Page 1 P-660HW-Tx v3 Series 802.11g Wireless ADSL2+ 4-port Gateway Default Login Details IP Address http://192.168.1.1 Admin 1234 Password User user Password Firmware Version 3.70 Edition 2, 10/2010 www.zyxel.com www.zyxel.com Copyright © 2010 ZyXEL Communications Corporation...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw P-660HW-Tx v3 Series User’s Guide...
Page 4 Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate. P-660HW-Tx v3 Series User’s Guide...
Page 5: Document Conventions
For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on. • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. P-660HW-Tx v3 Series User’s Guide...
Page 6 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch P-660HW-Tx v3 Series User’s Guide...
Page 7: Safety Warnings
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. P-660HW-Tx v3 Series User’s Guide...
Page 8 Safety Warnings P-660HW-Tx v3 Series User’s Guide...
Page 9: Table Of Contents
Dynamic DNS Setup ........................ 269 Remote Management ......................273 Universal Plug-and-Play (UPnP) ..................... 281 Maintenance ......................... 293 System Settings ........................295 Logs ............................301 Tools ............................315 Diagnostic ..........................329 Troubleshooting and Specifications .................. 333 Troubleshooting ........................335 P-660HW-Tx v3 Series User’s Guide...
Page 10 Contents Overview Product Specifications ......................341 Appendices and Index ......................349 P-660HW-Tx v3 Series User’s Guide...
Page 11: Table Of Contents
2.1.1 Accessing the Web Configurator ................29 2.2 Web Configurator Main Screen ................... 31 2.2.1 Title Bar ........................32 2.2.2 Navigation Panel ......................32 2.2.3 Main Window ......................34 2.2.4 Status Bar ........................34 Chapter 3 Status Screens ........................35 P-660HW-Tx v3 Series User’s Guide...
Page 12 4.10.2 Configuring Traffic Classifiers .................. 76 Part II: Wizard ..................81 Chapter 5 Internet and Wireless Setup Wizard..................83 5.1 Overview ..........................83 5.2 Internet Access Wizard Setup ..................... 83 5.2.1 Manual Configuration ....................86 P-660HW-Tx v3 Series User’s Guide...
Page 13 7.4 The Client List Screen ....................... 126 7.5 The IP Alias Screen ......................127 7.5.1 Configuring the LAN IP Alias Screen ............... 128 7.6 LAN Technical Reference ....................129 7.6.1 LANs, WANs and the ZyXEL Device ................ 129 P-660HW-Tx v3 Series User’s Guide...
Page 14 9.1.1 What You Can Do in the NAT Screens ..............171 9.1.2 What You Need To Know About NAT ............... 171 9.2 The NAT General Setup Screen ..................173 9.3 The Port Forwarding Screen ..................... 174 P-660HW-Tx v3 Series User’s Guide...
Page 15 11.1 Overview ..........................211 11.1.1 What You Can Do in the Content Filter Screens .............211 11.1.2 What You Need to Know About Content Filtering ............211 11.1.3 Before You Begin .....................211 11.1.4 Content Filtering Example ..................212 P-660HW-Tx v3 Series User’s Guide...
Page 16 Static Route ........................... 239 14.1 Overview ......................... 239 14.1.1 What You Can Do in the Static Route Screens ............239 14.2 The Static Route Screen ....................240 14.2.1 Static Route Edit ....................241 Chapter 15 802.1Q/1P..........................243 P-660HW-Tx v3 Series User’s Guide...
Page 17 18.2 The WWW Screen ......................275 18.2.1 Configuring the WWW Screen ................275 18.3 The Telnet Screen ......................276 18.4 The FTP Screen ......................277 18.5 The DNS Screen ......................278 18.6 The ICMP Screen ......................279 P-660HW-Tx v3 Series User’s Guide...
Page 18 22.1.2 What You Need To Know About Tools ..............316 22.1.3 Before You Begin ....................317 22.1.4 Tool Examples ......................317 22.2 The Firmware Screen ...................... 323 22.3 The Configuration Screen ....................325 22.4 The Restart Screen ......................328 P-660HW-Tx v3 Series User’s Guide...
Page 19 Appendix B Pop-up Windows, Javascript and Java Permissions ........375 Appendix C IP Addresses and Subnetting ................385 Appendix D Wireless LANs ....................395 Appendix E Services ......................411 Appendix F Legal Information ....................415 Index............................419 P-660HW-Tx v3 Series User’s Guide...
Page 20 Table of Contents P-660HW-Tx v3 Series User’s Guide...
Page 21: Introduction
Introduction Introducing the ZyXEL Device (23) Introducing the Web Configurator (29) Status Screens (35) Tutorials (43)
Page 23: Introducing The Zyxel Device
Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers. P-660HW-Tx v3 Series User’s Guide...
Page 24: Good Habits For Managing The Zyxel Device
ZyXEL Device. You could simply restore your last configuration. 1.4 Applications for the ZyXEL Device Here are some example uses for which the ZyXEL Device is well suited. P-660HW-Tx v3 Series User’s Guide...
Page 25: Internet Access
Use QoS to efficiently manage traffic on your network by giving priority to certain types of traffic and/or to particular computers. For example, you could make sure that the ZyXEL Device gives voice over Internet calls high priority, and/or limit bandwidth devoted to the boss’s excessive file downloading. P-660HW-Tx v3 Series User’s Guide...
Page 26: Leds (Lights)
The ZyXEL Device is setting up a WPS connection. The wireless network is not activated. Green The DSL line is up. Blinking The ZyXEL Device is initializing the DSL line. The DSL line is down. P-660HW-Tx v3 Series User’s Guide...
Page 27: The Reset Button
You can use the WPS WLAN ON/OFF button on the back of the device to turn the wireless LAN off or on. You can also use it to activate WPS in order to quickly set up a wireless network with strong security. P-660HW-Tx v3 Series User’s Guide...
Page 28: Turn The Wireless Lan Off Or On
Device. The WLAN/WPS LED should flash while the ZyXEL Device sets up a WPS connection with the wireless device. Note: You must activate WPS in the ZyXEL Device and in another wireless device within two minutes of each other. See Section 8.8.8 on page 163 for more information. P-660HW-Tx v3 Series User’s Guide...
Page 29: Introducing The Web Configurator
A password screen displays. The ZyXEL Device has a dual login system. The default non-readable characters represents the user password (user by default). Clicking Login without entering any password brings you to the system’s status screen. To access the administrative web configurator and manage the P-660HW-Tx v3 Series User’s Guide...
Page 30 Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now. Figure 4 Change Password Screen P-660HW-Tx v3 Series User’s Guide...
Page 31: Web Configurator Main Screen
Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. 2.2 Web Configurator Main Screen Figure 6 Main Screen P-660HW-Tx v3 Series User’s Guide...
Page 32: Title Bar
Use this screen to view current DHCP client information and to always assign specific IP addresses to individual MAC addresses (and host names). IP Alias Use this screen to partition your LAN interface into subnets. P-660HW-Tx v3 Series User’s Guide...
Page 33 Class Setup Use this screen to define a classifier. Monitor Use this screen to view each queue’s statistics. Dynamic DNS This screen allows you to use a static hostname alias for a dynamic IP address. P-660HW-Tx v3 Series User’s Guide...
Page 34: Main Window
Right after you log in, the Status screen is displayed. See Chapter 3 on page 35 for more information about the Status screen. 2.2.4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated. P-660HW-Tx v3 Series User’s Guide...
Page 35: Status Screens
Any IP and DHCP and statistics from bandwidth management, and traffic. 3.2 The Status Screen Use this screen to view the status of the ZyXEL Device. Click Status to open this screen. Figure 7 Status Screen P-660HW-Tx v3 Series User’s Guide...
Page 36 DHCP requests and responses between the remote server and the clients. None - The ZyXEL Device is not providing any DHCP services to the LAN. Click this to go to the screen where you can change it. P-660HW-Tx v3 Series User’s Guide...
Page 37 See Section 22.4 on page 328, or turn off the device (unplug the power) for a few seconds. Interface Status Interface This column displays each interface the ZyXEL Device has. P-660HW-Tx v3 Series User’s Guide...
Page 38: Client List
Section 3.4 on page Packet Click this link to view port status and packet specific statistics. See Statistics Section 3.6 on page 3.3 Client List Section 7.4 on page 126 for information on this screen. P-660HW-Tx v3 Series User’s Guide...
Page 39: Wlan Status
Click Status > AnyIP Table to access this screen. Use this screen to view the IP address and MAC address of each computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device. Figure 9 Any IP Table P-660HW-Tx v3 Series User’s Guide...
Page 40: Packet Statistics
Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Click Status > Packet Statistics to access this screen. Figure 10 Packet Statistics P-660HW-Tx v3 Series User’s Guide...
Page 41 Type the time interval for the browser to refresh system statistics. Set Interval Click this to apply the new poll interval you entered in the Poll Interval field above. Stop Click this to halt the refreshing of the system statistics. P-660HW-Tx v3 Series User’s Guide...
Page 42 Chapter 3 Status Screens P-660HW-Tx v3 Series User’s Guide...
Page 43: Tutorials
Thomas has to configure the wireless network settings on the ZyXEL Device. Then he can set up a wireless network using WPS (Section 4.2.2 on page 45) or manual configuration (Section 4.2.3 on page 50). P-660HW-Tx v3 Series User’s Guide...
Page 44: Configuring The Wireless Network Settings
This example uses the following parameters to set up a wireless network. SSID Example Security Mode WPA-PSK Pre-Shared Key DoNotStealMyWirelessNetwork 802.11 Mode Mixed Click Network > Wireless LAN to open the AP screen. Configure the screen using the provided parameters (see page 44). Click Apply. P-660HW-Tx v3 Series User’s Guide...
Page 45: Using Wps
Make sure that your ZyXEL Device is turned on and your notebook is within the cover range of the wireless signal. Make sure that you have installed the wireless client driver and utility in your notebook. P-660HW-Tx v3 Series User’s Guide...
Page 46 The ZyXEL Device sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the ZyXEL Device securely. P-660HW-Tx v3 Series User’s Guide...
Page 47: Wireless Client
ZyXEL Device and wireless client. Example WPS Process: PBC Method ZyXEL Device Wireless Client WITHIN 2 MINUTES Press and hold for more than 5 seconds SECURITY INFO COMMUNICATION P-660HW-Tx v3 Series User’s Guide...
Page 48 The ZyXEL Device authenticates the wireless client and sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the ZyXEL Device securely. P-660HW-Tx v3 Series User’s Guide...
Page 49 The following figure shows you how to set up a wireless network and its security on a ZyXEL Device and a wireless client by using PIN method. Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION P-660HW-Tx v3 Series User’s Guide...
Page 50: Without Wps
Here is how Thomas can set up a schedule to turn on the wireless network at specific time and days. Click Network > Wireless Network > Scheduling to open the following screen. P-660HW-Tx v3 Series User’s Guide...
Page 51 Chapter 4 Tutorials Configure the screen as follows. Turn on the wireless network from Mondays to Fridays between 18:00 and 23:30. Turn on the wireless network all day on Saturdays and Sundays. Click Apply. P-660HW-Tx v3 Series User’s Guide...
Page 52: Setting Up Multiple Wireless Groups
• Visiting guests will use the Guest group, which has a lower security mode and QoS control. Company A will use the following parameters to set up the wireless network groups. COMPANY GUEST SSID Company Guest Security Mode WPA2-PSK WPA2-PSK Static WEP Pre-Shared Key ForCompanyOnly ForVIPOnly Guest Default High P-660HW-Tx v3 Series User’s Guide...
Page 53 Configure the screen using the provided parameters and click Apply. Click Network > Wireless LAN > More AP to open the following screen. Click the Edit icon to configure the second wireless network group. P-660HW-Tx v3 Series User’s Guide...
Page 54 Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. In the More AP screen, click the Edit icon to configure the third wireless network group. P-660HW-Tx v3 Series User’s Guide...
