P-660HN-Fx Series 802.11n Wireless ADSL2+ 4-port Gateway User’s Guide Version 3.70 9/2008 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 Admin Password 1234 User Password user www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. 1 " Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The P-660HN-Fx may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.
Safety Warnings Safety Warnings 1 For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device.
Safety Warnings P-660HN-Fx User’s Guide 7
Safety Warnings 8 P-660HN-Fx User’s Guide
Contents Overview Contents Overview Introduction ............................................................................................................................ 31 Introducing the ZyXEL Device ................................................................................................... 33 Introducing the Web Configurator .............................................................................................. 39 Status Screens ........................................................
Contents Overview Appendices and Index .........................................................................................................
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 4 Safety Warnings........................................................................................................................ 6 Contents Overview .......................................................
Table of Contents Chapter 3 Status Screens ........................................................................................................................ 45 3.1 Overview .............................................................................................................................. 45 3.2 The Status Screen ............................................................................................................... 45 3.3 Client List ................................................
Table of Contents 5.5.5 Nailed-Up Connection (PPP) ..................................................................................... 84 5.5.6 NAT ............................................................................................................................ 84 5.6 Metric ................................................................................................................................... 84 5.7 Traffic Shaping ....................................................................
Table of Contents 7.4 The WPS Screen ................................................................................................................117 7.5 The WPS Station Screen ....................................................................................................118 7.6 The WDS Screen ................................................................................................................119 7.7 The QoS Screen ..........................................................................
Table of Contents 9.1.3 Firewall Rule Setup Example ................................................................................... 152 9.2 The Firewall General Screen ............................................................................................. 156 9.3 The Firewall Rule Screen .................................................................................................. 157 9.3.1 Configuring Firewall Rules .............................................................................
Table of Contents 12.1.1 What You Can Do in the Certificates Screens ........................................................ 185 12.1.2 What You Need to Know About Certificates ........................................................... 186 12.2 The My Certificates Screen ............................................................................................. 186 12.2.1 My Certificate Import ............................................................................................. 188 12.2.
Table of Contents 15.1.1 What You Can Do in the QoS Screens .................................................................. 225 15.1.2 What You Need to Know About QoS ..................................................................... 225 15.1.3 QoS Class Setup Example ..................................................................................... 226 15.2 The QoS General Screen ............................................................................................... 229 15.
Table of Contents 18.3 Installing UPnP in Windows Example .............................................................................. 257 18.4 Using UPnP in Windows XP Example ............................................................................. 260 Part VI: Maintenance............................................................................ 267 Chapter 19 System Settings ....................................................................................................................
Table of Contents Part VII: Troubleshooting and Specifications ................................... 303 Chapter 23 Product Specifications ......................................................................................................... 305 23.1 Hardware Specifications .................................................................................................. 305 23.2 Firmware Specifications ...................................................................................................
Table of Contents 20 P-660HN-Fx User’s Guide
List of Figures List of Figures Figure 1 ZyXEL Device’s Router Features ............................................................................................. 35 Figure 2 LEDs on the Top of the Device ................................................................................................. 35 Figure 3 Password Screen ..................................................................................................................... 40 Figure 4 Change Password Screen ........................
List of Figures Figure 39 Traffic Redirect LAN Setup ..................................................................................................... 87 Figure 40 Network > LAN > IP ................................................................................................................ 91 Figure 41 Network > LAN > IP: Advanced Setup ................................................................................... 92 Figure 42 Network > LAN > DHCP Setup ........................................
List of Figures Figure 82 Firewall Example: Edit Rule: Destination Address .............................................................. 154 Figure 83 Firewall Example: Edit Rule: Select Customized Services ................................................... 155 Figure 84 Firewall Example: Rules: MyService ................................................................................... 156 Figure 85 Security > Firewall > General ...........................................................................
List of Figures Figure 125 802.1Q/1P .......................................................................................................................... 215 Figure 126 802.1Q/1P Example ........................................................................................................... 216 Figure 127 Advanced > 802.1Q/1P > Group Setting > Edit: Example .................................................. 217 Figure 128 Advanced > 802.1Q/1P > Port Setting: Example ................................
List of Figures Figure 168 Maintenance > System > Time Setting ............................................................................... 271 Figure 169 Maintenance > Logs > View Log ........................................................................................ 276 Figure 170 Maintenance > Logs > Log Settings ................................................................................... 277 Figure 171 E-mail Log Example ....................................................................
List of Figures Figure 211 Red Hat 9.0: KDE: Network Configuration: Devices .......................................................... 336 Figure 212 Red Hat 9.0: KDE: Ethernet Device: General .................................................................. 336 Figure 213 Red Hat 9.0: KDE: Network Configuration: DNS ............................................................... 337 Figure 214 Red Hat 9.0: KDE: Network Configuration: Activate ........................................................
List of Tables List of Tables Table 1 LED Descriptions ...................................................................................................................... 35 Table 2 Web Configurator Icons in the Title Bar .................................................................................... 42 Table 3 Navigation Panel Summary ...................................................................................................... 42 Table 4 Status Screen .....................................
List of Tables Table 39 Network > Wireless LAN > WDS .......................................................................................... 120 Table 40 Network > Wireless LAN > QoS ............................................................................................ 120 Table 41 Network > Wireless LAN > QoS ............................................................................................ 121 Table 42 Additional Wireless Terms ...........................................................
List of Tables Table 82 Advanced > 802.1Q/1P > Port Setting .................................................................................. 222 Table 83 Advanced > QoS > General .................................................................................................. 229 Table 84 Advanced > QoS > Class Setup ........................................................................................... 230 Table 85 Advanced > QoS > Class Setup: Edit ..................................................
List of Tables Table 125 Maintenance > Diagnostic > DSL Line ................................................................................ 301 Table 126 Hardware Specifications ..................................................................................................... 305 Table 127 Firmware Specifications ...................................................................................................... 305 Table 128 Wireless Features .........................................................
P ART I Introduction Introducing the ZyXEL Device (33) Introducing the Web Configurator (39) Status Screens (45) 31
CHAPTER 1 Introducing the ZyXEL Device This chapter introduces the main applications and features of the ZyXEL Device. It also introduces the ways you can manage the ZyXEL Device. 1.1 Overview The P-660HN-Fx series are ADSL2+ routers. By integrating DSL and NAT, you are provided with ease of installation and high-speed, shared Internet access. The P-660HN-Fx is also a complete security solution with a robust firewall and content filtering.
Chapter 1 Introducing the ZyXEL Device • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers. • FTP for firmware upgrades and configuration backup/restore. • SNMP. The device can be monitored by an SNMP manager. See the SNMP chapter in this User’s Guide. • SPTGEN. SPTGEN is a text configuration file that allows you to configure the device by uploading an SPTGEN file. This is especially convenient if you need to configure many devices of the same type. • TR-069.
Chapter 1 Introducing the ZyXEL Device Figure 1 ZyXEL Device’s Router Features LAN DSL You can also configure firewall and content filtering on the ZyXEL Device for secure Internet access. When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files.
Chapter 1 Introducing the ZyXEL Device Table 1 LED Descriptions LED COLOR STATUS DESCRIPTION ETHERNET 1-4 Green On The ZyXEL Device has an Ethernet connection with a device on the Local Area Network (LAN). Blinking The ZyXEL Device is sending/receiving data to /from the LAN. Off The ZyXEL Device does not have an Ethernet connection with the LAN. On The wireless network is activated. Blinking The ZyXEL Device is communicating with other wireless clients.
Chapter 1 Introducing the ZyXEL Device 1.7.1 Turn the Wireless LAN Off or On 1 Make sure the POWER LED is on (not blinking). 2 Press the WPS WLAN ON/OFF button for less than five seconds and release it. The WLAN/WPS LED should change from on to off or vice versa. 1.7.2 Activate WPS 1 Make sure the POWER LED is on (not blinking). 2 Press the WPS WLAN ON/OFF button for five to ten seconds and release it. Press the WPS button on another WPS -enabled device within range of the ZyXEL Device.
Chapter 1 Introducing the ZyXEL Device 38 P-660HN-Fx User’s Guide
CHAPTER 2 Introducing the Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2.
Chapter 2 Introducing the Web Configurator Figure 3 Password Screen 5 The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now. Figure 4 Change Password Screen 6 The following screen displays if you have not replaced the factory default certificate.
Chapter 2 Introducing the Web Configurator Figure 5 Replace Factory Default Certificate Screen 2.2 Web Configurator Main Screen Figure 6 Main Screen A B C D As illustrated above, the main screen is divided into these parts: • • • • A - title bar B - navigation panel C - main window D - status bar 2.2.1 Title Bar The title bar provides some icons in the upper right corner.
Chapter 2 Introducing the Web Configurator The icons provide the following functions. Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Help: Click this icon to open up help screens. Wizards: Click this icon to go to the configuration wizards. See Chapter 4 on page 53 for more information. Logout: Click this icon to log out of the web configurator. 2.2.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL Device features.
Chapter 2 Introducing the Web Configurator Table 3 Navigation Panel Summary LINK Firewall Content Filter TAB FUNCTION General Use this screen to activate/deactivate the firewall and the default action to take on network traffic going in specific directions. Rules This screen shows a summary of the firewall rules, and allows you to edit/ add a firewall rule. Threshold Use this screen to configure the thresholds for determining when to drop sessions that do not become fully established.
Chapter 2 Introducing the Web Configurator Table 3 Navigation Panel Summary LINK UPnP TAB FUNCTION General Use this screen to turn UPnP on or off. General Use this screen to configure your device’s name, domain name, management inactivity timeout and password. Time Setting Use this screen to change your ZyXEL Device’s time and date. View Log Use this screen to display your device’s logs. Log Settings Use this screen to select which logs and/or immediate alerts your device is to record.
CHAPTER 3 Status Screens 3.1 Overview Use the Status screens to look at the current status of the device, system resources, and interfaces (LAN and WAN). The Status screen also provides detailed information from Any IP and DHCP and statistics from bandwidth management, and traffic. 3.2 The Status Screen Use this screen to view the status of the ZyXEL Device. Click Status to open this screen. Figure 7 Status Screen Each field is described in the following table.
Chapter 3 Status Screens Table 4 Status Screen LABEL DESCRIPTION Device Information Host Name This field displays the ZyXEL Device system name. It is used for identification. You can change this in the Maintenance > System > General screen’s System Name field. Model Number This is the model name of your device. MAC Address This is the MAC (Media Access Control) or Ethernet address unique to your ZyXEL Device.
Chapter 3 Status Screens Table 4 Status Screen LABEL DESCRIPTION Firewall This displays whether or not the ZyXEL Device’s firewall is activated. Click this to go to the screen where you can change it. Content Filter This displays whether or not the ZyXEL Device’s content filtering is activated. Click this to go to the screen where you can change it. System Status System Uptime This field displays how long the ZyXEL Device has been running since it last started up.
Chapter 3 Status Screens 3.3 Client List See Section 6.4 on page 95 for information on this screen. 3.4 WLAN Status Use this screen to view the wireless stations that are currently associated to the ZyXEL Device. Click Status > WLAN Status to access this screen. Figure 8 WLAN Status The following table describes the labels in this screen. Table 5 WLAN Status LABEL DESCRIPTION # This is the index number of an associated wireless station.
Chapter 3 Status Screens Figure 9 Packet Statistics The following table describes the fields in this screen. Table 6 Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device’s present date and time. CPU Usage This field specifies the percentage of CPU utilization. Memory Usage This field specifies the percentage of memory utilization.
Chapter 3 Status Screens Table 6 Packet Statistics (continued) LABEL DESCRIPTION Rx B/s This field displays the number of bytes received in the last second. Up Time This field displays the elapsed time this port has been up. LAN Port Statistics Interface This field displays either Ethernet (LAN ports) or Wireless (WLAN port). Status For the LAN ports, this field displays Down (line is down) or Up (line is up or connected).
P ART II Wizard Internet and Wireless Setup Wizard (53) 51
CHAPTER 4 Internet and Wireless Setup Wizard 4.1 Overview Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. " See the advanced menu chapters for background information on these fields. 4.2 Internet Access Wizard Setup 1 After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to go to the wizards.
Chapter 4 Internet and Wireless Setup Wizard Figure 12 Wizard Welcome 3 Your ZyXEL device attempts to detect your DSL connection and your connection type. 3a The following screen appears if a connection is not detected. Check your hardware connections and click Restart the INTERNET/WIRELESS SETUP Wizard to return to the wizard welcome screen. If you still cannot connect, click Manually configure your Internet connection.
