ZyXEL P-660HW-D1 v2 User Guide
ZyXEL P-660HW-D1 v2 Manual
 |
View all ZyXEL P-660HW-D1 v2 manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL P-660HW-D1 v2 manual content summary:
- ZyXEL P-660HW-D1 v2 | User Guide - Page 1
P-660HW-Dx v2 802.11g Wireless ADSL2+ 4-port Gateway User's Guide Version 3.40 3/2007 Edition 2 www.zyxel.com - ZyXEL P-660HW-D1 v2 | User Guide - Page 2
- ZyXEL P-660HW-D1 v2 | User Guide - Page 3
is recommended you use the web configurator to configure the ZyXEL Device. • Supporting Disk Refer to the included CD for support documents. • ZyXEL Web Site • Please refer to www.zyxel.com for additional support documentation and product certifications. User Guide Feedback Help us help you. Send - ZyXEL P-660HW-D1 v2 | User Guide - Page 4
need to configure or helpful tips) or recommendations. Syntax Conventions • The P-660HW-D may be referred to as the "ZyXEL Device", the "device" or the "system" in this User's Guide. • is a shorthand for "for instance", and "i.e.," means "that is" or "in other words". 4 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 5
Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router P-660HW-Dx v2 User's Guide 5 - ZyXEL P-660HW-D1 v2 | User Guide - Page 6
Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information. • Make sure to connect the cables to the correct ports P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 7
Safety Warnings P-660HW-Dx v2 User's Guide 7 - ZyXEL P-660HW-D1 v2 | User Guide - Page 8
Safety Warnings 8 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 9
Bandwidth Management ...187 Dynamic DNS Setup ...199 Remote Management Configuration 203 Universal Plug-and-Play (UPnP 213 Maintenance and Troubleshooting 225 System ...227 Logs ...233 Tools ...251 Diagnostic ...257 Troubleshooting ...259 Appendices and Index ...263 P-660HW-Dx v2 User's Guide 9 - ZyXEL P-660HW-D1 v2 | User Guide - Page 10
Contents Overview 10 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 11
40 2.3 Resetting the ZyXEL Device 42 2.3.1 Using the Reset Button 42 2.4 Navigating the Web Configurator 42 2.4.1 Navigation Panel ...42 2.4.2 Status Screen ...44 2.4.3 Status: Any IP Table 47 2.4.4 Status: WLAN Status 47 2.4.5 Status: Bandwidth Status 48 P-660HW-Dx v2 User's Guide 11 - ZyXEL P-660HW-D1 v2 | User Guide - Page 12
48 2.4.7 Changing Login Password 50 Part II: Wizards 51 Chapter 3 Wizard Setup for Internet Access 53 3.1 Introduction ...53 3.2 Internet Access Wizard Setup 53 3.2.1 Automatic Detection 55 3.2.2 Manual Configuration 55 3.3 Wireless Connection Wizard Setup 60 3.3.1 Manually assign a WPA - ZyXEL P-660HW-D1 v2 | User Guide - Page 13
108 7.3.1 No Security ...109 7.3.2 WEP Encryption ...110 7.3.3 WPA-PSK/WPA2-PSK 111 7.3.4 WPA/WPA2 ...113 7.3.5 Wireless LAN Advanced Setup 115 7.4 OTIST ...117 7.4.1 Enabling OTIST ...117 7.4.2 Starting OTIST ...119 7.4.3 Notes on OTIST ...120 7.5 MAC Filter ...121 P-660HW-Dx v2 User's Guide 13 - ZyXEL P-660HW-D1 v2 | User Guide - Page 14
SIP ALG ...132 8.4 NAT General Setup ...133 8.5 Port Forwarding ...133 8.5.1 Default Server IP Address 134 8.5.2 Port Forwarding: Services and Port Numbers 134 8.5.3 Configuring Servers Behind Port Forwarding (Example 135 8.6 Configuring Port Forwarding 135 8.6.1 Port Forwarding Rule Edit 136 - ZyXEL P-660HW-D1 v2 | User Guide - Page 15
172 10.10.2 Half-Open Sessions 173 10.10.3 Configuring Firewall Thresholds 173 Chapter 11 Content Filtering ...177 11.1 Content Filtering Overview 177 11.2 Configuring Keyword Blocking 177 11.3 Configuring the Schedule 178 11.4 Configuring Trusted Computers 179 P-660HW-Dx v2 User's Guide 15 - ZyXEL P-660HW-D1 v2 | User Guide - Page 16
199 14.2 Configuring Dynamic DNS 199 Chapter 15 Remote Management Configuration 203 15.1 Remote Management Overview 203 15.1.1 Remote Management Limitations 204 15.1.2 Remote Management and NAT 204 15.1.3 System Timeout ...204 15.2 WWW ...204 15.3 Telnet ...205 16 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 17
17.1.1 General Setup and System Name 227 17.1.2 General Setup ...227 17.2 Time Setting ...229 Chapter 18 Logs ...233 18.1 Logs Overview ...233 18.1.1 Alerts and Logs ...233 18.2 Viewing the Logs ...233 18.3 Configuring Log Settings 234 18.3.1 Example E-mail Log 236 P-660HW-Dx v2 User's Guide 17 - ZyXEL P-660HW-D1 v2 | User Guide - Page 18
Firmware Upgrade ...251 19.2 Configuration Screen ...253 19.2.1 Backup Configuration 253 19.2.2 Restore Configuration 254 19.2.3 Back to Factory Defaults 255 19.3 Restart ...255 Chapter 20 Diagnostic ...257 20.1 General Diagnostic ...257 20.2 DSL Line Diagnostic ...257 Chapter 21 Troubleshooting - ZyXEL P-660HW-D1 v2 | User Guide - Page 19
Table of Contents Index...351 P-660HW-Dx v2 User's Guide 19 - ZyXEL P-660HW-D1 v2 | User Guide - Page 20
Table of Contents 20 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 21
LAN Setup Wizard 1 61 Figure 33 Wireless LAN Setup Wizard 2 62 Figure 34 Manually assign a WPA key 63 Figure 35 Manually assign a WEP key 64 Figure 36 Wireless LAN Setup 3 ...64 Figure 37 Internet Access and WLAN Wizard Setup Complete 65 Figure 38 Select a Mode ...68 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 22
Wireless LAN: QoS ...125 Figure 76 Application Priority Configuration 126 Figure 77 How NAT Works ...130 Figure 78 NAT Application With IP Alias 131 Figure 79 NAT General ...133 Figure 80 Multiple Servers Behind NAT Example 135 Figure 81 NAT Port Forwarding ...136 22 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 23
List of Figures Figure 82 Port Forwarding Rule Setup 137 Figure 83 Address Mapping Rules ...138 Figure 84 Edit : DNS 211 Figure 122 Remote Management: ICMP 212 Figure 123 Configuring UPnP ...214 Figure 124 Add/Remove Programs: Windows Setup: Communication 215 P-660HW-Dx v2 User's Guide 23 - ZyXEL P-660HW-D1 v2 | User Guide - Page 24
Services Setup Firmware ...251 Figure 144 Firmware Upload In Progress 252 Figure 145 Network Temporarily Disconnected 252 Figure 146 Error Message ...253 Figure 147 Configuration ...253 Figure 148 Configuration 157 Basic Service Set ... Network: Configuration 286 Figure : DNS Configuration 288 Figure - ZyXEL P-660HW-D1 v2 | User Guide - Page 25
Addresses Example 310 Figure 191 Configuration Text File Format: Column Descriptions Example 318 Figure 194 Internal SPTGEN FTP Download Example 319 Figure 195 Internal SPTGEN FTP Setup ...341 Figure 205 "Triangle Route" Problem 342 Figure 206 IP Alias ...342 P-660HW-Dx v2 User's Guide 25 - ZyXEL P-660HW-D1 v2 | User Guide - Page 26
List of Figures 26 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 27
Table 14 Wireless LAN Setup Wizard 2 62 Table 15 Manually assign a WPA key ...63 Table 16 Manually assign a WEP key 64 Table 17 Media Bandwidth Management Setup: Services 67 Table 18 Bandwidth Management Wizard: General Information 69 Table 19 Bandwidth Management Wizard: Configuration 70 Table - ZyXEL P-660HW-D1 v2 | User Guide - Page 28
Table 42 Wireless Lan: QoS ...125 Table 43 Application Priority Configuration 126 Table 44 NAT Definitions ...129 Table 45 NAT Mapping Types ...132 Table 46 NAT General ...133 Table 47 Services and Port Numbers 134 Table 48 NAT Port Forwarding ...136 Table 49 Port Forwarding Rule Setup 137 Table - ZyXEL P-660HW-D1 v2 | User Guide - Page 29
...265 Table 119 Wireless Firmware Specifications 267 Table 120 Standards Supported ...267 Table 121 IEEE 802.11g ...275 Table 122 Wireless Security Levels ...276 Table 123 Comparison of EAP Authentication Types 279 Table 124 Wireless Security Relational Matrix 282 P-660HW-Dx v2 User's Guide 29 - ZyXEL P-660HW-D1 v2 | User Guide - Page 30
Setup 324 Table 143 Menu 21.1 Filter Set #1 ...326 Table 144 Menu 21.1 Filer Set #2, ...327 Table 145 Menu 23 System Menus ...329 Table 146 Menu 24.11 Remote Management Control 330 Table 147 Command Examples ...331 Table 148 NetBIOS Filter Default Settings 340 30 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 31
PART I Introduction Introducing the ZyXEL Device (33) Introducing the Web Configurator (39) 31 - ZyXEL P-660HW-D1 v2 | User Guide - Page 32
32 - ZyXEL P-660HW-D1 v2 | User Guide - Page 33
. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs. A typical Internet access application is shown below P-660HW-Dx v2 User's Guide 33 - ZyXEL P-660HW-D1 v2 | User Guide - Page 34
data rate is 1.2 Mbps. ZyXEL Devices which work over ISDN do not support Annex M. " The standard your ISP supports determines the maximum upstream and downstream speeds attainable. Actual speeds attained also depend on the distance from your ISP, line quality, etc. 34 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 35
. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers. • FTP for firmware upgrades and configuration backup/restore (Chapter 19 on page 251) • SNMP - ZyXEL P-660HW-D1 v2 | User Guide - Page 36
access and telephone service on the same line. A splitter also eliminates the destructive interference conditions caused by telephone sets. Install the POTS splitter at the point where the telephone line enters your residence, as shown in the following figure. 36 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 37
labeled "Phone" to your telephone. 2 Connect the side labeled "Modem" or "DSL" to your ZyXEL Device. 3 Connect the side labeled "Line" to the telephone wall jack. 1.5.1.2 Telephone Microfilters Telephone from the wall jack to the single jack end of the Y-Connector. P-660HW-Dx v2 User's Guide 37 - ZyXEL P-660HW-D1 v2 | User Guide - Page 38
and Y-Connector 1.5.1.3 ZyXEL Device With ISDN This section relates to people who use their ZyXEL Device with ADSL over ISDN (digital telephone service) only. The following is an example installation for the ZyXEL Device with ISDN. Figure 7 ZyXEL Device with ISDN 38 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 39
by default). See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer. 2.2 Accessing the Web Configurator " Even though you can connect to the ZyXEL Device wirelessly, it is recommended that you connect your computer to a LAN port for initial - ZyXEL P-660HW-D1 v2 | User Guide - Page 40
password, it is highly recommended you change the default admin password! Enter a new password between 1 and 30 characters, retype it to confirm and click Apply. Alternatively click Ignore to proceed to the main menu if you do not want to change the password now. 40 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 41
setup and click Apply to display the Status screen. Figure 11 Select a Mode " The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens. P-660HW-Dx v2 - ZyXEL P-660HW-D1 v2 | User Guide - Page 42
the Web Configurator 2.3 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration file. This means that you will lose all configurations that you - ZyXEL P-660HW-D1 v2 | User Guide - Page 43
this screen to partition your LAN interface into subnets. NAT General Use this screen to enable NAT. Port Forwarding Use this screen to configure servers behind the ZyXEL Device. Address Mapping Use this screen to configure network address translation mapping rules. Security Firewall General - ZyXEL P-660HW-D1 v2 | User Guide - Page 44