Page 55 Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. Activate the wireless network groups and click Apply. P-660HW-Tx v3 Series User’s Guide...
Page 56: Configuring The Mac Address Filter
Device. Thomas can deny access to the wireless network using the MAC address of Josephine’s computer. Thomas Josephine Click Network > LAN > Client List to open the following screen. Look for the MAC address of Josephine’s computer. P-660HW-Tx v3 Series User’s Guide...
Page 57 Select Active MAC Filter and Deny Filter Action. Enter the MAC address you found in the Client List screen. Click Apply. Josephine will no longer be able to access the Internet through the ZyXEL Device. P-660HW-Tx v3 Series User’s Guide...
Page 58: Setting Up Nat Port Forwarding
If you are not certain about the Xbox 360’s IP address, you may check it in the DHCP client table. Click Network > LAN > Client List to open the following screen. Look for the IP address for Xbox 360. P-660HW-Tx v3 Series User’s Guide...
Page 59: Port Forwarding
If the default server is already assigned to another server, configure the ports for Xbox 360. Click Network > NAT to open the General screen. Select Active Network Address Translation and SUA Only. Click Apply. P-660HW-Tx v3 Series User’s Guide...
Page 60 Configure the screen as follows to open TCP/UDP port 53 for Xbox 360. Click Apply. Repeat steps 2 and 3 to open the rest of the ports for Xbox 360. The port forwarding settings you configured are listed in the Port Forwarding screen. P-660HW-Tx v3 Series User’s Guide...
Page 61: Access The Zyxel Device Using Ddns
To use this feature, you have to apply for DDNS service at www.dyndns.org. This tutorial shows you how to: • Registering a DDNS Account on www.dyndns.org • Configuring DDNS on Your ZyXEL Device P-660HW-Tx v3 Series User’s Guide...
Page 62: Registering A Ddns Account On Www.dyndns.org
Configure the following settings in the Advanced > Dynamic DNS screen. Select Active Dynamic DNS. Select Dynamic DNS for the DDNS type. Type zyxelrouter.dyndns.org in the Host Name field. Enter the user name (UserName1) and password (12345). P-660HW-Tx v3 Series User’s Guide...
Page 63: Adding A Firewall Rule For Remote Management
Select WAN to WAN / Router and select the number of the last rule that has been configured on this screen. Click Add. The Edit Rule screen opens. Configure the screen using the following settings. Select Active. Select Permit for matched packets. P-660HW-Tx v3 Series User’s Guide...
Page 64: Testing The Ddns Setting
Now you should be able to access the ZyXEL Device from the Internet. To test this: Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet. Type http://zyxelrouter.dyndns.org and press [Enter]. P-660HW-Tx v3 Series User’s Guide...
Page 65: Configuring Static Route For Routing To Another Network
A (in N1 network) to computer B (in N2 network), the traffic is sent to the ZyXEL Device’s WAN default gateway by default. In this case, B will never receive the traffic. P-660HW-Tx v3 Series User’s Guide...
Page 66 To configure a static route to route traffic from N1 to N2: Log into the ZyXEL Device’s Web Configurator in advanced mode. Click Advanced > Static Route. Click Edit on a new rule in the Static Route screen. P-660HW-Tx v3 Series User’s Guide...
Page 67: Multiple Public And Private Ip Address Mappings
If your ISP gives you more than one static IP address for your Internet access, you can map each IP address for a specific service. This tutorial assumes you are given two static public IP addresses. You want to map them to two servers A and IP-1 IP-2 P-660HW-Tx v3 Series User’s Guide...
Page 68: Full Feature Nat + Many-To-Many No Overload Mapping
Use this setting if your applications can use random public IP addresses and the applications are initiated from the Intranet computers (A and B). For example, VoIP application. See Section 4.8.2 on page 70 if it is not. IP-1 To configure this: Click Network > NAT. P-660HW-Tx v3 Series User’s Guide...
Page 69 Click the Address Mapping tab, and then click the Edit icon on a new rule. Configure the rule using the following settings: • Type: Many-to-Many No Overload • Local IP addresses: 192.168.1.2 ~ 192.168.1.3 • Global IP addresses: 172.16.1.253 ~ 172.16.1.254 Then click Apply. P-660HW-Tx v3 Series User’s Guide...
Page 70: Full Feature Nat + One-To-One Mapping
Click the Address Mapping tab, click the Edit icon on a new rule. Configure two rules for the one-to-one mappings: • Rule 1 (This maps the public IP address 172.16.1.253 to the private IP address 192.168.1.2) Type: One-to-One Local Start IP: 192.168.1.2 Global Start IP: 172.16.1.253 P-660HW-Tx v3 Series User’s Guide...
Page 71: Multiple Wan Connections Example
Figure 11, three WAN connections are configured over the ADSL line: • The connection with VPI/VCI, 0/33, is dedicated for Media-On-Demand (MOD) service. • The connection with VPI/VCI, 0/34, is dedicated for VoIP service. P-660HW-Tx v3 Series User’s Guide...
Page 72: Multiple Pvcs With Qos
(UBR) for general data ATM-QoS setting. port 4 PVC: 0/35 PVC: 0/33 port 1~3 : Voice : General Data This tutorial also dedicates the ZyXEL Device LAN port 4 for voice and ports 1~3 for general data traffic. P-660HW-Tx v3 Series User’s Guide...
Page 73: Configuring Multiple Pvcs And Atm-Qos
• Line Modulation: Multi Mode • Mode: Routing • Encapsulation: PPPoE • User Name: PPPoEuser1 • Password: 1234 • PVC: LLC, 0/35 Leave the other settings as their defaults and click Apply. P-660HW-Tx v3 Series User’s Guide...
Page 74 Click the More Connections tab and then click the Edit icon next to the entry two. Then configure the screen using the following example settings: • Select Active. • Name: PVC-for-VoIP • Mode: Routing • Encapsulation: ENET ENCAP P-660HW-Tx v3 Series User’s Guide...
Page 75 Chapter 4 Tutorials • PVC: LLC, 0/33 Click Apply. Click the Advanced Setup button and then select CBR in the ATM QoS Type field. Click Apply. P-660HW-Tx v3 Series User’s Guide...
Page 76: Configuring Traffic Classifiers
• Enter a descriptive name for this rule. For example, VoIP. • Interface: From LAN • Priority: 7 (Highest) • Routing Policy: To WAN Index • WAN Index: 2 • Filter Configuration: • Service: VoIP(SIP) • Physical Port: 4 P-660HW-Tx v3 Series User’s Guide...
Page 77 Chapter 4 Tutorials Click Apply. P-660HW-Tx v3 Series User’s Guide...
Page 78 • Select Active. • Enter a descriptive name for this rule. For example, General Data. • Interface: From LAN • Priority: 2 (Default) • Routing Policy: To WAN Index • WAN Index: 1 • Filter Configuration: P-660HW-Tx v3 Series User’s Guide...
Page 79 Chapter 4 Tutorials • Physical Port: 1~3 (means to exclude port 4) Click Apply. P-660HW-Tx v3 Series User’s Guide...
Page 80 Click the General tab. Then select Active QoS and click Apply. Now you can connect a VoIP phone to the ZyXEL Device’s LAN port 4 and computers to port 1~3. The ZyXEL Device classifies and prioritizes voice traffic to optimize voice quality. P-660HW-Tx v3 Series User’s Guide...
Page 81: Wizard
Wizard Internet and Wireless Setup Wizard (83)
Page 83: Internet And Wireless Setup Wizard
After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to go to the wizards. Figure 12 Select a Mode P-660HW-Tx v3 Series User’s Guide...
Page 84 Section 5.2.1 on page 86 for more details. If you would like to skip your Internet setup and configure the wireless LAN settings, leave Yes selected and click Next. Figure 14 Auto Detection: No DSL Connection P-660HW-Tx v3 Series User’s Guide...
Page 85 The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 5.2.1 on page 86 on how to manually configure the ZyXEL Device for Internet access. Figure 16 Auto Detection: Failed P-660HW-Tx v3 Series User’s Guide...
Page 86: Manual Configuration
Choices vary depending on what you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. P-660HW-Tx v3 Series User’s Guide...
Page 87 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 5.3 on page 92 for wireless connection wizard setup Figure 18 Internet Connection with PPPoE P-660HW-Tx v3 Series User’s Guide...
Page 88 Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 19 Internet Connection with RFC 1483 P-660HW-Tx v3 Series User’s Guide...
Page 89 Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. Figure 20 Internet Connection with ENET ENCAP P-660HW-Tx v3 Series User’s Guide...
Page 90 Server Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 21 Internet Connection with PPPoA P-660HW-Tx v3 Series User’s Guide...
Page 91 Figure 22 Connection Test Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wireless Setup Wizard to verify your Internet access settings. Figure 23 Connection Test Failed-2. P-660HW-Tx v3 Series User’s Guide...
Page 92: Wireless Connection Wizard Setup
The following table describes the labels in this screen. Table 15 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Back Click this to return to the previous screen without saving. P-660HW-Tx v3 Series User’s Guide...
Page 93 Select Disable wireless security to have no wireless LAN security configured and your network is accessible to any wireless networking device that is within range. Back Click this to return to the previous screen without saving. P-660HW-Tx v3 Series User’s Guide...
Page 94: Manually Assign A Wpa-Psk Key
You need to configure an authentication server to do this. Back Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. P-660HW-Tx v3 Series User’s Guide...
Page 95: Manually Assign A Wep Key
Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. Click Apply to save your wireless LAN settings. Figure 29 Wireless LAN Setup 3 P-660HW-Tx v3 Series User’s Guide...
Page 96 Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. P-660HW-Tx v3 Series User’s Guide...
Page 97: Network
Network WAN Setup (99) LAN Setup (119) Wireless LAN (137) Network Address Translation (NAT) (171)
Page 99: Wan Setup
To set up a WAN connection to the Internet, you need to use the same encapsulation method used by your ISP (Internet Service Provider). If your ISP offers a dial-up Internet connection using PPPoE (PPP over Ethernet) or PPPoA, P-660HW-Tx v3 Series User’s Guide...
Page 100: Before You Begin
Section 6.4 on page 113 for technical background information on WAN. 6.1.3 Before You Begin You need to know your Internet access settings such as encapsulation and WAN IP address. Get this information from your ISP. P-660HW-Tx v3 Series User’s Guide...
Page 101: The Internet Access Setup Screen
Use this screen to change your ZyXEL Device’s WAN settings. Click Network > WAN > Internet Access Setup. The screen differs by the WAN type and encapsulation you select. Figure 32 Network > WAN >Internet Access Setup (PPPoE) P-660HW-Tx v3 Series User’s Guide...
Page 102 The valid range for the VPI is 0 to 255. Enter the VPI assigned to you. The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you. P-660HW-Tx v3 Series User’s Guide...
Page 103 Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. Advanced Setup Click this to display the Advanced WAN Setup screen and edit more details of your WAN setup. P-660HW-Tx v3 Series User’s Guide...
Page 104: Advanced Internet Access Setup
Select the RIP direction from None, Both, In Only and Out Only. RIP Version This field is not configurable if you select None in the RIP Direction field. Select the RIP version from RIP-1, RIP-2B and RIP-2M. P-660HW-Tx v3 Series User’s Guide...
Page 105 Enter the MTU in this field. For ENET ENCAP, the MTU value is 1500. For PPPoE, the MTU value is 1492. For PPPoA and RFC 1483, the MTU is 65535. Packet Filter Incoming Filter Sets P-660HW-Tx v3 Series User’s Guide...
Page 106 Chapter 12 on page 219 for more details. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 107: The More Connections Screen
Internet access setup. Click the Remove icon to delete the Internet access setup from your connection list. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 108: More Connections Edit
Table 22 Network > WAN > More Connections: Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII characters for this connection. P-660HW-Tx v3 Series User’s Guide...
Page 109 If you use RFC 1483, enter the IP address given by your ISP in the IP Address field. Subnet Mask This option is available if you select ENET ENCAP in the Encapsulation field. Enter a subnet mask in dotted decimal notation. P-660HW-Tx v3 Series User’s Guide...
Page 110 Click this to save your changes. Cancel Click this to restore your previously saved settings. Advanced Setup Click this to display the More Connections Advanced Setup screen and edit more details of your WAN setup. P-660HW-Tx v3 Series User’s Guide...
Page 111: Configuring More Connections Advanced Setup
