Priority IEEE 802.1P specifies the user priority field and defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. P-660N-T1A User’s Guide...
Page 162
(recall that a port can belong to multiple VLANs). If the tagging on the egress port is enabled for the VID of a frame, then the frame is transmitted as a tagged frame; otherwise, it is transmitted as an untagged frame. P-660N-T1A User’s Guide...
Select this check box to activate the 802.1P/1Q feature. Summary This field displays the index number of the VLAN group. Active This field displays whether 802.1P/1Q is active for the VLAN group. This field displays the ID number of the VLAN group. P-660N-T1A User’s Guide...
Use this screen to configure the settings for each VLAN group. In the 802.1Q/1P screen, click the Edit button from the Modify filed to display the following screen. Figure 82 Advanced > 802.1Q/1P > Group Setting > Edit P-660N-T1A User’s Guide...
Page 165
VLAN. You select this if you want to create VLANs across different devices and not just the ZyXEL Device. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
Assign a VLAN ID for the port. The valid VID range is between 1 and 4094. The ZyXEL Device assigns the PVID to untagged frames or priority-tagged frames received on this port. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
(6) to VoIP traffic from the LAN interface, so that voice traffic would not get delayed when there is network congestion. Traffic from the boss’s IP address (192.168.1.23 for example) is mapped to queue 5. Traffic that does not match P-660N-T1A User’s Guide...
When the packet passes through a compatible network, the networking device, such as a backbone switch, can provide specific treatment or service based on the tag or marker. Finding Out More Section 14.3 on page 172 for advanced technical information on QoS. P-660N-T1A User’s Guide...
Use this screen to enable or disable QoS and have the ZyXEL Device assign priority levels to traffic according to the port range, IEEE 802.1p priority level and/ or IP precedence. Click Advanced Setup > QoS to open the screen as shown next. Figure 85 Advanced Setup > QoS P-660N-T1A User’s Guide...
Page 170
Select IPP/TOS to specify an IP precedence range and type of services. Select DSCP to specify a DiffServ Code Point (DSCP) range. IP Precedence Enter a range from 0 to 7 for IP precedence. Zero is the lowest priority Range and seven is the highest. P-660N-T1A User’s Guide...
Use this screen to display a summary of rules and actions configured for the ZyXEL Device. In the Advanced > QoS screen, click the QoS Settings Summary button to open the following screen. Figure 86 Advanced Setup > QoS > QoS Settings Summary P-660N-T1A User’s Guide...
Table 58 IEEE 802.1p Priority Level and Traffic Type PRIORITY TRAFFIC TYPE LEVEL Level 7 Typically used for network control traffic such as router configuration messages. Level 6 Typically used for voice traffic that is especially sensitive to jitter (jitter is the variations in delay). P-660N-T1A User’s Guide...
IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. If you have a private WAN IP address, then you cannot use Dynamic DNS. P-660N-T1A User’s Guide...
Type your user name. Password Type the password assigned to you. Enable Select the check box to enable DynDNS Wildcard. Wildcard Option Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
You may manage your ZyXEL Device from a remote location via: • Internet (WAN only) • LAN only • WLAN only • LAN and WAN • LAN and WLAN • WLAN and WAN • ALL (WAN, LAN and WLAN) • None (Disable) P-660N-T1A User’s Guide...
• You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP Address field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately. P-660N-T1A User’s Guide...
Note: If you disable the WWW service in the Remote MGMT > WWW screen, then the ZyXEL Device blocks all HTTP connection attempts. 16.2.1 Configuring the WWW Screen Click Advanced > Remote MGMT to display the WWW screen. Figure 89 Advanced > Remote MGMT > WWW P-660N-T1A User’s Guide...
You can use Telnet to access the ZyXEL Device’s command line interface. Specify which interfaces allow Telnet access and from which IP address the access can come. Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. Figure 90 Advanced > Remote MGMT > Telnet P-660N-T1A User’s Guide...
Use this screen to specify which interfaces allow FTP access and from which IP address the access can come. To change your ZyXEL Device’s FTP settings, click Advanced > Remote MGMT > FTP. The screen appears as shown. Figure 91 Advanced > Remote MGMT > FTP P-660N-T1A User’s Guide...