Screen The following summarizes how to navigate the web configurator from the Status screen. Some fields or links are not available if you entered the user password in the login password screen (see Figure 9 on page 40). Not all fields are available on all models. 44 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 45
. This is sometimes needed by technicians to help troubleshoot problems. WAN Information DSL Mode This is the standard that your ZyXEL Device is using. IP Address This is the WAN port IP address. IP Subnet Mask This is the WAN port IP subnet mask. Default Gateway This is the IP address of the - ZyXEL P-660HW-D1 v2 | User Guide - Page 46
stations that are (Wireless devices currently associating with the ZyXEL Device. only) Bandwidth Status Use this screen to view the ZyXEL Device's bandwidth usage and allotments. Packet Statistics Use this screen to view port status and packet specific statistics. 46 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 47
example, 00:A0:C5:00:00:02. Refresh Click Refresh to update this screen. 2.4.4 Status: WLAN Status Click the WLAN Status hyperlink in the Status screen to view the wireless stations that are currently associated to the ZyXEL Device. Figure 15 Status: WLAN Status P-660HW-Dx v2 User's Guide 47 - ZyXEL P-660HW-D1 v2 | User Guide - Page 48
Statistics hyperlink in the Status screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Not all fields are available on all models 48 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 49
number of error packets on this port. Tx B/s This field displays the number of bytes transmitted in the last second. Rx B/s This field displays the number of bytes received in the last second. Up Time This field displays the elapsed time this port has been up. P-660HW-Dx v2 User's Guide 49 - ZyXEL P-660HW-D1 v2 | User Guide - Page 50
ZyXEL Device. If you didn't change the default one after you logged in or you want to change to a new password again, then click Maintenance > System to display the screen shown next. See Table 90 on page 228 for detailed field descriptions. Figure 18 System General 50 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 51
PART II Wizards Wizard Setup for Internet Access (53) Bandwidth Management Wizard (67) 51 - ZyXEL P-660HW-D1 v2 | User Guide - Page 52
52 - ZyXEL P-660HW-D1 v2 | User Guide - Page 53
, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to display the wizard main screen. Figure 19 Select a Mode 2 Click INTERNET/WIRELESS SETUP to configure the system for Internet access. P-660HW-Dx v2 User's Guide 53 - ZyXEL P-660HW-D1 v2 | User Guide - Page 54
54), check your hardware connections and click Restart the Internet/ Wireless Setup Wizard to have the ZyXEL Device detect your connection again. Figure 21 Auto Detection: No Section 3.2.2 on page 55 on how to configure the ZyXEL Device for Internet access manually. 54 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 55
Figure 23 Auto-Detection: PPPoE 3.2.2 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type, enter the Internet access information given to you by your ISP exactly in the wizard screen. If not given, leave the fields set to the default. P-660HW-Dx v2 User's Guide 55 - ZyXEL P-660HW-D1 v2 | User Guide - Page 56
you chose above. Exit Click Exit to close the wizard screen without saving your changes. 2 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. 56 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 57
Password Enter the password associated with the user name above. Service Name Type the name of your PPPoE service here. Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes to the ZyXEL Routing in the Mode field. Type your ISP assigned IP - ZyXEL P-660HW-D1 v2 | User Guide - Page 58
Chapter 3 Wizard Setup for Internet Access Table 10 Internet Connection with RFC 1483 (continued) LABEL the previous wizard screen. Apply Click Apply to save your changes to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. 58 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 59
and Password setup to go back to the screen where you can modify them. Figure 29 Connection Test Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wireless Setup Wizard to verify your Internet access settings. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 60
following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. Figure 31 Connection Test Successful 2 Use this screen to activate the wireless LAN and OTIST. Click Next to continue. 60 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 61
same OTIST Setup Key on the ZyXEL Device and wireless clients. Click Back to display the previous screen. Click Next to proceed to the next screen. Click Exit to close the wizard screen without saving. 3 Configure your wireless settings in this screen. Click Next. P-660HW-Dx v2 User's Guide 61 - ZyXEL P-660HW-D1 v2 | User Guide - Page 62
key (Recommended) to have the ZyXEL Device create a pre-shared key (WPA-PSK) automatically only if your wireless clients support WPA and OTIST. This option is available only when you enable OTIST in the previous wizard screen. Select Manually assign a WPA-PSK key to configure a pre-shared key (WPA - ZyXEL P-660HW-D1 v2 | User Guide - Page 63
this. Click Back to display the previous screen. Click Next to proceed to the next screen. Click Exit to close the wizard screen without saving. 3.3.2 Manually assign a WEP key Choose Manually assign a WEP key to setup WEP Encryption parameters. P-660HW-Dx v2 User's Guide 63 - ZyXEL P-660HW-D1 v2 | User Guide - Page 64
the previous screen. Click Next to proceed to the next screen. Click Exit to close the wizard screen without saving. 5 Click Apply to save your wireless LAN settings. Figure 36 Wireless LAN Setup 3 64 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 65
. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. P-660HW-Dx v2 User's Guide 65 - ZyXEL P-660HW-D1 v2 | User Guide - Page 66
Chapter 3 Wizard Setup for Internet Access 66 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 67
e-mail. FTP uses port number 21. E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals. Here are some default ports for e-mail: POP3 - port 110 IMAP - port 143 SMTP - port 25 HTTP - port 80 Telnet Telnet is the login and terminal emulation - ZyXEL P-660HW-D1 v2 | User Guide - Page 68
Wizard Setup 1 After you enter the admin password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to display the wizard main screen. Figure 38 Select a Mode 68 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 69
Select the Active check box to have the ZyXEL Device apply bandwidth management to traffic going out through the ZyXEL Device's port(s). Select Services Setup to allocate bandwidth based on the service requirements. Back Click Back to display the previous screen. P-660HW-Dx v2 User's Guide 69 - ZyXEL P-660HW-D1 v2 | User Guide - Page 70
Advanced > Bandwidth MGMT > Rule Setup, then the service priority radio button will be set to User Configured. The Advanced > Bandwidth MGMT > Rule Setup screen allows you to edit these rule configurations. Back Click Back to go back to the previous wizard screen. 70 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 71
your changes to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration. Figure 42 Bandwidth Management Wizard: Complete P-660HW-Dx v2 User's Guide 71 - ZyXEL P-660HW-D1 v2 | User Guide - Page 72
Chapter 4 Bandwidth Management Wizard 72 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 73
PART III Network WAN Setup (75) LAN Setup (93) Wireless LAN (105) Network Address Translation (NAT) Screens (129) 73 - ZyXEL P-660HW-D1 v2 | User Guide - Page 74
74 - ZyXEL P-660HW-D1 v2 | User Guide - Page 75
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs' computers will have access. P-660HW-Dx v2 User's Guide 75 - ZyXEL P-660HW-D1 v2 | User Guide - Page 76
The ZyXEL Device encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc. VC P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 77
Setup 5.1.3.2 Scenario 2: One VC, One Protocol (IP) Selecting RFC-1483 encapsulation with VC-based multiplexing requires the least amount of overhead (0 octets). However, if there is a potential need for multiple protocol support ZyXEL Device acts as a DHCP client on the WAN port the ZyXEL Device - ZyXEL P-660HW-D1 v2 | User Guide - Page 78
flat-rate service or you need a constant connection and the cost is of no concern 5.1.7 NAT NAT (Network Address Translation - NAT, RFC priority for the ZyXEL Device's routes to the Internet. If any two of the default routes have the same metric, the ZyXEL Device uses the 660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 79
Setup again. If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your tolerate delay). CBR is used for connections that continuously require a specific amount of bandwidth. A PCR is specified and if traffic exceeds 660HW-Dx v2 User's Guide 79 - ZyXEL P-660HW-D1 v2 | User Guide - Page 80
account user name and password) is required or the ZyXEL Device cannot connect to the ISP, you will be redirected to web screen(s) for information input or troubleshooting. Zero configuration for Internet access is disable when • the ZyXEL Device is in bridge mode • you set the ZyXEL Device to use - ZyXEL P-660HW-D1 v2 | User Guide - Page 81
Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) mode you select in the Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483. If you select Routing in the Mode P-660HW-Dx v2 User's Guide 81 - ZyXEL P-660HW-D1 v2 | User Guide - Page 82
Connection Setup screen and edit more details of your WAN setup. 5.5.1 Configuring Advanced Internet Connection Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the Internet Connection screen. The screen appears as shown. 82 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 83
Advanced Internet Connection Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None which must be less than the PCR. Note that system default is 0 cells/sec. Maximum Burst Maximum Burst Size ( - ZyXEL P-660HW-D1 v2 | User Guide - Page 84
Table 21 Advanced Internet Connection Setup (continued) LABEL DESCRIPTION Zero Configuration This feature is not applicable/available when you configure the ZyXEL Device to use a static WAN IP address or in bridge mode. Select Yes to set the ZyXEL Device to automatically detect the Internet - ZyXEL P-660HW-D1 v2 | User Guide - Page 85
Chapter 5 WAN Setup The following table describes the labels in this screen. Table 22 More . Cancel Click Cancel to begin configuring this screen afresh. 5.6.1 More Connections Edit Click the edit icon ( ) in the More Connections screen to configure a connection. P-660HW-Dx v2 User's Guide 85 - ZyXEL P-660HW-D1 v2 | User Guide - Page 86
@domain where domain identifies a service name, then enter both components exactly as given. Password (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service here. 86 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 87
address and want to use NAT. Click Edit to go to the Port Forwarding screen to edit a server mapping set. Back Click Back to return to the previous screen. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click this button to - ZyXEL P-660HW-D1 v2 | User Guide - Page 88