Select the RIP version from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports IGMP-v1, IGMP-v2 and IGMP-v3. Select None to disable it. ATM QoS P-660HW-Tx v3 Series User’s Guide...
Page 112 4 sets of filters. You can configure generic filters in the Packet Filter screen. See Chapter 12 on page 219 for more details. Back Click this to return to the previous screen without saving. P-660HW-Tx v3 Series User’s Guide...
Page 113: Wan Technical Reference
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, P-660HW-Tx v3 Series User’s Guide...
Page 114: Multiplexing
VCs. 6.4.3 VPI and VCI Be sure to use the correct Virtual Path Identifier (VPI) and Virtual Channel Identifier (VCI) numbers assigned to you. The valid range for the VPI is 0 to 255 P-660HW-Tx v3 Series User’s Guide...
Page 115: Ip Address Assignment
6.4.6 NAT NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing P-660HW-Tx v3 Series User’s Guide...
Page 116: Traffic Shaping
If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate. The following figure illustrates the relationship between PCR, SCR and MBS. Figure 37 Example of Traffic Shaping P-660HW-Tx v3 Series User’s Guide...
Page 117: Atm Traffic Classes
The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An example application is background file transfer. P-660HW-Tx v3 Series User’s Guide...
Page 118 Chapter 6 WAN Setup P-660HW-Tx v3 Series User’s Guide...
Page 119: Lan Setup
126) to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. • Use the IP Alias screen (Section 7.5 on page 127) to change your ZyXEL Device’s IP alias settings. P-660HW-Tx v3 Series User’s Guide...
Page 120: What You Need To Know About Lan
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a networking device before you can access it. P-660HW-Tx v3 Series User’s Guide...
Page 121: Before You Begin
IP address you entered. Click Apply to save your settings. Figure 38 Network > LAN > IP P-660HW-Tx v3 Series User’s Guide...
Page 122: The Advanced Lan Ip Setup Screen
Use this screen to edit your ZyXEL Device's RIP, multicast, Any IP and Windows Networking settings. Click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Figure 39 Network > LAN > IP: Advanced Setup P-660HW-Tx v3 Series User’s Guide...
Page 123 Select the generic filter(s) to control incoming traffic. You may choose up to 4 sets of filters. You can configure generic filters in the Packet Filter screen. See Chapter 12 on page 219 for more details. Outgoing Filter Sets P-660HW-Tx v3 Series User’s Guide...
Page 124: The Dhcp Setup Screen
Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Click Network > DHCP Setup to open this screen. Figure 40 Network > LAN > DHCP Setup P-660HW-Tx v3 Series User’s Guide...
Page 125 DNS server addresses manually configured. If you do not configure a DNS server, you must know the IP address of a computer in order to access it. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 126: The Client List Screen
A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory. This address follows an industry standard that ensures no other adapter has a similar address. P-660HW-Tx v3 Series User’s Guide...
Page 127: The Ip Alias Screen
The following figure shows a LAN divided into subnets A, B, and C. Figure 42 Physical Network & Partitioned Logical Networks A: 192.168.1.1 - 192.168.1.24 Ethernet B: 192.168.2.1 - 192.168.2.24 Interface C: 192.168.3.1 - 192.168.3.24 P-660HW-Tx v3 Series User’s Guide...
Page 128: Configuring The Lan Ip Alias Screen
When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received. P-660HW-Tx v3 Series User’s Guide...
Page 129: Lan Technical Reference
The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 44 LAN and WAN IP Addresses P-660HW-Tx v3 Series User’s Guide...
Page 130: Dhcp Setup
It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the DHCP Setup screen. P-660HW-Tx v3 Series User’s Guide...
Page 131: Lan Tcp/Ip
IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 — 10.255.255.255 • 172.16.0.0 — 172.31.255.255 P-660HW-Tx v3 Series User’s Guide...
Page 132: Rip Setup
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. P-660HW-Tx v3 Series User’s Guide...
Page 133: Any Ip
The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment. In a residential house where a ZyXEL Device is installed, you can still use the computer to access the Internet P-660HW-Tx v3 Series User’s Guide...
Page 134 MAC address in its ARP table. When the computer cannot locate the default gateway, an ARP request is broadcast on the LAN. The ZyXEL Device receives the ARP request and replies to the computer with its own MAC address. P-660HW-Tx v3 Series User’s Guide...
Page 135 IP routing table so it can properly forward packets intended for the computer. After all the routing information is updated, the computer can access the ZyXEL Device and the Internet as if it is in the same subnet as the ZyXEL Device. P-660HW-Tx v3 Series User’s Guide...
Page 136 Chapter 7 LAN Setup P-660HW-Tx v3 Series User’s Guide...
Page 137: Wireless Lan
Distribution System, in which the ZyXEL Device acts as a bridge with other ZyXEL access points. • Use the Scheduling screen (see Section 8.7 on page 155) to configure the dates/times to enable or disable the wireless LAN. P-660HW-Tx v3 Series User’s Guide...
Page 138: What You Need To Know About Wireless
8.1.3 Before You Start Before you start using these screens, ask yourself the following questions. See Section 8.1.2 on page 138 if some of the terms used here are not familiar to you. P-660HW-Tx v3 Series User’s Guide...
Page 139: The Ap Screen
8.2 The AP Screen Use this screen to configure the wireless settings of your ZyXEL Device. Click Network > Wireless LAN to open the AP screen. Figure 46 Network > Wireless LAN > AP P-660HW-Tx v3 Series User’s Guide...
Page 140 This shows whether the wireless devices with the MAC addresses listed are allowed or denied to access the ZyXEL Device using this SSID. Edit Click this to go to the MAC Filter screen to configure MAC filter settings. Section 8.2.6 on page 147 for more details. P-660HW-Tx v3 Series User’s Guide...
Page 141: No Security
Figure 47 Network > Wireless LAN > AP: No Security The following table describes the labels in this screen. Table 30 Network > Wireless LAN > AP: No Security LABEL DESCRIPTION Security Choose No Security from the drop-down list box. Mode P-660HW-Tx v3 Series User’s Guide...
Page 142: Wep Encryption
WEP key for data transmission. If you want to manually set the WEP key, enter any 5 or 13 characters (ASCII string) or 10 or 26 hexadecimal characters ("0-9", "A-F") for a 64- bit or 128-bit WEP key respectively. P-660HW-Tx v3 Series User’s Guide...
Page 143: Wpa(2)-Psk
Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. P-660HW-Tx v3 Series User’s Guide...
Page 144: Wpa(2) Authentication
Use this screen to configure and enable WPA or WPA2 authentication. Click the Wireless LAN link under Network to display the AP screen. Select WPA, WPA2 or WPAMixed from the Security Mode list. Figure 50 Network > Wireless LAN > AP: WPA(2) P-660HW-Tx v3 Series User’s Guide...
Page 145 The key must be the same on the external authentication server and your ZyXEL Device. The key is not sent over the network. Accounting Server (optional) IP Address Enter the IP address of the external accounting server in dotted decimal notation. P-660HW-Tx v3 Series User’s Guide...
Page 146: Wireless Lan Advanced Setup
APs. Select one of the following Maximum, Middle or Minimum. Preamble Select a preamble type from the drop-down list menu. Choices are Long, Short or Dynamic. The default setting is Long. See the appendix for more information. P-660HW-Tx v3 Series User’s Guide...
Page 147: Mac Filter
Use this screen to change your ZyXEL Device’s MAC filter settings. Click the Edit button in the AP screen. The screen appears as shown. Figure 52 Network > Wireless LAN > AP: MAC Address Filter P-660HW-Tx v3 Series User’s Guide...
Page 148: The More Ap Screen
This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the ZyXEL Device. Click Network > Wireless LAN > More AP. The following screen displays. Figure 53 Network > Wireless LAN > More AP P-660HW-Tx v3 Series User’s Guide...
Page 149: More Ap Edit
Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the More AP screen. The following screen displays. Figure 54 Network > Wireless LAN > More AP: Edit P-660HW-Tx v3 Series User’s Guide...
Page 150 Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 151: The Wps Screen
This displays Unconfigured if WPS is disabled and there is no wireless or wireless security changes on the ZyXEL Device or you click Release_Configuration to remove the configured wireless and wireless security settings. P-660HW-Tx v3 Series User’s Guide...
Page 152: The Wps Station Screen
Use this screen to set up a WPS wireless network using either Push Button Configuration (PBC) or PIN Configuration. Click Network > Wireless LAN > WPS Station. The following screen displays. Figure 56 Network > Wireless LAN > WPS Station P-660HW-Tx v3 Series User’s Guide...
Page 153: The Wds Screen
Note: WDS security is independent of the security settings between the ZyXEL Device and any wireless clients. Note: At the time of writing, WDS is compatible with other ZyXEL APs only. Not all models support WDS links. Check your other AP’s documentation. P-660HW-Tx v3 Series User’s Guide...
Page 154 (six hexadecimal character pairs, for example 12:34:56:78:9a:bc). Enter a Pre-Shared Key (PSK) from 8 to 63 case-sensitive ASCII characters (including spaces and symbols). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 155: The Scheduling Screen
For example, if you set the time range from 12:00 to 23:00, the wireless LAN will be turned on only during this time period. Apply Click this to save your changes. Reset Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 156: Wireless Lan Technical Reference
• An “ad-hoc” type of network is one in which there is no access point. Wireless clients connect to one another in order to exchange information. The following figure provides an example of a wireless network. Figure 59 Example of a Wireless Network P-660HW-Tx v3 Series User’s Guide...
Page 157 When you create a network, you must select a channel to use. Since the available unlicensed spectrum varies from one country to another, the number of available channels also varies. P-660HW-Tx v3 Series User’s Guide...
Page 158: Additional Wireless Terms
“key” phrase) can access the network. Second, they encrypt. This means that the information sent over the air is encoded. Only people with the code key can understand the information, and only people who have been authenticated are given the code key. P-660HW-Tx v3 Series User’s Guide...
Page 159 Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. P-660HW-Tx v3 Series User’s Guide...
Page 160: User Authentication
The types of encryption you can choose depend on the type of authentication. (See Section 8.8.3.3 on page 160 for information about this.) Table 43 Types of Encryption for Each Type of Authentication NO AUTHENTICATION RADIUS SERVER Weakest No Security Static WEP WPA-PSK Strongest WPA2-PSK WPA2 P-660HW-Tx v3 Series User’s Guide...
Page 161: Signal Problems
(AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is disabled, wireless station A and B can access the wired network P-660HW-Tx v3 Series User’s Guide...
Page 162: Mbssid
BSSIDs (they are in different BSSs), but have the same keys, they may hear each other’s communications (but not communicate with each other). • MBSSID should not replace but rather be used in conjunction with 802.1x security. P-660HW-Tx v3 Series User’s Guide...
Page 163: Wireless Distribution System (Wds)
Number that allows one device to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two minutes to find another device that also has WPS activated. Then, the two devices connect and set up a secure network by themselves. P-660HW-Tx v3 Series User’s Guide...
Page 164: Pin Configuration
Then, when WPS is activated on the first device, it presents its PIN to the second device. If the PIN matches, one device sends the network and security information to the other, allowing it to join the network. P-660HW-Tx v3 Series User’s Guide...
Page 165 On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. P-660HW-Tx v3 Series User’s Guide...
Page 166: How Wps Works
PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly. P-660HW-Tx v3 Series User’s Guide...
Page 167 It will be the registrar in all subsequent WPS connections in which it is involved. If you want a configured AP to act as an enrollee, you must reset it to its factory defaults. P-660HW-Tx v3 Series User’s Guide...
Page 168: Example Wps Network Setup
