ZyXEL P-660HW-T1 v3 User Guide
ZyXEL P-660HW-T1 v3 Manual
 |
View all ZyXEL P-660HW-T1 v3 manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL P-660HW-T1 v3 manual content summary:
- ZyXEL P-660HW-T1 v3 | User Guide - Page 1
P-660HW-Tx v3 Series 802.11g Wireless ADSL2+ 4-port Gateway Default Login Details IP Address http://192.168.1.1 Admin Password 1234 User Password user Firmware Version 3.70 Editionw2w,w.1zy0x/el2.c0om10 www.zyxel.com Copyright © 2010 ZyXEL Communications Corporation - ZyXEL P-660HW-T1 v3 | User Guide - Page 2
- ZyXEL P-660HW-T1 v3 | User Guide - Page 3
or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: [email protected] P-660HW-Tx v3 Series User's Guide 3 - ZyXEL P-660HW-T1 v3 | User Guide - Page 4
About This User's Guide Customer Support In the event of problems that cannot be solved by using this manual, you should contact your updated firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate. 4 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 5
(for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The P-660HW-Tx v3 may be referred to as the "ZyXEL Device", the "device", the "system" or the "product" in this User's Guide. • Product labels, screen names, field labels and field - ZyXEL P-660HW-T1 v3 | User Guide - Page 6
Conventions Icons Used in Figures Figures in this User's Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch 6 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 7
high voltage points or other risks. ONLY qualified service personnel should service or disassemble ports. • Place connecting cables carefully so that no one will step on them or stumble over them. • Always disconnect all cables from this device before servicing 660HW-Tx v3 Series User's Guide 7 - ZyXEL P-660HW-T1 v3 | User Guide - Page 8
Safety Warnings 8 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 9
of Service (QoS) ...253 Dynamic DNS Setup ...269 Remote Management ...273 Universal Plug-and-Play (UPnP 281 Maintenance ...293 System Settings ...295 Logs ...301 Tools ...315 Diagnostic ...329 Troubleshooting and Specifications 333 Troubleshooting ...335 P-660HW-Tx v3 Series User's Guide 9 - ZyXEL P-660HW-T1 v3 | User Guide - Page 10
Contents Overview Product Specifications ...341 Appendices and Index ...349 10 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 11
the Web Configurator 29 2.1 Overview ...29 2.1.1 Accessing the Web Configurator 29 2.2 Web Configurator Main Screen 31 2.2.1 Title Bar ...32 2.2.2 Navigation Panel ...32 2.2.3 Main Window ...34 2.2.4 Status Bar ...34 Chapter 3 Status Screens ...35 P-660HW-Tx v3 Series User's Guide 11 - ZyXEL P-660HW-T1 v3 | User Guide - Page 12
Up Wireless Network Scheduling 50 4.3 Setting Up Multiple Wireless Groups 52 4.4 Configuring the MAC Address Filter 56 4.5 Setting Up NAT Port Forwarding 58 4.5.1 Default Server ...58 4.5.2 Port Forwarding ...59 4.6 Access the ZyXEL Device Using DDNS 61 4.6.1 Registering a DDNS Account on www - ZyXEL P-660HW-T1 v3 | User Guide - Page 13
Advanced Internet Access Setup 104 6.3 The More Connections Screen 107 6.3.1 More Connections Edit 108 6.3.2 Configuring More Connections Advanced Setup 111 6.4 WAN Technical Reference 113 6.4.1 Encapsulation ...113 6.4.2 Multiplexing ...114 6.4.3 VPI and VCI ...114 6.4.4 IP Address Assignment - ZyXEL P-660HW-T1 v3 | User Guide - Page 14
WiFi Protected Setup (WPS 163 Chapter 9 Network Address Translation (NAT 171 9.1 Overview ...171 9.1.1 What You Can Do in the NAT Screens 171 9.1.2 What You Need To Know About NAT 171 9.2 The NAT General Setup Screen 173 9.3 The Port Forwarding Screen 174 14 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 15
Route ...207 Chapter 11 Content Filtering ...211 11.1 Overview ...211 11.1.1 What You Can Do in the Content Filter Screens 211 11.1.2 What You Need to Know About Content Filtering 211 11.1.3 Before You Begin ...211 11.1.4 Content Filtering Example 212 P-660HW-Tx v3 Series User's Guide 15 - ZyXEL P-660HW-T1 v3 | User Guide - Page 16
Filter Screen 219 12.1.2 What You Need to Know About the Packet Filter 219 12.2 The Packet Filter Screen 220 12.2.1 Editing Protocol Filters 221 12.2.2 Configuring Protocol Filter Rules 222 12.2.3 Editing Generic Filters 223 12.2.4 Configuring .1Q/1P...243 16 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 17
Management Screens 274 18.1.2 What You Need to Know About Remote Management 274 18.2 The WWW Screen ...275 18.2.1 Configuring the WWW Screen 275 18.3 The Telnet Screen ...276 18.4 The FTP Screen ...277 18.5 The DNS Screen ...278 18.6 The ICMP Screen ...279 P-660HW-Tx v3 Series User's Guide 17 - ZyXEL P-660HW-T1 v3 | User Guide - Page 18
.2 The View Log Screen ...302 21.3 The Log Settings Screen 303 21.4 SMTP Error Messages ...305 21.4.1 Example E-mail Log 305 21.5 Log Descriptions ...306 Chapter 22 .2 The Firmware Screen ...323 22.3 The Configuration Screen 325 22.4 The Restart Screen ...328 18 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 19
A Setting up Your Computer's IP Address 351 Appendix B Pop-up Windows, Javascript and Java Permissions 375 Appendix C IP Addresses and Subnetting 385 Appendix D Wireless LANs 395 Appendix E Services ...411 Appendix F Legal Information 415 Index...419 P-660HW-Tx v3 Series User's Guide 19 - ZyXEL P-660HW-T1 v3 | User Guide - Page 20
Table of Contents 20 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 21
PART I Introduction Introducing the ZyXEL Device (23) Introducing the Web Configurator (29) Status Screens (35) Tutorials (43) 21 - ZyXEL P-660HW-T1 v3 | User Guide - Page 22
22 - ZyXEL P-660HW-T1 v3 | User Guide - Page 23
ISDN (Integrated Services Digital Network) or T-ISDN (UR-2). Only use firmware for your ZyXEL Device's specific model. Refer to the label on the bottom of your ZyXEL Device. Note: All screens displayed in this user's guide are from the P-660HW-T1 v3 model. See the product specifications for a full - ZyXEL P-660HW-T1 v3 | User Guide - Page 24
backed up an earlier configuration file, you would not have to totally re-configure the ZyXEL Device. You could simply restore your last configuration. 1.4 Applications for the ZyXEL Device Here are some example uses for which the ZyXEL Device is well suited. 24 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 25
ports (or wirelessly). Figure 1 ZyXEL Device's Router Features LAN DSL You can also configure firewall and content filtering on the ZyXEL Device for secure Internet access and download files. Use content filtering to block access to specific web downloading. P-660HW-Tx v3 Series User's Guide 25 - ZyXEL P-660HW-T1 v3 | User Guide - Page 26
and ready for use. Blinking The ZyXEL Device is self-testing. Red On The ZyXEL Device detected an error while self-testing, or there is a device malfunction. Off The ZyXEL Device is not receiving power. the DSL line. Off The DSL line is down. 26 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 27
Guide for information on hardware connections. 1.6 The RESET Button If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the device to reload the factory-default configuration strong security. P-660HW-Tx v3 Series User's Guide 27 - ZyXEL P-660HW-T1 v3 | User Guide - Page 28
Press the WPS WLAN ON/OFF button for less than five seconds and release it. The WLAN/WPS LED should change from on to off or vice versa. 1.7.2 Activate WPS 1 Make sure the POWER LED is on (not blinking other. See Section 8.8.8 on page 163 for more information. 28 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 29
has a dual login system. The default non-readable characters represents the user password (user by default). Clicking Login without entering any password brings you to the system's status screen. To access the administrative web configurator and manage the P-660HW-Tx v3 Series User's Guide 29 - ZyXEL P-660HW-T1 v3 | User Guide - Page 30
. It is strongly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now. Figure 4 Change Password Screen 30 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 31
Default Certificate Screen Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. 2.2 Web Configurator Main Screen Figure 6 Main Screen A B C D P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 32
configure LAN DHCP settings. Client List Use this screen to view current DHCP client information and to always assign specific IP addresses to individual MAC addresses (and host names). IP Alias Use this screen to partition your LAN interface into subnets. 32 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 33
QoS and traffic prioritizing, and configure bandwidth management on the WAN. Class Setup Use this screen to define a classifier. Monitor Use this screen to view each queue's statistics. Dynamic DNS This screen allows you to use a static hostname alias for a dynamic IP address. P-660HW-Tx v3 - ZyXEL P-660HW-T1 v3 | User Guide - Page 34
(es) users can use FTP to access the ZyXEL Device. DNS Use this screen to configure through which interface(s) and from which IP address(es) users can send DNS queries to the ZyXEL Device. ICMP Use this screen to set whether or not your device will respond to pings and probes for services that - ZyXEL P-660HW-T1 v3 | User Guide - Page 35
at the current status of the device, system resources, and interfaces (LAN and WAN). The Status screen also provides detailed information from Any IP and DHCP and statistics from bandwidth management, and traffic. 3.2 The Status Screen Use this screen to view the status of the ZyXEL Device. Click - ZyXEL P-660HW-T1 v3 | User Guide - Page 36
a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients. None - The ZyXEL Device is not providing any DHCP services to the LAN. Click this to go to the screen where you can change it. 36 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 37
reset it. Current Date/Time This field displays the current date and time in the ZyXEL Device. You can change this in Maintenance > System > Time Setting. System Mode This displays whether the ZyXEL Device is functioning as a router or a bridge Device has. P-660HW-Tx v3 Series User's Guide 37 - ZyXEL P-660HW-T1 v3 | User Guide - Page 38
. Click this link to view a list of IP addresses and MAC addresses of computers, which are not in the same subnet port status and packet specific statistics. See Section 3.6 on page 40. 3.3 Client List See Section 7.4 on page 126 for information on this screen. 38 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 39
this screen. 3.5 Any IP Table Click Status > AnyIP Table to access this screen. Use this screen to view the IP address and MAC address of each computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device. Figure 9 Any IP Table P-660HW-Tx v3 Series User's Guide 39 - ZyXEL P-660HW-T1 v3 | User Guide - Page 40
only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Click Status > Packet Statistics to access this screen. Figure 10 Packet Statistics 40 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 41
of memory utilization. WAN Port Statistics Link Status This is the status of your WAN link. WAN IP Address This is the IP address of the ZyXEL Device's WAN port. Upstream Speed This is . Click this to halt the refreshing of the system statistics. P-660HW-Tx v3 Series User's Guide 41 - ZyXEL P-660HW-T1 v3 | User Guide - Page 42
Chapter 3 Status Screens 42 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 43
Groups, see page 52 • Configuring the MAC Address Filter, see page 56 • Setting Up NAT Port Forwarding, see page 58 • Access the ZyXEL Device Using DDNS, see page 61 • Configuring Static Route for Routing to Another Network, see page 65 • Multiple Public and Private IP Address Mappings, see page 67 - ZyXEL P-660HW-T1 v3 | User Guide - Page 44
to set up a wireless network. SSID Security Mode Pre-Shared Key 802.11 Mode Example WPA-PSK DoNotStealMyWirelessNetwork Mixed 1 Click Network > Wireless LAN to open the AP screen. Configure the screen using the provided parameters (see page 44). Click Apply. 44 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 45
the ZyXEL Device. Push Button Configuration (PBC) 1 Make sure that your ZyXEL Device is turned on and your notebook is within the cover range of the wireless signal. 2 Make sure that you have installed the wireless client driver and utility in your notebook. P-660HW-Tx v3 Series User's Guide 45 - ZyXEL P-660HW-T1 v3 | User Guide - Page 46
Alternatively, you may log into ZyXEL Device's web configurator and click the Push Button in the Network > panel as well as a WPS button in its configuration utility. Both buttons have exactly the same function: The ZyXEL Device sends the proper configuration settings to the wireless client. - ZyXEL P-660HW-T1 v3 | User Guide - Page 47
Device and wireless client. Example WPS Process: PBC Method Wireless Client ZyXEL Device WITHIN 2 MINUTES SECURITY INFO Press and hold for more than 5 seconds COMMUNICATION P-660HW-Tx v3 Series User's Guide 47 - ZyXEL P-660HW-T1 v3 | User Guide - Page 48
screen within two minutes. The ZyXEL Device authenticates the wireless client and sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the ZyXEL Device securely. 48 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 49
Device and a wireless client by using PIN method. Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION P-660HW-Tx v3 Series User's Guide 49 - ZyXEL P-660HW-T1 v3 | User Guide - Page 50
to access the Internet on weekends; occasionally he uses it at night on weekdays. Here is how Thomas can set up a schedule to turn on the wireless network at specific time and days. 1 Click Network > Wireless Network > Scheduling to open the following screen. 50 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 51
Chapter 4 Tutorials 2 Configure the screen as follows. Turn on the wireless network from Mondays to Fridays between 18:00 and 23:30. Turn on the wireless network all day on Saturdays and Sundays. Click Apply. P-660HW-Tx v3 Series User's Guide 51 - ZyXEL P-660HW-T1 v3 | User Guide - Page 52