Chapter 4 Internet and Wireless Setup Wizard Figure 14 Auto-Detection: PPPoE 3c The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 4.2.1 on page 55 on how to manually configure the ZyXEL Device for Internet access. Figure 15 Auto Detection: Failed 4.2.
Chapter 4 Internet and Wireless Setup Wizard Figure 16 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 8 Internet Access Wizard Setup: ISP Parameters 56 LABEL DESCRIPTION Mode Select Routing (default) from the drop-down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account.
Chapter 4 Internet and Wireless Setup Wizard 2 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 4.3 on page 60 for wireless connection wizard setup Figure 17 Internet Connection with PPPoE The following table describes the fields in this screen. Table 9 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned.
Chapter 4 Internet and Wireless Setup Wizard The following table describes the fields in this screen. Table 10 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field. Back Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving.
Chapter 4 Internet and Wireless Setup Wizard Table 11 Internet Connection with ENET ENCAP (continued) LABEL DESCRIPTION Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 20 Internet Connection with PPPoA The following table describes the fields in this screen. Table 12 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the login name that your ISP gives you. Password Enter the password associated with the user name above.
Chapter 4 Internet and Wireless Setup Wizard Figure 21 Connection Test Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wireless Setup Wizard to verify your Internet access settings. Figure 22 Connection Test Failed-2. 4.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings.
Chapter 4 Internet and Wireless Setup Wizard Figure 23 Connection Test Successful 2 Use this screen to activate the wireless LAN. Click Next to continue. Figure 24 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. Table 13 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Back Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen.
Chapter 4 Internet and Wireless Setup Wizard Figure 25 Wireless LAN The following table describes the labels in this screen. Table 14 Wireless LAN Setup Wizard 2 " LABEL DESCRIPTION Network Name(SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the ZyXEL Device, make sure all wireless stations use the same SSID in order to access the network. Channel Selection The range of radio frequencies used by IEEE 802.
Chapter 4 Internet and Wireless Setup Wizard 4.3.1 Manually Assign a WPA-PSK key Choose Manually assign a WPA-PSK key in the Wireless LAN setup screen to set up a PreShared Key. Figure 26 Manually Assign a WPA-PSK key The following table describes the labels in this screen. Table 15 Manually Assign a WPA-PSK key LABEL DESCRIPTION Pre-Shared Key Type from 8 to 63 case-sensitive ASCII characters. You can set up the most secure wireless connection by configuring WPA in the wireless LAN screens.
Chapter 4 Internet and Wireless Setup Wizard The following table describes the labels in this screen. Table 16 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. Enter any 5 or 13 ASCII characters, or 10 or 26 hexadecimal characters ("0-9", "A-F") for a 64-bit or 128-bit WEP key respectively. Back Click this to return to the previous screen without saving.
Chapter 4 Internet and Wireless Setup Wizard Figure 29 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct.
Chapter 4 Internet and Wireless Setup Wizard 66 P-660HN-Fx User’s Guide
P ART III Network WAN Setup (69) LAN Setup (89) Wireless LAN (105) Network Address Translation (NAT) (135) 67
CHAPTER 5 WAN Setup 5.1 Overview This chapter describes how to configure WAN settings from the WAN screens. Use these screens to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations. Figure 30 LAN and WAN LAN WAN 5.1.
Chapter 5 WAN Setup WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the ZyXEL Device tries to access the Internet.
Chapter 5 WAN Setup Figure 31 Network > WAN >Internet Access Setup (PPPoE) The following table describes the labels in this screen. Table 17 Network > WAN > Internet Access Setup LABEL DESCRIPTION Line Modulation Select the modulation supported by your ISP. Use Multi Mode if you are not sure which mode to choose from. The ZyXEL Device dynamically diagnoses the mode supported by the ISP and selects the best compatible one for your connection. Other options are ADSL G.
Chapter 5 WAN Setup Table 17 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Mode Select Routing (default) from the drop-down list box if your ISP gives you one IP address only and you want multiple computers to share an Internet account. Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly.
Chapter 5 WAN Setup Table 17 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field.
Chapter 5 WAN Setup The following table describes the labels in this screen. Table 18 Network > WAN > Internet Access Setup: Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup This section is not available when you configure the ZyXEL Device to be in bridge mode. RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet.
Chapter 5 WAN Setup Table 18 Network > WAN > Internet Access Setup: Advanced Setup (continued) LABEL DESCRIPTION Protocol Filter Select the protocol filter(s) to control incoming traffic. You may choose up to 4 sets of filters. You can configure packet filters in the Packet Filter screen. See Chapter 11 on page 177 for more details. Generic Filter Select the generic filter(s) to control incoming traffic. You may choose up to 4 sets of filters.
Chapter 5 WAN Setup The following table describes the labels in this screen. Table 19 Network > WAN > More Connections LABEL DESCRIPTION # This is an index number indicating the number of the corresponding connection. Active This field indicates whether the connection is active or not. Clear the check box to disable the connection. Select the check box to enable it. Name This is the name you gave to the Internet connection.
Chapter 5 WAN Setup Figure 34 Network > WAN > More Connections: Edit The following table describes the labels in this screen. Table 20 Network > WAN > More Connections: Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII characters for this connection. Mode Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Chapter 5 WAN Setup Table 20 Network > WAN > More Connections: Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE encapsulation only) Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service here.
Chapter 5 WAN Setup Table 20 Network > WAN > More Connections: Edit (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. Advanced Setup Click this to display the More Connections Advanced Setup screen and edit more details of your WAN setup. 5.3.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen.
Chapter 5 WAN Setup Table 21 Network > WAN > More Connections: Edit: Advanced Setup (continued) LABEL DESCRIPTION ATM QoS Type Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail. Select VBR-nRT (Variable Bit Rate-non Real Time) or VBR-RT (Variable Bit Rate-Real Time) for bursty traffic and bandwidth sharing with other applications.
Chapter 5 WAN Setup Figure 36 Network > WAN > WAN Backup The following table describes the labels in this screen. Table 22 Network > WAN > WAN Backup LABEL DESCRIPTION WAN Backup Setup Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields.
Chapter 5 WAN Setup Table 22 Network > WAN > WAN Backup LABEL DESCRIPTION Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. Active Traffic Redirect Select this check box to have the ZyXEL Device use traffic redirect if the normal WAN connection goes down. Note: If you activate traffic redirect, you must configure at least one Check WAN IP Address.
Chapter 5 WAN Setup One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for individuals. Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site.
Chapter 5 WAN Setup 5.5.4 IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP. However the encapsulation method assigned influences your choices for IP address and ENET ENCAP gateway.
Chapter 5 WAN Setup The metric sets the priority for the ZyXEL Device’s routes to the Internet. If any two of the default routes have the same metric, the ZyXEL Device uses the following pre-defined priorities: • Normal route: designated by the ISP (see Section 5.2 on page 70) • Traffic-redirect route (see Section 5.8 on page 86) For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2", then the normal route acts as the primary default route.
Chapter 5 WAN Setup 5.7.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent. CBR traffic is generally time-sensitive (doesn't tolerate delay). CBR is used for connections that continuously require a specific amount of bandwidth. A PCR is specified and if traffic exceeds this rate, cells may be dropped.
Chapter 5 WAN Setup Figure 38 Traffic Redirect Example LAN WAN Backup Gateway The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
Chapter 5 WAN Setup 88 P-660HN-Fx User’s Guide
CHAPTER 6 LAN Setup 6.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses. LAN DSL 6.1.1 What You Can Do in the LAN Screens • Use the LAN IP screen (Section 6.2 on page 90) to set the LAN IP address and subnet mask of your ZyXEL device.
Chapter 6 LAN Setup Subnet Mask Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your ZyXEL Device an IP address, subnet mask, DNS and other routing information when it's turned on. RIP RIP (Routing Information Protocol) allows a router to exchange routing information with other routers.
Chapter 6 LAN Setup 2 Enter the IP subnet mask into the IP Subnet Mask field. Unless instructed otherwise it is best to leave this alone, the configurator will automatically compute a subnet mask based upon the IP address you entered. 3 Click Apply to save your settings. Figure 40 Network > LAN > IP The following table describes the fields in this screen.
Chapter 6 LAN Setup Figure 41 Network > LAN > IP: Advanced Setup The following table describes the labels in this screen. Table 24 Network > LAN > IP: Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group.
Chapter 6 LAN Setup Table 24 Network > LAN > IP: Advanced Setup LABEL DESCRIPTION Allow between LAN and WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN. If your firewall is enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default WAN to LAN firewall rule that forwards NetBIOS traffic. Clear this check box to block all NetBIOS packets going from the LAN to the WAN and from the WAN to the LAN.
Chapter 6 LAN Setup Figure 42 Network > LAN > DHCP Setup The following table describes the labels in this screen. Table 25 Network > LAN > DHCP Setup LABEL DESCRIPTION DHCP Setup DHCP If set to Server, your ZyXEL Device can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client. If set to None, the DHCP server will be disabled.
Chapter 6 LAN Setup Table 25 Network > LAN > DHCP Setup LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select Obtained From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply.
Chapter 6 LAN Setup The following table describes the labels in this screen. Table 26 Network > LAN > Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify. MAC Address Enter the MAC address of a computer on your LAN. Add Click this to add a static DHCP entry. # This is the index number of the static IP table entry (row).
Chapter 6 LAN Setup Figure 44 Physical Network & Partitioned Logical Networks A: 192.168.1.1 - 192.168.1.24 Ethernet Interface B: 192.168.2.1 - 192.168.2.24 C: 192.168.3.1 - 192.168.3.24 6.5.1 Configuring the LAN IP Alias Screen Use this screen to change your ZyXEL Device’s IP alias settings. Click Network > LAN > IP Alias to open the following screen. Figure 45 Network > LAN > IP Alias The following table describes the labels in this screen.
Chapter 6 LAN Setup Table 27 Network > LAN > IP Alias LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the ZyXEL Device will broadcast its routing table periodically.
Chapter 6 LAN Setup 6.6.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Chapter 6 LAN Setup Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
Chapter 6 LAN Setup 6.6.5 RIP Setup RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to: • Both - the ZyXEL Device will broadcast its routing table periodically and incorporate the RIP information that it receives. • In Only - the ZyXEL Device will not send any RIP packets but will accept all RIP packets received.
Chapter 6 LAN Setup 6.6.7 Any IP Traditionally, you must set the IP addresses and the subnet masks of a computer and the ZyXEL Device to be in the same subnet to allow the computer to access the Internet (through the ZyXEL Device). In cases where your computer is required to use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the ZyXEL Device.
Chapter 6 LAN Setup The following lists out the steps taken, when a computer tries to access the Internet for the first time through the ZyXEL Device. 1 When a computer (which is in a different subnet) first attempts to access the Internet, it sends packets to its default gateway (which is not the ZyXEL Device) by looking at the MAC address in its ARP table. 2 When the computer cannot locate the default gateway, an ARP request is broadcast on the LAN.
Chapter 6 LAN Setup 104 P-660HN-Fx User’s Guide
CHAPTER 7 Wireless LAN 7.1 Overview This chapter describes how to perform tasks related to setting up and optimizing your wireless network, including the following. • • • • • • Turning the wireless connection on or off. Configuring a name, wireless channel and security for the network. Using WiFi Protected Setup (WPS) to configure your wireless network. Setting up multiple wireless networks. Configuring Quality of Service (QoS) to optimize your network’s performance.
Chapter 7 Wireless LAN 7.1.2 What You Need to Know About Wireless Wireless Basics “Wireless” is essentially radio communication. In the same way that walkie-talkie radios send and receive information over the airwaves, wireless networking devices exchange information with one another. A wireless networking device is just like a radio that lets your computer exchange information with radios attached to other computers.
Chapter 7 Wireless LAN 7.2 The AP Screen Use this screen to configure the wireless settings of your ZyXEL Device. Click Network > Wireless LAN to open the AP screen. Figure 48 Network > Wireless LAN > AP The following table describes the labels in this screen. Table 28 Network > Wireless LAN > AP LABEL DESCRIPTION Wireless Setup Active Wireless LAN Click the check box to activate wireless LAN.
Chapter 7 Wireless LAN Table 28 Network > Wireless LAN > AP LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the ZyXEL Device. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the ZyXEL Device. Select 802.11n Only to allow only IEEE 802.11n compliant WLAN devices to associate with the ZyXEL Device. Select 802.11g/n mixed to allow either IEEE 802.11g or IEEE 802.