ENROLLEE CLIENT 2 In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access P-660HW-Tx v3 Series User’s Guide...
Page 169: Limitations Of Wps
(if the device supports this feature). Then, you can enter the key into the non-WPS device and join the network as normal (the non-WPS device must also support WPA-PSK or WPA2-PSK). P-660HW-Tx v3 Series User’s Guide...
Page 170 Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. P-660HW-Tx v3 Series User’s Guide...
Page 171: Network Address Translation (Nat)
IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side. P-660HW-Tx v3 Series User’s Guide...
Page 172 • Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device. Finding Out More Section 9.6 on page 181 for advanced technical information on NAT. P-660HW-Tx v3 Series User’s Guide...
Page 173: The Nat General Setup Screen
NAT sessions they can establish. If your network has a large number of users using peer to peer applications, you can lower this number to ensure no single client is exhausting all of the available NAT sessions. P-660HW-Tx v3 Series User’s Guide...
Page 174: The Port Forwarding Screen
A default server receives packets from ports that are not specified in this screen. Note: If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. P-660HW-Tx v3 Series User’s Guide...
Page 175: Configuring The Port Forwarding Screen
9.3.1 Configuring the Port Forwarding Screen Click Network > NAT > Port Forwarding to open the following screen. Appendix E on page 411 for port numbers commonly used for particular services. Figure 69 Network > NAT > Port Forwarding P-660HW-Tx v3 Series User’s Guide...
Page 176 Click the delete icon to delete an existing port forwarding rule. Note that subsequent address mapping rules move up by one when you take this action. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 177: The Port Forwarding Rule Edit Screen
Enter the inside IP address of the server here. Address Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 178: The Address Mapping Screen
Global Start This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. You can only do this for Many-to-One and Server mapping types. P-660HW-Tx v3 Series User’s Guide...
Page 179: The Address Mapping Rule Edit Screen
9.4.1 The Address Mapping Rule Edit Screen Use this screen to edit an address mapping rule. Click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 72 Network > NAT > Address Mapping: Edit P-660HW-Tx v3 Series User’s Guide...
Page 180 Server Mapping Set field. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 181: The Sip Alg Screen
Internet are the outside hosts. Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the P-660HW-Tx v3 Series User’s Guide...
Page 182: What Nat Does
With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT). P-660HW-Tx v3 Series User’s Guide...
Page 183: How Nat Works
NAT Table Inside Local Inside Global IP Address IP Address 192.168.1.10 IGA 1 192.168.1.13 192.168.1.11 IGA 2 192.168.1.12 IGA 3 192.168.1.13 IGA 4 192.168.1.12 192.168.1.10 IGA1 Inside Local Inside Global Address (ILA) Address (IGA) 192.168.1.11 192.168.1.10 P-660HW-Tx v3 Series User’s Guide...
Page 184: Nat Application
Device maps each local IP address to a unique global IP address. • Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. P-660HW-Tx v3 Series User’s Guide...
Page 185 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 P-660HW-Tx v3 Series User’s Guide...
Page 186 Chapter 9 Network Address Translation (NAT) P-660HW-Tx v3 Series User’s Guide...
Page 187: Security
Security Firewalls (189) Content Filtering (211) Packet Filter (219) Certificates (229)
Page 189: Firewalls
• Use the Rules screen (Section 10.3 on page 196) to view the configured firewall rules and add, edit or remove a firewall rule. P-660HW-Tx v3 Series User’s Guide...
Page 190: What You Need To Know About Firewall
Finding Out More • See Section 10.1.3 on page 191 for an example of setting up a firewall. • See Section 10.5 on page 205 for advanced technical information on firewall. P-660HW-Tx v3 Series User’s Guide...
Page 191: Firewall Rule Setup Example
7 (if there is one) becomes rule 8. Click Add to display the firewall rule configuration screen. In the Edit Rule screen, click the Edit Customized Services link to open the Customized Service screen. P-660HW-Tx v3 Series User’s Guide...
Page 192 Apply. Edit Custom Port Example Select Any in the Destination Address List box and then click Delete. Configure the destination address screen as follows and click Add. Firewall Example: Edit Rule: Destination Address P-660HW-Tx v3 Series User’s Guide...
Page 193 Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box. Firewall Example: Edit Rule: Select Customized Services P-660HW-Tx v3 Series User’s Guide...
Page 194: The Firewall General Screen
10.0.0.15 on the LAN. Firewall Example: Rules: MyService 10.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 77 Security > Firewall > General P-660HW-Tx v3 Series User’s Guide...
Page 195 Expand... Click this to display more information. Basic... Click this to display less information. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 196: The Firewall Rule Screen
Clear the check box to disable the rule. Source IP This drop-down list box displays the source addresses or ranges of addresses to which this firewall rule applies. Please note that a blank source or destination address is equivalent to Any. P-660HW-Tx v3 Series User’s Guide...
Page 197 The ordering of your rules is important as they are applied in order of their numbering. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 198: Configuring Firewall Rules
Use this screen to configure firewall rules. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. Figure 79 Security > Firewall > Rules: Edit P-660HW-Tx v3 Series User’s Guide...
Page 199 This field determines if a log for packets that match the rule is created Information or not. Go to the Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert P-660HW-Tx v3 Series User’s Guide...
Page 200: Customized Services
This shows the IP protocol (TCP, UDP or TCP/UDP) that defines your customized service. Port This is the port number or range that defines your customized service. Back Click this to return to the Firewall Edit Rule screen. P-660HW-Tx v3 Series User’s Guide...
Page 201: Configuring A Customized Service
Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. Delete Click this to delete the current rule. P-660HW-Tx v3 Series User’s Guide...
Page 202: The Firewall Threshold Screen
ZyXEL Device is classifying normal traffic as DoS attacks. Factors influencing choices for threshold values are: The maximum number of opened sessions. The minimum capacity of server backlog in your LAN network. The CPU power of servers in your LAN network. Network bandwidth. P-660HW-Tx v3 Series User’s Guide...
Page 203: Configuring Firewall Thresholds
This is the rate of new half-open sessions per minute that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open sessions as necessary, until the rate of new connection attempts drops below this number. P-660HW-Tx v3 Series User’s Guide...
Page 204 Deny new connection requests for the number of minutes that you specify (between 1 and 255). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 205: Firewall Technical Reference
These rules specify which computers on the WAN can access which computers or services on the LAN. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow computers on the WAN to access devices on the LAN. P-660HW-Tx v3 Series User’s Guide...
Page 206: Guidelines For Enhancing Security With Your Firewall
11 Protect against IP spoofing by making sure the firewall is active. 12 Keep the firewall in a secured (locked) room. P-660HW-Tx v3 Series User’s Guide...
Page 207: Security Considerations
When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks. Figure 84 Ideal Firewall Setup P-660HW-Tx v3 Series User’s Guide...
Page 208 Another solution is to use IP alias. IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your ZyXEL Device supports up to three logical LAN interfaces with the ZyXEL Device being the gateway for each logical network. P-660HW-Tx v3 Series User’s Guide...
Page 209 The reply from the WAN goes to the ZyXEL Device. The ZyXEL Device then sends it to the computer on the LAN in Subnet 1. Figure 86 IP Alias Subnet 1 ISP 1 ISP 2 Subnet 2 P-660HW-Tx v3 Series User’s Guide...
Page 210 Chapter 10 Firewalls P-660HW-Tx v3 Series User’s Guide...
Page 211: Content Filtering
Internet browser, for example “http://www.zyxel.com”. 11.1.3 Before You Begin To use the Trusted screen, you need the IP addresses of devices on your network. See the LAN section (Section 11.4 on page 216) for more information. P-660HW-Tx v3 Series User’s Guide...
Page 212: Content Filtering Example
Click Security > Content Filter > Schedule. Click Edit Daily to Block and select all weekdays. Under Start Time and End Time, type the times for blocking to begin and end (4pm ~ 7pm in this example). P-660HW-Tx v3 Series User’s Guide...
Page 213 Click Security > Content Filter > Trusted. In the Start IP Address and End IP Address fields, type 192.168.1.3. Click Apply. Security > Content Filter > Trusted: Example That finishes setting up keyword blocking on the home computer. P-660HW-Tx v3 Series User’s Guide...
Page 214: The Keyword Screen
Highlight a keyword in the box and click this to remove it. Clear All Click this to remove all of the keywords from the list. Keyword Type a keyword in this field. You may use any character (up to 127 characters). Wildcards are not allowed. P-660HW-Tx v3 Series User’s Guide...
Page 215: The Schedule Screen
Use this screen to set the days and times for the ZyXEL Device to perform content filtering. Click Security > Content Filter > Schedule. The screen appears as shown. Figure 88 Security > Content Filter > Schedule P-660HW-Tx v3 Series User’s Guide...
Page 216: The Trusted Screen
End IP Address Type the ending IP address of a specific range of users on your LAN that you want to exclude from content filtering. Leave this field blank if you want to exclude an individual computer. P-660HW-Tx v3 Series User’s Guide...
Page 217 Chapter 11 Content Filtering Table 60 Security > Content Filter: Trusted (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 218 Chapter 11 Content Filtering P-660HW-Tx v3 Series User’s Guide...
Page 219: Packet Filter
With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. Finding Out More Section 12.3 on page 226 for technical background information on packet filters. P-660HW-Tx v3 Series User’s Guide...
Page 220: The Packet Filter Screen
Modify Click the Edit button to configure a filter set. Click the Remove button to delete a filter set. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 221: Editing Protocol Filters
Click the Remove icon to delete a filter rule. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 222: Configuring Protocol Filter Rules
Enter the IP subnet mask for the destination IP address. Subnet Netmask Destination Enter the destination port of the packets that you wish to filter. The Port range of this field is 0 to 65535. This field is ignored if it is 0. P-660HW-Tx v3 Series User’s Guide...
Page 223: Editing Generic Filters
IP rules directly. For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the P-660HW-Tx v3 Series User’s Guide...
Page 224 Click the Remove icon to delete a filter rule. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 225: Configuring Generic Packet Rules
Enter the value (in hexadecimal notation) to compare with the data portion. More Select Yes to pass a matching packet to the next filter rule before an action is taken. Select No to act upon the packet according to the action fields. P-660HW-Tx v3 Series User’s Guide...
Page 226: Packet Filter Technical Reference
NAT for outgoing packets and after NAT for incoming packets. On the other hand, the generic filters are applied to the raw packets that appear on the wire. They are applied at the point when the ZyXEL Device is P-660HW-Tx v3 Series User’s Guide...
Page 227: Firewall Versus Filters
Firewalls of this type employ an inspection module, applicable to all protocols, that understands data in the packet is intended for other layers, from the network layer (IP headers) up to the application layer. P-660HW-Tx v3 Series User’s Guide...
Page 228 Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. P-660HW-Tx v3 Series User’s Guide...
Page 229: Certificates
A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. You can use the ZyXEL Device to generate certification requests that contain identifying P-660HW-Tx v3 Series User’s Guide...
Page 230: The Trusted Cas Screen
Click Security > Certificates to open the Trusted CAs screen. Figure 97 Trusted CAs P-660HW-Tx v3 Series User’s Guide...