SNMP agent functionality, which allows a manager station to manage and monitor the ZyXEL Device through the network. The ZyXEL Device supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation. Figure 92 SNMP Management Model P-660N-T1A User’s Guide...
1.3.6.1.6.3.1.1.5.3 This trap is sent when the Ethernet link is down. linkUp 1.3.6.1.6.3.1.1.5.4 This trap is sent when the Ethernet link is authenticationFailure 1.3.6.1.6.3.1.1.5.5 This trap is sent when an SNMP request comes from non-authenticated hosts. P-660N-T1A User’s Guide...
Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS settings. This feature is not available when the ZyXEL Device is set to bridge P-660N-T1A User’s Guide...
ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. P-660N-T1A User’s Guide...
Page 186
Select WAN to reply to incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both incoming LAN and WAN Ping requests. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
NAT. UPnP network devices can automatically configure network addressing, announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following: • Dynamic port mapping • Learning public IP addresses P-660N-T1A User’s Guide...
Page 188
UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0. See the following sections for examples of installing and using UPnP. P-660N-T1A User’s Guide...
UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
Windows 7 already has UPnP installed. To enable it: Click Start > Control Panel and select Network and Internet. Click Network and Sharing Center. In the Network and Sharing window, set Network Discovery to On. This activates the UPnP feature in Windows 7 P-660N-T1A User’s Guide...
Page 191
In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Network Connections The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Windows Optional Networking Components Wizard P-660N-T1A User’s Guide...
This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. P-660N-T1A User’s Guide...
Page 193
Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. Right-click the icon and select Properties. Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties P-660N-T1A User’s Guide...
Page 194
When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. System Tray Icon P-660N-T1A User’s Guide...
Follow the steps below to access the web configurator. Click Start and then Control Panel. Double-click Network Connections. Select My Network Places under Other Places. Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. P-660N-T1A User’s Guide...
Page 196
Network Connections: My Network Places Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Network Connections: My Network Places: Properties: Example P-660N-T1A User’s Guide...
H A P T E R CWMP 18.1 Overview The ZyXEL Device supports TR-069 Amendment 1 (CPE WAN Management Protocol Release 2.0) and TR-069 Amendment 2 (CPE WAN Management Protocol v1.1, Release 3.0). TR-069 is a protocol that defines how your ZyXEL Device (ZD) can be managed via a management server (MS) such as ZyXEL’s Vantage Access.
Chapter 18 CWMP 18.2 The CWMP Setup Screen Use this screen to configure your ZyXEL Device to be managed by a management server. Click Advanced> CWMP to display the following screen. Figure 98 Advanced > CWMP The following table describes the fields in this screen. Table 69 Advanced >...
Page 199
Chapter 18 CWMP Table 69 Advanced > CWMP (continued) LINK DESCRIPTION Password The password is used to authenticate the ZyXEL Device when making a connection to the management server. This password on the management server and the ZyXEL Device must be the same. Type a password of up to 255 printable characters found on an English-language keyboard.
(Section 19.3 on page 202) to set the system time. 19.2 The General Screen Use this screen to configure system admin password. Click Maintenance > System to open the General screen. Figure 99 Maintenance > System > General P-660N-T1A User’s Guide...
Use this screen to configure the ZyXEL Device’s time based on your local time zone. To change your ZyXEL Device’s time and date, click Maintenance > System > Time and Date. The screen appears as shown. Figure 100 Maintenance > System > Time and Date P-660N-T1A User’s Guide...
Page 203
Daylight saving is a period from late spring to early fall when many Savings countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening. Select this option if you use Daylight Saving Time. P-660N-T1A User’s Guide...
Page 204
In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660N-T1A User’s Guide...
20.2 The System Log Screen Use the System Log screen to configure and view the logs you wish to display. To change your ZyXEL Device’s log settings, click Maintenance > Logs > Log Settings. The screen appears as shown. P-660N-T1A User’s Guide...
Page 206
Select the types of logs that you want to display and record. Then click Submit to display the details. Clear Log Click this to delete all the logs. Save Log Click this to save the logs in a text file. P-660N-T1A User’s Guide...
The router is saving configuration changes. Configuration Change: PC = 0x%x, Task ID = 0x%x Someone has logged on to the router’s SSH server. Successful SSH login Someone has failed to log on to the router’s SSH SSH login failed server. P-660N-T1A User’s Guide...
