Home
/
ZyXEL Communications
/
P-660HN-F1A
/
User Manual

ZyXEL Communications P-660HN-F1A, User Manual

Share

Page: 202 / 430

ZyXEL Communications P-660HN-F1A User Manual Download Page 202

Chapter 10 Firewalls

P-660HN-F1A User’s Guide

202

10.4 The Firewall Threshold Screen

For DoS

attacks, the P-660HN-F1A uses thresholds to determine when to start

dropping sessions that do not become fully established (half-open sessions).
These thresholds apply globally to all sessions.

For TCP, half-open means that the session has not reached the established state-
the TCP three-way handshake has not yet been completed. Under normal
circumstances, the application that initiates a session sends a SYN (synchronize)
packet to the receiving server. The receiver sends back an ACK (acknowledgment)
packet and its own SYN, and then the initiator responds with an ACK
(acknowledgment). After this handshake, a connection is established.

Figure 80

Three-Way Handshake

For UDP, half-open means that the firewall has detected no return traffic. An
unusually high number (or arrival rate) of half-open sessions could indicate a DOS
attack.

10.4.1 Threshold Values

If everything is working properly, you probably do not need to change the
threshold settings as the default threshold values should work for most small
offices. Tune these parameters when you believe the P-660HN-F1A has been
receiving DoS attacks that are not recorded in the logs or the logs show that the
P-660HN-F1A is classifying normal traffic as DoS attacks. Factors influencing
choices for threshold values are:

1

The maximum number of opened sessions.

2

The minimum capacity of server backlog in your LAN network.

3

The CPU power of servers in your LAN network.

4

Network bandwidth.

«
...
200
201
202
203
204
...
»

Summary of Contents for P-660HN-F1A

Page 1: ...P 660HN F1A 802 11n Wireless ADSL2 4 port Gateway Copyright 2010 ZyXEL Communications Corporation Firmware Version 3 70 Edition 1 01 2010 Default Login Details IP Address http 192 168 1 1 Admin Passw...

Page 2: ......

Page 3: ...obe Reader search utility and enter a word or phrase This can help you quickly pinpoint the information you require You can also enter text directly into the toolbar in Reader To quickly move around w...

Page 4: ...out your product the answer may be here This is a collection of answers to previously asked questions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use Z...

Page 5: ...ics in this book may differ slightly from the product due to differences in operating systems operating system versions or if you installed updated firmware software for your device Every effort has b...

Page 6: ...troke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key...

Page 7: ...Guide 7 Icons Used in Figures Figures in this User s Guide may use the following generic icons The P 660HN F1A icon is not an exact representation of your device P 660HN F1A Computer Notebook computer...

Page 8: ...device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT pl...

Page 9: ...9 Technical Reference 103 WAN Setup 105 LAN Setup 127 Wireless LAN 143 Network Address Translation NAT 173 Firewalls 189 Content Filtering 211 Packet Filter 217 Certificates 227 Static Route 237 802 1...

Page 10: ...Contents Overview P 660HN F1A User s Guide 10...

Page 11: ...Managing the P 660HN F1A 24 1 4 Applications for the P 660HN F1A 24 1 4 1 Internet Access 25 1 5 LEDs Lights 26 1 6 The RESET Button 27 1 6 1 Using the Reset Button 27 1 7 The WPS WLAN Button 27 1 7 1...

Page 12: ...on www dyndns org 65 4 5 2 Configuring DDNS on Your P 660HN F1A 65 4 5 3 Adding a Firewall Rule for Remote Management 66 4 5 4 Testing the DDNS Setting 67 4 6 Configuring Static Route for Routing to...

Page 13: ...xing 122 6 5 3 VPI and VCI 123 6 5 4 IP Address Assignment 123 6 5 5 Nailed Up Connection PPP 123 6 5 6 NAT 124 6 6 Traffic Shaping 124 6 6 1 ATM Traffic Classes 125 Chapter 7 LAN Setup 127 7 1 Overvi...

Page 14: ...ical Reference 159 8 7 1 Wireless Network Overview 159 8 7 2 Additional Wireless Terms 161 8 7 3 Wireless Security Overview 161 8 7 4 Signal Problems 164 8 7 5 BSS 165 8 7 6 MBSSID 165 8 7 7 WiFi Prot...

Page 15: ...Reference 205 10 5 1 Firewall Rules Overview 205 10 5 2 Guidelines For Enhancing Security With Your Firewall 206 10 5 3 Security Considerations 207 10 5 4 Triangle Route 207 Chapter 11 Content Filter...

Page 16: ...34 Chapter 14 Static Route 237 14 1 Overview 237 14 1 1 What You Can Do in the Static Route Screens 237 14 2 The Static Route Screen 238 14 2 1 Static Route Edit 239 Chapter 15 802 1Q 1P 241 15 1 Over...

Page 17: ...3 17 1 2 What You Need To Know About DDNS 273 17 2 The Dynamic DNS Screen 274 Chapter 18 Remote Management 277 18 1 Overview 277 18 1 1 What You Can Do in the Remote Management Screens 278 18 1 2 What...

Page 18: ...P Error Messages 311 21 4 1 Example E mail Log 311 21 5 Log Descriptions 312 Chapter 22 Tools 321 22 1 Overview 321 22 1 1 What You Can Do in the Tool Screens 321 22 1 2 What You Need To Know About To...

Page 19: ...ifications 346 25 3 Wireless Features 349 25 4 Power Adaptor Specifications 352 Appendix A Setting up Your Computer s IP Address 353 Appendix B Pop up Windows JavaScripts and Java Permissions 377 Appe...

Page 20: ...Table of Contents P 660HN F1A User s Guide 20...

Page 21: ...21 PART I User s Guide...

Page 22: ...22...

Page 23: ...denotes 802 11n draft 2 0 The N models support 802 11n wireless connection mode Models ending in 1 for example P 660HN F1 denote a device that works over the analog telephone system POTS Plain Old Tel...

Page 24: ...60HN F1A more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it...

Page 25: ...ns that probes from the outside to your network are not allowed but you can safely browse the Internet and download files Use content filtering to block access to specific web sites with URL s contain...

Page 26: ...ng or there is a device malfunction Off The P 660HN F1A is not receiving power ETHERNET 1 4 Green On The P 660HN F1A has an Ethernet connection with a device on the Local Area Network LAN Blinking The...

Page 27: ...e it When the POWER LED begins to blink the defaults have been restored and the device restarts 1 7 The WPS WLAN Button You can use the WPS WLAN button on the back of the device to turn the wireless L...

Page 28: ...e WPS 1 Make sure the POWER LED is on not blinking 2 Press the WPS WLAN button for more than one second and release it when the LED becomes orange Press the WPS button on another WPS enabled device wi...

Page 29: ...t in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See Appendix B on page 377 if you need to make sure these functions are allowed in Internet Explore...

Page 30: ...d field If you have changed the password enter your password and click Login Figure 3 Password Screen 5 The following screen displays if you have not yet changed your password It is strongly recommend...

Page 31: ...wise select Go to Advanced setup and click Apply to display the Status screen Figure 5 Replace Factory Default Certificate Screen Note For security reasons the P 660HN F1A automatically logs you out i...

Page 32: ...he web configurator Table 3 Navigation Panel Summary LINK TAB FUNCTION Status This screen shows the P 660HN F1A s general device and network status information Use this screen to access the statistics...

Page 33: ...etwork traffic going in specific directions Rules This screen shows a summary of the firewall rules and allows you to edit add a firewall rule Threshold Use this screen to configure the thresholds for...

Page 34: ...through which interface s and from which IP address es users can send DNS queries to the P 660HN F1A ICMP Use this screen to set whether or not your device will respond to pings and probes for servic...

Page 35: ...Chapter 2 Introducing the Web Configurator P 660HN F1A User s Guide 35 2 2 4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated...

Page 36: ...Chapter 2 Introducing the Web Configurator P 660HN F1A User s Guide 36...

Page 37: ...of the device system resources and interfaces LAN and WAN The Status screen also provides detailed information from Any IP and DHCP and statistics from bandwidth management and traffic 3 2 The Status...

Page 38: ...is is the DSL standard that your P 660HN F1A is using IP Address This is the current IP address of the P 660HN F1A in the WAN Click this to go to the screen where you can change it IP Subnet Mask This...

Page 39: ...lug it in when you restart it Maintenance Tools Restart or when you reset it Current Date Time This field displays the current date and time in the P 660HN F1A You can change this in Maintenance Syste...

Page 40: ...A is not using the interface For the WLAN interface it displays Active when WLAN is enabled or InActive when WLAN is disabled Rate For the LAN interface this displays the port speed and duplex setting...