Page 231 Click this to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the ZyXEL Device. Refresh Click this to display the current validity status of the certificates. P-660HW-Tx v3 Series User’s Guide...
Page 232: Trusted Ca Import
Click this to find the certificate file you want to upload. Back Click this to return to the previous screen without saving. Apply Click this to save the certificate on the ZyXEL Device. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 233: Trusted Ca Details
Certification Authority signed the certificate. Self-signed means that the certificate’s owner signed the certificate (not a certification authority). X.509 means that this certificate was created and signed according to the ITU-T X.509 recommendation that defines the formats for public-key certificates. P-660HW-Tx v3 Series User’s Guide...
Page 234 ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 235: Certificates Technical Reference
In the same way, your private key “writes” your digital signature and your public key allows people to verify whether data was signed by you, or by someone else. This process works as follows. P-660HW-Tx v3 Series User’s Guide...
Page 236 (because they cannot re-sign the message with Tim’s private key). Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message. P-660HW-Tx v3 Series User’s Guide...
Page 237: Advanced
Advanced Static Route (239) 802.1Q/1P (243) Quality of Service (QoS) (253) Dynamic DNS Setup (269) Remote Management (273) Universal Plug-and-Play (UPnP) (281)
Page 239: Static Route
Figure 100 Example of Static Routing Topology 14.1.1 What You Can Do in the Static Route Screens Use the Static Route screens (Section 14.2 on page 240) to view and configure IP static routes on the ZyXEL Device. P-660HW-Tx v3 Series User’s Guide...
Page 240: The Static Route Screen
Click the Edit icon to go to the screen where you can set up a static route on the ZyXEL Device. Click the Remove icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route. P-660HW-Tx v3 Series User’s Guide...
Page 241: Static Route Edit
IP Subnet Enter the IP subnet mask here. Mask Gateway Type Use either Gateway Address or Gateway Node to configure a static route. P-660HW-Tx v3 Series User’s Guide...
Page 242 Section 6.3 on page 107 for details on configuring a remote node. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 243: Q/1P
15.1.2 What You Need to Know About 802.1Q/1P IEEE 802.1P Priority IEEE 802.1P specifies the user priority field and defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. P-660HW-Tx v3 Series User’s Guide...
Page 244 (recall that a port can belong to multiple VLANs). If the tagging on the egress port is enabled for the VID of a frame, then the frame is transmitted as a tagged frame; otherwise, it is transmitted as an untagged frame. P-660HW-Tx v3 Series User’s Guide...
Page 245: Q/1P Example
In the VLAN ID field type in 2 to identify the VLAN group. Select PVC1 from the Default Gateway drop-down list box. In the Control field, select Fixed for LAN1, LAN2 and PVC1 to be permanent members of the VLAN group. P-660HW-Tx v3 Series User’s Guide...
Page 246 Click Advanced > 802.1Q/1P > Port Setting to display the following screen. Type 2 in the 802.1Q PVID column for LAN1, LAN2 and PVC1. Select 7 from the 802.1P Priority drop-down list box for LAN1, LAN2 and PVC1. P-660HW-Tx v3 Series User’s Guide...
Page 247 SSID1 and SSID2 are two wireless networks. You want to create medium priority for this type of traffic, so you want to group these ports and PVC3 into one VLAN (VLAN4). PVC3 priority is set to medium level of service. P-660HW-Tx v3 Series User’s Guide...
Page 248 Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4. The summary screen should then display as follows. Advanced > 802.1Q/1P > Group Setting: Example This completes the 802.1Q/1P setup. P-660HW-Tx v3 Series User’s Guide...
Page 249: The 802.1Q/1P Group Setting Screen
PVCs) are in the management VLAN by default. If you disable the management VLAN, you will not be able to access the ZyXEL Device. Summary This field displays the index number of the VLAN group. P-660HW-Tx v3 Series User’s Guide...
Page 250: Editing 802.1Q/1P Group Setting
Use this screen to configure the settings for each VLAN group. In the 802.1Q/1P screen, click the Edit button from the Modify filed to display the following screen. Figure 105 Advanced > 802.1Q/1P > Group Setting > Edit P-660HW-Tx v3 Series User’s Guide...
Page 251 ZyXEL Device. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 252: The 802.1Q/1P Port Setting Screen
Same if you do not want to modify the priority. You may choose a priority level from 0-7, with 0 being the lowest level and 7 being the highest level. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 253: Quality Of Service (Qos)
• Use the Monitor screen (Section 16.4 on page 265) to view the ZyXEL Device’s QoS-related packet statistics. P-660HW-Tx v3 Series User’s Guide...
Page 254: What You Need To Know About Qos
(6) to VoIP traffic from the LAN interface, so that voice traffic would not get delayed when there is network congestion. Traffic from the boss’s IP address (192.168.1.23 for example) is mapped to queue 5. Traffic that does not match P-660HW-Tx v3 Series User’s Guide...
Page 255 QoS mapping table on the ZyXEL Device. Figure 107 QoS Example VoIP: Queue 6 50 Mbps Boss: Queue 5 IP=192.168.1.23 Figure 108 QoS Class Example: VoIP -1 P-660HW-Tx v3 Series User’s Guide...
Page 256 Chapter 16 Quality of Service (QoS) Figure 109 QoS Class Example: VoIP -2 Figure 110 QoS Class Example: Boss -1 P-660HW-Tx v3 Series User’s Guide...
Page 257 Chapter 16 Quality of Service (QoS) Figure 111 QoS Class Example: Boss -2 P-660HW-Tx v3 Series User’s Guide...
Page 258: The Qos General Screen
You can also set this number lower than the interface’s actual transmission speed. This will cause the ZyXEL Device to not use some of the interface’s available bandwidth. P-660HW-Tx v3 Series User’s Guide...
Page 259: The Class Setup Screen
(such as Telnet) to form a flow. Click Advanced > QoS > Class Setup to open the following screen. Figure 113 Advanced > QoS > Class Setup P-660HW-Tx v3 Series User’s Guide...
Page 260 Click the Edit icon to go to the screen where you can edit the classifier. Click the Remove icon to delete an existing classifier. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 261: The Class Configuration Screen
16.3.1 The Class Configuration Screen Use this screen to configure a classifier. Click the Add button or the Edit icon in the Modify field to display the following screen. Figure 114 Advanced > QoS > Class Setup: Edit P-660HW-Tx v3 Series User’s Guide...
Page 262 Select Same to keep the DSCP fields in the packets. Select Auto to map the DSCP value to 802.1 priority level automatically. Select Mark to set the DSCP field with the value you configure in the field provided. P-660HW-Tx v3 Series User’s Guide...
Page 263 Select the check box and enter the port number of the destination.0 means any source port number. See Appendix E on page 411 for some common services and port numbers. Select the check box and enter the destination MAC address of the packet. P-660HW-Tx v3 Series User’s Guide...
Page 264 Select this option to exclude the packets that match the specified criteria from this classifier. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 265: The Qos Monitor Screen
Poll Interval(s) Enter the time interval for refreshing statistics in this field. Set Interval Click this to apply the new poll interval you entered in the Poll Interval(s) field. Stop Click this to stop refreshing statistics. P-660HW-Tx v3 Series User’s Guide...
Page 266: Qos Technical Reference
ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest. P-660HW-Tx v3 Series User’s Guide...
Page 267: Diffserv
The following table shows you the internal layer-2 and layer-3 QoS mapping on the ZyXEL Device. On the ZyXEL Device, traffic assigned to higher priority queues P-660HW-Tx v3 Series User’s Guide...
Page 268 TOS (IP IP PACKET QUEUE DSCP (ETHERNET PRECEDENCE) LENGTH (BYTE) PRIORITY) 000000 000000 >1100 001110 250~1100 001100 001010 001000 010110 010100 010010 010000 011110 <250 011100 011010 011000 100110 100100 100010 100000 101110 101000 110000 111000 P-660HW-Tx v3 Series User’s Guide...
Page 269: Dynamic Dns Setup
IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. If you have a private WAN IP address, then you cannot use Dynamic DNS. P-660HW-Tx v3 Series User’s Guide...
Page 270: The Dynamic Dns Screen
Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (","). User Name Type your user name. Password Type the password assigned to you. P-660HW-Tx v3 Series User’s Guide...
Page 271 Type the IP address of the host name(s). Use this if you have a static IP IP Address address. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 272 Chapter 17 Dynamic DNS Setup P-660HW-Tx v3 Series User’s Guide...
Page 273: Remote Management
You may manage your ZyXEL Device from a remote location via: • Internet (WAN only) • LAN only • WLAN only • LAN and WAN • LAN and WLAN • WLAN and WAN • ALL (WAN, LAN and WLAN) • None (Disable) P-660HW-Tx v3 Series User’s Guide...
Page 274: What You Can Do In The Remote Management Screens
If it does not match, the ZyXEL Device will disconnect the session immediately. • There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. P-660HW-Tx v3 Series User’s Guide...
Page 275: The Www Screen
Note: If you disable the WWW service in the Remote MGMT > WWW screen, then the ZyXEL Device blocks all HTTP connection attempts. 18.2.1 Configuring the WWW Screen Click Advanced > Remote MGMT to display the WWW screen. Figure 118 Advanced > Remote Management > WWW P-660HW-Tx v3 Series User’s Guide...
Page 276: The Telnet Screen
Telnet access and from which IP address the access can come. Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. Figure 119 Advanced > Remote Management > Telnet P-660HW-Tx v3 Series User’s Guide...
Page 277: The Ftp Screen
Use this screen to specify which interfaces allow FTP access and from which IP address the access can come. To change your ZyXEL Device’s FTP settings, click Advanced > Remote MGMT > FTP. The screen appears as shown. Figure 120 Advanced > Remote Management > FTP P-660HW-Tx v3 Series User’s Guide...
Page 278: The Dns Screen
This feature is not available when the ZyXEL Device is set to bridge mode. Click Advanced > Remote MGMT > DNS to change your ZyXEL Device’s DNS settings. Figure 121 Advanced > Remote Management > DNS P-660HW-Tx v3 Series User’s Guide...
Page 279: The Icmp Screen
Note: If you want your device to respond to pings and requests for unauthorized services, you may also need to configure the firewall anti probing settings to match. Figure 122 Advanced > Remote Management > ICMP P-660HW-Tx v3 Series User’s Guide...
Page 280 TCP packet (or an ICMP port-unreachable packet for a blocked UDP packets) or just drop the packets without sending a response packet. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 281: Universal Plug-And-Play (Upnp)
UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following: • Dynamic port mapping • Learning public IP addresses • Assigning lease times to mappings P-660HW-Tx v3 Series User’s Guide...
Page 282 ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0. See the following sections for examples of installing and using UPnP. P-660HW-Tx v3 Series User’s Guide...
Page 283: The Upnp Screen
UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 284: Installing Upnp In Windows Example
Follow the steps below to install the UPnP in Windows Me. Click Start and Control Panel. Double-click Add/Remove Programs. Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication P-660HW-Tx v3 Series User’s Guide...
Page 285 Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections. P-660HW-Tx v3 Series User’s Guide...
Page 286 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Network Connections The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Windows Optional Networking Components Wizard P-660HW-Tx v3 Series User’s Guide...
Page 287: Using Upnp In Windows Xp Example
Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network Device Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. P-660HW-Tx v3 Series User’s Guide...
Page 288 Chapter 19 Universal Plug-and-Play (UPnP) Right-click the icon and select Properties. Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties P-660HW-Tx v3 Series User’s Guide...
Page 289 You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. P-660HW-Tx v3 Series User’s Guide...
Page 290 IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. Click Start and then Control Panel. Double-click Network Connections. P-660HW-Tx v3 Series User’s Guide...
