Download Print this page

ZyXEL Communications P-662H-61 User Manual

P-662h series 802.11g adsl2+ 4-port security gateway

Hide thumbs Also See for P-662H-61:

Upgrade information (16 pages)

,

Declaration of conformity (1 page)

,

Quick start manual (8 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

P-662H/HW-D Series

802.11g ADSL2+ 4-Port Security Gateway

User's Guide

Version 3.40

12/2008

Edition 3

DEFAULT LOGIN

IP Address

User Password

Admin Password

http://192.168.1.1

user

1234

www.zyxel.com

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the P-662H-61 and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications P-662H-61

Page 1 P-662H/HW-D Series 802.11g ADSL2+ 4-Port Security Gateway User’s Guide Version 3.40 12/2008 Edition 3 DEFAULT LOGIN IP Address http://192.168.1.1 User Password user Admin Password 1234 www.zyxel.com...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
Page 4: Document Conventions
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router P-662H/HW-D Series User’s Guide...
Page 6: Safety Warnings
Safety Warnings Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 7 Safety Warnings This product is recyclable. Dispose of it properly. P-662H/HW-D Series User’s Guide...
Page 8 Safety Warnings P-662H/HW-D Series User’s Guide...
Page 9: Table Of Contents
Contents Overview Contents Overview Introduction and Wizards ...................... 37 Getting To Know Your ZyXEL Device ..................39 Introducing the Web Configurator ....................43 Wizard Setup for Internet Access ....................59 Bandwidth Management Wizard ....................73 Network ........................... 79 WAN Setup ..........................81 LAN Setup ..........................
Page 10 Contents Overview Appendices and Index ......................353 P-662H/HW-D Series User’s Guide...
Page 11: Table Of Contents
Table of Contents Table of Contents About This User's Guide ......................3 Document Conventions......................4 Safety Warnings........................6 Contents Overview ........................9 Table of Contents........................11 List of Figures ......................... 23 List of Tables........................... 31 Part I: Introduction and Wizards............37 Chapter 1 Getting To Know Your ZyXEL Device..................
Page 12 Table of Contents Chapter 3 Wizard Setup for Internet Access..................59 3.1 Introduction .......................... 59 3.2 Internet Access Wizard Setup ..................... 59 3.2.1 Automatic Detection ....................61 3.2.2 Manual Configuration ....................61 3.3 Wireless Connection Wizard Setup ..................66 3.3.1 Automatically assign a WPA key ................69 3.3.2 Manually assign a WPA-PSK key ................
Page 13 Table of Contents Chapter 6 LAN Setup..........................101 6.1 LAN Overview ........................101 6.1.1 LANs, WANs and the ZyXEL Device ................ 101 6.1.2 DHCP Setup ......................102 6.1.3 DNS Server Address ....................102 6.1.4 DNS Server Address Assignment ................102 6.2 LAN TCP/IP ........................
Page 14 Table of Contents 7.8.2 WMM QoS Priorities ....................130 7.8.3 Services ........................131 7.9 QoS Screen ........................131 7.9.1 ToS (Type of Service) and WMM QoS ..............131 7.9.2 Application Priority Configuration ................132 7.10 Multiple SSID (P-662HW-D Models only) ................ 133 7.10.1 Multiple SSID Commands ..................
Page 15 Table of Contents 10.2 Types of Firewalls ......................157 10.2.1 Packet Filtering Firewalls ..................157 10.2.2 Application-level Firewalls ..................158 10.2.3 Stateful Inspection Firewalls .................. 158 10.3 Introduction to ZyXEL’s Firewall ..................158 10.3.1 Denial of Service Attacks ..................159 10.4 Denial of Service ......................
Page 16 Table of Contents Chapter 12 Content Filtering ........................191 12.1 Content Filtering Overview ..................... 191 12.2 Configuring Keyword Blocking ..................191 12.3 Configuring the Schedule ....................192 12.4 Configuring Trusted Computers ..................193 Chapter 13 Content Access Control ....................... 195 13.1 Content Access Control Overview ...................
Page 17 Table of Contents 15.3.1 Transport Mode ...................... 218 15.3.2 Tunnel Mode ......................218 15.4 IPSec and NAT ........................ 218 Chapter 16 VPN Screens.......................... 221 16.1 VPN/IPSec Overview ....................... 221 16.2 IPSec Algorithms ......................221 16.2.1 AH (Authentication Header) Protocol ..............221 16.2.2 ESP (Encapsulating Security Payload) Protocol ............
Page 18 Table of Contents 17.5 My Certificate Import ...................... 250 17.5.1 Certificate File Formats ..................251 17.6 My Certificate Create ...................... 252 17.7 My Certificate Details ...................... 254 17.8 Trusted CAs ........................257 17.9 Trusted CA Import ......................259 17.10 Trusted CA Details ......................260 17.11 Trusted Remote Hosts ....................
Page 19 Table of Contents Chapter 20 Dynamic DNS Setup ......................287 20.1 Dynamic DNS Overview ....................287 20.1.1 DYNDNS Wildcard ....................287 20.2 Configuring Dynamic DNS ....................287 Chapter 21 Remote Management Configuration ................... 291 21.1 Remote Management Overview ..................291 21.1.1 Remote Management Limitations ................
Page 20 Table of Contents 23.2 Time Setting ........................319 Chapter 24 Logs ............................323 24.1 Logs Overview ........................ 323 24.1.1 Alerts and Logs ...................... 323 24.2 Viewing the Logs ......................323 24.3 Configuring Log Settings ....................324 24.4 SMTP Error Messages ....................326 24.4.1 Example E-mail Log ....................
Page 21 Table of Contents Appendix B Pop-up Windows, JavaScripts and Java Permissions ........377 Appendix C IP Addresses and Subnetting ................385 Appendix D Wireless LANs ....................395 Appendix E Management with Wireless Zero Configuration ..........409 Appendix F Common Services..................... 423 Appendix G Virtual Circuit Topology ..................
Page 22 Table of Contents P-662H/HW-D Series User’s Guide...
Page 23: List Of Figures
List of Figures List of Figures Figure 1 ZyXEL Device Internet Access Application ................40 Figure 2 ZyXEL Device LAN-to-LAN Application Example ..............40 Figure 3 Firewall Application ........................41 Figure 4 P-662H Front Panel ........................41 Figure 5 P-662HW Front Panel ......................41 Figure 6 Password Screen ........................
Page 24 List of Figures Figure 39 Bandwidth Management Wizard: General Information ............75 Figure 40 Bandwidth Management Wizard: Configuration ..............76 Figure 41 Bandwidth Management Wizard: Complete ................77 Figure 42 Example of Traffic Shaping ....................84 Figure 43 Internet Connection (PPPoE) ....................86 Figure 44 Advanced Internet Connection ....................
Page 25 List of Figures Figure 82 NAT Application With IP Alias ....................143 Figure 83 NAT General ......................... 145 Figure 84 Multiple Servers Behind NAT Example ................146 Figure 85 NAT Port Forwarding ......................147 Figure 86 Port Forwarding Rule Setup ....................148 Figure 87 Address Mapping Rules .......................
Page 26 List of Figures Figure 125 Encryption and Decryption ....................216 Figure 126 IPSec Architecture ......................217 Figure 127 Transport and Tunnel Mode IPSec Encapsulation ............. 218 Figure 128 IPSec Summary Fields ....................... 223 Figure 129 VPN Setup .......................... 224 Figure 130 NAT Router Between IPSec Routers ................. 225 Figure 131 VPN Host using Intranet DNS Server Example ..............
Page 27 List of Figures Figure 168 SNMP Management Model ....................296 Figure 169 Remote Management: SNMP .................... 298 Figure 170 Remote Management: DNS ....................299 Figure 171 Remote Management: ICMP ....................300 Figure 172 Enabling TR-069 ....................... 301 Figure 173 Configuring UPnP ....................... 304 Figure 174 Add/Remove Programs: Windows Setup: Communication ..........
Page 28 List of Figures Figure 211 Java (Sun) .......................... 344 Figure 212 Internet Options Security ....................345 Figure 213 Security Setting ActiveX Controls ..................345 Figure 214 Wall-mounting Example ...................... 352 Figure 215 Masonry Plug and M4 Tap Screw ..................352 Figure 216 WIndows 95/98/Me: Network: Configuration ..............
Page 29 List of Figures Figure 254 Security Settings - Java ...................... 381 Figure 255 Java (Sun) .......................... 382 Figure 256 Mozilla Firefox: Tools > Options ..................383 Figure 257 Mozilla Firefox Content Security ..................383 Figure 258 Network Number and Host ID .................... 386 Figure 259 Subnetting Example: Before Subnetting ................
Page 30 List of Figures Figure 297 Displaying Log Categories Example .................. 438 Figure 298 Displaying Log Parameters Example ................. 438 Figure 299 Routing Command Example ....................440 Figure 300 Backup Gateway ........................ 441 Figure 301 Configuration Text File Format: Column Descriptions ............443 Figure 302 Invalid Parameter Entered: Command Line Example ............
Page 31: List Of Tables
List of Tables List of Tables Table 1 Front Panel LEDs ........................41 Table 2 Web Configurator Screens Summary ..................47 Table 3 Status Screen ..........................51 Table 4 Status: Any IP Table ........................53 Table 5 Status: WLAN Status ......................... 54 Table 6 Status: VPN Status ........................
Page 32 List of Tables Table 39 Wireless: WPA(2)-PSK ......................121 Table 40 Wireless: WPA(2) ........................123 Table 41 Wireless LAN: Advanced ...................... 124 Table 42 OTIST ........................... 126 Table 43 MAC Address Filter ....................... 129 Table 44 WMM QoS Priorities ......................130 Table 45 Wireless LAN: QoS .......................
Page 33 List of Tables Table 82 Content Access Control: Trusted-external Website .............. 209 Table 83 Security > Register ........................ 212 Table 84 Security > Register > Service ....................214 Table 85 VPN and NAT ........................219 Table 86 AH and ESP .......................... 222 Table 87 VPN Setup ..........................
Page 34 List of Tables Table 125 Remote Management: FTP ....................295 Table 126 SNMP Traps ........................297 Table 127 Remote Management: SNMP ..................... 298 Table 128 Remote Management: DNS ....................299 Table 129 Remote Management: ICMP ....................300 Table 130 TR-069 Commands ......................301 Table 131 Configuring UPnP .......................
Page 35 List of Tables Table 168 Windows XP: Protected EAP Properties ................418 Table 169 Windows XP: Smart Card or other Certificate Properties ........... 419 Table 170 Commonly Used Services ....................423 Table 171 NetBIOS Filter Default Settings ..................436 Table 172 Abbreviations Used in the Example Internal SPTGEN Screens Table ....... 446 Table 173 Menu 1 General Setup ......................
Page 36 List of Tables P-662H/HW-D Series User’s Guide...
Page 37: Introduction And Wizards
Introduction and Wizards Getting To Know Your ZyXEL Device (39) Introducing the Web Configurator (43) Wizard Setup for Internet Access (59) Bandwidth Management Wizard (73)
Page 39: Getting To Know Your Zyxel Device
H A P T E R Getting To Know Your ZyXEL Device This chapter describes the key features and applications of your ZyXEL Device 1.1 Introducing the ZyXEL Device Your ZyXEL Device integrates high-speed 10/100Mbps auto-negotiating LAN interface(s) and a high-speed ADSL port into a single package. The ZyXEL Device is ideal for high-speed Internet browsing and making LAN-to-LAN connections to remote networks.
Page 40: Firewall For Secure Broadband Internet Access
Chapter 1 Getting To Know Your ZyXEL Device See the product specifications in the appendix for detailed features and standards support. 1.1.1.1 Internet Access The ZyXEL Device is the ideal high-speed Internet access solution. Your ZyXEL Device supports the TCP/IP protocol, which the Internet uses exclusively. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers.
Page 41: Front Panel Leds
Chapter 1 Getting To Know Your ZyXEL Device Figure 3 Firewall Application 1.1.3 Front Panel LEDs Figure 4 P-662H Front Panel Figure 5 P-662HW Front Panel The following table describes the Lights. Table 1 Front Panel LEDs COLOR STATUS DESCRIPTION POWER Green The ZyXEL Device is receiving power and functioning...
Page 42 Chapter 1 Getting To Know Your ZyXEL Device Table 1 Front Panel LEDs (continued) COLOR STATUS DESCRIPTION WLAN (P- Green The ZyXEL Device is ready, but is not sending/receiving data 662HW only) through the wireless LAN. Blinking The ZyXEL Device is sending/receiving data through the wireless LAN.
Page 43: Introducing The Web Configurator
H A P T E R Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
Page 44: Figure 6 Password Screen
Chapter 2 Introducing the Web Configurator 4 Type "192.168.1.1" as the URL. 5 A window displays as shown. Enter the default admin password 1234 to configure the wizards and the advanced features or the default user password user to view the status only.
Page 45: Figure 7 Change Password At Login
Chapter 2 Introducing the Web Configurator Figure 7 Change Password at Login 7 It is highly recommended you replace the factory default certificate by creating your own unique certificate based on your ZyXEL Device’s MAC address. Click Apply to create the certificate, alternatively click Ignore to proceed to the next menu if you do not want to replace the certificate now.
Page 46: Resetting The Zyxel Device
Chapter 2 Introducing the Web Configurator Figure 9 Select a Mode The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens to you. 2.3 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration...
Page 47: Navigating The Web Configurator
Chapter 2 Introducing the Web Configurator 2.4 Navigating the Web Configurator We use the P-662HW-D1 web screens in this guide as an example. Screens vary slightly for different ZyXEL Device models. 2.4.1 Navigation Panel After you enter the admin password, use the sub-menus on the navigation panel to configure ZyXEL Device features.
Page 48 Chapter 2 Introducing the Web Configurator Table 2 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION Status This screen shows the ZyXEL Device’s general device, system and interface status information. Use this screen to access the summary statistics tables. Network Remote Node Use this screen to configure placing calls to a remote gateway.
Page 49 Chapter 2 Introducing the Web Configurator Table 2 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION Content Filter Keyword Use this screen to block sites containing certain keywords in the URL. Schedule Use this screen to set the days and times for the ZyXEL Device to perform content filtering.
Page 50: Status Screen
Chapter 2 Introducing the Web Configurator Table 2 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION Remote MGMT Use this screen to configure through which interface(s) and from which IP address(es) users can use HTTPS or HTTP to manage the ZyXEL Device. Telnet Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the...
Page 51: Figure 11 Status Screen
Chapter 2 Introducing the Web Configurator Figure 11 Status Screen The following table describes the labels shown in the Status screen. Table 3 Status Screen LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics.
