Download Print this page

ZyXEL Communications P-660HN FxZ Series User Manual

802.11n wireless adsl2 4-port gateway

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

P-660HN FxZ Series

802.11n Wireless ADSL2+ 4-port Gateway

Default Login Details

IP Address

http://192.168.1.1

Admin

Password

User

Password

Firmware Version 3.7

www.zyxel.com

Edition 2, 10/2010

www.zyxel.com

1234

user

Copyright © 2010

ZyXEL Communications Corporation

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the P-660HN FxZ Series and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications P-660HN FxZ Series

Page 1 P-660HN FxZ Series 802.11n Wireless ADSL2+ 4-port Gateway Default Login Details IP Address http://192.168.1.1 Admin 1234 Password User user Password Firmware Version 3.7 www.zyxel.com Edition 2, 10/2010 www.zyxel.com Copyright © 2010 ZyXEL Communications Corporation...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
Page 4: Document Conventions
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch P-660HN-FxZ Series User’s Guide...
Page 6: Safety Warnings
Safety Warnings Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 7 Safety Warnings P-660HN-FxZ Series User’s Guide...
Page 8 Safety Warnings P-660HN-FxZ Series User’s Guide...
Page 9: Table Of Contents
Contents Overview Contents Overview Introduction ..........................31 Introducing the ZyXEL Device ....................33 Introducing the Web Configurator ....................39 Status Screens .......................... 45 Wizard ............................. 51 Internet and Wireless Setup Wizard ..................53 Network ........................... 67 WAN Setup ..........................69 LAN Setup ..........................
Page 10 Contents Overview Appendices and Index ......................317 P-660HN-FxZ Series User’s Guide...
Page 11 Table of Contents Table of Contents About This User's Guide ......................3 Document Conventions......................4 Safety Warnings........................6 Contents Overview ........................9 Table of Contents........................11 List of Figures ......................... 21 List of Tables........................... 27 Part I: Introduction................. 31 Chapter 1 Introducing the ZyXEL Device ....................
Page 12: Table Of Contents
Table of Contents Chapter 3 Status Screens ........................45 3.1 Overview ..........................45 3.2 The Status Screen ....................... 45 3.3 Client List ..........................48 3.4 WLAN Status ........................48 3.5 Packet Statistics ........................48 3.6 Any IP Table ........................50 Part II: Wizard ..................
Page 13 Table of Contents 5.5.5 Nailed-Up Connection (PPP) ..................84 5.5.6 NAT ..........................84 5.6 Metric ........................... 84 5.7 Traffic Shaping ........................85 5.7.1 ATM Traffic Classes ....................86 5.8 Traffic Redirect ........................86 Chapter 6 LAN Setup..........................89 6.1 Overview ..........................89 6.1.1 What You Can Do in the LAN Screens ...............
Page 14 Table of Contents 7.4 The WPS Screen ........................117 7.5 The WPS Station Screen ....................118 7.6 The WDS Screen ........................119 7.7 The QoS Screen ........................ 120 7.8 The Scheduling Screen ..................... 121 7.9 Wireless LAN Technical Reference ................... 121 7.9.1 Wireless Network Overview ..................121 7.9.2 Additional Wireless Terms ..................
Page 15 Table of Contents 9.1.3 Firewall Rule Setup Example ................... 152 9.2 The Firewall General Screen ..................... 156 9.3 The Firewall Rule Screen ....................157 9.3.1 Configuring Firewall Rules ..................159 9.3.2 Customized Services ....................162 9.3.3 Configuring a Customized Service ................. 162 9.4 The Firewall Threshold Screen ..................
Page 16 Table of Contents 12.1.1 What You Can Do in the Certificates Screens ............185 12.1.2 What You Need to Know About Certificates ............186 12.2 The My Certificates Screen ..................... 186 12.2.1 My Certificate Import ..................... 188 12.2.2 My Certificate Create .................... 189 12.2.3 My Certificate Details ....................
Page 17 Table of Contents 15.1.1 What You Can Do in the QoS Screens ..............225 15.1.2 What You Need to Know About QoS ..............225 15.1.3 QoS Class Setup Example ..................226 15.2 The QoS General Screen ....................229 15.3 The Class Setup Screen ....................230 15.3.1 The Class Configuration Screen ................
Page 18 Table of Contents 18.3 Installing UPnP in Windows Example ................257 18.4 Using UPnP in Windows XP Example ................260 Part VI: Maintenance................267 Chapter 19 System Settings ........................269 19.1 Overview .......................... 269 19.1.1 What You Can Do in the System Settings Screens ..........269 19.1.2 What You Need to Know About System Settings ...........
Page 19 Table of Contents Part VII: Troubleshooting and Specifications ........303 Chapter 23 Product Specifications ......................305 23.1 Hardware Specifications ....................305 23.2 Firmware Specifications ....................305 23.3 Wireless Features ......................308 23.4 Power Adaptor Specifications ..................310 Chapter 24 Troubleshooting........................313 24.1 Power, Hardware Connections, and LEDs ..............
Page 20 Table of Contents P-660HN-FxZ Series User’s Guide...
Page 21: List Of Figures
List of Figures List of Figures Figure 1 ZyXEL Device’s Router Features ..................... 35 Figure 2 LEDs on the Top of the Device ....................35 Figure 3 Password Screen ........................40 Figure 4 Change Password Screen ......................40 Figure 5 Replace Factory Default Certificate Screen ................41 Figure 6 Main Screen ..........................
Page 22 List of Figures Figure 39 Traffic Redirect LAN Setup ..................... 87 Figure 40 Network > LAN > IP ........................ 91 Figure 41 Network > LAN > IP: Advanced Setup ................... 92 Figure 42 Network > LAN > DHCP Setup ....................94 Figure 43 Network >...
Page 23 List of Figures Figure 82 Firewall Example: Edit Rule: Destination Address .............. 154 Figure 83 Firewall Example: Edit Rule: Select Customized Services ........... 155 Figure 84 Firewall Example: Rules: MyService ................... 156 Figure 85 Security > Firewall > General ....................156 Figure 86 Security >...
Page 24 List of Figures Figure 125 802.1Q/1P .......................... 215 Figure 126 802.1Q/1P Example ......................216 Figure 127 Advanced > 802.1Q/1P > Group Setting > Edit: Example ..........217 Figure 128 Advanced > 802.1Q/1P > Port Setting: Example ............... 218 Figure 129 Advanced > 802.1Q/1P > Group Setting: Example ............219 Figure 130 Advanced >...
Page 25 List of Figures Figure 168 Maintenance > System > Time Setting ................271 Figure 169 Maintenance > Logs > View Log ..................276 Figure 170 Maintenance > Logs > Log Settings ................... 277 Figure 171 E-mail Log Example ......................279 Figure 172 Restore Using FTP Session Example ................
Page 26 List of Figures Figure 211 Red Hat 9.0: KDE: Network Configuration: Devices ............336 Figure 212 Red Hat 9.0: KDE: Ethernet Device: General ..............336 Figure 213 Red Hat 9.0: KDE: Network Configuration: DNS ............... 337 Figure 214 Red Hat 9.0: KDE: Network Configuration: Activate ............
Page 27: List Of Tables
List of Tables List of Tables Table 1 LED Descriptions ........................35 Table 2 Web Configurator Icons in the Title Bar ..................42 Table 3 Navigation Panel Summary ...................... 42 Table 4 Status Screen ..........................45 Table 5 WLAN Status ..........................48 Table 6 Packet Statistics ........................
Page 28 List of Tables Table 39 Network > Wireless LAN > WDS ..................120 Table 40 Network > Wireless LAN > QoS .................... 120 Table 41 Network > Wireless LAN > QoS .................... 121 Table 42 Additional Wireless Terms ..................... 123 Table 43 Types of Encryption for Each Type of Authentication ............
Page 29 List of Tables Table 82 Advanced > 802.1Q/1P > Port Setting .................. 222 Table 83 Advanced > QoS > General ....................229 Table 84 Advanced > QoS > Class Setup ................... 230 Table 85 Advanced > QoS > Class Setup: Edit ................... 232 Table 86 Advanced >...
Page 30 List of Tables Table 125 Maintenance > Diagnostic > DSL Line ................301 Table 126 Hardware Specifications ..................... 305 Table 127 Firmware Specifications ...................... 305 Table 128 Wireless Features ....................... 308 Table 129 Standards Supported ......................309 Table 130 ZyXEL Device Series Power Adaptor Specifications ............310 Table 131 Subnet Masks ........................
Page 31: Introduction
Introduction Introducing the ZyXEL Device (33) Introducing the Web Configurator (39) Status Screens (45)
Page 33: Introducing The Zyxel Device
H A P T E R Introducing the ZyXEL Device This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways you can manage the ZyXEL Device. 1.1 Overview The P-660HN-FxZ series are ADSL2+ routers. By integrating DSL and NAT, you are provided with ease of installation and high-speed, shared Internet access.
Page 34: Good Habits For Managing The Zyxel Device
Chapter 1 Introducing the ZyXEL Device • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers. • FTP for firmware upgrades and configuration backup/restore. • SNMP. The device can be monitored by an SNMP manager. See the SNMP chapter in this User’s Guide.
Page 35: Leds (Lights)
Chapter 1 Introducing the ZyXEL Device Figure 1 ZyXEL Device’s Router Features You can also configure firewall and content filtering on the ZyXEL Device for secure Internet access. When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network.
Page 36: Introducing The Zyxel Device
Chapter 1 Introducing the ZyXEL Device Table 1 LED Descriptions COLOR STATUS DESCRIPTION ETHERNET Green The ZyXEL Device has an Ethernet connection with a device on the Local Area Network (LAN). Blinking The ZyXEL Device is sending/receiving data to /from the LAN. The ZyXEL Device does not have an Ethernet connection with the LAN.
Page 37: Turn The Wireless Lan Off Or On
Chapter 1 Introducing the ZyXEL Device 1.7.1 Turn the Wireless LAN Off or On 1 Make sure the POWER LED is on (not blinking). 2 Press the WPS WLAN ON/OFF button for less than five seconds and release it. The WLAN/WPS LED should change from on to off or vice versa.
Page 38 Chapter 1 Introducing the ZyXEL Device P-660HN-FxZ Series User’s Guide...
Page 39: Introducing The Web Configurator
H A P T E R Introducing the Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: •...
Page 40: Figure 3 Password Screen
Chapter 2 Introducing the Web Configurator Figure 3 Password Screen 5 The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.
Page 41: Web Configurator Main Screen
Chapter 2 Introducing the Web Configurator Figure 5 Replace Factory Default Certificate Screen 2.2 Web Configurator Main Screen Figure 6 Main Screen As illustrated above, the main screen is divided into these parts: • A - title bar • B - navigation panel •...
Page 42: Navigation Panel
Chapter 2 Introducing the Web Configurator The icons provide the following functions. Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Help: Click this icon to open up help screens. Wizards: Click this icon to go to the configuration wizards. See Chapter 4 on page for more information.
Page 43 Chapter 2 Introducing the Web Configurator Table 3 Navigation Panel Summary LINK FUNCTION Security Firewall General Use this screen to activate/deactivate the firewall and the default action to take on network traffic going in specific directions. Rules This screen shows a summary of the firewall rules, and allows you to edit/ add a firewall rule.
Page 44: Main Window
Chapter 2 Introducing the Web Configurator Table 3 Navigation Panel Summary LINK FUNCTION Remote MGMT WWW Use this screen to configure through which interface(s) and from which IP address(es) users can use HTTP to manage the ZyXEL Device. Telnet Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the ZyXEL Device.
Page 45: Status Screens
H A P T E R Status Screens 3.1 Overview Use the Status screens to look at the current status of the device, system resources, and interfaces (LAN and WAN). The Status screen also provides detailed information from Any IP and DHCP and statistics from bandwidth management, and traffic. 3.2 The Status Screen Use this screen to view the status of the ZyXEL Device.
Page 46 Chapter 3 Status Screens Table 4 Status Screen LABEL DESCRIPTION Device Information Host Name This field displays the ZyXEL Device system name. It is used for identification. You can change this in the Maintenance > System > General screen’s System Name field.