Page 291 Chapter 19 Universal Plug-and-Play (UPnP) Select My Network Places under Other Places. Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. P-660HW-Tx v3 Series User’s Guide...
Page 292 Network Connections: My Network Places Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Network Connections: My Network Places: Properties: Example P-660HW-Tx v3 Series User’s Guide...
Page 293: Maintenance
Maintenance System Settings (295) Logs (301) Tools (315) Diagnostic (329)
Page 295: System Settings
A LAN (local area network) is typically a network which covers a small area, made up of computers and other devices which share resources such as Internet access, printers etc. P-660HW-Tx v3 Series User’s Guide...
Page 296: The General Screen
Computer Name tab. Note the entry in the Full computer name field and enter it as the ZyXEL Device System Name. Click Maintenance > System to open the General screen. Figure 124 Maintenance > System > General P-660HW-Tx v3 Series User’s Guide...
Page 297 After you change the password, use the new password to access the ZyXEL Device. Retype to Type the new password again for confirmation. confirm Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 298: The Time Setting Screen
Time Zone and Daylight Saving at the same time, the new time and date you entered has priority and the Time Zone and Daylight Saving settings do not affect it. P-660HW-Tx v3 Series User’s Guide...
Page 299 European Union you would select Last, Sunday, March. The time you type in the o'clock field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). P-660HW-Tx v3 Series User’s Guide...
Page 300 Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User’s Guide...
Page 301: Logs
A log is a message about an event that occurred on your ZyXEL Device. For example, when someone logs in to the ZyXEL Device, you can set a schedule for how often logs should be enabled, or sent to a syslog server. P-660HW-Tx v3 Series User’s Guide...
Page 302: The View Log Screen
Time This field displays the time the log was recorded. Message This field states the reason for the log. Source This field lists the source IP address and the port number of the incoming packet. P-660HW-Tx v3 Series User’s Guide...
Page 303: The Log Settings Screen
Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many e-mails being sent. Figure 127 Maintenance > Logs > Log Settings P-660HW-Tx v3 Series User’s Guide...
Page 304 Select a location from the drop down list box. The log facility allows you to log the messages to different files in the syslog server. Refer to the syslog server manual for more information. Active Log and Alert Select the categories of logs that you want to record. P-660HW-Tx v3 Series User’s Guide...
Page 305: Smtp Error Messages
An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail. • You may edit the subject title. P-660HW-Tx v3 Series User’s Guide...
Page 306: Log Descriptions
Someone has logged on to the router via telnet. Successful TELNET login Someone has failed to log on to the router via telnet. TELNET login failed Someone has logged on to the router via ftp. Successful FTP login P-660HW-Tx v3 Series User’s Guide...
Page 307 The router failed to allocate memory for the NetBIOS readNetBIOSFilter: calloc filter settings. error A WAN connection is down. You cannot access the WAN connection is down. network through this interface. P-660HW-Tx v3 Series User’s Guide...
Page 308 Firewall session time firewall session timed out.Default timeout values:ICMP out, sent TCP RST idle timeout (s): 60UDP idle timeout (s): 60TCP connection (three way handshaking) timeout (s): 30TCP FIN-wait timeout (s): 60TCP idle (established) timeout (s): 3600 P-660HW-Tx v3 Series User’s Guide...
Page 309 The firewall does not support this kind of ICMP Unsupported/out-of-order ICMP: packets or the ICMP packets are out of order. ICMP The router sent an ICMP reply packet to the Router reply ICMP packet: ICMP sender. P-660HW-Tx v3 Series User’s Guide...
Page 310 UPnP packets can pass through the firewall. UPnP pass through Firewall Table 101 Content Filtering Logs LOG MESSAGE DESCRIPTION The content of a requested web page matched a user defined %s: block keyword keyword. The system forwarded web content. P-660HW-Tx v3 Series User’s Guide...
Page 311 A user was not authenticated by the RADIUS RADIUS rejects user. Pls check Server. Please check the RADIUS Server. RADIUS Server. The router logged out a user whose session User logout because of session expired. timeout expired. P-660HW-Tx v3 Series User’s Guide...
Page 312 CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed P-660HW-Tx v3 Series User’s Guide...
Page 313 The “devID” is the last three characters of the MAC address of the router’s LAN port. The “cat” is the same as the category in the router’s logs. P-660HW-Tx v3 Series User’s Guide...
Page 314 Please refer to RFC 2408 for detailed information on each type. Table 107 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID P-660HW-Tx v3 Series User’s Guide...
Page 315: Tools
(Section 22.3 on page 325) to backup and restore device configurations. You can also reset your device settings back to the factory default. • Use the Restart screen (Section 22.4 on page 328) to restart your ZyXEL device. P-660HW-Tx v3 Series User’s Guide...
Page 316: What You Need To Know About Tools
ROM file system, including your ZyXEL Device configurations, system-related data (including the default password), the error log and the trace log. Firmware This is the generic name for the ZyNOS *.bin firmware on the ZyXEL Device. P-660HW-Tx v3 Series User’s Guide...
Page 317: Before You Begin
FTP is faster. Please note that you must wait for the system to automatically restart after the file transfer is complete. Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE your device. When the Restore Configuration process is complete, the device automatically restarts. P-660HW-Tx v3 Series User’s Guide...
Page 318 “rom-0”. Likewise “get rom-0 config.rom” transfers the configuration file on the device to your computer and renames it “config.rom.” See earlier in this chapter for more information on filename conventions. Enter “quit” to exit the ftp prompt. P-660HW-Tx v3 Series User’s Guide...
Page 319 Note that the telnet connection must be active and the device in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For P-660HW-Tx v3 Series User’s Guide...
Page 320 “get rom-0 config.rom” transfers the configuration file on the ZyXEL Device to your computer and renames it “config.rom”. See earlier in this chapter for more information on filename conventions. Enter “quit” to exit the ftp prompt. P-660HW-Tx v3 Series User’s Guide...
Page 321 TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next. P-660HW-Tx v3 Series User’s Guide...
Page 322 Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom extension) on your computer. Remote This is the filename on the ZyXEL Device. The filename for the firmware is File “ras” and for the configuration file, is “rom-0”. P-660HW-Tx v3 Series User’s Guide...
Page 323: The Firmware Screen
This is the present Firmware version and the date created. Firmware Version File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. P-660HW-Tx v3 Series User’s Guide...
Page 324 In some operating systems, you may see the following icon on your desktop. Figure 134 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. P-660HW-Tx v3 Series User’s Guide...
Page 325: The Configuration Screen
FTP/TFTP commands. Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next. Figure 136 Maintenance > Tools > Configuration P-660HW-Tx v3 Series User’s Guide...
Page 326 Do not turn off the ZyXEL Device while configuration file upload is in progress. After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 137 Configuration Upload Successful P-660HW-Tx v3 Series User’s Guide...
Page 327 IP address. If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 139 Configuration Upload Error P-660HW-Tx v3 Series User’s Guide...
Page 328: The Restart Screen
You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 142 Maintenance > Tools >Restart P-660HW-Tx v3 Series User’s Guide...
Page 329: Diagnostic
DSL line statistics and reset the ADSL line. 23.2 The General Diagnostic Screen Use this screen to ping an IP address. Click Maintenance > Diagnostic to open the screen shown next. Figure 143 Maintenance > Diagnostic > General P-660HW-Tx v3 Series User’s Guide...
Page 330: The Dsl Line Diagnostic Screen
Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 144 Maintenance > Diagnostic > DSL Line P-660HW-Tx v3 Series User’s Guide...
Page 331 ZyXEL Device sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network. P-660HW-Tx v3 Series User’s Guide...
Page 332 Reset ADSL Line Successfully!" Capture All Click this to display information and statistics about your ZyXEL Device’s Logs ATM statistics, DSL connection statistics, DHCP settings, firmware version, WAN and gateway IP address, VPI/VCI and LAN IP address. P-660HW-Tx v3 Series User’s Guide...
Page 333: Troubleshooting And Specifications
Troubleshooting and Specifications Troubleshooting (335) Product Specifications (341)
Page 335: Troubleshooting
Turn the ZyXEL Device off and on. If the problem continues, contact the vendor. One of the LEDs does not behave as expected. Make sure you understand the normal behavior of the LED. See Section 1.5 on page P-660HW-Tx v3 Series User’s Guide...
Page 336: Zyxel Device Access And Login
If this does not work, you have to reset the device to its factory defaults. See Section 1.6 on page I cannot see or access the Login screen in the web configurator. Make sure you are using the correct IP address. • The default IP address is 192.168.1.1. P-660HW-Tx v3 Series User’s Guide...
Page 337 You cannot log in to the web configurator while someone is using Telnet to access the ZyXEL Device. Log out of the ZyXEL Device in the other session, or ask the person who is logged in to log out. P-660HW-Tx v3 Series User’s Guide...
Page 338: Internet Access
AP. Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again. If the problem continues, contact your ISP. P-660HW-Tx v3 Series User’s Guide...
Page 339 Advanced Suggestions • Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications. P-660HW-Tx v3 Series User’s Guide...
Page 340 Chapter 24 Troubleshooting P-660HW-Tx v3 Series User’s Guide...
Page 341: Product Specifications
Storage Temperature -20º ~ 60º C Operation Humidity 20% ~ 90% RH Storage Humidity 20% ~ 90% RH 25.2 Firmware Specifications Table 116 Firmware Specifications Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) P-660HW-Tx v3 Series User’s Guide...
Page 342 ZyXEL Device. You can also set the time manually. These dates and times are then used in logs. Logs Use logs for troubleshooting. You can send logs from the ZyXEL Device to an external syslog server. P-660HW-Tx v3 Series User’s Guide...
Page 343 LAN interfaces via its single physical Ethernet interface with the your device itself as the gateway for each LAN network. Packet Filters Your device’s packet filtering function allows added network security and management. P-660HW-Tx v3 Series User’s Guide...
Page 344 CLI (Command Line Interpreter) Embedded FTP/TFTP Server for firmware upgrade and configuration file backup and restore Telnet for remote management Remote Management Control: Telnet, FTP, Web and DNS. Remote Firmware Upgrade Syslog TR-069 F4/F5 OAM P-660HW-Tx v3 Series User’s Guide...
Page 345: Wireless Features
Wired Equivalent Privacy (WEP) Data Encryption 64/128/256 bit. WLAN bridge to LAN Up to 32 MAC Address filters IEEE 802.1x Store up to 32 built-in user profiles using EAP-MD5 (Local User Database) External RADIUS server using EAP-MD5, TLS, TTLS Wireless scheduling P-660HW-Tx v3 Series User’s Guide...
Page 346 ITU standard (also referred to as ADSL2) that extends the (G.lite.bis) capability of basic ADSL in data rates. ITU G.992.5 (ADSL2+) ITU standard (also referred to as ADSL2+) that extends the capability of basic ADSL by doubling the number of downstream bits. P-660HW-Tx v3 Series User’s Guide...
Page 347: Power Adaptor Specifications
7.7 Watt max Safety Standards ANSI/UL 60950-1, CSA 60950-1 EUROPEAN PLUG STANDARDS AC Power Adapter Model Input Power AC 230Volts/50Hz Output Power DC 12Volts/1.0A Power Consumption 8.3 Watt max Safety Standards CE, GS or TUV, EN60950-1 P-660HW-Tx v3 Series User’s Guide...
Page 348 Chapter 25 Product Specifications P-660HW-Tx v3 Series User’s Guide...
Page 349: Part Viii: Appendices And Index
