Page 1 P-660HW-D ADSL 2+ 4-port Gateway User’s Guide Version 3.40 1/2007 Edition 1 www.zyxel.com...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw P-660HW-D User’s Guide...
Page 4: Document Conventions
Syntax Conventions • The P-660HW-D may be referred to as the “ZyXEL Device”, the “device” or the “system” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router P-660HW-D User’s Guide...
Page 6: Safety Warnings
Only use the included antenna(s). • If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged. This product is recyclable. Dispose of it properly. P-660HW-D User’s Guide...
Page 7 Safety Warnings P-660HW-D User’s Guide...
Page 8 Safety Warnings P-660HW-D User’s Guide...
Page 9: Table Of Contents
Dynamic DNS Setup ........................ 191 Remote Management Configuration ..................195 Universal Plug-and-Play (UPnP) ..................... 205 Maintenance and Troubleshooting ..................217 System ............................. 219 Tools ............................225 Diagnostic ..........................231 Logs ............................233 Troubleshooting ........................251 Appendices and Index ......................257 P-660HW-D User’s Guide...
Page 10 Contents Overview P-660HW-D User’s Guide...
Page 11: Table Of Contents
2.4.1 Navigation Panel ......................38 2.4.2 Status Screen ......................40 2.4.3 Status: Any IP Table ....................43 2.4.4 Status: WLAN Status ....................43 2.4.5 Status: Bandwidth Status ................... 44 2.4.6 Status: Packet Statistics ..................... 44 2.4.7 Changing Login Password ..................46 P-660HW-D User’s Guide...
Page 12 5.5.1 Configuring Advanced Internet Connection Setup ............. 78 5.6 Configuring More Connections .................... 80 5.6.1 More Connections Edit ....................81 5.6.2 Configuring More Connections Advanced Setup ............84 5.7 Traffic Redirect ........................85 5.8 Configuring WAN Backup ....................85 P-660HW-D User’s Guide...
Page 13 7.5 OTIST ..........................113 7.5.1 Enabling OTIST ......................113 7.5.2 Starting OTIST ......................115 7.5.3 Notes on OTIST ......................116 7.6 MAC Filter ........................116 7.7 WMM QoS ..........................118 7.7.1 WMM QoS Example ....................118 7.7.2 WMM QoS Priorities ....................118 7.7.3 Services ........................119 P-660HW-D User’s Guide...
Page 14 9.5.2 Stateful Inspection and the ZyXEL Device ............... 144 9.5.3 TCP Security ......................144 9.5.4 UDP/ICMP Security ....................145 9.5.5 Upper Layer Protocols ..................... 145 9.6 Guidelines for Enhancing Security with Your Firewall ............146 9.6.1 Security In General ....................146 P-660HW-D User’s Guide...
Page 15 11.3 Configuring the Schedule ....................172 11.4 Configuring Trusted Computers ..................173 Chapter 12 Static Route ........................... 175 12.1 Static Route ........................175 12.2 Configuring Static Route ....................175 12.2.1 Static Route Edit ....................176 Chapter 13 Bandwidth Management....................... 179 P-660HW-D User’s Guide...
Page 16 15.5 Configuring FTP ......................198 15.6 SNMP ..........................199 15.6.1 Supported MIBs ..................... 200 15.6.2 SNMP Traps ......................201 15.6.3 Configuring SNMP ....................201 15.7 Configuring DNS ......................202 15.8 Configuring ICMP ......................203 Chapter 16 Universal Plug-and-Play (UPnP)..................205 P-660HW-D User’s Guide...
Page 17 Chapter 19 Diagnostic ..........................231 19.1 General Diagnostic ......................231 19.2 DSL Line Diagnostic ...................... 232 Chapter 20 Logs ............................233 20.1 Logs Overview ........................ 233 20.1.1 Alerts and Logs ...................... 233 20.2 Viewing the Logs ......................233 P-660HW-D User’s Guide...
Page 18 Appendix H Pop-up Windows, JavaScripts and Java Permissions ........311 Appendix I Firewall Commands.................... 317 Appendix J NetBIOS Filter Commands ................323 Appendix K Splitters and Microfilters..................325 Appendix L Triangle Route ....................329 Appendix M Legal Information....................331 Appendix N Customer Support..................... 335 Index............................339 P-660HW-D User’s Guide...
Page 19: List Of Figures
Figure 34 Wizard: Welcome ........................65 Figure 35 Bandwidth Management Wizard: General Information ............65 Figure 36 Bandwidth Management Wizard: Configuration ..............66 Figure 37 Bandwidth Management Wizard: Complete ................67 Figure 38 Example of Traffic Shaping ....................75 P-660HW-D User’s Guide...
Page 20 Figure 76 NAT Port Forwarding ......................132 Figure 77 Port Forwarding Rule Setup ....................133 Figure 78 Address Mapping Rules ....................... 134 Figure 79 Edit Address Mapping Rule ....................135 Figure 80 Firewall Application ......................139 Figure 81 Three-Way Handshake ......................140 P-660HW-D User’s Guide...
Page 21 Figure 120 Add/Remove Programs: Windows Setup: Communication: Components ......208 Figure 121 Network Connections ......................208 Figure 122 Windows Optional Networking Components Wizard ............209 Figure 123 Networking Services ......................209 Figure 124 Network Connections ......................210 P-660HW-D User’s Guide...
Page 22 Figure 163 Windows XP: Advanced TCP/IP Properties ............... 290 Figure 164 Windows XP: Internet Protocol (TCP/IP) Properties ............291 Figure 165 Macintosh OS 8/9: Apple Menu ..................292 Figure 166 Macintosh OS 8/9: TCP/IP ....................292 Figure 167 Macintosh OS X: Apple Menu .................... 293 P-660HW-D User’s Guide...
Page 23 Figure 189 Connecting a Microfilter ...................... 326 Figure 190 Connecting a Microfilter and Y-Connector ................326 Figure 191 ZyXEL Device with ISDN ....................327 Figure 192 Ideal Setup ......................... 329 Figure 193 “Triangle Route” Problem ....................330 Figure 194 IP Alias ..........................330 P-660HW-D User’s Guide...
Page 24 List of Figures P-660HW-D User’s Guide...
Page 25: List Of Tables
Table 32 Wireless LAN: General ......................105 Table 33 Wireless No Security ......................106 Table 34 Wireless: Static WEP Encryption ..................107 Table 35 Wireless: WPA-PSK/WPA2-PSK ................... 108 Table 36 Wireless: WPA/WPA2 ......................110 Table 37 Wireless LAN: Advanced .......................112 Table 38 OTIST ............................114 P-660HW-D User’s Guide...
Page 26 Table 77 Sub-Classes of AF Services ....................186 Table 78 Bandwidth Management Rule Configuration ................ 187 Table 79 Services and Port Numbers ....................189 Table 80 Dynamic DNS ........................192 Table 81 Remote Management: WWW ....................197 P-660HW-D User’s Guide...
Page 27 Table 120 Menu 1 General Setup ......................268 Table 121 Menu 3 ..........................268 Table 122 Menu 4 Internet Access Setup .................... 270 Table 123 Menu 12 ..........................272 Table 124 Menu 15 SUA Server Setup ....................272 P-660HW-D User’s Guide...
Page 28 Table 140 Subnet 4 ..........................303 Table 141 Eight Subnets ........................304 Table 142 Class C Subnet Planning ....................304 Table 143 Class B Subnet Planning ....................304 Table 144 Firewall Commands ......................317 Table 145 NetBIOS Filter Default Settings ..................324 P-660HW-D User’s Guide...
Page 29: Introduction
Introduction Introducing the ZyXEL Device (31) Introducing the Web Configurator (35)
Page 31: Introducing The Zyxel Device
WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs. A typical Internet access application is shown below P-660HW-D User’s Guide...
Page 32: Ways To Manage The Zyxel Device
The standard your ISP supports determines the maximum upstream and downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, line quality, etc. 1.2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. P-660HW-D User’s Guide...
Page 33: Good Habits For Managing The Zyxel Device
If you backed up an earlier configuration file, you would not have to totally re-configure the ZyXEL Device. You could simply restore your last configuration. 1.4 LEDs The following figure shows the ZyXEL Device’s LEDs. Figure 3 Front Panel P-660HW-D User’s Guide...
Page 34: Hardware Connections
The DSL line is down. INTERNET Green The Internet connection is up. Blinking The ZyXEL Device is initializing the DSL line. The DSL line is down. 1.5 Hardware Connections Refer to the Quick Start Guide for information on hardware connections. P-660HW-D User’s Guide...
Page 35: Introducing The Web Configurator
1 Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). 2 Prepare your computer/computer network to connect to the ZyXEL Device (refer to the Quick Start Guide). 3 Launch your web browser. 4 Type "192.168.1.1" as the URL. P-660HW-D User’s Guide...
Page 36: Figure 4 Password Screen
If you do not change the password at least once, the following screen appears every time you log in with the admin password. Figure 5 Change Password at Login P-660HW-D User’s Guide...
Page 37: Resetting The Zyxel Device
2 Press the RESET button for ten seconds or until the POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have been restored and the ZyXEL Device restarts. P-660HW-D User’s Guide...