Chapter 7 Wireless LAN " If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 49 Network > Wireless LAN > AP: No Security The following table describes the labels in this screen. Table 29 Network > Wireless LAN > AP: No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. 7.2.2 WEP Encryption Use this screen to configure and enable WEP encryption.
Chapter 7 Wireless LAN Figure 50 Network > Wireless LAN > AP: WEP Auto The following table describes the wireless LAN security labels in this screen. Table 30 Network > Wireless LAN > AP: WEP Auto LABEL DESCRIPTION Security Mode Choose WEP Auto from the drop-down list box. Passphrase Enter a passphrase (up to 32 printable characters) and click Generate. The ZyXEL Device automatically generates a WEP key. WEP Key The WEP key is used to encrypt data.
Chapter 7 Wireless LAN Figure 51 Network > Wireless LAN > AP: WPA(2)-PSK The following table describes the wireless LAN security labels in this screen. Table 31 Network > Wireless LAN > AP: WPA(2)-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK or WPAPSKMixed from the drop-down list box. Select WPAPSK Mixed if you want the ZyXEL Device to support WPA-PSK and WPA2-PSK simultaneously. Pre-Shared Key The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same.
Chapter 7 Wireless LAN Figure 52 Network > Wireless LAN > AP: WPA(2) The following table describes the wireless LAN security labels in this screen. Table 32 Network > Wireless LAN > AP: WPA(2) LABEL DESCRIPTION Security Mode Choose WPA, WPA2 or WPAMixed from the drop-down list box. Select WPAMixed if you want the ZyXEL Device to support WPA and WPA2 simultaneously. ReAuthentication Timer Specify how often wireless stations have to resend usernames and passwords in order to stay connected.
Chapter 7 Wireless LAN Table 32 Network > Wireless LAN > AP: WPA(2) LABEL DESCRIPTION WPA Group Key Update Timer The WPA Group Key Update Timer is the rate at which the AP (if using WPA(2)-PSK key management) or RADIUS server (if using WPA(2) key management) sends a new group key out to all clients. The re-keying process is the WPA(2) equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis.
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 33 Network > Wireless LAN > AP: Advanced Setup LABEL DESCRIPTION RTS/CTS Threshold Enter a value between 0 and 2432. Fragmentation Threshold This is the maximum data fragment size that can be sent. Enter a value between 256 and 2432. Output Power Set the output power of the ZyXEL Device. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs.
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 34 Network > Wireless LAN > AP: MAC Address Filter LABEL DESCRIPTION Active MAC Filter Select the check box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table. Select Deny to block access to the ZyXEL Device. MAC addresses not listed will be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device.
Chapter 7 Wireless LAN Table 35 Network > Wireless LAN > More AP LABEL DESCRIPTION SSID An SSID profile is the set of parameters relating to one of the ZyXEL Device’s BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated. This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
Chapter 7 Wireless LAN Table 36 Network > Wireless LAN > More AP: Edit LABEL Edit DESCRIPTION Click this to go to the MAC Filter screen to configure MAC filter settings. See Section 7.2.6 on page 114 for more details. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 7.4 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your ZyXEL Device.
Chapter 7 Wireless LAN Table 37 Network > Wireless LAN > WPS LABEL Release_Con figuration DESCRIPTION This button is available when the WPS status is Configured. Click this button to remove all configured wireless and wireless security settings for WPS connections on the ZyXEL Device. Apply Click this to save your changes. Refresh Click this to restore your previously saved settings. 7.
Chapter 7 Wireless LAN 7.6 The WDS Screen An AP using the Wireless Distribution System (WDS) can function as a wireless network bridge allowing you to wirelessly connect two wired network segments. The WDS screen allows you to configure the ZyXEL Device to connect to two or more APs wirelessly when WDS is enabled. Use this screen to set up your WDS (Wireless Distribution System) links between the ZyXEL Device and other wireless APs. You need to know the MAC address of the peer device.
Chapter 7 Wireless LAN The following table describes the labels in this screen. Table 39 Network > Wireless LAN > WDS LABEL DESCRIPTION Enable WDS Select this check box to activate WDS on the ZyXEL Device. Enable WDS Security Select this option and the type of the key used to encrypt data between APs. All the wireless APs (including the ZyXEL Device) must use the same pre-shared key for data transmission. If you de-select this option, the data sent between APs is not encrypted. Anyone can read it.
Chapter 7 Wireless LAN 7.8 The Scheduling Screen Use the wireless LAN scheduling to configure the days you want to enable or disable the wireless LAN. Click Network > Wireless LAN > Scheduling. The following screen displays. Figure 61 Network > Wireless LAN > Scheduling The following table describes the labels in this screen. Table 41 Network > Wireless LAN > QoS LABEL DESCRIPTION Enable Wireless LAN Scheduling Select this box to activate wireless LAN scheduling on your ZyXEL Device.
Chapter 7 Wireless LAN • An access point is a radio with a wired connection to a network, which can connect with numerous wireless clients and let them access the network. • A bridge is a radio that relays communications between access points and wireless clients, extending a network’s range. Traditionally, a wireless network operates in one of two ways. • An “infrastructure” type of network has one or more access points and one or more wireless clients. The wireless clients connect to the access points.
Chapter 7 Wireless LAN Radio Channels In the radio spectrum, there are certain frequency bands allocated for unlicensed, civilian use. For the purposes of wireless networking, these bands are divided into numerous channels. This allows a variety of networks to exist in the same place without interfering with one another. When you create a network, you must select a channel to use. Since the available unlicensed spectrum varies from one country to another, the number of available channels also varies. 7.9.
Chapter 7 Wireless LAN 7.9.3 Wireless Security Overview By their nature, radio communications are simple to intercept. For wireless data networks, this means that anyone within range of a wireless network without security can not only read the data passing over the airwaves, but also join the network. Once an unauthorized person has access to the network, he or she can steal information or introduce malware (malicious software) intended to compromise the network.
Chapter 7 Wireless LAN You can use the MAC address filter to tell the ZyXEL Device which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security). If a device is not allowed to use the wireless network, it does not matter if it has the correct information. This type of security does not protect the information that is sent in the wireless network.
Chapter 7 Wireless LAN " It is recommended that wireless networks use WPA-PSK, WPA, or stronger encryption. The other types of encryption are better than none at all, but it is still possible for unauthorized wireless devices to figure out the original information pretty quickly. When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA compatible) to support WPA as well.
Chapter 7 Wireless LAN Figure 63 Basic Service set 7.9.6 MBSSID Traditionally, you need to use different APs to configure different Basic Service Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The ZyXEL Device’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously. You can then assign varying QoS priorities and/or security modes to different SSIDs.
Chapter 7 Wireless LAN The following figure illustrates how WDS link works between APs. Notebook computer A is a wireless client connecting to access point AP 1. AP 1 has no wired Internet connection, but can establish a WDS link with access point AP 2, which does. When AP 1 has a WDS link with AP 2, the notebook computer can access the Internet through AP 2. Figure 64 WDS Link Example WDS A AP 1 AP 2 7.9.
Chapter 7 Wireless LAN 7.9.8.2 PIN Configuration Each WPS-enabled device has its own PIN (Personal Identification Number). This may either be static (it cannot be changed) or dynamic (in some devices you can generate a new PIN by clicking on a button in the configuration interface).
Chapter 7 Wireless LAN Figure 65 Example WPS Process: PIN Method ENROLLEE REGISTRAR WPS This device’s WPS PIN: 123456 WPS Enter WPS PIN from other device: WPS START WPS START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 7.9.8.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role.
Chapter 7 Wireless LAN Figure 66 How WPS works ACTIVATE WPS ACTIVATE WPS WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE SECURE TUNNEL REGISTRAR SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary. The WPS connection process is like a handshake; only two devices participate in each WPS transaction.
Chapter 7 Wireless LAN Figure 67 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO AP1 CLIENT 1 In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network. In this case, AP1 must be the registrar, since it is configured (it already has security information for the network).
Chapter 7 Wireless LAN Figure 69 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 E ION CT E NN CO G TIN XIS AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP2 7.9.8.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It does not work in Ad-Hoc networks (where there is no AP). • When you use WPS, it works between two devices only.
Chapter 7 Wireless LAN You can easily check to see if this has happened. WPS works between only two devices simultaneously, so if another device has enrolled your device will be unable to enroll, and will not have access to the network. If this happens, open the access point’s configuration interface and look at the list of associated clients (usually displayed by MAC address).
CHAPTER 8 Network Address Translation (NAT) 8.1 Overview This chapter discusses how to configure NAT on the ZyXEL Device. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 8.1.1 What You Can Do in the NAT Screens • Use the NAT General Setup screen (Section 8.2 on page 136) to configure the NAT setup settings.
Chapter 8 Network Address Translation (NAT) NAT In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Chapter 8 Network Address Translation (NAT) The following table describes the labels in this screen. Table 44 Network > NAT > General LABEL DESCRIPTION Active Network Address Translation (NAT) Select this check box to enable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device. Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device.
Chapter 8 Network Address Translation (NAT) " Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to your ISP. Default Server IP Address In addition to the servers for specified services, NAT supports a default server IP address.
Chapter 8 Network Address Translation (NAT) Figure 72 Network > NAT > Port Forwarding The following table describes the fields in this screen. Table 45 Network > NAT > Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen.
Chapter 8 Network Address Translation (NAT) Figure 73 Network > NAT > Port Forwarding: Edit The following table describes the fields in this screen. Table 46 Network > NAT > Port Forwarding: Edit LABEL DESCRIPTION Active Click this check box to enable the rule. Service Name Enter a name to identify this port-forwarding rule. Start Port Enter a port number in this field. To forward only one port, enter the port number again in the End Port field.
Chapter 8 Network Address Translation (NAT) rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9. In the set summary screen, the new rule will be rule 7, not 9. Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. To change your ZyXEL Device’s address mapping settings, click Network > NAT > Address Mapping to open the following screen.
Chapter 8 Network Address Translation (NAT) 8.4.1 The Address Mapping Rule Edit Screen Use this screen to edit an address mapping rule. Click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 75 Network > NAT > Address Mapping: Edit The following table describes the fields in this screen. Table 48 Network > NAT > Address Mapping: Edit 142 LABEL DESCRIPTION Type Choose the port mapping type from one of the following.
Chapter 8 Network Address Translation (NAT) Table 48 Network > NAT > Address Mapping: Edit (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 8.5 The SIP ALG Screen Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream.
Chapter 8 Network Address Translation (NAT) Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside host when the packet is on the WAN side. The following table summarizes this information.
Chapter 8 Network Address Translation (NAT) Figure 77 How NAT Works NAT Table LAN Inside Local IP Address 192.168.1.10 192.168.1.11 192.168.1.12 192.168.1.13 192.168.1.13 192.168.1.12 SA SA 192.168.1.10 IGA1 Inside Local Address (ILA) 192.168.1.11 Inside Global IP Address IGA 1 IGA 2 IGA 3 IGA 4 WAN Inside Global Address (IGA) 192.168.1.10 8.6.
Chapter 8 Network Address Translation (NAT) Figure 78 NAT Application With IP Alias Corporation B Corporation A Server in Admin Network =IP1 (IGA 1) LAN2: 192.168.1.X Network Server “Admin=192.168.1.1 NAT Server 192.168.1.1 LAN2: 192.168.2.X Network Server “Sales”=192.168.2.1 Server in Sales Network =IP2 (IGA 2) NAT Server 192.168.2.1 LAN3: 192.168.3.X Network Server “R&D”=192.168.3.1 NAT Server 192.168.3.
Chapter 8 Network Address Translation (NAT) Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types.
Chapter 8 Network Address Translation (NAT) 148 P-660HN-Fx User’s Guide
P ART IV Security Firewalls (151) Content Filtering (171) Packet Filter (177) Certificates (185) 149
CHAPTER 9 Firewalls 9.1 Overview This chapter shows you how to enable and configure the ZyXEL Device firewall. Use these screens to enable and configure the firewall that protects your ZyXEL Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: • allows traffic that originates from your LAN computers to go to all other networks. • blocks traffic that originates on other networks from going to the LAN.
Chapter 9 Firewalls 9.1.2 What You Need to Know About Firewall DoS Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks.
Chapter 9 Firewalls Figure 80 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8. 4 Click Add to display the firewall rule configuration screen. 5 In the Edit Rule screen, click the Edit Customized Services link to open the Customized Service screen.