Page 47 Chapter 3 Status Screens Table 4 Status Screen LABEL DESCRIPTION Firewall This displays whether or not the ZyXEL Device’s firewall is activated. Click this to go to the screen where you can change it. Content Filter This displays whether or not the ZyXEL Device’s content filtering is activated. Click this to go to the screen where you can change it.
Page 48: Client List
Chapter 3 Status Screens 3.3 Client List Section 6.4 on page 95 for information on this screen. 3.4 WLAN Status Use this screen to view the wireless stations that are currently associated to the ZyXEL Device. Click Status > WLAN Status to access this screen. Figure 8 WLAN Status The following table describes the labels in this screen.
Page 49: Figure 9 Packet Statistics
Chapter 3 Status Screens Figure 9 Packet Statistics The following table describes the fields in this screen. Table 6 Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device’s present date and time.
Page 50: Any Ip Table
Chapter 3 Status Screens Table 6 Packet Statistics (continued) LABEL DESCRIPTION Rx B/s This field displays the number of bytes received in the last second. Up Time This field displays the elapsed time this port has been up. LAN Port Statistics Interface This field displays either Ethernet (LAN ports) or Wireless (WLAN port).
Page 51: Wizard
Wizard Internet and Wireless Setup Wizard (53)
Page 53: Internet And Wireless Setup Wizard
H A P T E R Internet and Wireless Setup Wizard 4.1 Overview Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. See the advanced menu chapters for background information on these fields. 4.2 Internet Access Wizard Setup 1 After you enter the password to access the web configurator, select Go to Wizard setup and click Apply.
Page 54: Figure 12 Wizard Welcome
Chapter 4 Internet and Wireless Setup Wizard Figure 12 Wizard Welcome 3 Your ZyXEL device attempts to detect your DSL connection and your connection type. 3a The following screen appears if a connection is not detected. Check your hardware connections and click Restart the INTERNET/WIRELESS SETUP Wizard to return to the wizard welcome screen.
Page 55: Manual Configuration
Chapter 4 Internet and Wireless Setup Wizard Figure 14 Auto-Detection: PPPoE 3c The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 4.2.1 on page 55 on how to manually configure the ZyXEL Device for Internet access.
Page 56: Figure 16 Internet Access Wizard Setup: Isp Parameters
Chapter 4 Internet and Wireless Setup Wizard Figure 16 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 8 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode Select Routing (default) from the drop-down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account.
Page 57: Figure 17 Internet Connection With Pppoe
Chapter 4 Internet and Wireless Setup Wizard 2 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 4.3 on page 60 for wireless connection wizard setup Figure 17 Internet Connection with PPPoE The following table describes the fields in this screen.
Page 58: Figure 19 Internet Connection With Enet Encap
Chapter 4 Internet and Wireless Setup Wizard The following table describes the fields in this screen. Table 10 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field. Back Click this to return to the previous screen without saving.
Page 59: Figure 20 Internet Connection With Pppoa
Chapter 4 Internet and Wireless Setup Wizard Table 11 Internet Connection with ENET ENCAP (continued) LABEL DESCRIPTION Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 20 Internet Connection with PPPoA The following table describes the fields in this screen.
Page 60: Wireless Connection Wizard Setup
Chapter 4 Internet and Wireless Setup Wizard Figure 21 Connection Test Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wireless Setup Wizard to verify your Internet access settings. Figure 22 Connection Test Failed-2. 4.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN.
Page 61: Figure 23 Connection Test Successful
Chapter 4 Internet and Wireless Setup Wizard Figure 23 Connection Test Successful 2 Use this screen to activate the wireless LAN. Click Next to continue. Figure 24 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. Table 13 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION...
Page 62: Figure 25 Wireless Lan
Chapter 4 Internet and Wireless Setup Wizard Figure 25 Wireless LAN The following table describes the labels in this screen. Table 14 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Network Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless Name(SSID) LAN.
Page 63: Manually Assign A Wpa-Psk Key
Chapter 4 Internet and Wireless Setup Wizard 4.3.1 Manually Assign a WPA-PSK key Choose Manually assign a WPA-PSK key in the Wireless LAN setup screen to set up a Pre- Shared Key. Figure 26 Manually Assign a WPA-PSK key The following table describes the labels in this screen. Table 15 Manually Assign a WPA-PSK key LABEL DESCRIPTION...
Page 64: Table 16 Manually Assign A Wep Key
Chapter 4 Internet and Wireless Setup Wizard The following table describes the labels in this screen. Table 16 Manually Assign a WEP key LABEL DESCRIPTION The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission.
Page 65: Figure 29 Internet Access And Wlan Wizard Setup Complete
Chapter 4 Internet and Wireless Setup Wizard Figure 29 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features.
Page 66 Chapter 4 Internet and Wireless Setup Wizard P-660HN-FxZ Series User’s Guide...
Page 67 Network WAN Setup (69) LAN Setup (89) Wireless LAN (105) Network Address Translation (NAT) (135)
Page 69: Wan Setup
H A P T E R WAN Setup 5.1 Overview This chapter describes how to configure WAN settings from the WAN screens. Use these screens to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet.
Page 70: Before You Begin
Chapter 5 WAN Setup WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other devices in other networks.
Page 71: Figure 31 Network > Wan >Internet Access Setup (Pppoe)
Chapter 5 WAN Setup Figure 31 Network > WAN >Internet Access Setup (PPPoE) The following table describes the labels in this screen. Table 17 Network > WAN > Internet Access Setup LABEL DESCRIPTION Line Modulation Select the modulation supported by your ISP. Use Multi Mode if you are not sure which mode to choose from.
Page 72: Wan Setup
Chapter 5 WAN Setup Table 17 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Mode Select Routing (default) from the drop-down list box if your ISP gives you one IP address only and you want multiple computers to share an Internet account. Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly.
Page 73: Advanced Internet Access Setup
Chapter 5 WAN Setup Table 17 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Nailed-Up Select Nailed-Up Connection when you want your connection up all the time. Connection The ZyXEL Device will try to bring up the connection automatically if it is disconnected.
Page 74: Table 18 Network > Wan > Internet Access Setup: Advanced Setup
Chapter 5 WAN Setup The following table describes the labels in this screen. Table 18 Network > WAN > Internet Access Setup: Advanced Setup LABEL DESCRIPTION RIP & Multicast This section is not available when you configure the ZyXEL Device to be in Setup bridge mode.
Page 75: The More Connections Screen
Chapter 5 WAN Setup Table 18 Network > WAN > Internet Access Setup: Advanced Setup (continued) LABEL DESCRIPTION Protocol Filter Select the protocol filter(s) to control incoming traffic. You may choose up to 4 sets of filters. You can configure packet filters in the Packet Filter screen. See Chapter 11 on page 177 for more details.
Page 76: More Connections Edit
Chapter 5 WAN Setup The following table describes the labels in this screen. Table 19 Network > WAN > More Connections LABEL DESCRIPTION This is an index number indicating the number of the corresponding connection. Active This field indicates whether the connection is active or not. Clear the check box to disable the connection.
Page 77: Figure 34 Network > Wan > More Connections: Edit
Chapter 5 WAN Setup Figure 34 Network > WAN > More Connections: Edit The following table describes the labels in this screen. Table 20 Network > WAN > More Connections: Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection.
Page 78 Chapter 5 WAN Setup Table 20 Network > WAN > More Connections: Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE encapsulation only) Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
Page 79: Configuring More Connections Advanced Setup
Chapter 5 WAN Setup Table 20 Network > WAN > More Connections: Edit (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. Advanced Setup Click this to display the More Connections Advanced Setup screen and edit more details of your WAN setup.
Page 80: The Wan Backup Setup Screen
Chapter 5 WAN Setup Table 21 Network > WAN > More Connections: Edit: Advanced Setup (continued) LABEL DESCRIPTION ATM QoS Type Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail.
Page 81: Figure 36 Network > Wan > Wan Backup
Chapter 5 WAN Setup Figure 36 Network > WAN > WAN Backup The following table describes the labels in this screen. Table 22 Network > WAN > WAN Backup LABEL DESCRIPTION WAN Backup Setup Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
Page 82: Wan Technical Reference
Chapter 5 WAN Setup Table 22 Network > WAN > WAN Backup LABEL DESCRIPTION Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. Active Traffic Select this check box to have the ZyXEL Device use traffic redirect if the normal Redirect WAN connection goes down.
Page 83: Multiplexing
Chapter 5 WAN Setup One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for individuals. Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site.
Page 84: Ip Address Assignment
Chapter 5 WAN Setup 5.5.4 IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP.
Page 85: Traffic Shaping
Chapter 5 WAN Setup The metric sets the priority for the ZyXEL Device’s routes to the Internet. If any two of the default routes have the same metric, the ZyXEL Device uses the following pre-defined priorities: • Normal route: designated by the ISP (see Section 5.2 on page •...
Page 86: Atm Traffic Classes
Chapter 5 WAN Setup 5.7.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Page 87: Figure 38 Traffic Redirect Example
Chapter 5 WAN Setup Figure 38 Traffic Redirect Example Backup Gateway The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network.
Page 88 Chapter 5 WAN Setup P-660HN-FxZ Series User’s Guide...
Page 89: Lan Setup
H A P T E R LAN Setup 6.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building.
Page 90: Before You Begin
Chapter 6 LAN Setup Subnet Mask Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your ZyXEL Device an IP address, subnet mask, DNS and other routing information when it's turned on.
Page 91: The Advanced Lan Ip Setup Screen
Chapter 6 LAN Setup 2 Enter the IP subnet mask into the IP Subnet Mask field. Unless instructed otherwise it is best to leave this alone, the configurator will automatically compute a subnet mask based upon the IP address you entered. 3 Click Apply to save your settings.
Page 92: Figure 41 Network > Lan > Ip: Advanced Setup
Chapter 6 LAN Setup Figure 41 Network > LAN > IP: Advanced Setup The following table describes the labels in this screen. Table 24 Network > LAN > IP: Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.
Page 93: The Dhcp Setup Screen
Chapter 6 LAN Setup Table 24 Network > LAN > IP: Advanced Setup LABEL DESCRIPTION Allow between LAN Select this check box to forward NetBIOS packets from the LAN to the WAN and WAN and from the WAN to the LAN. If your firewall is enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default WAN to LAN firewall rule that forwards NetBIOS traffic.
Page 94: Figure 42 Network > Lan > Dhcp Setup
Chapter 6 LAN Setup Figure 42 Network > LAN > DHCP Setup The following table describes the labels in this screen. Table 25 Network > LAN > DHCP Setup LABEL DESCRIPTION DHCP Setup DHCP If set to Server, your ZyXEL Device can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 95: The Client List Screen
Chapter 6 LAN Setup Table 25 Network > LAN > DHCP Setup LABEL DESCRIPTION First DNS Server Select Obtained From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). Second DNS Server Select User-Defined if you have the IP address of a DNS server. Enter the Third DNS Server DNS server's IP address in the field to the right.
Page 96: The Ip Alias Screen
Chapter 6 LAN Setup The following table describes the labels in this screen. Table 26 Network > LAN > Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify.
Page 97: Configuring The Lan Ip Alias Screen
Chapter 6 LAN Setup Figure 44 Physical Network & Partitioned Logical Networks A: 192.168.1.1 - 192.168.1.24 Ethernet B: 192.168.2.1 - 192.168.2.24 Interface C: 192.168.3.1 - 192.168.3.24 6.5.1 Configuring the LAN IP Alias Screen Use this screen to change your ZyXEL Device’s IP alias settings. Click Network > LAN > IP Alias to open the following screen.
Page 98: Lan Technical Reference
Chapter 6 LAN Setup Table 27 Network > LAN > IP Alias LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets.
Page 99: Dhcp Setup
Chapter 6 LAN Setup 6.6.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients.
Page 100 Chapter 6 LAN Setup Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
Page 101: Rip Setup