Page 41: ...e 8 WLAN Status The following table describes the labels in this screen Table 5 WLAN Status LABEL DESCRIPTION This is the index number of an associated wireless station MAC Address This field displays...

Page 42: ...screen Figure 9 Packet Statistics The following table describes the fields in this screen Table 6 Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system...

Page 43: ...this port Tx B s This field displays the number of bytes transmitted in the last second Rx B s This field displays the number of bytes received in the last second Up Time This field displays the elaps...

Page 44: ...Chapter 3 Status Screens P 660HN F1A User s Guide 44...

Page 45: ...e page 74 Two PVCs with ATM QoS Scenario see page 75 Note The tutorials featured in this chapter require a basic understanding of connecting to and using the Web Configurator on your P 660HN F1A For d...

Page 46: ...or manual configuration Section 4 2 3 on page 52 4 2 1 Configuring the Wireless Network Settings This example uses the following parameters to set up a wireless network 1 Click Network Wireless LAN to...

Page 47: ...less client which connects to the notebook Note The wireless client must be a WPS aware device for example a WPS USB adapter or PCMCIA card There are two WPS methods to set up the wireless client sett...

Page 48: ...Button in the Network Wireless LAN WPS Station screen Note Your P 660HN F1A has a WPS button located on its rear panel as well as a WPS button in its configuration utility Both buttons have exactly t...

Page 49: ...s you an example of how to set up a wireless network and its security by pressing a button on both P 660HN F1A and wireless client Example WPS Process PBC Method Wireless Client ZyXEL Device SECURITY...

Page 50: ...PIN number 2 Enter the PIN number in the PIN field in the Network Wireless LAN WPS Station screen on the P 660HN F1A 3 Click the Start buttons or the button next to the PIN field on both the wireless...

Page 51: ...wing figure shows you how to set up a wireless network and its security on a P 660HN F1A and a wireless client by using PIN method Example WPS Process PIN Method Authentication by PIN SECURITY INFO WI...

Page 52: ...orts IEEE 802 11b IEEE 802 11g and IEEE 802 11n wireless clients Make sure that your notebook or computer s wireless adapter supports one of these standards 4 2 4 Setting Up Wireless Network Schedulin...

Page 53: ...als P 660HN F1A User s Guide 53 2 Configure the screen as follows Turn on the wireless network from Mondays to Fridays between 18 00 and 23 00 Turn on the wireless network all day on Saturdays and Sun...

Page 54: ...ll use a general Company wireless network group Higher management level and important visitors will use the VIP group which has the highest QoS control Visiting guests will use the Guest group which h...

Page 55: ...the AP screen Use this screen to set up the company s general wireless network group Configure the screen using the provided parameters and click Apply 2 Click Network Wireless LAN More AP to open the...

Page 56: ...Guide 56 3 Configure the screen using the provided parameters and click Apply 4 In the More AP screen click the Edit icon to configure the third wireless network group 5 Configure the screen using th...

Page 57: ...needs to configure the port settings on his P 660HN F1A IP address 192 168 1 1 and a firewall rule so that access can be allowed to his Xbox 360 remotely Xbox 360 requires the following ports to be a...

Page 58: ...ntial attacks Any port service trying to access the P 660HN F1A s WAN IP address will be forwarded to the default server It is recommended that you set up a firewall rule to protect the device 1 If yo...

Page 59: ...er the Xbox 360 s IP address in the Default Server field Click Apply 4 4 2 Port Forwarding If the default server is already assigned to another server configure the ports for Xbox 360 1 Click Network...

Page 60: ...ollowing screen Select User define from the Service Name field 3 Configure the screen as follows to open TCP UDP port 53 for Xbox 360 Click Apply 4 Repeat steps 2 and 3 to open the rest of the ports f...

Page 61: ...ault port number for the P 660HN F1A web configurator to 8080 so that Xbox users will not be able to access the P 660HN F1A To access the web configurator Thomas needs to add the port number to the UR...

Page 62: ...field Firewall Example Rules 3 Click Add to display the Edit Rule screen 4 Click the Edit Customized Services under Service to open the Customized Service screen 5 Click on the number 5 to display th...

Page 63: ...st select Any UDP and Any TCP then click Remove Find Xbox 360 in the Available Services list Use the Add button to add it to the Selected Services list box Click Apply when you are done Note Custom se...

Page 64: ...anage the device from the Internet The P 660HN F1A s WAN IP address changes dynamically Dynamic DNS DDNS allows you to access the P 660HN F1A using a domain name To use this feature you have to apply...

Page 65: ...ice Type Host with IP address IP Address Enter the WAN IP address that your P 660HN F1A is currently using You can find the IP address on the P 660HN F1A s Web Configurator Status page Then you will n...

Page 66: ...HN F1A firewall is enabled to secure your network from attacks In this tutorial you add a firewall rule that lets you manage the P 660HN F1A from the Internet 1 Click Security Firewall and select Rule...

Page 67: ...st and click Delete Note If the computer gets a different IP address this firewall rule will not work 3d In the Service section select HTTP TCP 80 in the Available Services field and click Add Select...

Page 68: ...nnect a router to the P 660HN F1A s LAN The router may be used to separate two department networks This tutorial shows how to configure a static routing rule for two network routings In the following...

Page 69: ...tutorial uses the following example IP settings To configure a static route to route traffic from N1 to N2 1 Log into the P 660HN F1A s Web Configurator in advanced mode 2 Click Advanced Static Route...

Page 70: ...253 R s N1 address in the Gateway IP Address field 4a Click Apply Now B should be able to receive traffic from A You may need to additionally configure B s firewall settings to allow specific traffic...

Page 71: ...y No Overload Mapping Use this setting if your applications can use random public IP addresses and the applications are initiated from the Intranet computers A and B For example VoIP application See S...

Page 72: ...Feature in the General screen Click Apply 3 Click the Address Mapping tab and then click the Edit icon on a new rule 4 Configure the rule using the following settings Type Many to Many No Overload Lo...

Page 73: ...C For example gaming application To configure this setting 1 Click Network NAT 2 Select Active Network Address Translation NAT and Full Feature in the General screen Click Apply 3 Click the Address M...

Page 74: ...ns 4 8 Multiple WAN Connections Example This example shows an application for multiple WAN connections Your ISP may configure more than one WAN connection on the P 660HN F1A to record traffic statisti...

Page 75: ...oIP using SIP using 1 33 and 1 34 PVCs respectively General data is assigned Unspecified Bit Rate UBR ATM QoS while VoIP traffic is assigned Constant Bit Rate CBR ATM QoS as it is considered to transm...

Page 76: ...k Network WAN Internet Access Setup configure the settings you ISP want to provide to the subscriber for general data transmission This tutorial uses the following example settings Line Modulation Mul...

Page 77: ...Chapter 4 Tutorials P 660HN F1A User s Guide 77 2 Leave the other settings as their defaults and click Apply...

Page 78: ...p button to display the following options Select UBR in the ATM QoS Type field 4 Click Apply 4 9 1 2 PVC 2 for VoIP Traffic 1 Click the More Connections tab and then click the Edit icon next to the en...

Page 79: ...Chapter 4 Tutorials P 660HN F1A User s Guide 79 Select Active Name PVC for VoIP Mode Routing Encapsulation ENET ENCAP PVC LLC 1 34 ATM QoS CBR 3 Click Apply...

Page 80: ...cated to Internet access traffic and 2 000 kbps for VoIP Internet access traffic is assigned queue 2 and VoIP traffic is assigned a higher priority of queue 5 The bucket size for Internet access traff...

Page 81: ...660HN F1A User s Guide 81 4 9 2 1 Queue Setup 1 Click Advanced QoS Queue Setup Click the Edit icon of queue 2 to open the Queue Configuration screen 2 Enter 6 000 in the Rate field and 87 500 in the S...

Page 82: ...4 Tutorials P 660HN F1A User s Guide 82 3 Click the Edit icon of queue 5 to open the Queue Configuration screen 4 The Rate field is 2 000 as in default Enter 100 000 maximum size in the Size field Cli...

Page 83: ...further refine traffic identification from a port by specifying VLAN tags but this tutorial does not do that See Chapter 15 on page 243 for how to configure VLAN groups 1 Click Advanced QoS Class Setu...

Page 84: ...Chapter 4 Tutorials P 660HN F1A User s Guide 84 Physical Port 1 3 exclude port 4 3 Click Apply...

Page 85: ...sifier rule 5 Create a class setup rule using the following example settings Class Configuration Select Active Enter VoIP as the descriptive name for this rule Interface From LAN Priority 5 Routing Po...