Page 38: Navigating The Web Configurator
MANAGEMENT packet type. SETUP Logout Click this icon to exit the web configurator. Status This screen shows the ZyXEL Device’s general device, system and interface status information. Use this screen to access the summary statistics tables. Network P-660HW-D User’s Guide...
Page 39 Use this screen to enable bandwidth management on an MGMT interface. Rule Setup Use this screen to define a bandwidth rule. Monitor Use this screen to view the ZyXEL Device’s bandwidth usage and allotments. Dynamic DNS Use this screen to set up dynamic DNS. P-660HW-D User’s Guide...
Page 40: Status Screen
The following summarizes how to navigate the web configurator from the Status screen. Some fields or links are not available if you entered the user password in the login password screen (see Figure 4 on page 36). Not all fields are available on all models. P-660HW-D User’s Guide...
Page 41: Figure 8 Status Screen
This is the WAN port IP subnet mask. Default Gateway This is the IP address of the default gateway, if applicable. VPI/VCI This is the Virtual Path Identifier and Virtual Channel Identifier that you entered in the wizard or WAN screen. LAN Information P-660HW-D User’s Guide...
Page 42 This screen displays the MAC address(es) of the wireless stations that are (Wireless devices currently associating with the ZyXEL Device. only) Bandwidth Status Use this screen to view the ZyXEL Device’s bandwidth usage and allotments. Packet Statistics Use this screen to view port status and packet specific statistics. P-660HW-D User’s Guide...
Page 43: Status: Any Ip Table
Click Refresh to update this screen. 2.4.4 Status: WLAN Status Click the WLAN Status hyperlink in the Status screen to view the wireless stations that are currently associated to the ZyXEL Device. Figure 10 Status: WLAN Status P-660HW-D User’s Guide...
Page 44: Status: Bandwidth Status
Click the Packet Statistics hyperlink in the Status screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Not all fields are available on all models P-660HW-D User’s Guide...
Page 45: Figure 12 Status: Packet Statistics
This field displays the number of error packets on this port. Tx B/s This field displays the number of bytes transmitted in the last second. Rx B/s This field displays the number of bytes received in the last second. P-660HW-D User’s Guide...
Page 46: Changing Login Password
Device. If you didn’t change the default one after you logged in or you want to change to a new password again, then click Maintenance > System to display the screen shown next. See Table 89 on page 220 for detailed field descriptions. Figure 13 System General P-660HW-D User’s Guide...
Page 47: Wizards
Wizards Wizard Setup for Internet Access (49) Bandwidth Management Wizard (63)
Page 49: Wizard Setup For Internet Access
1 After you enter the admin password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to display the wizard main screen. Figure 14 Select a Mode P-660HW-D User’s Guide...
Page 50: Figure 15 Wizard: Welcome
If the wizard still cannot detect a connection type and the following screen appears (see Figure 17 on page 51), click Next and refer to Section 3.2.2 on page 51 on how to configure the ZyXEL Device for Internet access manually. P-660HW-D User’s Guide...
Page 51: Automatic Detection
1 If the ZyXEL Device fails to detect your DSL connection type, enter the Internet access information given to you by your ISP exactly in the wizard screen. If not given, leave the fields set to the default. P-660HW-D User’s Guide...
Page 52: Figure 19 Internet Access Wizard Setup: Isp Parameters
Click Exit to close the wizard screen without saving your changes. 2 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. P-660HW-D User’s Guide...
Page 53: Figure 20 Internet Connection With Pppoe
Table 10 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field. Back Click Back to go back to the previous wizard screen. P-660HW-D User’s Guide...
Page 54: Figure 22 Internet Connection With Enet Encap
As above. Server Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. P-660HW-D User’s Guide...
Page 55: Figure 23 Internet Connection With Pppoa
Figure 24 Connection Test Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet Setup Wizard to verify your Internet access settings. P-660HW-D User’s Guide...
Page 56: Wireless Connection Wizard Setup
1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. Figure 26 Connection Test Successful 2 Use this screen to activate the wireless LAN and OTIST. Click Next to continue. P-660HW-D User’s Guide...
Page 57: Figure 27 Wireless Lan Setup Wizard 1
Back Click Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 3 Configure your wireless settings in this screen. Click Next. P-660HW-D User’s Guide...
Page 58: Figure 28 Wireless Lan Setup Wizard 2
ZyXEL Device will replace the WEP key with a WPA-PSK. Back Click Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. P-660HW-D User’s Guide...
Page 59: Manually Assign A Wpa-Psk Key
Click Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 3.3.2 Manually assign a WEP key Choose Manually assign a WEP key to setup WEP Encryption parameters. P-660HW-D User’s Guide...
Page 60: Figure 30 Manually Assign A Wep Key
5 Click Apply to save your wireless LAN settings. Figure 31 Wireless LAN Setup 3 6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. P-660HW-D User’s Guide...
Page 61: Figure 32 Internet Access And Wlan Wizard Setup Complete
Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. P-660HW-D User’s Guide...
Page 62 Chapter 3 Wizard Setup for Internet Access P-660HW-D User’s Guide...
Page 63: Bandwidth Management Wizard
Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems. Telnet uses TCP port 23. P-660HW-D User’s Guide...
Page 64: Bandwidth Management Wizard Setup
1 After you enter the admin password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to display the wizard main screen. Figure 33 Select a Mode P-660HW-D User’s Guide...
Page 65: Figure 34 Wizard: Welcome
Click Exit to close the wizard screen without saving. 4 Use the second wizard screen to select the services that you want to apply bandwidth management and select the priorities that you want to apply to the services listed. P-660HW-D User’s Guide...
Page 66: Figure 36 Bandwidth Management Wizard: Configuration
Click Apply to save your changes to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration. P-660HW-D User’s Guide...
Page 67: Figure 37 Bandwidth Management Wizard: Complete
Chapter 4 Bandwidth Management Wizard Figure 37 Bandwidth Management Wizard: Complete P-660HW-D User’s Guide...
Page 68 Chapter 4 Bandwidth Management Wizard P-660HW-D User’s Guide...
Page 69: Advanced Setup
Advanced Setup WAN Setup (71) LAN Setup (89) Network Address Translation (NAT) Screens (125) Firewalls (137) Firewall Configuration (149) Content Filtering (171) Static Route (175) Bandwidth Management (179) Dynamic DNS Setup (191) Remote Management Configuration (195) Universal Plug-and-Play (UPnP) (205)
Page 71: Wan Setup
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access. P-660HW-D User’s Guide...
Page 72: Multiplexing
Here are some examples of more suitable combinations in such an application. 5.1.3.1 Scenario 1: One VC, Multiple Protocols PPPoA (RFC-2364) encapsulation with VC-based multiplexing is the best combination because no extra protocol identifying headers are needed. The PPP protocol already contains this information. P-660HW-D User’s Guide...
Page 73: Vpi And Vci
The second is that the ZyXEL Device will try to bring up the connection when turned on and whenever the connection is down. A nailed-up connection can be very expensive for obvious reasons. P-660HW-D User’s Guide...
Page 74: Nat
(but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not guaranteed because it is dependent on the line speed. P-660HW-D User’s Guide...
Page 75: Atm Traffic Classes
PCR is specified) but is only available when data is being sent. An example of an VBR-RT connection would be video conferencing. Video conferencing requires real-time data transfers and the bandwidth requirement varies in proportion to the video image's changing dynamics. P-660HW-D User’s Guide...
Page 76: Zero Configuration Internet Access
• you set the ZyXEL Device to use a static (fixed) WAN IP address. 5.5 Internet Connection To change your ZyXEL Device’s WAN Internet access settings, click Network > WAN. The screen differs by the encapsulation. Section 5.1 on page 71 for more information. P-660HW-D User’s Guide...
Page 77: Figure 39 Internet Connection (Pppoe)
(PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service here. Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. P-660HW-D User’s Guide...
Page 78: Configuring Advanced Internet Connection Setup
WAN setup. 5.5.1 Configuring Advanced Internet Connection Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the Internet Connection screen. The screen appears as shown. P-660HW-D User’s Guide...
Page 79: Figure 40 Advanced Internet Connection Setup
Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec. Maximum Burst Maximum Burst Size (MBS) refers to the maximum number of cells that can be Size sent at the peak rate. Type the MBS, which is less than 65535. P-660HW-D User’s Guide...
Page 80: Configuring More Connections
When you use the WAN > Internet Connection screen to set up Internet access, you are configuring the first WAN connection. Click Network > WAN > More Connections to display the screen as shown next. Figure 41 More Connections P-660HW-D User’s Guide...
Page 81: More Connections Edit
Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 5.6.1 More Connections Edit Click the edit icon ( ) in the More Connections screen to configure a connection. P-660HW-D User’s Guide...
Page 82: Figure 42 More Connections Edit
ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. P-660HW-D User’s Guide...
Page 83 Click Back to return to the previous screen. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click this button to display the More Connections Advanced screen and edit more details of your WAN setup. P-660HW-D User’s Guide...
Page 84: Configuring More Connections Advanced Setup
Type the MBS, which is less than 65535. Back Click Back to return to the previous screen. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-D User’s Guide...
