P-660HW-T v2 802.11g Wireless ADSL 2+ 4-port Gateway User’s Guide Version 3.
P-660HW-T v2 User’s Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
P-660HW-T v2 User’s Guide Certifications Federal Communications Commission (FCC) Interference Statement The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.
P-660HW-T v2 User’s Guide 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現 有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。 前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍 受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003.
P-660HW-T v2 User’s Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device.
P-660HW-T v2 User’s Guide This product is recyclable. Dispose of it properly.
P-660HW-T v2 User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
P-660HW-T v2 User’s Guide Customer Support Please have the following information ready when you contact customer support. • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONE WEB SITE FAX FTP SITE REGULAR MAIL LOCATION CORPORATE HEADQUARTERS (WORLDWIDE) COSTA RICA CZECH REPUBLIC DENMARK FINLAND SALES E-MAIL support@zyxel.com.
P-660HW-T v2 User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE SALES E-MAIL FAX FTP SITE support@zyxel.no +47-22-80-61-80 www.zyxel.no sales@zyxel.no +47-22-80-61-81 ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway www.pl.zyxel.com ZyXEL Communications ul. Okrzei 1A 03-715 Warszawa Poland www.zyxel.ru ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279 Russia www.zyxel.es ZyXEL Communications Arte, 21 5ª planta 28033 Madrid Spain www.zyxel.
P-660HW-T v2 User’s Guide Table of Contents Copyright .................................................................................................................. 3 Certifications ............................................................................................................ 4 Safety Warnings ....................................................................................................... 6 ZyXEL Limited Warranty......................................................................
P-660HW-T v2 User’s Guide 2.4.6 Status: Packet Statistics ............................................................................51 2.4.7 Changing Login Password .......................................................................52 Chapter 3 Wizard Setup for Internet Access ......................................................................... 55 3.1 Introduction ........................................................................................................55 3.
P-660HW-T v2 User’s Guide 5.3.1 ATM Traffic Classes ..................................................................................80 5.3.1.1 Constant Bit Rate (CBR) .................................................................80 5.3.1.2 Variable Bit Rate (VBR) ...................................................................80 5.3.1.3 Unspecified Bit Rate (UBR) .............................................................80 5.4 Zero Configuration Internet Access ...................................
P-660HW-T v2 User’s Guide 7.1.3 DNS Server Address ..............................................................................112 7.1.4 DNS Server Address Assignment ...........................................................113 7.2 LAN TCP/IP ......................................................................................................113 7.2.1 IP Address and Subnet Mask .................................................................113 7.2.1.1 Private IP Addresses ............................
P-660HW-T v2 User’s Guide 9.4 Denial of Service ..............................................................................................139 9.4.1 Basics .....................................................................................................139 9.4.2 Types of DoS Attacks .............................................................................140 9.4.2.1 ICMP Vulnerability ........................................................................142 9.4.2.
P-660HW-T v2 User’s Guide 10.10 DoS Thresholds ..........................................................................................166 10.10.1 Threshold Values ................................................................................166 10.10.2 Half-Open Sessions ............................................................................167 10.10.2.1 TCP Maximum Incomplete and Blocking Time .........................167 10.10.3 Configuring Firewall Thresholds ...................................
P-660HW-T v2 User’s Guide Chapter 14 Dynamic DNS Setup............................................................................................. 191 14.1 Dynamic DNS Overview ...............................................................................191 14.1.1 DYNDNS Wildcard ................................................................................191 14.2 Configuring Dynamic DNS ............................................................................
P-660HW-T v2 User’s Guide 17.1.2 General Setup ......................................................................................219 17.2 Time Setting ..................................................................................................221 Chapter 18 Logs ...................................................................................................................... 225 18.1 Logs Overview ..............................................................................................
P-660HW-T v2 User’s Guide Internal SPTGEN Overview ................................................................................... 263 The Configuration Text File Format........................................................................ 263 Internal SPTGEN FTP Download Example............................................................ 264 Internal SPTGEN FTP Upload Example ................................................................ 265 Example Internal SPTGEN Menus............................
P-660HW-T v2 User’s Guide NetBIOS Filter Configuration.................................................................................. 316 Appendix J Splitters and Microfilters ..................................................................................... 317 Connecting a POTS Splitter ................................................................................... 317 Telephone Microfilters ............................................................................................
P-660HW-T v2 User’s Guide List of Figures Figure 1 Protected Internet Access Applications ................................................................ 38 Figure 2 LAN-to-LAN Application Example ......................................................................... 38 Figure 3 Front Panel .......................................................................................................... 38 Figure 4 Password Screen ................................................................................
P-660HW-T v2 User’s Guide Figure 39 Internet Connection (PPPoE) .............................................................................. 81 Figure 40 Advanced Internet Connection Setup ................................................................. 83 Figure 41 More Connections ............................................................................................... 85 Figure 42 More Connections Edit ........................................................................................
P-660HW-T v2 User’s Guide Figure 82 Stateful Inspection ............................................................................................... 143 Figure 83 Firewall: General ................................................................................................. 152 Figure 84 Firewall Rules .................................................................................................... 154 Figure 85 Firewall: Edit Rule ..................................................................
P-660HW-T v2 User’s Guide Figure 125 Internet Connection Properties: Advanced Settings: Add ................................. 214 Figure 126 System Tray Icon .............................................................................................. 214 Figure 127 Internet Connection Status ................................................................................ 215 Figure 128 Network Connections ........................................................................................
P-660HW-T v2 User’s Guide Figure 168 Red Hat 9.0: KDE: Ethernet Device: General ................................................. 293 Figure 169 Red Hat 9.0: KDE: Network Configuration: DNS ............................................. 294 Figure 170 Red Hat 9.0: KDE: Network Configuration: Activate ....................................... 294 Figure 171 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 .............................. 295 Figure 172 Red Hat 9.
P-660HW-T v2 User’s Guide 26 List of Figures
P-660HW-T v2 User’s Guide List of Tables Table 1 ADSL Standards .................................................................................................... 33 Table 2 Front Panel LEDs .................................................................................................. 39 Table 3 Web Configurator Screens Summary .................................................................... 44 Table 4 Status Screen .................................................................................
P-660HW-T v2 User’s Guide Table 39 LAN IP Alias ........................................................................................................ 122 Table 40 NAT Definitions .................................................................................................... 125 Table 41 NAT Mapping Types ............................................................................................ 128 Table 42 NAT General ................................................................................
P-660HW-T v2 User’s Guide Table 82 Remote Management: ICMP ............................................................................... 204 Table 83 TR-069 Commands ............................................................................................. 205 Table 84 Configuring UPnP ................................................................................................ 209 Table 85 System General Setup ........................................................................................
P-660HW-T v2 User’s Guide Table 125 Menu 21.1 Filter Set #1 ..................................................................................... 273 Table 126 Menu 21.1 Filer Set #2, ..................................................................................... 275 Table 127 Menu 23 System Menus .................................................................................... 276 Table 128 Menu 24.11 Remote Management Control ........................................................
P-660HW-T v2 User’s Guide Preface Congratulations on your purchase of the P-660HW-T v2 802.11g Wireless ADSL 2+ 4-port Gateway. The P-660HW-T v2 comes with built-in IEEE 802.11g wireless capability allowing wireless connectivity, and has a 4-port switch that allows you to connect up to 4 computers without purchasing a switch / hub. Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.
P-660HW-T v2 User’s Guide User Guide Feedback Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
P-660HW-T v2 User’s Guide CHAPTER 1 Getting To Know Your ZyXEL Device This chapter describes the key features and applications of your ZyXEL Device. 1.1 Introducing the ZyXEL Device The ZyXEL Device is an ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS) or digital (ISDN) telephone lines (depending on your model). In the ZyXEL Device product name, “H” denotes an integrated 4-port switch (hub) and “W” denotes an included wireless LAN card that provides wireless connectivity.
P-660HW-T v2 User’s Guide Note: If your ZyXEL Device does not support Annex M, the maximum ADSL2/2+ upstream data rate is 1.2 Mbps. ZyXEL Devices which work over ISDN do not support Annex M. The standard your ISP supports determines the maximum upstream and downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, line quality, etc.
P-660HW-T v2 User’s Guide Media Bandwidth Management ZyXEL’s Media Bandwidth Management allows you to specify bandwidth classes based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth classes. Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the ZyXEL Device and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.
P-660HW-T v2 User’s Guide IP Alias IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The ZyXEL Device supports three logical LAN interfaces via its single physical Ethernet interface with the ZyXEL Device itself as the gateway for each LAN network. TR-069 Compliance TR-069 is a protocol that defines how your ZyXEL Device can be managed via a management server such as ZyXEL’s Vantage CNM Access.
P-660HW-T v2 User’s Guide Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption. Antenna The ZyXEL Device is equipped with one 3dBi fixed antenna to provide clear radio signal between the wireless stations and the access points.
P-660HW-T v2 User’s Guide Figure 1 Protected Internet Access Applications 1.3.2 LAN to LAN Application You can use the ZyXEL Device to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application example is shown as follows. Figure 2 LAN-to-LAN Application Example 1.4 Front Panel LEDs The following figure shows the front panel LEDs.
P-660HW-T v2 User’s Guide The following table describes the LEDs. Table 2 Front Panel LEDs LED COLOR STATUS DESCRIPTION POWER Green On The ZyXEL Device is receiving power and functioning properly. Blinking The ZyXEL Device is booting or performing diagnostics. On Power to the ZyXEL Device is too low. Off The system is not ready or has malfunctioned. On The ZyXEL Device has a successful Ethernet connection. Blinking The ZyXEL Device is sending/receiving data.
P-660HW-T v2 User’s Guide 40 Chapter 1 Getting To Know Your ZyXEL Device
P-660HW-T v2 User’s Guide CHAPTER 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
P-660HW-T v2 User’s Guide status only. Click Login to proceed to a screen asking you to change your password or click Cancel to revert to the default password. Figure 4 Password Screen 6 If you entered the user password, skip the next two steps and refer to Section 2.4.2 on page 46 for more information about the Status screen.
P-660HW-T v2 User’s Guide Figure 6 Select a Mode Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens to you. 2.3 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration file.