mode and QoS control. Company A will use the following parameters to set up the wireless network groups. SSID Security Mode Pre-Shared Key QoS COMPANY Company WPA2-PSK ForCompanyOnly Default VIP VIP WPA2-PSK ForVIPOnly High GUEST Guest Static WEP Guest Low 52 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 53
set up the company's general wireless network group. Configure the screen using the provided parameters and click Apply. 2 Click Network > Wireless LAN > More AP to open the following screen. Click the Edit icon to configure the second wireless network group. P-660HW-Tx v3 Series User's Guide 53 - ZyXEL P-660HW-T1 v3 | User Guide - Page 54
Chapter 4 Tutorials 3 Configure the screen using the provided parameters and click Apply. 4 In the More AP screen, click the Edit icon to configure the third wireless network group. 54 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 55
Chapter 4 Tutorials 5 Configure the screen using the provided parameters and click Apply. 6 Activate the wireless network groups and click Apply. P-660HW-Tx v3 Series User's Guide 55 - ZyXEL P-660HW-T1 v3 | User Guide - Page 56
Internet through the ZyXEL Device. Thomas can deny access to the wireless network using the MAC address of Josephine's computer. Thomas Josephine 1 Click Network > LAN > Client List to open the following screen. Look for the MAC address of Josephine's computer. 56 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 57
screen. Click the Edit button in the MAC Filter field. 3 Select Active MAC Filter and Deny Filter Action. Enter the MAC address you found in the Client List screen. Click Apply. Josephine will no longer be able to access the Internet through the ZyXEL Device. P-660HW-Tx v3 Series User's Guide 57 - ZyXEL P-660HW-T1 v3 | User Guide - Page 58
another server. There is no need to enter any port number. Note: Setting a device as the default server exposes the device to potential attacks. Any port service trying to access the ZyXEL Device's WAN IP address will be forwarded to the default server. It is recommended that you set up a firewall - ZyXEL P-660HW-T1 v3 | User Guide - Page 59
field. Click Apply. 4.5.2 Port Forwarding If the default server is already assigned to another server, configure the ports for Xbox 360. 1 Click Network > NAT to open the General screen. Select Active Network Address Translation and SUA Only. Click Apply. P-660HW-Tx v3 Series User's Guide 59 - ZyXEL P-660HW-T1 v3 | User Guide - Page 60
Service Name field. 3 Configure the screen as follows to open TCP/UDP port 53 for Xbox 360. Click Apply. 4 Repeat steps 2 and 3 to open the rest of the ports for Xbox 360. The port forwarding settings you configured are listed in the Port Forwarding screen. 60 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 61
a domain name. http://zyxelrouter.dyndns.org A w.x.y.z a.b.c.d To use this feature, you have to apply for DDNS service at www.dyndns.org. This tutorial shows you how to: • Registering a DDNS Account on www.dyndns.org • Configuring DDNS on Your ZyXEL Device P-660HW-Tx v3 Series User's Guide 61 - ZyXEL P-660HW-T1 v3 | User Guide - Page 62
mode. 2 Configure the following settings in the Advanced > Dynamic DNS screen. 2a Select Active Dynamic DNS. 2b Select Dynamic DNS for the DDNS type. 2c Type zyxelrouter.dyndns.org in the Host Name field. 2d Enter the user name (UserName1) and password (12345). 62 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 63
. 2 Select WAN to WAN / Router and select the number of the last rule that has been configured on this screen. Click Add. 3 The Edit Rule screen opens. Configure the screen using the following settings. 3a Select Active. 3b Select Permit for matched packets. P-660HW-Tx v3 Series User's Guide 63 - ZyXEL P-660HW-T1 v3 | User Guide - Page 64
the DDNS Setting Now you should be able to access the ZyXEL Device from the Internet. To test this: 1 Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet. 2 Type http://zyxelrouter.dyndns.org and press [Enter]. 64 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 65
may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings. In the following figure, Device's WAN default gateway by default. In this case, B will never receive the traffic. N1 A R N2 B P-660HW-Tx v3 Series User's Guide 65 - ZyXEL P-660HW-T1 v3 | User Guide - Page 66
.1.253 R's N2 192.168.10.2 B 192.168.10.33 To configure a static route to route traffic from N1 to N2: 1 Log into the ZyXEL Device's Web Configurator in advanced mode. 2 Click Advanced > Static Route. 3 Click Edit on a new rule in the Static Route screen. 66 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 67
your ISP gives you more than one static IP address for your Internet access, you can map each IP address for a specific service. This tutorial assumes you are given two static public IP addresses. You want to map them to two servers A and B. IP-1 IP-2 A B C P-660HW-Tx v3 Series User's Guide 67 - ZyXEL P-660HW-T1 v3 | User Guide - Page 68
your applications can use random public IP addresses and the applications are initiated from the Intranet computers (A and B). For example, VoIP application. See Section 4.8.2 on page 70 if it is not. 1 IP-1 2 A B C To configure this: 1 Click Network > NAT. 68 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 69
Address Mapping tab, and then click the Edit icon on a new rule. 4 Configure the rule using the following settings: • Type: Many-to-Many No Overload • Local IP addresses: 192.168.1.2 ~ 192.168.1.3 • Global IP addresses: 172.16.1.253 ~ 172.16.1.254 Then click Apply. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 70
tab, click the Edit icon on a new rule. 4 Configure two rules for the one-to-one mappings: • Rule 1 (This maps the public IP address 172.16.1.253 to the private IP address 192.168.1.2) Type: One-to-One Local Start IP: 192.168.1.2 Global Start IP: 172.16.1.253 70 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 71
or calculate service charges. In Figure 11, three WAN connections are configured over the ADSL line: • The connection with VPI/VCI, 0/33, is dedicated for Media-On-Demand (MOD) service. • The connection with VPI/VCI, 0/34, is dedicated for VoIP service. P-660HW-Tx v3 Series User's Guide 71 - ZyXEL P-660HW-T1 v3 | User Guide - Page 72
Bit Rate (CBR) for VoIP and Unspecified Bit Rate (UBR) for general data ATM-QoS setting. port 4 port 1~3 PVC: 0/35 PVC: 0/33 : Voice : General Data This tutorial also dedicates the ZyXEL Device LAN port 4 for voice and ports 1~3 for general data traffic. 72 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 73
data transmission. This tutorial uses the following example settings: • Line Modulation: Multi Mode • Mode: Routing • Encapsulation: PPPoE • User Name: PPPoEuser1 • Password: 1234 • PVC: LLC, 0/35 Leave the other settings as their defaults and click Apply. P-660HW-Tx v3 Series User's Guide 73 - ZyXEL P-660HW-T1 v3 | User Guide - Page 74
ATM QoS Type field. Click Apply. 3 Click the More Connections tab and then click the Edit icon next to the entry two. 4 Then configure the screen using the following example settings: • Select Active. • Name: PVC-for-VoIP • Mode: Routing • Encapsulation: ENET ENCAP 74 P-660HW-Tx v3 Series User - ZyXEL P-660HW-T1 v3 | User Guide - Page 75
• PVC: LLC, 0/33 Chapter 4 Tutorials Click Apply. 5 Click the Advanced Setup button and then select CBR in the ATM QoS Type field. Click Apply. P-660HW-Tx v3 Series User's Guide 75 - ZyXEL P-660HW-T1 v3 | User Guide - Page 76
. • Class Configuration: • Select Active. • Enter a descriptive name for this rule. For example, VoIP. • Interface: From LAN • Priority: 7 (Highest) • Routing Policy: To WAN Index • WAN Index: 2 • Filter Configuration: • Service: VoIP(SIP) • Physical Port: 4 76 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 77
Chapter 4 Tutorials Click Apply. P-660HW-Tx v3 Series User's Guide 77 - ZyXEL P-660HW-T1 v3 | User Guide - Page 78
the following example settings. • Class Configuration: • Select Active. • Enter a descriptive name for this rule. For example, General Data. • Interface: From LAN • Priority: 2 (Default) • Routing Policy: To WAN Index • WAN Index: 1 • Filter Configuration: 78 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 79
• Physical Port: 1~3 (means to exclude port 4) Chapter 4 Tutorials Click Apply. P-660HW-Tx v3 Series User's Guide 79 - ZyXEL P-660HW-T1 v3 | User Guide - Page 80
4 Tutorials 5 Click the General tab. Then select Active QoS and click Apply. Now you can connect a VoIP phone to the ZyXEL Device's LAN port 4 and computers to port 1~3. The ZyXEL Device classifies and prioritizes voice traffic to optimize voice quality. 80 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 81
PART II Wizard Internet and Wireless Setup Wizard (83) 81 - ZyXEL P-660HW-T1 v3 | User Guide - Page 82
82 - ZyXEL P-660HW-T1 v3 | User Guide - Page 83
Internet Access Wizard Setup 1 After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to go to the wizards. Figure 12 Select a Mode P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 84
, click Manually configure your Internet connection. Follow the directions in the wizard and enter your Internet setup information as setup and configure the wireless LAN settings, leave Yes selected and click Next. Figure 14 Auto Detection: No DSL Connection 84 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 85
username, password and/or service name) exactly as provided by your ISP. Then click Next and see Section 5.3 on page 92 for wireless connection wizard setup 86 on how to manually configure the ZyXEL Device for Internet access. Figure 16 Auto Detection: Failed P-660HW-Tx v3 Series User's Guide 85 - ZyXEL P-660HW-T1 v3 | User Guide - Page 86
in this screen. Table 10 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode Select Routing (default) from the drop-down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account. Select Bridge when your ISP provides you more - ZyXEL P-660HW-T1 v3 | User Guide - Page 87
varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 5.3 on page 92 for wireless connection wizard setup Figure 18 Internet Connection with PPPoE P-660HW-Tx v3 Series User's Guide 87 - ZyXEL P-660HW-T1 v3 | User Guide - Page 88
Name Type the name of your PPPoE service here. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 19 Internet Connection with RFC 1483 88 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 89
Type your ISP assigned IP address in this field. Click this to return to the previous screen without saving. Click this to continue to the next wizard screen. Click this to close the wizard screen without saving. Figure 20 Internet Connection with ENET ENCAP P-660HW-Tx v3 Series User's Guide 89 - ZyXEL P-660HW-T1 v3 | User Guide - Page 90
DHCP clients along with the IP address and the subnet mask. As above. Click this to return to the previous screen without saving. Click this to save your changes. Click this to close the wizard screen without saving. Figure 21 Internet Connection with PPPoA 90 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 91
. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. • If the user name and/or password you entered for PPPoE or PPPoA connection are not correct, the screen displays as shown next. Click Back to Username and Password setup to go back to the screen - ZyXEL P-660HW-T1 v3 | User Guide - Page 92
LAN Setup Wizard 1 The following table describes the labels in this screen. Table 15 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Back Click this to return to the previous screen without saving. 92 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 93
page 95 for more information. Back Select Disable wireless security to have no wireless LAN security configured and your network is accessible to any wireless networking device that is within range. Click this to return to the previous screen without saving. P-660HW-Tx v3 Series User's Guide 93 - ZyXEL P-660HW-T1 v3 | User Guide - Page 94
LAN screens. You need to configure an authentication server to do this. Back Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. 94 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 95
Setup Wizard 5.3.2 Manually Assign a WEP Key Choose Manually assign a WEP key to setup WEP Encryption parameters. Figure 28 Manually Assign a WEP key The following table describes the labels in this screen. Table 18 Manually . Figure 29 Wireless LAN Setup 3 P-660HW-Tx v3 Series User's Guide 95 - ZyXEL P-660HW-T1 v3 | User Guide - Page 96
to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. 96 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 97
PART III Network WAN Setup (99) LAN Setup (119) Wireless LAN (137) Network Address Translation (NAT) (171) 97 - ZyXEL P-660HW-T1 v3 | User Guide - Page 98
98 - ZyXEL P-660HW-T1 v3 | User Guide - Page 99
• Use the Internet Access Setup screen (Section 6.2 on page 101) to configure the WAN settings on the ZyXEL Device for Internet access. • Use the More Service Provider). If your ISP offers a dial-up Internet connection using PPPoE (PPP over Ethernet) or PPPoA, P-660HW-Tx v3 Series User's Guide 99 - ZyXEL P-660HW-T1 v3 | User Guide - Page 100
Chapter 6 WAN Setup they should also provide a username and password (and service name) for user authentication. WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other - ZyXEL P-660HW-T1 v3 | User Guide - Page 101
The Internet Access Setup Screen Use this screen to change your ZyXEL Device's WAN settings. Click Network > WAN > Internet Access Setup. The screen differs by the WAN type and encapsulation you select. Figure 32 Network > WAN >Internet Access Setup (PPPoE) P-660HW-Tx v3 Series User's Guide 101 - ZyXEL P-660HW-T1 v3 | User Guide - Page 102
, ADSL2+ AnnexM, READSL2 Mode, ANSI T1.413 and ADSL G.lite. Select Routing (default) from the drop-down list box if your ISP gives you one IP address only and you want multiple computers to share an Internet account. Select Bridge when your ISP provides you more than one IP address and you want the - ZyXEL P-660HW-T1 v3 | User Guide - Page 103
Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply. Select None if you do not want to configure DNS servers. You must have another DNS server on your LAN, or else the computers must have their DNS server addresses manually configured. If you do not - ZyXEL P-660HW-T1 v3 | User Guide - Page 104