Page 208
[ TCP | UDP | IGMP | ESP | GRE | OSPF ] The router sent a message to notify a user that Router sent blocked web site the router blocked access to a web site that the message: TCP user requested. P-660N-T1A User’s Guide...
Page 209
Attempted access matched a configured filter rule [ TCP | UDP | ICMP | IGMP | (denoted by its set and rule number) and was blocked Generic ] packet filter or forwarded according to the rule. matched (set: %d, rule: %d) P-660N-T1A User’s Guide...
Page 210
Opening The PPP connection’s Challenge Handshake Authentication Protocol ppp:CHAP Opening stage is opening. The PPP connection’s Internet Protocol Control Protocol stage is ppp:IPCP starting. Starting The PPP connection’s Internet Protocol Control Protocol stage is ppp:IPCP Opening opening. P-660N-T1A User’s Guide...
Page 211
The firewall detected a TCP teardrop attack. teardrop TCP The firewall detected an UDP teardrop attack. teardrop UDP The firewall detected an ICMP teardrop attack. teardrop ICMP (type:%d, code:%d) The firewall detected a TCP illegal command attack. illegal command TCP P-660N-T1A User’s Guide...
Page 212
DIRECTION DESCRIPTION DIRECTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN. P-660N-T1A User’s Guide...
Page 213
Redirect datagrams for the Type of Service and Host Echo Echo message Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request P-660N-T1A User’s Guide...
Page 214
Please refer to RFC 2408 for detailed information on each type. Table 88 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID P-660N-T1A User’s Guide...
You can also reset your device settings back to the factory default. • Use the Restart screen (Section 21.4 on page 221) to restart your ZyXEL device. 21.1.2 What You Need To Know The following terms and concepts may help as you read this chapter. P-660N-T1A User’s Guide...
HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. Do NOT turn off the ZyXEL Device while firmware upload is in progress! Figure 102 Maintenance > Tools > Firmware P-660N-T1A User’s Guide...
Page 217
The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 104 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. P-660N-T1A User’s Guide...
Figure 105 Error Message 21.3 The Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next. Figure 106 Maintenance > Tools > Configuration P-660N-T1A User’s Guide...
Page 219
Do not turn off the ZyXEL Device while configuration file upload is in progress. After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 107 Configuration Upload Successful P-660N-T1A User’s Guide...
Page 220
Appendix A on page 241 for details on how to set up your computer’s IP address. If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 109 Configuration Upload Error P-660N-T1A User’s Guide...
You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 112 Maintenance > Tools >Restart P-660N-T1A User’s Guide...
DSL line statistics and reset the ADSL line. 22.2 The General Diagnostic Screen Use this screen to ping an IP address. Click Maintenance > Diagnostic to open the screen shown next. Figure 113 Maintenance > Diagnostic > General P-660N-T1A User’s Guide...
22.3 The DSL Line Diagnostic Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 114 Maintenance > Diagnostic > DSL Line P-660N-T1A User’s Guide...
Page 225
ZyXEL Device sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network. P-660N-T1A User’s Guide...
Page 226
Reset ADSL Line Successfully!" Capture All Click this to display information and statistics about your ZyXEL Device’s Logs ATM statistics, DSL connection statistics, DHCP settings, firmware version, WAN and gateway IP address, VPI/VCI and LAN IP address. P-660N-T1A User’s Guide...
Turn the ZyXEL Device off and on. If the problem continues, contact the vendor. One of the LEDs does not behave as expected. Make sure you understand the normal behavior of the LED. See Section 1.5 on page P-660N-T1A User’s Guide...
If this does not work, you have to reset the device to its factory defaults. See Section 1.6 on page I cannot see or access the Login screen in the web configurator. Make sure you are using the correct IP address. • The default IP address is 192.168.1.1. P-660N-T1A User’s Guide...
Page 229
You cannot log in to the web configurator while someone is using Telnet to access the ZyXEL Device. Log out of the ZyXEL Device in the other session, or ask the person who is logged in to log out. Turn the ZyXEL Device off and on. P-660N-T1A User’s Guide...
LAN and have selected the correct channel in the Wireless LAN > AP screen. Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again. If the problem continues, contact your ISP. P-660N-T1A User’s Guide...