Page 85: Traffic Redirect
(Subnet 1) to the backup gateway (Subnet 2). Figure 45 Traffic Redirect LAN Setup 5.8 Configuring WAN Backup To change your ZyXEL Device’s WAN backup settings, click Network > WAN > WAN Backup Setup. The screen appears as shown. P-660HW-D User’s Guide...
Page 86: Figure 46 Wan Backup Setup
Type the number of seconds (30 recommended) for the ZyXEL Device to wait between checks. Allow more time if your destination IP address handles lots of traffic. P-660HW-D User’s Guide...
Page 87 Type the IP address of your backup gateway in dotted decimal notation. The ZyXEL Device automatically forwards traffic to this IP address if the ZyXEL Device's Internet connection terminates. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-D User’s Guide...
Page 88 Chapter 5 WAN Setup P-660HW-D User’s Guide...
Page 89: Lan Setup
The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 47 LAN and WAN IP Addresses P-660HW-D User’s Guide...
Page 90: Dhcp Setup
The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. There are two ways that an ISP disseminates the DNS server addresses. P-660HW-D User’s Guide...
Page 91: Lan Tcp/Ip
However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 — 10.255.255.255 • 172.16.0.0 — 172.31.255.255 • 192.168.0.0 — 192.168.255.255 P-660HW-D User’s Guide...
Page 92: Rip Setup
IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address P-660HW-D User’s Guide...
Page 93: Any Ip
Figure 48 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the ZyXEL Device’s IP address. P-660HW-D User’s Guide...
Page 94: Configuring Lan Ip
Internet as if it is in the same subnet as the ZyXEL Device. 6.3 Configuring LAN IP Click LAN to open the IP screen. See Section 6.1 on page 89 for background information. Figure 49 LAN IP P-660HW-D User’s Guide...
Page 95: Configuring Advanced Lan Setup
Select the RIP version from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it. P-660HW-D User’s Guide...
Page 96: Dhcp Setup
Click Cancel to begin configuring this screen afresh. 6.4 DHCP Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 51 DHCP Setup P-660HW-D User’s Guide...
Page 97: Lan Client List
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. To change your ZyXEL Device’s static DHCP settings, click Network > LAN > Client List. The screen appears as shown. P-660HW-D User’s Guide...
Page 98: Lan Ip Alias
IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The ZyXEL Device supports three logical LAN interfaces via its single physical Ethernet interface with the ZyXEL Device itself as the gateway for each LAN network. P-660HW-D User’s Guide...
Page 99: Figure 53 Physical Network & Partitioned Logical Networks
The following figure shows a LAN divided into subnets A, B, and C. Figure 53 Physical Network & Partitioned Logical Networks To change your ZyXEL Device’s IP alias settings, click Network > LAN > IP Alias. The screen appears as shown. Figure 54 LAN IP Alias P-660HW-D User’s Guide...
Page 100: Table 30 Lan Ip Alias
By default, RIP direction is set to Both and the Version set to RIP-1. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-D User’s Guide...
Page 101: Wireless Lan
The SSID is the name of the wireless network. It stands for Service Set IDentity. • If two wireless networks overlap, they should use different channels. Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information. P-660HW-D User’s Guide...
Page 102: Wireless Security Overview
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. P-660HW-D User’s Guide...
Page 103: Encryption
It is not possible to use WPA-PSK, WPA or stronger encryption with a local user database. In this case, it is better to set up stronger encryption with no authentication than to set up weaker encryption with the local user database. P-660HW-D User’s Guide...
Page 104: One-Touch Intelligent Security Technology (Otist)
Apply to confirm. You must then change the wireless settings of your computer to match the ZyXEL Device’s new settings. Click Network > Wireless LAN to open the General screen. P-660HW-D User’s Guide...
Page 105: No Security
WLAN setup. See the rest of this chapter for information on the other labels in this screen. 7.4.1 No Security Select No Security to allow wireless clients to communicate with the access points without any data encryption. P-660HW-D User’s Guide...
Page 106: Wep Encryption
In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen. Select Static WEP from the Security Mode list. P-660HW-D User’s Guide...
Page 107: Wpa-Psk/Wpa2-Psk
Click Advanced Setup to display the Wireless Advanced Setup screen and edit Setup more details of your WLAN setup. 7.4.3 WPA-PSK/WPA2-PSK In order to configure and enable WPA(2)-PSK authentication; click Network > Wireless LAN to display the General screen. Select WPA-PSK or WPA2-PSK from the Security Mode list. P-660HW-D User’s Guide...
Page 108: Figure 59 Wireless: Wpa-Psk/Wpa2-Psk
Enter a time interval between 10 and 9999 seconds. The Seconds) default time interval is 1800 seconds (30 minutes). Note: If wireless client authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. P-660HW-D User’s Guide...
Page 109: Wpa/Wpa2
Click Advanced Setup to display the Wireless Advanced Setup screen and edit more details of your WLAN setup. 7.4.4 WPA/WPA2 In order to configure and enable WPA/WPA2; click the Wireless LAN link under Network to display the General screen. Select WPA or WPA2 from the Security Mode list. P-660HW-D User’s Guide...
Page 110: Figure 60 Wireless: Wpa/Wpa2
The ZyXEL Device automatically disconnects a wireless client from the wired Seconds) network after a period of inactivity. The wireless client needs to enter the username and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour). P-660HW-D User’s Guide...
Page 111: Wireless Lan Advanced Setup
Click Advanced Setup to display the Wireless Advanced Setup screen and edit more details of your WLAN setup. 7.4.5 Wireless LAN Advanced Setup To configure advanced wireless settings, click the Advanced Setup button in the General screen. The screen appears as shown. P-660HW-D User’s Guide...
Page 112: Figure 61 Advanced
ZZyXEL Device transmits IEEE 802.11g wireless traffic only. Type the maximum frame burst between 0 and 1800 (650, 1000 or 1800 recommended). Enter 0 to disable this feature. Back Click Back to return to the previous screen. P-660HW-D User’s Guide...
Page 113: Otist
Setup key is used to encrypt the settings that you want to transfer. Hold in the RESET button for three to eight seconds. If you hold in the RESET button too long, the device will reset to the factory defaults! P-660HW-D User’s Guide...
Page 114: Figure 62 Otist
ZyXEL Device. You must also activate and start OTIST on the wireless client(s) all within three minutes. 7.5.1.2 Wireless Client Start the ZyXEL utility and click the Adapter tab. Select the OTIST check box, enter the same Setup Key as your AP’s and click Save. P-660HW-D User’s Guide...
Page 115: Starting Otist
After reviewing the settings, click OK. Figure 64 Security Key 2 This screen appears while OTIST settings are being transferred. It closes when the transfer is complete. Figure 65 OTIST in Progress (AP) Figure 66 OTIST in Progress (Client) P-660HW-D User’s Guide...
Page 116: Notes On Otist
(Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure this screen. P-660HW-D User’s Guide...
Page 117: Figure 69 Mac Address Filter
ZyXEL Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-660HW-D User’s Guide...
Page 118: Wmm Qos
This is typically used for non-critical “background” traffic such as bulk transfers and print jobs that are allowed but that should not affect other applications and users. Use low priority for applications that do not have strict latency and throughput requirements. P-660HW-D User’s Guide...
Page 119: Services
A protocol for news groups. NFS(UDP:2049) Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments. NNTP(TCP:119) Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. P-660HW-D User’s Guide...
Page 120: Qos Screen
TCP (Transmission Control Protocol). VDOLIVE(TCP:7000) Another videoconferencing solution. 7.8 QoS Screen The QoS screen by default allows you to automatically give a service a priority level according to the ToS value in the IP header of the packets it sends. P-660HW-D User’s Guide...
Page 121: Tos (Type Of Service) And Wmm Qos
This is the number of an individual application entry. Name This field displays a description given to an application entry. Service This field displays either FTP, WWW, E-mail or a User Defined service to which you want to apply WMM QoS. P-660HW-D User’s Guide...
Page 122: Application Priority Configuration
) under Modify. The following screen displays. Figure 71 Application Priority Configuration The following table describes the fields in this screen. Table 43 Application Priority Configuration LABEL DESCRIPTION Application Priority Configuration Name Type a description of the application priority. P-660HW-D User’s Guide...
Page 123 Priority Select a priority from the drop-down list box. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous screen without saving your changes. P-660HW-D User’s Guide...
Page 124 Chapter 7 Wireless LAN P-660HW-D User’s Guide...
Page 125: Network Address Translation (Nat) Screens
This refers to the packet address (source or destination) as the packet travels on the LAN. Global This refers to the packet address (source or destination) as the packet travels on the WAN. NAT never changes the IP address (either local or global) of an outside host. P-660HW-D User’s Guide...
Page 126: What Nat Does
The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. More examples follow at the end of this chapter. P-660HW-D User’s Guide...
Page 127: Nat Mapping Types
• Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. P-660HW-D User’s Guide...
Page 128: Sua (Single User Account) Versus Nat
8.3 NAT General Setup You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. Click Network > NAT to open the following screen. P-660HW-D User’s Guide...
Page 129: Port Forwarding
A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world. P-660HW-D User’s Guide...