the labels in this screen. Table 20 Network > WAN > Internet Access Setup: Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup This section is not available when you configure the ZyXEL Device to be in bridge mode. RIP Direction RIP (Routing Information Protocol) allows a router to - ZyXEL P-660HW-T1 v3 | User Guide - Page 105
Access Setup: Advanced Setup supports IGMP-v1, IGMP-v2 and IGMP-v3. Select None to disable it. ATM QoS ATM QoS . Note that system default is 0 cells/sec a public WAN IP address. PPPoE pass Filter Incoming Filter Sets For PPPoA and RFC 1483, the MTU is 65535. P-660HW-Tx v3 Series User's Guide 105 - ZyXEL P-660HW-T1 v3 | User Guide - Page 106
You can configure generic filters in the Packet Filter screen. See Chapter 12 on page 219 for more details. Click this to return to the previous screen without saving. Click this to save your changes. Click this to restore your previously saved settings. 106 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 107
this icon on an empty configuration to add a new Internet access setup. Apply Cancel Click the Remove icon to delete the Internet access setup from your connection list. Click this to save your changes. Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide 107 - ZyXEL P-660HW-T1 v3 | User Guide - Page 108
Chapter 6 WAN Setup 6.3.1 More Connections Edit Use this screen to configure a connection. Click the edit icon in the More Connections screen to display the following screen. Enter a unique, descriptive name of up to 13 ASCII characters for this connection. 108 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 109
address in the IP Address field below. Subnet Mask If you use RFC 1483, enter the IP address given by your ISP in the IP Address field. This option is available if you select ENET ENCAP in the Encapsulation field. Enter a subnet mask in dotted decimal notation. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 110
available only when you select Routing in the Mode field. Select SUA Only if you have one public IP address and want to use NAT. Click Edit Detail to go to the Port Forwarding screen to edit a server mapping set. Back Apply Cancel Advanced Setup Otherwise, select None to disable NAT. Click this - ZyXEL P-660HW-T1 v3 | User Guide - Page 111
Edit: Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup This section is not available when you configure the ZyXEL Device to be in bridge mode. RIP Direction . The ZyXEL Device supports IGMP-v1, IGMP-v2 and IGMP-v3. Select None to disable it. ATM QoS P-660HW-Tx v3 Series User's Guide 111 - ZyXEL P-660HW-T1 v3 | User Guide - Page 112
default filter(s) to control outgoing traffic. You may choose up to 4 sets of filters. Back You can configure generic filters in the Packet Filter screen. See Chapter 12 on page 219 for more details. Click this to return to the previous screen without saving. 112 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 113
and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site. By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, P-660HW-Tx v3 Series User's Guide 113 - ZyXEL P-660HW-T1 v3 | User Guide - Page 114
Virtual Circuit) to the Internet Service Provider's (ISP) DSLAM (Digital Subscriber Line (DSL) Access Multiplexer). Please refer to RFC agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc. VC-based multiplexing may be 660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 115
offers flatrate service or you need a constant connection and the cost is of no concern. 6.4.6 NAT NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing P-660HW-Tx v3 Series User's Guide 115 - ZyXEL P-660HW-T1 v3 | User Guide - Page 116
Chapter 6 WAN Setup packet, used within one network to a different IP address known within another network. 6.5 Traffic Shaping can be sent at the PCR again. If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate. The - ZyXEL P-660HW-T1 v3 | User Guide - Page 117
tolerate delay). CBR is used for connections that continuously require a specific amount of bandwidth. A PCR is specified and if traffic exceeds this requirement varies in proportion to the video image's changing dynamics. The VBR-nRT (non real-time Variable 660HW-Tx v3 Series User's Guide 117 - ZyXEL P-660HW-T1 v3 | User Guide - Page 118
Chapter 6 WAN Setup 118 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 119
. • Use the Client List screen (Section 7.4 on page 126) to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. • Use the IP Alias screen (Section 7.5 on page 127) to change your ZyXEL Device's IP alias settings. P-660HW-Tx v3 Series User's Guide 119 - ZyXEL P-660HW-T1 v3 | User Guide - Page 120
Dynamic Host Configuration Protocol) server can assign your ZyXEL Device an IP address, subnet IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a networking device before you can access it. 120 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 121
mask into the IP Subnet Mask field. Unless instructed otherwise it is best to leave this alone, the configurator will automatically compute a subnet mask based upon the IP address you entered. 3 Click Apply to save your settings. Figure 38 Network > LAN > IP P-660HW-Tx v3 Series User's Guide 121 - ZyXEL P-660HW-T1 v3 | User Guide - Page 122
(factory default). Your ZyXEL Device automatically computes the subnet mask based on the IP Address you enter, so do not change this field unless you are instructed to do so. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. Advanced Setup Click - ZyXEL P-660HW-T1 v3 | User Guide - Page 123
. The ZyXEL Device supports IGMP-v1, IGMP-v2 and IGMP-v3. Select None to disable it. Any IP Setup Select the Active check box to enable the Any IP feature. This allows a computer to access the Internet via the ZyXEL Device without changing the network settings (such as IP address and subnet mask - ZyXEL P-660HW-T1 v3 | User Guide - Page 124
saved settings. 7.3 The DHCP Setup Screen Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Click Network > DHCP Setup to open this screen. Figure 40 Network > LAN > DHCP Setup 124 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 125
computers must have their DNS server addresses manually configured. If you do not configure a DNS server, you must know the IP address of a computer in order to access it. Click this to save your changes. Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide 125 - ZyXEL P-660HW-T1 v3 | User Guide - Page 126
Chapter 7 LAN Setup 7.4 The Client List Screen This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six - ZyXEL P-660HW-T1 v3 | User Guide - Page 127
to have the ZyXEL Device always assign the selected entry(ies)'s IP address(es) to the corresponding MAC address(es) (and host name(s)). You can select up to 10 entries in this table. Modify Click the modify icon to have the IP address field editable and change it. Apply Click this to save your - ZyXEL P-660HW-T1 v3 | User Guide - Page 128
Setup 7.5.1 Configuring the LAN IP Alias Screen Use this screen to change your ZyXEL Device's IP alias settings. Click Network > LAN > IP Alias to open the following screen. Figure 43 Network > LAN > IP Alias 128 The following table describes the labels in this screen. Table 28 Network > LAN > IP - ZyXEL P-660HW-T1 v3 | User Guide - Page 129
The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 44 LAN and WAN IP Addresses LAN WAN P-660HW-Tx v3 Series User's Guide 129 - ZyXEL P-660HW-T1 v3 | User Guide - Page 130
clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. IP Pool Setup The ZyXEL Device is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool). See the product specifications in the appendices. Do - ZyXEL P-660HW-T1 v3 | User Guide - Page 131
assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 - 10.255.255.255 • 172.16.0.0 - 172.31.255.255 P-660HW-Tx v3 Series User's Guide 131 - ZyXEL P-660HW-T1 v3 | User Guide - Page 132
Chapter 7 LAN Setup • 192.168.0.0 - 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your - ZyXEL P-660HW-T1 v3 | User Guide - Page 133
may need to manually configure the network settings of the computer every time you want to access the Internet via the ZyXEL Device. With the Any IP feature and NAT enabled, the ZyXEL Device allows a computer to access the Internet without changing the network settings (such as IP address and subnet - ZyXEL P-660HW-T1 v3 | User Guide - Page 134
the ZyXEL Device) by looking at the MAC address in its ARP table. 2 When the computer cannot locate the default gateway, an ARP request is broadcast on the LAN. 3 The ZyXEL Device receives the ARP request and replies to the computer with its own MAC address. 134 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 135
updates the MAC address for the default gateway to the ARP table. Once the ARP table is updated, the computer is able to access the Internet through the ZyXEL Device. 5 When the ZyXEL Device receives packets from the computer, it creates an entry in the IP routing table so it can properly forward - ZyXEL P-660HW-T1 v3 | User Guide - Page 136
Chapter 7 LAN Setup 136 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 137
up wireless security, configure the MAC filter, and make other basic configuration changes. • Use the bridge with other ZyXEL access points. • Use the Scheduling screen (see Section 8.7 on page 155) to configure the dates/times to enable or disable the wireless LAN. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 138
"service set identifier" is the network's name. This helps you identify your wireless network when wireless networks' coverage areas overlap and you have a variety of networks to choose from. MAC Address Filter Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address - ZyXEL P-660HW-T1 v3 | User Guide - Page 139
do. If you do not want to configure advanced options, leave them as they are. 8.2 The AP Screen Use this screen to configure the wireless settings of your ZyXEL Device. Click Network > Wireless LAN to open the AP screen. Figure 46 Network > Wireless LAN > AP P-660HW-Tx v3 Series User's Guide 139 - ZyXEL P-660HW-T1 v3 | User Guide - Page 140
This shows whether the wireless devices with the MAC addresses listed are allowed or denied to access the ZyXEL Device using this SSID. Click this to go to the MAC Filter screen to configure MAC filter settings. See Section 8.2.6 on page 147 for more details. 140 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 141
QoS. Select Default to have the ZyXEL Device automatically give traffic a priority level according to the ToS value in the IP header of packets it sends. Wifi MultiMedia Quality of Service (WMM QoS Security Mode Choose No Security from the drop-down list box. P-660HW-Tx v3 Series User's Guide 141 - ZyXEL P-660HW-T1 v3 | User Guide - Page 142
configure and enable WEP encryption. Click Network > Wireless LAN to display the AP screen. Select Static WEP from the Security Mode support it, or use WPA or WPA2 if your wireless devices support it and you have a RADIUS server. If your wireless devices support If you want to manually set the WEP key - ZyXEL P-660HW-T1 v3 | User Guide - Page 143
to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). Note: If wireless station authentication is done using a RADIUS server, the reauthentication timer on the RADIUS server has priority. P-660HW-Tx v3 Series User's Guide 143 - ZyXEL P-660HW-T1 v3 | User Guide - Page 144
(2) Authentication Use this screen to configure and enable WPA or WPA2 authentication. Click the Wireless LAN link under Network to display the AP screen. Select WPA, WPA2 or WPAMixed from the Security Mode list. Figure 50 Network > Wireless LAN > AP: WPA(2) 144 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 145
IP address of the external authentication server in dotted decimal notation. Port Number Enter the port number of the external authentication server. You need not change this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password - ZyXEL P-660HW-T1 v3 | User Guide - Page 146
one of the following Maximum, Middle or Minimum. Preamble Select a preamble type from the drop-down list menu. Choices are Long, Short or Dynamic. The default setting is Long. See the appendix for more information. 146 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 147
: Advanced Setup LABEL DESCRIPTION 802.11 Mode Select 802 MAC Filter Use this screen to change your ZyXEL Device's MAC filter settings. Click the Edit button in the AP screen. The screen appears as shown. Figure 52 Network > Wireless LAN > AP: MAC Address Filter P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 148
saved settings. 8.3 The More AP Screen This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the ZyXEL Device. Click Network > Wireless LAN > More AP. The following screen displays. Figure 53 Network > Wireless LAN > More AP 148 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 149
changes. Click this to restore your previously saved settings. 8.3.1 More AP Edit Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the More AP screen. The following screen displays. Figure 54 Network > Wireless LAN > More AP: Edit P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 150
wireless devices with the MAC addresses listed are allowed or denied to access the ZyXEL Device using this SSID. Click this to go to the MAC Filter screen to configure MAC filter settings. See Section 8.2.6 on page 147 for more details. This shows whether QoS (Quality of Service) is activated or the - ZyXEL P-660HW-T1 v3 | User Guide - Page 151
settings also appear in the screen. This displays Unconfigured if WPS is disabled and there is no wireless or wireless security changes on the ZyXEL Device or you click Release_Configuration to remove the configured wireless and wireless security settings. P-660HW-Tx v3 Series User's Guide 151 - ZyXEL P-660HW-T1 v3 | User Guide - Page 152
The WPS Station Screen Use this screen to set up a WPS wireless network using either Push Button Configuration (PBC) or PIN Configuration. Click Network > Wireless LAN > WPS Station. The following screen displays. Figure 56 Network > Wireless LAN > WPS Station 152 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 153