Chapter 9 Firewalls Figure 82 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. " 154 Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Chapter 9 Firewalls Figure 83 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Chapter 9 Firewalls Figure 84 Firewall Example: Rules: MyService 9.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen.
Chapter 9 Firewalls The following table describes the labels in this screen. Table 52 Security > Firewall > General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Chapter 9 Firewalls Click Security > Firewall > Rules to bring up the following screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. Figure 86 Security > Firewall > Rules The following table describes the labels in this screen. Table 53 Security > Firewall > Rules LABEL DESCRIPTION Firewall Rules Storage Space in Use This read-only bar shows how much of the ZyXEL Device's memory for recording firewall rules it is currently using.
Chapter 9 Firewalls Table 53 Security > Firewall > Rules (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule. A window displays asking you to confirm that you want to delete the firewall rule. Note that subsequent firewall rules move up by one when you take this action. Order Click the Move icon to display the Move the rule to field.
Chapter 9 Firewalls Figure 87 Security > Firewall > Rules: Edit The following table describes the labels in this screen. Table 54 Security > Firewall > Rules: Edit LABEL DESCRIPTION Edit Rule Active 160 Select this option to enable this firewall rule.
Chapter 9 Firewalls Table 54 Security > Firewall > Rules: Edit (continued) LABEL DESCRIPTION Action for Matched Packet Use the drop-down list box to select whether to discard (Drop), deny and send an ICMP destination-unreachable message to the sender of (Reject) or allow the passage of (Permit) packets that match this rule. Source/Destination Address Address Type Do you want your rule to apply to packets with a particular (single) IP, a range of IP addresses (for instance, 192.168.1.10 to 192.169.1.
Chapter 9 Firewalls 9.3.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. See Appendix E on page 371 for some examples. Click the Edit Customized Services link while editing a firewall rule to configure a custom service port. This displays the following screen.
Chapter 9 Firewalls Figure 89 Security > Firewall > Rules: Edit: Edit Customized Services: Config The following table describes the labels in this screen. Table 56 Security > Firewall > Rules: Edit: Edit Customized Services: Config LABEL DESCRIPTION Config Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Chapter 9 Firewalls Figure 90 Three-Way Handshake For UDP, half-open means that the firewall has detected no return traffic. An unusually high number (or arrival rate) of half-open sessions could indicate a DOS attack. 9.4.1 Threshold Values If everything is working properly, you probably do not need to change the threshold settings as the default threshold values should work for most small offices.
Chapter 9 Firewalls Figure 91 Security > Firewall > Threshold The following table describes the labels in this screen. Table 57 Security > Firewall > Threshold LABEL DESCRIPTION Denial of Service Thresholds The ZyXEL Device measures both the total number of existing half-open sessions and the rate of session establishment attempts. Both TCP and UDP half-open sessions are counted in the total number and rate measurements. Measurements are made once a minute.
Chapter 9 Firewalls Table 57 Security > Firewall > Threshold (continued) LABEL DESCRIPTION TCP Maximum Incomplete An unusually high number of half-open sessions with the same destination host address could indicate that a DoS attack is being launched against the host. Specify the number of existing half-open TCP sessions with the same destination host IP address that causes the firewall to start dropping half-open sessions to that same destination host IP address. Enter a number between 1 and 256.
Chapter 9 Firewalls " You can also configure the remote management settings to allow only a specific computer to manage the ZyXEL Device. • LAN to WAN These rules specify which computers on the LAN can access which computers or services on the WAN. By default, the ZyXEL Device’s stateful packet inspection drops packets traveling in the following directions: • WAN to LAN These rules specify which computers on the WAN can access which computers or services on the LAN.
Chapter 9 Firewalls 9.5.2 Guidelines For Enhancing Security With Your Firewall 1 2 3 4 Change the default password via web configurator. Think about access control before you connect to the network in any way. Limit who can access your router. Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network.
Chapter 9 Firewalls Figure 92 Ideal Firewall Setup WAN LAN 1 2 9.5.4.1 The “Triangle Route” Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices. You may have more than one connection to the Internet (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL Device’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may occur.
Chapter 9 Firewalls It’s like having multiple LAN networks that actually use the same physical cables and ports. By putting your LAN and Gateway A in different subnets, all returning network traffic must pass through the ZyXEL Device to your LAN. The following steps describe such a scenario. 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. 2 The ZyXEL Device reroutes the packet to Gateway A, which is in Subnet 2.
CHAPTER 10 Content Filtering 10.1 Overview Internet content filtering allows you to block web sites based on keywords in the URL. See Section 10.1.4 on page 171 for an example of setting up content filtering. 10.1.1 What You Can Do in the Content Filter Screens • Use the Keyword screen (Section 10.2 on page 173) to block web sites based on a keyword in the URL. • Use the Schedule screen (Section 10.3 on page 174) to specify the days and times keyword blocking is active.
Chapter 10 Content Filtering Figure 95 Security > Content Filter > Keyword: Example Bob’s son arrives home from school at four, while his parents arrive later, at about 7pm. So keyword blocking is enabled for these times on weekdays and not on the weekend when the parents are at home. 1 Click Security > Content Filter > Schedule to display the following screen. 2 Click Edit Daily to Block and select all weekdays.
Chapter 10 Content Filtering 2 In the Start IP Address and End IP Address fields, type 192.168.1.3. 3 Click Apply. Figure 97 Security > Content Filter > Trusted: Example That finishes setting up keyword blocking on the home computer. 10.2 The Keyword Screen Use this screen to block sites containing certain keywords in the URL. For example, if you enable the keyword "bad", the ZyXEL Device blocks all sites containing this keyword including the URL http://www.website.com/bad.html.
Chapter 10 Content Filtering Table 58 Security > Content Filtering > Keyword (continued) LABEL DESCRIPTION Clear All Click this to remove all of the keywords from the list. Keyword Type a keyword in this field. You may use any character (up to 127 characters). Wildcards are not allowed. Add Keyword Click this after you have typed a keyword. Repeat this procedure to add other keywords. Up to 64 keywords are allowed.
Chapter 10 Content Filtering Table 59 Security > Content Filter: Schedule (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 10.4 The Trusted Screen Use this screen to exclude a range of users on the LAN from content filtering on your ZyXEL Device. Click Security > Content Filter > Trusted. The screen appears as shown. Figure 100 Security > Content Filter: Trusted The following table describes the labels in this screen.
Chapter 10 Content Filtering 176 P-660HN-Fx User’s Guide
CHAPTER 11 Packet Filter 11.1 Overview Your ZyXEL Device uses filters to decide whether to allow passage of traffic. This chapter discusses how to create and apply filters. 11.1.1 What You Can Do in the Packet Filter Screen Use the Packet Filter screens (Section 11.2 on page 177) to display the filter sets and configure the rules for protocol and generic filters. 11.1.
Chapter 11 Packet Filter Figure 101 Security > Packet Filter The following table describes the labels in this screen. Table 61 Security > Packet Filter LABEL DESCRIPTION # This field displays the index number of the filter set. Name Enter a name for the filter set. The text may consist of up to 16 letters, numerals and any printable character found on a typical English language keyboard. Filter Type Select Protocol Filter or Generic Filter for your filter set.
Chapter 11 Packet Filter Figure 102 Security > Packet Filter > Edit (Protocol Filter) The following table describes the labels in this screen. Table 62 Security > Packet Filter > Edit (Protocol Filter) LABEL DESCRIPTION # This is the index number of the rules in a filter set. Active Use the check box to turn a filter rule on or off. Filter Type This field displays whether the filter type is a protocol filter or generic filter. Protocol This field displays the upper layer protocol.
Chapter 11 Packet Filter Figure 103 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule The following table describes the labels in this screen. Table 63 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule 180 LABEL DESCRIPTION Active Select the check box to enable the filter rule. Protocol Select ICMP, TCP or UDP for the upper layer protocol. IP Source Route Select the check box to apply the filter rule to packets with an IP source route option.
Chapter 11 Packet Filter Table 63 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule (continued) LABEL DESCRIPTION More Select Yes to pass a matching packet to the next filter rule before an action is taken. Select No to act upon the packet according to the action fields. Log Select a logging option from the following: None – No packets will be logged. Match - Only packets that match the rule parameters will be logged.
Chapter 11 Packet Filter The following table describes the labels in this screen. Table 64 Security > Packet Filter > Edit (Generic Filter) LABEL DESCRIPTION # This is the index number of the rules in a filter set. Active Use the check box to turn on or off a filter rule. Filter Type This field displays whether the filter type is a protocol filter or generic filter. Offset This field displays the offset value. Length This field displays the length value.
Chapter 11 Packet Filter Table 65 Security > Packet Filter > Edit (Generic Filter) > Edit Rule (continued) LABEL DESCRIPTION Value Enter the value (in hexadecimal notation) to compare with the data portion. More Select Yes to pass a matching packet to the next filter rule before an action is taken. Select No to act upon the packet according to the action fields. Log Select a logging option from the following: None – No packets will be logged.
Chapter 11 Packet Filter 11.3.2 Firewall Versus Filters Below are some comparisons between the ZyXEL Device’s filtering and firewall functions. Packet Filtering • The router filters packets as they pass through the router’s interface according to the filter rules you designed. • Packet filtering is a powerful tool, yet can be complex to configure and maintain, especially if you need a chain of rules to filter a service. • Packet filtering only checks the header portion of an IP packet.
CHAPTER 12 Certificates 12.1 Overview This chapter describes how your ZyXEL Device can use certificates as a means of authenticating wireless clients. It gives background information about public-key certificates and explains how to use them. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Chapter 12 Certificates 12.1.2 What You Need to Know About Certificates Certification Authority A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. You can use the ZyXEL Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority.
Chapter 12 Certificates The following table describes the labels in this screen. Table 66 My Certificates LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device’s PKI storage space that is currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
Chapter 12 Certificates Table 66 My Certificates (continued) LABEL DESCRIPTION Import Click this to open a screen where you can save the certificate that you have enrolled from a certification authority from your computer to the ZyXEL Device. Refresh Click this to display the current validity status of the certificates. 12.2.1 My Certificate Import Follow the instructions in this screen to save an existing certificate to the ZyXEL Device.
Chapter 12 Certificates The following table describes the labels in this screen. Table 67 My Certificate Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click this to find the certificate file you want to upload. Back Click this to return to the previous screen without saving. Apply Click this to save the certificate on the ZyXEL Device. Cancel Click this to clear your settings. 12.2.
Chapter 12 Certificates Table 68 My Certificate Create (continued) 190 LABEL DESCRIPTION Common Name Select a radio button to identify the certificate’s owner by IP address, domain name or e-mail address. Type the IP address (in dotted decimal notation), domain name or e-mail address in the field provided. The domain name or email address can be up to 31 ASCII characters. The domain name or e-mail address is for identification purposes only and can be any string.
Chapter 12 Certificates Table 68 My Certificate Create (continued) LABEL DESCRIPTION Request Authentication When you select Create a certification request and enroll for a certificate immediately online, the certification authority may want you to include a reference number and key to identify you when you send a certification request. Fill in both the Reference Number and the Key fields if your certification authority uses CMP enrollment protocol.
Chapter 12 Certificates Figure 111 My Certificate Details The following table describes the labels in this screen. Table 69 My Certificate Details 192 LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certificate. You may use any character (not including spaces). Property Default self-signed certificate which signs the imported remote host certificates.
Chapter 12 Certificates Table 69 My Certificate Details (continued) LABEL DESCRIPTION Certification Path Click the Refresh button to have this read-only text box display the hierarchy of certification authorities that validate the certificate (and the certificate itself). If the issuing certification authority is one that you have imported as a trusted certification authority, it may be the only certification authority in the list (along with the certificate itself).
Chapter 12 Certificates Table 69 My Certificate Details (continued) LABEL DESCRIPTION SHA1 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the SHA1 algorithm. Certificate in PEM (Base-64) Encoded Format This read-only text box displays the certificate or certification request in Privacy Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to convert the binary certificate into a printable form.
Chapter 12 Certificates The following table describes the labels in this screen. Table 70 Trusted CAs LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device’s PKI storage space that is currently in use. The bar turns from blue to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates. # This field displays the certificate index number.
Chapter 12 Certificates Figure 113 Trusted CA Import The following table describes the labels in this screen. Table 71 Trusted CA Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click this to find the certificate file you want to upload. Back Click this to return to the previous screen without saving. Apply Click this to save the certificate on the ZyXEL Device.