Page 52 Chapter 2 Introducing the Web Configurator Table 3 Status Screen LABEL DESCRIPTION IP Address This is the LAN port IP address. IP Subnet Mask This is the LAN port IP subnet mask. DHCP This is the WAN port DHCP role - Server, Relay or None. WLAN Information (wireless devices only) SSID This is the descriptive name used to identify the ZyXEL Device in the wireless...
Page 53: Status: Any Ip Table
Chapter 2 Introducing the Web Configurator Table 3 Status Screen LABEL DESCRIPTION Bandwidth Status Use this screen to view the ZyXEL Device’s bandwidth usage and allotments. Packet Statistics Use this screen to view port status and packet specific statistics. VPN Status Use this screen to view VPN status and settings.
Page 54: Status: Bandwidth Status
Chapter 2 Introducing the Web Configurator Figure 13 Status: WLAN Status The following table describes the labels in this screen. Table 5 Status: WLAN Status LABEL DESCRIPTION This is the index number of an associated wireless station. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station.
Page 55: Status: Packet Statistics
Chapter 2 Introducing the Web Configurator Figure 15 Status: VPN Status The following table describes the labels in this screen. Table 6 Status: VPN Status LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode.
Page 56: Figure 16 Status: Packet Statistics
Chapter 2 Introducing the Web Configurator Figure 16 Status: Packet Statistics The following table describes the fields in this screen. Table 7 Status: Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device’s present date and time.
Page 57: Changing Login Password
Chapter 2 Introducing the Web Configurator Table 7 Status: Packet Statistics (continued) LABEL DESCRIPTION Rx B/s This field displays the number of bytes received in the last second. Up Time This field displays the elapsed time this port has been up. Collisions This is the number of collisions on this port.
Page 58 Chapter 2 Introducing the Web Configurator Table 8 System General: Password LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-662H/HW-D Series User’s Guide...
Page 59: Wizard Setup For Internet Access
H A P T E R Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the Wizard Setup screens to configure your system for Internet access with the information given to you by your ISP.
Page 60: Figure 19 Wizard: Welcome
Chapter 3 Wizard Setup for Internet Access 2 Click INTERNET/WIRELESS SETUP to configure the system for Internet access and wireless connection. Figure 19 Wizard: Welcome 3 The wizard attempts to detect which WAN connection type you are using. If the wizard detects your connection type and your ISP uses PPPoE or PPPoA, go to Section 3.2.1 on page 61.
Page 61: Automatic Detection
Chapter 3 Wizard Setup for Internet Access Figure 21 Auto Detection: Failed 3.2.1 Automatic Detection 1 If you have a PPPoE or PPPoA connection, a screen displays prompting you to enter your Internet account information. Enter the username, password and/or service name exactly as provided.
Page 62: Figure 23 Internet Access Wizard Setup: Isp Parameters
Chapter 3 Wizard Setup for Internet Access Figure 23 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 9 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account.
Page 63: Figure 24 Internet Connection With Pppoe
Chapter 3 Wizard Setup for Internet Access Figure 24 Internet Connection with PPPoE The following table describes the fields in this screen. Table 10 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
Page 64: Figure 26 Internet Connection With Enet Encap
Chapter 3 Wizard Setup for Internet Access Table 11 Internet Connection with RFC 1483 (continued) LABEL DESCRIPTION Next Click Next to continue to the next wizard screen. Exit Click Exit to close the wizard screen without saving your changes. Figure 26 Internet Connection with ENET ENCAP The following table describes the fields in this screen.
Page 65: Figure 27 Internet Connection With Pppoa
Chapter 3 Wizard Setup for Internet Access Figure 27 Internet Connection with PPPoA The following table describes the fields in this screen. Table 13 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above.
Page 66: Wireless Connection Wizard Setup
Chapter 3 Wizard Setup for Internet Access Figure 29 Connection Test Failed-2. 3.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6.
Page 67: Figure 31 Wireless Lan Setup Wizard 1
Chapter 3 Wizard Setup for Internet Access Figure 31 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. Table 14 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Note: You can also activate the wireless LAN by pressing the RESET button for 1 second.
Page 68: Figure 32 Wireless Lan Setup Wizard 2
Chapter 3 Wizard Setup for Internet Access Figure 32 Wireless LAN Setup Wizard 2 The following table describes the labels in this screen. Table 15 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Network Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless Name(SSID) LAN.
Page 69: Automatically Assign A Wpa Key
Chapter 3 Wizard Setup for Internet Access 3.3.1 Automatically assign a WPA key Choose Manually assign a WPA key in the Wireless LAN setup screen to allow the ZyXEL Device to configure a PSK key for you based on the setup key you entered on the previous Wireless LAN setup screen.
Page 70: Figure 34 Manually Assign A Wep Key
Chapter 3 Wizard Setup for Internet Access Figure 34 Manually assign a WEP key The following table describes the labels in this screen. Table 17 Manually assign a WEP key LABEL DESCRIPTION The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission.
Page 71: Figure 36 Internet Access And Wlan Wizard Setup Complete
Chapter 3 Wizard Setup for Internet Access Figure 36 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features.
Page 72 Chapter 3 Wizard Setup for Internet Access P-662H/HW-D Series User’s Guide...
Page 73: Bandwidth Management Wizard
H A P T E R Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 4.1 Introduction Bandwidth management allows you to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements.
Page 74: Bandwidth Management Wizard Setup
Chapter 4 Bandwidth Management Wizard Table 18 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP.
Page 75: Figure 38 Wizard: Welcome
Chapter 4 Bandwidth Management Wizard Figure 38 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the services. Figure 39 Bandwidth Management Wizard: General Information The following fields describe the label in this screen. Table 19 Bandwidth Management Wizard: General Information LABEL DESCRIPTION...
Page 76: Figure 40 Bandwidth Management Wizard: Configuration
Chapter 4 Bandwidth Management Wizard Figure 40 Bandwidth Management Wizard: Configuration The following table describes the labels in this screen. Table 20 Bandwidth Management Wizard: Configuration LABEL DESCRIPTION Active Select an entry’s Active check box to turn on bandwidth management for the service/ application.
Page 77: Figure 41 Bandwidth Management Wizard: Complete
Chapter 4 Bandwidth Management Wizard Figure 41 Bandwidth Management Wizard: Complete P-662H/HW-D Series User’s Guide...
Page 78 Chapter 4 Bandwidth Management Wizard P-662H/HW-D Series User’s Guide...
Page 79: Network
Network WAN Setup (81) LAN Setup (101) Wireless LAN (113) DMZ (137) Network Address Translation (NAT) Screens (141)
Page 81: Wan Setup
H A P T E R WAN Setup This chapter describes how to configure WAN settings. 5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 5.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods.
Page 82: Multiplexing
Chapter 5 WAN Setup 5.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The ZyXEL Device encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP) DSLAM (digital access multiplexer).
Page 83: Nailed-Up Connection (Ppp)
Chapter 5 WAN Setup 5.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP, then the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and not the ENET ENCAP Gateway field.
Page 84: Traffic Shaping
Chapter 5 WAN Setup For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route.
Page 85: Atm Traffic Classes
Chapter 5 WAN Setup 5.3.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. 5.3.1.1 Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Page 86: Internet Connection
Chapter 5 WAN Setup 5.5 Internet Connection Use this screen to change your ZyXEL Device’s WAN remote node settings. Click Network > WAN to view the screen as shown. The screen differs by the encapsulation. Section 5.1 on page 81 for more information.
Page 87: Configuring Advanced Internet Connection
Chapter 5 WAN Setup Table 21 Internet Connection LABEL DESCRIPTION Password (PPPoA and PPPoE only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service here. Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC.
Page 88: Figure 44 Advanced Internet Connection
Chapter 5 WAN Setup Figure 44 Advanced Internet Connection The following table describes the labels in this screen. Table 22 Advanced Internet Connection LABEL DESCRIPTION RIP & Multicast Setup RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers.
Page 89: Configuring More Connections
Chapter 5 WAN Setup Table 22 Advanced Internet Connection LABEL DESCRIPTION ATM QoS Type Select CBR (Constant Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail. Select VBR-nRT (Variable Bit Rate-non Real Time) or VBR-RT (Variable Bit Rate-Real Time) for bursty traffic and bandwidth sharing with other applications.
Page 90: More Connections Edit
Chapter 5 WAN Setup Figure 45 More Connections The following table describes the labels in this screen. Table 23 More Connections LABEL DESCRIPTION This is the index number of a connection. Active This display whether this connection is activated. Clear the check box to disable the connection.
Page 91: Figure 46 More Connections Edit
Chapter 5 WAN Setup Figure 46 More Connections Edit The following table describes the labels in this screen. Table 24 More Connections Edit LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection.
Page 92: Configuring More Connections Advanced Setup
Chapter 5 WAN Setup Table 24 More Connections Edit (continued) LABEL DESCRIPTION Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. By prior agreement, a protocol is assigned a specific virtual circuit, for example, VC1 will carry IP.
Page 93: Figure 47 More Connections Advanced Setup
Chapter 5 WAN Setup Figure 47 More Connections Advanced Setup The following table describes the labels in this screen. Table 25 More Connections Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.
Page 94: Traffic Redirect
Chapter 5 WAN Setup 5.7 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below. Figure 48 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN.
Page 95: Figure 50 Wan Backup Setup
Chapter 5 WAN Setup Figure 50 WAN Backup Setup The following table describes the labels in this screen. Table 26 WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
Page 96: Wan Backup Advanced Screen
Chapter 5 WAN Setup Table 26 WAN Backup Setup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your ZyXEL Device to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request.
Page 97: Figure 51 Wan Backup Advanced Setup
Chapter 5 WAN Setup Figure 51 WAN Backup Advanced Setup The following table describes the labels in this screen. Table 27 WAN Backup Advanced Setup LABEL DESCRIPTION Authentication Use the drop-down list box to select an authentication protocol for outgoing calls. Type Options are: CHAP/PAP - Your ZyXEL Device accepts either CHAP or PAP when requested by...
Page 98 Chapter 5 WAN Setup Table 27 WAN Backup Advanced Setup LABEL DESCRIPTION Metric This field sets this route's priority among the three routes the ZyXEL Device uses (normal, traffic redirect and dial backup). Type a number (1 to 15) to set the priority of the dial backup route for data transmission.
Page 99: Dial Backup Modem Setup
Chapter 5 WAN Setup Table 27 WAN Backup Advanced Setup LABEL DESCRIPTION Budget The configuration in the Budget fields has priority over your Connection settings. Allocated Budget Type the amount of time (in minutes) that the dial backup connection can be used during the time configured in the Period field.
Page 100: Table 28 Wan Dial Backup Modem Setup
Chapter 5 WAN Setup The following table describes the labels in this screen. Table 28 WAN Dial Backup Modem Setup LABEL DESCRIPTION AT Command Strings Dial Type the AT Command string to make a call. Example: atdt Drop Type the AT Command string to drop a call. "~" represents a one second wait, for example, "~~+++~~ath"...
Page 101: Lan Setup
H A P T E R LAN Setup This chapter describes how to configure LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 102: Dhcp Setup
Chapter 6 LAN Setup 6.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients.
Page 103: Lan Tcp/Ip
Chapter 6 LAN Setup • The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. •...
Page 104: Rip Setup
Chapter 6 LAN Setup You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
Page 105: Any Ip
Chapter 6 LAN Setup 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.
Page 106: Configuring Lan Ip
Chapter 6 LAN Setup You must enable NAT/SUA to use the Any IP feature on the ZyXEL Device. 6.2.4.1 How Any IP Works Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Page 107: Configuring Advanced Lan Setup
Chapter 6 LAN Setup The following table describes the fields in this screen. Table 29 LAN IP LABEL DESCRIPTION TCP/IP IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
Page 108: Dhcp Setup
Chapter 6 LAN Setup Table 30 Advanced LAN Setup (continued) LABEL DESCRIPTION Any IP Setup Select the Active check box to enable the Any IP feature. This allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the ZyXEL Device are not in the same subnet.
Page 109: Lan Client List
Chapter 6 LAN Setup The following table describes the labels in this screen. Table 31 DHCP Setup LABEL DESCRIPTION DHCP Setup DHCP If set to Server, your ZyXEL Device can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 110: Lan Ip Alias
Chapter 6 LAN Setup Figure 58 LAN Client List The following table describes the labels in this screen. Table 32 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address specified below.
Page 111: Figure 59 Physical Network & Partitioned Logical Networks
Chapter 6 LAN Setup When you use IP alias, you can also configure firewall rules to control access between the LAN's logical networks (subnets). Make sure that the subnets of the logical networks do not overlap. The following figure shows a LAN divided into subnets A, B, and C. Figure 59 Physical Network &...
Page 112: Table 33 Lan Ip Alias
Chapter 6 LAN Setup The following table describes the labels in this screen. Table 33 LAN IP Alias LABEL DESCRIPTION IP Alias 1, 2 Select the check box to configure another LAN network for the ZyXEL Device. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation. Alternatively, click the right mouse button to copy and/or paste the IP address.
Page 113: Wireless Lan
H A P T E R Wireless LAN This chapter discusses how to configure the wireless network settings in your ZyXEL Device. See the appendices for more detailed information about wireless networks. 7.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 61 Example of a Wireless Network The wireless network is the part in the blue circle.
Page 114: Wireless Security Overview
Chapter 7 Wireless LAN • Every device in the same wireless network must use security compatible with the AP. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 7.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
Page 115: Encryption
Chapter 7 Wireless LAN If your ZyXEL Device does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.
Page 116: One-Touch Intelligent Security Technology (Otist)
Chapter 7 Wireless LAN Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. 7.2.5 One-Touch Intelligent Security Technology (OTIST) With ZyXEL’s OTIST, you set up the SSID and the encryption (WEP or WPA-PSK) on the ZyXEL Device.
Page 117: General Wireless Lan Screen
Chapter 7 Wireless LAN Table 35 Additional Wireless Terms TERM DESCRIPTION Authentication The process of verifying whether a wireless device is allowed to use the wireless network. Max. Frame Burst Enable this to improve the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks.