P-660HW-T v2 User’s Guide Figure 7 Web Configurator: Main Screen Click the Logout icon at any time to exit the web configurator. Use the submenus to configure ZyXEL Device features. Note: Click the icon (located in the top right corner of most screens) to view embedded help.
P-660HW-T v2 User’s Guide Table 3 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION LAN IP Use this screen to configure LAN TCP/IP settings, enable Any IP and other advanced properties. DHCP Setup Use this screen to configure LAN DHCP settings. Client List Use this screen to view current DHCP client information and to always assign an IP address to a MAC address (and host name). IP Alias Use this screen to partition your LAN interface into subnets.
P-660HW-T v2 User’s Guide Table 3 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION Remote MGMT WWW Use this screen to configure through which interface(s) and from which IP address(es) users can use HTTPS or HTTP to manage the ZyXEL Device. Telnet Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the ZyXEL Device.
P-660HW-T v2 User’s Guide Figure 8 Status Screen The following table describes the labels shown in the Status screen. Table 4 Status Screen LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics. Apply Click this button to refresh the status screen statistics.
P-660HW-T v2 User’s Guide Table 4 Status Screen LABEL DESCRIPTION IP Subnet Mask This is the LAN port IP subnet mask. DHCP This is the WAN port DHCP role - Server, Relay or None. WLAN Information (Wireless devices only) SSID This is the descriptive name used to identify the ZyXEL Device in the wireless LAN. Channel This is the channel number used by the ZyXEL Device now. Security This displays the WLAN security mode.
P-660HW-T v2 User’s Guide Table 4 Status Screen LABEL DESCRIPTION Bandwidth Status Use this screen to view the ZyXEL Device’s bandwidth usage and allotments. Packet Statistics Use this screen to view port status and packet specific statistics. 2.4.3 Status: Any IP Table Click the Any IP Table hyperlink in the Status screen.
P-660HW-T v2 User’s Guide Figure 10 Status: WLAN Status The following table describes the labels in this screen. Table 6 Status: WLAN Status LABEL DESCRIPTION # This is the index number of an associated wireless station. MAC Address This field displays the MAC (Media Access Control) address of an associated wireless station. Association TIme This field displays the time a wireless station first associated with the ZyXEL Device. Refresh Click Refresh to reload this screen. 2.4.
P-660HW-T v2 User’s Guide 2.4.6 Status: Packet Statistics Click the Packet Statistics hyperlink in the Status screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Not all fields are available on all models Figure 12 Status: Packet Statistics The following table describes the fields in this screen.
P-660HW-T v2 User’s Guide Table 7 Status: Packet Statistics (continued) LABEL DESCRIPTION Status This field displays Down (line is down), Up (line is up or connected) if you're using Ethernet encapsulation and Down (line is down), Up (line is up or connected), Idle (line (ppp) idle), Dial (starting to trigger a call) and Drop (dropping a call) if you're using PPPoE encapsulation. For the WLAN port, it displays the transmission rate when WLAN is enabled or N/A when WLAN is disabled.
P-660HW-T v2 User’s Guide Figure 13 System General Chapter 2 Introducing the Web Configurator 53
P-660HW-T v2 User’s Guide 54 Chapter 2 Introducing the Web Configurator
P-660HW-T v2 User’s Guide CHAPTER 3 Wizard Setup for Internet Access This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields. 3.
P-660HW-T v2 User’s Guide Figure 15 Wizard: Welcome 3 The wizard attempts to detect which WAN connection type you are using. If the wizard detects your connection type and your ISP uses PPPoE or PPPoA, go to Section 3.2.1 on page 57. The screen varies depending on the connection type you use.
P-660HW-T v2 User’s Guide Figure 17 Auto Detection: Failed 3.2.1 Automatic Detection 1 If you have a PPPoE or PPPoA connection, a screen displays prompting you to enter your Internet account information. Enter the username, password and/or service name exactly as provided. 2 Click Next and see Section 3.3 on page 62 for wireless connection wizard setup. Figure 18 Auto-Detection: PPPoE 3.2.
P-660HW-T v2 User’s Guide Figure 19 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 8 Internet Access Wizard Setup: ISP Parameters 58 LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.
P-660HW-T v2 User’s Guide 2 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 3.3 on page 62 for wireless connection wizard setup Figure 20 Internet Connection with PPPoE The following table describes the fields in this screen. Table 9 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned.
P-660HW-T v2 User’s Guide The following table describes the fields in this screen. Table 10 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field. Back Click Back to go back to the previous wizard screen. Next Click Next to continue to the next wizard screen. Exit Click Exit to close the wizard screen without saving your changes.
P-660HW-T v2 User’s Guide Table 11 Internet Connection with ENET ENCAP (continued) LABEL DESCRIPTION Second DNS Server As above. Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. Figure 23 Internet Connection with PPPoA The following table describes the fields in this screen.
P-660HW-T v2 User’s Guide Figure 24 Connection Test Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wireless Setup Wizard to verify your Internet access settings. Figure 25 Connection Test Failed-2. 3.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6.
P-660HW-T v2 User’s Guide Figure 26 Connection Test Successful 2 Use this screen to activate the wireless LAN and OTIST. Click Next to continue.
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 13 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Enable OTIST Select the check box to enable OTIST if you want to transfer your ZyXEL Device’s SSID and WPA-PSK security settings to wireless clients that support OTIST and are within transmission range. You must also activate and start OTIST on the wireless client at the same time.
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 14 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Network Name(SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the ZyXEL Device, make sure all wireless stations use the same SSID in order to access the network. Channel Selection The range of radio frequencies used by IEEE 802.11b/g wireless devices is called a channel.
P-660HW-T v2 User’s Guide Figure 29 Manually assign a WPA-PSK key The following table describes the labels in this screen. Table 15 Manually assign a WPA key LABEL DESCRIPTION Pre-Shared Key Type from 8 to 63 case-sensitive ASCII characters. You can set up the most secure wireless connection by configuring WPA in the wireless LAN screens. You need to configure an authentication server to do this. Back Click Back to display the previous screen. Next Click Next to proceed to the next screen.
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 16 Manually assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. Enter any 5, 13 or 29 ASCII characters or 10, 26 or 58 hexadecimal characters ("0-9", "A-F") for a 64-bit, 128-bit or 256-bit WEP key respectively. Back Click Back to display the previous screen.
P-660HW-T v2 User’s Guide Figure 32 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct.
P-660HW-T v2 User’s Guide CHAPTER 4 Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 4.1 Introduction Bandwidth management allows you to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements. This helps keep one service from using all of the available bandwidth and shutting out other users. 4.
P-660HW-T v2 User’s Guide Table 17 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION VoIP (SIP) Sending voice signals over the Internet is called Voice over IP or VoIP. Session Initiated Protocol (SIP) is an internationally recognized standard for implementing VoIP. SIP is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.
P-660HW-T v2 User’s Guide Figure 34 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the service requirements. Figure 35 Bandwidth Management Wizard: General Information The following fields describe the label in this screen. Table 18 Bandwidth Management Wizard: General Information LABEL DESCRIPTION Active Select the Active check box to have the ZyXEL Device apply bandwidth management to traffic going out through the ZyXEL Device’s port(s).
P-660HW-T v2 User’s Guide Figure 36 Bandwidth Management Wizard: Configuration The following table describes the labels in this screen. Table 19 Bandwidth Management Wizard: Configuration LABEL DESCRIPTION Active Select an entry’s Active check box to turn on bandwidth management for the service/ application. Service These fields display the services names. Priority Select High, Mid or Low priority for each service to have your ZyXEL Device use a priority for traffic that matches that service.
P-660HW-T v2 User’s Guide 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration.
P-660HW-T v2 User’s Guide 74 Chapter 4 Bandwidth Management Wizard
P-660HW-T v2 User’s Guide CHAPTER 5 WAN Setup This chapter describes how to configure WAN settings. 5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 5.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods. 5.1.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol.
P-660HW-T v2 User’s Guide By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access. 5.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection.
P-660HW-T v2 User’s Guide because they cannot be automatically determined. What method(s) you use also depends on how many VCs you have and how many different network protocols you need. The extra overhead that ENET ENCAP encapsulation entails makes it a poor choice in a LAN-to-LAN application. Here are some examples of more suitable combinations in such an application. 5.1.3.
P-660HW-T v2 User’s Guide 5.1.5.3 IP Assignment with ENET ENCAP Encapsulation In this case you can have either a static or dynamic IP. For a static IP you must fill in all the IP Address and ENET ENCAP Gateway fields as supplied by your ISP. However for a dynamic IP, the ZyXEL Device acts as a DHCP client on the WAN port and so the IP Address and ENET ENCAP Gateway fields are not applicable (N/A) as the DHCP server assigns them to the ZyXEL Device. 5.1.
P-660HW-T v2 User’s Guide If you want the dial-backup route to take first priority over the traffic-redirect route or even the normal route, all you need to do is set the dial-backup route’s metric to "1" and the others to "2" (or greater). IP Policy Routing overrides the default routing behavior and takes priority over all of the routes mentioned above. 5.
P-660HW-T v2 User’s Guide 5.3.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. 5.3.1.1 Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent. CBR traffic is generally time-sensitive (doesn't tolerate delay). CBR is used for connections that continuously require a specific amount of bandwidth.
P-660HW-T v2 User’s Guide • the ZyXEL Device is in bridge mode • you set the ZyXEL Device to use a static (fixed) WAN IP address. 5.5 Internet Connection To change your ZyXEL Device’s WAN Internet access settings, click Network > WAN. The screen differs by the encapsulation. See Section 5.1 on page 75 for more information. Figure 39 Internet Connection (PPPoE) The following table describes the labels in this screen.
P-660HW-T v2 User’s Guide Table 20 Internet Connection (continued) LABEL DESCRIPTION Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. Choices vary depending on the mode you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. User Name (PPPoA and PPPoE encapsulation only) Enter the user name exactly as your ISP assigned.
P-660HW-T v2 User’s Guide Table 20 Internet Connection (continued) LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click this button to display the Advanced Internet Connection Setup screen and edit more details of your WAN setup. 5.5.1 Configuring Advanced Internet Connection Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the Internet Connection screen. The screen appears as shown.