Chapter 6 LAN Setup 6.6.5 RIP Setup RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to: • Both - the ZyXEL Device will broadcast its routing table periodically and incorporate the RIP information that it receives.
Page 102: Any Ip
Chapter 6 LAN Setup 6.6.7 Any IP Traditionally, you must set the IP addresses and the subnet masks of a computer and the ZyXEL Device to be in the same subnet to allow the computer to access the Internet (through the ZyXEL Device).
Page 103 Chapter 6 LAN Setup The following lists out the steps taken, when a computer tries to access the Internet for the first time through the ZyXEL Device. 1 When a computer (which is in a different subnet) first attempts to access the Internet, it sends packets to its default gateway (which is not the ZyXEL Device) by looking at the MAC address in its ARP table.
Page 104 Chapter 6 LAN Setup P-660HN-FxZ Series User’s Guide...
Page 105: Wireless Lan
H A P T E R Wireless LAN 7.1 Overview This chapter describes how to perform tasks related to setting up and optimizing your wireless network, including the following. • Turning the wireless connection on or off. • Configuring a name, wireless channel and security for the network. •...
Page 106: What You Need To Know About Wireless
Chapter 7 Wireless LAN 7.1.2 What You Need to Know About Wireless Wireless Basics “Wireless” is essentially radio communication. In the same way that walkie-talkie radios send and receive information over the airwaves, wireless networking devices exchange information with one another. A wireless networking device is just like a radio that lets your computer exchange information with radios attached to other computers.
Page 107: The Ap Screen
Chapter 7 Wireless LAN 7.2 The AP Screen Use this screen to configure the wireless settings of your ZyXEL Device. Click Network > Wireless LAN to open the AP screen. Figure 48 Network > Wireless LAN > AP The following table describes the labels in this screen. Table 28 Network >...
Page 108: No Security
Chapter 7 Wireless LAN Table 28 Network > Wireless LAN > AP LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device.
Page 109: Wep Encryption
Chapter 7 Wireless LAN If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 49 Network > Wireless LAN > AP: No Security The following table describes the labels in this screen. Table 29 Network >...
Page 110: Wpa(2)-Psk
Chapter 7 Wireless LAN Figure 50 Network > Wireless LAN > AP: WEP Auto The following table describes the wireless LAN security labels in this screen. Table 30 Network > Wireless LAN > AP: WEP Auto LABEL DESCRIPTION Security Mode Choose WEP Auto from the drop-down list box.
Page 111: Wpa(2) Authentication
Chapter 7 Wireless LAN Figure 51 Network > Wireless LAN > AP: WPA(2)-PSK The following table describes the wireless LAN security labels in this screen. Table 31 Network > Wireless LAN > AP: WPA(2)-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK or WPAPSKMixed from the drop-down list box.
Page 112: Figure 52 Network > Wireless Lan > Ap: Wpa(2)
Chapter 7 Wireless LAN Figure 52 Network > Wireless LAN > AP: WPA(2) The following table describes the wireless LAN security labels in this screen. Table 32 Network > Wireless LAN > AP: WPA(2) LABEL DESCRIPTION Security Mode Choose WPA, WPA2 or WPAMixed from the drop-down list box. Select WPAMixed if you want the ZyXEL Device to support WPA and WPA2 simultaneously.
Page 113: Wireless Lan Advanced Setup
Chapter 7 Wireless LAN Table 32 Network > Wireless LAN > AP: WPA(2) LABEL DESCRIPTION WPA Group Key The WPA Group Key Update Timer is the rate at which the AP (if using Update Timer WPA(2)-PSK key management) or RADIUS server (if using WPA(2) key management) sends a new group key out to all clients.
Page 114: Mac Filter
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 33 Network > Wireless LAN > AP: Advanced Setup LABEL DESCRIPTION RTS/CTS Enter a value between 0 and 2432. Threshold Fragmentation This is the maximum data fragment size that can be sent. Enter a value between 256 Threshold and 2432.
Page 115: The More Ap Screen
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 34 Network > Wireless LAN > AP: MAC Address Filter LABEL DESCRIPTION Active MAC Select the check box to enable MAC address filtering. Filter Define the filter action for the list of MAC addresses in the MAC Address table. Filter Action Select Deny to block access to the ZyXEL Device.
Page 116: More Ap Edit
Chapter 7 Wireless LAN Table 35 Network > Wireless LAN > More AP LABEL DESCRIPTION SSID An SSID profile is the set of parameters relating to one of the ZyXEL Device’s BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated.
Page 117: The Wps Screen
Chapter 7 Wireless LAN Table 36 Network > Wireless LAN > More AP: Edit LABEL DESCRIPTION Edit Click this to go to the MAC Filter screen to configure MAC filter settings. See Section 7.2.6 on page 114 for more details. Back Click this to return to the previous screen without saving.
Page 118: The Wps Station Screen
Chapter 7 Wireless LAN Table 37 Network > Wireless LAN > WPS LABEL DESCRIPTION Release_Con This button is available when the WPS status is Configured. figuration Click this button to remove all configured wireless and wireless security settings for WPS connections on the ZyXEL Device. Apply Click this to save your changes.
Page 119: The Wds Screen
Chapter 7 Wireless LAN 7.6 The WDS Screen An AP using the Wireless Distribution System (WDS) can function as a wireless network bridge allowing you to wirelessly connect two wired network segments. The WDS screen allows you to configure the ZyXEL Device to connect to two or more APs wirelessly when WDS is enabled.
Page 120: The Qos Screen
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 39 Network > Wireless LAN > WDS LABEL DESCRIPTION Enable WDS Select this check box to activate WDS on the ZyXEL Device. Enable WDS Select this option and the type of the key used to encrypt data between APs. All the Security wireless APs (including the ZyXEL Device) must use the same pre-shared key for data transmission.
Page 121: The Scheduling Screen
Chapter 7 Wireless LAN 7.8 The Scheduling Screen Use the wireless LAN scheduling to configure the days you want to enable or disable the wireless LAN. Click Network > Wireless LAN > Scheduling. The following screen displays. P-660HN-FxZ Series User’s Guide...
Page 122: Figure 61 Network > Wireless Lan > Scheduling
Chapter 7 Wireless LAN Figure 61 Network > Wireless LAN > Scheduling P-660HN-FxZ Series User’s Guide...
Page 123: Wireless Lan Technical Reference
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 41 Network > Wireless LAN > QoS LABEL DESCRIPTION Enable Wireless Select this box to activate wireless LAN scheduling on your ZyXEL Device. LAN Scheduling WLAN status Select On or Off to enable or disable the wireless LAN.
Page 124: Figure 62 Example Of A Wireless Network
Chapter 7 Wireless LAN Figure 62 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet.
Page 125: Additional Wireless Terms
Chapter 7 Wireless LAN 7.9.2 Additional Wireless Terms The following table describes some wireless network terms and acronyms used in the ZyXEL Device’s Web Configurator. Table 42 Additional Wireless Terms TERM DESCRIPTION RTS/CTS Threshold In a wireless network which covers a large area, wireless devices are sometimes not aware of each other’s presence.
Page 126 Chapter 7 Wireless LAN These security standards vary in effectiveness. Some can be broken, such as the old Wired Equivalent Protocol (WEP). Using WEP is better than using no security at all, but it will not keep a determined attacker out. Other security standards are secure in themselves but can be broken if a user does not use them properly.
Page 127: Table 43 Types Of Encryption For Each Type Of Authentication
Chapter 7 Wireless LAN 7.9.3.3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before using it. However, every device in the wireless network has to support IEEE 802.1x to do this. For wireless networks, you can store the user names and passwords for each user in a RADIUS server.
Page 128: Signal Problems
Chapter 7 Wireless LAN Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. 7.9.4 Signal Problems Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption.
Page 129: Mbssid
Chapter 7 Wireless LAN 7.9.6 MBSSID Traditionally, you need to use different APs to configure different Basic Service Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The ZyXEL Device’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously.
Page 130 Chapter 7 Wireless LAN Depending on the devices you have, you can either press a button (on the device itself, or in its configuration utility) or enter a PIN (a unique Personal Identification Number that allows one device to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two minutes to find another device that also has WPS activated.
Page 131 Chapter 7 Wireless LAN If the client device’s configuration interface has an area for entering another device’s PIN, you can either enter the client’s PIN in the AP, or enter the AP’s PIN in the client - it does not matter which. 5 Start WPS on both devices within two minutes.
Page 132: Figure 65 Example Wps Process: Pin Method
Chapter 7 Wireless LAN Figure 65 Example WPS Process: PIN Method ENROLLEE REGISTRAR This device’s WPS PIN: 123456 Enter WPS PIN from other device: START START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 7.9.8.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role. One device acts as the registrar (the device that supplies network and security settings) and the other device acts as the enrollee (the device that receives network and security settings.
Page 133: Figure 66 How Wps Works
Chapter 7 Wireless LAN Figure 66 How WPS works ACTIVATE ACTIVATE WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes).
Page 134 Chapter 7 Wireless LAN Figure 67 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO CLIENT 1 In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network.
Page 135 Chapter 7 Wireless LAN Figure 69 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 REGISTRAR CLIENT 2 ENROLLEE 7.9.8.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate).
Page 136 Chapter 7 Wireless LAN You can easily check to see if this has happened. WPS works between only two devices simultaneously, so if another device has enrolled your device will be unable to enroll, and will not have access to the network. If this happens, open the access point’s configuration interface and look at the list of associated clients (usually displayed by MAC address).
Page 137: Network Address Translation (Nat)
H A P T E R Network Address Translation (NAT) 8.1 Overview This chapter discusses how to configure NAT on the ZyXEL Device. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 138: Network Address Translation (Nat)
Chapter 8 Network Address Translation (NAT) In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 139: The Port Forwarding Screen
Chapter 8 Network Address Translation (NAT) The following table describes the labels in this screen. Table 44 Network > NAT > General LABEL DESCRIPTION Active Network Select this check box to enable NAT. Address Translation (NAT) SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device.
Page 140: Configuring The Port Forwarding Screen
Chapter 8 Network Address Translation (NAT) Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Page 141: The Port Forwarding Rule Edit Screen
Chapter 8 Network Address Translation (NAT) Figure 72 Network > NAT > Port Forwarding The following table describes the fields in this screen. Table 45 Network > NAT > Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen.
Page 142: The Address Mapping Screen
Chapter 8 Network Address Translation (NAT) Figure 73 Network > NAT > Port Forwarding: Edit The following table describes the fields in this screen. Table 46 Network > NAT > Port Forwarding: Edit LABEL DESCRIPTION Active Click this check box to enable the rule. Service Name Enter a name to identify this port-forwarding rule.
Page 143: Figure 74 Network > Nat > Address Mapping
Chapter 8 Network Address Translation (NAT) rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9. In the set summary screen, the new rule will be rule 7, not 9. Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6.
Page 144: The Address Mapping Rule Edit Screen
Chapter 8 Network Address Translation (NAT) 8.4.1 The Address Mapping Rule Edit Screen Use this screen to edit an address mapping rule. Click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 75 Network > NAT > Address Mapping: Edit The following table describes the fields in this screen.
Page 145: The Sip Alg Screen
Chapter 8 Network Address Translation (NAT) Table 48 Network > NAT > Address Mapping: Edit (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 8.5 The SIP ALG Screen Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream.
Page 146: What Nat Does
Chapter 8 Network Address Translation (NAT) Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.
Page 147: Nat Application
Chapter 8 Network Address Translation (NAT) port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this.
Page 148: Nat Mapping Types
Chapter 8 Network Address Translation (NAT) Figure 78 NAT Application With IP Alias Corporation B Corporation A Server in Admin Network LAN2: 192.168.1.X =IP1 (IGA 1) Network Server “Admin=192.168.1.1 NAT Server 192.168.1.1 LAN2: 192.168.2.X Network Server “Sales”=192.168.2.1 Server in Sales Network =IP2 (IGA 2) NAT Server 192.168.2.1...