Page 118: No Security
Chapter 7 Wireless LAN The following table describes the general wireless LAN labels in this screen. Table 36 Wireless LAN: General LABEL DESCRIPTION Active Wireless Click the check box to activate wireless LAN. Note: You can also activate the wireless LAN by pressing the RESET button for 1 second.
Page 119: Wep Encryption Screen
Chapter 7 Wireless LAN Figure 63 Wireless: No Security The following table describes the labels in this screen. Table 37 Wireless No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen.
Page 120: Wpa(2)-Psk
Chapter 7 Wireless LAN Figure 64 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 38 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box. Passphrase Enter a Passphrase (up to 32 printable characters) and click Generate.
Page 121: Figure 65 Wireless: Wpa(2)-Psk
Chapter 7 Wireless LAN Figure 65 Wireless: WPA(2)-PSK The following table describes the wireless LAN security labels in this screen. Table 39 Wireless: WPA(2)-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK from the drop-down list box. WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
Page 122: Wpa(2) Authentication Screen
Chapter 7 Wireless LAN Table 39 Wireless: WPA(2)-PSK LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. Advanced Setup Click Advanced Setup to display the Wireless Advanced Setup screen and edit more details of your WLAN setup.
Page 123: Table 40 Wireless: Wpa(2)
Chapter 7 Wireless LAN The following table describes the wireless LAN security labels in this screen. Table 40 Wireless: WPA(2) LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the ZyXEL Device even when the ZyXEL Device is using WPA2-PSK or WPA2.
Page 124: Wireless Lan Advanced Setup
Chapter 7 Wireless LAN Table 40 Wireless: WPA(2) LABEL DESCRIPTION Cancel Click Cancel to reload the previous configuration for this screen. Advanced Setup Click Advanced Setup to display the Wireless Advanced Setup screen and edit more details of your WLAN setup. 7.5.5 Wireless LAN Advanced Setup Use this screen to configure advanced wireless settings.
Page 125: Otist
Chapter 7 Wireless LAN Table 41 Wireless LAN: Advanced LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device.
Page 126: Figure 68 Otist
Chapter 7 Wireless LAN 7.6.1.1 AP Click the Wireless LAN link under Network and then the OTIST tab. The following screen displays. Figure 68 OTIST The following table describes the labels in this screen. Table 42 OTIST LABEL DESCRIPTION Setup Key Type an OTIST Setup Key of exactly eight ASCII characters in length.
Page 127: Starting Otist
Chapter 7 Wireless LAN 7.6.1.2 Wireless Client Start the ZyXEL utility and click the Adapter tab. Select the OTIST check box, enter the same Setup Key as your AP’s and click Save. Figure 69 Example Wireless Client OTIST Screen 7.6.2 Starting OTIST You must click Start in the AP OTIST web configurator screen and in the wireless client(s) Adapter screen all within three minutes (at the time of writing).
Page 128: Notes On Otist
Chapter 7 Wireless LAN 2 This screen appears while OTIST settings are being transferred. It closes when the transfer is complete. Figure 71 OTIST in Progress (AP) Figure 72 OTIST in Progress (Client) • In the wireless client, you see this screen if it can’t find an OTIST-enabled AP (with the same Setup key).
Page 129: Mac Filter
Chapter 7 Wireless LAN 7.7 MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow) or exclude up to 32 devices from accessing the ZyXEL Device (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 130: Wmm Qos
Chapter 7 Wireless LAN Table 43 MAC Address Filter LABEL DESCRIPTION This is the index number of the MAC address. Enter the MAC addresses of the wireless station that are allowed or denied access to the ZyXEL Device in these address fields. Enter the MAC addresses in a valid MAC Address address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
Page 131: Services
Chapter 7 Wireless LAN 7.8.3 Services Please refer to Appendix F on page 423 for more information on commonly used services. 7.9 QoS Screen Use this screen to configure QoS settings for the wireless traffic going through the ZyXEL Device. The QoS screen by default allows you to automatically give a service a priority level according to the ToS value in the IP header of the packets it sends.
Page 132: Application Priority Configuration
Chapter 7 Wireless LAN Table 45 Wireless LAN: QoS LABEL DESCRIPTION WMM QoS Policy Select Default to have the ZyXEL Device automatically give a service a priority level according to the ToS value in the IP header of packets it sends. Select Application Priority from the drop-down list box to display a table of application names, services, ports and priorities to which you want to apply WMM QoS.
Page 133: Multiple Ssid (P-662Hw-D Models Only)
Chapter 7 Wireless LAN Table 46 Application Priority Configuration LABEL DESCRIPTION Service The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box. • File Transfer Program enables fast transfer of files, including large files that may not be possible by e-mail.
Page 134: Multiple Ssid Commands
Chapter 7 Wireless LAN Figure 78 Multiple SSID Network Example In this section the second wireless network is referred to as the “guest wireless network” and user’s connecting to this network are referred to as “guests”. Multiple SSID is only configurable via commands. The next sections describe multiple SSID commands and show a configuration example.
Page 135: Multiple Ssid Example
Chapter 7 Wireless LAN Table 47 Multiple SSID Commands COMMAND DESCRIPTION This command specifies the security mode for the guest wireless network. setprivacy type <0:NO 1:WEP64 Type one of the following: 2:WEP128 3:WEP256> 0 to disable security on the guest wireless network, 1 to enable 64-bit WEP key encryption, 2 to enable 128-bit WEP key encryption, 3 256-bit WEP key encryption.
Page 136 Chapter 7 Wireless LAN In the following script example all typed commands and parameters have been bolded. ras> wlan mssid guestssid guestnetwork Note: the wireless connection will be disconnected temporarily!!! ras> wlan mssid mode 1 1 Note: the wireless connection will be disconnected temporarily!!! Enable GuestSSID GuestSSID with Intranet Blocking TFTP Client Start...
Page 137: Dmz
H A P T E R This chapter describes how to configure the ZyXEL Device’s DMZ. 8.1 Introduction The DeMilitarized Zone (DMZ) auto-negotiating 10/100 Mbps Ethernet port provides a way for public servers (Web, e-mail, FTP, etc.) to be visible to the outside world (while still being protected from DoS (Denial of Service) attacks such as SYN flooding and Ping of Death).
Page 138 Chapter 8 DMZ Figure 79 DMZ The following table describes the labels in this screen. Table 49 DMZ LABEL DESCRIPTION “LAN1/DMZ” Port Function Select this to make the LAN1/DMZ port act as a LAN interface. Select this to make the LAN1/DMZ port act as a DMZ interface. DMZ TCP/IP IP Address Type the IP address of your ZyXEL Device’s DMZ port in dotted decimal...
Page 139: Dmz Public Ip Address Example
Chapter 8 DMZ Table 49 DMZ (continued) LABEL DESCRIPTION Multicast IGMP (Internet Group Management Protocol) is a network-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it. Windows Networking (NetBIOS over TCP/IP) Allow between Select this check box to forward NetBIOS packets from the LAN to the DMZ and...
Page 140 Chapter 8 DMZ P-662H/HW-D Series User’s Guide...
Page 141: Network Address Translation (Nat) Screens
H A P T E R Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the ZyXEL Device. 9.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 142: What Nat Does
Chapter 9 Network Address Translation (NAT) Screens 9.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.
Page 143: Nat Mapping Types
Chapter 9 Network Address Translation (NAT) Screens Figure 82 NAT Application With IP Alias 9.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address.
Page 144: Sua (Single User Account) Versus Nat
Chapter 9 Network Address Translation (NAT) Screens The following table summarizes these types. Table 51 NAT Mapping Types TYPE IP MAPPING One-to-One ILA1 IGA1 Many-to-One (SUA/PAT) ILA1 IGA1 ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 …...
Page 145: Port Forwarding
Chapter 9 Network Address Translation (NAT) Screens Figure 83 NAT General The following table describes the labels in this screen. Table 52 NAT General LABEL DESCRIPTION Active Select this check box to enable NAT. Network Address Translation (NAT) SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device.
Page 146: Default Server Ip Address
Chapter 9 Network Address Translation (NAT) Screens You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21.
Page 147: Configuring Port Forwarding
Chapter 9 Network Address Translation (NAT) Screens 9.5 Configuring Port Forwarding The Port Forwarding screen is available only when you select SUA Only in the NAT > General screen. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
Page 148: Port Forwarding Rule Edit
Chapter 9 Network Address Translation (NAT) Screens Table 53 NAT Port Forwarding LABEL DESCRIPTION This is the rule index number (read-only). Active Click this check box to enable the rule. Service Name This is a service’s name. Start Port This is the first port number that identifies a service. End Port This is the last port number that identifies a service.
Page 149: Address Mapping
Chapter 9 Network Address Translation (NAT) Screens Table 54 Port Forwarding Rule Setup (continued) LABEL DESCRIPTION Server IP Enter the inside IP address of the server here. Address Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
Page 150: Address Mapping Rule Edit
Chapter 9 Network Address Translation (NAT) Screens The following table describes the fields in this screen. Table 55 Address Mapping Rules LABEL DESCRIPTION This is the rule index number. Local Start IP This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for Server port mapping.
Page 151: Trigger Port
Chapter 9 Network Address Translation (NAT) Screens The following table describes the fields in this screen. Table 56 Edit Address Mapping Rule LABEL DESCRIPTION Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address.
Page 152: Figure 89 Trigger Port
Chapter 9 Network Address Translation (NAT) Screens to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner. This way you do not need to configure a new IP address each time you want a different LAN computer to use the application.
Page 153: Edit Trigger Port
Chapter 9 Network Address Translation (NAT) Screens Table 57 Trigger Port LABEL DESCRIPTION Active Click Apply to save your changes back to the ZyXEL Device. Service This is the descriptive name of the rule. Name Incoming This is a port (or a range of ports) that a server on the WAN uses when it sends out a Port Range particular service.
Page 154 Chapter 9 Network Address Translation (NAT) Screens Table 58 Trigger Port Edit LABEL DESCRIPTION End Port Type a port number or the ending port number in a range of port numbers. Trigger Port The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL Range Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN.
Page 155: Security
Security Firewalls (157) Firewall Configuration (169) Content Filtering (191) Content Access Control (195) Register (211) Introduction to IPSec (215) VPN Screens (221) Certificates (247)
Page 157: Firewalls
H A P T E R Firewalls This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 10.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
Page 158: Application-Level Firewalls
Chapter 10 Firewalls 10.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts: Information hiding prevents the names of internal systems from being made known via DNS...
Page 159: Denial Of Service Attacks
Chapter 10 Firewalls 10.3.1 Denial of Service Attacks Figure 91 Firewall Application 10.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 160: Types Of Dos Attacks
Chapter 10 Firewalls 10.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing.
Page 161: Figure 93 Syn Flood
Chapter 10 Firewalls Figure 93 SYN Flood • In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.
Page 162: Stateful Inspection
Chapter 10 Firewalls 10.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 60 ICMP Commands That Trigger Alerts REDIRECT TIMESTAMP_REQUEST TIMESTAMP_REPLY ADDRESS_MASK_REQUEST ADDRESS_MASK_REPLY 10.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
Page 163: Stateful Inspection Process
Chapter 10 Firewalls are allowed in. The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL Device’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet.
Page 164: Stateful Inspection And The Zyxel Device
Chapter 10 Firewalls 6 Later, an inbound packet reaches the interface. This packet is part of the connection previously established with the outbound packet. The inbound packet is evaluated against the inbound access list, and is permitted because of the temporary access list entry previously created.
Page 165: Udp/Icmp Security
Chapter 10 Firewalls If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the Internet. Assuming that this is an acceptable part of the security policy (as is the case with the default policy), the connection will be allowed. A cache entry is added which includes connection information such as IP addresses, TCP ports, sequence numbers, etc.
Page 166: Guidelines For Enhancing Security With Your Firewall
Chapter 10 Firewalls 10.6 Guidelines for Enhancing Security with Your Firewall • Change the default password via CLI (Command Line Interpreter) or the web configurator. • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk.
Page 167: Packet Filtering Vs Firewall
Chapter 10 Firewalls • If your system starts exhibiting odd behavior, contact your ISP. Some hackers will set off hacks that cause your system to slowly become unstable or unusable. • Always shred confidential information, particularly about your computer, before throwing it away.
Page 168 Chapter 10 Firewalls • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address. • The firewall performs better than filtering if you need to check many rules. •...
Page 169: Firewall Configuration
H A P T E R Firewall Configuration This chapter shows you how to enable and configure the ZyXEL Device firewall. 11.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.
Page 170: Rule Logic Overview
Chapter 11 Firewall Configuration If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...
Page 171: Key Fields For Configuring Rules
Chapter 11 Firewall Configuration 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
Page 172: Lan To Wan Rules
Chapter 11 Firewall Configuration 11.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.
Page 173: Firewall Rules Summary
Chapter 11 Firewall Configuration The following table describes the labels in this screen. Table 63 Firewall: General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Page 174: Figure 97 Firewall Rules
Chapter 11 Firewall Configuration Figure 97 Firewall Rules The following table describes the labels in this screen. Table 64 Firewall Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using.
Page 175: Configuring Firewall Rules
Chapter 11 Firewall Configuration Table 64 Firewall Rules (continued) LABEL DESCRIPTION This field shows you whether a log is created when packets match this rule (Yes) or not (No). Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule.
Page 176: Figure 98 Firewall: Edit Rule
Chapter 11 Firewall Configuration Figure 98 Firewall: Edit Rule P-662H/HW-D Series User’s Guide...
Page 177: Table 65 Firewall: Edit Rule
Chapter 11 Firewall Configuration The following table describes the labels in this screen. Table 65 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select what the firewall is to do with packets that Packet match this rule.
Page 178: Customized Services
Chapter 11 Firewall Configuration Table 65 Firewall: Edit Rule (continued) LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. 11.6.2 Customized Services Use this screen to view customized services and port numbers not predefined by the ZyXEL Device.
Page 179: Example Firewall Rule