Setup The following table describes the labels in this screen. Table 24 More Connections Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2 that system default is 0 configuring this screen afresh. 88 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 89
5 WAN Setup 5.7 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot Setup 5.8 Configuring WAN Backup To change your ZyXEL Device's WAN backup settings, click Network > WAN > WAN Backup Setup. The screen appears as shown. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 90
Setup Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured for the ZyXEL Device to wait between checks - ZyXEL P-660HW-D1 v2 | User Guide - Page 91
backup gateway in dotted decimal notation. The ZyXEL Device automatically forwards traffic to this IP address if the ZyXEL Device's Internet connection terminates. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-Dx v2 User's Guide 91 - ZyXEL P-660HW-D1 v2 | User Guide - Page 92
Chapter 5 WAN Setup 92 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 93
and the ZyXEL Device The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 52 LAN and WAN IP Addresses P-660HW-Dx v2 User's Guide 93 - ZyXEL P-660HW-D1 v2 | User Guide - Page 94
manually configured. 6.1.2.1 IP Pool Setup The ZyXEL Device is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool). See the product specifications conveyed through IPCP negotiation. The ZyXEL Device supports the IPCP DNS server extensions through the 660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 95
to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 - 10.255.255.255 • 172.16.0.0 - 172.31.255.255 • 192.168.0.0 - 192.168.255.255 P-660HW-Dx v2 User's Guide 95 - ZyXEL P-660HW-D1 v2 | User Guide - Page 96
, Guidelines for Management of IP Address Space. 6.2.2 RIP Setup RIP (Routing Information Protocol) allows a router to exchange RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries 96 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 97
use a static IP address in another network, you may need to manually configure the network settings of the computer every time you want to access the Internet via the ZyXEL Device. With the Any IP feature and NAT enabled, the ZyXEL Device allows a computer to access the Internet without changing the - ZyXEL P-660HW-D1 v2 | User Guide - Page 98
information is updated, the computer can access the ZyXEL Device and the Internet as if it is in the same subnet as the ZyXEL Device. 6.3 Configuring LAN IP Click LAN to open the IP screen. See Section 6.1 on page 93 for background information. Figure 54 LAN IP 98 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 99
from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it. P-660HW-Dx v2 User's Guide 99 - ZyXEL P-660HW-D1 v2 | User Guide - Page 100
. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 6.4 DHCP Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 56 DHCP Setup 100 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 101
table describes the labels in this screen. Table 28 DHCP Setup LABEL DESCRIPTION DHCP Setup DHCP If set to Server, your ZyXEL Device can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client. If set to None, the DHCP - ZyXEL P-660HW-D1 v2 | User Guide - Page 102
you specified in the DHCP Setup for the DHCP client. ZyXEL Device. Cancel Click Cancel to begin configuring ZyXEL Device supports three logical LAN interfaces via its single physical Ethernet interface with the ZyXEL Device itself as the gateway for each LAN network. 102 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 103
Chapter 6 LAN Setup " When you use IP alias, you can also configure firewall rules to control access between the subnets A, B, and C. Figure 58 Physical Network & Partitioned Logical Networks To change your ZyXEL Device's IP alias settings, click Network > LAN > IP Alias. The screen appears as - ZyXEL P-660HW-D1 v2 | User Guide - Page 104
, then all routers on your network must use multicasting, also. By default, RIP direction is set to Both and the Version set to RIP-1. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 104 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 105
the wireless network. It stands for Service Set IDentity. • If two wireless networks overlap, they should use different channels. Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information. P-660HW-Dx v2 User's Guide 105 - ZyXEL P-660HW-D1 v2 | User Guide - Page 106
local database. 1. Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. 2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. 106 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 107
WPA-PSK, or WPA2-PSK. Usually, you should set up the strongest encryption that every wireless client in the wireless network supports. For example, suppose the AP does not have a local user database, and you do set up weaker encryption with the local user database. P-660HW-Dx v2 User's Guide 107 - ZyXEL P-660HW-D1 v2 | User Guide - Page 108
, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the ZyXEL Device's new settings. Click Network > Wireless LAN to open the General screen. Figure 61 Wireless LAN: General 108 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 109
Select No Security to allow wireless clients to communicate with the access points without any data encryption. " If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. P-660HW-Dx v2 User's Guide 109 - ZyXEL P-660HW-D1 v2 | User Guide - Page 110
to configure up to four 64-bit, 128-bit or 256-bit WEP keys but only one key can be enabled at any one time. In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen. Select Static WEP from the Security Mode list. 110 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 111
Wireless Advanced Setup screen and edit more details of your WLAN setup. 7.3.3 WPA-PSK/WPA2-PSK In order to configure and enable WPA(2)-PSK authentication; click Network > Wireless LAN to display the General screen. Select WPA-PSK or WPA2-PSK from the Security Mode list. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 112
stay connected. Enter a time interval between 10 and 9999 seconds. The Seconds) default time interval is 1800 seconds (30 minutes). Note: If wireless client authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. 112 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 113
Update Timer is also supported in WPA-PSK/WPA2-PSK mode. The default is 1800 seconds (30 minutes). Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. Advanced Setup Click Advanced Setup to display the Wireless - ZyXEL P-660HW-D1 v2 | User Guide - Page 114
ZyXEL Device automatically disconnects a wireless client from the wired network after a period of inactivity. The wireless client needs to enter the username and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour). 114 P-660HW-Dx v2 - ZyXEL P-660HW-D1 v2 | User Guide - Page 115
Advanced Setup to display the Wireless Advanced Setup screen and edit more details of your WLAN setup. 7.3.5 Wireless LAN Advanced Setup To configure advanced wireless settings, click the Advanced Setup button in the General screen. The screen appears as shown. P-660HW-Dx v2 User's Guide 115 - ZyXEL P-660HW-D1 v2 | User Guide - Page 116
, and to provide more efficient communications. Select Dynamic to have the ZyXEL Device automatically use short preamble when wireless adapters support it, otherwise the ZyXEL Device uses long preamble. 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate - ZyXEL P-660HW-D1 v2 | User Guide - Page 117
) or previous saved (through the web configurator) Setup key is used to encrypt the settings that you want to transfer. Hold in the RESET button for three to eight seconds. " If you hold in the RESET button too long, the device will reset to the factory defaults! P-660HW-Dx v2 User's Guide 117 - ZyXEL P-660HW-D1 v2 | User Guide - Page 118
the ZyXEL Device. You must also activate and start OTIST on the wireless client(s) all within three minutes. 7.4.1.2 Wireless Client Start the ZyXEL utility and click the Adapter tab. Select the OTIST check box, enter the same Setup Key as your AP's and click Save. 118 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 119
encryption manually for non-OTIST devices in the wireless network. After reviewing the settings, click OK. Figure 69 Security Key 2 This screen appears while OTIST settings are being transferred. It closes when the transfer is complete. Figure 70 OTIST in Progress (AP) P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 120
them manually in the wireless client(s). 5 If you configure OTIST to generate a WPA-PSK key, this key changes each time you run OTIST. Therefore, if a new wireless client joins your wireless network, you need to run OTIST on the AP and ALL wireless clients again. 120 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 121
access to the ZyXEL Device, MAC addresses not listed will be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device, MAC addresses not listed will be denied access to the ZyXEL Device. Set This is the index number of the MAC address. P-660HW-Dx v2 User's Guide 121 - ZyXEL P-660HW-D1 v2 | User Guide - Page 122
to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. 7.6 WMM QoS WMM (Wi-Fi MultiMedia) QoS (Quality of Service) allows you to prioritize wireless traffic that do not have strict latency and throughput requirements. 122 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 123
program. A protocol for news groups. Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments. Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. P-660HW-Dx v2 User's Guide 123 - ZyXEL P-660HW-D1 v2 | User Guide - Page 124
Command Service. A streaming audio service that enables real time sound over the web. Remote Execution Daemon. Remote Login. Remote default allows you to automatically give a service a priority level according to the ToS value in the IP header of the packets it sends. 124 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 125
Wireless Lan: QoS LABEL QoS Enable WMM QoS WMM QoS Policy # Name Service DESCRIPTION Select the check box to enable WMM QoS on the ZyXEL Device. Select Default to have the ZyXEL Device automatically give a service Defined service to which you want to apply WMM QoS. P-660HW-Dx v2 User's Guide 125 - ZyXEL P-660HW-D1 v2 | User Guide - Page 126
42 Wireless Lan: QoS (continued) LABEL Dest Port Priority Modify Apply Cancel DESCRIPTION This field displays the destination port number to which the application sends traffic. This field displays the WMM QoS priority for traffic bandwidth. Click the to open the Application Priority Configuration - ZyXEL P-660HW-D1 v2 | User Guide - Page 127
port to the default port. See table Table 41 on page 123 for information on port numbers. Select a priority from the drop-down list box. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to return to the previous screen without saving your changes. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 128
Chapter 7 Wireless LAN 128 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 129
) Screens This chapter discusses how to configure NAT on the ZyXEL Device. 8.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of travels on the WAN. NAT never changes the IP address (either local or global) of an outside host. P-660HW-Dx v2 User's Guide 129 - ZyXEL P-660HW-D1 v2 | User Guide - Page 130