Page 149: Table 51 Nat Mapping Types
Chapter 8 Network Address Translation (NAT) Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types. Table 51 NAT Mapping Types TYPE IP MAPPING One-to-One ILA1 IGA1 Many-to-One (SUA/PAT) ILA1 IGA1 ILA2 IGA1...
Page 150 Chapter 8 Network Address Translation (NAT) P-660HN-FxZ Series User’s Guide...
Page 151: Security
Security Firewalls (151) Content Filtering (171) Packet Filter (177) Certificates (185)
Page 153: Firewalls
H A P T E R Firewalls 9.1 Overview This chapter shows you how to enable and configure the ZyXEL Device firewall. Use these screens to enable and configure the firewall that protects your ZyXEL Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Page 154: What You Need To Know About Firewall
Chapter 9 Firewalls 9.1.2 What You Need to Know About Firewall Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 155: Figure 80 Firewall Example: Rules
Chapter 9 Firewalls Figure 80 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Page 156: Figure 82 Firewall Example: Edit Rule: Destination Address
Chapter 9 Firewalls Figure 82 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Page 157: Figure 83 Firewall Example: Edit Rule: Select Customized Services
Chapter 9 Firewalls Figure 83 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Page 158: The Firewall General Screen
Chapter 9 Firewalls Figure 84 Firewall Example: Rules: MyService 9.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 85 Security > Firewall > General P-660HN-FxZ Series User’s Guide...
Page 159: The Firewall Rule Screen
Chapter 9 Firewalls The following table describes the labels in this screen. Table 52 Security > Firewall > General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Page 160: Figure 86 Security > Firewall > Rules
Chapter 9 Firewalls Click Security > Firewall > Rules to bring up the following screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. Figure 86 Security > Firewall > Rules The following table describes the labels in this screen.
Page 161: Configuring Firewall Rules
Chapter 9 Firewalls Table 53 Security > Firewall > Rules (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule. A window displays asking you to confirm that you want to delete the firewall rule.
Page 162: Figure 87 Security > Firewall > Rules: Edit
Chapter 9 Firewalls Figure 87 Security > Firewall > Rules: Edit The following table describes the labels in this screen. Table 54 Security > Firewall > Rules: Edit LABEL DESCRIPTION Edit Rule Active Select this option to enable this firewall rule. P-660HN-FxZ Series User’s Guide...
Page 163 Chapter 9 Firewalls Table 54 Security > Firewall > Rules: Edit (continued) LABEL DESCRIPTION Action for Matched Use the drop-down list box to select whether to discard (Drop), deny and send Packet an ICMP destination-unreachable message to the sender of (Reject) or allow the passage of (Permit) packets that match this rule.
Page 164: Customized Services
Chapter 9 Firewalls 9.3.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. See Appendix E on page 371 for some examples.
Page 165: The Firewall Threshold Screen
Chapter 9 Firewalls Figure 89 Security > Firewall > Rules: Edit: Edit Customized Services: Config The following table describes the labels in this screen. Table 56 Security > Firewall > Rules: Edit: Edit Customized Services: Config LABEL DESCRIPTION Config Service Name Type a unique name for your custom port.
Page 166: Threshold Values
Chapter 9 Firewalls Figure 90 Three-Way Handshake For UDP, half-open means that the firewall has detected no return traffic. An unusually high number (or arrival rate) of half-open sessions could indicate a DOS attack. 9.4.1 Threshold Values If everything is working properly, you probably do not need to change the threshold settings as the default threshold values should work for most small offices.
Page 167: Figure 91 Security > Firewall > Threshold
Chapter 9 Firewalls Figure 91 Security > Firewall > Threshold The following table describes the labels in this screen. Table 57 Security > Firewall > Threshold LABEL DESCRIPTION Denial of Service The ZyXEL Device measures both the total number of existing half-open Thresholds sessions and the rate of session establishment attempts.
Page 168: Firewall Technical Reference
Chapter 9 Firewalls Table 57 Security > Firewall > Threshold (continued) LABEL DESCRIPTION TCP Maximum An unusually high number of half-open sessions with the same destination host Incomplete address could indicate that a DoS attack is being launched against the host. Specify the number of existing half-open TCP sessions with the same destination host IP address that causes the firewall to start dropping half-open sessions to that same destination host IP address.
Page 169 Chapter 9 Firewalls You can also configure the remote management settings to allow only a specific computer to manage the ZyXEL Device. • LAN to WAN These rules specify which computers on the LAN can access which computers or services on the WAN.
Page 170: Guidelines For Enhancing Security With Your Firewall
Chapter 9 Firewalls 9.5.2 Guidelines For Enhancing Security With Your Firewall 1 Change the default password via web configurator. 2 Think about access control before you connect to the network in any way. 3 Limit who can access your router. 4 Don't enable any local service (such as telnet or FTP) that you don't use.
Page 171: Figure 92 Ideal Firewall Setup
Chapter 9 Firewalls Figure 92 Ideal Firewall Setup 9.5.4.1 The “Triangle Route” Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices. You may have more than one connection to the Internet (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL Device’s LAN IP address), the “triangle route”...
Page 172: Figure 94 Ip Alias
Chapter 9 Firewalls It’s like having multiple LAN networks that actually use the same physical cables and ports. By putting your LAN and Gateway A in different subnets, all returning network traffic must pass through the ZyXEL Device to your LAN. The following steps describe such a scenario. 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN.
Page 173: Content Filtering
H A P T E R Content Filtering 10.1 Overview Internet content filtering allows you to block web sites based on keywords in the URL. Section 10.1.4 on page 171 for an example of setting up content filtering. 10.1.1 What You Can Do in the Content Filter Screens •...
Page 174: Figure 95 Security > Content Filter > Keyword: Example
Chapter 10 Content Filtering Figure 95 Security > Content Filter > Keyword: Example Bob’s son arrives home from school at four, while his parents arrive later, at about 7pm. So keyword blocking is enabled for these times on weekdays and not on the weekend when the parents are at home.
Page 175: The Keyword Screen
Chapter 10 Content Filtering 2 In the Start IP Address and End IP Address fields, type 192.168.1.3. 3 Click Apply. Figure 97 Security > Content Filter > Trusted: Example That finishes setting up keyword blocking on the home computer. 10.2 The Keyword Screen Use this screen to block sites containing certain keywords in the URL.
Page 176: The Schedule Screen
Chapter 10 Content Filtering Table 58 Security > Content Filtering > Keyword (continued) LABEL DESCRIPTION Clear All Click this to remove all of the keywords from the list. Keyword Type a keyword in this field. You may use any character (up to 127 characters).
Page 177: The Trusted Screen
Chapter 10 Content Filtering Table 59 Security > Content Filter: Schedule (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 10.4 The Trusted Screen Use this screen to exclude a range of users on the LAN from content filtering on your ZyXEL Device.
Page 178 Chapter 10 Content Filtering P-660HN-FxZ Series User’s Guide...
Page 179: Packet Filter
H A P T E R Packet Filter 11.1 Overview Your ZyXEL Device uses filters to decide whether to allow passage of traffic. This chapter discusses how to create and apply filters. 11.1.1 What You Can Do in the Packet Filter Screen Use the Packet Filter screens (Section 11.2 on page 177) to display the filter sets and...
Page 180: Editing Protocol Filters
Chapter 11 Packet Filter Figure 101 Security > Packet Filter The following table describes the labels in this screen. Table 61 Security > Packet Filter LABEL DESCRIPTION This field displays the index number of the filter set. Name Enter a name for the filter set. The text may consist of up to 16 letters, numerals and any printable character found on a typical English language keyboard.
Page 181: Configuring Protocol Filter Rules
Chapter 11 Packet Filter Figure 102 Security > Packet Filter > Edit (Protocol Filter) The following table describes the labels in this screen. Table 62 Security > Packet Filter > Edit (Protocol Filter) LABEL DESCRIPTION This is the index number of the rules in a filter set. Active Use the check box to turn a filter rule on or off.
Page 182: Figure 103 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule
Chapter 11 Packet Filter Figure 103 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule The following table describes the labels in this screen. Table 63 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule LABEL DESCRIPTION Active Select the check box to enable the filter rule.
Page 183: Editing Generic Filters
Chapter 11 Packet Filter Table 63 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule (continued) LABEL DESCRIPTION More Select Yes to pass a matching packet to the next filter rule before an action is taken. Select No to act upon the packet according to the action fields. Select a logging option from the following: None –...
Page 184: Configuring Generic Packet Rules
Chapter 11 Packet Filter The following table describes the labels in this screen. Table 64 Security > Packet Filter > Edit (Generic Filter) LABEL DESCRIPTION This is the index number of the rules in a filter set. Active Use the check box to turn on or off a filter rule. Filter Type This field displays whether the filter type is a protocol filter or generic filter.
Page 185: Packet Filter Technical Reference
Chapter 11 Packet Filter Table 65 Security > Packet Filter > Edit (Generic Filter) > Edit Rule (continued) LABEL DESCRIPTION Value Enter the value (in hexadecimal notation) to compare with the data portion. More Select Yes to pass a matching packet to the next filter rule before an action is taken.
Page 186: Firewall Versus Filters
Chapter 11 Packet Filter 11.3.2 Firewall Versus Filters Below are some comparisons between the ZyXEL Device’s filtering and firewall functions. Packet Filtering • The router filters packets as they pass through the router’s interface according to the filter rules you designed. •...
Page 187 Chapter 11 Packet Filter P-660HN-FxZ Series User’s Guide...
Page 188: Figure 107 Certificates Example
H A P T E R Certificates 12.1 Overview This chapter describes how your ZyXEL Device can use certificates as a means of authenticating wireless clients. It gives background information about public-key certificates and explains how to use them. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Page 189: Chapter 12 Certificates
Chapter 12 Certificates 12.1.2 What You Need to Know About Certificates Certification Authority A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. You can use the ZyXEL Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority.
Page 190: Table 66 My Certificates
Chapter 12 Certificates The following table describes the labels in this screen. Table 66 My Certificates LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use. The bar turns from green to red when the maximum is being approached.
Page 191: My Certificate Import
Chapter 12 Certificates Table 66 My Certificates (continued) LABEL DESCRIPTION Import Click this to open a screen where you can save the certificate that you have enrolled from a certification authority from your computer to the ZyXEL Device. Refresh Click this to display the current validity status of the certificates. 12.2.1 My Certificate Import Follow the instructions in this screen to save an existing certificate to the ZyXEL Device.
Page 192: My Certificate Create
Chapter 12 Certificates The following table describes the labels in this screen. Table 67 My Certificate Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click this to find the certificate file you want to upload.
Page 193 Chapter 12 Certificates Table 68 My Certificate Create (continued) LABEL DESCRIPTION Common Name Select a radio button to identify the certificate’s owner by IP address, domain name or e-mail address. Type the IP address (in dotted decimal notation), domain name or e-mail address in the field provided. The domain name or e- mail address can be up to 31 ASCII characters.
Page 194: My Certificate Details
Chapter 12 Certificates Table 68 My Certificate Create (continued) LABEL DESCRIPTION Request When you select Create a certification request and enroll for a certificate Authentication immediately online, the certification authority may want you to include a reference number and key to identify you when you send a certification request.
Page 195: Certificates
Chapter 12 Certificates Figure 111 My Certificate Details The following table describes the labels in this screen. Table 69 My Certificate Details LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certificate.