Chapter 11 Firewall Configuration Refer to Section 10.1 on page 157 for more information. Figure 100 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 67 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Page 180: Figure 101 Firewall Example: Rules
Chapter 11 Firewall Configuration Figure 101 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Page 181: Figure 103 Firewall Example: Edit Rule: Destination Address
Chapter 11 Firewall Configuration Figure 103 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Page 182: Figure 104 Firewall Example: Edit Rule: Select Customized Services
Chapter 11 Firewall Configuration Figure 104 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Page 183: Predefined Services
Chapter 11 Firewall Configuration Figure 105 Firewall Example: Rules: MyService 11.8 Predefined Services The Available Services list box in the Edit Rule screen (see Section 11.6.1 on page 175) displays all predefined services that the ZyXEL Device already supports. Next to the name of the service, two fields appear in brackets.
Page 184 Chapter 11 Firewall Configuration Table 68 Predefined Services (continued) SERVICE DESCRIPTION HTTP(TCP:80) Hyper Text Transfer Protocol - a client/server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICQ(UDP:4000) This is a popular Internet chat program. IPSEC_TRANSPORT/ The IPSEC AH (Authentication Header) tunneling protocol uses this TUNNEL(AH:0)
Page 185: Anti-Probing
Chapter 11 Firewall Configuration Table 68 Predefined Services (continued) SERVICE DESCRIPTION SSH(TCP/UDP:22) Secure Shell Remote Login Program. STRMWORKS(UDP:1558) Stream Works Protocol. SYSLOG(UDP:514) Syslog allows you to send system logs to a UNIX server. TACACS(UDP:49) Login Host Protocol used for (Terminal Access Controller Access Control System).
Page 186: Dos Thresholds
Chapter 11 Firewall Configuration The following table describes the labels in this screen. Table 69 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING The ZyXEL Device does not respond to any incoming ping requests when Disable is selected. Select the interface which you want to reply to incoming ping requests.
Page 187: Half-Open Sessions
Chapter 11 Firewall Configuration 11.10.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "half- open" means that the session has not reached the established state-the TCP three-way handshake has not yet been completed (see Figure 92 on page 160).
Page 188: Figure 107 Firewall: Threshold
Chapter 11 Firewall Configuration Figure 107 Firewall: Threshold The following table describes the labels in this screen. Table 70 Firewall: Threshold LABEL DESCRIPTION DEFAULT VALUES Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions 80 existing half-open sessions.
Page 189 Chapter 11 Firewall Configuration Table 70 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES Maximum This is the number of existing half-open 100 existing half-open sessions. Incomplete High sessions that causes the firewall to start The above values causes the deleting half-open sessions. When the ZyXEL Device to start deleting number of existing half-open sessions rises half-open sessions when the...
Page 190 Chapter 11 Firewall Configuration P-662H/HW-D Series User’s Guide...
Page 191: Content Filtering
H A P T E R Content Filtering This chapter covers how to configure content filtering. 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Page 192: Configuring The Schedule
Chapter 12 Content Filtering The following table describes the labels in this screen. Table 71 Content Filter: Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature. Block Websites that This box contains the list of all the keywords that you have configured the contain these keywords in ZyXEL Device to block.
Page 193: Configuring Trusted Computers
Chapter 12 Content Filtering The following table describes the labels in this screen. Table 72 Content Filter: Schedule LABEL DESCRIPTION Schedule Select Active Everyday to Block to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active.
Page 194 Chapter 12 Content Filtering P-662H/HW-D Series User’s Guide...
Page 195: Content Access Control
H A P T E R Content Access Control This chapter gives some background information on Content Access Control and explains how to get started with the ZyXEL Device Content Access Control. 13.1 Content Access Control Overview Content Access Control (CAC) lets a LAN administrator control a LAN user’s Internet access privileges by blocking services that you specify.
Page 196: Activating Cac And Creating User Groups
Chapter 13 Content Access Control 13.2 Activating CAC and Creating User Groups From the main menu click Security > Content Access Control and General to open the configuration screen. Use this screen to activate Content Access Control and set up the four user groups. You must set up all four user groups.
Page 197: Configuring Time Schedule
Chapter 13 Content Access Control Table 74 Content Access Control: General (continued) LABEL DESCRIPTION Service Click Edit to select the services you wish to block access for a user group. Click Edit to specify the web site category(ies) and/or key words in a web site Browsing address you wish to block access for a user group.
Page 198: Configuring Services
Chapter 13 Content Access Control The following table describes the labels in this screen. Table 75 Control Access Control: General: Time Scheduling LABEL DESCRIPTION Time Scheduling Select the first radio button to allow everyday access at the same times to the Internet.
Page 199: Figure 114 Content Access Control: General: Services
Chapter 13 Content Access Control Figure 114 Content Access Control: General: Services The following table describes the labels in this screen. Table 76 Content Access Control: General: Services LABEL DESCRIPTION Service to be Blocked Available services Select a service from the list and click the >> button to have the service blocked on a weekday (Monday to Friday) or to have the service blocked on a day in the weekend (Saturday or Sunday).
Page 200: Configuring Web Site Filters
Chapter 13 Content Access Control 13.2.2.1 Available Services The Available Services list box in the Services screen displays some predefined services that the ZyXEL Device supports. The following table shows a list of services that can be configured. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP).
Page 201: Table 77 Content Access Control: General: Web Site Filter
Chapter 13 Content Access Control The following table describes the labels in this screen. Table 77 Content Access Control: General: Web Site Filter LABEL DESCRIPTION Pre-defined Web Enable Pre-defined Web Content Categories to have the ZyXEL Device Content Categories check an external database to find to which category a requested web page belongs.
Page 202 Chapter 13 Content Access Control Table 77 Content Access Control: General: Web Site Filter (continued) LABEL DESCRIPTION Violence/Hate/Racism Selecting this category excludes pages that depict extreme physical harm to people or property, or that advocate or provide instructions on how to cause such harm.
Page 203 Chapter 13 Content Access Control Table 77 Content Access Control: General: Web Site Filter (continued) LABEL DESCRIPTION Government/Legal Selecting this category excludes pages sponsored by or which provide information on government, government agencies and government services such as taxation and emergency services. It also includes pages that discuss or explain laws of various governmental entities.
Page 204 Chapter 13 Content Access Control Table 77 Content Access Control: General: Web Site Filter (continued) LABEL DESCRIPTION Shopping Selecting this category excludes pages that provide or advertise the means to obtain goods or services. It does not include pages that can be classified in other categories (such as vehicles or weapons).
Page 205: Testing Web Site Access Privileges
Chapter 13 Content Access Control Table 77 Content Access Control: General: Web Site Filter (continued) LABEL DESCRIPTION Block Websites that Type a keyword in this field. You may use any character (up to 64 contain these keywords characters). Wildcards are not allowed. in the URL Delete Select a keyword from the keyword list and then click Delete to remove this...
Page 206: User Account Setup
Chapter 13 Content Access Control 13.3 User Account Setup With Content Access Control, the ZyXEL Device requires LAN users to login with valid username and password before they are allowed to access the Internet. Use the User Profile screen to set up user accounts. From the main menu click Security > Content Access >...
Page 207: User Online Status
Chapter 13 Content Access Control 13.4 User Online Status Use this screen to view the online status of each user, click Security > Content Access Control > Online Status to display the screen as shown. Figure 118 Content Access Control: Online Status The following table describes the labels in this screen.
Page 208: Trusted Devices
Chapter 13 Content Access Control 13.5 Trusted Devices Use this screen to identify computers that are not restricted by content access control settings you set up. Click Security > Content Access Control > Trusted Device to display the screen as shown. Figure 119 Content Access Control: Trusted Device The following table describes the labels in this screen.
Page 209: Content Access Control Logins
Chapter 13 Content Access Control Figure 120 Content Access Control: Trusted-external Website The following table describes the labels in this screen. Table 82 Content Access Control: Trusted-external Website LABEL DESCRIPTION Trusted- Use these fields to configure websites that you don’t want to be restricted by content external access control settings.
Page 210: Administrator Login
Chapter 13 Content Access Control Figure 121 Content Access Control: User Login Screen 3 After you enter your login name and password the ZyXEL Device checks the access profile and begins enforcing the access control restriction as defined by the administrator.
Page 211: Register
H A P T E R Register This chapter describes how to register with myZyXEL.com subscription services. 14.1 myZyXEL.com overview myZyXEL.com is ZyXEL’s online services center where you can register your ZyXEL Device and manage subscription services available for the ZyXEL Device. You need to create an account before you can register your device and activate the services at myZyXEL.com.
Page 212: Registration
Chapter 14 Register To update or use a subscription service, you have to register and activate the corresponding service at myZyXEL.com (through the ZyXEL Device). 14.2 Registration Use this screen to register your ZyXEL Device with myXEL.com and activate a service. Click Security >...
Page 213: Service
Chapter 14 Register Table 83 Security > Register LABEL DESCRIPTION E-Mail Address Enter your e-mail address. You can use up to 80 alphanumeric characters (periods and the underscore are also allowed) without spaces. Country Select your country from the drop-down box list. Service Activation You can try trial service subscription.
Page 214: Table 84 Security > Register > Service
Chapter 14 Register The following table describes the labels in this screen. Table 84 Security > Register > Service LABEL DESCRIPTION Service Management Service This field displays the service name available on the ZyXEL Device. Status This field displays whether a service is activated (Active) or not (Inactive). Registration Type This field displays whether you applied for a trial application (Trial) or registered a service with your iCard’s PIN number (Standard).
Page 215: Introduction To Ipsec
H A P T E R Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 15.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Page 216: Vpn Applications
Chapter 15 Introduction to IPSec Figure 125 Encryption and Decryption 15.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 15.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
Page 217: Ipsec Algorithms
Chapter 15 Introduction to IPSec Figure 126 IPSec Architecture 15.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Page 218: Transport Mode
Chapter 15 Introduction to IPSec Figure 127 Transport and Tunnel Mode IPSec Encapsulation 15.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Page 219: Table 85 Vpn And Nat
Chapter 15 Introduction to IPSec A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing. The VPN device at the receiving end will verify the integrity of the incoming packet by computing its own hash value, and complain that the hash value appended to the received packet doesn't match.
Page 220 Chapter 15 Introduction to IPSec P-662H/HW-D Series User’s Guide...
Page 221: Vpn Screens
H A P T E R VPN Screens This chapter introduces the VPN screens. See the Logs chapter for information on viewing logs and the appendix for IPSec log descriptions. 16.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.
Page 222: My Ip Address
Chapter 16 VPN Screens Table 86 AH and ESP DES (default) MD5 (default) Data Encryption Standard (DES) is a widely MD5 (Message Digest 5) produces a 128-bit used method of data encryption using a digest to authenticate packet data. private (secret) key. DES applies a 56-bit key to each 64-bit block of data.
Page 223: Dynamic Secure Gateway Address
Chapter 16 VPN Screens If the remote secure gateway has a static WAN IP address, enter it in the Secure Gateway Address field. You may alternatively enter the remote secure gateway’s domain name (if it has one) in the Secure Gateway Address field. You can also enter a remote secure gateway’s domain name in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS.
Page 224: Figure 129 Vpn Setup
Chapter 16 VPN Screens Figure 129 VPN Setup The following table describes the fields in this screen. Table 87 VPN Setup LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Active This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy is active.
Page 225: Keep Alive
Chapter 16 VPN Screens Table 87 VPN Setup LABEL DESCRIPTION Encap. This field displays Tunnel or Transport mode (Tunnel is the default selection). IPSec Algorithm This field displays the security protocols used for an SA. Both AH and ESP increase ZyXEL Device processing requirements and communications latency (delay).
Page 226: Remote Dns Server
Chapter 16 VPN Screens Normally you cannot set up an IKE SA with a NAT router between the two IPSec routers because the NAT router changes the header of the IPSec packet. NAT traversal solves the problem by adding a UDP port 500 header to the IPSec packet. The NAT router forwards the IPSec packet with the UDP port 500 header unchanged.
Page 227: Id Type And Content
Chapter 16 VPN Screens Figure 131 VPN Host using Intranet DNS Server Example If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addresses to access the computers on the remote network. 16.9 ID Type and Content With aggressive negotiation mode (see Section 16.12.1 on page...
Page 228: Id Type And Content Examples
Chapter 16 VPN Screens Table 89 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= E-mail Type an e-mail address (up to 31 characters) by which to identify this ZyXEL Device. The domain name or e-mail address that you use in the Content field is used for identification purposes only and does not need to be a real domain name or e-mail address.
Page 229: Pre-Shared Key
Chapter 16 VPN Screens 16.10 Pre-Shared Key A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section 16.12 on page 233for more on IKE phases). It is called “pre-shared” because you have to share it with another party before you can communicate with them over a secure connection. 16.11 Editing VPN Policies Use this screen to edit VPN policies.
Page 230: Table 93 Edit Vpn Policies
Chapter 16 VPN Screens The following table describes the fields in this screen. Table 93 Edit VPN Policies LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select either Yes or No from the drop-down list box.
Page 231 Chapter 16 VPN Screens Table 93 Edit VPN Policies LABEL DESCRIPTION End / Subnet Mask When the Local Address Type field is configured to Single, this field is N/A. When the Local Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your ZyXEL Device.
Page 232 Chapter 16 VPN Screens Table 93 Edit VPN Policies LABEL DESCRIPTION My IP Address Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or dynamic) to set up the VPN tunnel.