between the ZyXEL Device and any wireless clients. Note: At the time of writing, WDS is compatible with other ZyXEL APs only. Not all models support WDS links. Check your other AP's documentation. P-660HW-Tx v3 Series User's Guide 153 - ZyXEL P-660HW-T1 v3 | User Guide - Page 154
MAC address format (six hexadecimal character pairs, for example 12:34:56:78:9a:bc). Enter a Pre-Shared Key (PSK) from 8 to 63 case-sensitive ASCII characters (including spaces and symbols). Click this to save your changes. Click this to restore your previously saved settings. 154 P-660HW-Tx v3 - ZyXEL P-660HW-T1 v3 | User Guide - Page 155
range from 12:00 to 23:00, the wireless LAN will be turned on only during this time period. Apply Click this to save your changes. Reset Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide 155 - ZyXEL P-660HW-T1 v3 | User Guide - Page 156
points. • An "ad-hoc" type of network is one in which there is no access point. Wireless clients connect to one another in order to exchange information. The following figure provides an example of a wireless network. Figure 59 Example of a Wireless Network 156 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 157
network, devices A and B use the access point (AP) to interact with the other devices Service Set IDentifier. • If two wireless networks overlap, they should use a different channel. Like radio stations or television channels, each wireless network uses a specific 660HW-Tx v3 Series User's Guide 157 - ZyXEL P-660HW-T1 v3 | User Guide - Page 158
password, or a "key" phrase) can access the network. Second, they encrypt. This means that the information sent over the air is encoded. Only people with the code key can understand the information, and only people who have been authenticated are given the code key. 158 P-660HW-Tx v3 Series User - ZyXEL P-660HW-T1 v3 | User Guide - Page 159
passwords Point change the default MAC Address Filter Every device that can use a wireless network has a unique identification number, called a MAC address.1 A MAC address MAC addresses. 2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 160
LAN You can use the MAC address filter to tell the ZyXEL Device which device in the wireless network has to support IEEE 802.1x to do this. For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is WPA2 160 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 161
A only supports WEP, and device B supports WEP and microwaves. Problems with access point (AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is disabled, wireless station A and B can access the wired network P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 162
Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously. You can then assign varying QoS priorities and/or security modes to replace but rather be used in conjunction with 802.1x security. 162 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 163
supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually - ZyXEL P-660HW-T1 v3 | User Guide - Page 164
(usually the Access Point or wireless router). Then, when WPS is activated on the first device, it presents its PIN to the second device. If the PIN matches, one device sends the network and security information to the other, allowing it to join the network. 164 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 165
to set up a WPS connection between an access point or wireless router (referred to here as the AP) and a client device using the PIN method. 1 Ensure WPS is enabled on both devices. 2 Access the WPS section of the AP's configuration interface. See the device's User's Guide for how to do this. 3 Look - ZyXEL P-660HW-T1 v3 | User Guide - Page 166
Works When two WPS-enabled devices connect, each device must assume a specific role. One device acts as the registrar (the device that supplies the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is already part of a network, it sends - ZyXEL P-660HW-T1 v3 | User Guide - Page 167
WPS connections, but a configured access point can no longer act as enrollee. It will be the registrar in all subsequent WPS connections in which it is involved. If you want a configured AP to act as an enrollee, you must reset it to its factory defaults. P-660HW-Tx v3 Series User's Guide 167 - ZyXEL P-660HW-T1 v3 | User Guide - Page 168
: Example Network Step 2 EXISTING CONNECTION REGISTRAR CLIENT 1 ENROLLEE SECURITY INFO AP1 CLIENT 2 In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access 168 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 169
configuration interface of the registrar device to discover the key the network is using (if the device supports this feature). Then, you can enter the key into the non-WPS device and join the network as normal (the non-WPS device must also support WPA-PSK or WPA2-PSK). P-660HW-Tx v3 Series User - ZyXEL P-660HW-T1 v3 | User Guide - Page 170
device must still associate with the access point to gain access to the network. Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. 170 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 171
) to configure the NAT setup settings. • Use the Port Forwarding screen (Section 9.3 on page 174) to configure forward incoming service requests to the server(s) on your local network. • Use the Address Mapping screen (Section 9.4 on page 178) to change your ZyXEL Device's address mapping settings - ZyXEL P-660HW-T1 v3 | User Guide - Page 172
Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device. Finding Out More See Section 9.6 on page 181 for advanced technical information on NAT. 172 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 173
for your ZyXEL Device. Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device. Max NAT/ Firewall Session Per User When computers use peer to peer applications, such as file sharing applications, they need to establish NAT sessions. If you do - ZyXEL P-660HW-T1 v3 | User Guide - Page 174
address. A default server receives packets from ports that are not specified in this screen. Note: If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. 174 P-660HW-Tx v3 Series User - ZyXEL P-660HW-T1 v3 | User Guide - Page 175
IP Address assigned by ISP 9.3.1 Configuring the Port Forwarding Screen Click Network > NAT > Port Forwarding to open the following screen. See Appendix E on page 411 for port numbers commonly used for particular services. Figure 69 Network > NAT > Port Forwarding P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 176
NAT > Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP address, the - ZyXEL P-660HW-T1 v3 | User Guide - Page 177
that begins with the port number in the Start Port field above. Enter the inside IP address of the server here. Click this to return to the previous screen without saving. Click this to save your changes. Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide 177 - ZyXEL P-660HW-T1 v3 | User Guide - Page 178
address. This field is N/A for One-to-one and Server mapping types. Global Start IP This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. You can only do this for Many-to-One and Server mapping types. 178 P-660HW-Tx v3 Series User - ZyXEL P-660HW-T1 v3 | User Guide - Page 179
Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only - ZyXEL P-660HW-T1 v3 | User Guide - Page 180
that port numbers do not change for One-to-one NAT mapping type. Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only - ZyXEL P-660HW-T1 v3 | User Guide - Page 181
with portforwarding and address-mapping rules. Apply Click this to save your changes. Reset Click this to restore IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 182
firewall protection. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT). 182 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 183
168.1.12 SA 192.168.1.10 NAT Table Inside Local IP Address 192.168.1.10 192.168.1.11 192.168.1.12 192.168.1.13 Inside Global IP Address IGA 1 IGA 2 IGA 3 IGA 4 SA IGA1 WAN Inside Local Address (ILA) 192.168.1.11 192.168.1.10 Inside Global Address (IGA) P-660HW-Tx v3 Series User's Guide 183 - ZyXEL P-660HW-T1 v3 | User Guide - Page 184
-Many No Overload: In Many-to-Many No Overload mode, the ZyXEL Device maps each local IP address to a unique global IP address. • Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. 184 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 185
Address Translation (NAT) Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types. Table 51 NAT Mapping Types TYPE IP Server 1 IPÅÆ IGA1 Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 P-660HW-Tx v3 Series User's Guide 185 - ZyXEL P-660HW-T1 v3 | User Guide - Page 186
Chapter 9 Network Address Translation (NAT) 186 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 187
PART IV Security Firewalls (189) Content Filtering (211) Packet Filter (219) Certificates (229) 187 - ZyXEL P-660HW-T1 v3 | User Guide - Page 188
188 - ZyXEL P-660HW-T1 v3 | User Guide - Page 189
on the ZyXEL Device, and set the default action that the firewall takes on packets that do not match any of the firewall rules. • Use the Rules screen (Section 10.3 on page 196) to view the configured firewall rules and add, edit or remove a firewall rule. P-660HW-Tx v3 Series User's Guide 189 - ZyXEL P-660HW-T1 v3 | User Guide - Page 190
values, or you can change them to values more suitable to your security requirements. Finding Out More • See Section 10.1.3 on page 191 for an example of setting up a firewall. • See Section 10.5 on page 205 for advanced technical information on firewall. 190 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 191
your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8. 4 Click Add to display the firewall rule configuration screen. 5 In the Edit Rule screen, click the Edit Customized Services link to open the Customized Service screen. P-660HW-Tx v3 Series User's Guide 191 - ZyXEL P-660HW-T1 v3 | User Guide - Page 192
the screen as follows and click Apply. Edit Custom Port Example 7 Select Any in the Destination Address List box and then click Delete. 8 Configure the destination address screen as follows and click Add. Firewall Example: Edit Rule: Destination Address 192 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 193
and Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an "*" before their names in the Services list box and the Rules list box. Firewall Example: Edit Rule: Select Customized Services P-660HW-Tx v3 Series User's Guide 193 - ZyXEL P-660HW-T1 v3 | User Guide - Page 194
IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Firewall Example: Rules: MyService 10.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 77 Security > Firewall > General 194 P-660HW-Tx v3 Series - ZyXEL P-660HW-T1 v3 | User Guide - Page 195
do not match any of your customized rules. Click this to display more information. Click this to display less information. Click this to save your changes. Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide 195 - ZyXEL P-660HW-T1 v3 | User Guide - Page 196
packets for which you want to configure firewall rules. Create a new IP This drop-down list box displays the source addresses or ranges of addresses to which this firewall rule applies. Please note that a blank source or destination address is equivalent to Any. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 197
note that a blank source or destination address is equivalent to Any. Service This drop-down list box displays the services to which this firewall rule applies. See . Click this to save your changes. Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide 197 - ZyXEL P-660HW-T1 v3 | User Guide - Page 198
this screen to configure firewall rules. In the Rules screen, select an index number and click Add or click a rule's Edit icon to display this screen and refer to the following table for information on the labels. Figure 79 Security > Firewall > Rules: Edit 198 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 199
This field determines if a log for packets that match the rule is created Information or not. Go to the Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert P-660HW-Tx v3 Series User's Guide 199 - ZyXEL P-660HW-T1 v3 | User Guide - Page 200
customized service. Protocol This shows the IP protocol (TCP, UDP or TCP/UDP) that defines your customized service. Port This is the port number or range that defines your customized service. Back Click this to return to the Firewall Edit Rule screen. 200 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 201
that define your customized service. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. Delete Click this to delete the current rule. P-660HW-Tx v3 Series User's Guide 201 - ZyXEL P-660HW-T1 v3 | User Guide - Page 202
Values If everything is working properly, you probably do not need to change the threshold settings as the default threshold values should work for most small offices. Tune these parameters when CPU power of servers in your LAN network. 4 Network bandwidth. 202 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 203
ZyXEL Device may classify them as DoS attacks. 10.4.2 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP > Firewall > Threshold LABEL DESCRIPTION Denial of Service Thresholds The ZyXEL Device measures both the total number P-660HW-Tx v3 Series User's Guide 203 - ZyXEL P-660HW-T1 v3 | User Guide - Page 204
with the same destination host IP address that causes the firewall to start dropping half-open sessions to that same destination host IP address. Enter a number between 1 Click this to save your changes. Click this to restore your previously saved settings. 204 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 205
LAN These rules specify which computers on the WAN can access which computers or services on the LAN. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow computers on the WAN to access devices on the LAN. P-660HW-Tx v3 Series User's Guide 205 - ZyXEL P-660HW-T1 v3 | User Guide - Page 206