VIII Appendices and Index Note: The appendices provide general information. Some details may not apply to your ZyXEL Device. Setting up Your Computer’s IP Address (351) Pop-up Windows, JavaScripts and Java Permissions (375) IP Addresses and Subnetting (385) Wireless LANs (395) Services (411) Legal Information (415) Index (419)
Page 351: Appendix A Setting Up Your Computer's Ip Address
"communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. P-660HW-Tx v3 Series User’s Guide...
Page 352 Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: In the Network window, click Add. Select Protocol and then click Add. P-660HW-Tx v3 Series User’s Guide...
Page 353 • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 146 Windows 95/98/Me: TCP/IP Properties: IP Address P-660HW-Tx v3 Series User’s Guide...
Page 354 Click Start and then Run. In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. P-660HW-Tx v3 Series User’s Guide...
Page 355 Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 148 Windows XP: Start Menu In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT). Figure 149 Windows XP: Control Panel P-660HW-Tx v3 Series User’s Guide...
Page 356 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 151 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). P-660HW-Tx v3 Series User’s Guide...
Page 357 Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. P-660HW-Tx v3 Series User’s Guide...
Page 358 • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. P-660HW-Tx v3 Series User’s Guide...
Page 359: Windows Vista
In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Windows Vista This section shows screens from Windows Vista Enterprise Version 6.0. P-660HW-Tx v3 Series User’s Guide...
Page 360 Click the Start icon, Control Panel. Figure 155 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 156 Windows Vista: Control Panel Click Network and Sharing Center. Figure 157 Windows Vista: Network And Internet P-660HW-Tx v3 Series User’s Guide...
Page 361 Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 159 Windows Vista: Network and Sharing Center P-660HW-Tx v3 Series User’s Guide...
Page 362 • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. P-660HW-Tx v3 Series User’s Guide...
Page 363 Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. P-660HW-Tx v3 Series User’s Guide...
Page 364 • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. P-660HW-Tx v3 Series User’s Guide...
Page 365 Click Start, All Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. P-660HW-Tx v3 Series User’s Guide...
Page 366 Appendix A Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 164 Macintosh OS 8/9: Apple Menu P-660HW-Tx v3 Series User’s Guide...
Page 367 Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration. Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window. P-660HW-Tx v3 Series User’s Guide...
Page 368: Macintosh Os X
• Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. Figure 167 Macintosh OS X: Network For statically assigned settings, do the following: P-660HW-Tx v3 Series User’s Guide...
Page 369 Follow the steps below to configure your computer IP address using the KDE. Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 168 Red Hat 9.0: KDE: Network Configuration: Devices P-660HW-Tx v3 Series User’s Guide...
Page 370 If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 170 Red Hat 9.0: KDE: Network Configuration: DNS Click the Devices tab. P-660HW-Tx v3 Series User’s Guide...
Page 371 • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 172 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet P-660HW-Tx v3 Series User’s Guide...
Page 372 Figure 175 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] P-660HW-Tx v3 Series User’s Guide...
Page 373: Verifying Settings
Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# P-660HW-Tx v3 Series User’s Guide...
Page 374 Appendix A Setting up Your Computer’s IP Address P-660HW-Tx v3 Series User’s Guide...
Page 375: Appendix B Pop-Up Windows, Javascript And Java Permissions
In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 177 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. P-660HW-Tx v3 Series User’s Guide...
Page 376 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. P-660HW-Tx v3 Series User’s Guide...
Page 377 Select Settings…to open the Pop-up Blocker Settings screen. Figure 179 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. P-660HW-Tx v3 Series User’s Guide...
Page 378 Figure 180 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed. P-660HW-Tx v3 Series User’s Guide...
Page 379 Figure 181 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). P-660HW-Tx v3 Series User’s Guide...
Page 380: Java Permissions
Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. P-660HW-Tx v3 Series User’s Guide...
Page 381 Click OK to close the window. Figure 183 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. P-660HW-Tx v3 Series User’s Guide...
Page 382 Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 185 Mozilla Firefox: Tools > Options P-660HW-Tx v3 Series User’s Guide...
Page 383 Appendix B Pop-up Windows, JavaScript and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 186 Mozilla Firefox Content Security P-660HW-Tx v3 Series User’s Guide...
Page 384 Appendix B Pop-up Windows, JavaScript and Java Permissions P-660HW-Tx v3 Series User’s Guide...
Page 385: Appendix C Ip Addresses And Subnetting
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. P-660HW-Tx v3 Series User’s Guide...
Page 386: Subnet Masks
ID of an IP address (192.168.1.2 in decimal). Table 120 Subnet Masks OCTET: OCTET: OCTET: OCTET (192) (168) IP Address (Binary) 11000000 10101000 00000001 00000010 Subnet Mask (Binary) 11111111 11111111 11111111 00000000 Network Number 11000000 10101000 00000001 Host ID 00000010 P-660HW-Tx v3 Series User’s Guide...
Page 387 SUBNET MASK HOST ID SIZE HOSTS 8 bits 255.0.0.0 24 bits – 2 16777214 16 bits 255.255.0.0 16 bits – 2 65534 24 bits 255.255.255.0 8 bits – 2 29 bits 255.255.255.2 3 bits – 2 P-660HW-Tx v3 Series User’s Guide...
Page 388 In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 2 – 2 or 254 possible hosts. P-660HW-Tx v3 Series User’s Guide...
Page 389 The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 189 Subnetting Example: After Subnetting P-660HW-Tx v3 Series User’s Guide...
Page 390 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 P-660HW-Tx v3 Series User’s Guide...
Page 391 Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 128 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS P-660HW-Tx v3 Series User’s Guide...
Page 392 8192 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP P-660HW-Tx v3 Series User’s Guide...
Page 393 Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. P-660HW-Tx v3 Series User’s Guide...
Page 394 Appendix C IP Addresses and Subnetting P-660HW-Tx v3 Series User’s Guide...
Page 395: Appendix D Wireless Lans
(AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate P-660HW-Tx v3 Series User’s Guide...
Page 396 This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. P-660HW-Tx v3 Series User’s Guide...
Page 397 A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or P-660HW-Tx v3 Series User’s Guide...
Page 398 RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. P-660HW-Tx v3 Series User’s Guide...
Page 399: Fragmentation Threshold
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has P-660HW-Tx v3 Series User’s Guide...
Page 400 IEEE802.1x EAP with RADIUS Server Authentication Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. P-660HW-Tx v3 Series User’s Guide...
Page 401 The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. P-660HW-Tx v3 Series User’s Guide...
Page 402 The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. P-660HW-Tx v3 Series User’s Guide...
Page 403 However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. P-660HW-Tx v3 Series User’s Guide...
Page 404: Dynamic Wep Key Exchange
RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. P-660HW-Tx v3 Series User’s Guide...
Page 405 The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption P-660HW-Tx v3 Series User’s Guide...
Page 406 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client. P-660HW-Tx v3 Series User’s Guide...
Page 407 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. P-660HW-Tx v3 Series User’s Guide...
Page 408: Security Parameters Summary
Enable without Dynamic WEP Open Enable with Dynamic WEP Key Enable without Dynamic WEP Disable Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Disable TKIP/AES Enable WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable P-660HW-Tx v3 Series User’s Guide...
Page 409: Antenna Characteristics
Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. P-660HW-Tx v3 Series User’s Guide...
Page 410: Positioning Antennas
For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. P-660HW-Tx v3 Series User’s Guide...
Page 411: Appendix E Services
• If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. P-660HW-Tx v3 Series User’s Guide...
Page 412 IMAP4 The Internet Message Access Protocol is used for e-mail. IMAP4S This is a more secure version of IMAP4 that runs over SSL. TCP/UDP 6667 This is another popular Internet chat program. P-660HW-Tx v3 Series User’s Guide...
Page 413 TCP/UDP 1026 This is an ISP that provides services mainly for cable modems. RTELNET Remote Telnet. RTSP TCP/UDP The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. P-660HW-Tx v3 Series User’s Guide...
Page 414 Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the user- application. defined P-660HW-Tx v3 Series User’s Guide...
Page 415: Appendix F Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 416 • To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons. 注意 ! 依據低功率電波輻射性電機管理辦法第十二條經型式認證合格之低功率射頻電機，非經許可，公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。第十四條低功率射頻電機之使用不得影響飛航安全及干擾合法通信；經發現有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用。前項合法通信，指依電信規定作業之無線電信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 P-660HW-Tx v3 Series User’s Guide...
Page 417: Zyxel Limited Warranty
ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. P-660HW-Tx v3 Series User’s Guide...
Page 418 Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-660HW-Tx v3 Series User’s Guide...
Page 419: Index
320, 321, 326 bandwidth management address mapping Basic Service Set, See BSS rules Basic Service Set, see BSS types 179, 180, 184 broadcast Address Resolution Protocol, see ARP 161, 395 administrator password 30, 297 example P-660HW-Tx v3 Series User’s Guide...
Page 420 103, 120, 125, 130, 278 320, 321, 326 classifiers Domain Name System, see DNS DHCP file three-way handshake firewalls 194, 198, 203 thresholds 190, 202, 203 IP alias DSCP 262, 264, 267 P-660HW-Tx v3 Series User’s Guide...
Page 421 316, 323 upgrading version FCC interference statement forwarding ports filters 172, 174 activation content configuration activation example example rules keywords schedules fragmentation threshold 146, 158, 399 trusted IP addresses 24, 277 backing up configuration P-660HW-Tx v3 Series User’s Guide...
Page 422 Inside Local Address, see ILA protocol filters Internet Control Message Protocol, see ICMP schedules Internet Group Multicast Protocol, see IGMP settings IP address 100, 103, 109, 115, 120, 131 default server 174, 176 P-660HW-Tx v3 Series User’s Guide...
Page 423 PPPoE IP alias passwords 29, 30 default server IP address 174, 176 administrator example users global 105, 112, 116 Peak Cell Rate, see PCR inside local outside PIN, WPS 151, 153, 164 example P-660HW-Tx v3 Series User’s Guide...
Page 424 RTS (Request To Send) creation threshold 397, 398 priority RTS threshold 146, 158 rules, port forwarding DiffServ DSCP 262, 264, 267 example IP precedence monitor safety warnings priority queue schedules remote node content filtering P-660HW-Tx v3 Series User’s Guide...
Page 425 DSL connections firewalls RTS/CTS 146, 158 firmware version time TR-069 packet statistics trademarks traffic priority wireless LAN 243, 252 WLAN traffic shaping example triangle route 172, 173 195, 207, 208 solutions subnet trusted CA 230, 233 P-660HW-Tx v3 Series User’s Guide...
Page 426 Wireless Distribution System, see WDS group settings wireless LAN 137, 156 management group activation port settings authentication 158, 160 PVID example tagging frames 244, 251 channel 102, 109, 114 configuration encryption 140, 160 example fragmentation threshold 146, 158 P-660HW-Tx v3 Series User’s Guide...
Page 427 Wireless tutorial wizard configuration wireless LAN WLAN interference security parameters 144, 161, 404 authentication key caching pre-authentication reauthentication 143, 145 user authentication vs WPA-PSK wireless client supplicant with RADIUS application example WPA2 user authentication P-660HW-Tx v3 Series User’s Guide...
Page 428 Index P-660HW-Tx v3 Series User’s Guide...