Page 233: Ike Phases
Chapter 16 VPN Screens Table 93 Edit VPN Policies LABEL DESCRIPTION Certificate Select the Certificate radio button to identify the ZyXEL Device by a certificate. Use the drop-down list box to select the certificate to use for this VPN tunnel. You must have certificates already configured in the My Certificates screen.
Page 234: Negotiation Mode
Chapter 16 VPN Screens • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm. • Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). • Set the IKE SA lifetime. This field allows you to determine how long an IKE SA should stay up before it times out.
Page 235: Diffie-Hellman (Dh) Key Groups
Chapter 16 VPN Screens 16.12.2 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to establish session keys. 768-bit (Group 1 - DH1) and 1024-bit (Group 2 – DH2) Diffie-Hellman groups are supported.
Page 236: Figure 134 Advanced Vpn Policies
Chapter 16 VPN Screens Figure 134 Advanced VPN Policies The following table describes the fields in this screen. Table 94 Advanced VPN Policies LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
Page 237 Chapter 16 VPN Screens Table 94 Advanced VPN Policies LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Page 238: Manual Key Setup
Chapter 16 VPN Screens Table 94 Advanced VPN Policies LABEL DESCRIPTION SA Life Time Define the length of time before an IKE SA automatically renegotiates in this field. (Seconds) It may range from 60 to 3,000,000 seconds (almost 35 days). A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys.
Page 239: Figure 135 Vpn: Manual Key
Chapter 16 VPN Screens Figure 135 VPN: Manual Key The following table describes the fields in this screen. Table 95 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces.
Page 240 Chapter 16 VPN Screens Table 95 VPN: Manual Key (continued) LABEL DESCRIPTION DNS Server (for If there is a private DNS server that services the VPN, type its IP address here. IPSec VPN) The ZyXEL Device assigns this additional DNS server to the ZyXEL Device 's DHCP clients that have IP addresses in this IPSec rule's range of local addresses.
Page 241: Viewing Sa Monitor
Chapter 16 VPN Screens Table 95 VPN: Manual Key (continued) LABEL DESCRIPTION My IP Address Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or dynamic) to set up the VPN tunnel.
Page 242: Configuring Global Setting
Chapter 16 VPN Screens When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. See Section 16.6 on page 225on keep alive to have the ZyXEL Device renegotiate an IPSec SA when the SA lifetime expires, even if there is no traffic.
Page 243: Telecommuter Vpn/Ipsec Examples
Chapter 16 VPN Screens The following table describes the fields in this screen. Table 97 VPN: Global Setting LABEL DESCRIPTION Windows Networking NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that (NetBIOS over TCP/IP) enable a computer to find other computers. It may sometimes be necessary to allow NetBIOS packets to pass through VPN tunnels in order to allow local computers to find computers on the remote network and vice versa.
Page 244: Telecommuters Using Unique Vpn Rules Example
Chapter 16 VPN Screens Table 98 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS HEADQUARTERS My IP Address: 0.0.0.0 (dynamic IP address Public static IP address assigned by the ISP) Secure Gateway IP Public static IP address 0.0.0.0 With this IP address only the Address: telecommuter can initiate the IPSec tunnel.
Page 245: Vpn And Remote Management
Chapter 16 VPN Screens Table 99 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules: All Headquarters Rules: My IP Address 0.0.0.0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.com Local IP Address: 192.168.1.10 Remote IP Address: 192.168.1.10 Local ID Type: E-mail Peer ID Type: E-mail Local ID Content: bob@bigcompanyhq.com...
Page 246 Chapter 16 VPN Screens P-662H/HW-D Series User’s Guide...
Page 247: Certificates
H A P T E R Certificates This chapter gives background information about public-key certificates and explains how to use them. 17.1 Certificates Overview The ZyXEL Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key.
Page 248: Advantages Of Certificates
Chapter 17 Certificates Certification authorities maintain directory servers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled expiration is called a CRL (Certificate Revocation List). The ZyXEL Device can check a peer’s certificate against a directory server’s list of revoked certificates.
Page 249: Figure 141 My Certificates
Chapter 17 Certificates Figure 141 My Certificates The following table describes the labels in this screen. Table 100 My Certificates LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
Page 250: My Certificate Import
Chapter 17 Certificates Table 100 My Certificates (continued) LABEL DESCRIPTION Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable.
Page 251: Certificate File Formats
Chapter 17 Certificates You must remove any spaces from the certificate’s filename before you can import it. 17.5.1 Certificate File Formats The certification authority certificate that you want to import has to be in one of these file formats: • Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates.
Page 252: My Certificate Create
Chapter 17 Certificates 17.6 My Certificate Create Click Security > Certificates > My Certificates > Create to open the My Certificate Create screen. Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a certification authority or generate a certification request. Figure 143 My Certificate Create The following table describes the labels in this screen.
Page 253 Chapter 17 Certificates Table 102 My Certificate Create (continued) LABEL DESCRIPTION Organizational Unit Type up to 127 characters to identify the organizational unit or department to which the certificate owner belongs. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. Organization Type up to 127 characters to identify the company or group to which the certificate owner belongs.
Page 254: My Certificate Details
Chapter 17 Certificates Table 102 My Certificate Create (continued) LABEL DESCRIPTION Type the key that the certification authority gave you. Back Click Back to return to the previous screen. Apply Click Apply to begin certificate or certification request generation. Cancel Click Cancel to quit and return to the My Certificates screen.
Page 255: Figure 144 My Certificate Details
Chapter 17 Certificates Figure 144 My Certificate Details P-662H/HW-D Series User’s Guide...
Page 256: Table 103 My Certificate Details
Chapter 17 Certificates The following table describes the labels in this screen. Table 103 My Certificate Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certificate. You may use any character (not including spaces).
Page 257: Trusted Cas
Chapter 17 Certificates Table 103 My Certificate Details (continued) LABEL DESCRIPTION Subject Alternative This field displays the certificate owner‘s IP address (IP), domain name (DNS) Name or e-mail address (EMAIL). Key Usage This field displays for what functions the certificate’s key can be used. For example, “DigitalSignature”...
Page 258: Figure 145 Trusted Cas
Chapter 17 Certificates Figure 145 Trusted CAs The following table describes the labels in this screen. Table 104 Trusted CAs LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
Page 259: Trusted Ca Import
Chapter 17 Certificates Table 104 Trusted CAs (continued) LABEL DESCRIPTION Import Click Import to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the ZyXEL Device. Refresh Click this button to display the current validity status of the certificates. 17.9 Trusted CA Import Click Security >...
Page 260: Trusted Ca Details
Chapter 17 Certificates 17.10 Trusted CA Details Click Security > Certificates > Trusted CAs to open the Trusted CAs screen. Click the details icon to open the Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyXEL Device to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
Page 261: Table 106 Trusted Ca Details
Chapter 17 Certificates The following table describes the labels in this screen. Table 106 Trusted CA Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Page 262: Trusted Remote Hosts
Chapter 17 Certificates Table 106 Trusted CA Details (continued) LABEL DESCRIPTION Subject Alternative This field displays the certificate’s owner‘s IP address (IP), domain name (DNS) Name or e-mail address (EMAIL). Key Usage This field displays for what functions the certificate’s key can be used. For example, “DigitalSignature”...
Page 263: Figure 148 Trusted Remote Hosts
Chapter 17 Certificates Figure 148 Trusted Remote Hosts The following table describes the labels in this screen. Table 107 Trusted Remote Hosts LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
Page 264: Verifying A Trusted Remote Host's Certificate
Chapter 17 Certificates 17.12 Verifying a Trusted Remote Host’s Certificate Certificates issued by certification authorities have the certification authority’s signature for you to check. Self-signed certificates only have the signature of the host itself. This means that you must be very careful when deciding to import (and thereby trust) a remote host’s self- signed certificate.
Page 265: Trusted Remote Hosts Import
Chapter 17 Certificates 17.13 Trusted Remote Hosts Import Click Security > Certificates > Trusted Remote Hosts to open the Trusted Remote Hosts screen and then click Import to open the Trusted Remote Host Import screen. Follow the instructions in this screen to save a trusted host’s certificate to the ZyXEL Device. The trusted remote host certificate must be a self-signed certificate;...
Page 266: Figure 152 Trusted Remote Host Details
Chapter 17 Certificates Figure 152 Trusted Remote Host Details P-662H/HW-D Series User’s Guide...
Page 267: Table 109 Trusted Remote Host Details
Chapter 17 Certificates The following table describes the labels in this screen. Table 109 Trusted Remote Host Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Page 268: Directory Servers
Chapter 17 Certificates Table 109 Trusted Remote Host Details (continued) LABEL DESCRIPTION MD5 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the MD5 algorithm. You cannot use this value to verify that this is the remote host’s actual certificate because the ZyXEL Device has signed the certificate;...
Page 269: Directory Server Add Or Edit
Chapter 17 Certificates Figure 153 Directory Servers The following table describes the labels in this screen. Table 110 Directory Servers LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
Page 270: Figure 154 Directory Server Add
Chapter 17 Certificates Figure 154 Directory Server Add The following table describes the labels in this screen. Table 111 Directory Server Add LABEL DESCRIPTION Directory Service Setting Name Type up to 31 ASCII characters (spaces are not permitted) to identify this directory server.
Page 271: Advanced
Advanced Static Route (273) Bandwidth Management (277) Dynamic DNS Setup (287) Remote Management Configuration (291) Universal Plug-and-Play (UPnP) (303)
Page 273: Static Route
H A P T E R Static Route This chapter shows you how to configure static routes on your ZyXEL Device. 18.1 Static Route Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes.
Page 274: Configuring Static Routes
Chapter 18 Static Route 18.2 Configuring Static Routes Use this screen to configure static routes on the ZyXEL Device. Click Advanced > Static Route to open the Static Route screen. Figure 156 Static Route The following table describes the labels in this screen. Table 112 Static Route LABEL DESCRIPTION...
Page 275: Static Route Edit
Chapter 18 Static Route 18.2.1 Static Route Edit Select a static route index number and click Edit. The screen shown next appears. Use this screen to configure the required information for a static route. Figure 157 Static Route Edit The following table describes the labels in this screen. Table 113 Static Route Edit LABEL DESCRIPTION...
Page 276 Chapter 18 Static Route P-662H/HW-D Series User’s Guide...
Page 277: Bandwidth Management
H A P T E R Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 19.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet.
Page 278: Application And Subnet-Based Bandwidth Management
Chapter 19 Bandwidth Management Figure 158 Subnet-based Bandwidth Management Example 19.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.
Page 279: Fairness-Based Scheduler
Chapter 19 Bandwidth Management 19.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 19.6 Maximize Bandwidth Usage The maximize bandwidth usage option (see Figure 159 on page 281) allows the ZyXEL Device to divide up any available bandwidth on the interface (including unallocated...
Page 280: Table 116 Priority-Based Allotment Of Unused And Unbudgeted Bandwidth Example
Chapter 19 Bandwidth Management The ZyXEL Device divides up the unbudgeted 2048 kbps among the classes that require more bandwidth. If the administration department only uses 1024 kbps of the budgeted 2048 kbps, the ZyXEL Device also divides the remaining 1024 kbps among the classes that require more bandwidth.
Page 281: Bandwidth Management Priorities
Chapter 19 Bandwidth Management 19.6.3 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the ZyXEL Device forwards out through an interface. Table 118 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.
Page 282: Bandwidth Management Rule Setup
Chapter 19 Bandwidth Management Table 119 Media Bandwidth Management: Summary (continued) LABEL DESCRIPTION Speed (kbps) Enter the amount of bandwidth for this interface that you want to allocate using bandwidth management. This appears as the bandwidth budget of the interface’s root class. The recommendation is to set this speed to match what the interface’s connection can handle.
Page 283: Rule Configuration
Chapter 19 Bandwidth Management Table 120 Bandwidth Management: Rule Setup (continued) LABEL DESCRIPTION Priority Select a priority from the drop down list box. Choose High, Mid or Low. Bandwidtht (kbps) Specify the maximum bandwidth allowed for the rule in kbps. The recommendation is a setting between 20 kbps and 20000 kbps for an individual rule.
Page 284: Figure 161 Bandwidth Management Rule Configuration
Chapter 19 Bandwidth Management Figure 161 Bandwidth Management Rule Configuration The following table describes the labels in this screen. Table 121 Bandwidth Management Rule Configuration LABEL DESCRIPTION Rule Configuration Active Select this check box to have the ZyXEL Device apply this bandwidth management rule.
Page 285 Chapter 19 Bandwidth Management Table 121 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION Service This field simplifies bandwidth class configuration by allowing you to select a predefined application. When you select a predefined application, you do not configure the rest of the bandwidth filter fields (other than enabling or disabling the filter).
Page 286: Bandwidth Monitor
Chapter 19 Bandwidth Management 19.9 Bandwidth Monitor To view the ZyXEL Device’s bandwidth usage and allotments, click Advanced > Bandwidth MGMT > Monitor. The screen appears as shown. Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth rules. The gray section of the bar represents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use.
Page 287: Dynamic Dns Setup
H A P T E R Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 20.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).
Page 288: Figure 163 Dynamic Dns
Chapter 20 Dynamic DNS Setup Figure 163 Dynamic DNS The following table describes the fields in this screen. Table 122 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Select the type of service that you are registered for from your Dynamic DNS Type...
Page 289 Chapter 20 Dynamic DNS Setup Table 122 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this option only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. This feature has the DDNS server automatically detect IP detect and use the IP address of the NAT router that has a public IP address.
Page 290 Chapter 20 Dynamic DNS Setup P-662H/HW-D Series User’s Guide...
Page 291: Remote Management Configuration
H A P T E R Remote Management Configuration This chapter provides information on configuring remote management. 21.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 292: Remote Management Limitations