Page 196 Chapter 12 Certificates Table 69 My Certificate Details (continued) LABEL DESCRIPTION Certification Path Click the Refresh button to have this read-only text box display the hierarchy of certification authorities that validate the certificate (and the certificate itself). If the issuing certification authority is one that you have imported as a trusted certification authority, it may be the only certification authority in the list (along with the certificate itself).
Page 197: The Trusted Cas Screen
Chapter 12 Certificates Table 69 My Certificate Details (continued) LABEL DESCRIPTION SHA1 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the SHA1 algorithm. Certificate in PEM This read-only text box displays the certificate or certification request in Privacy (Base-64) Encoded Enhanced Mail (PEM) format.
Page 198: Trusted Ca Import
Chapter 12 Certificates The following table describes the labels in this screen. Table 70 Trusted CAs LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use. The bar turns from blue to red when the maximum is being approached.
Page 199: Trusted Ca Details
Chapter 12 Certificates Figure 113 Trusted CA Import The following table describes the labels in this screen. Table 71 Trusted CA Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click this to find the certificate file you want to upload.
Page 200: Figure 114 Trusted Ca Details
Chapter 12 Certificates Figure 114 Trusted CA Details The following table describes the labels in this screen. Table 72 Trusted CA Details LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate.
Page 201 Chapter 12 Certificates Table 72 Trusted CA Details (continued) LABEL DESCRIPTION Certificate Path Click the Refresh button to have this read-only text box display the end entity’s certificate and a list of certification authority certificates that shows the hierarchy of certification authorities that validate the end entity’s certificate. If the issuing certification authority is one that you have imported as a trusted certification authority, it may be the only certification authority in the list (along with the end entity’s own certificate).
Page 202: The Trusted Remote Hosts Screens
Chapter 12 Certificates Table 72 Trusted CA Details (continued) LABEL DESCRIPTION CRL Distribution This field displays how many directory servers with Lists of revoked certificates Points the issuing certification authority of this certificate makes available. This field also displays the domain names or IP addresses of the servers. MD5 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the MD5 algorithm.
Page 203: Figure 115 Trusted Remote Hosts
Chapter 12 Certificates Figure 115 Trusted Remote Hosts The following table describes the labels in this screen. Table 73 Trusted Remote Hosts LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
Page 204: Trusted Remote Hosts Import
Chapter 12 Certificates 12.4.1 Trusted Remote Hosts Import Click Security > Certificates > Trusted Remote Hosts to open the Trusted Remote Hosts screen and then click Import to open the Trusted Remote Host Import screen. Follow the instructions in this screen to save a trusted host’s certificate to the ZyXEL Device. The trusted remote host certificate must be a self-signed certificate;...
Page 205: Figure 117 Trusted Remote Host Details
Chapter 12 Certificates Figure 117 Trusted Remote Host Details The following table describes the labels in this screen. Table 75 Trusted Remote Host Details LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate.
Page 206 Chapter 12 Certificates Table 75 Trusted Remote Host Details (continued) LABEL DESCRIPTION Version This field displays the X.509 version number. Serial Number This field displays the certificate’s identification number given by the device that created the certificate. Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C).
Page 207: The Directory Servers Screens
Chapter 12 Certificates Table 75 Trusted Remote Host Details (continued) LABEL DESCRIPTION Apply Click this to save your changes. You can only change the name of the certificate. Cancel Click this to restore your previously saved settings. 12.5 The Directory Servers Screens This screen displays a summary list of directory servers (that contain lists of valid and revoked certificates) that have been saved into the ZyXEL Device.
Page 208: Directory Server Add And Edit
Chapter 12 Certificates Table 76 Directory Servers LABEL DESCRIPTION Modify Click the Edit icon to open a screen where you can change the information about the directory server. Click the Remove icon to remove the directory server entry. A window displays asking you to confirm that you want to delete the directory server.
Page 209: Certificates Technical Reference
Chapter 12 Certificates Table 77 Directory Server Add and Edit (continued) LABEL DESCRIPTION Login The ZyXEL Device may need to authenticate itself in order to assess the directory server. Type the login name (up to 31 ASCII characters) from the entity maintaining the directory server (usually a certification authority).
Page 210: Private-Public Certificates
Chapter 12 Certificates • Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys. Self-signed Certificates You can have the ZyXEL Device act as a certification authority and sign its own certificates. 12.6.2 Private-Public Certificates When using public-key cryptology for authentication, each host has two keys.
Page 211: Figure 120 Remote Host Certificates
Chapter 12 Certificates Figure 120 Remote Host Certificates 3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 121 Certificate Details 4 Verify (over the phone for example) that the remote host has the same information in the Thumbprint Algorithm and Thumbprint fields.
Page 212: Advanced
Advanced Static Route (211) 802.1Q/1P (215) Quality of Service (QoS) (225) Dynamic DNS Setup (239) Remote Management (243) Universal Plug-and-Play (UPnP) (255)
Page 214: Static Route
H A P T E R Static Route 13.1 Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes.
Page 215: The Static Route Screen
Chapter 13 Static Route 13.2 The Static Route Screen Use this screen to view the static route rules. Click Advanced > Static Route to open the Static Route screen. Figure 123 Advanced > Static Route The following table describes the labels in this screen. Table 78 Advanced >...
Page 216: Static Route Edit
Chapter 13 Static Route 13.2.1 Static Route Edit Use this screen to configure the required information for a static route. Select a static route index number and click Edit. The screen shown next appears. Figure 124 Advanced > Static Route: Edit The following table describes the labels in this screen.
Page 217 Chapter 13 Static Route P-660HN-FxZ Series User’s Guide...
Page 218: Q/1P
H A P T E R 802.1Q/1P 14.1 Overview This chapter describes how to configure the 802.1Q/1P settings. A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks. A VLAN group can be treated as an individual device. Each group can have its own rules about where and how to forward traffic.
Page 219: Q/1P Example
Chapter 14 802.1Q/1P A virtual circuit is a logical point-to-point circuit between customer sites. Permanent means that the circuit is preprogrammed by the carrier as a path through the network. It does not need to be set up or torn down for each session. Forwarding Tagged and Untagged Frames Each port on the device is capable of passing tagged or untagged frames.
Page 220: Figure 127 Advanced > 802.1Q/1P > Group Setting > Edit: Example
Chapter 14 802.1Q/1P 1 Click Advanced > 802.1Q/1P > Group Setting, and then click the Edit button to display the following screen. 2 In the Name field type VoIP to identify the group. 3 In the VLAN ID field type in 2 to identify the VLAN group. 4 Select PVC1 from the Default Gateway drop-down list box.
Page 221: Figure 128 Advanced > 802.1Q/1P > Port Setting: Example
Chapter 14 802.1Q/1P Figure 128 Advanced > 802.1Q/1P > Port Setting: Example Ports 3 and 4 are connected to desktop computers and are used for Internet traffic. You want to create low priority for this type of traffic, so you want to group these ports and PVC2 into one VLAN (VLAN3).
Page 222: The 802.1Q/1P Group Setting Screen
Chapter 14 802.1Q/1P Figure 129 Advanced > 802.1Q/1P > Group Setting: Example This completes the 802.1Q/1P setup. 14.2 The 802.1Q/1P Group Setting Screen Use this screen to activate 802.1Q/1P and display the VLAN groups. Click Advanced > 802.1Q/1P to display the following screen. P-660HN-FxZ Series User’s Guide...
Page 223: Figure 130 Advanced > 802.1Q/1P > Group Setting
Chapter 14 802.1Q/1P Figure 130 Advanced > 802.1Q/1P > Group Setting The following table describes the labels in this screen. Table 80 Advanced > 802.1Q/1P > Group Setting LABEL DESCRIPTION 802.1P/1Q Active Select this check box to activate the 802.1P/1Q feature. Management Vlan Enter the ID number of a VLAN group.
Page 224: Editing 802.1Q/1P Group Setting
Chapter 14 802.1Q/1P Table 80 Advanced > 802.1Q/1P > Group Setting (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 14.2.1 Editing 802.1Q/1P Group Setting Use this screen to configure the settings for each VLAN group. In the 802.1Q/1P screen, click the Edit button from the Modify filed to display the following screen.
Page 225: The 802.1Q/1P Port Setting Screen
Chapter 14 802.1Q/1P Table 81 Advanced > 802.1Q/1P > Group Setting > Edit (continued) LABEL DESCRIPTION Tx Tag Select Tx Tagging if you want the port to tag all outgoing traffic trasmitted through this VLAN. You select this if you want to create VLANs across different devices and not just the ZyXEL Device.
Page 226 Chapter 14 802.1Q/1P Table 82 Advanced > 802.1Q/1P > Port Setting (continued) LABEL DESCRIPTION 802.1P Priority Assign a priority for the traffic transmitted through the port. Select Same if you do not want to modify the priority. You may choose a priority level from 0-7, with 0 being the lowest level and 7 being the highest level.
Page 227 Chapter 14 802.1Q/1P P-660HN-FxZ Series User’s Guide...
Page 228: Quality Of Service (Qos)
H A P T E R Quality of Service (QoS) 15.1 Overview Use the QoS screens to set up your ZyXEL Device to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth.
Page 229: Qos Class Setup Example
Chapter 15 Quality of Service (QoS) CoS technologies include IEEE 802.1p layer 2 tagging and Differentiated Services (DiffServ or DS). IEEE 802.1p tagging makes use of three bits in the packet header, while DiffServ is a new protocol and defines a new DS field, which replaces the eight-bit Type of Service (ToS) field in the IP header.
Page 230: Figure 134 Qos Class Example: Voip -1
Chapter 15 Quality of Service (QoS) Figure 134 QoS Class Example: VoIP -1 Figure 135 QoS Class Example: VoIP -2 P-660HN-FxZ Series User’s Guide...
Page 231: Figure 136 Qos Class Example: Boss -1
Chapter 15 Quality of Service (QoS) Figure 136 QoS Class Example: Boss -1 Figure 137 QoS Class Example: Boss -2 P-660HN-FxZ Series User’s Guide...
Page 232: The Qos General Screen
Chapter 15 Quality of Service (QoS) 15.2 The QoS General Screen Use this screen to enable or disable QoS and have the ZyXEL Device automatically assign priority to traffic according to the IEEE 802.1p priority level, IP precedence and/or packet length.
Page 233: The Class Setup Screen
Chapter 15 Quality of Service (QoS) 15.3 The Class Setup Screen Use this screen to add, edit or delete classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming interface.
Page 234: Figure 140 Advanced > Qos > Class Setup: Edit
Chapter 15 Quality of Service (QoS) Figure 140 Advanced > QoS > Class Setup: Edit P-660HN-FxZ Series User’s Guide...
Page 235: Table 85 Advanced > Qos > Class Setup: Edit
Chapter 15 Quality of Service (QoS) Appendix E on page 371 for a list of commonly-used services. The following table describes the labels in this screen. Table 85 Advanced > QoS > Class Setup: Edit LABEL DESCRIPTION Class Configuration Active Select the check box to enable this classifier.
Page 236 Chapter 15 Quality of Service (QoS) Table 85 Advanced > QoS > Class Setup: Edit (continued) LABEL DESCRIPTION Port Select the check box and enter the port number of the source. 0 means any source port number. See Appendix E on page 371 for some common services and port numbers.
Page 237: The Qos Monitor Screen
Chapter 15 Quality of Service (QoS) Table 85 Advanced > QoS > Class Setup: Edit (continued) LABEL DESCRIPTION Ethernet Priority Select this option and select a priority level (between 0 and 7) from the drop down list box. "0" is the lowest priority level and "7" is the highest. VLAN ID Select this option and specify a VLAN ID number between 2 and 4094.
Page 238: Qos Technical Reference
Chapter 15 Quality of Service (QoS) Table 86 Advanced > QoS > Monitor (continued) LABEL DESCRIPTION Set Interval Click this to apply the new poll interval you entered in the Poll Interval(s) field. Stop Click this to stop refreshing statistics. 15.5 QoS Technical Reference This section provides some technical background information about the topics covered in this chapter.
Page 239: Diffserv
Chapter 15 Quality of Service (QoS) 15.5.3 DiffServ QoS is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types. Differentiated Services (DiffServ) is a Class of Service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow.