services to communicate only with specific peers, and protect by configuring rules to block packets for the services at specific interfaces. 11 Protect against IP spoofing by making sure the firewall is active. 12 Keep the firewall in a secured (locked) room. 206 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 207
you configure them. Consider these security ramifications before creating a rule: 1 Does this rule stop LAN users from accessing critical resources on the Internet? For example, if IRC is blocked, are there users that require this service? 2 Is it possible to modify the rule to be more specific - ZyXEL P-660HW-T1 v3 | User Guide - Page 208
solution is to use IP alias. IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your ZyXEL Device supports up to three logical LAN interfaces with the ZyXEL Device being the gateway for each logical network. 208 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 209
like having multiple LAN networks that actually use the same physical cables and ports. By putting your LAN and Gateway A in different subnets, all returning on the LAN in Subnet 1. Figure 86 IP Alias LAN 1 4 Subnet 1 WAN ISP 1 2 3 Subnet 2 ISP 2 A P-660HW-Tx v3 Series User's Guide 209 - ZyXEL P-660HW-T1 v3 | User Guide - Page 210
Chapter 10 Firewalls 210 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 211
type in the address bar of your Internet browser, for example "http://www.zyxel.com". 11.1.3 Before You Begin To use the Trusted screen, you need the IP addresses of devices on your network. See the LAN section (Section 11.4 on page 216) for more information. P-660HW-Tx v3 Series User's Guide 211 - ZyXEL P-660HW-T1 v3 | User Guide - Page 212
filtering on a home network in order to limit his children's access to certain web sites. In the following example, all URLs containing the word 'bad' are blocked. 1 Click Security > Content Filter Security > Content Filter > Keyword: Example 1 Click Security > Content Filter > Schedule. 2 Click Edit - ZyXEL P-660HW-T1 v3 | User Guide - Page 213
follows these steps. 1 Click Security > Content Filter > Trusted. 2 In the Start IP Address and End IP Address fields, type 192.168.1.3. 3 Click Apply. Security > Content Filter > Trusted: Example That finishes setting up keyword blocking on the home computer. P-660HW-Tx v3 Series User's Guide 213 - ZyXEL P-660HW-T1 v3 | User Guide - Page 214
Filtering > Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature. Block Websites that This box contains the list of all the keywords that you have contain these keywords configured ). Wildcards are not allowed. 214 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 215
saved settings. 11.3 The Schedule Screen Use this screen to set the days and times for the ZyXEL Device to perform content filtering. Click Security > Content Filter > Schedule. The screen appears as shown. Figure 88 Security > Content Filter > Schedule P-660HW-Tx v3 Series User's Guide 215 - ZyXEL P-660HW-T1 v3 | User Guide - Page 216
the LAN that you want to exclude from content filtering. End IP Address Type the ending IP address of a specific range of users on your LAN that you want to exclude from content filtering. Leave this field blank if you want to exclude an individual computer. 216 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 217
Chapter 11 Content Filtering Table 60 Security > Content Filter: Trusted (continued) LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide 217 - ZyXEL P-660HW-T1 v3 | User Guide - Page 218
Chapter 11 Content Filtering 218 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 219
particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. Finding Out More See Section 12.3 on page 226 for technical background information on packet filters. P-660HW-Tx v3 Series User's Guide 219 - ZyXEL P-660HW-T1 v3 | User Guide - Page 220
while generic filter rules allow filtering of non-IP packets. Click the Edit button to configure a filter set. Apply Cancel Click the Remove button to delete a filter set. Click this to save your changes. Click this to restore your previously saved settings. 220 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 221
IP address. Modify Click the Edit icon to configure a filter rule. Back Apply Cancel Click the Remove icon to delete a filter rule. Click this to return to the previous screen without saving. Click this to save your changes. Click this to restore your previously saved settings. P-660HW-Tx v3 - ZyXEL P-660HW-T1 v3 | User Guide - Page 222
it is 0.0.0.0. Destination Subnet Netmask Enter the IP subnet mask for the destination IP address. Destination Port Enter the destination port of the packets that you wish to filter. The range of this field is 0 to 65535. This field is ignored if it is 0. 222 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 223
you to filter non-IP packets. For IP packets, it is generally easier to use the IP rules directly. For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the P-660HW-Tx v3 Series User's Guide 223 - ZyXEL P-660HW-T1 v3 | User Guide - Page 224
the Edit icon to configure a filter rule. Back Apply Cancel Click the Remove icon to delete a filter rule. Click this to return to the previous screen without saving. Click this to save your changes. Click this to restore your previously saved settings. 224 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 225
comparison. Value Enter the value (in hexadecimal notation) to compare with the data portion. More Select Yes to pass a matching packet to the next filter rule before an action is taken. Select No to act upon the packet according to the action fields. P-660HW-Tx v3 Series User's Guide 225 - ZyXEL P-660HW-T1 v3 | User Guide - Page 226
filters to the "native" IP address and port number before NAT for outgoing packets and after NAT for incoming packets. On the other hand, the generic filters are applied to the raw packets that appear on the wire. They are applied at the point when the ZyXEL Device is 226 P-660HW-Tx v3 Series User - ZyXEL P-660HW-T1 v3 | User Guide - Page 227
can be complex to configure and maintain, especially if you need a chain of rules to filter a service. • Packet filtering only checks the header portion of an IP packet. When To Use Filtering 1 To block/allow LAN packets by their MAC addresses. 2 To block/allow special IP packets which are neither - ZyXEL P-660HW-T1 v3 | User Guide - Page 228
. 5 Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. 6 The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. 228 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 229
the ZyXEL Device (Z) checks the identity of the notebook (A) using a certificate before granting it access to the network. 13.1.1 What You Can Do in the Certificates Screens Use the Trusted CAs Device to generate certification requests that contain identifying P-660HW-Tx v3 Series User's Guide 229 - ZyXEL P-660HW-T1 v3 | User Guide - Page 230
any certificate that is signed by one of these certification authorities. Click Security > Certificates to open the Trusted CAs screen. Figure 97 Trusted CAs 230 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 231
certificate of a certification authority that you trust, from your computer to the ZyXEL Device. Click this to display the current validity status of the certificates. P-660HW-Tx v3 Series User's Guide 231 - ZyXEL P-660HW-T1 v3 | User Guide - Page 232
CA Import Follow the instructions in this screen to save upload. Back Click this to return to the previous screen without saving. Apply Click this to save the certificate on the ZyXEL Device. Cancel Click this to restore your previously saved settings. 232 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 233
Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may ITU-T X.509 recommendation that defines the formats for public-key certificates. P-660HW-Tx v3 Series User's Guide 233 - ZyXEL P-660HW-T1 v3 | User Guide - Page 234
You can only change the name and/or set whether or not you want the ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority. Click this to restore your previously saved settings. 234 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 235
use in authentication. The ZyXEL Device uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing or by someone else. This process works as follows. P-660HW-Tx v3 Series User's Guide 235 - ZyXEL P-660HW-T1 v3 | User Guide - Page 236
with Tim's private key). 5 Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny's public key to verify the message. 236 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 237
PART V Advanced Static Route (239) 802.1Q/1P (243) Quality of Service (QoS) (253) Dynamic DNS Setup (269) Remote Management (273) Universal Plug-and-Play (UPnP) (281) 237 - ZyXEL P-660HW-T1 v3 | User Guide - Page 238
238 - ZyXEL P-660HW-T1 v3 | User Guide - Page 239
traffic from A to the Internet through the ZyXEL Device's default gateway (R1). You create one static route to connect to services offered by your ISP behind router R2. You create 14.2 on page 240) to view and configure IP static routes on the ZyXEL Device. P-660HW-Tx v3 Series User's Guide 239 - ZyXEL P-660HW-T1 v3 | User Guide - Page 240
IP address of the gateway. The gateway is a router or switch on the same network segment as the device's LAN or WAN port. The gateway helps forward packets to their destinations. This parameter specifies the IP you to confirm that you want to delete the route. 240 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 241
changes. Cancel Click this to restore your previously saved settings. 14.2.1 Static Route Edit Use this screen to configure IP Subnet Mask Enter the IP subnet mask here. Gateway Type Use either Gateway Address or Gateway Node to configure a static route. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 242
remote node is your connection to your ISP. See Section 6.3 on page 107 for details on configuring a remote node. Click this to return to the previous screen without saving. Click this to save your changes. Click this to restore your previously saved settings. 242 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 243
each port. 15.1.2 What You Need to Know About 802.1Q/1P IEEE 802.1P Priority IEEE 802.1P specifies the user priority field and defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. P-660HW-Tx v3 Series User's Guide 243 - ZyXEL P-660HW-T1 v3 | User Guide - Page 244
port on a per-VLAN, per-port basis (recall that a port can belong to multiple VLANs). If the tagging on the egress port is enabled for the VID of a frame, then the frame is transmitted as a tagged frame; otherwise, it is transmitted as an untagged frame. 244 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 245
group these ports into one VLAN (VLAN2) and then to a PVC (PVC1) where the priority is set to high level of service. You would Default Gateway drop-down list box. 5 In the Control field, select Fixed for LAN1, LAN2 and PVC1 to be permanent members of the VLAN group. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 246
Apply. Advanced > 802.1Q/1P > Group Setting > Edit: Example To set a high priority for VoIP traffic, follow these steps. 1 Click Advanced > 802.1Q/1P > Port Setting to display the following screen. 2 Type 2 in the 802.1Q PVID column for LAN1, LAN2 and PVC1. 3 Select 7 from the 802.1P Priority drop - ZyXEL P-660HW-T1 v3 | User Guide - Page 247
priority is set to low level of service. SSID1 and SSID2 are two wireless networks. You want to create medium priority for this type of traffic, so you want to group these ports and PVC3 into one VLAN (VLAN4). PVC3 priority is set to medium level of service. P-660HW-Tx v3 Series User's Guide 247 - ZyXEL P-660HW-T1 v3 | User Guide - Page 248
Chapter 15 802.1Q/1P Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4. The summary screen should then display as follows. Advanced > 802.1Q/1P > Group Setting: Example This completes the 802.1Q/1P setup. 248 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 249
of a VLAN group. All interfaces (ports, SSIDs and ID PVCs) are in the management VLAN by default. If you disable the management VLAN, you will not be able to access the ZyXEL Device. Summary # This field displays the index number of the VLAN group. P-660HW-Tx v3 Series User's Guide 249 - ZyXEL P-660HW-T1 v3 | User Guide - Page 250
15.2.1 Editing 802.1Q/1P Group Setting Use this screen to configure the settings for each VLAN group. In the 802.1Q/1P screen, click the Edit button from the Modify filed to display the following screen. Figure 105 Advanced > 802.1Q/1P > Group Setting > Edit 250 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 251
. Default Gateway Select the default gateway for the VLAN group. Ports This field displays the types of ports available to join the VLAN group. Control Select Fixed for the port to save your changes. Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide 251 - ZyXEL P-660HW-T1 v3 | User Guide - Page 252
modify the priority. You may choose a priority level from 0-7, with 0 being the lowest level and 7 being the highest level. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 253
priority and define actions to be performed for a classified traffic flow. • Use the Monitor screen (Section 16.4 on page 265) to view the ZyXEL Device's QoS-related packet statistics. P-660HW-Tx v3 Series User's Guide 253 - ZyXEL P-660HW-T1 v3 | User Guide - Page 254
bit Type of Service (ToS) field in the IP header. Tagging and Marking In a QoS class, you can configure whether to add or change the DiffServ Code Point (DSCP) value, boss's IP address (192.168.1.23 for example) is mapped to queue 5. Traffic that does not match 254 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 255
16 Quality of Service (QoS) these two classes are assigned priority queue based on the internal QoS mapping table on the ZyXEL Device. Figure 107 QoS Example VoIP: Queue 6 Boss: Queue 5 IP=192.168.1.23 DSL 50 Mbps Figure 108 QoS Class Example: VoIP -1 P-660HW-Tx v3 Series User's Guide 255 - ZyXEL P-660HW-T1 v3 | User Guide - Page 256