Page 86: ...Chapter 4 Tutorials P 660HN F1A User s Guide 86 6 Click Apply 4 9 2 3 Activate QoS on the P 660HN F1A 1 Click Advanced QoS General...

Page 87: ...u can connect a VoIP phone to the P 660HN F1A s LAN port 4 and computers to port 1 3 The P 660HN F1A classifies and prioritizes voice traffic to optimize voice quality The connection with VPI VCI 0 35...

Page 88: ...Chapter 4 Tutorials P 660HN F1A User s Guide 88...

Page 89: ...rmation given to you by your ISP Note See the advanced menu chapters for background information on these fields 5 2 Internet Access Wizard Setup 1 After you enter the password to access the web config...

Page 90: ...not detected Check your hardware connections and click Restart the INTERNET WIRELESS SETUP Wizard to return to the wizard welcome screen If you still cannot connect click Manually configure your Inter...

Page 91: ...or service name exactly as provided by your ISP Then click Next and see Section 5 3 on page 98 for wireless connection wizard setup Figure 15 Auto Detection PPPoE 3c The following screen appears if t...

Page 92: ...rs LABEL DESCRIPTION Mode Select Routing default from the drop down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account Select Bridge when yo...

Page 93: ...t box either VC based or LLC based Virtual Circuit ID VPI Virtual Path Identifier and VCI Virtual Channel Identifier define a virtual circuit Refer to the appendix for more information VPI Enter the V...

Page 94: ...the user name exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password Enter the password ass...

Page 95: ...T ENCAP Table 12 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field Type your ISP assigned IP address in this field Back Cli...

Page 96: ...tic IP Address if your ISP gave you an IP address to use IP Address Enter your ISP assigned IP address Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendix to calculate a s...

Page 97: ...Connection Test Failed 1 If the following screen displays check if your account is activated or click Restart the Internet Wireless Setup Wizard to verify your Internet access settings Figure 23 Conne...

Page 98: ...o configure wireless settings Otherwise select No and skip to Step 6 Figure 24 Connection Test Successful 2 Use this screen to activate the wireless LAN Click Next to continue Figure 25 Wireless LAN S...

Page 99: ...e sure all wireless stations use the same SSID in order to access the network Channel Selection The range of radio frequencies used by IEEE 802 11b g wireless devices is called a channel Select a chan...

Page 100: ...Figure 27 Manually Assign a WPA PSK key The following table describes the labels in this screen Next Click this to continue to the next wizard screen Exit Click this to close the wizard screen without...

Page 101: ...gure 29 Wireless LAN Setup 3 Table 18 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data Both the P 660HN F1A and the wireless stations must use the same WEP key for...

Page 102: ...chose not to configure wireless LAN settings Figure 30 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www zyxel com Internet access is just the beginning Ref...

Page 103: ...103 PART II Technical Reference...

Page 104: ...104...

Page 105: ...her networks so that a computer in one location can communicate with computers in other locations Figure 31 LAN and WAN 6 1 1 What You Can Do in the WAN Screens Use the Internet Access Setup screen Se...

Page 106: ...es to access the Internet If your ISP assigns you a static WAN IP address they should also assign you the subnet mask and DNS server IP address es and a gateway IP address if you use the Ethernet or E...

Page 107: ...07 6 2 The Internet Access Setup Screen Use this screen to change your P 660HN F1A s WAN settings Click Network WAN Internet Access Setup The screen differs by the WAN type and encapsulation you selec...

Page 108: ...down list box Choices vary depending on the mode you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPP...

Page 109: ...e the IP address set to 0 0 0 0 User Defined changes to None after you click Apply If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None afte...

Page 110: ...Internet Access Setup Advanced Setup LABEL DESCRIPTION RIP Multicast Setup This section is not available when you configure the P 660HN F1A to be in bridge mode RIP Direction RIP Routing Information...

Page 111: ...l Rate The Sustain Cell Rate SCR sets the average cell rate long term that can be transmitted Type the SCR which must be less than the PCR Note that system default is 0 cells sec Maximum Burst Size Ma...

Page 112: ...lter Sets Protocol Filter Select the protocol filter s to control outgoing traffic You may choose up to 4 sets of filters You can configure protocol filters in the Packet Filter screen See Chapter 12...

Page 113: ...This field indicates whether the connection is active or not Clear the check box to disable the connection Select the check box to enable it Name This is the name you gave to the Internet connection...

Page 114: ...splay the following screen Figure 35 Network WAN More Connections Edit The following table describes the labels in this screen Table 22 Network WAN More Connections Edit LABEL DESCRIPTION General Acti...

Page 115: ...gned a specific virtual circuit for example VC1 will carry IP If you select VC specify separate VPI and VCI numbers for each protocol For LLC based multiplexing or PPP encapsulation one VC carries mul...

Page 116: ...idle time out in the Max Idle Timeout field when you select Connect on Demand The default setting is 0 which means the Internet session will not timeout NAT SUA only is available only when you select...

Page 117: ...bels in this screen Table 23 Network WAN More Connections Edit Advanced Setup LABEL DESCRIPTION RIP Multicast Setup This section is not available when you configure the P 660HN F1A to be in bridge mod...

Page 118: ...face or connection Enter the MTU in this field For ENET ENCAP the MTU value is 1500 For PPPoE the MTU value is 1492 For PPPoA and RFC the MTU is 65535 Packet Filter Incoming Filter Sets Protocol Filte...

Page 119: ...rk WAN WAN Backup Setup This screen is not available if you set the WAN type to Ethernet in the Internet Access Setup screen Figure 37 Network Internet WAN WAN Backup Apply Click this to save your cha...

Page 120: ...red in the Check WAN IP Address field without getting a response before switching to a WAN backup connection or a different WAN backup connection Recovery Interval When the P 660HN F1A is using a lowe...

Page 121: ...s PPPoE Point to Point Protocol over Ethernet PPPoE is an IETF Draft standard RFC 2516 specifying how a personal computer PC interacts with a broadband modem DSL cable wireless etc connection The PPPo...

Page 122: ...Internet connection The P 660HN F1A encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC Permanent Virtual Circuit to the Internet Service Provider s ISP DSLAM Digital Subscr...

Page 123: ...enabled or disabled if you have either a dynamic or static IP However the encapsulation method assigned influences your choices for IP address and ENET ENCAP gateway IP Assignment with PPPoA or PPPoE...

Page 124: ...ansmission over an ATM network This agreement helps eliminate congestion which is important for transmission of real time data such as audio and video connections Peak Cell Rate PCR is the maximum rat...

Page 125: ...Variable Bit Rate VBR The Variable Bit Rate VBR ATM traffic class is used with bursty connections Connections that use the Variable Bit Rate VBR traffic class can be grouped into real time VBR RT or n...

Page 126: ...nection would be non time sensitive data file transfers Unspecified Bit Rate UBR The Unspecified Bit Rate UBR ATM traffic class is for bursty data transfers However UBR doesn t guarantee any bandwidth...

Page 127: ...Screens Use the LAN IP screen Section 7 2 on page 129 to set the LAN IP address and subnet mask of your ZyXEL device You can also edit your P 660HN F1A s RIP multicast any IP and Windows Networking se...

Page 128: ...Routing Information Protocol allows a router to exchange routing information with other routers Multicast Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender 1 recipie...

Page 129: ...f your P 660HN F1A 2 Enter the IP subnet mask into the IP Subnet Mask field Unless instructed otherwise it is best to leave this alone the configurator will automatically compute a subnet mask based u...

Page 130: ...s to restore your previously saved settings Advanced Setup Click this to display the Advanced LAN Setup screen and edit more details of your LAN setup Table 25 Network LAN IP LABEL DESCRIPTION Table 2...

Page 131: ...Select the protocol filter s to control incoming traffic You may choose up to 4 sets of filters You can configure packet filters in the Packet Filter screen See Chapter 12 on page 217 for more details...

Page 132: ...None the DHCP server will be disabled If set to Relay the P 660HN F1A acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients Enter the IP addr...

Page 133: ...o None after you click Apply Select DNS Relay to have the P 660HN F1A act as a DNS proxy only when the ISP uses IPCP DNS server extensions The P 660HN F1A s LAN IP address displays in the field to the...

Page 134: ...This field displays the IP address relative to the field listed above MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of h...

Page 135: ...rface with the P 660HN F1A itself as the gateway for each LAN network When you use IP alias you can also configure firewall rules to control access between the LAN s logical networks subnets Note Make...

Page 136: ...d or paste the IP address IP Subnet Mask Your P 660HN F1A will automatically calculate the subnet mask based on the IP address that you assign Unless you are implementing subnetting use the subnet mas...