Chapter 21 Remote Management Configuration 2 HTTP 21.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately.
Page 293: Figure 164 Remote Management: Www
Chapter 21 Remote Management Configuration Figure 164 Remote Management: WWW The following table describes the labels in this screen. Table 123 Remote Management: WWW LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 294: Telnet
Chapter 21 Remote Management Configuration Table 123 Remote Management: WWW LABEL DESCRIPTION Secure Client IP A secure client is a “trusted” computer that is allowed to communicate with the Address ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Page 295: Configuring Ftp
Chapter 21 Remote Management Configuration The following table describes the labels in this screen. Table 124 Remote Management: Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed, however, you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Page 296: Snmp
Chapter 21 Remote Management Configuration Table 125 Remote Management: FTP LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Page 297: Supported Mibs
Chapter 21 Remote Management Configuration An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
Page 298: Figure 169 Remote Management: Snmp
Chapter 21 Remote Management Configuration Figure 169 Remote Management: SNMP The following table describes the labels in this screen. Table 127 Remote Management: SNMP LABEL DESCRIPTION SNMP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 299: Configuring Dns
Chapter 21 Remote Management Configuration 21.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on LAN for background information. To change your ZyXEL Device’s DNS settings, click Advanced > Remote MGMT > DNS. The screen appears as shown.
Page 300: 300
Chapter 21 Remote Management Configuration Figure 171 Remote Management: ICMP The following table describes the labels in this screen. Table 129 Remote Management: ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
Page 301: Figure 172 Enabling Tr-069
Chapter 21 Remote Management Configuration In this example a.b.c.d is the IP address of CNM Access. You must change this value to reflect your actual management server IP address or domain name. See Table 130 on page 301for detailed descriptions of the commands. Figure 172 Enabling TR-069 ras>...
Page 302 Chapter 21 Remote Management Configuration P-662H/HW-D Series User’s Guide...
Page 303: Universal Plug-And-Play (Upnp)
H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 22.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 304: Upnp And Zyxel
Chapter 22 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Page 305: Installing Upnp In Windows Example
Chapter 22 Universal Plug-and-Play (UPnP) Table 131 Configuring UPnP LABEL DESCRIPTION Allow UPnP to pass through Select this check box to allow traffic from UPnP-enabled applications to Firewall bypass the firewall. Clear this check box to have the firewall block all UPnP application packets (for example, MSN packets).
Page 306: Figure 175 Add/Remove Programs: Windows Setup: Communication: Components
Chapter 22 Universal Plug-and-Play (UPnP) Figure 175 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
Page 307: Figure 177 Windows Optional Networking Components Wizard
Chapter 22 Universal Plug-and-Play (UPnP) Figure 177 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 178 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Page 308: Using Upnp In Windows Xp Example
Chapter 22 Universal Plug-and-Play (UPnP) 22.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device.
Page 309: Figure 180 Internet Connection Properties
Chapter 22 Universal Plug-and-Play (UPnP) Figure 180 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. P-662H/HW-D Series User’s Guide...
Page 310: Figure 181 Internet Connection Properties: Advanced Settings
Chapter 22 Universal Plug-and-Play (UPnP) Figure 181 Internet Connection Properties: Advanced Settings Figure 182 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 311: Figure 183 System Tray Icon
Chapter 22 Universal Plug-and-Play (UPnP) Figure 183 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 184 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first.
Page 312: Figure 185 Network Connections
Chapter 22 Universal Plug-and-Play (UPnP) Figure 185 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-662H/HW-D Series User’s Guide...
Page 313: Figure 186 Network Connections: My Network Places
Chapter 22 Universal Plug-and-Play (UPnP) Figure 186 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 187 Network Connections: My Network Places: Properties: Example P-662H/HW-D Series User’s Guide...
Page 314 Chapter 22 Universal Plug-and-Play (UPnP) P-662H/HW-D Series User’s Guide...
Page 315: Maintenance, Troubleshooting And Specifications
Maintenance, Troubleshooting and Specifications System (317) Logs (323) Tools (329) Diagnostic (335) Troubleshooting (337) Product Specifications (347)
Page 317: System
H A P T E R System Use this screen to configure the ZyXEL Device’s time and date settings. 23.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
Page 318: Figure 188 System General Setup
Chapter 23 System Figure 188 System General Setup The following table describes the labels in this screen. Table 132 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name”...
Page 319: Time Setting
Chapter 23 System Table 132 System General Setup LABEL DESCRIPTION Old Password Type the default administrator password (1234) or the existing password you use to access the system for configuring advanced features in this field. New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type.
Page 320: Table 133 System Time Setting
Chapter 23 System The following table describes the fields in this screen. Table 133 System Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server.
Page 321 Chapter 23 System Table 133 System Time Setting (continued) LABEL DESCRIPTION Enable Daylight Daylight saving is a period from late spring to early fall when many countries set Savings their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Page 322 Chapter 23 System P-662H/HW-D Series User’s Guide...
Page 323: Logs
H A P T E R Logs This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 24.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Page 324: Configuring Log Settings
Chapter 24 Logs Figure 190 View Log The following table describes the fields in this screen. Table 134 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.
Page 325: Figure 191 Log Settings
Chapter 24 Logs Figure 191 Log Settings The following table describes the fields in this screen. Table 135 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 326: Smtp Error Messages
Chapter 24 Logs Table 135 Log Settings LABEL DESCRIPTION Enable SMTP SMTP (Simple Mail Transfer Protocol) is the message-exchange standard for the Authentication Internet. SMTP enables you to move messages from one e-mail server to another. Select the check box to activate SMTP authentication. If mail server authentication is needed but this feature is disabled, you will not receive the e-mail logs.
Page 327: Example E-Mail Log
Chapter 24 Logs Table 136 SMTP Error Messages -4 means HELO fail -5 means MAIL FROM fail -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail 24.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail.
Page 328 Chapter 24 Logs P-662H/HW-D Series User’s Guide...
Page 329: Tools
H A P T E R Tools This chapter describes how to upload new firmware, manage configuration and restart your ZyXEL Device. 25.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a.bin extension, for example, "ZyXEL Device.bin".
Page 330: Figure 194 Firmware Upload In Progress
Chapter 25 Tools Table 137 Firmware Upgrade (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.
Page 331: Configuration Screen
Chapter 25 Tools Figure 196 Error Message 25.2 Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 197 Configuration 25.2.1 Backup Configuration Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer.
Page 332: Restore Configuration
Chapter 25 Tools 25.2.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 138 Maintenance Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find Browse...
Page 333: Back To Factory Defaults
Chapter 25 Tools Figure 200 Configuration Restore Error 25.2.3 Back to Factory Defaults Clicking the Reset button in this section clears all user-entered configuration information and returns the ZyXEL Device to its factory defaults. You can also press the RESET button on the rear panel of the ZyXEL Device to reset the factory defaults of your ZyXEL Device.
Page 334 Chapter 25 Tools P-662H/HW-D Series User’s Guide...
Page 335: Diagnostic
H A P T E R Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 26.1 General Diagnostic Use this screen to perform IP connection from the ZyXEL Device to other network devices. Click Maintenance > Diagnostic to open the screen shown next. Figure 202 Diagnostic: General The following table describes the fields in this screen.
Page 336: Dsl Line Diagnostic
Chapter 26 Diagnostic 26.2 DSL Line Diagnostic Use this screen to test your DSL connection. Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 203 Diagnostic: DSL Line The following table describes the fields in this screen. Table 140 Diagnostic: DSL Line LABEL DESCRIPTION...
Page 337: Troubleshooting
H A P T E R Troubleshooting This chapter covers potential problems and the corresponding remedies. 27.1 Problems Starting Up the ZyXEL Device Table 141 Troubleshooting Starting Up Your ZyXEL Device PROBLEM CORRECTIVE ACTION None of the Make sure that the ZyXEL Device’s power adaptor is connected to the ZyXEL Device LEDs turn on and plugged in to an appropriate power source.
Page 338: Problems With The Wan
Chapter 27 Troubleshooting 27.3 Problems with the WAN Table 143 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL LED is Check the telephone wire and connections between the ZyXEL Device DSL port off. and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service.
Page 339: Pop-Up Windows, Javascripts And Java Permissions
Chapter 27 Troubleshooting 27.4.1 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 340: Figure 205 Internet Options
Chapter 27 Troubleshooting Figure 205 Internet Options 3 Click Apply to save this setting. 27.4.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Page 341: Figure 206 Internet Options
Chapter 27 Troubleshooting Figure 206 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 207 Pop-up Blocker Settings P-662H/HW-D Series User’s Guide...
Page 342: Figure 208 Internet Options
Chapter 27 Troubleshooting 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 27.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 208 Internet Options 2 Click the Custom Level...
Page 343: Figure 209 Security Settings - Java Scripting
Chapter 27 Troubleshooting Figure 209 Security Settings - Java Scripting 27.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 344: Activex Controls In Internet Explorer
Chapter 27 Troubleshooting 27.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 211 Java (Sun) 27.4.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX controls or to use Trend...
Page 345: Figure 212 Internet Options Security
Chapter 27 Troubleshooting Figure 212 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins. 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected.
Page 346 Chapter 27 Troubleshooting P-662H/HW-D Series User’s Guide...
Page 347: Product Specifications
H A P T E R Product Specifications This chapter gives details about your ZyXEL Device’s hardware and firmware features. 28.1 General ZyXEL Device Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. Table 145 Hardware Specifications Default IP Address 192.168.1.1 Default Subnet Mask...
Page 348: Table 146 Firmware Specifications
Chapter 28 Product Specifications Table 146 Firmware Specifications ADSL Standards Multi-Mode standard (ANSI T1.413,Issue 2; G.dmt(G.992.1); G.lite(G992.2)). ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL2+ (G.992.5) Reach-Extended ADSL (RE ADSL) SRA (Seamless Rate Adaptation) Auto-negotiating rate adaptation ADSL physical connection ATM AAL5 (ATM Adaptation Layer type 5) Multi-protocol over AAL5 (RFC2684/1483) PPP over ATM AAL5 (RFC 2364) PPP over Ethernet (RFC 2516)
Page 349 Chapter 28 Product Specifications Table 146 Firmware Specifications (continued) Network Address Each computer on your network must have its own unique IP address. Use Translation (NAT) NAT to convert your public IP address(es) to multiple private IP addresses for the computers on your network. 2048 NAT sessions Multimedia application.
Page 350 Chapter 28 Product Specifications Table 146 Firmware Specifications (continued) Wireless Functionality Allow the IEEE 802.11b and/or IEEE 802.11g wireless clients to connect to the ZyXEL Device wirelessly. Enable wireless security (WEP, WPA(2), WPA(2)-PSK) and/or MAC filtering to protect your wireless network. Note: The P-662HW may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled...
Page 351: Wall-Mounting Instructions
Chapter 28 Product Specifications Table 146 Firmware Specifications (continued) Bandwidth Management You can efficiently manage traffic on your network by reserving bandwidth and giving priority to certain types of traffic and/or to particular computers. Remote Management This allows you to decide whether a service (HTTP or FTP traffic for example) from a computer on a network (LAN or WAN for example) can access the ZyXEL Device.
Page 352: Figure 214 Wall-Mounting Example
Chapter 28 Product Specifications 3 Do not insert the screws all the way into the wall. Leave a small gap of about 0.5 cm between the heads of the screws and the wall. 4 Make sure the screws are snugly fastened to the wall. They need to hold the weight of the ZyXEL Device with the connection cables.
Page 353: Part Vi: Appendices And Index
Appendices and Index The appendices provide general information. Some details may not apply to your ZyXEL Device. Setting up Your Computer’s IP Address (355) Pop-up Windows, JavaScripts and Java Permissions (377) IP Addresses and Subnetting (385) Wireless LANs (395) Management with Wireless Zero Configuration (409) Common Services (423) Virtual Circuit Topology (427) Importing Certificates (429)
Page 355: Appendix A Setting Up Your Computer's Ip Address
P P E N D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP/Vista, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 356: Figure 216 Windows 95/98/Me: Network: Configuration
Appendix A Setting up Your Computer’s IP Address Figure 216 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 357: Figure 217 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
Appendix A Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. •...
Page 358: Figure 218 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
Appendix A Setting up Your Computer’s IP Address Figure 218 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Page 359: Figure 219 Windows Xp: Start Menu
Appendix A Setting up Your Computer’s IP Address Figure 219 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 220 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-662H/HW-D Series User’s Guide...
Page 360: Figure 221 Windows Xp: Control Panel: Network Connections: Properties
Appendix A Setting up Your Computer’s IP Address Figure 221 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 222 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 361: Figure 223 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Appendix A Setting up Your Computer’s IP Address Figure 223 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 362: Figure 224 Windows Xp: Advanced Tcp/Ip Properties
Appendix A Setting up Your Computer’s IP Address Figure 224 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 363: Figure 225 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Appendix A Setting up Your Computer’s IP Address Figure 225 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.
Page 364: Figure 226 Windows Vista: Start Menu