Page 130: Default Server Ip Address
SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System) Finger HTTP (Hyper Text Transfer protocol or WWW, Web) POP3 (Post Office Protocol) NNTP (Network News Transport Protocol) SNMP (Simple Network Management Protocol) SNMP trap PPTP (Point-to-Point Tunneling Protocol) 1723 P-660HW-D User’s Guide...
Page 131: Configuring Servers Behind Port Forwarding (Example)
Click Network > NAT > Port Forwarding to open the following screen. Table 47 on page 130 for port numbers commonly used for particular services. P-660HW-D User’s Guide...
Page 132: Port Forwarding Rule Edit
Click Cancel to return to the previous configuration. 8.5.1 Port Forwarding Rule Edit To edit a port forwarding rule, click the rule’s edit icon ( ) in the Port Forwarding screen to display the screen shown next. P-660HW-D User’s Guide...
Page 133: Address Mapping
When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty P-660HW-D User’s Guide...
Page 134: Figure 78 Address Mapping Rules
IP address from your ISP. You can only do this for Many-to-One and Server mapping types. Global End IP This is the ending Inside Global IP Address (IGA). This field is N/A for One-to-one, Many-to-One and Server mapping types. P-660HW-D User’s Guide...
Page 135: Address Mapping Rule Edit
8.6.1 Address Mapping Rule Edit To edit an address mapping rule, click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 79 Edit Address Mapping Rule P-660HW-D User’s Guide...
Page 136: Table 51 Edit Address Mapping Rule
Server Mapping Set field. Back Click Back to return to the previous screen. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-D User’s Guide...
Page 137: Firewalls
There are three main types of firewalls: • Packet Filtering Firewalls • Application-level Firewalls • Stateful Inspection Firewalls 9.2.1 Packet Filtering Firewalls Packet filtering firewalls restrict access based on the source/destination computer network address of a packet and the type of application. P-660HW-D User’s Guide...
Page 138: Application-Level Firewalls
These computers will have access to Internet services such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service. P-660HW-D User’s Guide...
Page 139: Denial Of Service Attacks
If the person configuring or managing the computer is not careful, a hacker could attack it over an unprotected port. Some of the most common IP ports are: Table 52 Common IP Ports Telnet HTTP SMTP POP3 P-660HW-D User’s Guide...
Page 140: Types Of Dos Attacks
ACK comes back or when an internal timer (which is set at relatively long intervals) terminates the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable for legitimate users. P-660HW-D User’s Guide...
Page 141: Figure 82 Syn Flood
"intermediary" network, but will also congest the network of the spoofed source IP address, known as the "victim" network. This flood of broadcast traffic consumes all available bandwidth, making communications impossible. Figure 83 Smurf Attack P-660HW-D User’s Guide...
Page 142: Stateful Inspection
This “remembering” is called saving the state. When the outside system responds to your request, the firewall compares the received packets with the saved state to determine if they P-660HW-D User’s Guide...
Page 143: Stateful Inspection Process
WAN interface's inbound extended access list. This temporary access list entry is designed to permit inbound packets of the same connection as the outbound packet just inspected. 5 The outbound packet is forwarded out through the interface. P-660HW-D User’s Guide...
Page 144: Stateful Inspection And The Zyxel Device
If an initiation packet originates on the WAN, this means that someone is trying to make a connection from the Internet into the LAN. Except in a few special cases (see "Upper Layer Protocols" shown next), these packets are dropped and logged. P-660HW-D User’s Guide...
Page 145: Udp/Icmp Security
Any protocol that operates in this way must be supported on a case-by-case basis. You can use the web configurator’s Custom Ports feature to do this. P-660HW-D User’s Guide...
Page 146: Guidelines For Enhancing Security With Your Firewall
• If you use “chat rooms” or IRC sessions, be careful with any information you reveal to strangers. • If your system starts exhibiting odd behavior, contact your ISP. Some hackers will set off hacks that cause your system to slowly become unstable or unusable. P-660HW-D User’s Guide...
Page 147: Packet Filtering Vs Firewall
• To prevent DoS attacks and prevent hackers cracking your network. • A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required. P-660HW-D User’s Guide...
Page 148 • Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. • The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. P-660HW-D User’s Guide...
Page 149: Firewall Configuration
This prevents computers on the WAN from using the ZyXEL Device as a gateway to communicate with other computers on the WAN and/or managing the ZyXEL Device. You may define additional rules and sets or modify existing ones but please exercise extreme caution in doing so. P-660HW-D User’s Guide...
Page 150: Rule Logic Overview
1 Once the logic of the rule has been defined, it is critical to consider the security ramifications created by the rule: 2 Does this rule stop LAN users from accessing critical resources on the Internet? For example, if IRC is blocked, are there users that require this service? P-660HW-D User’s Guide...
Page 151: Key Fields For Configuring Rules
LAN-to-ZyXEL Device (the policies for managing the ZyXEL Device through the LAN interface) and policies for LAN-to-LAN (the policies that control routing between two subnets on the LAN). Similarly, WAN to WAN/ Router polices apply in the same way to the WAN port. P-660HW-D User’s Guide...
Page 152: Lan To Wan Rules
Click Security > Firewall to display the following screen. Activate the firewall by selecting the Active Firewall check box as seen in the following screen. Refer to Section 9.1 on page 137 for more information. Figure 85 Firewall: General P-660HW-D User’s Guide...
Page 153: Firewall Rules Summary
Section 9.1 on page 137 for more information. Click Security > Firewall > Rules to bring up the following screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. P-660HW-D User’s Guide...
Page 154: Figure 86 Firewall Rules
TCP reset packet or an ICMP destination-unreachable message to the sender (Reject) or allows the passage of packets (Permit) Schedule This field tells you whether a schedule is specified (Yes) or not (No). P-660HW-D User’s Guide...
Page 155: Configuring Firewall Rules
Section 9.1 on page 137 for more information. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. P-660HW-D User’s Guide...
Page 156: Figure 87 Firewall: Edit Rule
Chapter 10 Firewall Configuration Figure 87 Firewall: Edit Rule P-660HW-D User’s Guide...
Page 157: Table 58 Firewall: Edit Rule
Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert Send Alert Select the check box to have the ZyXEL Device generate an alert when the rule Message to is matched. Administrator When Matched P-660HW-D User’s Guide...
Page 158: Customized Services
Click Back to return the Firewall Edit Rule screen. 10.6.3 Configuring a Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This action displays the following screen. P-660HW-D User’s Guide...
Page 159: Example Firewall Rule
Click Delete to delete the current rule and return to the previous screen. 10.7 Example Firewall Rule The following Internet firewall rule example allows a hypothetical “MyService” connection from the Internet. 1 Click Security > Firewall > Rules. 2 Select WAN to LAN in the Packet Direction field. P-660HW-D User’s Guide...
Page 160: Figure 90 Firewall Example: Rules
6 Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply. Figure 91 Edit Custom Port Example 7 Select Any in the Destination Address box and then click Delete. 8 Configure the destination address screen as follows and click Add. P-660HW-D User’s Guide...
Page 161: Figure 92 Firewall Example: Edit Rule: Destination Address
9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box. P-660HW-D User’s Guide...
Page 162: Figure 93 Firewall Example: Edit Rule: Select Customized Services
Figure 93 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. P-660HW-D User’s Guide...
Page 163: Predefined Services
Finger is a UNIX or Internet related command that can be used to find out if a user is logged on. FTP(TCP:20.21) File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323(TCP:1720) Net Meeting uses this protocol. P-660HW-D User’s Guide...
Page 164 UNIX systems and network servers. SSDP(UDP:1900) Simole Service Discovery Protocol (SSDP) is a discovery service searching for Universal Plug and Play devices on your home network or upstream Internet gateways using DUDP port 1900. P-660HW-D User’s Guide...
Page 165: Anti-Probing
TCP/IP software and directly apparent to the application user. Refer to Section 9.1 on page 137 for more information. Click Security > Firewall > Anti Probing to display the screen as shown. Figure 95 Firewall: Anti Probing P-660HW-D User’s Guide...
Page 166: Dos Thresholds
If your network is slower than average for any of these factors (especially if you have servers that are slow or handle many tasks and are often busy), then the default values should be reduced. You should make any changes to the threshold values before you continue configuring firewall rules. P-660HW-D User’s Guide...
Page 167: Half-Open Sessions
10.10.3 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen. P-660HW-D User’s Guide...
Page 168: Figure 96 Firewall: Threshold
80 existing half-open sessions. Incomplete Low sessions that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number. P-660HW-D User’s Guide...
Page 169 TCP Maximum Incomplete is reached. Enter the length of blocking time in minutes (between 1 and 256). Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-D User’s Guide...
Page 170 Chapter 10 Firewall Configuration P-660HW-D User’s Guide...
Page 171: Content Filtering
URL http://www.website.com/bad.html, even if it is not included in the Filter List. To have your ZyXEL Device block Web sites containing keywords in their URLs, click Security > Content Filter. The screen appears as shown. P-660HW-D User’s Guide...
Page 172: Configuring The Schedule
Click Cancel to return to the previously saved settings. 11.3 Configuring the Schedule To set the days and times for the ZyXEL Device to perform content filtering, click Security > Content Filter > Schedule. The screen appears as shown. P-660HW-D User’s Guide...