Chapter 12 Certificates Figure 114 Trusted CA Details The following table describes the labels in this screen. Table 72 Trusted CA Details LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Chapter 12 Certificates Table 72 Trusted CA Details (continued) 198 LABEL DESCRIPTION Certificate Path Click the Refresh button to have this read-only text box display the end entity’s certificate and a list of certification authority certificates that shows the hierarchy of certification authorities that validate the end entity’s certificate.
Chapter 12 Certificates Table 72 Trusted CA Details (continued) LABEL DESCRIPTION CRL Distribution Points This field displays how many directory servers with Lists of revoked certificates the issuing certification authority of this certificate makes available. This field also displays the domain names or IP addresses of the servers. MD5 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the MD5 algorithm.
Chapter 12 Certificates Figure 115 Trusted Remote Hosts The following table describes the labels in this screen. Table 73 Trusted Remote Hosts 200 LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device’s PKI storage space that is currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
Chapter 12 Certificates 12.4.1 Trusted Remote Hosts Import Click Security > Certificates > Trusted Remote Hosts to open the Trusted Remote Hosts screen and then click Import to open the Trusted Remote Host Import screen. Follow the instructions in this screen to save a trusted host’s certificate to the ZyXEL Device. " The trusted remote host certificate must be a self-signed certificate; and you must remove any spaces from its filename before you can import it.
Chapter 12 Certificates Figure 117 Trusted Remote Host Details The following table describes the labels in this screen. Table 75 Trusted Remote Host Details 202 LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Chapter 12 Certificates Table 75 Trusted Remote Host Details (continued) LABEL DESCRIPTION Version This field displays the X.509 version number. Serial Number This field displays the certificate’s identification number given by the device that created the certificate. Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C).
Chapter 12 Certificates Table 75 Trusted Remote Host Details (continued) LABEL DESCRIPTION Apply Click this to save your changes. You can only change the name of the certificate. Cancel Click this to restore your previously saved settings. 12.5 The Directory Servers Screens This screen displays a summary list of directory servers (that contain lists of valid and revoked certificates) that have been saved into the ZyXEL Device.
Chapter 12 Certificates Table 76 Directory Servers LABEL DESCRIPTION Modify Click the Edit icon to open a screen where you can change the information about the directory server. Click the Remove icon to remove the directory server entry. A window displays asking you to confirm that you want to delete the directory server. Note that subsequent certificates move up by one when you take this action.
Chapter 12 Certificates Table 77 Directory Server Add and Edit (continued) LABEL DESCRIPTION Login The ZyXEL Device may need to authenticate itself in order to assess the directory server. Type the login name (up to 31 ASCII characters) from the entity maintaining the directory server (usually a certification authority). Password Type the password (up to 31 ASCII characters) from the entity maintaining the directory server (usually a certification authority).
Chapter 12 Certificates • Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys. Self-signed Certificates You can have the ZyXEL Device act as a certification authority and sign its own certificates. 12.6.2 Private-Public Certificates When using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available. The other key is private and must be kept secure.
Chapter 12 Certificates Figure 120 Remote Host Certificates 3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 121 Certificate Details 4 Verify (over the phone for example) that the remote host has the same information in the Thumbprint Algorithm and Thumbprint fields.
P ART V Advanced Static Route (211) 802.
CHAPTER 13 Static Route 13.1 Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the ZyXEL Device’s LAN interface. The ZyXEL Device routes most traffic from A to the Internet through the ZyXEL Device’s default gateway (R1).
Chapter 13 Static Route 13.2 The Static Route Screen Use this screen to view the static route rules. Click Advanced > Static Route to open the Static Route screen. Figure 123 Advanced > Static Route The following table describes the labels in this screen. Table 78 Advanced > Static Route 212 LABEL DESCRIPTION # This is the number of an individual static route. Active This field indicates whether the rule is active or not. Clear the check box to disable the rule. Select the check box to enable it.
Chapter 13 Static Route 13.2.1 Static Route Edit Use this screen to configure the required information for a static route. Select a static route index number and click Edit. The screen shown next appears. Figure 124 Advanced > Static Route: Edit The following table describes the labels in this screen. Table 79 Advanced > Static Route: Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route.
Chapter 13 Static Route 214 P-660HN-Fx User’s Guide
CHAPTER 14 802.1Q/1P 14.1 Overview This chapter describes how to configure the 802.1Q/1P settings. A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks. A VLAN group can be treated as an individual device. Each group can have its own rules about where and how to forward traffic. You can assign any ports on the ZyXEL Device to a VLAN group and configure the settings for the group.
Chapter 14 802.1Q/1P PVC A virtual circuit is a logical point-to-point circuit between customer sites. Permanent means that the circuit is preprogrammed by the carrier as a path through the network. It does not need to be set up or torn down for each session. Forwarding Tagged and Untagged Frames Each port on the device is capable of passing tagged or untagged frames. To forward a frame from an 802.1Q VLAN-aware device to an 802.
Chapter 14 802.1Q/1P 1 Click Advanced > 802.1Q/1P > Group Setting, and then click the Edit button to display the following screen. 2 In the Name field type VoIP to identify the group. 3 In the VLAN ID field type in 2 to identify the VLAN group. 4 Select PVC1 from the Default Gateway drop-down list box. 5 In the Control field, select Fixed for LAN1, LAN2 and PVC1 to be permanent members of the VLAN group. 6 Click Apply. Figure 127 Advanced > 802.
Chapter 14 802.1Q/1P Figure 128 Advanced > 802.1Q/1P > Port Setting: Example Ports 3 and 4 are connected to desktop computers and are used for Internet traffic. You want to create low priority for this type of traffic, so you want to group these ports and PVC2 into one VLAN (VLAN3). PVC2 priority is set to low level of service. SSID1 and SSID2 are two wireless networks. You want to create medium priority for this type of traffic, so you want to group these ports and PVC3 into one VLAN (VLAN4).
Chapter 14 802.1Q/1P Figure 129 Advanced > 802.1Q/1P > Group Setting: Example This completes the 802.1Q/1P setup. 14.2 The 802.1Q/1P Group Setting Screen Use this screen to activate 802.1Q/1P and display the VLAN groups. Click Advanced > 802.1Q/1P to display the following screen.
Chapter 14 802.1Q/1P Figure 130 Advanced > 802.1Q/1P > Group Setting The following table describes the labels in this screen. Table 80 Advanced > 802.1Q/1P > Group Setting LABEL DESCRIPTION 802.1P/1Q Active Select this check box to activate the 802.1P/1Q feature. Management Vlan ID Enter the ID number of a VLAN group. All interfaces (ports, SSIDs and PVCs) are in the management VLAN by default. If you disable the management VLAN, you will not be able to access the ZyXEL Device.
Chapter 14 802.1Q/1P Table 80 Advanced > 802.1Q/1P > Group Setting (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 14.2.1 Editing 802.1Q/1P Group Setting Use this screen to configure the settings for each VLAN group. In the 802.1Q/1P screen, click the Edit button from the Modify filed to display the following screen. Figure 131 Advanced > 802.
Chapter 14 802.1Q/1P Table 81 Advanced > 802.1Q/1P > Group Setting > Edit (continued) LABEL DESCRIPTION Tx Tag Select Tx Tagging if you want the port to tag all outgoing traffic trasmitted through this VLAN. You select this if you want to create VLANs across different devices and not just the ZyXEL Device. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 14.3 The 802.
Chapter 14 802.1Q/1P Table 82 Advanced > 802.1Q/1P > Port Setting (continued) LABEL DESCRIPTION 802.1P Priority Assign a priority for the traffic transmitted through the port. Select Same if you do not want to modify the priority. You may choose a priority level from 0-7, with 0 being the lowest level and 7 being the highest level. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings.
Chapter 14 802.
CHAPTER 15 Quality of Service (QoS) 15.1 Overview Use the QoS screens to set up your ZyXEL Device to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth. QoS allows the ZyXEL Device to group and prioritize application traffic and fine-tune network performance. Without QoS, all traffic data are equally likely to be dropped when the network is congested.
Chapter 15 Quality of Service (QoS) CoS technologies include IEEE 802.1p layer 2 tagging and Differentiated Services (DiffServ or DS). IEEE 802.1p tagging makes use of three bits in the packet header, while DiffServ is a new protocol and defines a new DS field, which replaces the eight-bit Type of Service (ToS) field in the IP header. Tagging and Marking In a QoS class, you can configure whether to add or change the DiffServ Code Point (DSCP) value, IEEE 802.
Chapter 15 Quality of Service (QoS) Figure 134 QoS Class Example: VoIP -1 Figure 135 QoS Class Example: VoIP -2 P-660HN-Fx User’s Guide 227
Chapter 15 Quality of Service (QoS) Figure 136 QoS Class Example: Boss -1 Figure 137 QoS Class Example: Boss -2 228 P-660HN-Fx User’s Guide
Chapter 15 Quality of Service (QoS) 15.2 The QoS General Screen Use this screen to enable or disable QoS and have the ZyXEL Device automatically assign priority to traffic according to the IEEE 802.1p priority level, IP precedence and/or packet length. Click Advanced > QoS to open the screen as shown next. Figure 138 Advanced > QoS > General The following table describes the labels in this screen.
Chapter 15 Quality of Service (QoS) 15.3 The Class Setup Screen Use this screen to add, edit or delete classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming interface. For example, you can configure a classifier to select traffic from the same protocol port (such as Telnet) to form a flow. Click Advanced > QoS > Class Setup to open the following screen.
Chapter 15 Quality of Service (QoS) Figure 140 Advanced > QoS > Class Setup: Edit P-660HN-Fx User’s Guide 231
Chapter 15 Quality of Service (QoS) See Appendix E on page 371 for a list of commonly-used services. The following table describes the labels in this screen. Table 85 Advanced > QoS > Class Setup: Edit LABEL DESCRIPTION Class Configuration Active Select the check box to enable this classifier. Name The text may consist of up to 20 letters, numerals and any printable character found on a typical English language keyboard. Interface Select from which interface traffic of this class should come.
Chapter 15 Quality of Service (QoS) Table 85 Advanced > QoS > Class Setup: Edit (continued) LABEL DESCRIPTION Port Select the check box and enter the port number of the source. 0 means any source port number. See Appendix E on page 371 for some common services and port numbers. MAC Select the check box and enter the source MAC address of the packet. MAC Mask Type the mask for the specified MAC address to determine which bits a packet’s MAC address should match.
Chapter 15 Quality of Service (QoS) Table 85 Advanced > QoS > Class Setup: Edit (continued) LABEL DESCRIPTION Ethernet Priority Select this option and select a priority level (between 0 and 7) from the drop down list box. "0" is the lowest priority level and "7" is the highest. VLAN ID Select this option and specify a VLAN ID number between 2 and 4094. Physical Port Select this option and select a LAN port. Remote Node Select this option and select a remote node from the drop down list box.
Chapter 15 Quality of Service (QoS) Table 86 Advanced > QoS > Monitor (continued) LABEL DESCRIPTION Set Interval Click this to apply the new poll interval you entered in the Poll Interval(s) field. Stop Click this to stop refreshing statistics. 15.5 QoS Technical Reference This section provides some technical background information about the topics covered in this chapter. 15.5.1 IEEE 802.1Q Tag The IEEE 802.
Chapter 15 Quality of Service (QoS) 15.5.3 DiffServ QoS is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types. Differentiated Services (DiffServ) is a Class of Service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow.
Chapter 15 Quality of Service (QoS) Table 88 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3 PRIORITY QUEUE IEEE 802.
Chapter 15 Quality of Service (QoS) 238 P-660HN-Fx User’s Guide
CHAPTER 16 Dynamic DNS Setup 16.1 Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Chapter 16 Dynamic DNS Setup Figure 142 Advanced > Dynamic DNS The following table describes the fields in this screen. Table 89 Advanced > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
Chapter 16 Dynamic DNS Setup Table 89 Advanced > Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS server auto detect IP Address Select this option only when there are one or more NAT routers between the ZyXEL Device and the DDNS server. This feature has the DDNS server automatically detect and use the IP address of the NAT router that has a public IP address.
Chapter 16 Dynamic DNS Setup 242 P-660HN-Fx User’s Guide
CHAPTER 17 Remote Management 17.1 Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. The following figure shows remote management of the ZyXEL Device coming in from the WAN. Figure 143 Remote Management From the WAN LAN WAN HTTP Telnet " When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Chapter 17 Remote Management 1 Telnet 2 HTTP 17.1.1 What You Can Do in the Remote Management Screens • Use the WWW screen (Section 17.2 on page 245) to configure through which interface(s) and from which IP address(es) users can use HTTP to manage the ZyXEL Device. • Use the Telnet screen (Section 17.3 on page 247) to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the ZyXEL Device. • Use the FTP screen (Section 17.