Works 8.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. More examples follow at the end of this chapter. 130 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 131
IP address to a unique global IP address. • Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. P-660HW-Dx v2 User's Guide 131 - ZyXEL P-660HW-D1 v2 | User Guide - Page 132
. When the ZyXEL Device registers with the SIP register server, the SIP ALG translates the ZyXEL Device's private IP address inside the SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG. 132 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 133
SIP ALG Select this option if you want to enable SIP ALG, for example, to use an IP phone through your NAT enabled ZyXEL Device. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-660HW-Dx v2 User's Guide 133 - ZyXEL P-660HW-D1 v2 | User Guide - Page 134
services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports Management Protocol) 161 134 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 135
ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. Click Network > NAT > Port Forwarding to open the following screen. See Table 47 on page 134 for port numbers commonly used for particular services. P-660HW-Dx v2 User's Guide 135 - ZyXEL P-660HW-D1 v2 | User Guide - Page 136
Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP address, the ZyXEL - ZyXEL P-660HW-D1 v2 | User Guide - Page 137
that you specify. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty P-660HW-Dx v2 User's Guide 137 - ZyXEL P-660HW-D1 v2 | User Guide - Page 138
NAT) Screens rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure ZyXEL Device's address mapping settings, click Network > NAT > Address Mapping to open IP addresses are N/A for Server port mapping. Local End IP This is 660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 139
NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported 84 Edit Address Mapping Rule P-660HW-Dx v2 User's Guide 139 - ZyXEL P-660HW-D1 v2 | User Guide - Page 140
Port Forwarding screen to edit a server mapping set that you have selected in the Server Mapping Set field. Back Click Back to return to the previous screen. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 140 P-660HW - ZyXEL P-660HW-D1 v2 | User Guide - Page 141
PART IV Security Firewalls (143) Firewall Configuration (155) Content Filtering (177) Certificates (145) 141 - ZyXEL P-660HW-D1 v2 | User Guide - Page 142
142 - ZyXEL P-660HW-D1 v2 | User Guide - Page 143
solve every security problem. A firewall is one of the mechanisms used to establish a network security perimeter in support of a network specific policies must be implemented within the firewall itself. Refer to Section 10.5 on page 158 to configure default firewall P-660HW-Dx v2 User's Guide 143 - ZyXEL P-660HW-D1 v2 | User Guide - Page 144
world. These computers will have access to Internet services such as e-mail, FTP, and the World Wide Web. However, "inbound access" will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service. 144 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 145
other ports are also active. If the person configuring or managing the computer is not careful, a hacker could attack it over an unprotected port. Some of the most common IP ports are: Table 52 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 146
destination, some systems will crash, hang, or reboot. 6 Weaknesses in the TCP/IP specification leave it open to "SYN Flood" and "LAND" attacks. These attacks are executed during the handshake incoming SYN requests, making the system unavailable for legitimate users. 146 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 147
A brute-force attack, such as a "Smurf" attack, targets a feature in the IP specification known as directed or subnet broadcasting, to quickly flood the target network with useless data. A available bandwidth, making communications impossible. Figure 88 Smurf Attack P-660HW-Dx v2 User's Guide 147 - ZyXEL P-660HW-D1 v2 | User Guide - Page 148
configured The ZyXEL Device blocks port number and source and destination addresses. This "remembering" is called saving the state. When the outside system responds to your request, the firewall compares the received packets with the saved state to determine if they 148 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 149
figure shows the ZyXEL Device's default firewall rules in packet's application layer protocol is configured for a firewall rule inspection: record information about the state of the packet's connection. This information is recorded forwarded out through the interface. P-660HW-Dx v2 User's Guide 149 - ZyXEL P-660HW-D1 v2 | User Guide - Page 150
to update the state table entry and to modify the temporary inbound access list entries as required, and are forwarded through 9.5.2 Stateful Inspection and the ZyXEL Device Additional rules may be defined to extend or override the default rules. For example, a . 150 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 151
since the PORT command contains address and port information, which can be used to uniquely identify the connection. Any protocol that operates in this way must be supported on a case-by-case basis. You can use the web configurator's Custom Ports feature to do this. P-660HW-Dx v2 User's Guide 151 - ZyXEL P-660HW-D1 v2 | User Guide - Page 152
default password via CLI (Command Line Interpreter) or web configurator. • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service cause your system to slowly become unstable or unusable. 152 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 153
ZyXEL configure and maintain, especially if you need a chain of rules to filter a service WAN) traffic between the specific inside host/network "A" and port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 154
rules. • Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. • The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. 154 - ZyXEL P-660HW-D1 v2 | User Guide - Page 155
prevents computers on the WAN from using the ZyXEL Device as a gateway to communicate with other computers on the WAN and/or managing the ZyXEL Device. You may define additional rules and sets or modify existing ones but please exercise extreme caution in doing so. P-660HW-Dx v2 User's Guide 155 - ZyXEL P-660HW-D1 v2 | User Guide - Page 156
Your customized rules take precedence and override the ZyXEL Device's default rules. 10.3 Rule Logic Overview " Study these points carefully before configuring rules. 10.3.1 Rule Checklist State the if IRC is blocked, are there users that require this service? 156 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 157
for LAN-to-ZyXEL Device (the policies for managing the ZyXEL Device through the LAN interface) and policies for LAN-to-LAN (the policies that control routing between two subnets on the LAN). Similarly, WAN to WAN/ Router polices apply in the same way to the WAN port. P-660HW-Dx v2 User's Guide 157 - ZyXEL P-660HW-D1 v2 | User Guide - Page 158
to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN. WAN to LAN Rules The default rule for WAN to LAN traffic 9.1 on page 143 for more information. Figure 90 Firewall: General 158 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 159
. Refer to Section 9.1 on page 143 for more information. Click Security > Firewall > Rules to bring up the following screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. P-660HW-Dx v2 User's Guide 159 - ZyXEL P-660HW-D1 v2 | User Guide - Page 160
silently discards packets (Drop), discards packets and sends a TCP reset packet or an ICMP destination-unreachable message to the sender (Reject) or allows the passage of packets (Permit) Schedule This field tells you whether a schedule is specified (Yes) or not (No). P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 161
. 10.6.1 Configuring Firewall Rules Refer to Section 9.1 on page 143 for more information. In the Rules screen, select an index number and click Add or click a rule's Edit icon to display this screen and refer to the following table for information on the labels. P-660HW-Dx v2 User's Guide 161 - ZyXEL P-660HW-D1 v2 | User Guide - Page 162
Chapter 10 Firewall Configuration Figure 92 Firewall: Edit Rule 162 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 163
. Go to the Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert Send Alert Message to Administrator When Matched Select the check box to have the ZyXEL Device generate an alert when the rule is matched. P-660HW-Dx v2 User's Guide 163 - ZyXEL P-660HW-D1 v2 | User Guide - Page 164
service. Back Click Back to return the Firewall Edit Rule screen. 10.6.3 Configuring a Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This action displays the following screen. 164 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 165
Port Configuration Type Click Single to specify one port only or Range to specify a span of ports that define your customized service. Port Number Type a single port number or the range of port numbers that define your customized service the Packet Direction field. P-660HW-Dx v2 User's Guide 165 - ZyXEL P-660HW-D1 v2 | User Guide - Page 166
the Customized Services Config screen and configure the screen as follows and click Apply. Figure 96 Edit Custom Port Example 7 Select Any in the Destination Address box and then click Delete. 8 Configure the destination address screen as follows and click Add. 166 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 167
" 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an "*" before their names in the Services list box and the Rules list box. P-660HW-Dx v2 User's Guide 167 - ZyXEL P-660HW-D1 v2 | User Guide - Page 168
Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a "MyService" connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. 168 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 169
default configuration labeled "(DNS)". (UDP/TCP:53) means UDP port 53 and TCP port 53. Up to 128 entries are supported. Custom service ports may also be configured using the Edit Customized Services Name Server, a service that matches web names (e.g. www.zyxel.com) to IP 660HW-Dx v2 User's Guide 169 - ZyXEL P-660HW-D1 v2 | User Guide - Page 170
mainframes, midrange systems, UNIX systems and network servers. SSDP(UDP:1900) Simole Service Discovery Protocol (SSDP) is a discovery service searching for Universal Plug and Play devices on your home network or upstream Internet gateways using DUDP port 1900. 170 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 171
Anti-Probing If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. The ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent - ZyXEL P-660HW-D1 v2 | User Guide - Page 172
average for any of these factors (especially if you have servers that are slow or handle many tasks and are often busy), then the default values should be reduced. You should make any changes to the threshold values before you continue configuring firewall rules. 172 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 173
10.10.3 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen. P-660HW-Dx v2 User's Guide 173 - ZyXEL P-660HW-D1 v2 | User Guide - Page 174