Chapter 16 Quality of Service (QoS) Figure 109 QoS Class Example: VoIP -2 Figure 110 QoS Class Example: Boss -1 256 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 257
Figure 111 QoS Class Example: Boss -2 Chapter 16 Quality of Service (QoS) P-660HW-Tx v3 Series User's Guide 257 - ZyXEL P-660HW-T1 v3 | User Guide - Page 258
QoS to improve your network performance. You can give priority to traffic that the ZyXEL Device forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly. Similarly, give low priority to many large file downloads P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 259
port number or incoming interface. For example, you can configure a classifier to select traffic from the same protocol port (such as Telnet) to form a flow. Click Advanced > QoS > Class Setup to open the following screen. Figure 113 Advanced > QoS > Class Setup P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 260
Service (QoS) The following table describes the labels in this screen. Table 75 Advanced > QoS > Class Setup to traffic of this classifier. Filter Content This shows criteria specified in changes. Click this to restore your previously saved settings. 260 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 261
Chapter 16 Quality of Service (QoS) 16.3.1 The Class Configuration Screen Use this screen to configure a classifier. Click the Add button or the Edit icon in the Modify field to display the following screen. Figure 114 Advanced > QoS > Class Setup: Edit P-660HW-Tx v3 Series User's Guide 261 - ZyXEL P-660HW-T1 v3 | User Guide - Page 262
down one. Tag Configuration DSCP Value Select Same to keep the DSCP fields in the packets. Select Auto to map the DSCP value to 802.1 priority level automatically. Select Mark to set the DSCP field with the value you configure in the field provided. 262 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 263
on IP subnetting. Select the check box and enter the port number of the destination.0 means any source port number. See Appendix E on page 411 for some common services and port numbers. Select the check box and enter the destination MAC address of the packet. P-660HW-Tx v3 Series User's Guide 263 - ZyXEL P-660HW-T1 v3 | User Guide - Page 264
> QoS > Class Setup: Edit (continued) LABEL DESCRIPTION MAC Mask Type the mask for the specified MAC address to determine which bits a packet's MAC address should match. Exclude Others Service Enter "f" for each bit of the specified destination MAC address that the traffic's MAC address should - ZyXEL P-660HW-T1 v3 | User Guide - Page 265
Service (QoS) 16.4 The QoS Monitor Screen Use this screen to view the ZyXEL Device's QoS packet statistics. Click Advanced > QoS > Monitor. The screen appears as shown. Figure 115 Advanced > QoS Poll Interval(s) field. Click this to stop refreshing statistics. P-660HW-Tx v3 Series User's Guide 265 - ZyXEL P-660HW-T1 v3 | User Guide - Page 266
in a layer-3 network. IP precedence uses three bits of the eightbit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest. 266 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 267
, IP precedence and/or packet length to assign priority to traffic which does not match a class. The following table shows you the internal layer-2 and layer-3 QoS mapping on the ZyXEL Device. On the ZyXEL Device, traffic assigned to higher priority queues P-660HW-Tx v3 Series User's Guide 267 - ZyXEL P-660HW-T1 v3 | User Guide - Page 268
16 Quality of Service (QoS) gets through faster while traffic in lower index queues is dropped if the network is congested. Table 79 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3 PRIORITY QUEUE 0 1 2 3 IEEE 802.1P USER PRIORITY (ETHERNET PRIORITY) 1 2 0 3 TOS (IP PRECEDENCE) DSCP - ZyXEL P-660HW-T1 v3 | User Guide - Page 269
CHAPTER 17 Dynamic DNS Setup 17.1 Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CUSeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name ( - ZyXEL P-660HW-T1 v3 | User Guide - Page 270
service provider. Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. User Name Password You can specify up to two host names in the field separated by a comma (","). Type your user name. Type the password assigned to you. 270 P-660HW-Tx v3 Series User - ZyXEL P-660HW-T1 v3 | User Guide - Page 271
IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS server. Type the IP address of the host name(s). Use this if you have a static IP address. Click this to save your changes. Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 272
Chapter 17 Dynamic DNS Setup 272 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 273
WAN, you still need to configure a firewall rule to allow access. You may manage your ZyXEL Device from a remote location via: • Internet (WAN only) • LAN only • WLAN only • LAN and WAN • LAN and WLAN • WLAN and WAN • ALL (WAN, LAN and WLAN) • None (Disable) P-660HW-Tx v3 Series User's Guide 273 - ZyXEL P-660HW-T1 v3 | User Guide - Page 274
(Section 18.4 on page 277) to configure through which interface(s) and from which IP address(es) users can use FTP to access the ZyXEL Device. • Use the DNS screen (Section 18.5 on page 278) to configure through which interface(s) and from which IP address(es) users can send DNS queries to the ZyXEL - ZyXEL P-660HW-T1 v3 | User Guide - Page 275
: If you disable the WWW service in the Remote MGMT > WWW screen, then the ZyXEL Device blocks all HTTP connection attempts. 18.2.1 Configuring the WWW Screen Click Advanced > Remote MGMT to display the WWW screen. Figure 118 Advanced > Remote Management > WWW P-660HW-Tx v3 Series User's Guide 275 - ZyXEL P-660HW-T1 v3 | User Guide - Page 276
to access the ZyXEL Device's command line interface. Specify which interfaces allow Telnet access and from which IP address the access can come. Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. Figure 119 Advanced > Remote Management > Telnet 276 P-660HW-Tx v3 Series User - ZyXEL P-660HW-T1 v3 | User Guide - Page 277
the IP address that you specify to access the ZyXEL Device using this service. Click this to save your changes. Click this to restore your previously saved settings. 18.4 The FTP Screen You can use FTP (File Transfer Protocol) to upload and download the ZyXEL Device's firmware and configuration - ZyXEL P-660HW-T1 v3 | User Guide - Page 278
interface it can send them your ZyXEL Device's DNS settings. This feature is not available when the ZyXEL Device is set to bridge mode. Click Advanced > Remote MGMT > DNS to change your ZyXEL Device's DNS settings. Figure 121 Advanced > Remote Management > DNS 278 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 279
ZyXEL Device when unsupported ports are probed. Note: If you want your device to respond to pings and requests for unauthorized services, you may also need to configure the firewall anti probing settings to match. Figure 122 Advanced > Remote Management > ICMP P-660HW-Tx v3 Series User's Guide 279 - ZyXEL P-660HW-T1 v3 | User Guide - Page 280
send a TCP reset packet for a blocked TCP packet (or an ICMP port-unreachable packet for a blocked UDP packets) or just drop the packets without sending a response packet. Click this to save your changes. Click this to restore your previously saved settings. 280 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 281
configure network addressing, announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following: • Dynamic port mapping • Learning public IP addresses • Assigning lease times to mappings P-660HW-Tx v3 - ZyXEL P-660HW-T1 v3 | User Guide - Page 282
and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0. See the following sections for examples of installing and using UPnP. 282 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 283
port in order to communicate with another UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 284
to install the UPnP in Windows Me. 1 Click Start and Control Panel. Double-click Add/Remove Programs. 2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication 284 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 285
Universal Plug and Play check box in the Components selection box. Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window Start and Control Panel. 2 Double-click Network Connections. P-660HW-Tx v3 Series User's Guide 285 - ZyXEL P-660HW-T1 v3 | User Guide - Page 286
and select Optional Networking Components .... Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Windows Optional Networking Components Wizard 286 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 287
Play (UPnP) 5 In the Networking Services window, select the Universal Plug and Play check box. Networking Services 6 Click OK to go back to activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover - ZyXEL P-660HW-T1 v3 | User Guide - Page 288
Chapter 19 Universal Plug-and-Play (UPnP) 2 Right-click the icon and select Properties. Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties 288 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 289
Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. P-660HW-Tx v3 Series User's Guide 289 - ZyXEL P-660HW-T1 v3 | User Guide - Page 290
finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 290 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 291
Chapter 19 Universal Plug-and-Play (UPnP) 3 Select My Network Places under Other Places. Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. P-660HW-Tx v3 Series User's Guide 291 - ZyXEL P-660HW-T1 v3 | User Guide - Page 292
UPnP) 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Network Connections: My Network Places 6 Right-click on the icon for your Device. Network Connections: My Network Places: Properties: Example 292 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 293
PART VI Maintenance System Settings (295) Logs (301) Tools (315) Diagnostic (329) 293 - ZyXEL P-660HW-T1 v3 | User Guide - Page 294
294 - ZyXEL P-660HW-T1 v3 | User Guide - Page 295
you how to configure system related settings, such as system time, password, name, the domain About System Settings DHCP DHCP (Dynamic Host Configuration Protocol) is a method of allocating IP addresses to devices on a network from a DHCP access, printers etc. P-660HW-Tx v3 Series User's Guide 295 - ZyXEL P-660HW-T1 v3 | User Guide - Page 296
The General Screen Use this screen to configure system settings such as the system and domain name, inactivity timeout interval and system password. The System Name is for identification purposes the General screen. Figure 124 Maintenance > System > General 296 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 297
you type. After you change the password, use the new password to access the ZyXEL Device. Retype to Type the new password again for confirmation. confirm Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-660HW-Tx v3 Series User's Guide 297 - ZyXEL P-660HW-T1 v3 | User Guide - Page 298
Select this radio button to enter the time and date manually. If you configure a new time and date, Time Zone and Daylight Saving at the same time, the new time and date you entered has priority and the Time Zone and Daylight Saving settings do not affect it. 298 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 299
field displays the last updated date from the time server or the last date configured manually. When you set Time and Date Setup to Manual, enter the new date since 1970/1/1 at 0:0:0. The default, NTP (RFC 1305), is similar to Time (RFC 868). Time Server Address Enter the IP address or URL (up to - ZyXEL P-660HW-T1 v3 | User Guide - Page 300
Maintenance > System > Time Setting (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable UTC (GMT+1). Click this to save your changes. Click this to restore your previously saved settings. 300 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 301
The Log Settings screen (Section 21.3 on page 303) to configure the mail server, the syslog server, when to send logs and include system errors, attacks (access control) and attempted access to blocked web sites. Some categories such as System Errors consist of 660HW-Tx v3 Series User's Guide 301 - ZyXEL P-660HW-T1 v3 | User Guide - Page 302
to the e-mail address specified in the Log specific entry. Time This field displays the time the log was recorded. Message This field states the reason for the log. Source This field lists the source IP address and the port number of the incoming packet. 302 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 303
IP address and the port number of the incoming packet. Notes This field displays additional information about the log entry. 21.3 The Log Settings Screen Use the Log Settings screen to configure the mail server, the syslog server, when to send logs and what logs to send. To change your - ZyXEL P-660HW-T1 v3 | User Guide - Page 304
drop down list box. The log facility allows you to log the messages to different files in the syslog server. Refer to the syslog server manual for more information. Active Log and Alert Log Select the categories of logs that you want to record. 304 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 305
this to restore your previously saved settings. 21.4 SMTP Error Messages If there are difficulties in sending e-mail the following error message appears. "SMTP action request failed. ret= ??". The of a log sent by e-mail. • You may edit the subject title. P-660HW-Tx v3 Series User's Guide 305 - ZyXEL P-660HW-T1 v3 | User Guide - Page 306
the router's web configurator interface. Successful TELNET login Someone has logged on to the router via telnet. TELNET login failed Someone has failed to log on to the router via telnet. Successful FTP login Someone has logged on to the router via ftp. 306 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 307
memory for the NetBIOS error filter settings. readNetBIOSFilter: calloc The router failed to allocate memory for the NetBIOS error filter settings. WAN connection is down. A WAN connection is down. You cannot access the network through this interface. P-660HW-Tx v3 Series User's Guide 307 - ZyXEL P-660HW-T1 v3 | User Guide - Page 308