Page 240 Chapter 15 Quality of Service (QoS) Table 88 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3 PRIORITY IEEE 802.1P USER QUEUE PRIORITY TOS (IP IP PACKET DSCP (ETHERNET PRECEDENCE) LENGTH (BYTE) PRIORITY) 001110 250~1100 001100 001010 001000 010110 010100 010010 010000...
Page 241 Chapter 15 Quality of Service (QoS) P-660HN-FxZ Series User’s Guide...
Page 242: Dynamic Dns Setup
H A P T E R Dynamic DNS Setup 16.1 Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 243: Figure 142 Advanced > Dynamic Dns
Chapter 16 Dynamic DNS Setup Figure 142 Advanced > Dynamic DNS The following table describes the fields in this screen. Table 89 Advanced > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider.
Page 244 Chapter 16 Dynamic DNS Setup Table 89 Advanced > Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this option only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. This feature has the DDNS server automatically detect IP detect and use the IP address of the NAT router that has a public IP address.
Page 245 Chapter 16 Dynamic DNS Setup P-660HN-FxZ Series User’s Guide...
Page 246: Remote Management
H A P T E R Remote Management 17.1 Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. The following figure shows remote management of the ZyXEL Device coming in from the WAN.
Page 247: What You Can Do In The Remote Management Screens
Chapter 17 Remote Management 1 Telnet 2 HTTP 17.1.1 What You Can Do in the Remote Management Screens • Use the WWW screen (Section 17.2 on page 245) to configure through which interface(s) and from which IP address(es) users can use HTTP to manage the ZyXEL Device. •...
Page 248: The Www Screen
Chapter 17 Remote Management 17.2 The WWW Screen Use this screen to specify how to connect to the ZyXEL Device from a web browser, such as Internet Explorer. 17.2.1 WWW and HTTPS HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages.
Page 249: Configuring The Www Screen
Chapter 17 Remote Management 17.2.2 Configuring the WWW Screen Click Advanced > Remote MGMT to display the WWW screen. Figure 145 Advanced > Remote Management > WWW The following table describes the labels in this screen. Table 90 Advanced > Remote Management > WWW LABEL DESCRIPTION Port...
Page 250: The Telnet Screen
Chapter 17 Remote Management Table 90 Advanced > Remote Management > WWW LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Page 251: The Ftp Screen
Chapter 17 Remote Management 17.4 The FTP Screen You can use FTP (File Transfer Protocol) to upload and download the ZyXEL Device’s firmware and configuration files. Please see the User’s Guide chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client.
Page 252: Figure 148 Snmp Management Model
Chapter 17 Remote Management SNMP is only available if TCP/IP is configured. Figure 148 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device).
Page 253: Supported Mibs
Chapter 17 Remote Management 17.5.1 Supported MIBs The ZyXEL Device supports MIB II, which is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 17.5.2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 93 SNMP Traps...
Page 254: Figure 149 Advanced > Remote Management > Snmp
Chapter 17 Remote Management Figure 149 Advanced > Remote Management > SNMP The following table describes the labels in this screen. Table 94 Advanced > Remote Management > SNMP LABEL DESCRIPTION SNMP Port You may change the server port number for a service, if needed. However, you must use the same port number in order to use that service for remote management.
Page 255: The Dns Screen
Chapter 17 Remote Management 17.6 The DNS Screen Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 6 on page 89 for background information. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS settings.
Page 256: Figure 151 Advanced > Remote Management > Icmp
Chapter 17 Remote Management If you want your device to respond to pings and requests for unauthorized services, you may also need to configure the firewall anti probing settings to match. Figure 151 Advanced > Remote Management > ICMP The following table describes the labels in this screen. Table 96 Advanced >...
Page 257 Chapter 17 Remote Management P-660HN-FxZ Series User’s Guide...
Page 258: Universal Plug-And-Play (Upnp)
H A P T E R Universal Plug-and-Play (UPnP) 18.1 Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 259: The Upnp Screen
Chapter 18 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Page 260: Installing Upnp In Windows Example
Chapter 18 Universal Plug-and-Play (UPnP) Table 97 Advanced > UPnP > General LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 18.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me.
Page 261: Figure 154 Add/Remove Programs: Windows Setup: Communication: Components
Chapter 18 Universal Plug-and-Play (UPnP) Figure 154 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
Page 262: Figure 156 Windows Optional Networking Components Wizard
Chapter 18 Universal Plug-and-Play (UPnP) Figure 156 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 157 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Page 263: Using Upnp In Windows Xp Example
Chapter 18 Universal Plug-and-Play (UPnP) 18.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device.
Page 264: Figure 159 Internet Connection Properties
Chapter 18 Universal Plug-and-Play (UPnP) Figure 159 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. P-660HN-FxZ Series User’s Guide...
Page 265: Figure 160 Internet Connection Properties: Advanced Settings
Chapter 18 Universal Plug-and-Play (UPnP) Figure 160 Internet Connection Properties: Advanced Settings Figure 161 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 266: Figure 162 System Tray Icon
Chapter 18 Universal Plug-and-Play (UPnP) Figure 162 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 163 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first.
Page 267: Figure 164 Network Connections
Chapter 18 Universal Plug-and-Play (UPnP) Figure 164 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-660HN-FxZ Series User’s Guide...
Page 268: Figure 165 Network Connections: My Network Places
Chapter 18 Universal Plug-and-Play (UPnP) Figure 165 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 166 Network Connections: My Network Places: Properties: Example P-660HN-FxZ Series User’s Guide...
Page 269 Chapter 18 Universal Plug-and-Play (UPnP) P-660HN-FxZ Series User’s Guide...
Page 270: Maintenance
Maintenance System Settings (269) Logs (275) Tools (287) Diagnostic (299)
Page 272: System Settings
H A P T E R System Settings 19.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 19.1.1 What You Can Do in the System Settings Screens •...
Page 273: Figure 167 Maintenance > System > General
Chapter 19 System Settings • In Windows XP, click start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the ZyXEL Device System Name. Click Maintenance >...
Page 274: The Time Setting Screen
Chapter 19 System Settings Table 98 Maintenance > System > General LABEL DESCRIPTION Retype to Type the new password again for confirmation. confirm Admin Password Type the default password or the existing password you use to access the system in Password this field.
Page 275: Table 99 Maintenance > System > Time Setting
Chapter 19 System Settings The following table describes the fields in this screen. Table 99 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server.
Page 276 Chapter 19 System Settings Table 99 Maintenance > System > Time Setting (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the second Sunday of March.
Page 277 Chapter 19 System Settings P-660HN-FxZ Series User’s Guide...
Page 278: Logs
H A P T E R Logs 20.1 Overview This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Page 279: The Log Settings Screen
Chapter 20 Logs Figure 169 Maintenance > Logs > View Log The following table describes the fields in this screen. Table 100 Maintenance > Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box.
Page 280: Figure 170 Maintenance > Logs > Log Settings
Chapter 20 Logs Figure 170 Maintenance > Logs > Log Settings The following table describes the fields in this screen. Table 101 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 281: Smtp Error Messages
Chapter 20 Logs Table 101 Maintenance > Logs > Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full •...
Page 282: Example E-Mail Log
Chapter 20 Logs 20.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail. • You may edit the subject title. •...
Page 283: Table 104 System Error Logs
Chapter 20 Logs Table 103 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Someone has failed to log on to the router via telnet. TELNET login failed Someone has logged on to the router via ftp. Successful FTP login Someone has failed to log on to the router via ftp. FTP login failed The maximum number of NAT session table entries has been NAT Session Table is Full!
Page 284: Table 105 Access Control Logs
Chapter 20 Logs Table 105 Access Control Logs LOG MESSAGE DESCRIPTION Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access Firewall default policy: [ TCP | matched the default policy and was blocked or forwarded UDP | IGMP | ESP | GRE | OSPF ] according to the default policy’s setting. <Packet Direction>...
Page 285: Table 107 Packet Filter Logs
Chapter 20 Logs Table 107 Packet Filter Logs LOG MESSAGE DESCRIPTION Attempted access matched a configured filter rule (denoted [ TCP | UDP | ICMP | IGMP | by its set and rule number) and was blocked or forwarded Generic ] packet filter according to the rule.
Page 286: Table 111 Upnp Logs
Chapter 20 Logs Table 110 PPP Logs (continued) LOG MESSAGE DESCRIPTION The PPP connection’s Internet Protocol Control Protocol stage is starting. ppp:IPCP Starting The PPP connection’s Internet Protocol Control Protocol stage is opening. ppp:IPCP Opening The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing.
Page 287: Table 114 802.1X Logs
Chapter 20 Logs Table 113 Attack Logs (continued) LOG MESSAGE DESCRIPTION The firewall detected a TCP NetBIOS attack. NetBIOS TCP The firewall classified a packet with no source routing entry as an ip spoofing - no routing IP spoofing attack. entry [ TCP | UDP | IGMP | ESP | GRE | OSPF ] The firewall classified an ICMP packet with no source routing...
Page 288: Table 116 Icmp Notes
Chapter 20 Logs Table 116 ICMP Notes TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space...
Page 289: Table 117 Syslog Logs
Chapter 20 Logs Table 117 Syslog Logs LOG MESSAGE DESCRIPTION "This message is sent by the system ("RAS" displays as <Facility*8 + Severity>Mon dd the system name if you haven’t configured one) when the hr:mm:ss hostname router generates a syslog. The facility is defined in the web src="<srcIP:srcPort>"...
Page 290: Tools
H A P T E R Tools 21.1 Overview This chapter explains how to upload new firmware, manage configuration files and restart your ZyXEL Device. Use the instructions in this chapter to change the device’s configuration file or upgrade its firmware.
Page 291: Before You Begin
Chapter 21 Tools ZyNOS (ZyXEL Network Operating System sometimes referred to as the “ras” file) is the system firmware and has a “bin” filename extension. Find this firmware at www.zyxel.com.With many FTP and TFTP clients, the filenames are similar to those seen next.
Page 292: Tool Examples
Chapter 21 Tools 21.1.4 Tool Examples Using FTP or TFTP to Restore Configuration This example shows you how to restore a previously saved configuration. Note that this function erases the current configuration before restoring a previous back up configuration; please do not attempt to restore unless you have a backup configuration file stored on disk. FTP is the preferred method for restoring your current computer configuration to your device since FTP is faster.
Page 293: Figure 173 Ftp Session Example Of Firmware File Upload
Chapter 21 Tools 2 Enter “open”, followed by a space and the IP address of your device. 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested (the default is “1234”). 5 Enter “bin” to set transfer mode to binary. 6 Use “put”...
Page 294: Figure 174 Ftp Session Example
Chapter 21 Tools 4 Use the TFTP client (see the example below) to transfer files between the device and the computer. The file name for the firmware is “ras”. Note that the telnet connection must be active and the device in CI mode before and during the TFTP transfer.
Page 295: Table 120 General Commands For Gui-Based Ftp Clients
Chapter 21 Tools Configuration Backup Using GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 120 General Commands for GUI-based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server. Login Type Anonymous.
Page 296: The Firmware Screen
Chapter 21 Tools Configuration Backup Using GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 121 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyXEL Device. 192.168.1.1 is the ZyXEL Device’s default IP address when shipped.
Page 297: Figure 176 Firmware Upload In Progress
Chapter 21 Tools The following table describes the labels in this screen. Table 122 Maintenance > Tools > Firmware LABEL DESCRIPTION Current This is the present Firmware version and the date created. Firmware Version File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.
Page 298: The Configuration Screen
Chapter 21 Tools Figure 178 Error Message 21.3 The Configuration Screen Section 21.1.4 on page 289 for transferring configuration files using FTP/TFTP commands. Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next. Figure 179 Maintenance >...