P-660HW-T v2 User’s Guide Table 21 Advanced Internet Connection Setup (continued) LABEL DESCRIPTION ATM QoS Type Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail. Select VBR-nRT (Variable Bit Rate-non Real Time) or VBR-RT (Variable Bit Rate-Real Time) for bursty traffic and bandwidth sharing with other applications.
P-660HW-T v2 User’s Guide Figure 41 More Connections The following table describes the labels in this screen. Table 22 More Connections LABEL DESCRIPTION # This is the index number of a connection. Active This display whether this connection is activated. Clear the check box to disable the connection. Select the check box to enable it. Name This is the descriptive name for this connection. VPI/VCI This is the VPI and VCI values used for this connection.
P-660HW-T v2 User’s Guide Figure 42 More Connections Edit The following table describes the labels in this screen. Table 23 More Connections Edit 86 LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII characters for this connection. Mode Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account.
P-660HW-T v2 User’s Guide Table 23 More Connections Edit (continued) LABEL DESCRIPTION User Name (PPPoA and PPPoE encapsulation only) Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service here.
P-660HW-T v2 User’s Guide Table 23 More Connections Edit (continued) LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click this button to display the More Connections Advanced screen and edit more details of your WAN setup. 5.6.2 Configuring More Connections Advanced Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown.
P-660HW-T v2 User’s Guide Table 24 More Connections Advanced Setup (continued) LABEL DESCRIPTION Peak Cell Rate Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the Peak Cell Rate (PCR). This is the maximum rate at which the sender can send cells. Type the PCR here. Sustain Cell Rate The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that can be transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec.
P-660HW-T v2 User’s Guide Figure 45 Traffic Redirect LAN Setup 5.8 Configuring WAN Backup To change your ZyXEL Device’s WAN backup settings, click Network > WAN > WAN Backup Setup. The screen appears as shown.
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 25 WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields.
P-660HW-T v2 User’s Guide 92 Chapter 5 WAN Setup
P-660HW-T v2 User’s Guide CHAPTER 6 Wireless LAN This chapter discusses how to configure the wireless network settings in your ZyXEL Device. See the appendices for more detailed information about wireless networks. 6.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 47 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B are called wireless clients.
P-660HW-T v2 User’s Guide • Every wireless client in the same wireless network must use security compatible with the AP. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 6.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network. 6.2.1 SSID Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area.
P-660HW-T v2 User’s Guide 6.2.3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before they can use it. This is called user authentication. However, every wireless client in the wireless network has to support IEEE 802.1x to do this. For wireless networks, there are two typical places to store the user names and passwords for each user.
P-660HW-T v2 User’s Guide Usually, you should set up the strongest encryption that every wireless client in the wireless network supports. For example, suppose the AP does not have a local user database, and you do not have a RADIUS server. Therefore, there is no user authentication. Suppose the wireless network has two wireless clients. Device A only supports WEP, and device B supports WEP and WPA. Therefore, you should set up Static WEP in the wireless network.
P-660HW-T v2 User’s Guide Click Network > Wireless LAN to open the General screen. Figure 48 Wireless LAN: General The following table describes the general wireless LAN labels in this screen. Table 27 Wireless LAN: General LABEL DESCRIPTION Active Wireless Click the check box to activate wireless LAN. LAN Network Name (SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless client is associated.
P-660HW-T v2 User’s Guide 6.4.1 No Security Select No Security to allow wireless clients to communicate with the access points without any data encryption. Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 49 Wireless: No Security The following table describes the labels in this screen.
P-660HW-T v2 User’s Guide Figure 50 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 29 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box. Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The ZyXEL Device automatically generates a WEP key. WEP Key The WEP keys are used to encrypt data.
P-660HW-T v2 User’s Guide Figure 51 Wireless: WPA-PSK/WPA2-PSK The following table describes the wireless LAN security labels in this screen. Table 30 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK from the drop-down list box. WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field.
P-660HW-T v2 User’s Guide Table 30 Wireless: WPA-PSK/WPA2-PSK LABEL DESCRIPTION Idle Timeout (In Seconds) The ZyXEL Device automatically disconnects a wireless station from the wireless network after a period of inactivity. The wireless station needs to send the username and password again before it can use the wireless network again. Some wireless clients may prompt users for a username and password; other clients may use saved login credentials.
P-660HW-T v2 User’s Guide Figure 52 Wireless: WPA/WPA2 The following table describes the wireless LAN security labels in this screen. Table 31 Wireless: WPA/WPA2 LABEL DESCRIPTION WPA Compatible This check box is available only when you select WPA2-PSK or WPA2 in the Security Mode field. Select the check box to have both WPA2 and WPA wireless clients be able to communicate with the ZyXEL Device even when the ZyXEL Device is using WPA2-PSK or WPA2.
P-660HW-T v2 User’s Guide Table 31 Wireless: WPA/WPA2 LABEL DESCRIPTION Group Key Update Timer (In Seconds) The Group Key Update Timer is the rate at which the AP (if using WPA-PSK/ WPA2-PSK key management) or RADIUS server (if using WPA(2) key management) sends a new group key out to all clients. The re-keying process is the WPA(2) equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis.
P-660HW-T v2 User’s Guide Figure 53 Advanced The following table describes the labels in this screen. Table 32 Wireless LAN: Advanced LABEL DESCRIPTION Wireless Advanced Setup 104 RTS/CTS Threshold Enter a value between 0 and 2432. Fragmentation Threshold This is the maximum data fragment size that can be sent. Enter a value between 256 and 2432. Output Power Set the output power of the ZyXEL Device in this field.
P-660HW-T v2 User’s Guide Table 32 Wireless LAN: Advanced LABEL DESCRIPTION Max. Frame Burst Enable Maximum Frame Burst to help eliminate collisions in mixed-mode networks (networks with both IEEE 802.11g and IEEE 802.11b traffic) and enhance the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks. Maximum Frame Burst sets the maximum time, in micro-seconds, that the ZZyXEL Device transmits IEEE 802.11g wireless traffic only.
P-660HW-T v2 User’s Guide Note: If you hold in the RESET button too long, the device will reset to the factory defaults! 6.5.1.1.2 Web Configurator Click the Network > Wireless LAN > OTIST. The following screen displays. Figure 54 OTIST The following table describes the labels in this screen. Table 33 OTIST LABEL DESCRIPTION Setup Key Type an OTIST Setup Key of exactly eight ASCII characters in length. The default OTIST setup key is "01234567".
P-660HW-T v2 User’s Guide Figure 55 Example Wireless Client OTIST Screen 6.5.2 Starting OTIST Note: You must click Start in the AP OTIST web configurator screen and in the wireless client(s) Adapter screen all within three minutes (at the time of writing). You can start OTIST in the wireless clients and AP in any order but they must all be within range and have OTIST enabled. 1 In the AP, a web configurator screen pops up showing you the security settings to transfer.
P-660HW-T v2 User’s Guide Figure 59 No AP with OTIST Found • If there is more than one OTIST-enabled AP within range, you see a screen asking you to select one AP to get settings from. 6.5.3 Notes on OTIST 1 If you enabled OTIST in the wireless client, you see this screen each time you start the utility. Click Yes for it to search for an OTIST-enabled AP.
P-660HW-T v2 User’s Guide To change your ZyXEL Device’s MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. Figure 61 MAC Address Filter The following table describes the labels in this menu. Table 34 MAC Address Filter LABEL DESCRIPTION Active MAC Filter Select the check box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
P-660HW-T v2 User’s Guide Table 34 MAC Address Filter 110 LABEL DESCRIPTION Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen.
P-660HW-T v2 User’s Guide CHAPTER 7 LAN Setup This chapter describes how to configure LAN settings. 7.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. See Section 7.3 on page 117 to configure the LAN screens. 7.1.
P-660HW-T v2 User’s Guide 7.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. 7.1.2.
P-660HW-T v2 User’s Guide 7.1.4 DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. There are two ways that an ISP disseminates the DNS server addresses. • The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up.
P-660HW-T v2 User’s Guide 7.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 — 10.255.255.255 • 172.16.0.0 — 172.31.255.255 • 192.168.0.0 — 192.168.255.
P-660HW-T v2 User’s Guide 7.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
P-660HW-T v2 User’s Guide Figure 63 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the ZyXEL Device’s IP address. Note: You must enable NAT/SUA to use the Any IP feature on the ZyXEL Device. 7.2.4.
P-660HW-T v2 User’s Guide 7.3 Configuring LAN IP Click LAN to open the IP screen. See Section 7.1 on page 111 for background information. Figure 64 LAN IP The following table describes the fields in this screen. Table 35 LAN IP LABEL DESCRIPTION TCP/IP IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
P-660HW-T v2 User’s Guide Figure 65 Advanced LAN Setup The following table describes the labels in this screen. Table 36 Advanced LAN Setup LABEL DESCRIPTION RIP & Multicast Setup 118 RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group.
P-660HW-T v2 User’s Guide 7.4 DHCP Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 66 DHCP Setup The following table describes the labels in this screen. Table 37 DHCP Setup LABEL DESCRIPTION DHCP Setup DHCP If set to Server, your ZyXEL Device can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
P-660HW-T v2 User’s Guide Table 37 DHCP Setup LABEL DESCRIPTION Primary DNS Server Secondary DNS Server This field is not available when you set DHCP to Relay. Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. If the fields are left as 0.0.0.0, the ZyXEL Device acts as a DNS proxy and forwards the DHCP client’s DNS query to the real DNS server learned through IPCP and relays the response back to the computer.
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 38 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address specified below. The IP address should be within the range of IP addresses you specified in the DHCP Setup for the DHCP client. MAC Address Enter the MAC address of a computer on your LAN. Add Click Add to add a static DHCP entry.
P-660HW-T v2 User’s Guide Figure 68 Physical Network & Partitioned Logical Networks To change your ZyXEL Device’s IP alias settings, click Network > LAN > IP Alias. The screen appears as shown. Figure 69 LAN IP Alias The following table describes the labels in this screen. Table 39 LAN IP Alias 122 LABEL DESCRIPTION IP Alias 1, 2 Select the check box to configure another LAN network for the ZyXEL Device. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation.
P-660HW-T v2 User’s Guide Table 39 LAN IP Alias LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the ZyXEL Device will broadcast its routing table periodically.