Page 173: Configuring Trusted Computers
Click Cancel to return to the previously saved settings. 11.4 Configuring Trusted Computers To exclude a range of users on the LAN from content filtering on your ZyXEL Device, click Security > Content Filter > Trusted. The screen appears as shown. P-660HW-D User’s Guide...
Page 174: Figure 99 Content Filter: Trusted
Leave this field blank if you want to exclude an individual computer. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. P-660HW-D User’s Guide...
Page 175: Static Route
ZyXEL Device about the networks beyond the remote nodes. Figure 100 Example of Static Routing Topology 12.2 Configuring Static Route Click Advanced > Static Route to open the Static Route screen. P-660HW-D User’s Guide...
Page 176: Static Route Edit
12.2.1 Static Route Edit Select a static route index number and click Edit ( ). The screen shown next appears. Use this screen to configure the required information for a static route. P-660HW-D User’s Guide...
Page 177: Figure 102 Static Route Edit
LAN or WAN port. The gateway helps forward packets to their destinations. Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-D User’s Guide...
Page 178 Chapter 12 Static Route P-660HW-D User’s Guide...
Page 179: Bandwidth Management
Video for example). 13.3 Subnet-based Bandwidth Management You can create bandwidth classes based on subnets. The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. P-660HW-D User’s Guide...
Page 180: Application And Subnet-Based Bandwidth Management
The larger a bandwidth class’s priority number is, the higher the priority. Assign real-time applications (like those using audio or video) a higher priority number to provide smoother operation. P-660HW-D User’s Guide...
Page 181: Fairness-Based Scheduler
Table 70 Maximize Bandwidth Usage Example BANDWIDTH CLASSES AND ALLOTMENTS Root Class: 10240 kbps Administration: 2048 kbps Sales: 2048 kbps Marketing: 2048 kbps Research: 2048 kbps P-660HW-D User’s Guide...
Page 182: Table 71 Priority-Based Allotment Of Unused And Unbudgeted Bandwidth Example
• The ZyXEL Device divides the total 3072 kbps total of unbudgeted and unused bandwidth equally among the other classes. 1024 kbps extra goes to each so the other classes each get a total of 3072 kbps. P-660HW-D User’s Guide...
Page 183: Bandwidth Management Priorities
VoIP, NetMeeting, and FTP do not use all 1000 Kbps of available bandwidth. 13.8 Configuring Summary Click Advanced > Bandwidth MGMT to open the screen as shown next. Enable bandwidth management on an interface and set the maximum allowed bandwidth for that interface. P-660HW-D User’s Guide...
Page 184: Bandwidth Management Rule Setup
Cancel Click Cancel to begin configuring this screen afresh. 13.9 Bandwidth Management Rule Setup You must use the Bandwidth Management Summary screen to enable bandwidth management on an interface before you can configure rules for that interface. P-660HW-D User’s Guide...
Page 185: Figure 105 Bandwidth Management: Rule Setup
Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing rule. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-D User’s Guide...
Page 186: Diffserv
Click the Edit icon or select User Defined from the Service drop-down list in the Rule Setup screen to configure a bandwidth management rule. Use bandwidth rules to allocate specific amounts of bandwidth capacity (bandwidth budgets) to specific applications and/or subnets. P-660HW-D User’s Guide...
Page 187: Figure 107 Bandwidth Management Rule Configuration
Enable DiffServ Select this option to enable DiffServ marking on the ZyXEL Device. Marking P-660HW-D User’s Guide...
Page 188 The TOS mask is used to compare the specified (or entire) bits in the TOS IP header with the value specified in this rule. Enter the TOS Mask value between 0 (lowest priority) and 255. Back Click Back to go to the previous screen. P-660HW-D User’s Guide...
Page 189: Bandwidth Monitor
The gray section of the bar represents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use. The screen refreshes every few seconds. P-660HW-D User’s Guide...
Page 190: Figure 108 Bandwidth Management: Monitor
Chapter 13 Bandwidth Management Figure 108 Bandwidth Management: Monitor P-660HW-D User’s Guide...
Page 191: Dynamic Dns Setup
If you have a private WAN IP address, then you cannot use Dynamic DNS. Section 14.2 on page 191 for configuration instruction. 14.2 Configuring Dynamic DNS To change your ZyXEL Device’s DDNS, click Advanced > Dynamic DNS. The screen appears as shown. Section 14.1 on page 191 for more information. P-660HW-D User’s Guide...
Page 192: Figure 109 Dynamic Dns
Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line. IP Address Update Policy Use WAN IP Select this option to update the IP address of the host name(s) to the WAN IP Address address. P-660HW-D User’s Guide...
Page 193 Type the IP address of the host name(s). Use this if you have a static IP address. Address Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-D User’s Guide...
Page 194 Chapter 14 Dynamic DNS Setup P-660HW-D User’s Guide...
Page 195: Remote Management Configuration
You may only have one remote management session running at a time. The ZyXEL Device automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows. 1 Telnet 2 HTTP P-660HW-D User’s Guide...
Page 196: Remote Management Limitations
The management session does not time out when a statistics screen is polling. 15.2 WWW To change your ZyXEL Device’s World Wide Web settings, click Advanced > Remote MGMT to display the WWW screen. Figure 110 Remote Management: WWW P-660HW-D User’s Guide...
Page 197: Telnet
Telnet from a computer on a remote network to access the ZyXEL Device. Figure 111 Telnet Configuration on a TCP/IP Network 15.4 Configuring Telnet Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. P-660HW-D User’s Guide...
Page 198: Configuring Ftp
FTP, please see the chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client. To change your ZyXEL Device’s FTP settings, click Advanced > Remote MGMT > FTP tab. The screen appears as shown. P-660HW-D User’s Guide...
Page 199: Snmp
ZyXEL Device through the network. The ZyXEL Device supports SNMP version one (SNMPv1) and version two (SNMPv2). The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. P-660HW-D User’s Guide...
Page 200: Supported Mibs
• Trap - Used by the agent to inform the manager of some events. 15.6.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. P-660HW-D User’s Guide...
Page 201: Snmp Traps
A trap is sent with the message of the fatal code if the system reboots because of fatal errors. 15.6.3 Configuring SNMP To change your ZyXEL Device’s SNMP settings, click Advanced > Remote MGMT > SNMP. The screen appears as shown. Figure 115 Remote Management: SNMP P-660HW-D User’s Guide...
Page 202: Configuring Dns
To change your ZyXEL Device’s DNS settings, click Advanced > Remote MGMT > DNS. The screen appears as shown. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS settings. P-660HW-D User’s Guide...
Page 203: Configuring Icmp
This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. P-660HW-D User’s Guide...
Page 204: Figure 117 Remote Management: Icmp
ICMP port-unreachable packet for a blocked UDP packets or just drop the packets without sending a response packet. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-D User’s Guide...
Page 205: Universal Plug-And-Play (Upnp)
The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. P-660HW-D User’s Guide...
Page 206: Upnp And Zyxel
ZyXEL Device, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. P-660HW-D User’s Guide...
Page 207: Installing Upnp In Windows Example
2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Figure 119 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. P-660HW-D User’s Guide...
Page 208: Installing Upnp In Windows Xp
3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 121 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. P-660HW-D User’s Guide...
Page 209: Using Upnp In Windows Xp Example
Next. 16.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. P-660HW-D User’s Guide...
Page 210: Auto-Discover Your Upnp-Enabled Network Device
1 Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. Figure 124 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. P-660HW-D User’s Guide...
Page 211: Figure 125 Internet Connection Properties
Chapter 16 Universal Plug-and-Play (UPnP) Figure 125 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 126 Internet Connection Properties: Advanced Settings P-660HW-D User’s Guide...
Page 212: Figure 127 Internet Connection Properties: Advanced Settings: Add
5 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. Figure 128 System Tray Icon 6 Double-click on the icon to display your current Internet connection status. P-660HW-D User’s Guide...
Page 213: Web Configurator Easy Access
IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. P-660HW-D User’s Guide...
Page 214: Figure 130 Network Connections
Chapter 16 Universal Plug-and-Play (UPnP) Figure 130 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-660HW-D User’s Guide...
Page 215: Figure 131 Network Connections: My Network Places
Figure 131 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 132 Network Connections: My Network Places: Properties: Example P-660HW-D User’s Guide...
Page 216 Chapter 16 Universal Plug-and-Play (UPnP) P-660HW-D User’s Guide...
Page 217: Maintenance And Troubleshooting
Maintenance and Troubleshooting System (219) Tools (225) Diagnostic (231) Logs (233) Troubleshooting (251)
Page 219: System
DHCP from the ISP is used. While you must enter the host name (System Name), the domain name can be assigned from the ZyXEL Device via DHCP. Click Maintenance > System to open the General screen. P-660HW-D User’s Guide...
Page 220: Figure 133 System General Setup
ZyXEL Device. Retype to Type the new password again for confirmation. Confirm Admin If you log in with the admin password, you can configure the advanced features as Password well as the wizard setup on the ZyXEL Device. P-660HW-D User’s Guide...
Page 221: Time Setting
To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 134 System Time Setting P-660HW-D User’s Guide...