Page 137: ...ats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sen...

Page 138: ...address and subnet mask There are two ways that an ISP disseminates the DNS server addresses The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If...

Page 139: ...se please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168 1 1 to 192 168 1 254 zero...

Page 140: ...f RIP packets When set to Both the P 660HN F1A will broadcast its routing table periodically and incorporate the RIP information that it receives In Only the P 660HN F1A will not send any RIP packets...

Page 141: ...groups and can be in the range 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast computers The address 224 0 0 1 is used for query messages an...

Page 142: ...Chapter 7 LAN Setup P 660HN F1A User s Guide 142...

Page 143: ...wireless connection Use the AP screen see Section 8 2 on page 145 to turn the wireless connection on or off set up wireless security configure the MAC filter and make other basic configuration changes...

Page 144: ...Set IDentifier The service set is the network so the service set identifier is the network s name This helps you identify your wireless network when wireless networks coverage areas overlap and you ha...

Page 145: ...non WPS devices manually although this is somewhat more complicated to do What advanced options do you want to configure if any If you want to configure advanced options such as Quality of Service en...

Page 146: ...ey tool Security Mode See the following sections for more details about this field MAC Filter This shows whether the wireless devices with the MAC addresses listed are allowed or denied to access the...

Page 147: ...lick Network Wireless LAN to display the AP screen Select Static WEP from the Security Mode list Note WEP is extremely insecure Its encryption can be broken by an attacker using widely available softw...

Page 148: ...ty labels in this screen Table 32 Network Wireless LAN AP Static WEP LABEL DESCRIPTION Security Mode Choose Static WEP from the drop down list box Passphrase Enter a passphrase up to 32 printable char...

Page 149: ...lect the check box to have both WPA PSK and WPA wireless clients be able to communicate with the P 660HN F1A even when the P 660HN F1A is using WPA2 PSK or WPA2 Pre Shared Key The encryption mechanism...

Page 150: ...ect the check box to have both WPA PSK and WPA wireless clients be able to communicate with the P 660HN F1A even when the P 660HN F1A is using WPA2 PSK or WPA2 Group Key Update Timer The Group Key Upd...

Page 151: ...e same on the external authentication server and your P 660HN F1A The key is not sent over the network Accounting Server optional IP Address Enter the IP address of the external accounting server in d...

Page 152: ...nsity of APs in an area decrease the output power to reduce interference with other APs Select one of the following Maximum Middle or Minimum Preamble Select a preamble type from the drop down list me...

Page 153: ...ID An SSID profile is the set of parameters relating to one of the P 660HN F1A s BSSs The SSID Service Set IDentifier identifies the Service Set with which a wireless device is associated This field d...

Page 154: ...o access the P 660HN F1A using this SSID Edit Click this to go to the MAC Filter screen to configure MAC filter settings See Section 8 3 2 on page 155 for more details QoS This shows whether QoS Quali...

Page 155: ...filtering Filter Action Define the filter action for the list of MAC addresses in the MAC Address table Select Deny to block access to the P 660HN F1A MAC addresses not listed will be allowed to acce...

Page 156: ...e labels in this screen Back Click this to return to the previous screen without saving Apply Click this to save your changes Cancel Click this to restore your previously saved settings Table 38 Netwo...

Page 157: ...gs have been changed The current wireless and wireless security settings also appear in the screen This displays Unconfigured if WPS is disabled and there is no wireless or wireless security changes o...

Page 158: ...eless range of the P 660HN F1A to your wireless network This button may either be a physical button on the outside of device or a menu button similar to the Push Button on this screen Note You must pr...

Page 159: ...tes in one of two ways An infrastructure type of network has one or more access points and one or more wireless clients The wireless clients connect to the access points An ad hoc type of network is o...

Page 160: ...SSID The SSID is the name of the wireless network It stands for Service Set IDentifier If two wireless networks overlap they should use a different channel Like radio stations or television channels...

Page 161: ...a wireless data network or understand the data carried on it Table 42 Additional Wireless Terms TERM DESCRIPTION RTS CTS Threshold In a wireless network which covers a large area wireless devices are...

Page 162: ...ot just people who have sensitive information on their network who should use security Everybody who uses any wireless network should ensure that effective security is in place A good way to come up w...

Page 163: ...s network You can make every user log in to the wireless network before using it However every device in the wireless network has to support IEEE 802 1x to do this For wireless networks you can store...

Page 164: ...or unauthorized wireless devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your P 660HN F1A you can also select an option WPA compatible to support WPA...

Page 165: ...traffic between wireless stations in the BSS When Intra BSS traffic blocking is disabled wireless station A and B can access the wired network and communicate with each other When Intra BSS traffic bl...

Page 166: ...other in each of the two devices When WPS is activated on a device it has two minutes to find another device that also has WPS activated Then the two devices connect and set up a secure network by the...

Page 167: ...ou must enter the PIN from one device usually the wireless client into the second device usually the Access Point or wireless router Then when WPS is activated on the first device it presents its PIN...

Page 168: ...e list of associated wireless clients in the AP s configuration utility If you see the wireless client in the list WPS was successful The following figure shows a WPS enabled wireless client installed...

Page 169: ...e registrar is already part of a network it sends the existing information If not it generates the SSID and WPA 2 PSK randomly The following figure shows a WPS enabled client installed in a notebook c...

Page 170: ...quent WPS connections in which it is involved If you want a configured AP to act as an enrollee you must reset it to its factory defaults 8 7 7 4 Example WPS Network Setup This section shows how secur...

Page 171: ...to your network AP2 is out of range of AP1 so you cannot use AP1 for the WPS handshake with the new access point However you know that Client 2 supports the registrar function so you use it to perfor...

Page 172: ...if the device supports this feature Then you can enter the key into the non WPS device and join the network as normal the non WPS device must also support WPA PSK or WPA2 PSK When you use the PBC met...

Page 173: ...he server s on your local network Use the Address Mapping screen Section 9 4 on page 179 to change your P 660HN F1A s address mapping settings Use the SIP ALG screen Section 9 5 on page 183 to enable...

Page 174: ...TP that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world SUA Single User Account Versus NAT SUA Single User Ac...

Page 175: ...rewall Session Per User When computers use peer to peer applications such as file sharing applications they need to establish NAT sessions If you do not limit the number of NAT sessions a single clien...

Page 176: ...most often used port numbers and services are shown in Appendix E on page 413 Please refer to RFC 1700 for further information about port numbers Note Many residential broadband ISP accounts do not a...

Page 177: ...the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 66 Multiple Servers Behind NAT Example 9 3 1 Configur...

Page 178: ...r the IP address of the server for the specified service Add Click this button to add a rule to the table below This is the rule index number read only Active This field indicates whether the rule is...

Page 179: ...me Enter a name to identify this port forwarding rule Start Port Enter a port number in this field To forward only one port enter the port number again in the End Port field To forward a series of por...

Page 180: ...settings click Network NAT Address Mapping to open the following screen Figure 69 Network NAT Address Mapping The following table describes the fields in this screen Table 47 Network NAT Address Mapp...

Page 181: ...PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported only M M Ov Overload Many to Many Overload mode maps multiple local IP addresses to shared global...

Page 182: ...ervices behind the NAT to be accessible to the outside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A for Server port mapping Local End IP This is the end lo...

Page 183: ...ALG Figure 71 Network NAT ALG The following table describes the fields in this screen 9 6 NAT Technical Reference This chapter contains more information regarding NAT 9 6 1 NAT Definitions Inside out...

Page 184: ...stination address the inside global address back to the inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host is neve...

Page 185: ...for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and th...

Page 186: ...ess Many to One In Many to One mode the P 660HN F1A maps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Single User Ac...

Page 187: ...NAT mapping types The following table summarizes these types Table 51 NAT Mapping Types TYPE IP MAPPING One to One ILA1 IGA1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 Many to Many Overload ILA1 IGA1 IL...

Page 188: ...Chapter 9 Network Address Translation NAT P 660HN F1A User s Guide 188...

Page 189: ...following figure illustrates the default firewall action User A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other t...

Page 190: ...ide user to know the P 660HN F1A exists The P 660HN F1A supports anti probing which prevents the ICMP response packet from being sent This keeps outsiders from discovering your P 660HN F1A when unsupp...

Page 191: ...ct WAN to LAN in the Packet Direction field Firewall Example Rules 3 In the Rules screen select the index number after that you want to add the rule For example if you select 6 your new rule becomes n...