P-660HW-T v2 User’s Guide 124 Chapter 7 LAN Setup
P-660HW-T v2 User’s Guide CHAPTER 8 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the ZyXEL Device. 8.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 8.1.
P-660HW-T v2 User’s Guide 8.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
P-660HW-T v2 User’s Guide 8.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. More examples follow at the end of this chapter. Figure 71 NAT Application With IP Alias 8.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address.
P-660HW-T v2 User’s Guide Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types. Table 41 NAT Mapping Types TYPE IP MAPPING One-to-One ILA1ÅÆ IGA1 Many-to-One (SUA/PAT) ILA1ÅÆ IGA1 ILA2ÅÆ IGA1 … Many-to-Many Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA1 ILA4ÅÆ IGA2 … Many-to-Many No Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 … Server Server 1 IPÅÆ IGA1 Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 8.
P-660HW-T v2 User’s Guide Figure 72 NAT General The following table describes the labels in this screen. Table 42 NAT General LABEL DESCRIPTION Active Network Address Translation (NAT) Select this check box to enable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device. Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device.
P-660HW-T v2 User’s Guide You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers.
P-660HW-T v2 User’s Guide 8.4.3 Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 73 Multiple Servers Behind NAT Example 8.
P-660HW-T v2 User’s Guide The following table describes the fields in this screen. Table 44 NAT Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
P-660HW-T v2 User’s Guide The following table describes the fields in this screen. Table 45 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this check box to enable the rule. Service Name Enter a name to identify this port-forwarding rule. Start Port Enter a port number in this field. To forward only one port, enter the port number again in the End Port field. To forward a series of ports, enter the start port number here and the end port number in the End Port field.
P-660HW-T v2 User’s Guide Figure 76 Address Mapping Rules The following table describes the fields in this screen. Table 46 Address Mapping Rules 134 LABEL DESCRIPTION # This is the rule index number. Local Start IP This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for Server port mapping. Local End IP This is the end Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.
P-660HW-T v2 User’s Guide 8.6.1 Address Mapping Rule Edit To edit an address mapping rule, click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 77 Edit Address Mapping Rule The following table describes the fields in this screen. Table 47 Edit Address Mapping Rule LABEL DESCRIPTION Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address.
P-660HW-T v2 User’s Guide Table 47 Edit Address Mapping Rule (continued) LABEL 136 DESCRIPTION Edit Details Click this link to go to the Port Forwarding screen to edit a server mapping set that you have selected in the Server Mapping Set field. Back Click Back to return to the previous screen. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
P-660HW-T v2 User’s Guide CHAPTER 9 Firewalls This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 9.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
P-660HW-T v2 User’s Guide 9.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data.
P-660HW-T v2 User’s Guide • The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service. 9.3.1 Denial of Service Attacks Figure 78 Firewall Application 9.
P-660HW-T v2 User’s Guide Some of the most common IP ports are: Table 48 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 9.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing.
P-660HW-T v2 User’s Guide Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. • SYN Attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response.
P-660HW-T v2 User’s Guide Figure 81 Smurf Attack 9.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 49 ICMP Commands That Trigger Alerts 5 REDIRECT 13 TIMESTAMP_REQUEST 14 TIMESTAMP_REPLY 17 ADDRESS_MASK_REQUEST 18 ADDRESS_MASK_REPLY 9.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
P-660HW-T v2 User’s Guide 9.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall. Often, many DoS attacks also employ a technique known as "IP Spoofing" as part of their attack.
P-660HW-T v2 User’s Guide The previous figure shows the ZyXEL Device’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked. 9.5.1 Stateful Inspection Process In this example, the following sequence of events occurs when a TCP packet leaves the LAN network through the firewall's WAN interface.
P-660HW-T v2 User’s Guide • Allow certain types of traffic from the Internet to specific hosts on the LAN. • Allow access to a Web server to everyone but competitors. • Restrict use of certain protocols, such as Telnet, to authorized users on the LAN. These custom rules work by evaluating the network traffic’s Source IP address, Destination IP address, IP protocol type, and comparing these to rules set by the administrator. Note: The ability to define firewall rules is a very powerful tool.
P-660HW-T v2 User’s Guide A similar situation exists for ICMP, except that the ZyXEL Device is even more restrictive. Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask requests will allow incoming address mask replies, and outgoing timestamp requests will allow incoming timestamp replies. No other ICMP packets are allowed in through the firewall, simply because they are too dangerous and contain too little tracking information.
P-660HW-T v2 User’s Guide • Encourage your company or organization to develop a comprehensive security plan. Good network administration takes into account what hackers can do and prepares against attacks. The best defense against hackers and crackers is information. Educate all employees about the importance of security and how to minimize risk.
P-660HW-T v2 User’s Guide 9.7.1.1 When To Use Filtering • To block/allow LAN packets by their MAC addresses. • To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets. • To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the specific inside host/network "A" and outside host/network "B". If the filter blocks the traffic from A to B, it also blocks the traffic from B to A.
P-660HW-T v2 User’s Guide CHAPTER 10 Firewall Configuration This chapter shows you how to enable and configure the ZyXEL Device firewall. 10.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.CLI (Command Line Interpreter) commands provide limited configuration options and are only recommended for advanced users. 10.
P-660HW-T v2 User’s Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: • Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet.
P-660HW-T v2 User’s Guide 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens. 10.3.
P-660HW-T v2 User’s Guide 10.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed nonrestricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN. WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN).
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 52 Firewall: General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Route Select this check box to have the ZyXEL Device firewall permit the use of triangle route topology on the network.
P-660HW-T v2 User’s Guide Figure 84 Firewall Rules The following table describes the labels in this screen. Table 53 Firewall Rules LABEL DESCRIPTION Firewall Rules Storage Space in Use This read-only bar shows how much of the ZyXEL Device's memory for recording firewall rules it is currently using. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
P-660HW-T v2 User’s Guide Table 53 Firewall Rules (continued) LABEL DESCRIPTION Action This field displays whether the firewall silently discards packets (Drop), discards packets and sends a TCP reset packet or an ICMP destination-unreachable message to the sender (Reject) or allows the passage of packets (Permit) Schedule This field tells you whether a schedule is specified (Yes) or not (No). Log This field shows you whether a log is created when packets match this rule (Yes) or not (No).
P-660HW-T v2 User’s Guide Figure 85 Firewall: Edit Rule 156 Chapter 10 Firewall Configuration
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 54 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Packet Use the drop-down list box to select what the firewall is to do with packets that match this rule. Select Drop to silently discard the packets without sending a TCP reset packet or an ICMP destination-unreachable message to the sender.
P-660HW-T v2 User’s Guide Table 54 Firewall: Edit Rule (continued) LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. 10.6.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further information on these services, please read Section 10.
P-660HW-T v2 User’s Guide 10.6.3 Configuring a Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This action displays the following screen. Refer to Section 9.1 on page 137 for more information. Figure 87 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 56 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port.
P-660HW-T v2 User’s Guide Figure 88 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8. 4 Click Add to display the firewall rule configuration screen. 5 In the Edit Rule screen, click the Edit Customized Services link to open the Customized Service screen.
P-660HW-T v2 User’s Guide Figure 90 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box.
P-660HW-T v2 User’s Guide Figure 91 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
P-660HW-T v2 User’s Guide Figure 92 Firewall Example: Rules: MyService 10.8 Predefined Services The Available Services list box in the Edit Rule screen (see Section 10.6.1 on page 155) displays all predefined services that the ZyXEL Device already supports. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP). The second field indicates the IP port number that defines the service.
P-660HW-T v2 User’s Guide Table 57 Predefined Services (continued) 164 SERVICE DESCRIPTION H.323(TCP:1720) Net Meeting uses this protocol. HTTP(TCP:80) Hyper Text Transfer Protocol - a client/server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICQ(UDP:4000) This is a popular Internet chat program. IPSEC_TRANSPORT/ TUNNEL(AH:0) The IPSEC AH (Authentication Header) tunneling protocol uses this service.
P-660HW-T v2 User’s Guide Table 57 Predefined Services (continued) SERVICE DESCRIPTION SSDP(UDP:1900) Simole Service Discovery Protocol (SSDP) is a discovery service searching for Universal Plug and Play devices on your home network or upstream Internet gateways using DUDP port 1900. SSH(TCP/UDP:22) Secure Shell Remote Login Program. STRMWORKS(UDP:1558) Stream Works Protocol. SYSLOG(UDP:514) Syslog allows you to send system logs to a UNIX server.
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 58 Firewall: Anti Probing LABEL DESCRIPTION Respond to PING on The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both incoming LAN and WAN Ping requests. Do Not Respond to Requests for Unauthorized Services.
P-660HW-T v2 User’s Guide If your network is slower than average for any of these factors (especially if you have servers that are slow or handle many tasks and are often busy), then the default values should be reduced. You should make any changes to the threshold values before you continue configuring firewall rules. 10.10.
P-660HW-T v2 User’s Guide 10.10.3 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen. Figure 94 Firewall: Threshold The following table describes the labels in this screen.
P-660HW-T v2 User’s Guide Table 59 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES Maximum Incomplete Low This is the number of existing half-open 80 existing half-open sessions. sessions that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number.
P-660HW-T v2 User’s Guide 170 Chapter 10 Firewall Configuration
P-660HW-T v2 User’s Guide C H A P T E R 11 Content Filtering This chapter covers how to configure content filtering. 11.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the ZyXEL Device performs content filtering.
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 60 Content Filter: Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature. Block Websites that contain This box contains the list of all the keywords that you have configured the these keywords in the URL: ZyXEL Device to block. Delete Highlight a keyword in the box and click Delete to remove it. Clear All Click Clear All to remove all of the keywords from the list.
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 61 Content Filter: Schedule LABEL DESCRIPTION Schedule Select Active Everyday to Block to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active. Active Select the check box to have the content filtering active on the selected day.
P-660HW-T v2 User’s Guide 174 Chapter 11 Content Filtering
P-660HW-T v2 User’s Guide CHAPTER 12 Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 12.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
P-660HW-T v2 User’s Guide Figure 99 Static Route The following table describes the labels in this screen. Table 63 Static Route LABEL DESCRIPTION # This is the number of an individual static route. Active Select the check box to activate this static route. Otherwise, clear the check box. Name This is the name that describes or identifies this route. Destination This parameter specifies the IP network address of the final destination. Routing is always based on network number.