Appendix A Setting up Your Computer’s IP Address Figure 226 Windows Vista: Start Menu 2 In the Control Panel, double-click Network and Internet. Figure 227 Windows Vista: Control Panel 3 Click Network and Sharing Center. Figure 228 Windows Vista: Network And Internet 4 Click Manage network connections.
Page 365: Figure 230 Windows Vista: Network And Sharing Center
Appendix A Setting up Your Computer’s IP Address 5 Right-click Local Area Connection and then click Properties. During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 230 Windows Vista: Network and Sharing Center 6 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Page 366: Figure 232 Windows Vista: Internet Protocol Version 4 (Tcp/Ipv4) Properties
Appendix A Setting up Your Computer’s IP Address 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields.
Page 367: Figure 233 Windows Vista: Advanced Tcp/Ip Properties
Appendix A Setting up Your Computer’s IP Address Figure 233 Windows Vista: Advanced TCP/IP Properties 9 In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 368: Figure 234 Windows Vista: Internet Protocol Version 4 (Tcp/Ipv4) Properties
Appendix A Setting up Your Computer’s IP Address Figure 234 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window. 11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window.
Page 369: Figure 235 Macintosh Os 8/9: Apple Menu
Appendix A Setting up Your Computer’s IP Address Figure 235 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 236 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: •...
Page 370: Figure 237 Macintosh Os X: Apple Menu
Appendix A Setting up Your Computer’s IP Address • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel.
Page 371: Figure 238 Macintosh Os X: Network
Appendix A Setting up Your Computer’s IP Address Figure 238 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 372: Figure 239 Red Hat 9.0: Kde: Network Configuration: Devices
Appendix A Setting up Your Computer’s IP Address Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 373: Figure 241 Red Hat 9.0: Kde: Network Configuration: Dns
Appendix A Setting up Your Computer’s IP Address • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Page 374: Figure 243 Red Hat 9.0: Dynamic Ip Address Setting In Ifconfig-Eth0
Appendix A Setting up Your Computer’s IP Address Figure 243 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter in the field. Type static BOOTPROTO= = followed by the IP address (in dotted decimal notation) and type IPADDR NETMASK...
Page 375: Figure 247 Red Hat 9.0: Checking Tcp/Ip Properties
Appendix A Setting up Your Computer’s IP Address Verifying Settings Enter in a terminal screen to check your TCP/IP properties. ifconfig Figure 247 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1...
Page 376 Appendix A Setting up Your Computer’s IP Address P-662H/HW-D Series User’s Guide...
Page 377: Appendix B Pop-Up Windows, Javascripts And Java Permissions
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 378: Figure 249 Internet Options: Privacy
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 249 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Page 379: Figure 250 Internet Options: Privacy
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 250 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 251 Pop-up Blocker Settings P-662H/HW-D Series User’s Guide...
Page 380: Figure 252 Internet Options: Security
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 381: Figure 253 Security Settings - Java Scripting
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 253 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Page 382: Figure 255 Java (Sun)
Appendix B Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 255 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here.
Page 383: Figure 256 Mozilla Firefox: Tools > Options
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 256 Mozilla Firefox: Tools > Options Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 257 Mozilla Firefox Content Security P-662H/HW-D Series User’s Guide...
Page 384 Appendix B Pop-up Windows, JavaScripts and Java Permissions P-662H/HW-D Series User’s Guide...
Page 385: Appendix C Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 386: Figure 258 Network Number And Host Id
Appendix C IP Addresses and Subnetting Figure 258 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 387: Table 149 Subnet Masks
Appendix C IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 149 Subnet Masks BINARY DECIMAL 4TH OCTET OCTET...
Page 388: Figure 259 Subnetting Example: Before Subnetting
Appendix C IP Addresses and Subnetting Table 151 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.192 1100 0000 255.255.255.224 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 389: Figure 260 Subnetting Example: After Subnetting
Appendix C IP Addresses and Subnetting Figure 260 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 390: Table 153 Subnet 2
Appendix C IP Addresses and Subnetting Table 153 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 154 Subnet 3...
Page 391: Table 157 24-Bit Network Number Subnet Planning
Appendix C IP Addresses and Subnetting Table 156 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 157 24-bit Network Number Subnet Planning NO.
Page 392 Appendix C IP Addresses and Subnetting Table 158 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Page 393: Figure 261 Conflicting Computer Ip Addresses Example
Appendix C IP Addresses and Subnetting IP Address Conflicts Each device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources. The devices may also be unreachable through the network.
Page 394: Figure 263 Conflicting Computer And Router Ip Addresses Example
Appendix C IP Addresses and Subnetting Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address. In the following example, the computer and the router’s LAN port both use 192.168.1.1 as the IP address. The computer cannot access the Internet.
Page 395: Appendix D Wireless Lans
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Page 396: Figure 265 Basic Service Set
Appendix D Wireless LANs Figure 265 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 397: Figure 266 Infrastructure Wlan
Appendix D Wireless LANs Figure 266 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference.
Page 398: Figure 267 Rts/Cts
Appendix D Wireless LANs Figure 267 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 399: Table 159 Ieee 802.11G
Appendix D Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver.
Page 400: Table 160 Wireless Security Levels
Appendix D Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
Page 401 Appendix D Wireless LANs Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Page 402 Appendix D Wireless LANs For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.
Page 403: Table 161 Comparison Of Eap Authentication Types
Appendix D Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen.
Page 404 Appendix D Wireless LANs Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP.
Page 405: Figure 268 Wpa(2) With Radius Application Example
Appendix D Wireless LANs Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client.
Page 406: Figure 269 Wpa(2)-Psk Authentication
Appendix D Wireless LANs 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys.
Page 407 Appendix D Wireless LANs Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN.
Page 408 Appendix D Wireless LANs Positioning Antennas In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. For omni-directional antennas mounted on a table, desk, and so on, point the antenna up.
Page 409: Appendix E Management With Wireless Zero Configuration
P P E N D I X Management with Wireless Zero Configuration This appendix shows you how to manage your ZyXEL Device using the Windows XP wireless zero configuration tool. Be sure you have the Windows XP service pack 2 installed on your computer. Otherwise, you should at least have the Windows XP service pack 1 already on your computer and download the support patch for WPA from the Microsoft web site.
Page 410: Figure 271 Windows Xp Sp2: Wireless Network Connection Status
Appendix E Management with Wireless Zero Configuration Figure 271 Windows XP SP2: Wireless Network Connection Status 4 The Wireless Network Connection Properties screen displays. Click the Wireless Networks tab. Make sure the Use Windows to configure my wireless network settings check box is selected.
Page 411: Figure 273 Windows Xp Sp2: Wireless Network Connection Properties
Appendix E Management with Wireless Zero Configuration Figure 273 Windows XP SP2: Wireless Network Connection Properties If you see the following screen, refer to article 871122 on the Microsoft web site for information on starting WZC. Figure 274 Windows XP SP2: WZC Not Available Connecting to a Wireless Network 1 Double-click the network icon for wireless connections in the system tray to open the Wireless Network Connection Status screen.
Page 412: Figure 275 Windows Xp Sp2: System Tray Icon
Appendix E Management with Wireless Zero Configuration Figure 275 Windows XP SP2: System Tray Icon The type of the wireless network icon in Windows XP SP2 indicates the status of the ZyXEL Device. Refer to the following table for details. Table 163 Windows XP SP2: System Tray Icon ICON DESCRIPTION...
Page 413: Figure 277 Windows Xp Sp1: Wireless Network Connection Status
Appendix E Management with Wireless Zero Configuration Figure 277 Windows XP SP1: Wireless Network Connection Status 3 Windows XP SP2: Click Refresh network list to reload and search for available wireless devices within transmission range. Select a wireless network in the list and click Connect to join the selected wireless network.
Page 414: Figure 279 Windows Xp Sp1: Wireless Network Connection Properties
Appendix E Management with Wireless Zero Configuration The following table describes the icons in the wireless network list. Table 164 Windows XP SP2: Wireless Network Connection ICON DESCRIPTION This denotes that wireless security is activated for the wireless network. This denotes that this wireless network is your preferred network. Ordering your preferred networks is important because the ZyXEL Device tries to associate to the preferred network first in the order that you specify.
Page 415: Figure 280 Windows Xp Sp2: Wireless Network Connection: Wep Or Wpa-Psk
Appendix E Management with Wireless Zero Configuration Figure 280 Windows XP SP2: Wireless Network Connection: WEP or WPA-PSK Figure 281 Windows XP SP2: Wireless Network Connection: No Security 5 Verify that you have successfully connected to the selected network and check the connection status in the wireless network list or the connection icon in the Preferred networks or Available networks list.
Page 416: Figure 282 Windows Xp: Wireless (Network) Properties: Association
Appendix E Management with Wireless Zero Configuration Figure 282 Windows XP: Wireless (network) properties: Association The following table describes the labels in this screen. Table 166 Windows XP: Wireless (network) properties: Association LABEL DESCRIPTION Network name This field displays the SSID (Service Set IDentifier) of each wireless network. (SSID) Network This field automatically shows the authentication method (Share, Open, WPA or...
Page 417: Figure 283 Windows Xp: Wireless (Network) Properties: Authentication
Appendix E Management with Wireless Zero Configuration Authentication Click the Authentication tab in the Wireless (network) properties screen to display the screen shown next. The fields on this screen are grayed out when the network is in Ad-Hoc mode or data encryption is disabled. Figure 283 Windows XP: Wireless (network) properties: Authentication The following table describes the labels in this screen.
Page 418: Figure 284 Windows Xp: Protected Eap Properties
Appendix E Management with Wireless Zero Configuration Authentication Properties Select an EAP authentication type in the Wireless (network) properties: Authentication screen and click the Properties button to display the following screen. Protected EAP Properties Figure 284 Windows XP: Protected EAP Properties The following table describes the labels in this screen.
Page 419: Figure 285 Windows Xp: Smart Card Or Other Certificate Properties
Appendix E Management with Wireless Zero Configuration Table 168 Windows XP: Protected EAP Properties LABEL DESCRIPTION Click OK to save your changes. Cancel Click Cancel to leave this screen without saving any changes you may have made. Smart Card or other Certificate Properties Figure 285 Windows XP: Smart Card or other Certificate Properties The following table describes the labels in this screen.
Page 420: Figure 286 Windows Xp Sp2: Wireless Networks: Preferred Networks
Appendix E Management with Wireless Zero Configuration Table 169 Windows XP: Smart Card or other Certificate Properties LABEL DESCRIPTION Click OK to save your changes. Cancel Click Cancel to leave this screen without saving any changes you may have made. Ordering the Preferred Networks Follow the steps below to manage your preferred networks.
Page 421: Figure 287 Windows Xp Sp1: Wireless Networks: Preferred Networks
Appendix E Management with Wireless Zero Configuration Figure 287 Windows XP SP1: Wireless Networks: Preferred Networks 2 Whenever the ZyXEL Device tries to connect to a new network, the new network is added in the Preferred networks table automatically. Select a network and click Move up or Move down to change it's order, click Remove to delete it or click Properties to view the security, authentication or connection information of the selected network.
Page 422 Appendix E Management with Wireless Zero Configuration P-662H/HW-D Series User’s Guide...
Page 423: Appendix F Common Services
P P E N D I X Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •...
Page 424 Appendix F Common Services Table 170 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323 1720 NetMeeting uses this protocol. HTTP Hyper Text Transfer Protocol - a client/ server protocol for the world wide web.
Page 425 Appendix F Common Services Table 170 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION RTELNET Remote Telnet. RTSP TCP/UDP The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP Simple File Transfer Protocol. SMTP Simple Mail Transfer Protocol is the message-exchange standard for the...
Page 426 Appendix F Common Services P-662H/HW-D Series User’s Guide...
Page 427: Appendix G Virtual Circuit Topology
P P E N D I X Virtual Circuit Topology ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel Logical connections between ATM switches •...
Page 428 Appendix G Virtual Circuit Topology P-662H/HW-D Series User’s Guide...
Page 429: Appendix H Importing Certificates
P P E N D I X Importing Certificates This appendix shows importing certificates examples using Netscape Navigator and Internet Explorer 5. This appendix uses the ZyWALL 70 as an example. Other models should be similar. Import ZyXEL Device Certificates into Netscape Navigator In Netscape Navigator, you can permanently trust the ZyXEL Device’s server certificate by importing it into your operating system as a trusted certification authority.
Page 430: Figure 290 Login Screen
Appendix H Importing Certificates 1 In Internet Explorer, double click the lock shown in the following screen. Figure 290 Login Screen 2 Click Install Certificate to open the Install Certificate wizard. Figure 291 Certificate General Information before Import 3 Click Next to begin the Install Certificate wizard. P-662H/HW-D Series User’s Guide...
Page 431: Figure 292 Certificate Import Wizard 1
Appendix H Importing Certificates Figure 292 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next. Figure 293 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard. P-662H/HW-D Series User’s Guide...
Page 432: Figure 294 Certificate Import Wizard 3
Appendix H Importing Certificates Figure 294 Certificate Import Wizard 3 6 Click Yes to add the ZyXEL Device certificate to the root store. Figure 295 Root Certificate Store P-662H/HW-D Series User’s Guide...
Page 433: Figure 296 Certificate General Information After Import
Appendix H Importing Certificates Figure 296 Certificate General Information after Import P-662H/HW-D Series User’s Guide...
Page 434 Appendix H Importing Certificates P-662H/HW-D Series User’s Guide...
Page 435: Appendix I Netbios Filter Commands