Page 222: Table 90 System Time Setting
Daylight saving is a period from late spring to early fall when many countries set Savings their clocks ahead of normal local time by one hour to give more daytime light in the evening. Select this option if you use Daylight Saving Time. P-660HW-D User’s Guide...
Page 223 In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-D User’s Guide...
Page 224 Chapter 17 System P-660HW-D User’s Guide...
Page 225: Tools
DESCRIPTION Current This is the present Firmware version and the date created. Firmware Version File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. P-660HW-D User’s Guide...
Page 226: Figure 136 Firmware Upload In Progress
Figure 137 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen. P-660HW-D User’s Guide...
Page 227: Configuration Screen
The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the ZyXEL Device’s current configuration to your computer P-660HW-D User’s Guide...
Page 228: Restore Configuration
ZyXEL Device IP address (192.168.1.1). See the appendix for details on how to set up your computer’s IP address. If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. P-660HW-D User’s Guide...
Page 229: Back To Factory Defaults
System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 143 Restart Screen P-660HW-D User’s Guide...
Page 230 Chapter 18 Tools P-660HW-D User’s Guide...
Page 231: Diagnostic
Table 93 Diagnostic: General LABEL DESCRIPTION TCP/IP Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this button to ping the IP address that you entered. P-660HW-D User’s Guide...
Page 232: Dsl Line Diagnostic
Line the progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W... Reset ADSL Line Successfully!" Capture All Logs Click this button to display all logs generated with the DSL line. P-660HW-D User’s Guide...
Page 233: Logs
Section 20.3 on page 234). Log entries in red indicate alerts. The log wraps around and deletes the old entries after it fills. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order. P-660HW-D User’s Guide...
Page 234: Configuring Log Settings
Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many e- mails being sent. P-660HW-D User’s Guide...
Page 235: Figure 147 Log Settings
Enter the E-mail address where the alert messages will be sent. Alerts include system errors, attacks and attempted access to blocked web sites. If this field is left blank, alert messages will not be sent via E-mail. P-660HW-D User’s Guide...
Page 236: Example E-Mail Log
• You may edit the subject title. • The date format here is Day-Month-Year. • The date format here is Month-Day-Year. The time format is Hour-Minute-Second. • " " message shows that a complete log has been sent. End of Log P-660HW-D User’s Guide...
Page 237: Log Descriptions
Successful FTP login Someone has failed to log on to the router via ftp. FTP login failed The maximum number of NAT session table entries has been NAT Session Table is Full! exceeded and the table is full. P-660HW-D User’s Guide...
Page 238: Table 98 System Error Logs
Firewall rule [NOT] match:[TCP | matched (or did not match) a configured firewall rule UDP | IGMP | ESP | GRE | OSPF] (denoted by its number) and was blocked or forwarded <Packet Direction>, <rule:%d> according to the rule. P-660HW-D User’s Guide...
Page 239: Table 100 Tcp Reset Logs
Attempted access matched a configured filter rule (denoted [TCP | UDP | ICMP | IGMP | by its set and rule number) and was blocked or forwarded Generic] packet filter according to the rule. matched (set:%d, rule:%d) P-660HW-D User’s Guide...
Page 240: Table 102 Icmp Logs
Starting The PPP connection’s Internet Protocol Control Protocol stage is opening. ppp:IPCP Opening The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing. ppp:IPCP Closing P-660HW-D User’s Guide...
Page 241: Table 105 Upnp Logs
Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. The connection to the external content filtering server failed. Connecting to content filter server fail License key is invalid The external content filtering license key is invalid. P-660HW-D User’s Guide...
Page 242: Table 107 Attack Logs
Inbound packet may have altered or tampered with the packet. authentication failed The router dropped an inbound packet for which SPI could not find a Receive IPSec packet, corresponding phase 2 SA. but no corresponding tunnel exists P-660HW-D User’s Guide...
Page 243: Table 109 Ike Logs
My Remote <My remote> - ends of the connection. <My remote> The displayed ID information did not match between the two vs. My Local <My local>-<My ends of the connection. local> A packet was sent. Send <packet> P-660HW-D User’s Guide...
Page 244 Rule [%d] Phase 1 encryption match between the router and the peer. algorithm mismatch The listed rule’s IKE phase 1 authentication algorithm did not Rule [%d] Phase 1 match between the router and the peer. authentication algorithm mismatch P-660HW-D User’s Guide...
Page 245 Rule [%d] phase 2 mismatch router and the peer. The listed rule’s IKE phase 2 key lengths (with the AES Rule [%d] Phase 2 key length encryption algorithm) did not match between the router and mismatch the peer. P-660HW-D User’s Guide...
Page 246: Table 110 Pki Logs
The recorded reason codes are cert not trusted: only approximate reasons for not trusting the certificate. Please see <subject name> Table 111 on page 247 for the corresponding descriptions of the codes. P-660HW-D User’s Guide...
Page 247: Table 111 Certificate Path Verification Failure Reason Codes
ACL set for packets traveling from the LAN to the LAN or ZyXEL Device the ZyXEL Device. (W to W) WAN to WAN/ ACL set for packets traveling from the WAN to the WAN ZyXEL Device or the ZyXEL Device. P-660HW-D User’s Guide...
Page 248: Table 113 Icmp Notes
Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message P-660HW-D User’s Guide...
Page 249: Table 114 Syslog Logs
RFC for detailed information on each type. Table 115 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID P-660HW-D User’s Guide...
Page 250 Chapter 20 Logs P-660HW-D User’s Guide...
Page 251: Troubleshooting
2 Check the hardware connections. See the Quick Start Guide. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Turn the ZyXEL Device off and on. 5 If the problem continues, contact the vendor. P-660HW-D User’s Guide...
Page 252: Zyxel Device Access And Login
91. Your ZyXEL Device is a DHCP server by default. • If there is no DHCP server on your network, make sure your computer’s IP address is in the same subnet as the ZyXEL Device. See Section 6.2.1 on page P-660HW-D User’s Guide...
Page 253: Internet Access
I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload new firmware. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. 21.3 nternet Access I cannot access the Internet. P-660HW-D User’s Guide...
Page 254 Internet, especially peer-to-peer applications. 2 Reboot the ZyXEL Device. 3 Turn the ZyXEL Device off and on. 4 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. P-660HW-D User’s Guide...
Page 255 Chapter 21 Troubleshooting Advanced Suggestions • Check the settings for bandwidth management. If it is disabled, you might consider activating it. If it is enabled, you might consider changing the allocations. P-660HW-D User’s Guide...
Page 256 Chapter 21 Troubleshooting P-660HW-D User’s Guide...
Page 257: Appendices And Index
Appendices and Index Product Specifications (259) About ADSL (263) Internal SPTGEN (265) Wall-mounting Instructions (281) Setting up Your Computer’s IP Address (283) IP Subnetting (299) Command Interpreter (307) Pop-up Windows, JavaScripts and Java Permissions (311) Firewall Commands (317) NetBIOS Filter Commands (323) Splitters and Microfilters (325) Triangle Route (329) Legal Information (331)
Page 259: Appendix A Product Specifications
Note: Only upload firmware for your specific model! Configuration Backup & Make a copy of the ZyXEL Device’s configuration. You can put it back on Restoration the ZyXEL Device later if you decide to revert back to an earlier configuration. P-660HW-D User’s Guide...
Page 260 The Any IP feature allows a computer to access the Internet and the ZyXEL Device without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the ZyXEL Device are not in the same subnet. P-660HW-D User’s Guide...
Page 261: Table 118 Standards Supported
The following list, which is not exhaustive, illustrates the standards supported in the ZyXEL Device. Table 118 Standards Supported STANDARD DESCRIPTION RFC 1483 RFC 1631 RFC 2364 RFC-2408 ISAKMP RFC 2236 IEEE IEEE 802.11b IEEE 802.11g IEEE 802.1x IEEE 802.11e QoS P-660HW-D User’s Guide...
Page 262 Appendix A Product Specifications P-660HW-D User’s Guide...
Page 263: Appendix B About Adsl
2 Because your line is dedicated (not shared), transmission speeds between you and the device to which you connect at your service provider are not affected by other users. P-660HW-D User’s Guide...
Page 264 3 ADSL can be "always on" (connected). This means that there is no time wasted dialing up the service several times a day and waiting to be connected; ADSL is on standby, ready for use whenever you need it. P-660HW-D User’s Guide...
Page 265: Appendix C Internal Sptgen
<0(No)| 1(Yes)> 10000001 = System Name <Str> = Your Device 10000002 = Location <Str> 10000003 = Contact Person’s Name <Str> 10000004 = Route IP <0(No)| 1(Yes)> 10000005 = Route IPX <0(No)| 1(Yes)> 10000006 = Bridge <0(No)| 1(Yes)> P-660HW-D User’s Guide...
Page 266: Figure 150 Invalid Parameter Entered: Command Line Example
The name “ ” is the configuration filename on the ZyXEL Device. rom-t 4 Edit the " " file using a text editor (do not use a word processor). You must leave rom-t this FTP screen to edit. P-660HW-D User’s Guide...
Page 267: Figure 152 Internal Sptgen Ftp Download Example
Figure 153 Internal SPTGEN FTP Upload Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> put rom-t ftp>bye P-660HW-D User’s Guide...