Page 192: ...omized Services Config screen and configure the screen as follows and click Apply Edit Custom Port Example 7 Select Any in the Destination Address List box and then click Delete 8 Configure the destin...

Page 193: ...ons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done Note Custom services show up with an before their names in the Services list bo...

Page 194: ...ould look like the following Rule 1 allows a MyService connection from the WAN to IP addresses 10 0 0 10 through 10 0 0 15 on the LAN Firewall Example Rules MyService 10 2 The Firewall General Screen...

Page 195: ...ction This is the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply Fo...

Page 196: ...elect a direction of travel of packets for which you want to configure firewall rules Create a new rule after rule number Select an index number and click Add to add a new firewall rule after the sele...

Page 197: ...hether a schedule is specified Yes or not No Log This field shows you whether a log is created when packets match this rule Yes or not No Modify Click the Edit icon to go to the screen where you can e...

Page 198: ...ion 10 1 2 on page 190 for more information Use this screen to configure firewall rules In the Rules screen select an index number and click Add or click a rule s Edit icon to display this screen and...

Page 199: ...an add multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Delete Highlight an existing source or destina...

Page 200: ...eck box to have the P 660HN F1A generate an alert when the rule is matched Back Click this to return to the previous screen without saving Apply Click this to save your changes Cancel Click this to re...

Page 201: ...Config LABEL DESCRIPTION Config Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Po...

Page 202: ...ledgment After this handshake a connection is established Figure 80 Three Way Handshake For UDP half open means that the firewall has detected no return traffic An unusually high number or arrival rat...

Page 203: ...ded The global values specified for the threshold and timeout apply to all TCP connections Click Firewall Threshold to bring up the next screen Figure 81 Security Firewall Threshold The following tabl...

Page 204: ...gh to lower than the current Maximum Incomplete Low number For example if you set the maximum incomplete high to 100 the P 660HN F1A starts deleting half open sessions when the number of existing half...

Page 205: ...ateful packet inspection allows packets traveling in the following directions LAN to LAN Router These rules specify which computers on the LAN can manage the P 660HN F1A remote management and communic...

Page 206: ...cols such as Telnet to authorized users on the LAN These custom rules work by comparing the source IP address destination IP address and IP protocol type of network traffic to rules set by the adminis...

Page 207: ...ers will a rule that blocks just certain users be more effective 3 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability For example if FTP ports TCP 20...

Page 208: ...F1A reroutes the SYN packet through Gateway A on the LAN to the WAN 3 The reply from the WAN goes directly to the computer on the LAN without going through the P 660HN F1A As a result the P 660HN F1A...

Page 209: ...ough the P 660HN F1A to your LAN The following steps describe such a scenario 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN 2 The P 660HN F1A...

Page 210: ...Chapter 10 Firewalls P 660HN F1A User s Guide 210...

Page 211: ...5 to specify the days and times keyword blocking is active Use the Trusted screen Section 11 4 on page 216 to exclude computers and other devices on your LAN from the keyword blocking filter 11 1 2 Wh...

Page 212: ...Active Keyword Blocking 3 In the Keyword field type keywords to identify websites to be blocked 4 Click Add Keyword for each keyword to be entered 5 Click Apply Security Content Filter Keyword Example...

Page 213: ...uter can be excluded from keyword blocking Bob s home network is on the domain 192 168 1 xxx Bob gave his home computer a static IP address of 192 168 1 2 and the study computer a static IP address of...

Page 214: ...tering Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature Block Websites that contain these keywords in the URL This box contains the list of all the keywor...

Page 215: ...le 58 Security Content Filtering Keyword continued LABEL DESCRIPTION Table 59 Security Content Filter Schedule LABEL DESCRIPTION Schedule Select Block Everyday to make the content filtering active eve...

Page 216: ...iously saved settings Table 59 Security Content Filter Schedule continued LABEL DESCRIPTION Table 60 Security Content Filter Trusted LABEL DESCRIPTION Start IP Address Type the IP address of a compute...

Page 217: ...rs are subdivided into generic and protocol filters Generic filter rules act on the raw data from to LAN and WAN Protocol filter rules act on IP packets Filter Structure A filter set consists of one o...

Page 218: ...r the filter set The text may consist of up to 16 letters numerals and any printable character found on a typical English language keyboard Filter Type Select Protocol Filter or Generic Filter for you...

Page 219: ...ibes the labels in this screen Table 62 Security Packet Filter Edit Protocol Filter LABEL DESCRIPTION This is the index number of the rules in a filter set Active Use the check box to turn a filter ru...

Page 220: ...upper layer protocol IP Source Route Select the check box to apply the filter rule to packets with an IP source route option The majority of IP packets do not have source route Destination Address En...

Page 221: ...omparison to apply to the source port in the packet against the value given in the Source Port field Options are None Equal Not Equal Less and Greater TCP Estab This field is only available when you s...

Page 222: ...ble 64 Security Packet Filter Edit Generic Filter LABEL DESCRIPTION This is the index number of the rules in a filter set Active Use the check box to turn on or off a filter rule Filter Type This fiel...

Page 223: ...et that you wish to compare The range for this field is from 0 to 255 Length Enter the byte count of the data portion in the packet that you wish to compare The range for this field is 0 to 8 Mask Ent...

Page 224: ...er hand the generic filters are applied to the raw packets that appear on the wire They are applied at the point when the P 660HN F1A is receiving and sending the packets that is the interface The int...

Page 225: ...packet contents as well as their source and destination addresses Firewalls of this type employ an inspection module applicable to all protocols that understands data in the packet is intended for oth...

Page 226: ...sh traffic originating from an inside host or an outside host by IP address 4 The firewall performs better than filtering if you need to check many rules 5 Use the firewall if you need routine e mail...

Page 227: ...e identity of the notebook A using a certificate before granting it access to the network 13 1 1 What You Need to Know About Certificates Certification Authority A Certification Authority CA issues ce...

Page 228: ...icate is referred to in the GUI as the factory default certificate 13 1 2 Verifying a Certificate Before you import a trusted certificate into the P 660HN F1A you should verify that you have the corre...

Page 229: ...secure method may very based on your situation Possible examples would be over the telephone or through an HTTPS connection Finding Out More See Section 13 3 on page 234 for technical background info...

Page 230: ...certificate Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applicab...

Page 231: ...the certificate s filename before you can import the certificate Figure 98 Trusted CA Import The following table describes the labels in this screen Table 67 Trusted CA Import LABEL DESCRIPTION File P...

Page 232: ...the labels in this screen Table 68 Trusted CA Details LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate If you want to change the name type up to 31 chara...

Page 233: ...ing the MD5 algorithm You can use this value to verify with the certification authority over the phone for example that this is actually their certificate SHA1 Fingerprint This is the certificate s me...

Page 234: ...ficates Anyone can then use the certification authority s public key to verify the certificates Advantages of Certificates Certificates offer the following benefits The P 660HN F1A only has to store t...

Page 235: ...anyone who receives a message seeming to come from Tim can read it and verify whether it is really from him or not 3 Tim uses his private key to sign the message and sends it to Jenny 4 Jenny receives...

Page 236: ...Chapter 13 Certificates P 660HN F1A User s Guide 236...

Page 237: ...60HN F1A s LAN interface The P 660HN F1A routes most traffic from A to the Internet through the P 660HN F1A s default gateway R1 You create one static route to connect to services offered by your ISP...

Page 238: ...e This is the name that describes or identifies this route Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This i...

Page 239: ...up to 9 letters numerals and any printable character found on a typical English language keyboard Leave this field blank to delete this static route Destination IP Address This parameter specifies th...

Page 240: ...Chapter 14 Static Route P 660HN F1A User s Guide 240...

Page 241: ...r traffic trasmitted through the ports Figure 103 802 1Q 1P 15 1 1 What You Can Do in the 802 1Q 1P Screens Use the Group Setting screen Section 15 2 on page 247 to activate 802 1Q 1P specify the mana...

Page 242: ...agged Frames Each port on the device is capable of passing tagged or untagged frames To forward a frame from an 802 1Q VLAN aware device to an 802 1Q VLAN unaware device the P 660HN F1A first decides...

Page 243: ...2 and then to a PVC PVC1 where the priority is set to high level of service You would start with the following steps 1 Click Advanced 802 1Q 1P Group Setting and then click the Edit button to display...

Page 244: ...Setting Edit Example To set a high priority for VoIP traffic follow these steps 1 Click Advanced 802 1Q 1P Port Setting to display the following screen 2 Type 2 in the 802 1Q PVID column for LAN1 LAN...

Page 245: ...affic You want to create low priority for this type of traffic so you want to group these ports and PVC2 into one VLAN VLAN3 PVC2 priority is set to low level of service SSID1 and SSID2 are two wirele...