P P E N D I X NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. See Appendix J on page 437 for information on the command structure. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN.
Page 436: Table 171 Netbios Filter Default Settings
Appendix I NetBIOS Filter Commands The filter types and their default settings are as follows. Table 171 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN This field displays whether NetBIOS packets are blocked or forwarded Block and WAN between the LAN and the WAN. IPSec Packets This field displays whether NetBIOS packets sent through a VPN Forward connection are blocked or forwarded.
Page 437: Appendix J Command Interpreter
P P E N D I X Command Interpreter The following describes how to use the command interpreter. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Command Syntax • The command keywords are in courier new font. •...
Page 438: Figure 297 Displaying Log Categories Example
Appendix J Command Interpreter Command Examples This section provides some examples of commands you can use on the ZyXEL Device. This list is intended as a general reference of examples. The commands available in your ZyXEL Device may differ from the examples given here. See the other appendices for more examples. Configuring What You Want the ZyXEL Device to Log 1 Use the command to load the log setting buffer that allows you to...
Page 439 Appendix J Command Interpreter • Use the command to show the logs in an sys logs display [log category] individual ZyXEL Device log category. • Use the command to erase all of the ZyXEL Device’s logs. sys logs clear Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results.
Page 440: Figure 299 Routing Command Example
Appendix J Command Interpreter Figure 299 Routing Command Example ras> ip nat routing 2 0 Routing can work in NAT when no NAT rule match. ----------------------------------------------- LAN: yes ARP Behavior and the ARP ackGratuitous Commands The ZyXEL Device does not accept ARP reply information if the ZyXEL Device did not send out a corresponding request.
Page 441: Figure 300 Backup Gateway
Appendix J Command Interpreter updates its ARP table. This way the ZyXEL Device has a correct gateway ARP entry to forward packets through the backup gateway. If ackGratuitous is off or not set to force updates, the ZyXEL Device will not update the gateway ARP entry and cannot forward packets through gateway B.
Page 442 Appendix J Command Interpreter P-662H/HW-D Series User’s Guide...
Page 443: Appendix K Internal Sptgen
P P E N D I X Internal SPTGEN This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices.
Page 444: Figure 302 Invalid Parameter Entered: Command Line Example
Appendix K Internal SPTGEN DO NOT alter or delete any field except parameters in the Input column. This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space.
Page 445: Figure 304 Internal Sptgen Ftp Download Example
Appendix K Internal SPTGEN Figure 304 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp>...
Page 446: Table 172 Abbreviations Used In The Example Internal Sptgen Screens Table
Appendix K Internal SPTGEN Example Internal SPTGEN Menus This section provides example Internal SPTGEN menus. Table 172 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number Field Name Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device.
Page 447 Appendix K Internal SPTGEN Table 174 Menu 3 / Menu 3.2 TCP/IP and DHCP Ethernet Setup INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> 30200002 = Client IP Pool Starting Address 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server...
Page 448 Appendix K Internal SPTGEN Table 174 Menu 3 30201008 = IP Alias #1 Incoming protocol filters = 256 Set 3 30201009 = IP Alias #1 Incoming protocol filters = 256 Set 4 30201010 = IP Alias #1 Outgoing protocol filters = 256 Set 1 30201011 =...
Page 449: Table 175 Menu 4 Internet Access Setup
Appendix K Internal SPTGEN Table 174 Menu 3 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)> 30500007 = Default Key <1|2|3|4> = 0 30500008 = WEP Key1 30500009 =...
Page 450 Appendix K Internal SPTGEN Table 175 Menu 4 Internet Access Setup (continued) 40000003 = ISP's Name = ChangeMe 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> 40000005 = Multiplexing <1(LLC-based) | 2(VC-based) 40000006 = VPI # 40000007 = VCI # = 35 40000008 =...
Page 451: Table 176 Menu 12
Appendix K Internal SPTGEN Table 175 Menu 4 Internet Access Setup (continued) 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> 40000033= Nailed-up Connection <0(No) |1(Yes)> Table 176 Menu 12 / Menu 12.1.1 IP Static Route Setup INPUT 120101001 = IP Static Route set #1, Name <Str>...
Page 452 Appendix K Internal SPTGEN Table 177 Menu 15 SUA Server Setup (continued) 150000007 = SUA Server #3 Active <0(No) | 1(Yes)> 150000008 = SUA Server #3 Protocol <0(All)|6(TCP)|17(U DP)> 150000009 = SUA Server #3 Port Start 150000010 = SUA Server #3 Port End 150000011 = SUA Server #3 Local IP address = 0.0.0.0...
Page 453: Table 178 Menu 21.1 Filter Set #1
Appendix K Internal SPTGEN Table 177 Menu 15 SUA Server Setup (continued) 150000041 = SUA Server #9 Local IP address = 0.0.0.0 150000042 = SUA Server #10 Active <0(No) | 1(Yes)> 150000043 = SUA Server #10 Protocol <0(All)|6(TCP)|17(U DP)> 150000044 = SUA Server #10 Port Start 150000045 = SUA Server #10 Port End...
Page 454: Table 179 Menu 21.1 Filer Set #2
Appendix K Internal SPTGEN Table 178 Menu 21.1 Filter Set #1 (continued) 210101011 = IP Filter Set 1,Rule 1 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> 210101013 = IP Filter Set 1,Rule 1 Act Match <1(check next)|2(forward)| 3(drop)> 210101014 = IP Filter Set 1,Rule 1 Act Not Match <1(check next)|2(forward)|...
Page 455 Appendix K Internal SPTGEN Table 179 Menu 21.1 Filer Set #2 (continued) 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/ IP)> 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> 210201003 = IP Filter Set 2, Rule 1 Protocol 210201004 = IP Filter Set 2, Rule 1 Dest IP = 0.0.0.0...
Page 456: Table 180 Menu 23 System Menus
Appendix K Internal SPTGEN Table 179 Menu 21.1 Filer Set #2 (continued) 210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port <0(none)|1(equal)| Comp 2(not equal)|3(less)|4(g reater)> 210202013 = IP Filter Set 2, Rule 2 Act Match <1(check next)|2(forward)|3 (drop)>...
Page 457: Table 181 Menu 24.11 Remote Management Control
Appendix K Internal SPTGEN Table 180 Menu 23 System Menus (continued) 230400004 = Authentication Databases <0(Local User Database Only) |1(RADIUS Only) |2(Local,RADIUS) |3(RADIUS,Local)> 230400005 = Key Management Protocol <0(8021x) |1(WPA) |2(WPAPSK)> 230400006 = Dynamic WEP Key Exchange <0(Disable) |1(64- bit WEP) |2(128-bit WEP)>...
Page 458: Table 182 Command Examples
Appendix K Internal SPTGEN Command Examples The following are example Internal SPTGEN screens associated with the ZyXEL Device’s command interpreter commands. Table 182 Command Examples INPUT /ci command (for annex a): wan adsl opencmd INPUT 990000001 = ADSL OPMD <0(glite)|1(t1.413 )|2(gdmt)|3(multim ode)>...
Page 459: Appendix L Log Descriptions
P P E N D I X Log Descriptions This appendix provides descriptions of example log messages. Table 183 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from Time calibration is the time server. successful The router failed to get information from the time server.
Page 460: Table 184 System Error Logs
Appendix L Log Descriptions Table 183 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Someone has logged on to the router’s SSH server. Successful SSH login Someone has failed to log on to the router’s SSH server. SSH login failed Someone has logged on to the router's web configurator Successful HTTPS login interface using HTTPS protocol.
Page 461: Table 186 Tcp Reset Logs
Appendix L Log Descriptions Table 186 TCP Reset Logs LOG MESSAGE DESCRIPTION The router sent a TCP reset packet when a host was under a SYN Under SYN flood attack, flood attack (the TCP incomplete count is per destination host.) sent TCP RST The router sent a TCP reset packet when the number of TCP Exceed TCP MAX...
Page 462: Table 189 Cdr Logs
Appendix L Log Descriptions Table 188 ICMP Logs (continued) LOG MESSAGE DESCRIPTION The firewall allowed a triangle route session to pass Triangle route packet forwarded: through. ICMP The router blocked a packet that didn’t have a Packet without a NAT table entry corresponding NAT table entry.
Page 463: Table 192 Content Filtering Logs
Appendix L Log Descriptions Table 192 Content Filtering Logs LOG MESSAGE DESCRIPTION The content of a requested web page matched a user defined %s: Keyword blocking keyword. The web site is not in a trusted domain, and the router blocks all traffic %s: Not in trusted web except trusted domain sites.
Page 464: Table 194 Ipsec Logs
Appendix L Log Descriptions Table 193 Attack Logs (continued) LOG MESSAGE DESCRIPTION The firewall detected an IP spoofing attack on the WAN port. ip spoofing - WAN [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected an ICMP IP spoofing attack on the WAN ip spoofing - WAN ICMP port.
Page 465: Table 195 Ike Logs
Appendix L Log Descriptions Table 195 IKE Logs LOG MESSAGE DESCRIPTION The IKE process for a new connection failed because the limit Active connection allowed of simultaneous phase 2 SAs has been reached. exceeded Phase 2 Quick Mode has started. Start Phase 2: Quick Mode The connection failed during IKE phase 2 because the router Verifying Remote ID failed:...
Page 466 Appendix L Log Descriptions Table 195 IKE Logs (continued) LOG MESSAGE DESCRIPTION The security gateway is set to “0.0.0.0” and the router used Remote IP <Remote IP> / the peer’s “Local Address” as the router’s “Remote Address”. <Remote IP> conflicts This information conflicted with static rule #d;...
Page 467: Table 196 Pki Logs
Appendix L Log Descriptions Table 195 IKE Logs (continued) LOG MESSAGE DESCRIPTION The listed rule’s IKE phase 2 authentication algorithm did not Rule [%d] Phase 2 match between the router and the peer. authentication algorithm mismatch The listed rule’s IKE phase 2 encapsulation did not match Rule [%d] Phase 2 between the router and the peer.
Page 468: Table 197 Certificate Path Verification Failure Reason Codes
Appendix L Log Descriptions Table 196 PKI Logs (continued) LOG MESSAGE DESCRIPTION The CMP online certificate enrollment failed. The Destination field Enrollment failed records the certification authority server’s IP address and port. The CMP online certificate enrollment failed because the certification Failed to resolve <CMP authority server’s IP address cannot be resolved.
Page 469: Table 198 802.1X Logs
Appendix L Log Descriptions Table 197 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Certificate was revoked by a CRL. Certificate was not added to the cache. Certificate decoding failed. Certificate was not found (anywhere). Certificate chain looped (did not find trusted root). Certificate contains critical extension that was not handled.
Page 470: Table 199 Acl Setting Notes
Appendix L Log Descriptions Table 198 802.1X Logs (continued) LOG MESSAGE DESCRIPTION The router logged out a user from which there was no User logout because of no authentication response. authentication response from user. The router logged out a user whose idle timeout period User logout because of idle expired.
Page 471: Table 201 Syslog Logs
Appendix L Log Descriptions Table 200 ICMP Notes (continued) TYPE CODE DESCRIPTION Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network.
Page 472: Figure 306 Displaying Log Categories Example
ZyXEL Device is to record. 2 Use sys logs category to view a list of the log categories. Figure 306 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras>? Valid commands are: exit...
Page 473: Figure 307 Displaying Log Parameters Example
Appendix L Log Descriptions Figure 307 Displaying Log Parameters Example ras> sys logs category access Usage: [0:none/1:log/2:alert/3:both] [0:don't show debug type/1:show debug type] 4 Use sys logs category followed by a log category and a parameter to decide what to record.
Page 474 Appendix L Log Descriptions Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. ras> sys logs load ras> sys logs category access 3 ras> sys logs save ras>...
Page 475: Appendix M Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 476 Appendix M Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.
Page 477 Appendix M Legal Information Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Page 478 Appendix M Legal Information P-662H/HW-D Series User’s Guide...
Page 479: Appendix N Customer Support
• Sales E-mail: sales@zyxel.com.tw • Telephone: +886-3-578-3942 • Fax: +886-3-578-2439 • Web: www.zyxel.com, www.europe.zyxel.com • FTP: ftp.zyxel.com, ftp.europe.zyxel.com • Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, Taiwan Costa Rica • Support E-mail: soporte@zyxel.co.cr • Sales E-mail: sales@zyxel.co.cr •...
Page 480 Appendix N Customer Support • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk • Telephone: +45-39-55-07-00 • Fax: +45-39-55-07-07 • Web: www.zyxel.dk • Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark Finland •...
Page 481 Appendix N Customer Support India • Support E-mail: support@zyxel.in • Sales E-mail: sales@zyxel.in • Telephone: +91-11-30888144 to +91-11-30888153 • Fax: +91-11-30888149, +91-11-26810715 • Web: http://www.zyxel.in • Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1, New Delhi 110020, India Japan •...
Page 482 Appendix N Customer Support • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no • Telephone: +47-22-80-61-80 • Fax: +47-22-80-61-81 • Web: www.zyxel.no • Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway Poland •...
Page 483 • Sales E-mail: sales@zyxel.co.uk • Telephone: +44-1344-303044, 08707-555779 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • FTP: ftp.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) P-662H/HW-D Series User’s Guide...
Page 484 Appendix N Customer Support P-662H/HW-D Series User’s Guide...
Page 485: Index
Index Index BW Budget Address Assignment Address Resolution Protocol (ARP) ADSL standards Advanced Encryption Standard See AES. CBR (Continuous Bit Rate) 89, 93 certificate AH Protocol Certificate Authority alternative subnet mask notation See CA. antenna certifications directional notices gain viewing omni-directional change password at login antenna gain...
Page 486 Index Content Filtering Categories Schedule EAP Authentication Trusted computers URL keyword blocking embedded help Content filtering Encapsulated Routing Link Protocol (ENET ENCAP) content filtering Encapsulation 81, 217 copyright ENET ENCAP CTS (Clear to Send) PPP over Ethernet Custom Ports PPPoA Creating/Editing RFC 1483 customer support...
Page 487 Index FTP Restrictions Internet Control Message Protocol (ICMP) 161, 185 Internet Key Exchange Internet Protocol Security IP Address 103, 146, 147 IP Address Assignment ENET ENCAP PPPoA or PPPoE General Setup RFC 1483 General wireless LAN screen IP Pool IP Pool Setup IP protocol type IP Spoofing 160, 162...
Page 488 Index Metric PIN number Multicast Ping of Death Multiplexing Point to Point Protocol over ATM Adaptation Layer 5 (AAL5) multiplexing LLC-based POP3 VC-based PPPoE Multiprotocol Encapsulation Benefits My IP Address preamble mode myZyXEL.com Pre-defined Web Content Categories Pre-Shared Key Priorities 130, 281 Priority Priority-based Scheduler...
Page 489 Index TCP Maximum Incomplete safety warnings TCP Security Saving the State TCP/IP 159, 160 Scheduler Teardrop screws Telnet Secure Gateway Address Temporal Key Integrity Protocol (TKIP) Security Association text file format Security In General TFTP Restrictions Security Parameter Index The DeMilitarized Zone (DMZ) Security Ramifications Three-Way Handshake Server...
Page 490 Index WAN (Wide Area Network) WAN backup 94, 96 WAN to LAN Rules warranty note Web Configurator 43, 47, 165, 166, 171 web configurator screen summary Web Site Filters WEP Encryption Wi-Fi Multimedia QoS Wi-Fi Protected Access wireless client WPA supplicants wireless security WLAN interference...
Page 491 Index P-662H/HW-D Series User’s Guide...
Page 492 Index P-662H/HW-D Series User’s Guide...

This manual is also suitable for:

P-662h-63 P-662hw-61 P-662h-67 P-662hw-63 P-662hw-67 P-662hw-d1 ... Show all