Page 268: Table 119 Abbreviations Used In The Example Internal Sptgen Screens Table
= 256 30100013 = Output device filters Set 1 = 256 30100014 = Output device filters Set 2 = 256 30100015 = Output device filters Set 3 = 256 30100016 = Output device filters Set 4 = 256 P-660HW-D User’s Guide...
Page 269 1(Both) | 2(In Only) | 3(Out Only)> 30201005 = Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> 30201006 = IP Alias #1 Incoming protocol filters = 256 Set 1 30201007 = IP Alias #1 Incoming protocol filters = 256 Set 2 P-660HW-D User’s Guide...
Page 270: Table 122 Menu 4 Internet Access Setup
IP Alias #2 Outgoing protocol filters = 256 Set 3 30201026 = IP Alias #2 Outgoing protocol filters = 256 Set 4 Table 122 Menu 4 Internet Access Setup / Menu 4 Internet Access Setup INPUT 40000000 = Configured <0(No) | 1(Yes)> P-660HW-D User’s Guide...
Page 271 Route IP <0(No) | 1(Yes)> 40000026 = Bridge <0(No) | 1(Yes)> 40000027 = ATM QoS Type <0(CBR) | (1 (UBR)> 40000028 = Peak Cell Rate (PCR) 40000029 = Sustain Cell Rate (SCR) 40000030 = Maximum Burst Size(MBS) P-660HW-D User’s Guide...
Page 272: Table 123 Menu 12
Table 124 Menu 15 SUA Server Setup / Menu 15 SUA Server Setup INPUT 150000001 = SUA Server IP address for default = 0.0.0.0 port 150000002 = SUA Server #2 Active <0(No) | 1(Yes)> 150000003 = SUA Server #2 Protocol <0(All)|6(TCP)|17(U DP)> P-660HW-D User’s Guide...
Page 273 SUA Server #8 Protocol <0(All)|6(TCP)|17(U DP)> 150000034 = SUA Server #8 Port Start 150000035 = SUA Server #8 Port End 150000036 = SUA Server #8 Local IP address = 0.0.0.0 150000037 = SUA Server #9 Active <0(No) | 1(Yes)> P-660HW-D User’s Guide...
Page 274: Table 125 Menu 21.1 Filter Set #1
210101006 = IP Filter Set 1,Rule 1 Dest Port = 137 210101007 = IP Filter Set 1,Rule 1 Dest Port Comp <0(none)|1(equal) |2(not equal)| 3(less)| 4(greater)> 210101008 = IP Filter Set 1,Rule 1 Src IP address = 0.0.0.0 P-660HW-D User’s Guide...
Page 275: Table 126 Menu 21.1 Filer Set #2
IP Filter Set 1,Rule 2 Act Not Match <1(check next)|2(forward)| 3(drop)> Table 126 Menu 21.1 Filer Set #2, / Menu 21.1 filter set #2, INPUT 210200001 = Filter Set 2, Nam <Str> NetBIOS_WAN / Menu 21.1.2.1 Filter set #2, rule #1 P-660HW-D User’s Guide...
Page 276 IP Filter Set 2, Rule 2 Dest Port = 138 210202007 = IP Filter Set 2, Rule 2 Dest Port <0(none)|1(equal)| Comp 2(not equal)|3(less)|4(g reater)> 210202008 = IP Filter Set 2, Rule 2 Src IP = 0.0.0.0 address P-660HW-D User’s Guide...
Page 277: Table 127 Menu 23 System Menus
Accounting Server IP Address 192.168.1.44 230200009 = Accounting Server Port = 1823 230200010 = Accounting Server Shared Secret = 1234 */ Menu 23.4 System security: IEEE802.1x INPUT 230400001 = Wireless Port Control <0(Authentication Required) |1(No Access Allowed) |2(No Authentication Required)> P-660HW-D User’s Guide...
Page 278: Table 128 Menu 24.11 Remote Management Control
FTP Server Access <0(all)|1(none)|2( Lan)|3(Wan)> 241100006 = FTP Server Secured IP address = 0.0.0.0 241100007 = WEB Server Port = 80 241100008 = WEB Server Access <0(all)|1(none)|2( Lan) |3(Wan)> 241100009 = WEB Server Secured IP address = 0.0.0.0 P-660HW-D User’s Guide...
Page 279: Table 129 Command Examples
Table 129 Command Examples INPUT /ci command (for annex a): wan adsl opencmd INPUT 990000001 = ADSL OPMD <0(glite)|1(t1.413 )|2(gdmt)|3(multim ode)> /ci command (for annex B): wan adsl opencmd INPUT 990000001 = ADSL OPMD <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> P-660HW-D User’s Guide...
Page 280 Appendix C Internal SPTGEN P-660HW-D User’s Guide...
Page 281: Appendix D Wall-Mounting Instructions
4 Make sure the screws are snugly fastened to the wall. They need to hold the weight of the ZyXEL Device with the connection cables. 5 Align the holes on the back of the ZyXEL Device with the screws on the wall. Hang the ZyXEL Device on the screws. Figure 154 Wall-mounting Example P-660HW-D User’s Guide...
Page 282 Appendix D Wall-mounting Instructions P-660HW-D User’s Guide...
Page 283: Appendix E Setting Up Your Computer's Ip Address
If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. P-660HW-D User’s Guide...
Page 284: Figure 155 Windows 95/98/Me: Network: Configuration
2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. P-660HW-D User’s Guide...
Page 285: Figure 156 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
• If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). P-660HW-D User’s Guide...
Page 286: Figure 157 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings, Control Panel. P-660HW-D User’s Guide...
Page 287: Figure 158 Windows Xp: Start Menu
Appendix E Setting up Your Computer’s IP Address Figure 158 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 159 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-660HW-D User’s Guide...
Page 288: Figure 160 Windows Xp: Control Panel: Network Connections: Properties
• If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. P-660HW-D User’s Guide...
Page 289: Figure 162 Windows Xp: Internet Protocol (Tcp/Ip) Properties
To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. P-660HW-D User’s Guide...
Page 290: Figure 163 Windows Xp: Advanced Tcp/Ip Properties
• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. P-660HW-D User’s Guide...
Page 291: Figure 164 Windows Xp: Internet Protocol (Tcp/Ip) Properties
2 In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. P-660HW-D User’s Guide...
Page 292: Figure 165 Macintosh Os 8/9: Apple Menu
2 Select Ethernet built-in from the Connect via list. Figure 166 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. P-660HW-D User’s Guide...
Page 293: Figure 167 Macintosh Os X: Apple Menu
2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. P-660HW-D User’s Guide...
Page 294: Figure 168 Macintosh Os X: Network
Check your TCP/IP properties in the Network window. Linux This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version. P-660HW-D User’s Guide...
Page 295: Figure 169 Red Hat 9.0: Kde: Network Configuration: Devices
Figure 169 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 170 Red Hat 9.0: KDE: Ethernet Device: General P-660HW-D User’s Guide...
Page 296: Figure 171 Red Hat 9.0: Kde: Network Configuration: Dns
Ethernet card). Open the eth0 eth0 configuration file with any plain text editor. • If you have a dynamic IP address, enter in the field. The following dhcp BOOTPROTO= figure shows an example. P-660HW-D User’s Guide...
Page 297: Figure 173 Red Hat 9.0: Dynamic Ip Address Setting In Ifconfig-Eth0
Figure 176 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] P-660HW-D User’s Guide...
Page 298: Figure 177 Red Hat 9.0: Checking Tcp/Ip Properties
HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# P-660HW-D User’s Guide...
Page 299: Appendix F Ip Subnetting
• A class B address (2 host octets: 16 host bits) can have 2 – 2, or 65534 hosts. A class A address (3 host octets: 24 host bits) can have 2 – 2 hosts, or approximately 16 million hosts. P-660HW-D User’s Guide...
Page 300: Table 131 Allowed Ip Address Range By Class
With subnetting, the class arrangement of an IP address is ignored. For example, a class C address no longer has to have 24 bits of network number and 8 bits of host ID. With subnetting, some of the host ID bits are converted into network number bits. P-660HW-D User’s Guide...
Page 301: Table 133 Alternative Subnet Mask Notation
ID bits of the IP address to a network number bit. The “borrowed” host ID bit can be either “0” or “1” thus giving two subnets; 192.168.1.0 with mask 255.255.255.128 and 192.168.1.128 with mask 255.255.255.128. P-660HW-D User’s Guide...
Page 302: Table 135 Subnet 1
255.255.255.128 is the directed broadcast address for the first subnet. Therefore, the lowest IP address that can be assigned to an actual host for the first subnet is 192.168.1.1 and the highest is 192.168.1.126. Similarly the host ID range for the second subnet is 192.168.1.129 to 192.168.1.254. P-660HW-D User’s Guide...
Page 303: Table 137 Subnet 1
Table 140 Subnet 4 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255 P-660HW-D User’s Guide...
Page 304: Table 141 Eight Subnets
The following table is a summary for class “B” subnet planning. Table 143 Class B Subnet Planning NO. “BORROWED” HOST NO. HOSTS PER SUBNET MASK NO. SUBNETS BITS SUBNET 255.255.128.0 (/17) 32766 255.255.192.0 (/18) 16382 255.255.224.0 (/19) 8190 P-660HW-D User’s Guide...