existing half-open sessions that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number. 80 existing half-open sessions. 174 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 175
TCP Maximum Incomplete is reached. Enter the length of blocking time in minutes (between 1 and 256). Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-Dx v2 User's Guide 175 - ZyXEL P-660HW-D1 v2 | User Guide - Page 176
Chapter 10 Firewall Configuration 176 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 177
configure ZyXEL Device will not perform content filtering. 11.2 Configuring Keyword Blocking Use this screen to block sites containing certain keywords in the URL. For example, if you enable the keyword "bad", the ZyXEL Filter List. To have your ZyXEL Device block Web sites containing - ZyXEL P-660HW-D1 v2 | User Guide - Page 178
Cancel to return to the previously saved settings. 11.3 Configuring the Schedule To set the days and times for the ZyXEL Device to perform content filtering, click Security > Content Filter > Schedule. The screen appears as shown. Figure 103 Content Filter: Schedule 178 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 179
filter websites according to the day(s) and time(s) configured. Active Select the check box to have the the beginning IP address of a specific range of computers) on the LAN that you want ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. P-660HW-Dx v2 User's Guide 179 - ZyXEL P-660HW-D1 v2 | User Guide - Page 180
Chapter 11 Content Filtering 180 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 181
PART V Advanced Static Route (183) Bandwidth Management (187) Dynamic DNS Setup (199) Remote Management Configuration (203) Universal Plug-and-Play (UPnP) (213) 181 - ZyXEL P-660HW-D1 v2 | User Guide - Page 182
182 - ZyXEL P-660HW-D1 v2 | User Guide - Page 183
1 (via gateway Router 2). The static routes are for you to tell the ZyXEL Device about the networks beyond the remote nodes. Figure 105 Example of Static Routing Topology 12.2 Configuring Static Route Click Advanced > Static Route to open the Static Route screen. P-660HW-Dx v2 User's Guide 183 - ZyXEL P-660HW-D1 v2 | User Guide - Page 184
the ZyXEL Device. A window displays asking you to confirm that you want to delete the route. 12.2.1 Static Route Edit Select a static route index number and click Edit ( ). The screen shown next appears. Use this screen to configure the required information for a static route. 184 P-660HW-Dx v2 - ZyXEL P-660HW-D1 v2 | User Guide - Page 185
LAN or WAN port. The gateway helps forward packets to their destinations. Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-Dx v2 User's Guide 185 - ZyXEL P-660HW-D1 v2 | User Guide - Page 186
Chapter 12 Static Route 186 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 187
specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules. The ZyXEL Device applies bandwidth management to traffic that it forwards out through an interface. The ZyXEL configure one bandwidth class for subnet A and another for subnet B. P-660HW-Dx v2 User's Guide 187 - ZyXEL P-660HW-D1 v2 | User Guide - Page 188
following example table shows bandwidth allocations for application specific traffic from separate LAN subnets. Table 69 based Scheduler With the priority-based scheduler, the ZyXEL Device forwards traffic from bandwidth classes according to the priorities . 188 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 189
level. 13.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic Do the following three steps to configure the ZyXEL Device to allow bandwidth for traffic that is not defined in a bandwidth filter. 1 kbps Sales: 2048 kbps Marketing: 2048 kbps Research: 2048 kbps P-660HW-Dx v2 User's Guide 189 - ZyXEL P-660HW-D1 v2 | User Guide - Page 190
ZyXEL Device also divides the remaining 1024 kbps among the classes that require more bandwidth. Therefore, the ZyXEL kbps or more of extra bandwidth, the ZyXEL Device divides the total 3072 kbps total kbps of its budgeted 2048 kbps. • The ZyXEL Device divides the total 3072 kbps total of unbudgeted - ZyXEL P-660HW-D1 v2 | User Guide - Page 191
to traffic that the ZyXEL Device forwards out through an (Service = SIP): 500 Kbps as Speed setting) NetMeeting traffic (Service = H.323): 500 kbps High High FTP (Service of available bandwidth. 13.8 Configuring Summary Click Advanced > Bandwidth MGMT to open the screen as shown next. - ZyXEL P-660HW-D1 v2 | User Guide - Page 192
ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 13.9 Bandwidth Management Rule Setup You must use the Bandwidth Management Summary screen to enable bandwidth management on an interface before you can configure rules for that interface. 192 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 193
Setup to open the following screen. Figure 110 Bandwidth Management: Rule Setup The following table describes the labels in this screen. Table 76 Bandwidth Management: Rule Setup to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-Dx v2 User's Guide 193 - ZyXEL P-660HW-D1 v2 | User Guide - Page 194
the Edit icon or select User Defined from the Service drop-down list in the Rule Setup screen to configure a bandwidth management rule. Use bandwidth rules to allocate specific amounts of bandwidth capacity (bandwidth budgets) to specific applications and/or subnets. 194 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 195
screen. Table 78 Bandwidth Management Rule Configuration LABEL DESCRIPTION Rule Configuration Active Select this check box to have the ZyXEL Device apply this bandwidth management rule. Select this option to enable DiffServ marking on the ZyXEL Device. P-660HW-Dx v2 User's Guide 195 - ZyXEL P-660HW-D1 v2 | User Guide - Page 196
running an FTP client. The service allows users to send commands to the server for uploading and downloading files. Select FTP from the drop-down list box to configure this bandwidth filter for FTP traffic ) and 255. Back Click Back to go to the previous screen. 196 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 197
Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Table 79 Services and Port Numbers SERVICES ECHO FTP (File Transfer Protocol) SMTP percentage of bandwidth in use. The screen refreshes every few seconds. P-660HW-Dx v2 User's Guide 197 - ZyXEL P-660HW-D1 v2 | User Guide - Page 198
section allows you to select which network to monitor. You may select either a LAN, WLAN, or WAN. After selecting a network to monitor, information on active services and their bandwidth usage will appear. 198 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 199
Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 14.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services for configuration instruction. 14.2 Configuring Dynamic DNS To change your ZyXEL Device - ZyXEL P-660HW-D1 v2 | User Guide - Page 200
. Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line. IP Address Update Policy Use WAN IP Address Select this option to update the IP address of the host name(s) to the WAN IP address. 200 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 201
the ZyXEL Device and the DDNS server. Use specified IP Type the IP address of the host name(s). Use this if you have a static IP address. Address Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 202
Chapter 14 Dynamic DNS Setup 202 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 203
at a time. The ZyXEL Device automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts. The priorities for the different types of remote management sessions are as follows. 1 Telnet 2 HTTP P-660HW-Dx v2 User's Guide 203 - ZyXEL P-660HW-D1 v2 | User Guide - Page 204
service. 15.1.2 Remote Management and NAT When NAT is enabled: • Use the ZyXEL Device's WAN IP address when configuring from the WAN. • Use the ZyXEL Device's LAN IP address when configuring from the LAN. 15.1.3 System Timeout There is a default WWW To change your ZyXEL Device's World Wide Web settings, - ZyXEL P-660HW-D1 v2 | User Guide - Page 205
access as shown next. The administrator uses Telnet from a computer on a remote network to access the ZyXEL Device. Figure 116 Telnet Configuration on a TCP/IP Network 15.4 Configuring Telnet Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. P-660HW-Dx v2 User's Guide 205 - ZyXEL P-660HW-D1 v2 | User Guide - Page 206
) and Run. Then type telnet and the ZyXEL Device's IP address. For example, enter telnet 192.168.1.1 (the default IP address). 4 Click OK. A login screen displays. Enter the password at the prompts. " The default password is 1234. The password is case-sensitive. 206 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 207
Device supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyXEL Device through the network. The ZyXEL Device supports SNMP version one (SNMPv1) and version two (SNMPv2). The next figure illustrates an SNMP management operation. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 208
configured. Figure 119 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL of packets received, node port status etc. A Management 660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 209
A trap is sent with the message of the fatal code if the system reboots because of fatal errors. 15.7.3 Configuring SNMP To change your ZyXEL Device's SNMP settings, click Advanced > Remote MGMT > SNMP. The screen appears as shown. Figure 120 Remote Management: SNMP P-660HW-Dx v2 User's Guide 209 - ZyXEL P-660HW-D1 v2 | User Guide - Page 210
with the IP address that you specify to access the ZyXEL Device using this service. SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests. Set Community - ZyXEL P-660HW-D1 v2 | User Guide - Page 211
returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. P-660HW-Dx v2 User's Guide 211 - ZyXEL P-660HW-D1 v2 | User Guide - Page 212
packet or an ICMP port-unreachable packet for a blocked UDP packets or just drop the packets without sending a response packet. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. 212 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 213
for configuration instructions. 16 NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 214
the ZyXEL Device, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 215
Configuring ZyXEL Setup tab and select Communication in the Components selection box. Click Details. Figure 124 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 216
Plug-and-Play (UPnP) Figure 125 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. 216 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 217
Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 128 Networking Services 6 Click OK to go back to the Windows UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. P-660HW-Dx v2 User's Guide 217 - ZyXEL P-660HW-D1 v2 | User Guide - Page 218
UPnP) Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. 16.4.1 Auto-discover Your UPnP-enabled Network Device Properties window, click Settings to see the port mappings there were automatically created. 218 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 219