This manual is also suitable for:

P-660hw-t1 v3 P-660hw-t3 v3 P-660hw-tx

ZyXEL Communications P-660HW-Tx v3 Series User Manual

About this User's Guide

Document Conventions

Safety Warnings

Contents Overview

Table of Contents

Introduction

PART I Introduction

Chapter 1 Introducing the Zyxel Device

Chapter 2 Introducing the Web Configurator

Chapter 3 Status Screens

Chapter 4 Tutorials

Wizard

Part II: Wizard

Chapter 5 Internet and Wireless Setup Wizard

Part III: Network

Network

Chapter 6 WAN Setup

Chapter 7 LAN Setup

Chapter 8 Wireless LAN

Chapter 9 Network Address Translation (NAT)

Part IV: Security

Security

Chapter 10 Firewalls

Chapter 11 Content Filtering

Chapter 12 Packet Filter

Chapter 13 Certificates

Advanced

Part V: Advanced

Chapter 14 Static Route

Chapter 15

Q/1P

Chapter 16 Quality of Service (Qos)

Chapter 17 Dynamic DNS Setup

Chapter 18 Remote Management

Chapter 19 Universal Plug-And-Play (Upnp)

Part VI: Maintenance

Maintenance

Chapter 20 System Settings

Chapter 21 Logs

Chapter 22 Tools

Chapter 23 Diagnostic

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications P-660HW-Tx v3 Series

Summary of Contents for ZyXEL Communications P-660HW-Tx v3 Series