Page 299: Figure 180 Configuration Upload Successful
Chapter 21 Tools Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 123 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse...
Page 300: The Restart Screen
Chapter 21 Tools Figure 182 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears. Figure 183 Reset Warning Message Figure 184 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device.
Page 301: Figure 185 Maintenance > Tools >Restart
Chapter 21 Tools Figure 185 Maintenance > Tools >Restart P-660HN-FxZ Series User’s Guide...
Page 302: Diagnostic
H A P T E R Diagnostic 22.1 Overview These read-only screens display information to help you identify problems with the ZyXEL Device. 22.1.1 What You Can Do in the Diagnostic Screens • Use the General Diagnostic screen (Section 22.2 on page 299) to ping an IP address.
Page 303: The Dsl Line Diagnostic Screen
Chapter 22 Diagnostic The following table describes the fields in this screen. Table 124 Maintenance > Diagnostic > General LABEL DESCRIPTION TCP/IP Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this to ping the IP address that you entered.
Page 304: Table 125 Maintenance > Diagnostic > Dsl Line
Chapter 22 Diagnostic The following table describes the fields in this screen. Table 125 Maintenance > Diagnostic > DSL Line LABEL DESCRIPTION ATM Status Click this to view your DSL connection’s Asynchronous Transfer Mode (ATM) statistics. ATM is a networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells.
Page 305 Chapter 22 Diagnostic Table 125 Maintenance > Diagnostic > DSL Line (continued) LABEL DESCRIPTION Reset ADSL Click this to reinitialize the ADSL line. The large text box above then displays the Line progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W...
Page 306: Troubleshooting And Specifications
Troubleshooting and Specifications Product Specifications (305) Troubleshooting (313)
Page 308: Product Specifications
H A P T E R Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. 23.1 Hardware Specifications Table 126 Hardware Specifications Dimensions (362 W) x (200 D) x (110 H) mm Weight 365 g Power Specification 12VDC 1A Built-in Switch Four auto-negotiating, auto MDI/MDI-X 10/100 Mbps RJ-45 Ethernet ports...
Page 309: Table 127 Firmware Specifications
Chapter 23 Product Specifications Table 127 Firmware Specifications (continued) Static Routes Device Management Use the web configurator to easily configure the rich range of features on the ZyXEL Device. Wireless Functionality Allow the IEEE 802.11b, IEEE 802.11g and/or IEEE 802.11n wireless clients to connect to the ZyXEL Device wirelessly.
Page 310 Chapter 23 Product Specifications Table 127 Firmware Specifications (continued) Any IP The Any IP feature allows a computer to access the Internet and the ZyXEL Device without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the ZyXEL Device are not in the same subnet.
Page 311: Wireless Features
Chapter 23 Product Specifications Table 127 Firmware Specifications (continued) Other Protocol Support PPP (Point-to-Point Protocol) link layer protocol IP routing Transparent bridging for unsupported network layer protocols RIP I/RIP II ICMP ATM QoS SNMP v1 and v2c with MIB II support (RFC 1213) IP Multicasting IGMP v1, v2 and v3 IGMP Proxy 802.1Q/1P...
Page 312: Table 129 Standards Supported
Chapter 23 Product Specifications Table 128 Wireless Features WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) allows you to prioritize wireless traffic according to the delivery requirements of individual services. Other Wireless Features IEEE 802.11n Compliance Frequency Range: 2.4 GHz ISM Band Auto channel selection Advanced Orthogonal Frequency Division Multiplexing (OFDM) Data Rates: 54Mbps, 11Mbps, 5.5Mbps, 2Mbps, and 1 Mbps Auto...
Page 313: Power Adaptor Specifications
Chapter 23 Product Specifications Table 129 Standards Supported (continued) STANDARD DESCRIPTION IEEE 802.11 Also known by the brand Wi-Fi, denotes a set of Wireless LAN/WLAN standards developed by working group 11 of the IEEE LAN/MAN Standards Committee (IEEE 802). IEEE 802.11b Uses the 2.4 gigahertz (GHz) band IEEE 802.11g Uses the 2.4 gigahertz (GHz) band...
Page 314 Chapter 23 Product Specifications Table 130 ZyXEL Device Series Power Adaptor Specifications (continued) Input Power AC 230Volts/50Hz Output Power DC 12Volts/1.0A Power Consumption 8.3 Watt max Safety Standards CE, GS or TUV, EN60950-1 P-660HN-FxZ Series User’s Guide...
Page 315 Chapter 23 Product Specifications P-660HN-FxZ Series User’s Guide...
Page 316: Troubleshooting
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access 24.1 Power, Hardware Connections, and LEDs The ZyXEL Device does not turn on.
Page 317: Zyxel Device Access And Login
Chapter 24 Troubleshooting 24.2 ZyXEL Device Access and Login I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer.
Page 318 Chapter 24 Troubleshooting 5 Reset the device to its factory defaults, and try to access the ZyXEL Device with the default IP address. See Section 1.6 on page 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.
Page 319: Internet Access
Chapter 24 Troubleshooting 24.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page 2 Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on.
Page 320 VIII Appendices and Index The appendices provide general information. Some details may not apply to your ZyXEL Device. Setting up Your Computer’s IP Address (319) Pop-up Windows, JavaScripts and Java Permissions (341) IP Addresses and Subnetting (349) Wireless LANs (357) Services (371) Internal SPTGEN (375) Legal Information (399)
Page 322: Appendix A Setting Up Your Computer's Ip Address
P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP/Vista, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 323: Figure 188 Windows 95/98/Me: Network: Configuration
Appendix A Setting up Your Computer’s IP Address Figure 188 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 324: Figure 189 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
Appendix A Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. •...
Page 325: Figure 190 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
Appendix A Setting up Your Computer’s IP Address Figure 190 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Page 326: Figure 191 Windows Xp: Start Menu
Appendix A Setting up Your Computer’s IP Address Figure 191 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 192 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-660HN-FxZ Series User’s Guide...
Page 327: Figure 193 Windows Xp: Control Panel: Network Connections: Properties
Appendix A Setting up Your Computer’s IP Address Figure 193 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 194 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 328: Figure 195 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Appendix A Setting up Your Computer’s IP Address Figure 195 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 329: Figure 196 Windows Xp: Advanced Tcp/Ip Properties
Appendix A Setting up Your Computer’s IP Address Figure 196 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 330: Figure 197 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Appendix A Setting up Your Computer’s IP Address Figure 197 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.
Page 331: Figure 198 Windows Vista: Start Menu
Appendix A Setting up Your Computer’s IP Address Figure 198 Windows Vista: Start Menu 2 In the Control Panel, double-click Network and Internet. Figure 199 Windows Vista: Control Panel 3 Click Network and Sharing Center. Figure 200 Windows Vista: Network And Internet 4 Click Manage network connections.
Page 332: Figure 202 Windows Vista: Network And Sharing Center
Appendix A Setting up Your Computer’s IP Address 5 Right-click Local Area Connection and then click Properties. During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 202 Windows Vista: Network and Sharing Center 6 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Page 333: Figure 204 Windows Vista: Internet Protocol Version 4 (Tcp/Ipv4) Properties
Appendix A Setting up Your Computer’s IP Address 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields.
Page 334: Figure 205 Windows Vista: Advanced Tcp/Ip Properties
Appendix A Setting up Your Computer’s IP Address Figure 205 Windows Vista: Advanced TCP/IP Properties 9 In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 335: Figure 206 Windows Vista: Internet Protocol Version 4 (Tcp/Ipv4) Properties
Appendix A Setting up Your Computer’s IP Address Figure 206 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window. 11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window.
Page 336: Figure 207 Macintosh Os 8/9: Apple Menu
Appendix A Setting up Your Computer’s IP Address Figure 207 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 208 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: •...
Page 337: Figure 209 Macintosh Os X: Apple Menu
Appendix A Setting up Your Computer’s IP Address • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel.
Page 338: Figure 210 Macintosh Os X: Network
Appendix A Setting up Your Computer’s IP Address Figure 210 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 339: Figure 211 Red Hat 9.0: Kde: Network Configuration: Devices
Appendix A Setting up Your Computer’s IP Address Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 340: Figure 213 Red Hat 9.0: Kde: Network Configuration: Dns
Appendix A Setting up Your Computer’s IP Address • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Page 341: Figure 215 Red Hat 9.0: Dynamic Ip Address Setting In Ifconfig-Eth0
Appendix A Setting up Your Computer’s IP Address Figure 215 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter in the field. Type static BOOTPROTO= = followed by the IP address (in dotted decimal notation) and type IPADDR NETMASK...
Page 342: Figure 219 Red Hat 9.0: Checking Tcp/Ip Properties
Appendix A Setting up Your Computer’s IP Address Verifying Settings Enter in a terminal screen to check your TCP/IP properties. ifconfig Figure 219 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1...
Page 343 Appendix A Setting up Your Computer’s IP Address P-660HN-FxZ Series User’s Guide...
Page 344: Appendix B Pop-Up Windows, Javascript And Java Permissions
P P E N D I X Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 345: Figure 221 Internet Options: Privacy
Appendix B Pop-up Windows, JavaScript and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 221 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Page 346: Figure 222 Internet Options: Privacy
Appendix B Pop-up Windows, JavaScript and Java Permissions Figure 222 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 223 Pop-up Blocker Settings P-660HN-FxZ Series User’s Guide...
Page 347: Figure 224 Internet Options: Security
Appendix B Pop-up Windows, JavaScript and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed.
Page 348: Figure 225 Security Settings - Java Scripting
Appendix B Pop-up Windows, JavaScript and Java Permissions Figure 225 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Page 349: Figure 227 Java (Sun)
Appendix B Pop-up Windows, JavaScript and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 227 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here.
Page 350: Figure 228 Mozilla Firefox: Tools > Options
Appendix B Pop-up Windows, JavaScript and Java Permissions Figure 228 Mozilla Firefox: Tools > Options Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 229 Mozilla Firefox Content Security P-660HN-FxZ Series User’s Guide...
Page 351 Appendix B Pop-up Windows, JavaScript and Java Permissions P-660HN-FxZ Series User’s Guide...
Page 352: Appendix C Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 353: Figure 230 Network Number And Host Id
Appendix C IP Addresses and Subnetting Figure 230 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 354: Table 132 Subnet Masks
Appendix C IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 132 Subnet Masks BINARY DECIMAL 4TH OCTET OCTET...
Page 355: Figure 231 Subnetting Example: Before Subnetting
Appendix C IP Addresses and Subnetting Table 134 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.192 1100 0000 255.255.255.224 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 356: Figure 232 Subnetting Example: After Subnetting
Appendix C IP Addresses and Subnetting Figure 232 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 357: Table 136 Subnet 2
Appendix C IP Addresses and Subnetting Table 136 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 137 Subnet 3...
Page 358: Table 140 24-Bit Network Number Subnet Planning
Appendix C IP Addresses and Subnetting Table 139 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 140 24-bit Network Number Subnet Planning NO.
Page 359: Table 141 16-Bit Network Number Subnet Planning
Appendix C IP Addresses and Subnetting Table 141 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Page 360: Appendix D Wireless Lans
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Page 361: Figure 234 Basic Service Set
Appendix D Wireless LANs Figure 234 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 362: Figure 235 Infrastructure Wlan
Appendix D Wireless LANs Figure 235 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference.