Page 231
If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications. P-660N-T1A User’s Guide...
GS mark or TUV certificate EN60950-1 24.2 Firmware Specifications The following table summarizes the ZyXEL Device’s firmware features. Table 94 Firmware Specifications Basic Features Default IP 192.168.1.1 Address Default Subnet 255.255.255.0 (24 bits) Mask Default Admin 1234 Password P-660N-T1A User’s Guide...
Page 235
Support multi-protocol over AAL5 (RFC2684/1483) Support PPP over ATM AAL5 (RFC2364) PPP over Ethernet support for DSL connection (RFC 2516) Support VC-based and LLC-based multiplexing Support up to 8 PVCs I.610 F4/F5 OAM TR-067/TR-100 supported Annex A,B,I, J,L,M Bit swapping P-660N-T1A User’s Guide...
Page 236
Content Filtering URL Keyword Blocking Muti-NAT & Port Address Translation (PAT) 2048 NAT session Cone NAT Multimedia applications support (NetMeeting, CuSeeMe, ICQ, …etc) Microsoft PPTP under NAT/SUA Multiple VPN (IPSec/PPTP/L2TP) pass-through NAT loopback 12 NAT port forwarding P-660N-T1A User’s Guide...
Page 237
ADSL mode selectable on GUI Embedded FTP/TFTP Server for f/w upgrade and romfile backup and restore Remote Management Control: Telnet, FTP, and Web. TR-069 HTTPS(with motive certification) MTU adjustable on WebGUI WAN Backup Traffic redirect Other features rom-t Support IGMP Proxy P-660N-T1A User’s Guide...
ITU standard (also referred to as ADSL2) that extends the (G.dmt.bis) capability of basic ADSL in data rates. ITU G.992.4 ITU standard (also referred to as ADSL2) that extends the (G.lite.bis) capability of basic ADSL in data rates. P-660N-T1A User’s Guide...
Page 239
MS PPTP (Microsoft's implementation of Point to Point Tunneling Protocol) MBM v2 Media Bandwidth Management v2 RFC 2383 ST2+ over ATM Protocol Specification - UNI 3.1 Version TR-069 TR-069 DSL Forum Standard for CPE Wan Management. 1.363.5 Compliant AAL5 SAR (Segmentation And Re-assembly) P-660N-T1A User’s Guide...
• Windows 7 page 249 • Mac OS X: 10.3 and 10.4 page 253 • Mac OS X: 10.5 and 10.6 page 256 • Linux: Ubuntu 8 (GNOME) page 259 • Linux: openSUSE 10.3 (KDE) page 264 P-660N-T1A User’s Guide...
Page 242
Appendix A Setting Up Your Computer’s IP Address Windows XP/NT/2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT. Click Start > Control Panel. In the Control Panel, click the Network Connections icon. P-660N-T1A User’s Guide...
Page 243
Appendix A Setting Up Your Computer’s IP Address Right-click Local Area Connection and then select Properties. On the General tab, select Internet Protocol (TCP/IP) and then click Properties. P-660N-T1A User’s Guide...
Page 244
In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information. P-660N-T1A User’s Guide...
Appendix A Setting Up Your Computer’s IP Address Windows Vista This section shows screens from Windows Vista Professional. Click Start > Control Panel. In the Control Panel, click the Network and Internet icon. Click the Network and Sharing Center icon. P-660N-T1A User’s Guide...
Page 246
Appendix A Setting Up Your Computer’s IP Address Click Manage network connections. Right-click Local Area Connection and then select Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. P-660N-T1A User’s Guide...
Page 247
Appendix A Setting Up Your Computer’s IP Address Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties. P-660N-T1A User’s Guide...
Page 248
ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided.Click Advanced. Click OK to close the Internet Protocol (TCP/IP) Properties window. 10 Click OK to close the Local Area Connection Properties window. P-660N-T1A User’s Guide...
Page 249
Status and then click the Support tab to view your IP address and connection information. Windows 7 This section shows screens from Windows 7 Enterprise. Click Start > Control Panel. In the Control Panel, click View network status and tasks under the Network and Internet category. P-660N-T1A User’s Guide...
Page 250
Appendix A Setting Up Your Computer’s IP Address Click Change adapter settings. Double click Local Area Connection and then select Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. P-660N-T1A User’s Guide...