P-660HW-T v2 User’s Guide Figure 100 Static Route Edit The following table describes the labels in this screen. Table 64 Static Route Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number.
P-660HW-T v2 User’s Guide 178 Chapter 12 Static Route
P-660HW-T v2 User’s Guide CHAPTER 13 Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 13.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
P-660HW-T v2 User’s Guide Figure 101 Subnet-based Bandwidth Management Example 13.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.
P-660HW-T v2 User’s Guide 13.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 13.
P-660HW-T v2 User’s Guide 13.6.2 Maximize Bandwidth Usage Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each bandwidth class’s bandwidth budget. The classes are set up based on subnets. The interface is set to 10240 kbps. Each subnet is allocated 2048 kbps. The unbudgeted 2048 kbps allows traffic not defined in any of the bandwidth filters to go out when you do not select the maximize bandwidth option.
P-660HW-T v2 User’s Guide • Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the unbudgeted and unused bandwidth goes to the higher priority sales and marketing classes. 13.6.2.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth The following table shows the amount of bandwidth that each class gets.
P-660HW-T v2 User’s Guide 13.7 Over Allotment of Bandwidth You can set the bandwidth management speed for an interface higher than the interface’s actual transmission speed. Higher priority traffic gets to use up to its allocated bandwidth, even if it takes up all of the interface’s available bandwidth. This could stop lower priority traffic from being sent. The following is an example.
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 71 Media Bandwidth Management: Summary LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.
P-660HW-T v2 User’s Guide Figure 103 Bandwidth Management: Rule Setup The following table describes the labels in this screen. Table 72 Bandwidth Management: Rule Setup 186 LABEL DESCRIPTION Direction Select the direction of traffic to which you want to apply bandwidth management. Service Select a service for your rule or you can select User Defined to go to the screen where you can define your own. Priority Select a priority from the drop down list box. Choose High, Mid or Low.
P-660HW-T v2 User’s Guide 13.9.1 Rule Configuration Click the Edit icon or select User Defined from the Service drop-down list in the Rule Setup screen to configure a bandwidth management rule. Use bandwidth rules to allocate specific amounts of bandwidth capacity (bandwidth budgets) to specific applications and/or subnets. Figure 104 Bandwidth Management Rule Configuration The following table describes the labels in this screen.
P-660HW-T v2 User’s Guide Table 73 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION Use All Managed Bandwidth Select this option to allow a rule to borrow unused bandwidth on the interface. Bandwidth borrowing is governed by the priority of the rules. That is, a rule with the highest priority is the first to borrow bandwidth.
P-660HW-T v2 User’s Guide Table 74 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP (File Transfer Protocol) 21 SMTP (Simple Mail Transfer Protocol) 25 DNS (Domain Name System) 53 Finger 79 HTTP (Hyper Text Transfer protocol or WWW, Web) 80 POP3 (Post Office Protocol) 110 NNTP (Network News Transport Protocol) 119 SNMP (Simple Network Management Protocol) 161 SNMP trap 162 PPTP (Point-to-Point Tunneling Protocol) 1723 13.
P-660HW-T v2 User’s Guide 190 Chapter 13 Bandwidth Management
P-660HW-T v2 User’s Guide CHAPTER 14 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 14.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.
P-660HW-T v2 User’s Guide Figure 106 Dynamic DNS The following table describes the fields in this screen. Table 75 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider. Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider.
P-660HW-T v2 User’s Guide Table 75 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS server auto detect IP Address Select this option only when there are one or more NAT routers between the ZyXEL Device and the DDNS server. This feature has the DDNS server automatically detect and use the IP address of the NAT router that has a public IP address. Note: The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS server.
P-660HW-T v2 User’s Guide 194 Chapter 14 Dynamic DNS Setup
P-660HW-T v2 User’s Guide CHAPTER 15 Remote Management Configuration This chapter provides information on configuring remote management. 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. Note: When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
P-660HW-T v2 User’s Guide • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately. • There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. • There is a firewall rule that blocks it. 15.1.
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 76 Remote Management: WWW LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
P-660HW-T v2 User’s Guide Figure 109 Remote Management: Telnet The following table describes the labels in this screen. Table 77 Remote Management: Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
P-660HW-T v2 User’s Guide Figure 110 Remote Management: FTP The following table describes the labels in this screen. Table 78 Remote Management: FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
P-660HW-T v2 User’s Guide Figure 111 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
P-660HW-T v2 User’s Guide 15.6.2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 79 SNMP Traps TRAP NAME DESCRIPTION 0 coldStart (defined in RFC-1215) A trap is sent after booting (power on). 1 warmStart (defined in RFC-1215) A trap is sent after booting (software reboot). 6 whyReboot (defined in ZYXELMIB) A trap is sent with the reason of restart before rebooting when the system is going to restart (warm start).
P-660HW-T v2 User’s Guide The following table describes the labels in this screen. Table 80 Remote Management: SNMP LABEL DESCRIPTION SNMP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
P-660HW-T v2 User’s Guide Figure 113 Remote Management: DNS The following table describes the labels in this screen. Table 81 Remote Management: DNS LABEL DESCRIPTION Port The DNS service port number is 53. Access Status Select the interface(s) through which a computer may send DNS queries to the ZyXEL Device. Secured Client IP A secured client is a “trusted” computer that is allowed to send DNS queries to the ZyXEL Device. Select All to allow any computer to send DNS queries to the ZyXEL Device.
P-660HW-T v2 User’s Guide Figure 114 Remote Management: ICMP The following table describes the labels in this screen. Table 82 Remote Management: ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
P-660HW-T v2 User’s Guide Follow the procedure below to configure your ZyXEL Device to be managed by CNM Access. See the Command Interpreter appendix for information on the command structure and how to access the CLI (Command Line Interface) on the ZyXEL Device. Note: In this example a.b.c.d is the IP address of CNM Access. You must change this value to reflect your actual management server IP address or domain name. See Table 83 on page 205 for detailed descriptions of the commands.
P-660HW-T v2 User’s Guide 206 Chapter 15 Remote Management Configuration
P-660HW-T v2 User’s Guide CHAPTER 16 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
P-660HW-T v2 User’s Guide 16.1.3 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages only on the LAN.
P-660HW-T v2 User’s Guide The following table describes the fields in this screen. Table 84 Configuring UPnP LABEL DESCRIPTION Active the Universal Plug and Select this check box to activate UPnP. Be aware that anyone could use Play (UPnP) Feature a UPnP application to open the web configurator's login screen without entering the ZyXEL Device's IP address (although you must still enter the password to access the web configurator).
P-660HW-T v2 User’s Guide Figure 117 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 118 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
P-660HW-T v2 User’s Guide 16.3.2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 119 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details.
P-660HW-T v2 User’s Guide Figure 121 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 16.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. 16.4.
P-660HW-T v2 User’s Guide Figure 122 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 123 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings.
P-660HW-T v2 User’s Guide Figure 124 Internet Connection Properties: Advanced Settings Figure 125 Internet Connection Properties: Advanced Settings: Add Note: When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 5 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. Figure 126 System Tray Icon 6 Double-click on the icon to display your current Internet connection status.
P-660HW-T v2 User’s Guide Figure 127 Internet Connection Status 16.4.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places.
P-660HW-T v2 User’s Guide Figure 128 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays.
P-660HW-T v2 User’s Guide Figure 129 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device.
P-660HW-T v2 User’s Guide 218 Chapter 16 Universal Plug-and-Play (UPnP)
P-660HW-T v2 User’s Guide CHAPTER 17 System Use this screen to configure the ZyXEL Device’s time and date settings. 17.1 General Setup 17.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". • In Windows 95/98 click Start, Settings, Control Panel, Network.
P-660HW-T v2 User’s Guide Figure 131 System General Setup The following table describes the labels in this screen. Table 85 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Domain Name Enter the domain name (if you know it) here.
P-660HW-T v2 User’s Guide Table 85 System General Setup LABEL DESCRIPTION Admin Password If you log in with the admin password, you can configure the advanced features as well as the wizard setup on the ZyXEL Device. Old Password Type the default admin password (1234) or the existing password you use to access the system for configuring advanced features. New Password Type your new system password (up to 30 characters).
P-660HW-T v2 User’s Guide The following table describes the fields in this screen. Table 86 System Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server. Current Date This field displays the date of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the date with the time server.
P-660HW-T v2 User’s Guide Table 86 System Time Setting (continued) LABEL DESCRIPTION Start Date Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time starts in most parts of the United States on the first Sunday of April. Each time zone in the United States starts using Daylight Saving Time at 2 A.M. local time.
P-660HW-T v2 User’s Guide 224 Chapter 17 System
P-660HW-T v2 User’s Guide CHAPTER 18 Logs This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 18.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server. 18.1.
P-660HW-T v2 User’s Guide Figure 133 View Log The following table describes the fields in this screen. Table 87 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page. Time This field displays the time the log was recorded. Message This field states the reason for the log.
P-660HW-T v2 User’s Guide Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many emails being sent. Figure 134 Log Settings The following table describes the fields in this screen. Table 88 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
P-660HW-T v2 User’s Guide Table 88 Log Settings LABEL DESCRIPTION Send Log To The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail. Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs. Enter the E-mail address where the alert messages will be sent.
P-660HW-T v2 User’s Guide • The date format here is Month-Day-Year. The time format is Hour-Minute-Second. • "End of Log" message shows that a complete log has been sent. Figure 135 E-mail Log Example Subject: Firewall Alert From xxxxx Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.
P-660HW-T v2 User’s Guide Table 89 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION FTP login failed Someone has failed to log on to the router via ftp. NAT Session Table is Full! The maximum number of NAT session table entries has been exceeded and the table is full. Starting Connectivity Monitor Starting Connectivity Monitor. Time initialized by Daytime Server The router got the time and date from the Daytime server.
P-660HW-T v2 User’s Guide Table 91 Access Control Logs LOG MESSAGE DESCRIPTION Firewall default policy: [TCP | UDP | IGMP | ESP | GRE | OSPF] Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access matched the default policy and was blocked or forwarded according to the default policy’s setting.