Chapter 17 Remote Management 17.2 The WWW Screen Use this screen to specify how to connect to the ZyXEL Device from a web browser, such as Internet Explorer. 17.2.1 WWW and HTTPS HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages.
Chapter 17 Remote Management 17.2.2 Configuring the WWW Screen Click Advanced > Remote MGMT to display the WWW screen. Figure 145 Advanced > Remote Management > WWW The following table describes the labels in this screen. Table 90 Advanced > Remote Management > WWW LABEL DESCRIPTION WWW Port You may change the server port number for a service, if needed. However, you must use the same port number in order to use that service for remote management.
Chapter 17 Remote Management Table 90 Advanced > Remote Management > WWW LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service. Apply Click this to save your changes.
Chapter 17 Remote Management 17.4 The FTP Screen You can use FTP (File Transfer Protocol) to upload and download the ZyXEL Device’s firmware and configuration files. Please see the User’s Guide chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client. Use this screen to specify which interfaces allow FTP access and from which IP address the access can come. To change your ZyXEL Device’s FTP settings, click Advanced > Remote MGMT > FTP.
Chapter 17 Remote Management " SNMP is only available if TCP/IP is configured. Figure 148 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
Chapter 17 Remote Management 17.5.1 Supported MIBs The ZyXEL Device supports MIB II, which is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 17.5.2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 93 SNMP Traps TRAP # TRAP NAME DESCRIPTION 0 coldStart (defined in RFC-1215) A trap is sent after booting (power on).
Chapter 17 Remote Management Figure 149 Advanced > Remote Management > SNMP The following table describes the labels in this screen. Table 94 Advanced > Remote Management > SNMP LABEL DESCRIPTION SNMP Port You may change the server port number for a service, if needed. However, you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 17 Remote Management 17.6 The DNS Screen Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 6 on page 89 for background information. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS settings. This feature is not available when the ZyXEL Device is set to bridge mode.
Chapter 17 Remote Management " If you want your device to respond to pings and requests for unauthorized services, you may also need to configure the firewall anti probing settings to match. Figure 151 Advanced > Remote Management > ICMP The following table describes the labels in this screen. Table 96 Advanced > Remote Management > ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet.
Chapter 17 Remote Management 254 P-660HN-Fx User’s Guide
CHAPTER 18 Universal Plug-and-Play (UPnP) 18.1 Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use. 18.1.
Chapter 18 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC).
Chapter 18 Universal Plug-and-Play (UPnP) Table 97 Advanced > UPnP > General LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 18.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel. Double-click Add/Remove Programs.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 154 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Chapter 18 Universal Plug-and-Play (UPnP) Figure 156 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 157 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Chapter 18 Universal Plug-and-Play (UPnP) 18.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 159 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 160 Internet Connection Properties: Advanced Settings Figure 161 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 162 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 163 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 164 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays.
Chapter 18 Universal Plug-and-Play (UPnP) Figure 165 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device.
Chapter 18 Universal Plug-and-Play (UPnP) 266 P-660HN-Fx User’s Guide
P ART VI Maintenance System Settings (269) Logs (275) Tools (287) Diagnostic (299) 267
CHAPTER 19 System Settings 19.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 19.1.1 What You Can Do in the System Settings Screens • Use the General screen (Section 19.2 on page 269) to configure system settings. • Use the Time Setting screen (Section 19.3 on page 271) to set the system time. 19.1.
Chapter 19 System Settings • In Windows XP, click start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the ZyXEL Device System Name. Click Maintenance > System to open the General screen. Figure 167 Maintenance > System > General The following table describes the labels in this screen.
Chapter 19 System Settings Table 98 Maintenance > System > General LABEL Retype to confirm DESCRIPTION Type the new password again for confirmation. Admin Password Old Password Type the default password or the existing password you use to access the system in this field. New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the ZyXEL Device.
Chapter 19 System Settings The following table describes the fields in this screen. Table 99 Maintenance > System > Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server. Current Date This field displays the date of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the date with the time server.
Chapter 19 System Settings Table 99 Maintenance > System > Time Setting (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the second Sunday of March. Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time.
Chapter 19 System Settings 274 P-660HN-Fx User’s Guide
CHAPTER 20 Logs 20.1 Overview This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server. 20.1.1 What You Can Do in the Log Screens • Use the View Log screen (Section 20.
Chapter 20 Logs Figure 169 Maintenance > Logs > View Log The following table describes the fields in this screen. Table 100 Maintenance > Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.
Chapter 20 Logs Figure 170 Maintenance > Logs > Log Settings The following table describes the fields in this screen. Table 101 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via E-mail.
Chapter 20 Logs Table 101 Maintenance > Logs > Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full • None. If you select Weekly or Daily, specify a time of day when the E-mail should be sent. If you select Weekly, then also specify which day of the week the E-mail should be sent. If you select When Log is Full, an alert is sent when the log fills up.
Chapter 20 Logs 20.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail. • You may edit the subject title. • "End of Log" message shows that a complete log has been sent. Figure 171 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.
Chapter 20 Logs Table 103 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION TELNET login failed Someone has failed to log on to the router via telnet. Successful FTP login Someone has logged on to the router via ftp. FTP login failed Someone has failed to log on to the router via ftp. NAT Session Table is Full! The maximum number of NAT session table entries has been exceeded and the table is full. Starting Connectivity Monitor Starting Connectivity Monitor.
Chapter 20 Logs Table 105 Access Control Logs LOG MESSAGE DESCRIPTION Firewall default policy: [ TCP | UDP | IGMP | ESP | GRE | OSPF ] Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access matched the default policy and was blocked or forwarded according to the default policy’s setting.
Chapter 20 Logs Table 107 Packet Filter Logs LOG MESSAGE DESCRIPTION [ TCP | UDP | ICMP | IGMP | Generic ] packet filter matched (set: %d, rule: %d) Attempted access matched a configured filter rule (denoted by its set and rule number) and was blocked or forwarded according to the rule. For type and code details, see Table 116 on page 285.
Chapter 20 Logs Table 110 PPP Logs (continued) LOG MESSAGE DESCRIPTION ppp:IPCP Starting The PPP connection’s Internet Protocol Control Protocol stage is starting. ppp:IPCP Opening The PPP connection’s Internet Protocol Control Protocol stage is opening. ppp:LCP Closing The PPP connection’s Link Control Protocol stage is closing. ppp:IPCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing.
Chapter 20 Logs Table 113 Attack Logs (continued) LOG MESSAGE DESCRIPTION NetBIOS TCP The firewall detected a TCP NetBIOS attack. ip spoofing - no routing entry [ TCP | UDP | IGMP | ESP | GRE | OSPF ] The firewall classified a packet with no source routing entry as an IP spoofing attack. ip spoofing - no routing entry ICMP (type:%d, code:%d) The firewall classified an ICMP packet with no source routing entry as an IP spoofing attack.
Chapter 20 Logs Table 116 ICMP Notes TYPE CODE DESCRIPTION Echo Reply 0 0 Echo reply message Destination Unreachable 3 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) 5 Source route failed Source Quench 4 0 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the desti
Chapter 20 Logs Table 117 Syslog Logs LOG MESSAGE DESCRIPTION Mon dd hr:mm:ss hostname src="" dst="" msg="" note="" devID="" cat=" "This message is sent by the system ("RAS" displays as the system name if you haven’t configured one) when the router generates a syslog. The facility is defined in the web MAIN MENU->LOGS->Log Settings page. The severity is the log’s syslog class.
CHAPTER 21 Tools 21.1 Overview This chapter explains how to upload new firmware, manage configuration files and restart your ZyXEL Device. Use the instructions in this chapter to change the device’s configuration file or upgrade its firmware. After you configure your device, you can backup the configuration file to a computer. That way if you later misconfigure the device, you can upload the backed up configuration file to return to your previous settings.
Chapter 21 Tools ZyNOS (ZyXEL Network Operating System sometimes referred to as the “ras” file) is the system firmware and has a “bin” filename extension. Find this firmware at www.zyxel.com.With many FTP and TFTP clients, the filenames are similar to those seen next. ftp> put firmware.bin ras This is a sample FTP session showing the transfer of the computer file "firmware.bin" to the ZyXEL Device. ftp> get rom-0 config.
Chapter 21 Tools 21.1.4 Tool Examples Using FTP or TFTP to Restore Configuration This example shows you how to restore a previously saved configuration. Note that this function erases the current configuration before restoring a previous back up configuration; please do not attempt to restore unless you have a backup configuration file stored on disk. FTP is the preferred method for restoring your current computer configuration to your device since FTP is faster.
Chapter 21 Tools 2 3 4 5 6 Enter “open”, followed by a space and the IP address of your device. Press [ENTER] when prompted for a username. Enter your password as requested (the default is “1234”). Enter “bin” to set transfer mode to binary. Use “put” to transfer files from the computer to the device, for example, “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the device and renames it “ras”. Similarly, “put config.
Chapter 21 Tools 4 Use the TFTP client (see the example below) to transfer files between the device and the computer. The file name for the firmware is “ras”. Note that the telnet connection must be active and the device in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program.
Chapter 21 Tools Configuration Backup Using GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 120 General Commands for GUI-based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server. Login Type Anonymous. This is when a user I.D. and password is automatically supplied to the server for anonymous access. Anonymous logins will work only if your ISP or service administrator has enabled this option.
Chapter 21 Tools Configuration Backup Using GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 121 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyXEL Device. 192.168.1.1 is the ZyXEL Device’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the ZyXEL Device and “Fetch” to back up the file on your computer.
Chapter 21 Tools The following table describes the labels in this screen. Table 122 Maintenance > Tools > Firmware LABEL DESCRIPTION Current Firmware Version This is the present Firmware version and the date created. File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click this to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them.
Chapter 21 Tools Figure 178 Error Message 21.3 The Configuration Screen See Section 21.1.4 on page 289 for transferring configuration files using FTP/TFTP commands. Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Chapter 21 Tools Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 123 Restore Configuration 1 LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click this to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 21 Tools Figure 182 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears. Figure 183 Reset Warning Message Figure 184 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to Section 1.6 on page 36 for more information on the RESET button. 21.
Chapter 21 Tools Figure 185 Maintenance > Tools >Restart 298 P-660HN-Fx User’s Guide
CHAPTER 22 Diagnostic 22.1 Overview These read-only screens display information to help you identify problems with the ZyXEL Device. 22.1.1 What You Can Do in the Diagnostic Screens • Use the General Diagnostic screen (Section 22.2 on page 299) to ping an IP address. • Use the DSL Line Diagnostic screen (Section 22.3 on page 300) to view the DSL line statistics and reset the ADSL line. 22.2 The General Diagnostic Screen Use this screen to ping an IP address.
Chapter 22 Diagnostic The following table describes the fields in this screen. Table 124 Maintenance > Diagnostic > General LABEL DESCRIPTION TCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection. Ping Click this to ping the IP address that you entered. 22.3 The DSL Line Diagnostic Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next.
Chapter 22 Diagnostic The following table describes the fields in this screen. Table 125 Maintenance > Diagnostic > DSL Line LABEL DESCRIPTION ATM Status Click this to view your DSL connection’s Asynchronous Transfer Mode (ATM) statistics. ATM is a networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells. With ATM, a high QoS (Quality of Service) can be guaranteed. The (Segmentation and Reassembly) SAR driver translates packets into ATM cells.
Chapter 22 Diagnostic Table 125 Maintenance > Diagnostic > DSL Line (continued) LABEL DESCRIPTION Reset ADSL Line Click this to reinitialize the ADSL line. The large text box above then displays the progress and results of this operation, for example: "Start to reset ADSL Loading ADSL modem F/W...
P ART VII Troubleshooting and Specifications Product Specifications (305) Troubleshooting (313) 303
CHAPTER 23 Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. 23.
Chapter 23 Product Specifications Table 127 Firmware Specifications (continued) Static Routes 16 Device Management Use the web configurator to easily configure the rich range of features on the ZyXEL Device. Wireless Functionality (wireless devices only) Allow the IEEE 802.11b, IEEE 802.11g and/or IEEE 802.11n wireless clients to connect to the ZyXEL Device wirelessly. Enable wireless security (WEP, WPA(2), WPA(2)-PSK) and/or MAC filtering to protect your wireless network.