sent a TCP reset packet when a dynamic firewall session timed out.Default timeout values:ICMP idle timeout (s): 60UDP idle timeout (s): 60TCP connection (three way handshaking) timeout (s): 30TCP FIN-wait timeout (s): 60TCP idle (established) timeout (s): 3600 308 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 309
%d, rule: %d) DESCRIPTION Attempted access matched a configured filter rule (denoted by its set and rule number) and was blocked or forwarded according to the rule. For type and code details, see Table 105 on page 312. Table 97 ICMP Logs LOG MESSAGE Firewall default policy: ICMP - ZyXEL P-660HW-T1 v3 | User Guide - Page 310
through Firewall DESCRIPTION UPnP packets can pass through the firewall. Table 101 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: block keyword The content of a requested web page matched a user defined keyword. %s The system forwarded web content. 310 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 311
RADIUS Server. User logout because of session timeout expired. DESCRIPTION A user was authenticated by the RADIUS Server. A user was not authenticated by the RADIUS Server. Please check the RADIUS Server. The router logged out a user whose session expired. P-660HW-Tx v3 Series User's Guide 311 - ZyXEL P-660HW-T1 v3 | User Guide - Page 312
0 Echo reply message 3 Destination Unreachable 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) 5 Source route failed 312 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 313
. The definition of messages and notes are defined in the various log charts throughout this appendix. The "devID" is the last three characters of the MAC address of the router's LAN port. The "cat" is the same as the category in the router's logs. P-660HW-Tx v3 Series User's Guide 313 - ZyXEL P-660HW-T1 v3 | User Guide - Page 314
Transform KE Key Exchange ID Identification CER Certificate CER_REQ Certificate Request HASH Hash SIG Signature NONCE Nonce NOTFY Notification DEL Delete VID Vendor ID 314 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 315
upload firmware to your device. • Use the Configuration screen (Section 22.3 on page 325) to backup and restore device configurations. You can also reset your device settings back to the factory default. • Use the Restart screen (Section 22.4 on page 328) to restart your ZyXEL device. P-660HW-Tx v3 - ZyXEL P-660HW-T1 v3 | User Guide - Page 316
the entire ROM file system, including your ZyXEL Device configurations, system-related data (including the default password), the error log and the trace log. *.rom Firmware Ras This is the generic name for the ZyNOS firmware on the ZyXEL Device. *.bin 316 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 317
allow access from the WAN). 2 You have disabled the FTP service in the Remote Management screen. 3 The IP you entered in the Secured Client IP field does not match the client IP. the Restore Configuration process is complete, the device automatically restarts. P-660HW-Tx v3 Series User's Guide 317 - ZyXEL P-660HW-T1 v3 | User Guide - Page 318
the firmware and the configuration files. FTP File Upload Command from the DOS Prompt Example 1 Launch the FTP client on your computer. 2 Enter "open", followed by a space and the IP address of your device. 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested (the default - ZyXEL P-660HW-T1 v3 | User Guide - Page 319
for the firmware is "ras". Note that the telnet connection must be active and the device in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For P-660HW-Tx v3 Series User's Guide 319 - ZyXEL P-660HW-T1 v3 | User Guide - Page 320
to Back Up Configuration 1 Launch the FTP client on your computer. 2 Enter "open", followed by a space and the IP address of your ZyXEL Device. 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested (the default is "1234"). 5 Enter "bin" to set transfer mode to binary - ZyXEL P-660HW-T1 v3 | User Guide - Page 321
a unique User ID and Password to login. Transfer files in either ASCII (plain text format) or in binary mode. Specify the default remote directory (path). Specify the default local directory (path). Backup Configuration Using TFTP The ZyXEL Device supports the up/downloading of the firmware and the - ZyXEL P-660HW-T1 v3 | User Guide - Page 322
.168.1.1 is the ZyXEL Device's default IP address when shipped. Send/ Fetch Use "Send" to upload the file to the ZyXEL Device and "Fetch" to back up the file on your computer. Local File Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom extension) on your - ZyXEL P-660HW-T1 v3 | User Guide - Page 323
. Table 111 Maintenance > Tools > Firmware LABEL DESCRIPTION Current Firmware Version This is the present Firmware version and the date created. File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. P-660HW-Tx v3 Series User's Guide 323 - ZyXEL P-660HW-T1 v3 | User Guide - Page 324
files before you can upload them. Upload Click this to begin the upload process. This process may take up to two minutes. After you see the Firmware Upload in Progress screen, wait , log in again and check your new firmware version in the Status screen. 324 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 325
configuration files using FTP/TFTP commands. Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next. Figure 136 Maintenance > Tools > Configuration P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 326
. Do not turn off the ZyXEL Device while configuration file upload is in progress. After you see a "restore configuration successful" screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 137 Configuration Upload Successful 326 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 327
default device IP address (192.168.1.1). See Appendix A on page 351 for details on how to set up your computer's IP address. If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 139 Configuration Upload Error P-660HW-Tx v3 - ZyXEL P-660HW-T1 v3 | User Guide - Page 328
the ZyXEL Device hangs, for example. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 142 Maintenance > Tools >Restart 328 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 329
23.3 on page 330) to view the DSL line statistics and reset the ADSL line. 23.2 The General Diagnostic Screen Use this screen to ping an IP address. Click Maintenance > Diagnostic to open the screen shown next. Figure 143 Maintenance > Diagnostic > General P-660HW-Tx v3 Series User's Guide 329 - ZyXEL P-660HW-T1 v3 | User Guide - Page 330
IP address that you entered. 23.3 The DSL Line Diagnostic Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 144 Maintenance > Diagnostic > DSL Line 330 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 331
F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network. P-660HW-Tx v3 Series User's Guide 331 - ZyXEL P-660HW-T1 v3 | User Guide - Page 332
Capture All Logs Reset ADSL Line Successfully!" Click this to display information and statistics about your ZyXEL Device's ATM statistics, DSL connection statistics, DHCP settings, firmware version, WAN and gateway IP address, VPI/VCI and LAN IP address. 332 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 333
PART VII Troubleshooting and Specifications Troubleshooting (335) Product Specifications (341) 333 - ZyXEL P-660HW-T1 v3 | User Guide - Page 334
334 - ZyXEL P-660HW-T1 v3 | User Guide - Page 335
Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access on. 5 If the problem continues, contact the vendor. - ZyXEL P-660HW-T1 v3 | User Guide - Page 336
1 The default admin password is 1234, and the default user password is user. 2 If this does not work, you have to reset the device to its factory defaults. See Section 1.6 on page 27. I cannot see or access the Login screen in the web configurator. 1 Make sure you are using the correct IP address - ZyXEL P-660HW-T1 v3 | User Guide - Page 337
Make sure you have entered the password correctly. The default admin password is 1234, and the default user password is user. The field is case-sensitive, so make sure [Caps Lock] is not on. 2 You cannot log in to the web configurator while someone is using Telnet to access the ZyXEL Device. Log out - ZyXEL P-660HW-T1 v3 | User Guide - Page 338
to reset the device to its factory defaults. See Section 24.1 on page 335. I cannot Telnet to the ZyXEL Device. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. I cannot use FTP to upload / download - ZyXEL P-660HW-T1 v3 | User Guide - Page 339
or vendor, or try one of the advanced suggestions. Advanced Suggestions • Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications. P-660HW-Tx v3 Series User's Guide 339 - ZyXEL P-660HW-T1 v3 | User Guide - Page 340
Chapter 24 Troubleshooting 340 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 341
0º C ~ 40º C Storage Temperature -20º ~ 60º C Operation Humidity 20% ~ 90% RH Storage Humidity 20% ~ 90% RH 25.2 Firmware Specifications Table 116 Firmware Specifications Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) P-660HW-Tx v3 Series User's Guide 341 - ZyXEL P-660HW-T1 v3 | User Guide - Page 342
116 Firmware Specifications (continued) Default User Password user Default Admin Password 1234 DHCP Server IP Pool 192.168.1.32 to 192.168.1.64 Static DHCP 10 Addresses Content Filtering Web page blocking by URL keyword. Static Routes 16 Device Management Use the web configurator to - ZyXEL P-660HW-T1 v3 | User Guide - Page 343
contain key words (that you specify) in the URL. You can also schedule when to perform the filtering and give trusted LAN IP addresses unfiltered Internet access. QoS (Quality of Service) You can efficiently manage traffic on your network by reserving bandwidth and giving priority to certain types - ZyXEL P-660HW-T1 v3 | User Guide - Page 344
Other Protocol Support TR-067/TR-100 PPP (Point-to-Point Protocol) link layer protocol IP routing Transparent bridging for unsupported network layer protocols RIP I/RIP II ICMP ATM QoS IP Multicasting IGMP v1, v2 and v3 IGMP Proxy Management 802.1Q/1P Embedded Web Configurator CLI (Command - ZyXEL P-660HW-T1 v3 | User Guide - Page 345
Privacy (WEP) Data Encryption 64/128/256 bit. WLAN bridge to LAN Up to 32 MAC Address filters IEEE 802.1x Store up to 32 built-in user profiles using EAP-MD5 (Local User Database) External RADIUS server using EAP-MD5, TLS, TTLS Wireless scheduling P-660HW-Tx v3 Series User's Guide 345 - ZyXEL P-660HW-T1 v3 | User Guide - Page 346
modes IEEE 802.11d Standard for Local and Metropolitan Area Networks: Media Access Control (MAC) Bridges IEEE 802.11x Port Based Network Access Control. IEEE 802.11e QoS IEEE 802.11 e Wireless LAN for Quality of Service ANSI T1 number of downstream bits. 346 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 347
Specifications Table 118 Standards Supported (continued) STANDARD DESCRIPTION Microsoft PPTP MS PPTP (Microsoft's implementation of Point to Point Tunneling Protocol) MBM v2 Media Bandwidth Management v2 RFC 2383 ST2+ over ATM Protocol Specification -1 P-660HW-Tx v3 Series User's Guide 347 - ZyXEL P-660HW-T1 v3 | User Guide - Page 348
Chapter 25 Product Specifications 348 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 349
The appendices provide general information. Some details may not apply to your ZyXEL Device. Setting up Your Computer's IP Address (351) Pop-up Windows, JavaScripts and Java Permissions (375) IP Addresses and Subnetting (385) Wireless LANs (395) Services (411) Legal Information (415) Index (419) 349 - ZyXEL P-660HW-T1 v3 | User Guide - Page 350
350 - ZyXEL P-660HW-T1 v3 | User Guide - Page 351
configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device's LAN port. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 352
, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 In the Network window, click Add. 2 Select Protocol and then click Add. 352 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 353
your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 146 Windows 95/98/Me: TCP/IP Properties: IP Address P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 354
when prompted. Verifying Settings 1 Click Start and then Run. 2 In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. 3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. 354 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 355
Appendix A Setting up Your Computer's IP Address Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. 1 Click start (Start in Windows 2000/NT), Settings Connections in Windows 2000/NT). Figure 149 Windows XP: Control Panel P-660HW-Tx v3 Series User's Guide 355 - ZyXEL P-660HW-T1 v3 | User Guide - Page 356
: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 151 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). 356 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 357
the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. P-660HW-Tx v3 Series - ZyXEL P-660HW-T1 v3 | User Guide - Page 358
Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. 358 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 359
Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab. Windows Vista This section shows screens from Windows Vista Enterprise Version 6.0. P-660HW-Tx v3 Series User's Guide 359 - ZyXEL P-660HW-T1 v3 | User Guide - Page 360
IP Address 1 Click the Start icon, Control Panel. Figure 155 Windows Vista: Start Menu 2 In the Control Panel, double-click Network and Internet. Figure 156 Windows Vista: Control Panel 3 Click Network and Sharing Center. Figure 157 Windows Vista: Network And Internet 360 P-660HW-Tx v3 Series User - ZyXEL P-660HW-T1 v3 | User Guide - Page 361
Appendix A Setting up Your Computer's IP Address 4 Click Manage network connections. Figure 158 Windows Vista: Network and Sharing Center 5 Right-click Local saying that it needs your permission to continue. Figure 159 Windows Vista: Network and Sharing Center P-660HW-Tx v3 Series User's Guide 361 - ZyXEL P-660HW-T1 v3 | User Guide - Page 362
) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. 362 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 363
the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. P-660HW-Tx v3 Series - ZyXEL P-660HW-T1 v3 | User Guide - Page 364
Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. 364 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 365