P-660HW-T v2 User’s Guide Table 92 TCP Reset Logs (continued) LOG MESSAGE DESCRIPTION Exceed MAX incomplete, sent TCP RST The router sent a TCP reset packet when the number of incomplete connections (TCP and UDP) exceeded the userconfigured threshold. (Incomplete count is for all TCP and UDP connections through the firewall.
P-660HW-T v2 User’s Guide Table 95 CDR Logs LOG MESSAGE DESCRIPTION board%d line%d channel%d, call%d,%s C01 Outgoing Call dev=%x ch=%x%s The router received the setup requirements for a call. “call” is the reference (count) number of the call. “dev” is the device type (3 is for dial-up, 6 is for PPPoE, 10 is for PPTP). "channel" or “ch” is the call channel ID.For example,"board 0 line 0 channel 0, call 3, C01 Outgoing Call dev=6 ch=0 "Means the router has dialed to the PPPoE server 3 times.
P-660HW-T v2 User’s Guide Table 98 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION %s: Contains ActiveX The web site contains ActiveX. %s: Contains Java applet The web site contains a Java applet. %s: Contains cookie The web site contains a cookie. %s: Proxy mode detected The router detected proxy mode in the packet. %s The content filter server responded that the web site is in the blocked category list, but it did not return the category type.
P-660HW-T v2 User’s Guide Table 99 Attack Logs (continued) LOG MESSAGE DESCRIPTION ip spoofing - WAN ICMP (type:%d, code:%d) The firewall detected an ICMP IP spoofing attack on the WAN port. For type and code details, see Table 106 on page 242. icmp echo: ICMP (type:%d, code:%d) The firewall detected an ICMP echo attack. For type and code details, see Table 106 on page 242. syn flood TCP The firewall detected a TCP syn flood attack. ports scan TCP The firewall detected a TCP port scan attack.
P-660HW-T v2 User’s Guide Table 101 IKE Logs LOG MESSAGE DESCRIPTION Active connection allowed exceeded The IKE process for a new connection failed because the limit of simultaneous phase 2 SAs has been reached. Start Phase 2: Quick Mode Phase 2 Quick Mode has started. Verifying Remote ID failed: The connection failed during IKE phase 2 because the router and the peer’s Local/Remote Addresses don’t match.
P-660HW-T v2 User’s Guide Table 101 IKE Logs (continued) LOG MESSAGE DESCRIPTION Remote IP / conflicts The security gateway is set to “0.0.0.0” and the router used the peer’s “Local Address” as the router’s “Remote Address”. This information conflicted with static rule #d; thus the connection is not allowed. Phase 1 ID type mismatch This router’s "Peer ID Type" is different from the peer IPSec router's "Local ID Type".
P-660HW-T v2 User’s Guide Table 101 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 2 authentication algorithm mismatch The listed rule’s IKE phase 2 authentication algorithm did not match between the router and the peer. Rule [%d] Phase 2 encapsulation mismatch The listed rule’s IKE phase 2 encapsulation did not match between the router and the peer.
P-660HW-T v2 User’s Guide Table 102 PKI Logs (continued) LOG MESSAGE DESCRIPTION Enrollment successful The CMP online certificate enrollment was successful. The Destination field records the certification authority server’s IP address and port. Enrollment failed The CMP online certificate enrollment failed. The Destination field records the certification authority server’s IP address and port.
P-660HW-T v2 User’s Guide Table 103 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION 4 (Not used) 5 Certificate is not valid. 6 Certificate signature was not verified correctly. 7 Certificate was revoked by a CRL. 8 Certificate was not added to the cache. 9 Certificate decoding failed. 10 Certificate was not found (anywhere). 11 Certificate chain looped (did not find trusted root). 12 Certificate contains critical extension that was not handled.
P-660HW-T v2 User’s Guide Table 104 802.1X Logs (continued) LOG MESSAGE DESCRIPTION Local User Database does not support authentication method. The local user database only supports the EAP-MD5 method. A user tried to use another authentication method and was not authenticated. User logout because of session timeout expired. The router logged out a user whose session expired. User logout because of user deassociation. The router logged out a user who ended the session.
P-660HW-T v2 User’s Guide Table 106 ICMP Notes TYPE CODE Echo Reply 0 0 Echo reply message Destination Unreachable 3 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) 5 Source route failed Source Quench 4 0 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destina
P-660HW-T v2 User’s Guide Table 107 Syslog Logs LOG MESSAGE DESCRIPTION Mon dd hr:mm:ss hostname src="" dst="" msg="" note="" devID="" cat=" "This message is sent by the system ("RAS" displays as the system name if you haven’t configured one) when the router generates a syslog. The facility is defined in the web MAIN MENU->LOGS->Log Settings page. The severity is the log’s syslog class.
P-660HW-T v2 User’s Guide 244 Chapter 18 Logs
P-660HW-T v2 User’s Guide CHAPTER 19 Tools This chapter describes how to upload new firmware, manage configuration and restart your ZyXEL Device. 19.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. Only use firmware for your device’s specific model.
P-660HW-T v2 User’s Guide Table 109 Firmware Upgrade (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.
P-660HW-T v2 User’s Guide Figure 139 Error Message 19.2 Configuration Screen Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next. Figure 140 Configuration 19.2.1 Backup Configuration Backup configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer.
P-660HW-T v2 User’s Guide 19.2.2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 110 Maintenance Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse... to find it. Browse... Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
P-660HW-T v2 User’s Guide Figure 143 Configuration Restore Error 19.2.3 Back to Factory Defaults Pressing the RESET button in this section clears all user-entered configuration information and returns the ZyXEL Device to its factory defaults. You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to the chapter about introducing the web configurator for more information on the RESET button. 19.
P-660HW-T v2 User’s Guide 250 Chapter 19 Tools
P-660HW-T v2 User’s Guide CHAPTER 20 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 20.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 145 Diagnostic: General The following table describes the fields in this screen. Table 111 Diagnostic: General LABEL DESCRIPTION TCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection.
P-660HW-T v2 User’s Guide 20.2 DSL Line Diagnostic Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 146 Diagnostic: DSL Line The following table describes the fields in this screen. Table 112 Diagnostic: DSL Line LABEL DESCRIPTION ATM Status Click this button to view ATM status. ATM Loopback Test Click this button to start the ATM loopback test. Make sure you have configured at least one PVC with proper VPIs/VCIs before you begin this test.
P-660HW-T v2 User’s Guide CHAPTER 21 Troubleshooting This chapter covers potential problems and the corresponding remedies. 21.1 Problems Starting Up the ZyXEL Device Table 113 Troubleshooting Starting Up Your ZyXEL Device PROBLEM CORRECTIVE ACTION None of the LEDs turn on when I turn on the ZyXEL Device. Make sure that the ZyXEL Device’s power adapter is connected to the ZyXEL Device and plugged in to an appropriate power source.
P-660HW-T v2 User’s Guide 21.3 Problems with the WAN Table 115 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL LED is off. Check the telephone wire and connections between the ZyXEL Device DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service. Reset your ADSL line to reinitialize your link to the DSLAM. For details, refer to the Table 112 on page 252. 254 I cannot get a WAN IP address from the ISP.
P-660HW-T v2 User’s Guide 21.4 Problems Accessing the ZyXEL Device Table 116 Troubleshooting Accessing the ZyXEL Device PROBLEM CORRECTIVE ACTION I cannot The default user password is “user” and admin password is “1234”. The Password access the field is case-sensitive. Make sure that you enter the correct password using the proper ZyXEL Device. case. If you have changed the password and have now forgotten it, you will need to upload the default configuration file.
P-660HW-T v2 User’s Guide 256 Chapter 21 Troubleshooting
P-660HW-T v2 User’s Guide APPENDIX A Product Specifications See also the Introduction chapter for a general overview of the key features. Specification Tables Table 117 Device Specifications Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.
P-660HW-T v2 User’s Guide Table 118 Firmware 258 ADSL Standards Multi-Mode standard (ANSI T1.413,Issue 2; G.dmt(G.992.1); G.lite(G992.2)). ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL2+ (G.992.
P-660HW-T v2 User’s Guide Table 118 Firmware (continued) Firewall Stateful Packet Inspection. Prevents Denial of Service attacks such as Ping of Death, SYN Flood, LAND, Smurf etc. Real-time E-mail alerts. Reports and logs. NAT/SUA Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT/SUA IPSec passthrough SIP ALG passthrough VPN passthrough Content Filtering Web page blocking by URL keyword.
P-660HW-T v2 User’s Guide 260 Appendix A Product Specifications
P-660HW-T v2 User’s Guide APPENDIX B About ADSL Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twistedpair wire that runs between the local telephone company switching offices and most homes and offices.
P-660HW-T v2 User’s Guide 2 Because your line is dedicated (not shared), transmission speeds between you and the device to which you connect at your service provider are not affected by other users. With cable modems, transmission speeds drop significantly as more users go on-line because the line is shared. 3 ADSL can be "always on" (connected).
P-660HW-T v2 User’s Guide APPENDIX C Internal SPTGEN This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices.
P-660HW-T v2 User’s Guide Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space. Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 147 on page 263), then you disable every field in this menu.
P-660HW-T v2 User’s Guide Figure 150 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your ZyXEL Device.
P-660HW-T v2 User’s Guide Example Internal SPTGEN Menus This section provides example Internal SPTGEN menus. Table 119 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING FIN Field Identification Number FN Field Name PVA Parameter Values Allowed INPUT An example of what you may enter * Applies to the ZyXEL Device.
P-660HW-T v2 User’s Guide Table 121 Menu 3 30100012 = Output protocol filters Set 4 = 256 30100013 = Output device filters Set 1 = 256 30100014 = Output device filters Set 2 = 256 30100015 = Output device filters Set 3 = 256 30100016 = Output device filters Set 4 = 256 / Menu 3.2 TCP/IP and DHCP Ethernet Setup FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Client IP Pool Starting Address = 192.168.1.