Page 363 Appendix D Wireless LANs Figure 236 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 364: Table 142 Ieee 802.11G
Appendix D Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver.
Page 365: Table 143 Wireless Security Levels
Appendix D Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
Page 366 Appendix D Wireless LANs Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Page 367 Appendix D Wireless LANs For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.
Page 368: Table 144 Comparison Of Eap Authentication Types
Appendix D Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen.
Page 369 Appendix D Wireless LANs Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP.
Page 370: Figure 237 Wpa(2) With Radius Application Example
Appendix D Wireless LANs Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client.
Page 371: Figure 238 Wpa(2)-Psk Authentication
Appendix D Wireless LANs 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys.
Page 372: Antenna Overview
Appendix D Wireless LANs Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN.
Page 373 Appendix D Wireless LANs Positioning Antennas In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. For omni-directional antennas mounted on a table, desk, and so on, point the antenna up.
Page 374: Table 146 Examples Of Services
P P E N D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
Page 375: Appendix E Services
Appendix E Services Table 146 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION H.323 1720 NetMeeting uses this protocol. HTTP Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce.
Page 376 Appendix E Services Table 146 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION PPTP_TUNNEL User-Defined PPTP (Point-to-Point Tunneling Protocol) (GRE) enables secure transfer of data over public networks. This is the data channel. RCMD Remote Command Service. REAL_AUDIO 7070 A streaming audio service that enables real time sound over the web.
Page 377 Appendix E Services Table 146 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution.
Page 378: Appendix F Internal Sptgen
P P E N D I X Internal SPTGEN Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual screens for each ZyXEL Device.
Page 379: Figure 240 Invalid Parameter Entered: Command Line Example
Appendix F Internal SPTGEN Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space. Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 239 on page 375), then you disable every field in this menu.
Page 380: Figure 242 Internal Sptgen Ftp Download Example
Appendix F Internal SPTGEN Figure 242 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp>...
Page 381: Table 148 Menu 1 General Setup
Appendix F Internal SPTGEN Table 147 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device. The following are the Internal SPTGEN menus. Table 148 Menu 1 General Setup / Menu 1 General Setup INPUT...
Page 382 Appendix F Internal SPTGEN Table 149 Menu 3 30200002 = Client IP Pool Starting Address 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.0.0.0 30200005 = Secondary DNS Server = 0.0.0.0 30200006 = Remote DHCP Server = 0.0.0.0 30200008 =...
Page 383 Appendix F Internal SPTGEN Table 149 Menu 3 30201011 = IP Alias #1 Outgoing protocol filters = 256 Set 2 30201012 = IP Alias #1 Outgoing protocol filters = 256 Set 3 30201013 = IP Alias #1 Outgoing protocol filters = 256 Set 4 30201014 =...
Page 384: Table 150 Menu 4 Internet Access Setup
Appendix F Internal SPTGEN Table 149 Menu 3 30500007 = Default Key <1|2|3|4> = 0 30500008 = WEP Key1 30500009 = WEP Key2 30500010 = WEP Key3 30500011 = WEP Key4 <0(Disable) | 30500012 = Wlan Active 1(Enable)> */ MENU 3.5.1 WLAN MAC ADDRESS FILTER INPUT 30501001 = Mac Filter Active...
Page 385 Appendix F Internal SPTGEN Table 150 Menu 4 Internet Access Setup (continued) 40000006 = VPI # 40000007 = VCI # = 35 40000008 = Service Name <Str> = any 40000009 = My Login <Str> = test@pqa 40000010 = My Password <Str>...
Page 386 Appendix F Internal SPTGEN Table 151 Menu 12 / Menu 12.1.1 IP Static Route Setup INPUT 120101001 = IP Static Route set #1, Name <Str> 120101002 = IP Static Route set #1, Active <0(No) |1(Yes)> 120101003 = IP Static Route set #1, Destination = 0.0.0.0 IP address 120101004 =...
Page 387: Table 151 Menu 12
Appendix F Internal SPTGEN Table 151 Menu 12 (continued) 120104005 = IP Static Route set #4, Gateway = 0.0.0.0 120104006 = IP Static Route set #4, Metric 120104007 = IP Static Route set #4, Private <0(No) |1(Yes)> / Menu 12.1.5 IP Static Route Setup INPUT 120105001 = IP Static Route set #5, Name...
Page 388 Appendix F Internal SPTGEN Table 151 Menu 12 (continued) 120108004 = IP Static Route set #8, Destination IP subnetmask 120108005 = IP Static Route set #8, Gateway = 0.0.0.0 120108006 = IP Static Route set #8, Metric 120108007 = IP Static Route set #8, Private <0(No) |1(Yes)>...
Page 389 Appendix F Internal SPTGEN Table 151 Menu 12 (continued) 120112003 = IP Static Route set #12, Destination = 0.0.0.0 IP address 120112004 = IP Static Route set #12, Destination IP subnetmask 120112005 = IP Static Route set #12, Gateway = 0.0.0.0 120112006 = IP Static Route set #12, Metric 120112007 =...
Page 390: Table 152 Menu 15 Sua Server Setup
Appendix F Internal SPTGEN Table 151 Menu 12 (continued) 120116001 = IP Static Route set #16, Name <Str> 120116002 = IP Static Route set #16, Active <0(No) |1(Yes)> 120116003 = IP Static Route set #16, Destination = 0.0.0.0 IP address 120116004 = IP Static Route set #16, Destination IP subnetmask...
Page 391 Appendix F Internal SPTGEN Table 152 Menu 15 SUA Server Setup (continued) 150000023 = SUA Server #6 Protocol <0(All)|6(TCP)|17(U DP)> 150000024 = SUA Server #6 Port Start 150000025 = SUA Server #6 Port End 150000026 = SUA Server #6 Local IP address = 0.0.0.0 150000027 = SUA Server #7 Active...
Page 392: Table 153 Menu 21.1 Filter Set #1
Appendix F Internal SPTGEN Table 153 Menu 21.1 Filter Set #1 / Menu 21 Filter set #1 INPUT 210100001 = Filter Set 1, Name <Str> / Menu 21.1.1.1 set #1, rule #1 INPUT 210101001 = IP Filter Set 1,Rule 1 Type <2(TCP/IP)>...
Page 393 Appendix F Internal SPTGEN Table 153 Menu 21.1 Filter Set #1 (continued) 210102009 = IP Filter Set 1,Rule 2 Src Subnet Mask 210102010 = IP Filter Set 1,Rule 2 Src Port 210102011 = IP Filter Set 1,Rule 2 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4(...
Page 394 Appendix F Internal SPTGEN Table 153 Menu 21.1 Filter Set #1 (continued) 210104005 = IP Filter Set 1,Rule 4 Dest Subnet Mask 210104006 = IP Filter Set 1,Rule 4 Dest Port = 137 210104007 = IP Filter Set 1,Rule 4 Dest Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4(...
Page 395: Table 154 Menu 21.1 Filer Set #2
Appendix F Internal SPTGEN Table 153 Menu 21.1 Filter Set #1 (continued) / Menu 21.1.1.6 set #1, rule #6 INPUT 210106001 = IP Filter Set 1,Rule 6 Type <2(TCP/IP)> 210106002 = IP Filter Set 1,Rule 6 Active <0(No)|1(Yes)> 210106003 = IP Filter Set 1,Rule 6 Protocol = 17 210106004 =...
Page 396 Appendix F Internal SPTGEN Table 154 Menu 21.1 Filer Set #2 (continued) 210201007 = IP Filter Set 2, Rule 1 Dest Port <0(none)|1(equal)| Comp 2(not equal)|3(less)|4(g reater)> 210201008 = IP Filter Set 2, Rule 1 Src IP = 0.0.0.0 address 210201009 = IP Filter Set 2, Rule 1 Src Subnet Mask...
Page 397 Appendix F Internal SPTGEN Table 154 Menu 21.1 Filer Set #2 (continued) 210202014 = IP Filter Set 2, Rule 2 Act Not <1(check Match next)|2(forward)|3 (drop)> / Menu 21.1.2.3 Filter set #2, rule #3 INPUT 210203001 = IP Filter Set 2, Rule 3 Type <0(none)|2(TCP/ IP)>...
Page 398 Appendix F Internal SPTGEN Table 154 Menu 21.1 Filer Set #2 (continued) 210204007 = IP Filter Set 2, Rule 4 Dest Port <0(none)|1(equal)| Comp 2(not equal)|3(less)|4(g reater)> 210204008 = IP Filter Set 2, Rule 4 Src IP = 0.0.0.0 address 210204009 = IP Filter Set 2, Rule 4 Src Subnet Mask...
Page 399: Table 155 Menu 23 System Menus
Appendix F Internal SPTGEN Table 154 Menu 21.1 Filer Set #2 (continued) 210205014 = IP Filter Set 2, Rule 5 Act Not <1(check Match next)|2(forward)|3 (drop)> / Menu 21.1.2.6 Filter set #2, rule #6 INPUT 210206001 = IP Filter Set 2, Rule 6 Type <0(none)|2(TCP/ IP)>...
Page 400: Table 156 Menu 24.11 Remote Management Control
Appendix F Internal SPTGEN Table 155 Menu 23 System Menus (continued) INPUT 230000000 = System Password = 1234 Table 156 Menu 24.11 Remote Management Control / Menu 24.11 Remote Management Control INPUT 241100001 = TELNET Server Port = 23 241100002 = TELNET Server Access <0(all)|1(none)|2( Lan)|3(Wan)>...
Page 401 Appendix F Internal SPTGEN P-660HN-FxZ Series User’s Guide...
Page 402: Appendix G Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 403 Appendix G Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.
Page 404: Zyxel Limited Warranty
Appendix G Legal Information Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page.
Page 405 Appendix G Legal Information P-660HN-FxZ Series User’s Guide...
Page 406: Appendix H Customer Support
• Sales E-mail: sales@zyxel.com.tw • Telephone: +886-3-578-3942 • Fax: +886-3-578-2439 • Web: www.zyxel.com • Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, Taiwan China - ZyXEL Communications (Beijing) Corp. • Support E-mail: cso.zycn@zyxel.cn • Sales E-mail: sales@zyxel.cn •...
Page 407 Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 • Fax: +420-241-091-359 • Web: www.zyxel.cz • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk •...
Page 408 Appendix H Customer Support Germany • Support E-mail: support@zyxel.de • Sales E-mail: sales@zyxel.de • Telephone: +49-2405-6909-69 • Fax: +49-2405-6909-99 • Web: www.zyxel.de • Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen, Germany Hungary • Support E-mail: support@zyxel.hu • Sales E-mail: info@zyxel.hu •...
Page 409 • Support Telephone: +1-800-978-7222 • Sales E-mail: sales@zyxel.com • Sales Telephone: +1-714-632-0882 • Fax: +1-714-632-0858 • Web: www.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
Page 410 • Support E-mail: support@zyxel.es • Sales E-mail: sales@zyxel.es • Telephone: +34-902-195-420 • Fax: +34-913-005-345 • Web: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 •...
Page 411 • Sales E-mail: sales@zyxel.co.uk • Telephone: +44-1344-303044, 0845 122 0301 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) P-660HN-FxZ Series User’s Guide...
Page 412: Index
Index Index Numerics firewalls algorithm, certificates 193, 198 MD5 fingerprint 193, 199, 203 802.11 mode remote hosts 802.1Q/1P SHA1 fingerprint 194, 199, 203 activation alternative subnet mask notation example antenna group settings directional management VLAN gain port settings omni-directional priority 215, 223 anti-probing Any IP...
Page 413 Index client list 186, 190, 364 algorithm Command Line Interface, see CLI enrollment protocols compatibility, WDS property configuration trusted 194, 196 backup 291, 292, 295 74, 80, 86 classifiers DHCP Certificate Authority directory servers See CA. file Certificate Management Protocol, see CMP firewalls 156, 159, 164 certificates...
Page 414 Index Denials of Service, see DoS trusted CA DHCP 90, 94, 99, 269 Extended Service Set, See ESS diagnostic Differentiated Services, see DiffServ DiffServ DiffServ Code Point, see DSCP directory servers configuration factory default certificate LDAP fail tolerance login FCC interference statement disclaimer filters 72, 90, 94, 99, 252...
Page 415 Index upgrading Independent Basic Service Set version See IBSS forwarding ports 136, 137 initialization vector (IV) activation Inside Global Address, see IGA configuration Inside Local Address, see ILA example internal SPTGEN rules FTP upload example fragmentation threshold 114, 123, 360 points to remember 34, 248 text file...
Page 416 Index e-mail example error messages global example firewalls generic filters inside protocol filters local schedules outside settings packet filtering port forwarding 136, 137 activation configuration example rules MAC address 96, 115 remote management filter 106, 108, 114, 124 SIP ALG activation MAC address filter 136, 137...
Page 417 Index port forwarding 136, 137 activation configuration RADIUS example message types rules messages PPPoA 72, 77, 83 shared secret key PPPoE 72, 77, 82 RADIUS server passthrough reauthentication, WPA preamble 114, 123 redirecting traffic 82, 86 preamble mode registration pre-shared key product Privacy Enhanced Mail, see PEM related documentation...
Page 418 Index content filtering subnet firewalls subnet mask 90, 99, 350 logs subnetting wireless LAN Sustain Cell Rate, see SCR 74, 80, 85 syntax conventions security system network backing up configuration wireless LAN 108, 124 backup configuration Service Set IDentifier, see SSID factory default certificate Session Initiation Protocol, see SIP firmware...
Page 419 Index 195, 197, 199 fail tolerance exporting ICMP importing metric 82, 84 MD5 fingerprint traffic redirect 82, 86 SHA1 fingerprint encapsulation 69, 72, 77 IGMP IP address 70, 72, 78, 84 mode 72, 77 modulation 74, 80 multicast 70, 74, 79 74, 80, 86 multiplexing 72, 78, 83...
Page 420 Index MBSSID application example preamble 114, 123 WPA-PSK 110, 126, 365, 366 application example activation pre-shared key RADIUS server 117, 128, 130 RTS/CTS threshold 114, 123 activation scheduling adding stations security example SSID 106, 108, 116, 124 limitations activation 117, 118, 129 status example 119, 127...
Page 421 Index P-660HN-FxZ Series User’s Guide...