Chapter 23 Product Specifications Table 127 Firmware Specifications (continued) Any IP The Any IP feature allows a computer to access the Internet and the ZyXEL Device without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of the computer and the ZyXEL Device are not in the same subnet. PPPoE Support (RFC2516) PPPoE (Point-to-Point Protocol over Ethernet) emulates a dial-up connection.
Chapter 23 Product Specifications Table 127 Firmware Specifications (continued) Other Protocol Support PPP (Point-to-Point Protocol) link layer protocol IP routing Transparent bridging for unsupported network layer protocols RIP I/RIP II ICMP ATM QoS SNMP v1 and v2c with MIB II support (RFC 1213) IP Multicasting IGMP v1, v2 and v3 IGMP Proxy 802.
Chapter 23 Product Specifications Table 128 Wireless Features WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) allows you to prioritize wireless traffic according to the delivery requirements of individual services. Other Wireless Features IEEE 802.11n Compliance Frequency Range: 2.4 GHz ISM Band Auto channel selection Advanced Orthogonal Frequency Division Multiplexing (OFDM) Data Rates: 54Mbps, 11Mbps, 5.5Mbps, 2Mbps, and 1 Mbps Auto Fallback WPA2 WMM IEEE 802.11i IEEE 802.
Chapter 23 Product Specifications Table 129 Standards Supported (continued) STANDARD DESCRIPTION IEEE 802.11 Also known by the brand Wi-Fi, denotes a set of Wireless LAN/WLAN standards developed by working group 11 of the IEEE LAN/MAN Standards Committee (IEEE 802). IEEE 802.11b Uses the 2.4 gigahertz (GHz) band IEEE 802.11g Uses the 2.4 gigahertz (GHz) band IEEE 802.11g+ Turbo and Super G modes IEEE 802.
Chapter 23 Product Specifications Table 130 ZyXEL Device Series Power Adaptor Specifications (continued) Output Power DC 12Volts/1.0A Power Consumption 8.
Chapter 23 Product Specifications 312 P-660HN-Fx User’s Guide
CHAPTER 24 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access 24.1 Power, Hardware Connections, and LEDs V The ZyXEL Device does not turn on. None of the LEDs turn on. 1 Make sure the ZyXEL Device is turned on. 2 Make sure you are using the power adaptor or cord included with the ZyXEL Device.
Chapter 24 Troubleshooting 24.2 ZyXEL Device Access and Login V I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Chapter 24 Troubleshooting 5 Reset the device to its factory defaults, and try to access the ZyXEL Device with the default IP address. See Section 1.6 on page 36. 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the ZyXEL Device using another service, such as Telnet.
Chapter 24 Troubleshooting 24.3 Internet Access V I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page 35. 2 Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on.
P ART VIII Appendices and Index " The appendices provide general information. Some details may not apply to your ZyXEL Device.
APPENDIX A Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP/Vista, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
Appendix A Setting up Your Computer’s IP Address Figure 188 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK.
Appendix A Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 189 Windows 95/98/Me: TCP/IP Properties: IP Address 3 Click the DNS Configuration tab.
Appendix A Setting up Your Computer’s IP Address Figure 190 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted.
Appendix A Setting up Your Computer’s IP Address Figure 191 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 192 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Appendix A Setting up Your Computer’s IP Address Figure 193 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 194 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically.
Appendix A Setting up Your Computer’s IP Address Figure 195 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add. • In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
Appendix A Setting up Your Computer’s IP Address Figure 196 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Appendix A Setting up Your Computer’s IP Address Figure 197 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted).
Appendix A Setting up Your Computer’s IP Address Figure 198 Windows Vista: Start Menu 2 In the Control Panel, double-click Network and Internet. Figure 199 Windows Vista: Control Panel 3 Click Network and Sharing Center. Figure 200 Windows Vista: Network And Internet 4 Click Manage network connections.
Appendix A Setting up Your Computer’s IP Address 5 Right-click Local Area Connection and then click Properties. " During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 202 Windows Vista: Network and Sharing Center 6 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Appendix A Setting up Your Computer’s IP Address 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced.
Appendix A Setting up Your Computer’s IP Address Figure 205 Windows Vista: Advanced TCP/IP Properties 9 In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Appendix A Setting up Your Computer’s IP Address Figure 206 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window. 11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window. 13 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt.
Appendix A Setting up Your Computer’s IP Address Figure 207 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 208 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually.
Appendix A Setting up Your Computer’s IP Address • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window.
Appendix A Setting up Your Computer’s IP Address Figure 210 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and restart your computer (if prompted).
Appendix A Setting up Your Computer’s IP Address " Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 211 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure.
Appendix A Setting up Your Computer’s IP Address • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields. 3 Click OK to save the changes and close the Ethernet Device General screen. 4 If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen.
Appendix A Setting up Your Computer’s IP Address Figure 215 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Appendix A Setting up Your Computer’s IP Address Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 219 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.
Appendix A Setting up Your Computer’s IP Address 340 P-660HN-Fx User’s Guide
APPENDIX B Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). " Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 221 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 222 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 224 Internet Options: Security 2 3 4 5 6 344 Click the Custom Level... button. Scroll down to Scripting.
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 225 Security Settings - Java Scripting Java Permissions 1 2 3 4 5 From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window.
Appendix B Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix B Pop-up Windows, JavaScripts and Java Permissions Figure 228 Mozilla Firefox: Tools > Options Click Content.to show the screen below. Select the check boxes as shown in the following screen.
Appendix B Pop-up Windows, JavaScripts and Java Permissions 348 P-660HN-Fx User’s Guide
APPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix C IP Addresses and Subnetting Figure 230 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “subnetwork”. A subnet mask has 32 bits.
Appendix C IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 132 Subnet Masks BINARY DECIMAL 1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET 8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0 16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0 24-bit mask 11111111 11111111 11111111 00000000 255.255.255.
Appendix C IP Addresses and Subnetting Table 134 Alternative Subnet Mask Notation (continued) SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.192 /26 1100 0000 192 255.255.255.224 /27 1110 0000 224 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub-networks.
Appendix C IP Addresses and Subnetting Figure 232 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address.
Appendix C IP Addresses and Subnetting Table 136 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 Table 137 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1.
Appendix C IP Addresses and Subnetting Table 139 Eight Subnets (continued) SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 140 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.
Appendix C IP Addresses and Subnetting Table 141 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 14 255.255.255.252 (/30) 16384 2 15 255.255.255.254 (/31) 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
APPENDIX D Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix D Wireless LANs Figure 234 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix D Wireless LANs Figure 235 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Appendix D Wireless LANs Figure 236 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
Appendix D Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet.
Appendix D Wireless LANs Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
Appendix D Wireless LANs Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Appendix D Wireless LANs For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client.
Appendix D Wireless LANs Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen.
Appendix D Wireless LANs Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP. TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server.
Appendix D Wireless LANs Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it.
Appendix D Wireless LANs 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them.
Appendix D Wireless LANs Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.
Appendix D Wireless LANs Positioning Antennas In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For omni-directional antennas mounted on a wall or ceiling, point the antenna down.
APPENDIX E Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.
Appendix E Services Table 146 Examples of Services (continued) 372 NAME PROTOCOL PORT(S) DESCRIPTION H.323 TCP 1720 NetMeeting uses this protocol. HTTP TCP 80 Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce. ICMP User-Defined 1 Internet Control Message Protocol is often used for diagnostic purposes. ICQ UDP 4000 This is a popular Internet chat program.
Appendix E Services Table 146 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION PPTP_TUNNEL (GRE) User-Defined 47 PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel. RCMD TCP 512 Remote Command Service. REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web. REXEC TCP 514 Remote Execution Daemon. RLOGIN TCP 513 Remote Login.
Appendix E Services Table 146 Examples of Services (continued) 374 NAME PROTOCOL PORT(S) DESCRIPTION TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE TCP UDP 7000 userdefined A videoconferencing solution. The UDP port number is specified in the application.
APPENDIX F Internal SPTGEN Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual screens for each ZyXEL Device.
Appendix F Internal SPTGEN Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space. Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 239 on page 375), then you disable every field in this menu.
Appendix F Internal SPTGEN Figure 242 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) " You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your ZyXEL Device.
Appendix F Internal SPTGEN Table 147 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING PVA Parameter Values Allowed INPUT An example of what you may enter * Applies to the ZyXEL Device. The following are the Internal SPTGEN menus.
Appendix F Internal SPTGEN Table 149 Menu 3 30200002 = Client IP Pool Starting Address = 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.0.0.0 30200005 = Secondary DNS Server = 0.0.0.0 30200006 = Remote DHCP Server = 0.0.0.0 30200008 = IP Address = 172.21.2.
Appendix F Internal SPTGEN Table 149 Menu 3 30201011 = IP Alias #1 Outgoing protocol filters Set 2 = 256 30201012 = IP Alias #1 Outgoing protocol filters Set 3 = 256 30201013 = IP Alias #1 Outgoing protocol filters Set 4 = 256 30201014 = IP Alias 2 <0(No) | 1(Yes)> = 0 30201015 = IP Address = 0.0.0.
Appendix F Internal SPTGEN Table 149 Menu 3 30500007 = Default Key <1|2|3|4> = 0 30500008 = WEP Key1 = 30500009 = WEP Key2 = 30500010 = WEP Key3 = 30500011 = WEP Key4 = 30500012 = Wlan Active <0(Disable) | 1(Enable)> = 0 */ MENU 3.5.
Appendix F Internal SPTGEN Table 150 Menu 4 Internet Access Setup (continued) 382 40000006 = VPI # = 0 40000007 = VCI # 40000008 = Service Name = any 40000009 = My Login = test@pqa 40000010 = My Password = 1234 40000011 = Single User Account <0(No) | 1(Yes)> = 1 40000012 = IP Address Assignment <0(Static)|1( Dynamic)> = 1 40000013 = IP Address = 0.0.0.0 40000014 = Remote IP address = 0.0.0.
Appendix F Internal SPTGEN Table 151 Menu 12 / Menu 12.1.1 IP Static Route Setup FIN FN PVA INPUT 120101001 = IP Static Route set #1, Name = 120101002 = IP Static Route set #1, Active <0(No) |1(Yes)> = 0 120101003 = IP Static Route set #1, Destination IP address = 0.0.0.0 120101004 = IP Static Route set #1, Destination IP subnetmask = 0 120101005 = IP Static Route set #1, Gateway = 0.0.0.
Appendix F Internal SPTGEN Table 151 Menu 12 (continued) 120104005 = IP Static Route set #4, Gateway 120104006 = IP Static Route set #4, Metric 120104007 = IP Static Route set #4, Private = 0.0.0.0 = 0 <0(No) |1(Yes)> = 0 PVA INPUT / Menu 12.1.5 IP Static Route Setup FIN FN 120105001 = IP Static Route set #5, Name = 120105002 = IP Static Route set #5, Active <0(No) |1(Yes)> = 0 120105003 = IP Static Route set #5, Destination IP address = 0.0.0.
Appendix F Internal SPTGEN Table 151 Menu 12 (continued) 120108004 = IP Static Route set #8, Destination IP subnetmask = 0 120108005 = IP Static Route set #8, Gateway = 0.0.0.0 120108006 = IP Static Route set #8, Metric = 0 120108007 = IP Static Route set #8, Private <0(No) |1(Yes)> = 0 */ Menu 12.1.
Appendix F Internal SPTGEN Table 151 Menu 12 (continued) 120112003 = IP Static Route set #12, Destination IP address = 0.0.0.0 120112004 = IP Static Route set #12, Destination IP subnetmask = 0 120112005 = IP Static Route set #12, Gateway = 0.0.0.0 120112006 = IP Static Route set #12, Metric = 0 120112007 = IP Static Route set #12, Private <0(No) |1(Yes)> = 0 */ Menu 12.1.
Appendix F Internal SPTGEN Table 151 Menu 12 (continued) 120116001 = IP Static Route set #16, Name = 120116002 = IP Static Route set #16, Active <0(No) |1(Yes)> = 0 120116003 = IP Static Route set #16, Destination IP address = 0.0.0.0 120116004 = IP Static Route set #16, Destination IP subnetmask = 0 120116005 = IP Static Route set #16, Gateway = 0.0.0.
Appendix F Internal SPTGEN Table 152 Menu 15 SUA Server Setup (continued) 388 150000023 = SUA Server #6 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000024 = SUA Server #6 Port Start = 0 150000025 = SUA Server #6 Port End = 0 150000026 = SUA Server #6 Local IP address = 0.0.0.0 150000027 = SUA Server #7 Active <0(No) | 1(Yes)> = 0 150000028 = SUA Server #7 Protocol <0(All)|6(TCP)|17(U DP)> = 0.0.0.