P-660HW-T v2 User’s Guide Table 121 Menu 3 30201005 = Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 30201006 = IP Alias #1 Incoming protocol filters Set 1 = 256 30201007 = IP Alias #1 Incoming protocol filters Set 2 = 256 30201008 = IP Alias #1 Incoming protocol filters Set 3 = 256 30201009 = IP Alias #1 Incoming protocol filters Set 4 = 256 30201010 = IP Alias #1 Outgoing protocol filters Set 1 = 256 30201011 = IP Alias #1 Outgoing protocol filters Set 2 = 256 30201012 = IP Alias #1
P-660HW-T v2 User’s Guide Table 121 Menu 3 FIN FN 30500001 = ESSID 30500002 = Hide ESSID <0(No) | 1(Yes)> 30500003 = Channel ID <1|2|3|4|5|6|7 = 1 |8|9|10|11|12| 13> 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG.
P-660HW-T v2 User’s Guide Table 122 Menu 4 Internet Access Setup / Menu 4 Internet Access Setup 270 FIN FN PVA INPUT 40000000 = Configured <0(No) | 1(Yes)> = 1 40000001 = ISP <0(No) | 1(Yes)> = 1 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> = 2 40000005 = Multiplexing <1(LLC-based) | 2(VC-based) = 1 40000006 = VPI # = 0 40000007 = VCI # = 35 40000008 = Service Name = any 4
P-660HW-T v2 User’s Guide Table 122 Menu 4 Internet Access Setup (continued) 40000027 = ATM QoS Type <0(CBR) | (1 (UBR)> = 1 40000028 = Peak Cell Rate (PCR) = 0 40000029 = Sustain Cell Rate (SCR) = 0 40000030 = Maximum Burst Size(MBS) = 0 40000031= RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> = 0 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nailed-up Connection <0(No) |1(Yes)> = 0 Table 123 Menu 12 / Menu 12.1.
P-660HW-T v2 User’s Guide Table 124 Menu 15 SUA Server Setup / Menu 15 SUA Server Setup FIN FN 150000001 = SUA Server IP address for default port 150000002 = SUA Server #2 Active <0(No) | 1(Yes)> = 0 150000003 = SUA Server #2 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000004 = SUA Server #2 Port Start = 0 150000005 = SUA Server #2 Port End = 0 150000006 = SUA Server #2 Local IP address = 0.0.0.
P-660HW-T v2 User’s Guide Table 124 Menu 15 SUA Server Setup (continued) 150000031 = SUA Server #7 Local IP address = 0.0.0.0 150000032 = SUA Server #8 Active <0(No) | 1(Yes)> = 0 150000033 = SUA Server #8 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000034 = SUA Server #8 Port Start = 0 150000035 = SUA Server #8 Port End = 0 150000036 = SUA Server #8 Local IP address = 0.0.0.
P-660HW-T v2 User’s Guide Table 125 Menu 21.1 Filter Set #1 (continued) 210101002 = IP Filter Set 1,Rule 1 Active <0(No)|1(Yes)> 210101003 = IP Filter Set 1,Rule 1 Protocol = 6 210101004 = IP Filter Set 1,Rule 1 Dest IP address = 0.0.0.0 210101005 = IP Filter Set 1,Rule 1 Dest Subnet Mask = 0 210101006 = IP Filter Set 1,Rule 1 Dest Port = 137 210101007 = IP Filter Set 1,Rule 1 Dest Port Comp 210101008 = IP Filter Set 1,Rule 1 Src IP address = 0.0.0.
P-660HW-T v2 User’s Guide Table 125 Menu 21.1 Filter Set #1 (continued) 210102013 = IP Filter Set 1,Rule 2 Act Match <1(check next)|2(forward)| 3(drop)> = 3 210102014 = IP Filter Set 1,Rule 2 Act Not Match <1(check next)|2(forward)| 3(drop)> = 1 Table 126 Menu 21.1 Filer Set #2, / Menu 21.1 filter set #2, FIN FN PVA INPUT 210200001 = Filter Set 2, Nam = NetBIOS_WAN PVA INPUT / Menu 21.1.2.
P-660HW-T v2 User’s Guide Table 126 Menu 21.1 Filer Set #2, (continued) 210202001 = IP Filter Set 2, Rule 2 Type <0(none)|2(TCP/IP)> = 2 210202002 = IP Filter Set 2, Rule 2 Active <0(No)|1(Yes)> 210202003 = IP Filter Set 2, Rule 2 Protocol = 6 210202004 = IP Filter Set 2, Rule 2 Dest IP address = 0.0.0.
P-660HW-T v2 User’s Guide Table 127 Menu 23 System Menus (continued) 230200005 = Authentication Server Shared Secret = 111111111111 111 111111111111 1111 230200006 = Accounting Server Configured <0(No) | 1(Yes)> = 1 230200007 = Accounting Server Active <0(No) | 1(Yes)> = 1 230200008 = Accounting Server IP Address = 192.168.1.44 230200009 = Accounting Server Port = 1823 230200010 = Accounting Server Shared Secret = 1234 */ Menu 23.4 System security: IEEE802.
P-660HW-T v2 User’s Guide Table 128 Menu 24.11 Remote Management Control (continued) 241100002 = TELNET Server Access <0(all)|1(none)|2(L = 0 an)|3(Wan)> 241100003 = TELNET Server Secured IP address = 0.0.0.0 241100004 = FTP Server Port = 21 241100005 = FTP Server Access 241100006 = FTP Server Secured IP address = 0.0.0.
P-660HW-T v2 User’s Guide APPENDIX D Wall-mounting Instructions Do the following to hang your ZyXEL Device on a wall. Note: See the product specifications appendix for the size of screws to use and how far apart to place them. 1 Locate a high position on wall that is free of obstructions. Use a sturdy wall. 2 Drill two holes for the screws. Make sure the distance between the centers of the holes matches what is listed in the product specifications appendix.
P-660HW-T v2 User’s Guide 280 Appendix D Wall-mounting Instructions
P-660HW-T v2 User’s Guide APPENDIX E Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
P-660HW-T v2 User’s Guide Figure 153 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 In the Network window, click Add.
P-660HW-T v2 User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • • If your IP address is dynamic, select Obtain an IP address automatically.
P-660HW-T v2 User’s Guide Figure 155 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • If you do not know your gateway’s IP address, remove previously installed gateways. If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted.
P-660HW-T v2 User’s Guide Figure 156 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 157 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
P-660HW-T v2 User’s Guide Figure 158 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 159 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • 286 If you have a dynamic IP address click Obtain an IP address automatically.
P-660HW-T v2 User’s Guide • • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 160 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
P-660HW-T v2 User’s Guide Figure 161 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
P-660HW-T v2 User’s Guide Figure 162 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings 1 Click Start, All Programs, Accessories and then Command Prompt.
P-660HW-T v2 User’s Guide Figure 163 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 164 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
P-660HW-T v2 User’s Guide • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window.
P-660HW-T v2 User’s Guide Figure 166 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window.
P-660HW-T v2 User’s Guide Note: Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 167 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown.
P-660HW-T v2 User’s Guide • If you have a static IP address click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields. 3 Click OK to save the changes and close the Ethernet Device General screen. 4 If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 169 Red Hat 9.0: KDE: Network Configuration: DNS 5 Click the Devices tab.
P-660HW-T v2 User’s Guide • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 171 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask.
P-660HW-T v2 User’s Guide Figure 174 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: Shutting down loopback interface: Setting network parameters: Bringing up loopback interface: Bringing up interface eth0: [OK] [OK] [OK] [OK] [OK] Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 175 Red Hat 9.
P-660HW-T v2 User’s Guide APPENDIX F IP Subnetting This appendix introduces addresses, IP address classes and subnet masks. Introduction to IP Addresses An IP address is made up of four octets, written in dotted decimal notation (for example, 192.168.1.1). An octet is an 8-digit binary number. Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 256 in decimal. An IP address has two parts: the network number and the host ID.
P-660HW-T v2 User’s Guide A class A address (3 host octets: 24 host bits) can have 224 – 2 hosts, or approximately 16 million hosts. IP Address Classes and Network ID The value of the first octet of an IP address determines the class of an address. • • • • Class A addresses have a 0 in the leftmost bit. Class B addresses have a 1 in the leftmost bit and a 0 in the next leftmost bit. Class C addresses start with 1 1 0 in the first three leftmost bits. Class D addresses begin with 1 1 1 0.
P-660HW-T v2 User’s Guide Table 132 “Natural” Masks (continued) CLASS NATURAL MASK B 255.255.0.0 C 255.255.255.0 Subnetting With subnetting, the class arrangement of an IP address is ignored. For example, a class C address no longer has to have 24 bits of network number and 8 bits of host ID. With subnetting, some of the host ID bits are converted into network number bits.
P-660HW-T v2 User’s Guide Example: Two Subnets As an example, you have a class “C” address 192.168.1.0 with subnet mask of 255.255.255.0. Table 134 Two Subnets Example IP/SUBNET MASK NETWORK NUMBER HOST ID IP Address 192.168.1. 0 IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask 255.255.255. 0 Subnet Mask (Binary) 11111111.11111111.11111111. 00000000 The first three octets of the address make up the network number (class “C”). To make two networks, divide the network 192.
P-660HW-T v2 User’s Guide Table 136 Subnet 2 (continued) IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129 Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254 LAST OCTET BIT VALUE Host IDs of all zeros represent the subnet itself and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 27 – 2 or 126 hosts for each subnet. 192.168.1.0 with mask 255.255.255.
P-660HW-T v2 User’s Guide Table 138 Subnet 2 (continued) LAST OCTET BIT VALUE IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 Table 139 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 128 IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.128 Lowest Host ID: 192.
P-660HW-T v2 User’s Guide Table 141 Eight Subnets (continued) SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 The following table is a summary for class “C” subnet planning. Table 142 Class C Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.128 (/25) 2 126 2 255.255.255.192 (/26) 4 62 3 255.255.255.224 (/27) 8 30 4 255.255.255.
P-660HW-T v2 User’s Guide Table 143 Class B Subnet Planning (continued) 304 NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 8 255.255.255.0 (/24) 256 254 9 255.255.255.128 (/25) 512 126 10 255.255.255.192 (/26) 1024 62 11 255.255.255.224 (/27) 2048 30 12 255.255.255.240 (/28) 4096 14 13 255.255.255.248 (/29) 8192 6 14 255.255.255.252 (/30) 16384 2 15 255.255.255.
P-660HW-T v2 User’s Guide APPENDIX G Command Interpreter The following describes how to use the command interpreter. You can telnet to access the CLI (Command Line Interface) on the ZyXEL Device. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Accessing the CLI Use the following steps to telnet into your ZyXEL Device.