Page 251
Appendix A Setting Up Your Computer’s IP Address Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties. P-660N-T1A User’s Guide...
Page 252
DNS server and an Alternate DNS server, if that information was provided. Click Advanced if you want to configure advanced settings for IP, DNS and WINS. Click OK to close the Internet Protocol (TCP/IP) Properties window. Click OK to close the Local Area Connection Properties window. P-660N-T1A User’s Guide...
Page 253
In the Command Prompt window, type "ipconfig" and then press [ENTER]. The IP settings are displayed as follows. Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. Click Apple > System Preferences. P-660N-T1A User’s Guide...
Page 254
Appendix A Setting Up Your Computer’s IP Address In the System Preferences window, click the Network icon. When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. P-660N-T1A User’s Guide...
Page 255
• In the IP Address field, type your IP address. • In the Subnet Mask field, type your subnet mask. • In the Router field, type the IP address of your device. Click Apply Now and close the window. P-660N-T1A User’s Guide...
Page 256
Figure 115 Mac OS X 10.4: Network Utility Mac OS X: 10.5 and 10.6 The screens in this section are from Mac OS X 10.5 but can also apply to 10.6. Click Apple > System Preferences. P-660N-T1A User’s Guide...
Page 257
Appendix A Setting Up Your Computer’s IP Address In System Preferences, click the Network icon. When the Network preferences pane opens, select Ethernet from the list of available connection types. From the Configure list, select Using DHCP for dynamically assigned settings. P-660N-T1A User’s Guide...
Page 258
• In the IP Address field, enter your IP address. • In the Subnet Mask field, enter your subnet mask. • In the Router field, enter the IP address of your ZyXEL Device. Click Apply and close the window. P-660N-T1A User’s Guide...
Page 259
The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default Ubuntu 8 installation. Note: Make sure you are logged in as the root administrator. P-660N-T1A User’s Guide...
Page 260
When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password. P-660N-T1A User’s Guide...
Page 261
Appendix A Setting Up Your Computer’s IP Address In the Authenticate window, enter your admin account name and password then click the Authenticate button. In the Network Settings window, select the connection that you want to configure, then click Properties. P-660N-T1A User’s Guide...
Page 262
Network Settings screen. If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided. Click the Close button to apply the changes. P-660N-T1A User’s Guide...
Page 263
Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices tab. The Interface Statistics column shows data if your connection is working properly. Figure 117 Ubuntu 8: Network Tools P-660N-T1A User’s Guide...
Page 264
Follow the steps below to configure your computer IP address in the KDE: Click K Menu > Computer > Administrator Settings (YaST). When the Run as Root - KDE su dialog opens, enter the admin password and click OK. P-660N-T1A User’s Guide...
Page 265
When the YaST Control Center window opens, select Network Devices and then click the Network Card icon. When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. P-660N-T1A User’s Guide...
Page 266
Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. Click Next to save the changes and close the Network Card Setup window. P-660N-T1A User’s Guide...
Page 267
Click Finish to save your settings and close the window. Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information. Figure 119 openSUSE 10.3: KNetwork Manager P-660N-T1A User’s Guide...
Page 268
Appendix A Setting Up Your Computer’s IP Address When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly. Figure 120 openSUSE: Connection Status - KNetwork Manager P-660N-T1A User’s Guide...
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. P-660N-T1A User’s Guide...
Page 272
In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 2 – 2 or 254 possible hosts. P-660N-T1A User’s Guide...
Page 273
The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 123 Subnetting Example: After Subnetting P-660N-T1A User’s Guide...
Page 274
Table 101 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 P-660N-T1A User’s Guide...
Page 275
Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 104 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS P-660N-T1A User’s Guide...
255.255.255.248 (/29) 8192 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP P-660N-T1A User’s Guide...
Page 277
Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. P-660N-T1A User’s Guide...
Page 278
Appendix B IP Addresses and Subnetting P-660N-T1A User’s Guide...
Disable Pop-up Blockers In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 124 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. P-660N-T1A User’s Guide...
Page 280
Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. P-660N-T1A User’s Guide...
Page 281
Select Settings…to open the Pop-up Blocker Settings screen. Figure 126 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. P-660N-T1A User’s Guide...
Page 282
Figure 127 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. P-660N-T1A User’s Guide...