Page 246: ...F1A User s Guide 246 Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4 The summary screen should then display as follows Advanced 802 1Q 1P Group Setting Example This co...

Page 247: ...following table describes the labels in this screen Table 71 Advanced 802 1Q 1P Group Setting LABEL DESCRIPTION 802 1Q 1P Active Select this check box to activate the 802 1P 1Q feature Management Vla...

Page 248: ...he VLAN group VID This field displays the ID number of the VLAN group Port Number These columns display the VLAN s settings for each port A tagged port is marked as T an untagged port is marked as U a...

Page 249: ...gateway for the VLAN group Ports This field displays the types of ports available to join the VLAN group Control Select Fixed for the port to be a permanent member of the VLAN group Select Forbidden...

Page 250: ...N Ports This field displays the types of ports available to join the VLAN group 802 1Q PVID Assign a VLAN ID for the port The valid VID range is between 1 and 4094 The P 660HN F1A assigns the PVID to...

Page 251: ...rk is congested This can cause a reduction in network performance and make the network inadequate for time critical applications such as video on demand The P 660HN F1A assigns each packet a priority...

Page 252: ...settings in Advanced QoS Class Setup This associates queues with PVCs by mapping the priority of queues to the index number of PVCs 16 2 1 What You Can Do in the QoS Screens Use the General screen Se...

Page 253: ...t Type of Service ToS field in the IP header Tagging and Marking In a QoS class you can configure whether to add or change the DiffServ Code Point DSCP value IEEE 802 1p priority level and VLAN ID num...

Page 254: ...N F1A User s Guide 254 these two classes are assigned priority queue based on the internal QoS mapping table on the P 660HN F1A Figure 107 QoS Example Figure 108 QoS Class Example VoIP 1 50 Mbps DSL V...

Page 255: ...Chapter 16 Quality of Service QoS P 660HN F1A User s Guide 255 Figure 109 QoS Class Example VoIP 2 Figure 110 QoS Class Example Boss 1...

Page 256: ...Chapter 16 Quality of Service QoS P 660HN F1A User s Guide 256 Figure 111 QoS Class Example Boss 2...

Page 257: ...to voice and video to make them run more smoothly Similarly give low priority to many large file downloads so that they do not reduce the quality of other applications WAN Managed Bandwidth Enter the...

Page 258: ...ly assigned by These fields are ignored if traffic matches a class you configured in the Class Setup screen If you select ON and traffic does not match a class configured in the Class Setup screen the...

Page 259: ...d come Priority This is the priority assigned to traffic of this classifier Filter Content This shows criteria specified in this classifier Modify Click the Edit icon to go to the screen where you can...

Page 260: ...60HN F1A User s Guide 260 16 4 1 The Class Configuration Screen Use this screen to configure a classifier Click the Add button or the Edit icon in the Modify field to display the following screen Figu...

Page 261: ...A use the routing table to find a next hop and forward the matched packets automatically Select To WAN Index to route the matched packets through the specified PVC This option is available only when t...

Page 262: ...t number See Appendix E on page 413 for some common services and port numbers MAC Select the check box and enter the source MAC address of the packet MAC Mask Type the mask for the specified MAC addre...

Page 263: ...g the FTP server accepts commands from a system running an FTP client The service allows users to send commands to the server for uploading and downloading files Select the check box and select FTP fr...

Page 264: ...ll be discarded The following shows how tokens work with outgoing packets A packet can be transmitted if the number of tokens in the bucket are equal to or greater than the size of the packet in bytes...

Page 265: ...the P 660HN F1A again transmits it directly and then deducts 500 tokens from the bucket leaving just 200 tokens 700 500 D After one more second one hundred more tokens are added to the bucket A packe...

Page 266: ...ght of this queue Weight in Percent This shows the weight of this queue in percentage of all queues with the same priority Shaping Rate kbps This shows the maximum transmission rate allowed for traffi...

Page 267: ...gher priority queues gets through faster while traffic in lower priority queues is dropped if the network is congested Weight Specify the weight of this queue If two queues have the same priority leve...

Page 268: ...e are dropped until there is space in the buffer again packets are transmitted out of it Random Early Detection RED is a queue management algorithm that doesn t wait until a buffer is full before drop...

Page 269: ...ity Queue This shows the priority queue number Traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested Pass This shows ho...

Page 270: ...indicating the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate pat...

Page 271: ...Queue Assignment If you enable QoS on the P 660HN F1A the P 660HN F1A can automatically base on the IEEE 802 1p priority level IP precedence and or packet length to assign priority to traffic which d...

Page 272: ...11110 011100 011010 011000 250 6 6 4 100110 100100 100010 100000 5 101110 101000 7 7 6 110000 111000 7 Table 82 Internal Layer2 and Layer3 QoS Mapping PRIORITY QUEUE LAYER 2 LAYER 3 IEEE 802 1P USER P...

Page 273: ...all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DN...

Page 274: ...Active Dynamic DNS Select this check box to use dynamic DNS Service Provider This is the name of your Dynamic DNS service provider Dynamic DNS Type Select the type of service that you are registered f...

Page 275: ...ddress Select this option only when there are one or more NAT routers between the P 660HN F1A and the DDNS server This feature has the DDNS server automatically detect and use the IP address of the NA...

Page 276: ...Chapter 17 Dynamic DNS Setup P 660HN F1A User s Guide 276...

Page 277: ...ows remote management of the P 660HN F1A coming in from the WAN Figure 119 Remote Management From the WAN Note When you configure remote management to allow management from the WAN you still need to c...

Page 278: ...terface s and from which IP address es users can use FTP to access the P 660HN F1A Your P 660HN F1A can act as an SNMP agent which allows a manager station to manage and monitor the P 660HN F1A throug...

Page 279: ...iguring from the LAN System Timeout There is a default system management idle timeout of five minutes three hundred seconds The P 660HN F1A automatically logs you out if the management session remains...

Page 280: ...ou may change the server port number for a service if needed However you must use the same port number in order to use that service for remote management Access Status Select the interface s through w...

Page 281: ...te Management Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management A...

Page 282: ...F1A through the network The P 660HN F1A supports SNMP version Table 86 Advanced Remote Management FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed However you m...

Page 283: ...rmation to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP a...

Page 284: ...the P 660HN F1A for example 8161 then you must notify people who need to access the P 660HN F1A SNMP agent to use the same port Access Status Select the interface s through which a computer may acces...

Page 285: ...d Remote MGMT DNS to change your P 660HN F1A s DNS settings Figure 125 Advanced Remote Management DNS Set Community Enter the Set community which is the password for incoming Set requests from the man...

Page 286: ...u want your device to respond to pings and requests for unauthorized services you may also need to configure the firewall anti probing settings to match Figure 126 Advanced Remote Management ICMP Tabl...

Page 287: ...horized services Select this option to prevent hackers from finding the P 660HN F1A by probing for unused ports If you select this option the P 660HN F1A will not respond to port request s for unused...

Page 288: ...Chapter 18 Remote Management P 660HN F1A User s Guide 288...

Page 289: ...60HN F1A and allow UPnP enabled applications to automatically configure the P 660HN F1A 19 1 2 What You Need to Know About UPnP Identifying UPnP Devices UPnP hardware is identified as an icon in the N...

Page 290: ...tion may also be obtained and modified by users in some network environments When a UPnP device joins a network it announces its presence with a multicast message For security reasons the P 660HN F1A...

Page 291: ...application to open the web configurator s login screen without entering the P 660HN F1A s IP address although you must still enter the password to access the web configurator Allow users to make conf...

Page 292: ...ll UPnP in Windows Me and Windows XP Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click on...

Page 293: ...ox Add Remove Programs Windows Setup Communication Components 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted Installing UPnP in...

Page 294: ...ons window click Advanced in the main menu and select Optional Networking Components Network Connections 4 The Windows Optional Networking Components Wizard window displays Select Networking Service i...

Page 295: ...Next 19 4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the P 660HN F1A Ma...

Page 296: ...660HN F1A User s Guide 296 2 Right click the icon and select Properties Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatica...

Page 297: ...r delete the port mappings or click Add to manually add port mappings Internet Connection Properties Advanced Settings Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled devi...

Page 298: ...play your current Internet connection status Internet Connection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the P 660HN F1A without finding out the IP a...

Page 299: ...niversal Plug and Play UPnP P 660HN F1A User s Guide 299 3 Select My Network Places under Other Places Network Connections 4 An icon with the description for each UPnP enabled device displays under Lo...