P-660HW-T v2 User’s Guide Log Commands This section provides some general examples of how to use the log commands. The items that display with your device may vary but the basic function should be the same. Go to the command interpreter interface. Configuring What You Want the ZyXEL Device to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyXEL Device is to record. 2 Use sys logs category to view a list of the log categories.
P-660HW-T v2 User’s Guide • Use the sys logs category display command to show the log settings for all of the log categories. • Use the sys logs display [log category] command to show the logs in an individual ZyXEL Device log category. • Use the sys logs clear command to erase all of the ZyXEL Device’s logs. Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results.
P-660HW-T v2 User’s Guide 308 Appendix G Command Interpreter
P-660HW-T v2 User’s Guide APPENDIX H Firewall Commands The following describes the firewall commands. Table 144 Firewall Commands FUNCTION COMMAND DESCRIPTION config edit firewall active This command turns the firewall on or off. config retrieve firewall This command returns the previously saved firewall settings. config save firewall This command saves the current firewall settings.
P-660HW-T v2 User’s Guide Table 144 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION E-mail config edit firewall e-mail mail-server This command sets the IP address to which the e-mail messages are sent. config edit firewall e-mail return-addr This command sets the source e-mail address of the firewall e-mails. config edit firewall e-mail email-to This command sets the e-mail address to which the firewall e-mails are sent.
P-660HW-T v2 User’s Guide Table 144 Firewall Commands (continued) FUNCTION Sets COMMAND DESCRIPTION config edit firewall attack minute-high <0-255> This command sets the threshold rate of new half-open sessions per minute where the ZyXEL Device starts deleting old half-opened sessions until it gets them down to the minutelow threshold. config edit firewall attack minute-low <0-255> This command sets the threshold of half-open sessions where the ZyXEL Device stops deleting half-opened sessions.
P-660HW-T v2 User’s Guide Table 144 Firewall Commands (continued) FUNCTION Rules 312 COMMAND DESCRIPTION Config edit firewall set tcp-idle-timeout This command sets how long ZyXEL Device lets an inactive TCP connection remain open before considering it closed. Config edit firewall set log This command sets whether or not the ZyXEL Device creates logs for packets that match the firewall’s default rule set.
P-660HW-T v2 User’s Guide Table 144 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION config edit firewall set rule destaddrsingle This command sets the rule to have the ZyXEL Device check for traffic with this individual destination address.
P-660HW-T v2 User’s Guide Table 144 Firewall Commands (continued) FUNCTION 314 COMMAND DESCRIPTION config delete firewall set rule This command removes the specified rule in a firewall configuration set.
P-660HW-T v2 User’s Guide APPENDIX I NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
P-660HW-T v2 User’s Guide The filter types and their default settings are as follows. Table 145 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN and WAN This field displays whether NetBIOS packets are blocked or forwarded Block between the LAN and the WAN. IPSec Packets This field displays whether NetBIOS packets sent through a VPN connection are blocked or forwarded. Trigger dial Forward This field displays whether NetBIOS packets are allowed to initiate Disabled calls.
P-660HW-T v2 User’s Guide APPENDIX J Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals. This allows simultaneous Internet access and telephone service on the same line. A splitter also eliminates the destructive interference conditions caused by telephone sets.
P-660HW-T v2 User’s Guide 2 Connect a cable from the wall jack to the “wall side” of the microfilter. 3 Connect the “phone side” of the microfilter to your telephone as shown in the following figure. 4 After you are done, make sure that your telephone works. If your telephone does not work, disconnect the microfilter and contact either your local telephone company or the provider of the microfilter.
P-660HW-T v2 User’s Guide ZyXEL Device With ISDN This section relates to people who use their ZyXEL Device with ADSL over ISDN (digital telephone service) only. The following is an example installation for the ZyXEL Device with ISDN.
P-660HW-T v2 User’s Guide 320 Appendix J Splitters and Microfilters
P-660HW-T v2 User’s Guide APPENDIX K Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C).
P-660HW-T v2 User’s Guide Figure 183 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
P-660HW-T v2 User’s Guide Figure 184 Infrastructure WLAN Channel IEEE802.11a/b/g wireless devices operate in the 2.4GHz radio band. This range of frequencies is divided up into channels.The channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel from an adjacent AP (access point) to reduce interference.
P-660HW-T v2 User’s Guide Figure 185 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
P-660HW-T v2 User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
P-660HW-T v2 User’s Guide Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity. The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.
P-660HW-T v2 User’s Guide Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access.
P-660HW-T v2 User’s Guide EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses.
P-660HW-T v2 User’s Guide Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled.
P-660HW-T v2 User’s Guide Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP.
P-660HW-T v2 User’s Guide User Authentication WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a network. Other WPA2 authentication features that are different from WPA include key caching and pre-authentication.
P-660HW-T v2 User’s Guide Figure 186 WPA(2) with RADIUS Application Example WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). 2 The AP checks each wireless client's password and (only) allows it to join the network if the password matches.
P-660HW-T v2 User’s Guide Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 149 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTION ENTER METHOD/ KEY METHOD MANUAL KEY MANAGEMENT PROTOCOL IEEE 802.
P-660HW-T v2 User’s Guide 334 Appendix K Wireless LANs
P-660HW-T v2 User’s Guide APPENDIX L Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
P-660HW-T v2 User’s Guide Figure 189 Internet Options 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
P-660HW-T v2 User’s Guide Figure 190 Internet Options (2) 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites.
P-660HW-T v2 User’s Guide Figure 191 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
P-660HW-T v2 User’s Guide Figure 192 Internet Options (3) 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
P-660HW-T v2 User’s Guide Figure 193 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
P-660HW-T v2 User’s Guide Figure 194 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for
P-660HW-T v2 User’s Guide Figure 195 Java (Sun) 342 Appendix L Pop-up Windows, JavaScripts and Java Permissions
P-660HW-T v2 User’s Guide APPENDIX M Triangle Route The Ideal Setup When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks. Figure 196 Ideal Setup The “Triangle Route” Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices.
P-660HW-T v2 User’s Guide Figure 197 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your ZyXEL Device supports up to three logical LAN interfaces with the ZyXEL Device being the gateway for each logical network.
P-660HW-T v2 User’s Guide Index Numerics auto-negotiating 258 auxiliary gateway 34 4-port switch 31, 36 B A AAL5 76 access point see AP address assignment 113 Address Resolution Protocol see ARP ad-hoc 321 ADSL 35, 261 standards 33 ADSL 2+ 33 ADSL line reinitialize 252 ADSL standards 33, 258 Advanced Encryption Standard see AES AES 330 alerts 225 alternative subnet mask notation 299 always on 262 analog 33 antenna gain 104 Any IP 34, 115 how it works 116 note 116 Any IP Setup 118 AP 93, 323 application-
P-660HW-T v2 User’s Guide computer name 219, 220 configuration 31, 112, 245, 247, 294 backup 247 restore 247, 248 upload 248 configuration text file 263 connection failure 34 connection settings 34 contact information 9 content filtering 34, 171, 259 categories 171 schedule 172 trusted computers 173 URL keyword blocking 171 Continuous Bit Rate see CBR copyright 3 CTS 324 custom ports creating / editing 159 customer support 9 customized services 158 D data rate 33 date and time settings 221 dedicated circu
P-660HW-T v2 User’s Guide F H factory defaults 247, 249 fairness-based scheduler 181 FCC interference statement 4 feedback 32 File Transfer Protocol see FTP filename extension 245 filtering 34 finger 130 firewall 34, 259 access methods 149 address type 157 alerts 152 anti-probing 165 commands 309 creating/editing rules 155 custom ports 158 enabling 152 firewall vs filters 147 guidelines for enhancing security 146 introduction 138 LAN to WAN rules 152 policies 149 rule checklist 150 rule configuration key
P-660HW-T v2 User’s Guide IP alias 36 IP pool 119 setup 112 IP protocol type 163 IP spoofing 140, 143 ISDN 33 IV 330 L LAN 36 LAN setup 111 LAN TCP/IP 113 LAN to WAN rules 152 LAND 140, 141 local (user) database 95 and encryption 96 Local Area Network see LAN logical network 36 logs 225 alerts 225 configuring 226 descriptions 229 e-mail 228 loopback test 252 M MAC address 94 MAC address filter 94 action 109 MAC address filtering 108 MAC filter 108 maintenance 247 management 258 Management Information Bas
P-660HW-T v2 User’s Guide packet filtering firewalls 137 Pairwise Master Key see PMK password 255, 257 PCR 79, 84, 89 Peak Cell Rate see PCR ping 251 ping of death 140 PMK 330, 332 Point to Point Protocol over ATM Adaptation Layer 5 (AAL5) 76 Point-to Point Protocol see PPP point-to-point 261 point-to-point protocol over ATM Point-to-Point Protocol over Ethernet see PPPoE Point-to-Point Tunneling Protocol see PPTP POP3 130, 139, 140 power specifications 257 PPP 258 PPPoA 77 PPPoE 35, 75 Benefits 75 PPTP 13
P-660HW-T v2 User’s Guide security general 146 parameters 333 ramifications 150 Server 128 server 35, 127, 128, 222 service 151 service set 97 Service Set IDentity See SSID service type 159, 254 services 130 settings backup 247 defaults 247 restore 248 setup, general 219 Single User Account see SUA SMTP 130 smurf 141, 142 SNMP 130, 199 manager 200 MIBs 200 source address 151 specifications 257 splitter 317 splitters 317 SPTGEN 263 command examples 278 text file format 263 SSID 93 hide 94 stateful inspectio
P-660HW-T v2 User’s Guide see UBR UPnP 35, 207 application 207 Forum 208 security issues 208 UPnP installation 209 Windows Me 209 Windows XP 211 upper layer protocols 145, 146 upstream 33, 34 user authentication 95, 331 local (user) database 95 RADIUS server 95 weaknesses 95 user name 192 V Vantage CNM Access 36 Variable Bit Rate see VBR VBR 84, 88 VC 76 permanent virtual circuit see PVC VC-based multiplexing 77 VCI 34, 77 Virtual Channel Identifier see VCI virtual circuit see VC Virtual Path Identifier