Page 305 NO. SUBNETS BITS SUBNET 255.255.240.0 (/20) 4094 255.255.248.0 (/21) 2046 255.255.252.0 (/22) 1022 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25) 255.255.255.192 (/26) 1024 255.255.255.224 (/27) 2048 255.255.255.240 (/28) 4096 255.255.255.248 (/29) 8192 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 P-660HW-D User’s Guide...
Page 306 Appendix F IP Subnetting P-660HW-D User’s Guide...
Page 307: Appendix G Command Interpreter
Command Usage A list of valid commands can be found by typing help or? at the command prompt. Always type the full command. Type exit to log out of the CLI when finished. P-660HW-D User’s Guide...
Page 308: Figure 178 Displaying Log Categories Example
ZyXEL Device is to record. 2 Use sys logs category to view a list of the log categories. Figure 178 Displaying Log Categories Example Copyright (c) 1994 - 2006 ZyXEL Communications Corp. ras>? Valid commands are: exit...
Page 309: Log Command Example
3|06/08/2004 05:58:20 |172.21.3.191 |224.0.1.22 |ACCESS BLOCK Firewall default policy: IGMP (W to W) 4|06/08/2004 05:58:20 |172.21.0.254 |224.0.0.1 |ACCESS BLOCK Firewall default policy: IGMP (W to W) 5|06/08/2004 05:58:20 |172.21.4.187:137 |172.21.255.255:137 |ACCESS BLOCK Firewall default policy: UDP (W to W) P-660HW-D User’s Guide...
Page 310 Appendix G Command Interpreter P-660HW-D User’s Guide...
Page 311: Appendix H Pop-Up Windows, Javascripts And Java Permissions
1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 180 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. P-660HW-D User’s Guide...
Page 312: Figure 181 Internet Options: Privacy
Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. P-660HW-D User’s Guide...
Page 313: Figure 182 Internet Options: Privacy
3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 183 Pop-up Blocker Settings P-660HW-D User’s Guide...
Page 314: Figure 184 Internet Options: Security
3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. P-660HW-D User’s Guide...
Page 315: Figure 185 Security Settings - Java Scripting
2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 186 Security Settings - Java P-660HW-D User’s Guide...
Page 316: Figure 187 Java (Sun)
1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 187 Java (Sun) P-660HW-D User’s Guide...
Page 317: Appendix I Firewall Commands
This command shows all of the attack response settings. config display firewall e-mail This command shows all of the e-mail settings. This command shows all of the available config display firewall? firewall sub commands. P-660HW-D User’s Guide...
Page 318 This command sets the number of minutes for config edit firewall attack new sessions to be blocked when the tcp- block-minute <0-255> max-incomplete threshold is reached. This command is only valid when block is set to yes. P-660HW-D User’s Guide...
Page 319 <seconds> This command sets how long the ZyXEL Config edit firewall set <set Device leaves a TCP session open after the #> fin-wait-timeout <seconds> firewall detects a FIN-exchange (indicating the end of the TCP session). P-660HW-D User’s Guide...
Page 320 <ip address> <subnet mask). mask> This command sets a rule to have the ZyXEL config edit firewall set <set Device check for traffic from this range of #> rule <rule #> srcaddr-range addresses. <start ip address> <end ip address> P-660HW-D User’s Guide...
Page 321 This command resets all of the attack config delete firewall attack response settings to their defaults. This command removes the specified set config delete firewall set from the firewall configuration. <set #> P-660HW-D User’s Guide...
Page 322 Appendix I Firewall Commands Table 144 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command removes the specified rule in a config delete firewall set firewall configuration set. <set #> rule<rule #> P-660HW-D User’s Guide...
Page 323: Appendix J Netbios Filter Commands
This command gives a read-only list of the current NetBIOS filter modes for The ZyXEL Device. NetBIOS Display Filter Settings Command Example =========== NetBIOS Filter Status =========== Between LAN and WAN: Block IPSec Packets: Forward Trigger Dial: Disabled P-660HW-D User’s Guide...
Page 324: Table 145 Netbios Filter Default Settings
This command blocks LAN to WAN and WAN to LAN NetBIOS sys filter netbios config 0 on packets. This command blocks IPSec NetBIOS packets. sys filter netbios config 3 on This command stops NetBIOS commands from initiating calls. sys filter netbios config 4 off P-660HW-D User’s Guide...
Page 325: Appendix K Splitters And Microfilters
ADSL transmissions take place in the higher bandwidth range, above 4KHz. A microfilter acts as a low-pass filter, for your telephone, to ensure that ADSL transmissions do not interfere with your telephone voice transmissions. The use of a telephone microfilter is optional. 1 Locate and disconnect each telephone. P-660HW-D User’s Guide...
Page 326: Figure 189 Connecting A Microfilter
3 Connect another cable from the double jack end of the Y-Connector to the ZyXEL Device. 4 Connect the “phone side” of the microfilter to your telephone as shown in the following figure. Figure 190 Connecting a Microfilter and Y-Connector P-660HW-D User’s Guide...
Page 327: Figure 191 Zyxel Device With Isdn
ZyXEL Device With ISDN This section relates to people who use their ZyXEL Device with ADSL over ISDN (digital telephone service) only. The following is an example installation for the ZyXEL Device with ISDN. Figure 191 ZyXEL Device with ISDN P-660HW-D User’s Guide...
Page 328 Appendix K Splitters and Microfilters P-660HW-D User’s Guide...
Page 329: Appendix L Triangle Route
WAN. 3 The reply from the WAN goes directly to the computer on the LAN without going through the ZyXEL Device. As a result, the ZyXEL Device resets the connection, as the connection has not been acknowledged. P-660HW-D User’s Guide...
Page 330: Figure 193 "Triangle Route" Problem
2 The ZyXEL Device reroutes the packet to Gateway A, which is in Subnet 2. 3 The reply from WAN goes through the ZyXEL Device to the computer on the LAN in Subnet 1. Figure 194 IP Alias P-660HW-D User’s Guide...
Page 332: Zyxel Limited Warranty
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of P-660HW-D User’s Guide...
Page 333 Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-660HW-D User’s Guide...
Page 334 Appendix M Legal Information P-660HW-D User’s Guide...
Page 335: Appendix N Customer Support
• Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa Rica Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 • Fax: +420-241-091-359 • Web Site: www.zyxel.cz • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika P-660HW-D User’s Guide...
Page 336 • Support E-mail: support@zyxel.fi • Sales E-mail: sales@zyxel.fi • Telephone: +358-9-4780-8411 • Fax: +358-9-4780 8448 • Web Site: www.zyxel.fi • Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 •...
Page 337 • Sales E-mail: sales@zyxel.com • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web Site: www.us.zyxel.com • FTP Site: ftp.us.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
Page 338 Appendix N Customer Support • Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 • Fax: +46-31-744-7701 • Web Site: www.zyxel.se • Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Ukraine •...
Page 339: Index
URL keyword blocking Continuous Bit Rate see CBR copyright custom ports backup creating / editing backup gateway customer support backup settings customized services backup type bandwidth budget bandwidth management 63, 179 bandwidth manager P-660HW-D User’s Guide...
Page 340 DNS rule configuration key fields DYNDNS wildcard rule logic rule security ramifications services types when to use firmware 31, 225 upgrade ECHO upload E-Mail upload error e-mail 63, 130, 196, 198 log example restrictions P-660HW-D User’s Guide...
Page 341 IP address assignment see MAC ENET ENCAP PPPoA or PPPoE metric RFC 1483 IP policy routing (IPPR) microfilter IP pool multicast setup multiplexing IP protocol type LLC-based IP spoofing 140, 142 VC-based ISDN multiprotocol encapsulation P-660HW-D User’s Guide...
Page 342 Point to Point Protocol over ATM Adaptation Layer 5 LAN to WAN (AAL5) logic point-to-point predefined services point-to-point protocol over ATM Point-to-Point Tunneling Protocol see PPTP POP3 130, 139 power specifications P-660HW-D User’s Guide...
Page 343 ZyXEL device process 79, 84 static route UDP/ICMP security Unspecified Bit Rate SUA vs NAT see UBR subnet 260, 299 UPnP subnet mask 91, 157, 300 application subnetting Forum security issues Sustain Cell Rate see SCR UPnP installation P-660HW-D User’s Guide...
Page 344 VoIP wall-mounting 259, 281 backup WAN setup WAN to LAN rules warranty note web configurator 35, 38, 145, 146, 151 screen summary encryption Wide Area Network see WAN Wi-Fi Multimedia QoS wireless client wireless LAN wireless network P-660HW-D User’s Guide...

ZyXEL Communications P-660HW-D User Manual

Chapter 1 Introducing the Zyxel Device

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup for Internet Access

Chapter 4 Bandwidth Management Wizard

Chapter 5 WAN Setup

Chapter 6 LAN Setup

Chapter 7 Wireless LAN

Chapter 8 Network Address Translation (NAT) Screens

Chapter 9 Firewalls

Chapter 10 Firewall Configuration

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for ZyXEL Communications P-660HW-D

Summary of Contents for ZyXEL Communications P-660HW-D