Appendix A Setting up Your Computer's IP Address If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure open Network Connections, right-click a network connection, click Status and then click the Support tab. P-660HW-Tx v3 Series User's Guide 365 - ZyXEL P-660HW-T1 v3 | User Guide - Page 366
Appendix A Setting up Your Computer's IP Address Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 164 Macintosh OS 8/9: Apple Menu 366 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 367
address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 368
Appendix A Setting up Your Computer's IP Address Macintosh OS X 1 Click the Apple IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 167 Macintosh OS X: Network 4 For statically assigned settings, do the following: 368 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 369
Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 168 Red Hat 9.0: KDE: Network Configuration: Devices P-660HW-Tx v3 Series User's Guide 369 - ZyXEL P-660HW-T1 v3 | User Guide - Page 370
General screen. 4 If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 170 Red Hat 9.0: KDE: Network Configuration: DNS 5 Click the Devices tab. 370 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 371
. • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 172 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet P-660HW-Tx v3 Series User's Guide 371 - ZyXEL P-660HW-T1 v3 | User Guide - Page 372
two DNS server IP addresses are specified. Figure 174 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1 nameserver 172.23.5.2 3 After you edit and save the configuration files, you interface: Bringing up interface eth0: [OK] [OK] [OK] [OK] [OK] 372 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 373
MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# P-660HW-Tx v3 Series User's Guide 373 - ZyXEL P-660HW-T1 v3 | User Guide - Page 374
Appendix A Setting up Your Computer's IP Address 374 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 375
's IP address. Disable Pop-up Blockers 1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 177 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. P-660HW-Tx v3 Series User's Guide 375 - ZyXEL P-660HW-T1 v3 | User Guide - Page 376
to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 376 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 377
2 Select Settings...to open the Pop-up Blocker Settings screen. Figure 179 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix "http://". For example, http://192.168.167.1. P-660HW-Tx v3 Series User's Guide 377 - ZyXEL P-660HW-T1 v3 | User Guide - Page 378
180 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed. 378 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 379
Figure 181 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). P-660HW-Tx v3 Series User's Guide 379 - ZyXEL P-660HW-T1 v3 | User Guide - Page 380
then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 380 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 381
(Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for under Java (Sun) is selected. P-660HW-Tx v3 Series User's Guide 381 - ZyXEL P-660HW-T1 v3 | User Guide - Page 382
Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 185 Mozilla Firefox: Tools > Options 382 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 383
Appendix B Pop-up Windows, JavaScript and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 186 Mozilla Firefox Content Security P-660HW-Tx v3 Series User's Guide 383 - ZyXEL P-660HW-T1 v3 | User Guide - Page 384
Appendix B Pop-up Windows, JavaScript and Java Permissions 384 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 385
You can also use subnet masks to divide one network into multiple sub-networks. Introduction to IP Addresses One part of the IP address is the network number, and the other part is the host ID. In the same to 11111111 in binary, or 0 to 255 in decimal. P-660HW-Tx v3 Series User's Guide 385 - ZyXEL P-660HW-T1 v3 | User Guide - Page 386
Subnet Masks 1ST OCTET: 2ND OCTET: 3RD OCTET: 4TH OCTET IP Address (Binary) Subnet Mask (Binary) Network Number Host ID (192) (168) (1) (2) 11000000 10101000 00000001 00000010 11111111 11111111 11111111 00000000 11000000 10101000 00000001 00000010 386 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 387
the remaining 24 bits are zeroes. Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24- - 2 28 - 2 23 - 2 MAXIMUM NUMBER OF HOSTS 16777214 65534 254 6 P-660HW-Tx v3 Series User's Guide 387 - ZyXEL P-660HW-T1 v3 | User Guide - Page 388
network for security reasons. In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 - 2 or 254 possible hosts. 388 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 389
Appendix C IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 188 Subnetting Example: Before network after subnetting. There are now two sub-networks, A and B. Figure 189 Subnetting Example: After Subnetting P-660HW-Tx v3 Series User's Guide 389 - ZyXEL P-660HW-T1 v3 | User Guide - Page 390
) Subnet Address: 192.168.1.64 Broadcast Address: 192.168.1.127 NETWORK NUMBER LAST OCTET BIT VALUE 192.168.1. 64 11000000.10101000.00000001. 01000000 11111111.11111111.11111111. 11000000 Lowest Host ID: 192.168.1.65 Highest Host ID: 192.168.1.126 390 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 391
. Table 128 Eight Subnets SUBNET SUBNET ADDRESS 1 0 2 32 3 64 4 96 5 128 6 160 7 192 8 224 FIRST ADDRESS LAST ADDRESS 1 30 33 62 65 94 97 126 129 158 161 190 193 222 225 254 BROADCAST ADDRESS 31 63 95 127 159 191 223 255 P-660HW-Tx v3 Series User's Guide 391 - ZyXEL P-660HW-T1 v3 | User Guide - Page 392
) 8192 6 14 255.255.255.252 (/30) 16384 2 15 255.255.255.254 (/31) 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP 392 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 393
situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. P-660HW-Tx v3 Series User's Guide 393 - ZyXEL P-660HW-T1 v3 | User Guide - Page 394
Appendix C IP Addresses and Subnetting 394 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 395
Configuration The simplest WLAN configuration or Independent Basic Service Set (IBSS). access point (AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 396
APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. 396 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 397
between 6 or 11. RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or P-660HW-Tx v3 Series User's Guide 397 - ZyXEL P-660HW-T1 v3 | User Guide - Page 398
the AP without the RTS (Request To Send)/CTS (Clear to Send) handshake. You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the "cost" of resending affect the throughput performance instead of providing a remedy. 398 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 399
on the network support it, otherwise the ZyXEL Device uses long preamble. Note: The wireless devices MUST use the same preamble mode in order to communicate IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has P-660HW-Tx v3 Series User's Guide 399 - ZyXEL P-660HW-T1 v3 | User Guide - Page 400
MAC Address Filtering WEP Encryption IEEE802.1x EAP with RADIUS Server Authentication Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. 400 P-660HW-Tx v3 - ZyXEL P-660HW-T1 v3 | User Guide - Page 401
Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the - ZyXEL P-660HW-T1 v3 | User Guide - Page 402
to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. 402 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 403
only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 404
server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. 404 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 405
common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it's still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption P-660HW-Tx v3 Series User's Guide 405 - ZyXEL P-660HW-T1 v3 | User Guide - Page 406
patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and - ZyXEL P-660HW-T1 v3 | User Guide - Page 407
each wireless client's password and allows it to join the network only if the password matches. 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. P-660HW-Tx v3 Series User's Guide 407 - ZyXEL P-660HW-T1 v3 | User Guide - Page 408
MAC address filters are not dependent on how you configure these security features. Table 134 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL No Enable WPA2-PSK TKIP/AES Yes Disable 408 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 409
. dBi represents the true gain that the antenna provides. Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. P-660HW-Tx v3 Series User's Guide 409 - ZyXEL P-660HW-T1 v3 | User Guide - Page 410
multiple access points. • point the antenna down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. 410 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 411
the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. • If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. P-660HW-Tx v3 Series User's Guide 411 - ZyXEL P-660HW-T1 v3 | User Guide - Page 412
specific group of hosts. The Internet Key Exchange algorithm is used for key distribution and management. The Internet Message Access Protocol is used for e-mail. This is a more secure version of IMAP4 that runs over SSL. This is another popular Internet chat program. 412 P-660HW-Tx v3 Series User - ZyXEL P-660HW-T1 v3 | User Guide - Page 413
(TCP/IP or other). This is a more secure version of POP3 that runs over SSL. Point-to-Point Tunneling services mainly for cable modems. Remote Telnet. The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 414
. Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). A videoconferencing solution. The UDP port number is specified in the application. 414 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 415
, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission right to make changes in any products described herein without notice. This publication is subject to change without notice. interference. P-660HW-Tx v3 Series User's Guide 415 - ZyXEL P-660HW-T1 v3 | User Guide - Page 416
radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that maintained between the antenna of this device and all persons. 注意 ! P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 417
Appendix F Legal Information Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device by an act of God, or subjected to abnormal working conditions. P-660HW-Tx v3 Series User's Guide 417 - ZyXEL P-660HW-T1 v3 | User Guide - Page 418
you may also have other rights that vary from country to country. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. 418 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 419
173 port forwarding 177 protocol filters 221 QoS 258 SIP ALG 181 SSID 149 static route 240 UPnP 283 wireless LAN 140 scheduling 155 WPS 151 address mapping 178 rules 179 types 179, 180, 184 Address Resolution Protocol, see ARP administrator password 30, 297 P-660HW-Tx v3 Series User's Guide Index - ZyXEL P-660HW-T1 v3 | User Guide - Page 420
list 126 Command Line Interface, see CLI compatibility, WDS 153 configuration 325 backup 320, 321, 326 classifiers 261 DHCP 125 file 316 firewalls 194, 198, 203 IP alias 128 420 logs 303 packet filtering 222, 225 port forwarding 175 reset 328 restoring 317, 326 static route 241 WAN 101 wireless - ZyXEL P-660HW-T1 v3 | User Guide - Page 421
handshake 202 triangle route 195, 207, 208 solutions 208 firmware 316, 323 upgrading 318 version 36 forwarding ports 172, 174 activation 177 configuration 175 example 175 rules 177 fragmentation threshold 146, 158, 399 FTP 24, 277 backing up configuration 320 P-660HW-Tx v3 Series User's Guide 421 - ZyXEL P-660HW-T1 v3 | User Guide - Page 422
121, 131 LEDs 26 limitations FTP 317 wireless LAN 161 WPS 169 Local Area Network, see LAN login 29 passwords 29, 30 logs 301 alerts 301 e-mail 304 error messages 305 example 305 firewalls 199 generic filters 226 protocol filters 223 schedules 304 settings 303 422 P-660HW-Tx v3 Series User's Guide - ZyXEL P-660HW-T1 v3 | User Guide - Page 423
rules 179 types 179, 180, 184 applications 184 IP alias 184 default server IP address 174, 176 example 183 global 182 IGA 182 ILA 182 inside 182 local 182 outside 182 P2P 173 packet filtering 226 port forwarding 172, 174 activation 177 configuration 175 example 175 rules 177 remote management 275 - ZyXEL P-660HW-T1 v3 | User Guide - Page 424
Index port forwarding 172, 174 activation 177 configuration 175 example 175 rules 177 PPPoA 102, 109, 114 PPPoE 102, 109, 113 passthrough 105 preamble 146, 158 preamble mode 399 pre-shared key 143 private IP address 131 probing, firewalls 190 product registration 418 protocol filters 221, 226 - ZyXEL P-660HW-T1 v3 | User Guide - Page 425
P-660HW-Tx v3 Series User's Guide subnet mask 120, 131, 386 subnetting 388 Sustain Cell Rate, see SCR syntax conventions 5 system 296 backing up configuration 321 backup configuration 320 firmware 316, 323 upgrading 318 version 36 LED 26 name 297 passwords 29, 30 administrator 297 users 297 reset - ZyXEL P-660HW-T1 v3 | User Guide - Page 426
W WAN 99 ATM QoS 105, 112, 117 DNS 103 encapsulation 99, 102, 109 IGMP 100 IP address 100, 103, 109, 115 mode 102, 109 modulation 102 MTU 105, 112 multicast 100, 105, 111 multiplexing 102, 109, 114 nailed-up connection 103, 110, 115 NAT 110 packet filter 105, 112 RIP 104, 111 setup 101 status 36 - ZyXEL P-660HW-T1 v3 | User Guide - Page 427
161 MAC address filter 138, status 151 wireless security 400 Wireless tutorial 45 wizard 83 configuration 86 wireless LAN 92 WLAN interference 397 security parameters 408 RADIUS application example 406 WPA2 404 user authentication 406 P-660HW-Tx v3 Series User's Guide Index vs WPA2-PSK 405 wireless - ZyXEL P-660HW-T1 v3 | User Guide - Page 428
Index 428 P-660HW-Tx v3 Series User's Guide
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
 |
 |
www.zyxel.com
www.zyxel.com
P-660HW-Tx v3 Series
802.11g Wireless ADSL2+ 4-port Gateway
Copyright © 2010
ZyXEL Communications Corporation
Firmware Version 3.70
Edition 2, 10/2010
Default Login Details
IP Address
Admin
Password
1234
User
Password
user