Page 283
Figure 128 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). P-660N-T1A User’s Guide...
Page 284
Figure 129 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. P-660N-T1A User’s Guide...
Page 285
Click OK to close the window. Figure 130 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. P-660N-T1A User’s Guide...
Page 286
Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 132 Mozilla Firefox: Tools > Options P-660N-T1A User’s Guide...
Page 287
Appendix C Pop-up Windows, JavaScripts and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 133 Mozilla Firefox Content Security P-660N-T1A User’s Guide...
Page 288
Appendix C Pop-up Windows, JavaScripts and Java Permissions P-660N-T1A User’s Guide...
(AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate P-660N-T1A User’s Guide...
Page 290
This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. P-660N-T1A User’s Guide...
Page 291
AP is using channel 1, then you need to select a channel between 6 or 11. RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a P-660N-T1A User’s Guide...
Page 292
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. P-660N-T1A User’s Guide...
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has P-660N-T1A User’s Guide...
Page 294
IEEE802.1x EAP with RADIUS Server Authentication Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. P-660N-T1A User’s Guide...
Page 295
The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. P-660N-T1A User’s Guide...
Page 296
The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. P-660N-T1A User’s Guide...
Page 297
However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. P-660N-T1A User’s Guide...
Page 298
RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. P-660N-T1A User’s Guide...
Page 299
The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption P-660N-T1A User’s Guide...
Page 300
The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client. P-660N-T1A User’s Guide...
Page 301
The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. P-660N-T1A User’s Guide...
Page 302
Enable without Dynamic WEP Open Enable with Dynamic WEP Key Enable without Dynamic WEP Disable Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Disable TKIP/AES Enable WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable P-660N-T1A User’s Guide...
Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. P-660N-T1A User’s Guide...
Page 304
For omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. P-660N-T1A User’s Guide...
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. • If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. P-660N-T1A User’s Guide...
Page 306
IMAP4 The Internet Message Access Protocol is used for e-mail. IMAP4S This is a more secure version of IMAP4 that runs over SSL. TCP/UDP 6667 This is another popular Internet chat program. P-660N-T1A User’s Guide...
Page 307
Remote Login. ROADRUNNER TCP/UDP 1026 This is an ISP that provides services mainly for cable modems. RTELNET Remote Telnet. RTSP TCP/UDP The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. P-660N-T1A User’s Guide...
Page 308
Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the user- application. defined P-660N-T1A User’s Guide...
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or P-660N-T1A User’s Guide...
Page 312
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-660N-T1A User’s Guide...
See CA. rules certifications types 139, 140, 144 notices administrator password 28, 202 viewing alerts channel alternative subnet mask notation interference antenna channel, wireless LAN directional gain client list omni-directional Command Line Interface, see CLI AP (access point) P-660N-T1A User’s Guide...
Page 314
86, 89, 94 structure diagnostic IP/MAC filter DiffServ Code Point, see DSCP configuration disclaimer MAC address 108, 119 activation 86, 90, 94, 184 151, 152 Domain Name System, see DNS firewalls configuration DSCP DDoS DSL connections, status dynamic DNS P-660N-T1A User’s Guide...
Page 315
134, 136 Management Information Base (MIB) ping private mapping address rules IP alias types 139, 140, 144 configuration NAT applications Maximum Burst Size, see MBS IP precedence 171, 173 Maximum Transmission Unit, see MTU P-660N-T1A User’s Guide...
Page 316
SIP ALG 802.1p 171, 172 activation activation 169, 170 132, 133 DSCP Network Address Translation example see NAT IP precedence 171, 173 Network Address Translation, see NAT priority queue Quality of Service, see QoS P-660N-T1A User’s Guide...
Page 317
LAN 102, 118 subnet mask 86, 95, 270 Security Parameter Index, see SPI subnetting Service Set IDentifier, see SSID Sustain Cell Rate, see SCR setup SYN attack DHCP firewalls syntax conventions IP alias system P-660N-T1A User’s Guide...
Page 318
Universal Plug and Play, see UPnP setup upgrading firmware status UPnP traffic shaping activation example cautions 70, 76, 80 NAT traversal 70, 76, 80 warranty note URL filter 113, 123 compatibility example web configurator 21, 27 login P-660N-T1A User’s Guide...