Page 300: ...60HN F1A and select Invoke The web configurator login screen displays Network Connections My Network Places 6 Right click on the icon for your P 660HN F1A and select Properties A properties window dis...

Page 301: ...configure system settings Use the Time Setting screen Section 20 3 on page 304 to set the system time 20 1 2 What You Need to Know About System Settings DHCP DHCP Dynamic Host Configuration Protocol...

Page 302: ...ck Start Settings Control Panel Network Click the Identification tab note the entry for the Computer Name field and enter it as the System Name In Windows 2000 click Start Settings Control Panel and t...

Page 303: ...es out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts may have security risks A value of 0 means a management session never times out n...

Page 304: ...9 Maintenance System Time Setting The following table describes the fields in this screen Table 92 Maintenance System Time Setting LABEL DESCRIPTION Current Time Current Time This field displays the t...

Page 305: ...our time server sends when you turn on the P 660HN F1A Not all time servers support all protocols so you may have to check with your ISP network administrator or use trial and error to find a protocol...

Page 306: ...ny s time zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format...

Page 307: ...ngs screen Use The Log Settings screen Section 21 3 on page 309 to configure the mail server the syslog server when to send logs and what logs to send 21 1 2 What You Need To Know About Logs Alerts An...

Page 308: ...Maintenance Logs View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop down list box Select a category of logs to view select All Logs to vi...

Page 309: ...appears as shown Alerts are e mailed as soon as they happen Logs may be e mailed as soon as the log is full Selecting many alert and or log categories especially Access Control may result in many e m...

Page 310: ...e This drop down menu is used to configure the frequency of log messages being sent as E mail Daily Weekly Hourly When Log is Full None If you select Weekly or Daily specify a time of day when the E m...

Page 311: ...sent by e mail You may edit the subject title Send Immediate Alert Select log categories for which you want the P 660HN F1A to send E mail alerts immediately Apply Click this to save your customized...

Page 312: ...05 17 UDP src port 00520 dest port 00520 1 02 128 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 30 UDP src port 00520 dest port 00520 1 02 End of Firewall Log Table 96 System Maintena...

Page 313: ...P packet that was too large Configuration Change PC 0x x Task ID 0x x The router is saving configuration changes Successful SSH login Someone has logged on to the router s SSH server SSH login failed...

Page 314: ...a message to notify a user that the router blocked access to a web site that the user requested Table 99 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack sent TCP RST The router sent a T...

Page 315: ...d rule d Attempted access matched a configured filter rule denoted by its set and rule number and was blocked or forwarded according to the rule Table 101 ICMP Logs LOG MESSAGE DESCRIPTION Firewall d...

Page 316: ...LOG MESSAGE DESCRIPTION ppp LCP Starting The PPP connection s Link Control Protocol stage has started ppp LCP Opening The PPP connection s Link Control Protocol stage is opening ppp CHAP Opening The...

Page 317: ...l detected a TCP teardrop attack teardrop UDP The firewall detected an UDP teardrop attack teardrop ICMP type d code d The firewall detected an ICMP teardrop attack illegal command TCP The firewall de...

Page 318: ...to authenticate user There is no authentication server to authenticate a user Table 108 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION L to W LAN to WAN ACL set for packets traveling from t...

Page 319: ...0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Table 110 Syslog Logs LOG MESSAGE DESCRIPTION Facility 8 Severity Mon d...

Page 320: ...efer to RFC 2408 for detailed information on each type Table 111 RFC 2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE SA Security Association PROP Proposal TRANS Transform KE Key Exchange ID Identif...

Page 321: ...you want to return the device to the original default settings The firmware determines the device s available features and functionality You can download new firmware releases from your nearest ZyXEL...

Page 322: ...the computer file config cfg If your T FTP client does not allow you to have a destination filename different than the source you will need to rename them as the P 660HN F1A only recognizes rom 0 and...

Page 323: ...vice has not been disabled in the Remote Management screen 22 1 4 Tool Examples Using FTP or TFTP to Restore Configuration This example shows you how to restore a previously saved configuration Note t...

Page 324: ...uter 2 Enter open followed by a space and the IP address of your device 3 Press ENTER when prompted for a username 4 Enter your password as requested the default is 1234 5 Enter bin to set transfer mo...

Page 325: ...ient and accepts TFTP requests only from this address 2 Enter the command sys stdio 0 to disable the management idle timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to r...

Page 326: ...ras name of the firmware on the device Commands that you may see in GUI based TFTP clients are listed earlier in this chapter Using the FTP Commands to Back Up Configuration 1 Launch the FTP client on...

Page 327: ...he configuration file follow the procedure shown next 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for...

Page 328: ...ogram For UNIX use get to transfer from the P 660HN F1A to the computer and binary to set binary transfer mode TFTP Command Configuration Backup Example The following is an example TFTP command tftp i...

Page 329: ...See Section 22 1 4 on page 323 for upgrading firmware using FTP TFTP commands Do NOT turn off the P 660HN F1A while firmware upload is in progress Figure 136 Maintenance Tools Firmware The following t...

Page 330: ...ome operating systems you may see the following icon on your desktop Figure 138 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen...

Page 331: ...en Figure 139 Error Message 22 3 The Configuration Screen See Section 22 1 4 on page 323 for transferring configuration files using FTP TFTP commands Click Maintenance Tools Configuration Information...

Page 332: ...e Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your P 660HN F1A Do not turn off the P 660HN F1A while configuration file...

Page 333: ...rily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 Se...

Page 334: ...also press the RESET button on the rear panel to reset the factory defaults of your P 660HN F1A Refer to Section 1 6 on page 27 for more information on the RESET button 22 4 The Restart Screen System...

Page 335: ...Do in the Diagnostic Screens Use the General screen Section 23 2 on page 335 to ping an IP address Use the DSL Line screen Section 23 3 on page 336 to view the DSL line statistics and reset the ADSL...

Page 336: ...DSL line statistics and reset the ADSL line Click Maintenance Diagnostic DSL Line to open the screen shown next Figure 148 Maintenance Diagnostic DSL Line Table 117 Maintenance Diagnostic General LABE...

Page 337: ...s the number of ATM cells sent that were rejected inF4Pkts is the number of ATM Operations Administration and Management OAM F4 cells that have been received See ITU recommendation I 610 for more on O...

Page 338: ...the quality of the connection whether a given sub carrier loop has sufficient margins to support certain ADSL transmission rates and possibly to determine whether particular specific types of interfer...

Page 339: ...A does not turn on None of the LEDs turn on 1 Make sure the P 660HN F1A is turned on 2 Make sure you are using the power adaptor or cord included with the P 660HN F1A 3 Make sure the power adaptor or...

Page 340: ...ay for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP address of the P 660HN F1A it depends...

Page 341: ...e default IP address See Section 1 6 on page 27 5 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Try to access the P 6...

Page 342: ...are behaving as expected See the Quick Start Guide and Section 1 5 on page 26 2 Make sure you entered your ISP account information correctly in the wizard These fields are case sensitive so make sure...

Page 343: ...ications 2 Check the signal strength If the signal strength is low try moving your computer closer to the P 660HN F1A if possible and look around to see if there are any devices that might be interfer...

Page 344: ...Chapter 24 Troubleshooting P 660HN F1A User s Guide 344...

Page 345: ...Power Specification 12 VDC 1A Built in Switch One auto negotiating auto MDI MDI X 10 100 Mbps RJ 45 Ethernet ports ADSL Port 1 RJ 11 FXS POTS port RESET Button 10 seconds restores factory defaults Ant...

Page 346: ...A Note Only upload firmware for your specific model Configuration Backup Restoration Make a copy of the P 660HN F1A s configuration You can put it back on the P 660HN F1A later if you decide to revert...

Page 347: ...ltering and give trusted LAN IP addresses unfiltered Internet access QoS Quality of Service You can efficiently manage traffic on your network by reserving bandwidth and giving priority to certain typ...

Page 348: ...SL SRA Seamless Rate Adaptation Auto negotiating rate adaptation ADSL physical connection ATM AAL5 ATM Adaptation Layer type 5 Multi protocol over AAL5 RFC2684 1483 PPP over ATM AAL5 RFC2364 PPP over...

Page 349: ...te Firmware Upgrade Syslog TR 069 F4 F5 OAM Table 120 Firmware Specifications continued Table 121 Wireless Features External Antenna The P 660HN F1A is equipped with one fixed antenna to provide a cle...

Page 350: ...s and 150Mbps Auto Fallback WPA2 WMM IEEE 802 11i IEEE 802 11e Wired Equivalent Privacy WEP Data Encryption 64 128 bit WLAN bridge to LAN Up to 32 MAC Address filters IEEE 802 1x Store up to 32 built...