Appendix F Internal SPTGEN Table 153 Menu 21.1 Filter Set #1 / Menu 21 Filter set #1 FIN FN PVA INPUT 210100001 = Filter Set 1, Name = / Menu 21.1.1.1 set #1, rule #1 FIN FN PVA INPUT 210101001 = IP Filter Set 1,Rule 1 Type <2(TCP/IP)> = 2 210101002 = IP Filter Set 1,Rule 1 Active <0(No)|1(Yes)> = 1 210101003 = IP Filter Set 1,Rule 1 Protocol = 6 210101004 = IP Filter Set 1,Rule 1 Dest IP address = 0.0.0.
Appendix F Internal SPTGEN Table 153 Menu 21.1 Filter Set #1 (continued) 210102009 = IP Filter Set 1,Rule 2 Src Subnet Mask = 0 210102010 = IP Filter Set 1,Rule 2 Src Port 210102011 = IP Filter Set 1,Rule 2 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0 210102013 = IP Filter Set 1,Rule 2 Act Match <1(check next)|2(forward)| 3(drop)> = 3 210102014 = IP Filter Set 1,Rule 2 Act Not Match <1(check next)|2(forward)| 3(drop)> = 1 = 0 / Menu 21.1.1.
Appendix F Internal SPTGEN Table 153 Menu 21.1 Filter Set #1 (continued) 210104005 = IP Filter Set 1,Rule 4 Dest Subnet Mask = 0 210104006 = IP Filter Set 1,Rule 4 Dest Port = 137 210104007 = IP Filter Set 1,Rule 4 Dest Port Comp 210104008 = IP Filter Set 1,Rule 4 Src IP address = 0.0.0.
Appendix F Internal SPTGEN Table 153 Menu 21.1 Filter Set #1 (continued) / Menu 21.1.1.6 set #1, rule #6 FIN FN PVA INPUT 210106001 = IP Filter Set 1,Rule 6 Type <2(TCP/IP)> = 2 210106002 = IP Filter Set 1,Rule 6 Active <0(No)|1(Yes)> = 1 210106003 = IP Filter Set 1,Rule 6 Protocol = 17 210106004 = IP Filter Set 1,Rule 6 Dest IP address = 0.0.0.
Appendix F Internal SPTGEN Table 154 Menu 21.1 Filer Set #2 (continued) 210201007 = IP Filter Set 2, Rule 1 Dest Port Comp <0(none)|1(equal)| 2(not equal)|3(less)|4(g reater)> = 1 210201008 = IP Filter Set 2, Rule 1 Src IP address = 0.0.0.
Appendix F Internal SPTGEN Table 154 Menu 21.1 Filer Set #2 (continued) 210202014 = IP Filter Set 2, Rule 2 Act Not Match <1(check next)|2(forward)|3 (drop)> = 1 / Menu 21.1.2.3 Filter set #2, rule #3 FIN FN PVA INPUT 210203001 = IP Filter Set 2, Rule 3 Type <0(none)|2(TCP/ IP)> = 2 210203002 = IP Filter Set 2, Rule 3 Active <0(No)|1(Yes)> = 1 210203003 = IP Filter Set 2, Rule 3 Protocol = 6 210203004 = IP Filter Set 2, Rule 3 Dest IP address = 0.0.0.
Appendix F Internal SPTGEN Table 154 Menu 21.1 Filer Set #2 (continued) 210204007 = IP Filter Set 2, Rule 4 Dest Port Comp <0(none)|1(equal)| 2(not equal)|3(less)|4(g reater)> = 1 210204008 = IP Filter Set 2, Rule 4 Src IP address = 0.0.0.
Appendix F Internal SPTGEN Table 154 Menu 21.1 Filer Set #2 (continued) 210205014 = IP Filter Set 2, Rule 5 Act Not Match <1(check next)|2(forward)|3 (drop)> = 1 / Menu 21.1.2.6 Filter set #2, rule #6 FIN FN PVA INPUT 210206001 = IP Filter Set 2, Rule 6 Type <0(none)|2(TCP/ IP)> = 2 210206002 = IP Filter Set 2, Rule 6 Active <0(No)|1(Yes)> = 1 210206003 = IP Filter Set 2, Rule 6 Protocol = 17 210206004 = IP Filter Set 2, Rule 6 Dest IP address = 0.0.0.
Appendix F Internal SPTGEN Table 155 Menu 23 System Menus (continued) FIN FN 230000000 = System Password PVA INPUT = 1234 Table 156 Menu 24.11 Remote Management Control / Menu 24.11 Remote Management Control FIN FN PVA INPUT 241100001 = TELNET Server Port 241100002 = TELNET Server Access 241100003 = TELNET Server Secured IP address = 0.0.0.
Appendix F Internal SPTGEN 398 P-660HN-Fx User’s Guide
APPENDIX G Legal Information Copyright Copyright © 2008 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix G Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna. 2 Increase the separation between the equipment and the receiver. 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Appendix G Legal Information 3 Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Appendix G Legal Information 402 P-660HN-Fx User’s Guide
APPENDIX H Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional offices are listed below (see also http:// www.zyxel.com/web/contact_us.php). Please have the following information ready when you contact an office. Required Information • • • • Product model and serial number. Warranty Information.
Appendix H Customer Support • Fax: +86-021-52069033 • Address: 1005F, ShengGao International Tower, No.137 XianXia Rd., Shanghai • Web: http://www.zyxel.cn Costa Rica • • • • • • Support E-mail: soporte@zyxel.co.cr Sales E-mail: sales@zyxel.co.cr Telephone: +506-2017878 Fax: +506-2015098 Web: www.zyxel.co.cr Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa Rica Czech Republic • • • • • E-mail: info@cz.zyxel.
Appendix H Customer Support Germany • • • • • • Support E-mail: support@zyxel.de Sales E-mail: sales@zyxel.de Telephone: +49-2405-6909-69 Fax: +49-2405-6909-99 Web: www.zyxel.de Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen, Germany Hungary • • • • • • Support E-mail: support@zyxel.hu Sales E-mail: info@zyxel.hu Telephone: +36-1-3361649 Fax: +36-1-3259100 Web: www.zyxel.hu Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str.
Appendix H Customer Support Malaysia • • • • • • Support E-mail: support@zyxel.com.my Sales E-mail: sales@zyxel.com.my Telephone: +603-8076-9933 Fax: +603-8076-9833 Web: http://www.zyxel.com.my Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • • • • • • • Support E-mail: support@zyxel.com Support Telephone: +1-800-978-7222 Sales E-mail: sales@zyxel.
Appendix H Customer Support Singapore • • • • • • Support E-mail: support@zyxel.com.sg Sales E-mail: sales@zyxel.com.sg Telephone: +65-6899-6678 Fax: +65-6899-8887 Web: http://www.zyxel.com.sg Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Singapore 609930 Spain • • • • • • Support E-mail: support@zyxel.es Sales E-mail: sales@zyxel.es Telephone: +34-902-195-420 Fax: +34-913-005-345 Web: www.zyxel.
Appendix H Customer Support Turkey • • • • • Support E-mail: cso@zyxel.com.tr Telephone: +90 212 222 55 22 Fax: +90-212-220-2526 Web: http:www.zyxel.com.tr Address: Kaptanpasa Mahallesi Piyalepasa Bulvari Ortadogu Plaza N:14/13 K:6 Okmeydani/Sisli Istanbul/Turkey Ukraine • • • • • • Support E-mail: support@ua.zyxel.com Sales E-mail: sales@ua.zyxel.com Telephone: +380-44-247-69-78 Fax: +380-44-494-49-32 Web: www.ua.zyxel.com Regular Mail: ZyXEL Ukraine, 13, Pimonenko Str.
Index Index Numerics 802.11 mode 108 802.1Q/1P 215 activation 219 example 216 group settings 221 management VLAN 220 port settings 222 priority 215, 223 PVC 216 PVID 222 tagging frames 215, 216, 222 A activation 802.
Index C CA 186, 190, 364 algorithm 198 CRL 199 enrollment protocols 190 property 197 trusted 194, 196 CBR 74, 80, 86 Certificate Authority See CA.
Index Denials of Service, see DoS DHCP 90, 94, 99, 269 diagnostic 299 Differentiated Services, see DiffServ DiffServ 236 DiffServ Code Point, see DSCP directory servers 204 configuration 205 LDAP 205 login 206 disclaimer 399 DNS 72, 90, 94, 99, 252 Domain Name System, see DNS DoS 152 three-way handshake 163 thresholds 152, 163, 164, 165 DSCP 232, 233, 236 DSL connections, status 301 dynamic DNS 239 activation 240 wildcard 239 activation 240 Dynamic Host Configuration Protocol, see DHCP dynamic WEP key exch
Index upgrading 289 version 46 forwarding ports 136, 137 activation 140 configuration 138 example 138 rules 139 fragmentation threshold 114, 123, 360 FTP 34, 248 backing up configuration 291 limitations 288 QoS 233 restoring configuration 289 upgrading firmware 289, 290 G generic filters 181, 183 activation 182 length 182 logs 183 mask 182 offset 182 H half-open sessions 165 hidden node 359 HTTPS 245, 246 HyperText Transfer Protocol, see HTTPS I IANA 356 Internet Assigned Numbers Authority see IANA IBSS
Index e-mail 277 error messages 278 example 279 firewalls 161 generic filters 183 protocol filters 181 schedules 278 settings 276 M MAC address 96, 115 filter 106, 108, 114, 124 MAC address filter activation 115 management VLAN 220 mapping address 140 rules 142 types 141, 142, 146 Maximum Burst Size, see MBS maximum incomplete 165 Maximum Transmission Unit, see MTU MBS 74, 80, 85 MBSSID 127 MD5 fingerprint 193, 199, 203 Message Integrity Check (MIC) 366 metric 82, 84 modifications, certificates 187 monito
Index port forwarding 136, 137 activation 140 configuration 138 example 138 rules 139 PPPoA 72, 77, 83 PPPoE 72, 77, 82 passthrough 74 preamble 114, 123 preamble mode 361 pre-shared key 111 Privacy Enhanced Mail, see PEM private IP address 100 probing, firewalls 152 product registration 401 property, certificates 192 protocol filters 178, 183 activation 179 logs 181 PSK 366 public-private key pairs 207 push button 36, 118 Push Button Configuration, see PBC push button, WPS 128 PVC 216 PVID 222 Q QoS 120,
Index content filtering 174 firewalls 161 logs 278 wireless LAN 121 SCR 74, 80, 85 security network 168 wireless LAN 108, 124 Service Set IDentifier, see SSID Session Initiation Protocol, see SIP setup 295 classifiers 230 DHCP 94 directory servers 205 firewalls 156, 159, 164 IP alias 97 logs 276 packet filtering 179, 182 port forwarding 138 SNMP 251 static route 213 WAN 70 wireless LAN 107 wizard 55 SHA1 fingerprint 194, 199, 203 shaping traffic 85 Simple Certificate Enrollment Protocol, see SCEP Simple Ne
Index CRL 195, 197, 199 exporting 199 importing 195 MD5 fingerprint 199 PEM 199 SHA1 fingerprint 199 U UBR 74, 80, 86 unicast 70 Universal Plug and Play, see UPnP upgrading firmware 289, 293 UPnP 255 activation 256 cautions 255 example 257 installation 257 NAT traversal 255 URL 171 V VBR 86 VBR-nRT 74, 80, 86 VBR-RT 74, 80, 86 VCI 72, 78, 83 Virtual Channel Identifier, see VCI Virtual Local Area Network, see VLAN Virtual Path Identifier, see VPI VLAN 215 802.
Index MBSSID 127 preamble 114, 123 QoS 120 activation 120 RADIUS server 125 RTS/CTS threshold 114, 123 scheduling 121 security 124 SSID 106, 108, 116, 124 activation 115 status 46 WDS 119, 127 activation 120 compatibility 119 encryption 120 example 128 WEP 109, 125 key 110 wizard 60 WPA 111, 126 authentication 113 reauthentication 112 WPA-PSK 110, 126 pre-shared key 111 WPS 117, 128, 130 activation 117 adding stations 118 example 131 limitations 133 PIN 117, 118, 129 push button 36, 118, 128 status 117 wir
Index 418 P-660HN-Fx User’s Guide