Chapter 16 Universal Plug-and-Play (UPnP) Figure 130 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 131 Internet Connection Properties: Advanced Settings P-660HW-Dx v2 User's Guide 219 - ZyXEL P-660HW-D1 v2 | User Guide - Page 220
and-Play (UPnP) Figure 132 Internet Connection Properties: Advanced Settings: Add " When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 5 Select Show icon in notification area when connected option and click OK. An icon displays in the - ZyXEL P-660HW-D1 v2 | User Guide - Page 221
ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 222
) Figure 135 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. 222 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 223
Figure 136 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 137 Network Connections: My Network Places: Properties: Example P-660HW-Dx v2 User's Guide 223 - ZyXEL P-660HW-D1 v2 | User Guide - Page 224
Chapter 16 Universal Plug-and-Play (UPnP) 224 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 225
PART VI Maintenance and Troubleshooting System (227) Logs (233) Tools (251) Diagnostic (257) Troubleshooting (259) 225 - ZyXEL P-660HW-D1 v2 | User Guide - Page 226
226 - ZyXEL P-660HW-D1 v2 | User Guide - Page 227
screen to configure the ZyXEL Device's time and date settings. 17.1 General Setup 17.1.1 General Setup and System Name General Setup contains administrative and can be assigned from the ZyXEL Device via DHCP. Click Maintenance > System to open the General screen. P-660HW-Dx v2 User's Guide 227 - ZyXEL P-660HW-D1 v2 | User Guide - Page 228
, use the new password to access the ZyXEL Device. Retype to Confirm Type the new password again for confirmation. Admin Password If you log in with the admin password, you can configure the advanced features as well as the wizard setup on the ZyXEL Device. 228 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 229
screen afresh. 17.2 Time Setting To change your ZyXEL Device's time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device's time based on your local time zone. Figure 139 System Time Setting P-660HW-Dx v2 User's Guide 229 - ZyXEL P-660HW-D1 v2 | User Guide - Page 230
New Date (yyyy/mm/dd) This field displays the last updated date from the time server or the last date configured manually. When you set Time and Date Setup to Manual, enter the new date in this field and then click Select this option if you use Daylight Saving Time. 230 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 231
Germany's time zone is one hour ahead of GMT or UTC (GMT+1). End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-660HW-Dx v2 User's Guide 231 - ZyXEL P-660HW-D1 v2 | User Guide - Page 232
Chapter 17 System 232 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 233
configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL in black. 18.2 Viewing the Logs Click Maintenance > Logs to open the View Log screen. Use the View Log screen to see the P-660HW-Dx v2 User's Guide 233 - ZyXEL P-660HW-D1 v2 | User Guide - Page 234
Settings screen to configure to where the ZyXEL Device is to send logs; the schedule for when the ZyXEL Device is to send the logs and which logs and/or immediate alerts the ZyXEL Device is to record. See Section Access Control) may result in many emails being sent. 234 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 235
be in the subject line of the log e-mail message that the ZyXEL Device sends. Not all ZyXEL models have this field. Send Log To The ZyXEL Device sends logs to the e-mail address specified in this field. If is left blank, alert messages will not be sent via E-mail. P-660HW-Dx v2 User's Guide 235 - ZyXEL P-660HW-D1 v2 | User Guide - Page 236
if your mail service requires a user name and password to use Authentication email. User Name This is the user name required to access your mail server. Password This is the password name required to access your mail server. Log Schedule This drop-down menu is used to configure the frequency - ZyXEL P-660HW-D1 v2 | User Guide - Page 237
telnet. Successful FTP login Someone has logged on to the router via ftp. FTP login failed Someone has failed to log on to the router via ftp. NAT Session Table is Full! The maximum number of NAT session table entries has been exceeded and the table is full. P-660HW-Dx v2 User's Guide 237 - ZyXEL P-660HW-D1 v2 | User Guide - Page 238
the default policy and was blocked or forwarded according to the default policy's setting. Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access matched (or did not match) a configured firewall rule (denoted by its number) and was blocked or forwarded according to the rule. 238 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 239
the TCP state. The router sent a TCP reset packet when a dynamic firewall session timed out. The default timeout values are as follows: ICMP idle timeout a configured filter rule (denoted by its set and rule number) and was blocked or forwarded according to the rule. P-660HW-Dx v2 User's Guide 239 - ZyXEL P-660HW-D1 v2 | User Guide - Page 240
. ppp:IPCP Opening The PPP connection's Internet Protocol Control Protocol stage is opening. ppp:LCP Closing The PPP connection's Link Control Protocol stage is closing. ppp:IPCP Closing The PPP connection's Internet Protocol Control Protocol stage is closing. 240 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 241
" check box, the system forwards the web content. Waiting content port:port number. Connecting to content The connection to the external content filtering server failed. filter server fail License key is invalid The external content filtering license key is invalid. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 242
110 on page 248. The firewall detected a TCP syn flood attack. The firewall detected a TCP port scan attack. The firewall detected a TCP teardrop attack. The firewall detected an UDP teardrop attack. The packet for which SPI could not find a corresponding phase 2 SA. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 243
period. The default value is 2 minutes. WAN IP changed to The router dropped all connections with the "MyIP" configured as "0.0.0.0" SAs has been reached. Start Phase 2: Quick Mode Phase 2 Quick Mode has started. Verifying Remote ID failed: The connection P-660HW-Dx v2 User's Guide 243 - ZyXEL P-660HW-D1 v2 | User Guide - Page 244
and the peer. Rule [%d] Phase 1 authentication algorithm mismatch The listed rule's IKE phase 1 authentication algorithm did not match between the router and the peer. 244 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 245
the router and the peer. Rule [%d]> Phase 2 pfs mismatch The listed rule's IKE phase 2 perfect forward secret (pfs) setting did not match between the router and the peer. Rule [%d] Phase 1 ID mismatch algorithm) did not match between the router and the peer. P-660HW-Dx v2 User's Guide 245 - ZyXEL P-660HW-D1 v2 | User Guide - Page 246
recorded, from the LDAP server whose IP address and port are recorded recorded, from the LDAP server whose address and port are recorded port are recorded in the Source field. The maximum size of directory data that the router allows is also recorded path verification. The recorded reason codes are - ZyXEL P-660HW-D1 v2 | User Guide - Page 247
critical extension that was not handled. 13 Certificate issuer was not valid (CA specific information missing). 14 (Not used) 15 CRL is too old. 16 CRL the LAN or the ZyXEL Device. ACL set for packets traveling from the WAN to the WAN or the ZyXEL Device. P-660HW-Dx v2 User's Guide 247 - ZyXEL P-660HW-D1 v2 | User Guide - Page 248
exceeded 12 Parameter Problem 0 Pointer indicates the error 13 Timestamp 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message 248 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 249
by the system ("RAS" displays as the system name if you haven't configured one) when the router generates a syslog. The facility is defined in is the last three characters of the MAC address of the router's LAN port. The "cat" is the same as the category in the router's 660HW-Dx v2 User's Guide 249 - ZyXEL P-660HW-D1 v2 | User Guide - Page 250
Chapter 18 Logs 250 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 251
reboot. Only use firmware for your device's specific model. Refer to the label on the bottom of your device. Click Maintenance > Tools to open the Firmware screen. Follow the instructions in this screen to upload firmware to your ZyXEL Device. Figure 143 Firmware P-660HW-Dx v2 User's Guide 251 - ZyXEL P-660HW-D1 v2 | User Guide - Page 252
on your desktop. Figure 145 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen. 252 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 253
recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the ZyXEL Device's current configuration to your computer P-660HW-Dx v2 User's Guide 253 - ZyXEL P-660HW-D1 v2 | User Guide - Page 254
subnet as that of the default ZyXEL Device IP address (192.168.1.1). See the appendix for details on how to set up your computer's IP address. If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. 254 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 255
the RESET button. 19.3 Restart System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 151 Restart Screen P-660HW-Dx v2 User - ZyXEL P-660HW-D1 v2 | User Guide - Page 256
Chapter 19 Tools 256 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 257
display information to help you identify problems with the ZyXEL Device. 20.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 152 DSL Line Diagnostic Click Maintenance > Diagnostic > DSL Line to open the screen shown next. P-660HW-Dx v2 User's Guide 257 - ZyXEL P-660HW-D1 v2 | User Guide - Page 258
returns it (loops it back) to the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network. DSL Line Status Click this button to view the DSL port's line operating values and line bit allocation. Reset ADSL Line Click this button to reinitialize - ZyXEL P-660HW-D1 v2 | User Guide - Page 259
the LED. See Section 1.4 on page 35. 2 Check the hardware connections. See the Quick Start Guide. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Turn the ZyXEL Device off and on. 5 If the problem continues, contact the vendor. P-660HW-Dx v2 User's Guide 259 - ZyXEL P-660HW-D1 v2 | User Guide - Page 260
. See Section 2.3 on page 42. V I forgot the password. 1 The default password is 1234. 2 If this does not work, you have to reset the device to its factory defaults. See Section 2.3 on page 42. V I cannot see or access the Login screen in the web configurator. 1 Make sure you are using the correct - ZyXEL P-660HW-D1 v2 | User Guide - Page 261
to reset the device to its factory defaults. See Section 2.3 on page 42. V I cannot Telnet to the ZyXEL Device. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. V I cannot use FTP to upload / download - ZyXEL P-660HW-D1 v2 | User Guide - Page 262
wireless client are the same as the settings in the AP. 4 Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again. 5 If the problem continues, contact your ISP. 6 V I cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device - ZyXEL P-660HW-D1 v2 | User Guide - Page 263
PART VII Appendices and Index Product Specifications and Wall Mounting (265) Wireless LANs (271) Setting up Your Computer's IP Address (285) IP Addresses and Subnetting (301 (339) Splitters and Microfilters (341) Triangle Route (341) Legal Information (343) Customer Support (347) Index (351) 263 - ZyXEL P-660HW-D1 v2 | User Guide - Page 264
264 - ZyXEL P-660HW-D1 v2 | User Guide - Page 265
the rich range of features on the ZyXEL Device. Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, an FTP or a TFTP tool to put it on the ZyXEL Device. Note: Only upload firmware for your specific model! P-660HW-Dx v2 User's Guide 265 - ZyXEL P-660HW-D1 v2 | User Guide - Page 266
network. Port Forwarding If you have a server (mail or web server for example) on your network, you can use this feature to let people access it from the Internet. DHCP (Dynamic Host Configuration Protocol) Use this feature to have the ZyXEL Device assign IP addresses, an IP default gateway and - ZyXEL P-660HW-D1 v2 | User Guide - Page 267
default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. Table 119 Wireless Firmware Specifications FEATURE DESCRIPTION Wireless LAN The ZyXEL Device is fully compatible with both IEEE 802.11b and IEEE 802.11g standards and can support - ZyXEL P-660HW-D1 v2 | User Guide - Page 268
IEEE 802.11g+ Turbo and Super G modes IEEE 802.11d Standard for Local and Metropolitan Area Networks: Media Access Control (MAC) Bridges IEEE 802.11x Port Based Network Access Control. IEEE 802.11e QoS IEEE 802.11 e Wireless LAN for Quality of Service ANSI T1.413, Issue 2 Asymmetric Digital - ZyXEL P-660HW-D1 v2 | User Guide - Page 269
on the back of the ZyXEL Device with the screws on the wall. Hang the ZyXEL Device on the screws. Figure 154 Wall-mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). P-660HW-Dx v2 User's Guide 269 - ZyXEL P-660HW-D1 v2 | User Guide - Page 270
Appendix A Product Specifications and Wall Mounting Figure 155 Masonry Plug and M4 Tap Screw 270 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 271
wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 272
network but also mediate wireless network traffic in the immediate neighborhood. An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. 272 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 273
A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend a hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is - ZyXEL P-660HW-D1 v2 | User Guide - Page 274
RTS (Request To Send)/CTS (Clear to Send) handshake. You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data 274 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 275
dynamic setting to automatically use short preamble when all wireless devices on the network support it, otherwise the ZyXEL Device uses long preamble. " The wireless devices MUST use the same preamble mode in order to communicate. IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with - ZyXEL P-660HW-D1 v2 | User Guide - Page 276
a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks: • Authentication Determines the identity of the users. • Authorization 276 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 277
By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . P-660HW-Dx v2 User's Guide 277 - ZyXEL P-660HW-D1 v2 | User Guide - Page 278
PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. 278 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 279
the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. P-660HW-Dx v2 User's Guide 279 - ZyXEL P-660HW-D1 v2 | User Guide - Page 280
password, instead of user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing supported in all wireless devices. Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP. The wireless - ZyXEL P-660HW-D1 v2 | User Guide - Page 281
XP patch is a free download that adds WPA capability to Windows XP's builtin "Zero Configuration" wireless client. However, you must run Windows XP to use it. WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and - ZyXEL P-660HW-D1 v2 | User Guide - Page 282
how you configure these security features. Table 124 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL KEY IEEE 802.1X Open None No TKIP/AES No Enable WPA2-PSK TKIP/AES Yes Disable 282 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 283
signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE ideal for hallways and outdoor point-to-point applications. P-660HW-Dx v2 User's Guide 283 - ZyXEL P-660HW-D1 v2 | User Guide - Page 284
Appendix B Wireless LANs Positioning Antennas In general, antennas should be mounted as high as practically possible and free of obstructions. In coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. 284 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 285
instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device's LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. P-660HW-Dx v2 User's Guide 285 - ZyXEL P-660HW-D1 v2 | User Guide - Page 286
up Your Computer's IP Address Figure 162 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, your computer so the changes you made take effect. 286 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 287
C Setting up Your Computer's IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP Figure 163 Windows 95/98/Me: TCP/IP Properties: IP Address 3 Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you - ZyXEL P-660HW-D1 v2 | User Guide - Page 288
. 3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings, Control Panel. 288 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 289
Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 166 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-660HW-Dx v2 User's Guide 289 - ZyXEL P-660HW-D1 v2 | User Guide - Page 290
opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 291
in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. P-660HW-Dx v2 User's Guide 291 - ZyXEL P-660HW-D1 v2 | User Guide - Page 292
(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. 292 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 293
11 Turn on your ZyXEL Device and restart your computer open Network Connections, right-click a network connection, click Status and then click the Support tab. Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 294
Ethernet built-in from the Connect via list. Figure 173 Macintosh OS 8/9: TCP/IP 294 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 295
ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window. Macintosh OS X 1 Click the Apple menu, and click System Preferences to open settings, select Using DHCP from the Configure list. P-660HW-Dx v2 User's Guide 295 - ZyXEL P-660HW-D1 v2 | User Guide - Page 296
Settings Check your TCP/IP properties in the Network window. Linux This section shows you how to configure your computer's TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version. 296 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 297
Setting and click Network. Figure 176 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 177 Red Hat 9.0: KDE: Ethernet Device: General P-660HW-Dx v2 User's Guide 297 - ZyXEL P-660HW-D1 v2 | User Guide - Page 298
mask, and Default Gateway Address configuration file (where eth0 is the name of the Ethernet card). Open the configuration file with any plain text editor. • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. 298 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 299
Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2 3 After you edit and save the configuration files, you must restart the network card. Enter ./network restart in the /etc/rc.d/init.d interface: Bringing up interface eth0: [OK] [OK] [OK] [OK] [OK] P-660HW-Dx v2 User's Guide 299 - ZyXEL P-660HW-D1 v2 | User Guide - Page 300
:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# 300 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 301
an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. P-660HW-Dx v2 User's Guide 301 - ZyXEL P-660HW-D1 v2 | User Guide - Page 302
with a "1" value). For example, an "8-bit mask" means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. 302 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 303
Notation SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.0 /24 0000 0000 0 255.255.255.128 /25 1000 0000 128 P-660HW-Dx v2 User's Guide 303 - ZyXEL P-660HW-D1 v2 | User Guide - Page 304
subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two subnetworks, A and B. 304 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 305
(Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62 P-660HW-Dx v2 User's Guide 305 - ZyXEL P-660HW-D1 v2 | User Guide - Page 306
Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 306 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 307
) 1024 62 11 255.255.255.224 (/27) 2048 30 12 255.255.255.240 (/28) 4096 14 13 255.255.255.248 (/29) 8192 6 P-660HW-Dx v2 User's Guide 307 - ZyXEL P-660HW-D1 v2 | User Guide - Page 308
this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you and RFC 1466, Guidelines for Management of IP Address Space. 308 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 309
DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP address to computer A or setting computer A to networks. Figure 189 Conflicting Computer IP Addresses Example P-660HW-Dx v2 User's Guide 309 - ZyXEL P-660HW-D1 v2 | User Guide - Page 310
router's LAN port both use 192.168.1.1 as the IP address. The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router's LAN port. Figure 190 Conflicting Computer and Router IP Addresses Example 310 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 311
commands. Table 136 Firewall Commands FUNCTION COMMAND Firewall SetUp config edit firewall active set This command shows the current configuration of a set; including timeout values, name, default-permit, and etc.If you don't put use commands. P-660HW-Dx v2 User's Guide 311 - ZyXEL P-660HW-D1 v2 | User Guide - Page 312
sets the hour when the firewall log is sent through e- mail if the ZyXEL Device is set to send it on an hourly, daily or weekly basis. is exceeded. Set it to no to delete the oldest half-open session when traffic exceeds the tcp-max-incomplete threshold. config edit 660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 313
to be established before dropping the session. Config edit firewall set fin-wait-timeout This command sets how long the ZyXEL Device leaves a TCP session open after the firewall detects a FIN-exchange (indicating the end of the TCP session). P-660HW-Dx v2 User's Guide 313 - ZyXEL P-660HW-D1 v2 | User Guide - Page 314
connection remain open before considering it closed. Rules Config edit firewall set log This command sets whether or not the ZyXEL Device creates logs for packets that match the firewall's default rule set. Config edit firewall set rule permit - ZyXEL P-660HW-D1 v2 | User Guide - Page 315
rule #> TCP destportsingle This command sets a rule to have the ZyXEL Device check for TCP resets all of the attack response settings to their defaults. config delete firewall set This command removes the specified set from the firewall configuration. P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 316
Appendix E Firewall Commands Table 136 Firewall Commands (continued) FUNCTION COMMAND config delete firewall set rule DESCRIPTION This command removes the specified rule in a firewall configuration set. 316 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 317
Setup 10000000 = Configured 10000001 = System Name 10000002 = Location 10000003 = Contact Person's Name 10000004 = Route IP 10000005 = Route IPX 10000006 = Bridge = 1 = Your Device = = = 1 = 0 = 0 P-660HW-Dx v2 - ZyXEL P-660HW-D1 v2 | User Guide - Page 318
-t" file. The command "get" transfers files from the ZyXEL Device to your computer. The name "rom-t" is the configuration filename on the ZyXEL Device. 4 Edit the "rom-t" file using a text editor (do not use a word processor). You must leave this FTP screen to edit. 318 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 319
" sets the transfer mode to binary. 3 Upload your "rom-t" file from your computer to the ZyXEL Device using the "put" command. computer to the ZyXEL Device. 4 Exit none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> put rom-t ftp>bye P-660HW-Dx v2 User's Guide 319 - ZyXEL P-660HW-D1 v2 | User Guide - Page 320
ZyXEL Device. Table 138 Menu 1 General Setup / Menu 1 General Setup FIN FN 10000000 = Configured 10000001 = System Name 10000002 = Location 10000003 = Contact Person's Name 10000004 = Route IP 10000006 = Bridge = 256 = 256 = 256 = 256 = 256 = 256 = 256 320 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 321
12) 30200016 = IP Policies Set 4 (1~12) / Menu 3.2.1 IP Alias Setup FIN FN 30201001 = IP Alias 1 30201002 = 30201003 = 30201004 = IP = 0.0.0.0 = 0.0.0.0 = 172.21.2.200 = 16 = 0 = 0 = 2 = 256 = 256 = 256 = 256 INPUT = 0 = 0.0.0.0 = 0 = 0 = 0 = 256 = 256 P-660HW-Dx v2 User's Guide 321 - ZyXEL P-660HW-D1 v2 | User Guide - Page 322
3(Out Only)> = 0 = 0.0.0.0 = 0 = 0 = 0 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256 Table 140 Menu 4 Internet Access Setup / Menu 4 Internet Access Setup FIN FN 40000000 = Configured 322 PVA INPUT = 1 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 323
VCI # Service Name My Login My Password Single User filter set 4 ISP PPPoE idle timeout Route IP Bridge ATM QoS Type Peak Cell Rate (PCR) = test@pqa = 1234 = 1 = 1 = 0.0.0.0 = 0.0.0.0 = 0 = 6 = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 0 = 1 = 0 = 1 = 0 = 0 = 0 P-660HW-Dx v2 User's Guide 323 - ZyXEL P-660HW-D1 v2 | User Guide - Page 324
142 Menu 15 SUA Server Setup / Menu 15 SUA Server Setup FIN FN 150000001 = SUA Server IP address for default port 150000002 = SUA Server #2 Active 150000003 = SUA Server #2 Protocol PVA INPUT = 0.0.0.0 = 0 324 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 325
15 SUA Server Setup (continued) 150000004 = SUA Server #2 Port Start 150000005 = SUA Server #2 Port End 150000006 = 0 = 0 = 0.0.0.0 = 0 = 0 = 0 = 0.0.0.0 = 0 P-660HW-Dx v2 User's Guide 325 - ZyXEL P-660HW-D1 v2 | User Guide - Page 326
Port 210101007 = IP Filter Set 1,Rule 1 Dest Port Comp 210101008 = IP Filter Set 1,Rule 1 Src IP address PVA INPUT = PVA INPUT = 2 = 1 = 6 = 0.0.0.0 = 0 = 137 = 0.0.0.0 326 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 327
)> Table 144 Menu 21.1 Filer Set #2, / Menu 21.1 filter set #2, FIN FN 210200001 = Filter Set 2, Nam / Menu 21.1.2.1 Filter set #2, rule #1 PVA INPUT = NetBIOS_WAN P-660HW-Dx v2 User's Guide 327 - ZyXEL P-660HW-D1 v2 | User Guide - Page 328
)|3 (drop)> PVA INPUT = 2 = 1 = 6 = 0.0.0.0 = 0 = 137 = 1 = 0.0.0.0 = 0 = 0 = 0 = 3 = 1 INPUT = 2 = 1 = 6 = 0.0.0.0 = 0 = 138 = 1 = 0.0.0.0 328 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 329
forward)|3 (drop)> Table 145 Menu 23 System Menus */ Menu 23.1 System Password Setup FIN FN 230000000 = System Password */ Menu 23.2 System security: radius server FIN FN 230200001 = Authentication Server Configured = 1 = 192.168.1.44 = 1823 = 1234 INPUT = 2 P-660HW-Dx v2 User's Guide 329 - ZyXEL P-660HW-D1 v2 | User Guide - Page 330
Secured IP address WEB Server Port WEB Server Access 241100009 = WEB Server Secured IP address PVA INPUT = 23 = 0 = 0.0.0.0 = 21 = 0 = 0.0.0.0 = 80 = 0 = 0.0.0.0 330 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 331
following are example Internal SPTGEN screens associated with the ZyXEL Device's command interpreter commands. Table 147 Command Examples annex a): wan adsl opencmd FIN FN PVA INPUT 990000001 = ADSL OPMD /ci command (for annex B): wan adsl - ZyXEL P-660HW-D1 v2 | User Guide - Page 332
Appendix F Internal SPTGEN 332 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 333
configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default . Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and 660HW-Dx v2 User's Guide 333 - ZyXEL P-660HW-D1 v2 | User Guide - Page 334
pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings...to open the Pop-up Blocker Settings screen. 334 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 335
://". For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 199 Pop-up Blocker Settings P-660HW-Dx v2 User's Guide 335 - ZyXEL P-660HW-D1 v2 | User Guide - Page 336
Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. 336 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 337
down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 202 Security Settings - Java P-660HW-Dx v2 User's Guide 337 - ZyXEL P-660HW-D1 v2 | User Guide - Page 338
Advanced tab. 2 Make sure that Use Java 2 for under Java (Sun) is selected. 3 Click OK to close the window. Figure 203 Java (Sun) 338 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 339
services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. You can configure modes for The ZyXEL Device. NetBIOS Display Filter Settings Command Example =========== NetBIOS Filter Status Between LAN and WAN: Block IPSec Packets: Forward Trigger Dial: Disabled P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 340
forwarded. Forward Trigger dial This field displays whether NetBIOS packets are allowed to initiate calls. Disabled means that NetBIOS packets are blocked from initiating calls. Disabled NetBIOS Filter Configuration commands from initiating calls. config 4 off 340 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 341
passes through the ZyXEL Device to protect your LAN against attacks. Figure 204 Ideal Setup The "Triangle Route" Problem A traffic route is through the ZyXEL Device. As a result, the ZyXEL Device resets the connection, as the connection has not been acknowledged. P-660HW-Dx v2 User's Guide 341 - ZyXEL P-660HW-D1 v2 | User Guide - Page 342
initiates a connection by sending a SYN packet to a receiving server on the WAN. 2 The ZyXEL Device reroutes the packet to Gateway A, which is in Subnet 2. 3 The reply from WAN goes through the ZyXEL Device to the computer on the LAN in Subnet 1. Figure 206 IP Alias 342 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 343
electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL others. ZyXEL further reserves the instructions, may - ZyXEL P-660HW-D1 v2 | User Guide - Page 344
IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to channels 1 through 11. • To comply with FCC RF exposure compliance 1 Go to http://www.zyxel.com. 2 Select your product on the ZyXEL home page to go to that product's page. 344 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 345
you specific legal rights, and you may also have other rights that vary from country to country. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-660HW - ZyXEL P-660HW-D1 v2 | User Guide - Page 346
Appendix J Legal Information 346 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 347
, Tercer Piso, San José, Costa Rica Czech Republic • E-mail: [email protected] • Telephone: +420-241-091-350 • Fax: +420-241-091-359 • Web Site: www.zyxel.cz • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 Modrany, Ceská Republika P-660HW-Dx v2 User's Guide 347 - ZyXEL P-660HW-D1 v2 | User Guide - Page 348
@zyxel.hu • Sales E-mail: [email protected] • Telephone: +36-1-3361649 • Fax: +36-1-3259100 • Web Site: www.zyxel.hu • Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str., H-1025, Budapest, Hungary Kazakhstan • Support: http://zyxel.kz/support • Sales E-mail: [email protected] 348 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 349
+7-095-542-89-29 • Fax: +7-095-542-89-25 • Web Site: www.zyxel.ru • Regular Mail: ZyXEL Russia, Ostrovityanova 37a Str., Moscow, 117279, Russia Spain • Support E-mail: [email protected] • Sales E-mail: [email protected] • Telephone: +34-902-195-420 • Fax: +34-913-005-345 P-660HW-Dx v2 User's Guide 349 - ZyXEL P-660HW-D1 v2 | User Guide - Page 350
• Web Site: www.zyxel.co.uk • FTP Site: ftp.zyxel.co.uk • Regular Mail: ZyXEL Communications UK, Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK) "+" is the (prefix) number you dial to make an international telephone call. 350 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 351
gateway 267 P-660HW-Dx v2 User's Guide Index Index B backup 253 backup gateway 267 backup settings 253 backup type 90 bandwidth 67 budget 193 bandwidth management 67, 187 bandwidth manager class configuration 192 monitor 197 summary 191 Basic Service Set, See BSS 271 Basic wireless security 63 - ZyXEL P-660HW-D1 v2 | User Guide - Page 352
ports creating / editing 164 customer support 347 customized services 164 D date and time settings 229 default 255 default LAN IP address 39 default settings 253, 254 Denial of Service 311 creating/editing rules 161 custom ports 164 enabling 158 firewall vs filters 153 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 353
152 introduction 144 LAN to WAN rules 158 policies 155 rule checklist 156 rule configuration key fields 157 rule logic 156 rule security ramifications 156 services 169 types 143 when to use 153 firmware 33, 251 upgrade 251 upload 251 upload error 252 fragmentation threshold 274 FTP 67, 134, 204, 207 - ZyXEL P-660HW-D1 v2 | User Guide - Page 354
265 PPPoA 76 PPPoE 75 Benefits 75 PPTP 134 preamble mode 275 Priorities 122 priority 191, 193 priority-based scheduler 188 product registration 345 PSK 280 Q quick start guide 39 R RADIUS 276 message types 277 messages 277 shared secret key 277 RADIUS server 107 reboot 255 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 355
269 security general 152 ramifications 156 Server 132 server 131, 132, 230 service 157 service set 109 Service Set IDentity See SSID service type 165 services 134 P-660HW-Dx v2 User's Guide settings backup 253 defaults 253 restore 254 setup, general 227 Single User Account see SUA SIP ALG 132 SIP - ZyXEL P-660HW-D1 v2 | User Guide - Page 356
107 MAC address filter 106 security 106 SSID 105 wireless security 106, 275 wizard icon 53 WLAN interference 273 security parameters 282 world wide web 204 WPA 279 key caching 280 pre-authentication 280 user authentication 280 vs WPA-PSK 280 wireless client supplicant 281 P-660HW-Dx v2 User's Guide - ZyXEL P-660HW-D1 v2 | User Guide - Page 357
280 wireless client supplicant 281 with RADIUS application example 281 WPA2-Pre-Shared Key 279 WPA2-PSK 279, 280 application example 281 WPA-PSK 279, 280 application example 281 WWW 127 Z zero configuration Internet access 80 ZyXEL's firewall introduction 144 Index P-660HW-Dx v2 User's Guide 357 - ZyXEL P-660HW-D1 v2 | User Guide - Page 358
Index 358 P-660HW-Dx v2 User's Guide
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
 |
 |
www.zyxel.com
P-660HW-Dx v2
802.11g Wireless ADSL2+ 4-port Gateway
User’s Guide
Version 3.40
3/2007
Edition 2