Page 351: ...ccess Control MAC Bridges IEEE 802 11x Port Based Network Access Control IEEE 802 11e QoS IEEE 802 11 e Wireless LAN for Quality of Service ANSI T1 413 Issue 2 Asymmetric Digital Subscriber Line ADSL...

Page 352: ...LUG STANDARDS DC Power Adapter Model ADS0128 B 120100 Input Power 100V 240VAC 50 60HZ Output Power 12V DC 1A Power Consumption 8 Watt max Safety Standards ANSI UL 60950 1 CSA 60950 1 EUROPEAN PLUG STA...

Page 353: ...P IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later op...

Page 354: ...Installing Components The Network window Configuration tab displays a list of installed components You need a network adapter the TCP IP protocol and Client for Microsoft Networks If you need the adap...

Page 355: ...Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes you made take effect Configuring 1 In the Network window Configuration tab selec...

Page 356: ...you do not know your gateway s IP address remove previously installed gateways If you have a gateway IP address type it in the New gateway field and click Add 5 Click OK to save and close the TCP IP P...

Page 357: ...following example figures use the default Windows XP GUI theme 1 Click start Start in Windows 2000 NT Settings Control Panel Figure 152 Windows XP Start Menu 2 In the Control Panel double click Networ...

Page 358: ...hen click Properties Figure 154 Windows XP Control Panel Network Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties Figure 155 Windows X...

Page 359: ...e or more of the following if you want to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Sub...

Page 360: ...rties 7 In the Internet Protocol TCP IP Properties window the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your...

Page 361: ...he Local Area Connection Properties window 10 Close the Network Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your P 660HN F1A and restart your computer if prompted...

Page 362: ...r s Guide 362 1 Click the Start icon Control Panel Figure 159 Windows Vista Start Menu 2 In the Control Panel double click Network and Internet Figure 160 Windows Vista Control Panel 3 Click Network a...

Page 363: ...onnections Figure 162 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then click Properties Note During this procedure click Continue whenever Windows displays a scree...

Page 364: ...igure 164 Windows Vista Local Area Connection Properties 7 The Internet Protocol Version 4 TCP IPv4 Properties window opens the General tab If you have a dynamic IP address click Obtain an IP address...

Page 365: ...ab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Confi...

Page 366: ...operties 9 In the Internet Protocol Version 4 TCP IPv4 Properties window the General tab Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your...

Page 367: ...rotocol Version 4 TCP IPv4 Properties window 11 Click Close to close the Local Area Connection Properties window 12 Close the Network Connections window 13 Turn on your P 660HN F1A and restart your co...

Page 368: ...ting up Your Computer s IP Address P 660HN F1A User s Guide 368 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 168 Macintosh OS 8...

Page 369: ...signed settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your P 660HN F1A...

Page 370: ...tem Preferences window Figure 170 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Location list Select Built in Ethernet from the Show list Click the TCP IP tab 3 F...

Page 371: ...ttings Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location may var...

Page 372: ...in IP address settings with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill in the Address Subnet mask and Default Gateway Address fi...

Page 373: ...en Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address 1 Assuming that you have only one network card on the computer locate the i...

Page 374: ...in the etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 178 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configurati...

Page 375: ...root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717...

Page 376: ...Appendix A Setting up Your Computer s IP Address P 660HN F1A User s Guide 376...

Page 377: ...t Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Servic...

Page 378: ...n the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 182 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with...

Page 379: ...60HN F1A User s Guide 379 2 Select Settings to open the Pop up Blocker Settings screen Figure 183 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to hav...

Page 380: ...Add to move the IP address to the list of Allowed sites Figure 184 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the...

Page 381: ...orer click Tools Internet Options and then the Security tab Figure 185 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enab...

Page 382: ...k OK to close the window Figure 186 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3...

Page 383: ...ions P 660HN F1A User s Guide 383 5 Click OK to close the window Figure 187 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure...

Page 384: ...OK to close the window Figure 188 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Clic...

Page 385: ...p up Windows JavaScripts and Java Permissions P 660HN F1A User s Guide 385 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 190 Mozilla Firefox Con...

Page 386: ...Appendix B Pop up Windows JavaScripts and Java Permissions P 660HN F1A User s Guide 386...

Page 387: ...r and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house nu...

Page 388: ...st ID using a logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the ne...

Page 389: ...mber bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address wit...

Page 390: ...u can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the compa...

Page 391: ...the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allow...

Page 392: ...ets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host...

Page 393: ...t Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 131 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192...

Page 394: ...S NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31...

Page 395: ...u entered You don t need to change the subnet mask computed by the P 660HN F1A unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address I...

Page 396: ...Appendix C IP Addresses and Subnetting P 660HN F1A User s Guide 396...

Page 397: ...ent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad...

Page 398: ...nded Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a...

Page 399: ...cent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overl...

Page 400: ...t first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer the...

Page 401: ...nization field in a packet Short preamble increases performance as less time sending preamble means more time for sending data All IEEE 802 11 compliant wireless adapters support long preamble but not...

Page 402: ...e shows the relative effectiveness of these wireless security methods available on your P 660HN F1A Note You must enable the same wireless security settings on the P 660HN F1A and on all wireless clie...

Page 403: ...e wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADI...

Page 404: ...LEAP Your wireless LAN device may not support all authentication types EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism in...

Page 405: ...ve attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes...

Page 406: ...nd WPA2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WP...

Page 407: ...r distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data pa...

Page 408: ...y connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operati...

Page 409: ...RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as follows 1 First enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must co...

Page 410: ...ach authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 138 Wireless Security Relational Matrix AUTHENTICATIO...

Page 411: ...na s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications...

Page 412: ...es very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as hi...

Page 413: ...e of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Por...

Page 414: ...net related command that can be used to find out if a user is logged on FTP TCP TCP 20 21 File Transfer Protocol a program to enable fast transfer of files including large files that may not be possib...

Page 415: ...e Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other POP3S TCP 995 This is a more secure version of POP3 that runs over SSL PPTP TCP...

Page 416: ...Service Discovery Protocol supports Universal Plug and Play UPnP SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send sys...

Page 417: ...ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it...

Page 418: ...anty ZyXEL warrants to the original end user purchaser that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase During the warra...

Page 419: ...ty or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact...

Page 420: ...Appendix F Legal Information P 660HN F1A User s Guide 420...

Page 421: ...159 WPS 156 address mapping 180 rules 181 types 181 182 186 administrator password 30 303 alerts 307 firewalls 200 algorithm certificates 233 MD5 fingerprint 233 SHA1 fingerprint 233 alternative subn...

Page 422: ...ation 331 backup 326 327 332 classifiers 260 267 DHCP 132 file 322 firewalls 194 198 203 IP alias 136 logs 309 packet filtering 220 223 port forwarding 177 reset 334 restoring 323 332 static route 239...

Page 423: ...ckets 217 configuration 220 223 firewalls 224 generic filters 221 logs 221 223 NAT 224 protocol filters 219 structure 217 types 218 224 firewalls 189 actions 199 activation 195 address types 199 alert...

Page 424: ...e ICMP Internet Group Multicast Protocol see IGMP IP address 106 109 115 123 128 139 default server 176 178 ping 335 private 139 IP alias 135 configuration 136 NAT applications 186 IP precedence 270 L...

Page 425: ...176 178 example 185 global 184 IGA 184 ILA 184 inside 184 local 184 outside 184 P2P 175 packet filtering 224 port forwarding 174 176 activation 179 configuration 177 example 177 rules 179 remote mana...

Page 426: ...recedence 270 monitor 266 268 priority queue 271 remote node 263 routing policy 261 SIP 263 Quality of Service see QoS Queue Setup 266 R RADIUS 403 message types 403 messages 403 shared secret key 404...

Page 427: ...route 237 activation 238 configuration 239 example 237 status 32 37 40 ATM 337 DSL connections 338 firewalls 39 firmware version 38 LAN 38 packet statistics 42 WAN 38 wireless LAN 38 WLAN 41 WPS 157 S...

Page 428: ...2 1P priority 241 250 activation 247 example 243 group settings 248 management group 247 port settings 250 PVC 242 PVID 250 tagging frames 242 249 VPI 108 115 123 W WAN 105 ATM QoS 111 118 125 DNS 109...

Page 429: ...status 157 wireless security 402 Wireless tutorial 47 wizard 89 configuration 92 wireless LAN 98 WLAN interference 399 security parameters 410 WPA 150 164 406 authentication 150 key caching 408 pre a...

Page 430: ...Index P 660HN F1A User s Guide 430...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands