manualshive.com logo in svg

ZyXEL Communications P-660HW-DX, User Manual

The ZyXEL Communications P-660HW-DX is a top-notch wireless router designed for high-speed internet connectivity. Ensure optimal performance by referring to the User Manual available for free download on our website. Get detailed instructions on setup, configuration, and troubleshooting to make the most of your device. Download your manual now!

Share
Download
background image

Appendix B Wireless LANs

P-660HW-Dx User’s Guide

280

Encryption 

Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol 
(TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced 
Encryption Standard (AES) in the Counter mode with Cipher block chaining Message 
authentication code Protocol (CCMP) to offer stronger encryption than TKIP.
TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication 
server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit 
mathematical algorithm called Rijndael. They both include a per-packet key mixing function, 
a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with 
sequencing rules, and a re-keying mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption 
key is never used twice. 
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up 
a key hierarchy and management system, using the PMK to dynamically generate unique data 
encryption keys to encrypt every data packet that is wirelessly communicated between the AP 
and the wireless clients. This all happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data 
packets, altering them and resending them. The MIC provides a strong mathematical function 
in which the receiver and the transmitter each compute and then compare the MIC. If they do 
not match, it is assumed that the data has been tampered with and the packet is dropped. 
By generating unique data encryption keys for every data packet and by creating an integrity 
checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi 
network than WEP and difficult for an intruder to break into the network. 
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only 
difference between the two is that WPA(2)-PSK uses a simple common password, instead of 
user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to 
brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a 
consistent, single, alphanumeric password to derive a PMK which is used to generate unique 
temporal encryption keys. This prevent all wireless devices sharing the same encryption keys. 
(a weakness of WEP)

User Authentication 

WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to 
authenticate wireless clients using an external RADIUS database. WPA2 reduces the number 
of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time 
required to connect to a network. Other WPA2 authentication features that are different from 
WPA include key caching and pre-authentication. These two features are optional and may not 
be supported in all wireless devices.
Key caching allows a wireless client to store the PMK it derived through a successful 
authentication with an AP. The wireless client uses the PMK when it tries to connect to the 
same AP and does not need to go with the authentication process again.
Pre-authentication enables fast roaming by allowing the wireless client (already connecting to 
an AP) to perform IEEE 802.1x authentication with another AP before connecting to it.

Summary of Contents for P-660HW-DX

Page 1: ...www zyxel com P 660HW Dx 802 11g Wireless ADSL 2 4 port Gateway User s Guide Version 3 40 8 2007 Edition 2...

Page 2: ......

Page 3: ...onfigurator Online Help Embedded web help for descriptions of individual screens and supplementary information It is recommended you use the web configurator to configure the ZyXEL Device Supporting D...

Page 4: ...troke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key...

Page 5: ...5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook computer Se...

Page 6: ...an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to r...

Page 7: ...Safety Warnings P 660HW Dx User s Guide 7...

Page 8: ...Safety Warnings P 660HW Dx User s Guide 8...

Page 9: ...WAN Setup 75 LAN Setup 93 Wireless LAN 105 Network Address Translation NAT Screens 129 Security 141 Firewalls 143 Firewall Configuration 155 Content Filtering 177 Advanced 181 Static Route 183 Bandwid...

Page 10: ...Contents Overview P 660HW Dx User s Guide 10...

Page 11: ...Good Habits for Managing the ZyXEL Device 35 1 4 LEDs 35 1 5 Hardware Connections 36 Chapter 2 Introducing the Web Configurator 37 2 1 Web Configurator Overview 37 2 2 Accessing the Web Configurator...

Page 12: ...oduction 67 4 2 Predefined Media Bandwidth Management Services 67 4 3 Bandwidth Management Wizard Setup 68 Part III Network 73 Chapter 5 WAN Setup 75 5 1 WAN Overview 75 5 1 1 Encapsulation 75 5 1 2 M...

Page 13: ...LAN Setup 99 6 5 DHCP Setup 100 6 6 LAN Client List 101 6 7 LAN IP Alias 102 Chapter 7 Wireless LAN 105 7 1 Wireless Network Overview 105 7 2 Wireless Security Overview 106 7 2 1 SSID 106 7 2 2 MAC A...

Page 14: ...ort Forwarding 133 8 5 1 Default Server IP Address 134 8 5 2 Port Forwarding Services and Port Numbers 134 8 5 3 Configuring Servers Behind Port Forwarding Example 135 8 6 Configuring Port Forwarding...

Page 15: ...cklist 156 10 3 2 Security Ramifications 156 10 3 3 Key Fields For Configuring Rules 157 10 4 Connection Direction 157 10 4 1 LAN to WAN Rules 158 10 4 2 Alerts 158 10 5 General Firewall Policy 158 10...

Page 16: ...age 189 13 6 1 Reserving Bandwidth for Non Bandwidth Class Traffic 189 13 6 2 Maximize Bandwidth Usage Example 189 13 6 3 Bandwidth Management Priorities 191 13 7 Over Allotment of Bandwidth 191 13 8...

Page 17: ...2 UPnP and ZyXEL 214 16 2 1 Configuring UPnP 214 16 3 Installing UPnP in Windows Example 215 16 3 1 Installing UPnP in Windows Me 215 16 3 2 Installing UPnP in Windows XP 216 16 4 Using UPnP in Window...

Page 18: ...er Hardware Connections and LEDs 259 21 2 ZyXEL Device Access and Login 260 21 3 Internet Access 261 Part VII Appendices and Index 263 Appendix A Product Specifications and Wall Mounting 265 Appendix...

Page 19: ...Table of Contents P 660HW Dx User s Guide 19 Appendix L Legal Information 347 Appendix M Customer Support 351 Index 357...

Page 20: ...Table of Contents P 660HW Dx User s Guide 20...

Page 21: ...5 Figure 19 Auto Detection PPPoE 55 Figure 20 Internet Access Wizard Setup ISP Parameters 56 Figure 21 Internet Connection with PPPoE 57 Figure 22 Internet Connection with RFC 1483 57 Figure 23 Intern...

Page 22: ...Figure 57 Wireless LAN General 108 Figure 58 Wireless No Security 110 Figure 59 Wireless Static WEP Encryption 111 Figure 60 Wireless WPA PSK WPA2 PSK 112 Figure 61 Wireless WPA WPA2 114 Figure 62 Adv...

Page 23: ...Topology 183 Figure 102 Static Route 184 Figure 103 Static Route Edit 185 Figure 104 Subnet based Bandwidth Management Example 188 Figure 105 Bandwidth Management Summary 192 Figure 106 Bandwidth Man...

Page 24: ...e 145 Temporarily Disconnected 254 Figure 146 Configuration Restore Error 255 Figure 147 Restart Screen 255 Figure 148 Diagnostic General 257 Figure 149 Diagnostic DSL Line 258 Figure 150 Wall mountin...

Page 25: ...ost ID 302 Figure 182 Subnetting Example Before Subnetting 304 Figure 183 Subnetting Example After Subnetting 305 Figure 184 Configuration Text File Format Column Descriptions 315 Figure 185 Invalid P...

Page 26: ...List of Figures P 660HW Dx User s Guide 26...

Page 27: ...nually assign a WEP key 64 Table 17 Media Bandwidth Management Setup Services 67 Table 18 Bandwidth Management Wizard General Information 69 Table 19 Bandwidth Management Wizard Configuration 70 Table...

Page 28: ...ewall Configure Customized Services 165 Table 61 Predefined Services 169 Table 62 Firewall Anti Probing 172 Table 63 Firewall Threshold 174 Table 64 Content Filter Keyword 178 Table 65 Content Filter...

Page 29: ...101 PPP Logs 240 Table 102 UPnP Logs 241 Table 103 Content Filtering Logs 241 Table 104 Attack Logs 242 Table 105 IPSec Logs 242 Table 106 IKE Logs 243 Table 107 PKI Logs 246 Table 108 Certificate Pat...

Page 30: ...Planning 307 Table 135 16 bit Network Number Subnet Planning 307 Table 136 Firewall Commands 309 Table 137 Abbreviations Used in the Example Internal SPTGEN Screens Table 318 Table 138 Menu 1 General...

Page 31: ...31 PART I Introduction Introducing the ZyXEL Device 33 Introducing the Web Configurator 37...

Page 32: ...32...

Page 33: ...ing in 3 denote a device that works over ISDN Integrated Services Digital Network The DSL RJ 11 ADSL over POTS models or RJ 45 ADSL over ISDN models connects to your ADSL enabled telephone line 1 Only...

Page 34: ...ADSL ADSL2 ADSL2 standards Maximum data rates attainable for each standard are shown in the next table If your ZyXEL Device does not support Annex M the maximum ADSL2 2 upstream data rate is 1 2 Mbps...

Page 35: ...nfigure many devices of the same type 1 3 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effective...

Page 36: ...m is not ready or has malfunctioned ETHERNET 1 4 Green On The ZyXEL Device has a successful Ethernet connection Blinking The ZyXEL Device is sending receiving data Off The LAN is not connected WLAN Gr...

Page 37: ...p windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See the chapter on troubleshooti...

Page 38: ...Figure 5 User status screen 2 2 2 Administrator Access 1 For administrator access enter the default admin password 1234 to configure the wizards and the advanced features 2 Click Login to proceed to a...

Page 39: ...to change the password now If you do not change the password at least once the following screen appears every time you log in with the admin password Figure 6 Change Password at Login 4 Select Go to W...

Page 40: ...load the factory default configuration file This means that you will lose all configurations that you had previously and the password will be reset to 1234 2 3 1 Using the Reset Button 1 Make sure the...

Page 41: ...IP DNS Server MAC address assignment BANDWIDTH MANAGEMENT SETUP Use these screens to limit bandwidth usage by application or packet type Logout Click this icon to exit the web configurator Status Thi...

Page 42: ...ply the rule Rules This screen shows a summary of the firewall rules and allows you to edit add a firewall rule Anti Probing Use this screen to change your anti probing settings Threshold Use this scr...

Page 43: ...ace s and from which IP address es users can send DNS queries to the ZyXEL Device ICMP Use this screen to change your anti probing settings UPnP Use this screen to enable UPnP on the ZyXEL Device Main...

Page 44: ...ice s model name MAC Address This is the MAC Media Access Control or Ethernet address unique to your ZyXEL Device ZyNOS Firmware Version This is the ZyNOS firmware version and the date created ZyNOS i...

Page 45: ...total heap memory in kilobytes The bar displays what percent of the ZyXEL Device s heap memory is in use The bar turns from green to red when the maximum is being approached Interface Status Interfac...

Page 46: ...ck the WLAN Status hyperlink in the Status screen to view the wireless stations that are currently associated to the ZyXEL Device Figure 11 Status WLAN Status Table 5 Status Any IP Table LABEL DESCRIP...

Page 47: ...idth Status 2 4 6 Status Packet Statistics Click the Packet Statistics hyperlink in the Status screen Read only information here includes port status and packet specific statistics Also provided are s...

Page 48: ...ownstream Speed This is the downstream speed of your ZyXEL Device Node Link This field displays the remote node index number and link type Link types are PPPoA ENET RFC 1483 and PPPoE Status This fiel...

Page 49: ...wn Up line is up or connected if you re using Ethernet encapsulation and Down line is down Up line is up or connected Idle line ppp idle Dial starting to trigger a call and Drop dropping a call if you...

Page 50: ...Chapter 2 Introducing the Web Configurator P 660HW Dx User s Guide 50...

Page 51: ...51 PART II Wizards Wizard Setup for Internet Access 53 Bandwidth Management Wizard 67...

Page 52: ...52...

Page 53: ...the information given to you by your ISP See the advanced menu chapters for background information on these fields 3 2 Internet Access Wizard Setup 1 After you enter the admin password to access the w...

Page 54: ...e you use If the wizard does not detect a connection type and the following screen appears see Figure 17 on page 54 check your hardware connections and click Restart the Internet Wireless Setup Wizard...

Page 55: ...ing you to enter your Internet account information Enter the username password and or service name exactly as provided 2 Click Next Figure 19 Auto Detection PPPoE 3 2 2 Manual Configuration 1 If the Z...

Page 56: ...oices vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET ENCA...

Page 57: ...here domain identifies a service name then enter both components exactly as given Password Enter the password associated with the user name above Service Name Type the name of your PPPoE service here...

Page 58: ...ess Select Static IP Address if your ISP gives you a fixed IP address IP Address Enter your ISP assigned IP address Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendices t...

Page 59: ...modify them Figure 25 Connection Test Failed 1 If the following screen displays check if your account is activated or click Restart the Internet Wireless Setup Wizard to verify your Internet access s...

Page 60: ...zard Setup After you configure the Internet access information use the following screens to set up your wireless LAN 1 Select Yes and click Next to configure wireless settings Otherwise select No and...

Page 61: ...L Device s SSID and WPA PSK security settings to wireless clients that support OTIST and are within transmission range You must also activate and start OTIST on the wireless client at the same time Th...

Page 62: ...support WPA and OTIST This option is available only when you enable OTIST in the previous wizard screen Select Manually assign a WPA PSK key to configure a pre shared key WPA PSK Choose this option on...

Page 63: ...s LAN setup screen to set up a Pre Shared Key Figure 30 Manually assign a WPA key The following table describes the labels in this screen 3 3 2 Manually assign a WEP key Choose Manually assign a WEP k...

Page 64: ...assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission Enter any 5 13 or 29 ASCII...

Page 65: ...igure 33 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed...

Page 66: ...Chapter 3 Wizard Setup for Internet Access P 660HW Dx User s Guide 66...

Page 67: ...Wide Web WWW is an Internet system to distribute graphical hyper linked information based on Hyper Text Transfer Protocol HTTP a client server protocol for the World Wide Web The Web is not synonymous...

Page 68: ...t number 1720 VoIP SIP Sending voice signals over the Internet is called Voice over IP or VoIP Session Initiated Protocol SIP is an internationally recognized standard for implementing VoIP SIP is an...

Page 69: ...equirements Figure 36 Bandwidth Management Wizard General Information The following fields describe the label in this screen Table 18 Bandwidth Management Wizard General Information LABEL DESCRIPTION...

Page 70: ...the services names Priority Select High Mid or Low priority for each service to have your ZyXEL Device use a priority for traffic that matches that service A service with High priority is given as muc...

Page 71: ...Finish to complete the wizard setup and save your configuration Figure 38 Bandwidth Management Wizard Complete Apply Click Apply to save your changes to the ZyXEL Device Exit Click Exit to close the...

Page 72: ...Chapter 4 Bandwidth Management Wizard P 660HW Dx User s Guide 72...

Page 73: ...73 PART III Network WAN Setup 75 LAN Setup 93 Wireless LAN 105 Network Address Translation NAT Screens 129...

Page 74: ...74...

Page 75: ...Point to Point Protocol over Ethernet provides access control and billing functionality in a manner similar to dial up services using PPP PPPoE is an IETF standard RFC 2516 specifying how a personal c...

Page 76: ...minant in environments where dynamic creation of large numbers of ATM VCs is fast and economical 5 1 2 2 LLC based Multiplexing In this case one VC carries multiple protocols with protocol identifying...

Page 77: ...your choices for IP address and ENET ENCAP gateway 5 1 5 1 IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP then the IP Address and ENET ENCAP Gateway fields are not applicable...

Page 78: ...Section 5 8 on page 89 For example if the normal route has a metric of 1 and the traffic redirect route has a metric of 2 and dial backup route has a metric of 3 then the normal route acts as the prim...

Page 79: ...onstant Bit Rate CBR provides fixed bandwidth that is always available even if no data is being sent CBR traffic is generally time sensitive doesn t tolerate delay CBR is used for connections that con...

Page 80: ...sfer 5 4 Zero Configuration Internet Access Once you turn on and connect the ZyXEL Device to a telephone jack it automatically detects the Internet connection settings such as the VCI VPI numbers and...

Page 81: ...ode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET ENCAP or PPPoE User Name PPPoA and PPPoE encapsulati...

Page 82: ...s to use enter it here Subnet Mask ENET ENCAP encapsulation only Enter a subnet mask in dotted decimal notation Refer to the appendices to calculate a subnet mask If you are implementing subnetting Ga...

Page 83: ...Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are non time sensitive such as e mail Select VBR nRT Variable Bit Rate non Rea...

Page 84: ...hod from the ISP and make the necessary configuration changes Select No to disable this feature You must manually configure the ZyXEL Device for Internet access PPPoE Passthrough This feature is avail...

Page 85: ...ect the check box to enable it Name This is the descriptive name for this connection VPI VCI This is the VPI and VCI values used for this connection Encapsulation This is the method of encapsulation u...

Page 86: ...count If you select Bridge the ZyXEL Device will forward any packet that it does not route to this remote node otherwise the packets are discarded Encapsulation Select the method of encapsulation used...

Page 87: ...se enter it here Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendices to calculate a subnet mask If you are implementing subnetting Gateway IP address Specify a gateway I...

Page 88: ...t CBR Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are non time sensitive such as e mail Select VBR nRT Vari...

Page 89: ...is connected to the LAN Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network Put the protected LAN in one subnet Subne...

Page 90: ...ivate either traffic redirect or dial backup you must configure at least one IP address here When using a WAN backup connection the ZyXEL Device periodically pings the addresses configured here and us...

Page 91: ...If you activate traffic redirect you must configure at least one Check WAN IP Address Metric This field sets this route s priority among the routes the ZyXEL Device uses The metric represents the cost...

Page 92: ...Chapter 5 WAN Setup P 660HW Dx User s Guide 92...

Page 93: ...a usually the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses See Section 6 4 on page 98 to configure the LAN screens 6 1 1 LANs W...

Page 94: ...machines along with the assigned IP address and subnet mask There are two ways that an ISP disseminates the DNS server addresses The ISP tells you the DNS server addresses usually in the form of an in...

Page 95: ...remember for instance 192 168 1 1 for your ZyXEL Device but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP addre...

Page 96: ...or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 IGMP Internet Group Multicast Protocol is a network layer...

Page 97: ...r to the ZyXEL Device and access the Internet The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment In a residential house whe...

Page 98: ...ZyXEL Device receives packets from the computer it creates an entry in the IP routing table so it can properly forward packets intended for the computer After all the routing information is updated th...

Page 99: ...dresses of the computer and the ZyXEL Device are not in the same subnet When you disable the Any IP feature only computers with dynamic IP addresses or static IP addresses in the same subnet as the Zy...

Page 100: ...and DNS servers to Windows 95 Windows NT and other systems that support the DHCP client If set to None the DHCP server will be disabled If set to Relay the ZyXEL Device acts as a surrogate DHCP server...

Page 101: ...rver This field is not available when you set DHCP to Relay Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask If th...

Page 102: ...Name This field displays the computer host name IP Address This field displays the IP address relative to the field listed above MAC Address The MAC Media Access Control or Ethernet address on a LAN L...

Page 103: ...Select the RIP direction from None Both In Only Out Only When set to Both or Out Only the ZyXEL Device will broadcast its routing table periodically When set to Both or In Only it will incorporate th...

Page 104: ...pter 6 LAN Setup P 660HW Dx User s Guide 104 Apply Click Apply to save your changes to the ZyXEL Device Cancel Click Cancel to begin configuring this screen afresh Table 30 LAN IP Alias LABEL DESCRIPT...

Page 105: ...ss network devices A and B are called wireless clients The wireless clients use the access point AP to interact with other devices such as the printer or with the Internet Your ZyXEL Device is the AP...

Page 106: ...ther documentation You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to use the wireless network If a wireless client is allowed to use the wireless n...

Page 107: ...if the wireless network has a RADIUS server you can choose WPA or WPA2 If users do not log in to the wireless network you can choose no encryption Static WEP WPA PSK or WPA2 PSK Usually you should set...

Page 108: ...yXEL s OTIST you set up the SSID and WPA PSK on the ZyXEL Device Then the ZyXEL Device transfers them to the devices in the wireless networks As a result you do not have to set up the SSID and encrypt...

Page 109: ...AP must have the same SSID Enter a descriptive name up to 32 printable 7 bit ASCII characters for the wireless LAN Note If you are configuring the ZyXEL Device from a computer connected to the wireles...

Page 110: ...Device allows you to configure up to four 64 bit 128 bit or 256 bit WEP keys but only one key can be enabled at any one time In order to configure and enable WEP encryption click Network Wireless LAN...

Page 111: ...a Passphrase up to 32 printable characters and clicking Generate The ZyXEL Device automatically generates a WEP key WEP Key The WEP keys are used to encrypt data Both the ZyXEL Device and the wireles...

Page 112: ...EL Device is using WPA2 PSK or WPA2 Pre Shared Key The encryption mechanisms used for WPA WPA2 and WPA PSK WPA2 PSK are the same The only difference between the two is that WPA PSK WPA2 PSK uses a sim...

Page 113: ...nected to the wireless network for example using an authentication server If the wireless network is not keeping track of this information you can usually set this value higher to reduce the number of...

Page 114: ...ReAuthentication Timer In Seconds Specify how often wireless clients have to resend usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds The default ti...

Page 115: ...itional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the ZyXEL Device The key must be the same on...

Page 116: ...elect Short preamble if you are sure the wireless adapters support it and to provide more efficient communications Select Dynamic to have the ZyXEL Device automatically use short preamble when wireles...

Page 117: ...t configure one manually OTIST replaces the pre configured wireless settings on the wireless clients 7 4 1 Enabling OTIST You must enable OTIST on both the AP and wireless client before you start tran...

Page 118: ...s Yes If you want OTIST to automatically generate a WPA PSK you must Change your security to any security other than WPA PSK in the Wireless LAN General screen Select the Yes checkbox in the OTIST sc...

Page 119: ...ireless clients and AP in any order but they must all be within range and have OTIST enabled 1 In the AP a web configurator screen pops up showing you the security settings to transfer You can use the...

Page 120: ...ses its wireless connection for more than ten seconds it will search for an OTIST enabled AP for up to one minute If you manually have the wireless client search for an OTIST enabled AP there is no ti...

Page 121: ...is screen To change your ZyXEL Device s MAC filter settings click Network Wireless LAN MAC Filter The screen appears as shown Figure 70 MAC Address Filter The following table describes the labels in t...

Page 122: ...e MAC addresses of the wireless client that are allowed or denied access to the ZyXEL Device in these address fields Enter the MAC addresses in a valid MAC address format that is six hexadecimal chara...

Page 123: ...further information about port numbers Next to the name of the service two fields appear in brackets The first field indicates the IP protocol type TCP UDP or ICMP The second field indicates the IP p...

Page 124: ...TUNNEL AH 0 The IPSEC AH Authentication Header tunneling protocol uses this service IPSEC_TUNNEL ESP 0 The IPSEC ESP Encapsulation Security Protocol tunneling protocol uses this service IRC TCP UDP 66...

Page 125: ...ransfer Protocol is the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP...

Page 126: ...which you want to apply WMM QoS This is the number of an individual application entry Name This field displays a description given to an application entry Service This field displays either FTP WWW E...

Page 127: ...of messages sent through a computer network to specific groups or individuals Here are some default ports for e mail POP3 port 110 IMAP port 143 SMTP port 25 HTTP port 80 WWW The World Wide Web is an...

Page 128: ...User s Guide 128 Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to return to the previous screen without saving your changes Table 43 Application Priority Configur...

Page 129: ...a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the l...

Page 130: ...venting intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 8 1 3 How NAT Works Each packet has two addresses a s...

Page 131: ...ance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload mode t...

Page 132: ...AT un friendly because they embed IP addresses and port numbers in their packets data payload Some NAT routers may include a SIP Application Layer Gateway ALG An Application Layer Gateway ALG manages...

Page 133: ...sses for your ZyXEL Device Max NAT Firewall Session Per User When computers use peer to peer applications such as file sharing applications they need to establish NAT sessions If you do not limit the...

Page 134: ...ur ISP 8 5 1 Default Server IP Address In addition to the servers for specified services NAT supports a default server IP address A default server receives packets from ports that are not specified in...

Page 135: ...nd the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 76 Multiple Servers Behind NAT Example 8 6 Configuring Port Forwarding The Port Forwarding screen...

Page 136: ...re or in the remote management setup Port Forwarding Service Name Select a service from the drop down list box Server IP Address Enter the IP address of the server for the specified service Add Click...

Page 137: ...BEL DESCRIPTION Active Click this check box to enable the rule Service Name Enter a name to identify this port forwarding rule Start Port Enter a port number in this field To forward only one port ent...

Page 138: ...50 Address Mapping Rules LABEL DESCRIPTION This is the rule index number Local Start IP This is the starting Inside Local IP Address ILA Local IP addresses are N A for Server port mapping Local End I...

Page 139: ...ddress translation ZyXEL s Single User Account feature that previous ZyXEL routers supported only M M Ov Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addres...

Page 140: ...vices behind the NAT to be accessible to the outside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A for Server port mapping Local End IP This is the end loca...

Page 141: ...141 PART IV Security Firewalls 143 Firewall Configuration 155 Content Filtering 177...

Page 142: ...142...

Page 143: ...only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In add...

Page 144: ...ssure the integrity of the connection and to adapt to dynamic protocols These firewalls generally provide the best speed and transparency however they may lack the granular application level access co...

Page 145: ...ic functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic by default uses TCP port...

Page 146: ...eries of IP fragments with overlapping offset fields When these fragments are reassembled at the destination some systems will crash hang or reboot 6 Weaknesses in the TCP IP specification leave it op...

Page 147: ...floods a router with Internet Control Message Protocol ICMP echo request packets pings Since the destination IP address of each packet is the broadcast address of the network the router will broadcas...

Page 148: ...ng a router or firewall into thinking that the communications are coming from within the trusted network To engage in IP spoofing a hacker must modify the packet headers so that it appears that the pa...

Page 149: ...packet leaves the LAN network through the firewall s WAN interface The TCP packet is the first in a session and the packet s application layer protocol is configured for a firewall rule inspection 1 T...

Page 150: ...certain types of traffic from the Internet to specific hosts on the LAN Allow access to a Web server to everyone but competitors Restrict use of certain protocols such as Telnet to authorized users o...

Page 151: ...e Specifically only outgoing echoes will allow incoming echo replies outgoing address mask requests will allow incoming address mask replies and outgoing timestamp requests will allow incoming timesta...

Page 152: ...ularly vulnerable because they provide more opportunities for hackers to crack your system Turn your computer off when not in use Never give out a password or any sensitive information to an unsolicit...

Page 153: ...lters can not distinguish traffic originating from an inside host or an outside host by IP address To block allow IP trace route 9 7 2 Firewall The firewall inspects packet contents as well as their s...

Page 154: ...sh traffic originating from an inside host or an outside host by IP address The firewall performs better than filtering if you need to check many rules Use the firewall if you need routine e mail repo...

Page 155: ...vel of packets to which they apply By default the ZyXEL Device s stateful packet inspection allows packets traveling in the following directions LAN to LAN Router This allows computers on the LAN to m...

Page 156: ...ecedence and override the ZyXEL Device s default rules 10 3 Rule Logic Overview Study these points carefully before configuring rules 10 3 1 Rule Checklist State the intent of the rule For example Thi...

Page 157: ...s an ICMP destination unreachable message to the sender 10 3 3 2 Service Select the service from the Service scrolling list box If the service is not listed it is necessary to first define it See Sect...

Page 158: ...ou will need to create custom rules to allow it 10 4 2 Alerts Alerts are reports on events such as attacks that you may want to know about right away You can choose to generate an alert when a rule is...

Page 159: ...the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply For example LAN...

Page 160: ...figure summarized below take priority over the general firewall action settings in the General screen This is your firewall rule number The ordering of your rules is important as rules are applied in...

Page 161: ...an edit the rule Click the Remove icon to delete an existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent firewall rules move up...

Page 162: ...Chapter 10 Firewall Configuration P 660HW Dx User s Guide 162 Figure 88 Firewall Edit Rule...

Page 163: ...Source or Destination Address box You can add multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Delete...

Page 164: ...mized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one This action displays the following screen Apply Click Apply to save you...

Page 165: ...ces LABEL DESCRIPTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Port Configu...

Page 166: ...becomes rule 8 4 Click Add to display the firewall rule configuration screen 5 In the Edit Rule screen click the Edit Customized Services link to open the Customized Service screen 6 Click an index n...

Page 167: ...mple Edit Rule Destination Address 9 Use the Add and Remove buttons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done Custom services...

Page 168: ...wall Example Edit Rule Select Customized Services On completing the configuration procedure for this Internet firewall rule the Rules screen should look like the following Rule 1 allows a MyService co...

Page 169: ...m service ports may also be configured using the Edit Customized Services function discussed previously Table 61 Predefined Services SERVICE DESCRIPTION AIM NEW_ICQ TCP 5190 AOL s Internet Messenger s...

Page 170: ...from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_...

Page 171: ...tion user Refer to Section 9 1 on page 143 for more information Click Security Firewall Anti Probing to display the screen as shown Figure 96 Firewall Anti Probing SSH TCP UDP 22 Secure Shell Remote L...

Page 172: ...rules Table 62 Firewall Anti Probing LABEL DESCRIPTION Respond to PING on The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected Select LAN to reply to incoming LAN...

Page 173: ...he ZyXEL Device continues to delete half open sessions as necessary until the rate of new connection attempts drops below another threshold one minute low The rate is the number of new attempts detect...

Page 174: ...eting half open sessions When the rate of new connection attempts rises above this number the ZyXEL Device deletes half open sessions as required to accommodate new connection attempts 100 half open s...

Page 175: ...sessions with the same destination host IP address that causes the firewall to start dropping half open sessions to that same destination host IP address Enter a number between 1 and 256 As a general...

Page 176: ...Chapter 10 Firewall Configuration P 660HW Dx User s Guide 176...

Page 177: ...e performs content filtering You can also specify trusted IP addresses on the LAN for which the ZyXEL Device will not perform content filtering 11 2 Configuring Keyword Blocking Use this screen to blo...

Page 178: ...st of all the keywords that you have configured the ZyXEL Device to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the keywords fr...

Page 179: ...o Block Select this option to filter websites according to the day s and time s configured Active Select the check box to have the content filtering active on the selected day Start TIme Enter the sta...

Page 180: ...Chapter 11 Content Filtering P 660HW Dx User s Guide 180...

Page 181: ...181 PART V Advanced Static Route 183 Bandwidth Management 187 Dynamic DNS Setup 199 Remote Management Configuration 203 Universal Plug and Play UPnP 213...

Page 182: ...182...

Page 183: ...nce the ZyXEL Device knows about network N2 in the following figure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t know that there i...

Page 184: ...heck box Name This is the name that describes or identifies this route Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Ga...

Page 185: ...n Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to...

Page 186: ...Chapter 12 Static Route P 660HW Dx User s Guide 186...

Page 187: ...raffic that comes into an interface Bandwidth management applies to all traffic flowing out of the router regardless of the traffic s source Traffic redirect or IP alias may cause LAN to LAN traffic t...

Page 188: ...e ZyXEL Device has two types of scheduler fairness based and priority based 13 5 1 Priority based Scheduler With the priority based scheduler the ZyXEL Device forwards traffic from bandwidth classes a...

Page 189: ...e available bandwidth first as much as they require if there is enough available bandwidth and then to lower priority classes if there is still bandwidth available The ZyXEL Device distributes the ava...

Page 190: ...and marketing departments 1536 kbps extra to each for a total of 3584 kbps for each because they both have the highest priority level Research requires more bandwidth but only gets its budgeted 2048 k...

Page 191: ...only browse the web when VoIP NetMeeting and FTP do not use all 1000 Kbps of available bandwidth 13 8 Configuring Summary Click Advanced Bandwidth MGMT to open the screen as shown next Enable bandwidt...

Page 192: ...smission speed For example set the WAN interface speed to 1000 kbps if your Internet connection has an upstream transmission speed of 1 Mbps You can set this number higher than the interface s actual...

Page 193: ...the following table This is the number of an individual bandwidth management rule Active This displays whether the rule is enabled Select this check box to have the ZyXEL Device apply this bandwidth...

Page 194: ...hat non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping Figure 107 DiffServ Differentiated Service Field The DSCP value determines the forwarding behavior the PHB...

Page 195: ...ted name or enter a descriptive name of up to 20 alphanumeric characters including spaces BW Budget Specify the maximum bandwidth allowed for the rule in kbps The recommendation is a setting between 2...

Page 196: ...to use a predefined application for the bandwidth class When you select User defined you need to configure at least one of the following fields other than the Subnet Mask fields which you only enter...

Page 197: ...idth in use The screen refreshes every few seconds Apply Click Apply to save your changes to the ZyXEL Device Cancel Click Cancel to begin configuring this screen afresh Table 79 Services and Port Num...

Page 198: ...agement Monitor Table 80 Bandwidth Management Monitor LABEL DESCRIPTION Monitor This section allows you to select which network to monitor You may select either a LAN WLAN or WAN After selecting a net...

Page 199: ...w your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a...

Page 200: ...ype the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type the pa...

Page 201: ...address of the NAT router that has a public IP address Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS serv...

Page 202: ...Chapter 14 Dynamic DNS Setup P 660HW Dx User s Guide 202...

Page 203: ...from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable When you choose WAN only or LAN WAN you still need to configure a firewall rule to allow access See Appendix E on...

Page 204: ...e is a firewall rule that blocks it A filter is applied through the commands to block a Telnet FTP or Web service 15 1 2 Remote Management and NAT When NAT is enabled Use the ZyXEL Device s WAN IP add...

Page 205: ...y change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Access Status Select the interface s through which...

Page 206: ...screen displays Enter the password at the prompts The default password is 1234 The password is case sensitive Table 83 Remote Management Telnet LABEL DESCRIPTION Port You may change the server port nu...

Page 207: ...n to manage and monitor the ZyXEL Device through the network The ZyXEL Device supports SNMP version one SNMPv1 and version two SNMPv2 The next figure illustrates an SNMP management operation Table 84...

Page 208: ...ollected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manager...

Page 209: ...SNMP The screen appears as shown Figure 116 Remote Management SNMP Table 85 SNMP Traps TRAP TRAP NAME DESCRIPTION 0 coldStart defined in RFC 1215 A trap is sent after booting power on 1 warmStart defi...

Page 210: ...using this service Secured Client IP A secured client is a trusted computer that is allowed to communicate with the ZyXEL Device using this service Select All to allow any computer to access the ZyXEL...

Page 211: ...onse packet from being sent This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed Table 87 Remote Management DNS LABEL DESCRIPTION Port The DNS service port number...

Page 212: ...es Select this option to prevent hackers from finding the ZyXEL Device by probing for unused ports If you select this option the ZyXEL Device will not respond to port request s for unused ports thus l...

Page 213: ...ork will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 16 1 2 NAT Traversal UPnP NAT traversal automates the proc...

Page 214: ...nP to display the screen shown next See Section 16 1 on page 213 for more information Figure 119 Configuring UPnP The following table describes the fields in this screen Table 89 Configuring UPnP LABE...

Page 215: ...Components selection box Click Details Figure 120 Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selectio...

Page 216: ...mpted 16 3 2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click start and Control Panel 2 Double click Network Connections 3 In the Network Connections wind...

Page 217: ...lect the Universal Plug and Play check box Figure 124 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next 16 4 Using UPnP in Windows XP...

Page 218: ...ZyXEL Device 16 4 1 Auto discover Your UPnP enabled Network Device 1 Click start and Control Panel Double click Network Connections An icon displays under Internet Gateway 2 Right click the icon and s...

Page 219: ...d Play UPnP P 660HW Dx User s Guide 219 Figure 126 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings Figure 127 Internet Connection P...

Page 220: ...d When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 5 Select Show icon in notification area when connected option and click OK An icon dis...

Page 221: ...access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP address of the ZyXEL Device Follow the s...

Page 222: ...Dx User s Guide 222 Figure 131 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select I...

Page 223: ...23 Figure 132 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Fig...

Page 224: ...Chapter 16 Universal Plug and Play UPnP P 660HW Dx User s Guide 224...

Page 225: ...225 PART VI Maintenance and Troubleshooting System 227 Logs 233 Tools 251 Diagnostic 257 Troubleshooting 259...

Page 226: ...226...

Page 227: ...dows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as...

Page 228: ...how many minutes a management session can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts may...

Page 229: ...the existing password you use to access the system for configuring advanced features New Password Type your new system password up to 30 characters Note that as you type a password the screen display...

Page 230: ...ime and Date Setup to Manual enter the new date in this field and then click Apply Get from Time Server Select this radio button to have the ZyXEL Device get the time and date from the time server you...

Page 231: ...zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format Here are...

Page 232: ...Chapter 17 System P 660HW Dx User s Guide 232...

Page 233: ...warrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You ma...

Page 234: ...2 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop down list box Select a category of logs to view select All Logs to view logs from all...

Page 235: ...ject line of the log e mail message that the ZyXEL Device sends Not all ZyXEL models have this field Send Log To The ZyXEL Device sends logs to the e mail address specified in this field If this field...

Page 236: ...ct which day of the week to send the logs Time for Sending Log Enter the time of the day in 24 hour format for example 23 00 equals 11 00 pm to send the logs Clear log after sending mail Select the ch...

Page 237: ...rc port 00520 dest port 00520 1 02 End of Firewall Log Table 94 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information fro...

Page 238: ...using HTTPS protocol HTTPS login failed Someone has failed to log on to the router s web configurator interface using HTTPS protocol Table 95 System Error Logs LOG MESSAGE DESCRIPTION s exceeds the m...

Page 239: ...session time out sent TCP RST The router sent a TCP reset packet when a dynamic firewall session timed out The default timeout values are as follows ICMP idle timeout 3 minutes UDP idle timeout 3 min...

Page 240: ...annel d call d s C01 Outgoing Call dev x ch x s The router received the setup requirements for a call call is the reference count number of the call dev is the device type 3 is for dial up 6 is for PP...

Page 241: ...sponded that the web site is in the blocked category list and returned the category type s cache hit The system detected that the web site is in the blocked list from the local cache but does not know...

Page 242: ...ewall detected an UDP teardrop attack teardrop ICMP type d code d The firewall detected an ICMP teardrop attack For type and code details see Table 110 on page 248 illegal command TCP The firewall det...

Page 243: ...A process done The phase 1 IKE SA process has been completed Duplicate requests with the same cookie The router received multiple requests from the same peer while still processing the first IKE packe...

Page 244: ...ID contents do not match Configured Peer ID Content Configured Peer ID Content The phase 1 ID contents do not match and the configured Peer ID Content is displayed Incoming ID Content Incoming Peer ID...

Page 245: ...1 hash mismatch The listed rule s IKE phase 1 hash did not match between the router and the peer Rule d Phase 1 preshared key mismatch The listed rule s IKE phase 1 pre shared key did not match betwee...

Page 246: ...me as recorded from the LDAP server whose IP address and port are recorded in the Source field Rcvd ARL size issuer name The router received an ARL Authority Revocation List with size and issuer name...

Page 247: ...cific information missing 14 Not used 15 CRL is too old 16 CRL is not valid 17 CRL signature was not verified correctly 18 CRL was not found anywhere 19 CRL was not added to the cache 20 CRL decoding...

Page 248: ...d to queue the datagrams for output to the next network on the route to the destination network 5 Redirect 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams f...

Page 249: ...ured one when the router generates a syslog The facility is defined in the web MAIN MENU LOGS Log Settings page The severity is the log s syslog class The definition of messages and notes are defined...

Page 250: ...Chapter 18 Logs P 660HW Dx User s Guide 250...

Page 251: ...After a successful upload the system will reboot Only use firmware for your device s specific model Refer to the label on the bottom of your device Click Maintenance Tools to open the Firmware screen...

Page 252: ...tems you may see the following icon on your desktop Figure 141 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload wa...

Page 253: ...Backup Configuration Backup configuration allows you to back up save the ZyXEL Device s current configuration to a file on your computer Once your ZyXEL Device is configured and functioning properly i...

Page 254: ...llowing icon on your desktop Figure 145 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that...

Page 255: ...You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device Refer to the chapter about introducing the web configurator for more information on the RESET...

Page 256: ...Chapter 19 Tools P 660HW Dx User s Guide 256...

Page 257: ...e screen shown next Figure 148 Diagnostic General The following table describes the fields in this screen 20 2 DSL Line Diagnostic Click Maintenance Diagnostic DSL Line to open the screen shown next T...

Page 258: ...e sends an OAM F5 packet to the DSLAM ATM switch and then returns it loops it back to the ZyXEL Device The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network DSL L...

Page 259: ...the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure the power source...

Page 260: ...en in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 6 3 1 on page 95 use the new IP address If you c...

Page 261: ...entered the user name and password correctly The default password is 1234 This field is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is us...

Page 262: ...behaving as expected See the Quick Start Guide and Section 1 4 on page 35 2 Reboot the ZyXEL Device 3 Turn the ZyXEL Device off and on 4 If the problem continues contact your ISP V The Internet connec...

Page 263: ...ur Computer s IP Address 285 IP Addresses and Subnetting 301 Firewall Commands 309 Internal SPTGEN 315 Command Interpreter 331 Pop up Windows JavaScripts and Java Permissions 333 NetBIOS Filter Comman...

Page 264: ...264...

Page 265: ...nters of the holes for wall mounting on the device s back 108 mm Screw size for wall mounting M4 Tap Screw Antenna The ZyXEL Device is equipped with one 3dBi fixed antenna Table 118 Firmware Specifica...

Page 266: ...ging and Tracing Use packet tracing and logs for troubleshooting You can send logs from the ZyXEL Device to an external syslog server PPPoE PPPoE mimics a dial up Internet access connection PPTP Encap...

Page 267: ...ully compatible with both IEEE 802 11b and IEEE 802 11g standards and can support both kinds of clients on the same network WEP Encryption WEP Wired Equivalent Privacy allows the encryption of data be...

Page 268: ...and Super G modes IEEE 802 11d Standard for Local and Metropolitan Area Networks Media Access Control MAC Bridges IEEE 802 11x Port Based Network Access Control IEEE 802 11e QoS IEEE 802 11 e Wireless...

Page 269: ...pes or cables located inside the wall when drilling holes for the screws 4 Do not insert the screws all the way into the wall Leave a small gap of about 0 5 cm between the heads of the screws and the...

Page 270: ...Appendix A Product Specifications and Wall Mounting P 660HW Dx User s Guide 270 Figure 151 Masonry Plug and M4 Tap Screw...

Page 271: ...endent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 152 Peer to Peer Communication in an Ad hoc Net...

Page 272: ...red connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired networ...

Page 273: ...ially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 chan...

Page 274: ...equested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if th...

Page 275: ...t it and to provide more efficient communications Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it otherwise the ZyXEL Device uses long p...

Page 276: ...antages of IEEE 802 1x are User based identification that allows for roaming Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting man...

Page 277: ...t and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped a...

Page 278: ...ireless clients for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The exchang...

Page 279: ...defines stronger encryption authentication and key management than WPA Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication If both an AP and the wireless c...

Page 280: ...with and the packet is dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC with TKIP and AES it is more difficult to decrypt dat...

Page 281: ...lient s authentication request to the RADIUS server 2 The RADIUS server then checks the user s identification against its database and grants or denies network access accordingly 3 A 256 bit Pairwise...

Page 282: ...to this table to see what other security parameters you should configure for each authentication method or key management protocol type MAC address filters are not dependent on how you configure these...

Page 283: ...oor site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the network environment Antenna gain is sometimes specified in dBi which is how m...

Page 284: ...in a direct line of sight to each other to attain the best performance For omni directional antennas mounted on a table desk and so on point the antenna up For omni directional antennas mounted on a...

Page 285: ...third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are...

Page 286: ...en click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click Add 2 Select Protocol and then click Add 3 Select Microsoft...

Page 287: ...elect Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 159 Windows 95 98 Me T...

Page 288: ...the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL Device and restart your computer when prompted Verifying Settings 1 Click Sta...

Page 289: ...Dx User s Guide 289 Figure 161 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 162 Windows XP Control Panel 3 Ri...

Page 290: ...in Win XP and then click Properties Figure 164 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic I...

Page 291: ...d In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gat...

Page 292: ...e General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server...

Page 293: ...Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and...

Page 294: ...cintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 169 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server from the Configure list 4...

Page 295: ...figuration 7 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu an...

Page 296: ...in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Click Apply Now and close the window 6 Turn on your ZyXEL Device and restart your computer if prompted Veri...

Page 297: ...w to configure your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left corner select System Setting and click Network Figure 172 Red Hat 9 0 KDE Network Configurat...

Page 298: ...0 KDE Network Configuration DNS 5 Click the Devices tab 6 Click the Activate button to apply the changes The following screen displays Click Yes to save the changes in all screens Figure 175 Red Hat 9...

Page 299: ...he etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 178 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration fi...

Page 300: ...root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717...

Page 301: ...hare a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host...

Page 302: ...part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist...

Page 303: ...by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a follow...

Page 304: ...ows the company network before subnetting Figure 182 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The su...

Page 305: ...1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to b...

Page 306: ...net 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Ad...

Page 307: ...BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 3...

Page 308: ...entered You don t need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If...

Page 309: ...of all the firewall settings including e mail attack and the sets rules config display firewall set set This command shows the current configuration of a set including timeout values name default perm...

Page 310: ...mail hour 0 23 This command sets the hour when the firewall log is sent through e mail if the ZyXEL Device is set to send it on an hourly daily or weekly basis config edit firewall e mail minute 0 59...

Page 311: ...the same destination where the ZyXEL Device starts dropping half open sessions to that destination Sets config edit firewall set set name desired name This command sets a name to identify a specified...

Page 312: ...P Config edit firewall set set rule rule log none match not match both This command sets the ZyXEL Device to log traffic that matches the rule doesn t match both or neither Config edit firewall set se...

Page 313: ...nd to enter various non consecutive port numbers config edit firewall set set rule rule TCP destport range start port end port This command sets a rule to have the ZyXEL Device check for TCP traffic w...

Page 314: ...l Commands P 660HW Dx User s Guide 314 config delete firewall set set rule rule This command removes the specified rule in a firewall configuration set Table 136 Firewall Commands continued FUNCTION C...

Page 315: ...ou can use FTP to get the Internal SPTGEN file Then edit the file in a text editor and use FTP to upload it again to the same device or another one See the following sections for details The Configura...

Page 316: ...ou enter a value other than 0 or 1 in the Input column of Field Identification Number 1000000 refer to Figure 184 on page 315 Figure 185 Invalid Parameter Entered Command Line Example The ZyXEL Device...

Page 317: ...computer to the ZyXEL Device using the put command computer to the ZyXEL Device 4 Exit this FTP application Figure 188 Internal SPTGEN FTP Upload Example c ftp 192 168 1 1 220 PPP FTP version 1 0 rea...

Page 318: ...Route IP 0 No 1 Yes 1 10000006 Bridge 0 No 1 Yes 0 Table 139 Menu 3 Menu 3 1 General Ethernet Setup FIN FN PVA INPUT 30100001 Input Protocol filters Set 1 2 30100002 Input Protocol filters Set 2 256 3...

Page 319: ...None 1 Both 2 In Only 3 Out Only 0 30200011 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30200012 Multicast 0 IGMP v2 1 IGMP v1 2 None 2 30200013 IP Policies Set 1 1 12 256 30200014 IP Policies Set 2 1 12 256...

Page 320: ...017 RIP Direction 0 None 1 Both 2 In Only 3 Out Only 0 30201018 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30201019 IP Alias 2 Incoming protocol filters Set 1 256 30201020 IP Alias 2 Incoming protocol filter...

Page 321: ...IP address 0 0 0 0 40000015 Remote IP subnet mask 0 40000016 ISP incoming protocol filter set 1 6 40000017 ISP incoming protocol filter set 2 256 40000018 ISP incoming protocol filter set 3 256 40000...

Page 322: ...Route set 1 Gateway 0 0 0 0 120101006 IP Static Route set 1 Metric 0 120101007 IP Static Route set 1 Private 0 No 1 Yes 0 Menu 12 1 2 IP Static Route Setup FIN FN PVA INPUT 120108001 IP Static Route s...

Page 323: ...All 6 TCP 17 U DP 0 150000019 SUA Server 5 Port Start 0 150000020 SUA Server 5 Port End 0 150000021 SUA Server 5 Local IP address 0 0 0 0 150000022 SUA Server 6 Active 0 No 1 Yes 0 0 150000023 SUA Se...

Page 324: ...0 150000052 SUA Server 12 Active 0 No 1 Yes 0 150000053 SUA Server 12 Protocol 0 All 6 TCP 17 U DP 0 150000054 SUA Server 12 Port Start 0 150000055 SUA Server 12 Port End 0 150000056 SUA Server 12 Loc...

Page 325: ...Rule 2 Dest IP address 0 0 0 0 210102005 IP Filter Set 1 Rule 2 Dest Subnet Mask 0 210102006 IP Filter Set 1 Rule 2 Dest Port 138 210102007 IP Filter Set 1 Rule 2 Dest Port Comp 0 none 1 equal 2 not e...

Page 326: ...1 Src Port 0 210201011 IP Filter Set 2 Rule 1 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 g reater 0 210201013 IP Filter Set 2 Rule 1 Act Match 1 check next 2 forward 3 drop 3 210201014 IP Filte...

Page 327: ...234 Menu 23 2 System security radius server FIN FN PVA INPUT 230200001 Authentication Server Configured 0 No 1 Yes 1 230200002 Authentication Server Active 0 No 1 Yes 1 230200003 Authentication Server...

Page 328: ...Privacy for Broadcast Multicast packets 0 TKIP 1 WEP 0 230400010 WPA Broadcast Multicast Key Update Timer 0 Table 145 Menu 23 System Menus continued Table 146 Menu 24 11 Remote Management Control Menu...

Page 329: ...ed with the ZyXEL Device s command interpreter commands Table 147 Command Examples FIN FN PVA INPUT ci command for annex a wan adsl opencmd FIN FN PVA INPUT 990000001 ADSL OPMD 0 glite 1 t1 413 2 gdmt...

Page 330: ...Appendix F Internal SPTGEN P 660HW Dx User s Guide 330...

Page 331: ...he same subnet In Windows click Start usually in the bottom left corner Run and then type telnet 192 168 1 1 the default ZyXEL Device IP address and click OK 3 A login screen displays Enter the defaul...

Page 332: ...Appendix G Command Interpreter P 660HW Dx User s Guide 332...

Page 333: ...net Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking...

Page 334: ...web pop up blockers you may have enabled Figure 190 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up wi...

Page 335: ...de 335 Figure 191 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to mov...

Page 336: ...lay properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 193 Internet Options Security 2 Click the Cust...

Page 337: ...ings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissi...

Page 338: ...Permissions P 660HW Dx User s Guide 338 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Cl...

Page 339: ...configure NetBIOS filters to do the following Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN Allow or disallow the sending of NetBIOS packets thro...

Page 340: ...initiating calls Disabled type Identify which NetBIOS filter numbered 0 3 to configure 0 Between LAN and WAN 3 IPSec packet pass through 4 Trigger Dial on off For type 0 and 1 use on to enable the fil...

Page 341: ...r at the point where the telephone line enters your residence as shown in the following figure Figure 197 Connecting a POTS Splitter 1 Connect the side labeled Phone to your telephone 2 Connect the si...

Page 342: ...microfilter Figure 198 Connecting a Microfilter You can also use a Y Connector with a microfilter in order to connect both your modem and a telephone to the same wall jack without using a POTS splitt...

Page 343: ...r s Guide 343 ZyXEL Device With ISDN This section relates to people who use their ZyXEL Device with ADSL over ISDN digital telephone service only The following is an example installation for the ZyXEL...

Page 344: ...Appendix J Splitters and Microfilters P 660HW Dx User s Guide 344...

Page 345: ...thernet devices Some companies have more than one route to one or more ISPs If the alternate gateway is on the LAN and it s IP address is in the same subnet the triangle route problem may occur The st...

Page 346: ...l LAN interfaces with the ZyXEL Device being the gateway for each logical network By putting your LAN and Gateway B in different subnets all returning network traffic must pass through the ZyXEL Devic...

Page 347: ...ce Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and ma...

Page 348: ...njunction with any other antenna or transmitter IEEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To comply with FCC RF exposure compliance re...

Page 349: ...conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied...

Page 350: ...Appendix L Legal Information P 660HW Dx User s Guide 350...

Page 351: ...mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com www europe zyxel com FTP ftp zyxel com ftp europe zyxel com Regular Mail ZyXEL C...

Page 352: ...48 Web www zyxel fi Regular Mail ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web www zyxel fr Regular Mail...

Page 353: ...agawa ku Tokyo 141 0022 Japan Kazakhstan Support http zyxel kz support Sales E mail sales zyxel kz Telephone 7 3272 590 698 Fax 7 3272 590 689 Web www zyxel kz Regular Mail ZyXEL Kazakhstan 43 Dostyk...

Page 354: ...krzei 1A 03 715 Warszawa Poland Russia Support http zyxel ru support Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovityanova...

Page 355: ...l ZyXEL Thailand Co Ltd 1 1 Moo 2 Ratchaphruk Road Bangrak Noi Muang Nonthaburi 11000 Thailand Ukraine Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fa...

Page 356: ...Appendix M Customer Support P 660HW Dx User s Guide 356...

Page 357: ...acks 233 auxiliary gateway 267 B backup 253 backup gateway 267 backup settings 253 backup type 90 bandwidth 67 budget 193 bandwidth management 67 187 bandwidth manager class configuration 192 monitor...

Page 358: ...SLAM 33 dynamic DNS 199 dynamic WEP key exchange 279 DYNDNS wildcard 199 E EAP Authentication 277 ECHO 134 E Mail 127 e mail 67 log example 236 Encapsulated Routing Link Protocol see ENET ENCAP encaps...

Page 359: ...le 317 points to remember 316 text file 315 Internet access 34 53 wizard setup 53 Internet Assigned Numbers Authority See IANA 308 see IANA 95 Internet Control Message Protocol see ICMP Internet Group...

Page 360: ...ic Input Output System see NetBIOS network disconnect icon 252 254 network management 134 NNTP 134 O one minute high 173 one minute low 173 P packet filtering 153 when to use 153 packet filtering fire...

Page 361: ...9 Service Set IDentity See SSID service type 165 services 134 settings backup 253 defaults 253 restore 254 setup general 227 Single User Account see SUA SIP ALG 132 SIP application layer gateway 132 S...

Page 362: ...ed multiplexing 76 VCI 77 Virtual Channel Identifier see VCI virtual circuit see VC Virtual Path Identifier see VPI Voice over IP see VoIP VoIP 68 VPI 77 W wall mounting 265 WAN 75 backup 89 WAN setup...

Page 363: ...2 PSK 280 wireless client supplicant 281 with RADIUS application example 281 WPA2 Pre Shared Key 279 WPA2 PSK 279 280 application example 281 WPA PSK 279 280 application example 281 WWW 127 Z zero con...

Page 364: ...Index P 660HW Dx User s Guide 364...

Reviews:

No comments

Related manuals for P-660HW-DX

Patton SmartNode 10100 Series Quick Start Manual preview
SmartNode 10100 Series
Brand: Patton Pages: 12
Patton FiberPlex FPX6000 Series Quick Start Manual preview
FiberPlex FPX6000 Series
Brand: Patton Pages: 20
Patton SmartNode 4970 Series User Manual preview
SmartNode 4970 Series
Brand: Patton Pages: 57
Ursalink UG87-In Quick Start Manual preview
UG87-In
Brand: Ursalink Pages: 23
TANDBERG Codian GW 3201 Series Getting Started preview
Codian GW 3201 Series
Brand: TANDBERG Pages: 18
NetLink 700-883-PRO42 User Manual preview
700-883-PRO42
Brand: NetLink Pages: 68
HMS Anybus-S Interbus Manual preview
Anybus-S Interbus
Brand: HMS Pages: 26
Datapulse Intuition 1000 Operator Training Manual preview
Intuition 1000
Brand: Datapulse Pages: 26
Samsara CBL-AG-BPWR Install Manual preview
CBL-AG-BPWR
Brand: Samsara Pages: 15
Banner SureCross Performance FlexPower DX80G9M2S-P7 Manual preview
SureCross Performance FlexPower DX80G9M2S-P7
Brand: Banner Pages: 10
YZ Systems YZ Connect User Manual preview
YZ Connect
Brand: YZ Systems Pages: 25
RTA 460ETCUS Product User Manual preview
460ETCUS
Brand: RTA Pages: 80
Ursalink UG65 Quick Start Manual preview
UG65
Brand: Ursalink Pages: 25
D-Link DFL-M510 User Manual preview
DFL-M510
Brand: D-Link Pages: 153
D-Link DCH-G020 User Manual preview
DCH-G020
Brand: D-Link Pages: 14
Sony PWS-110MG1 Operation Manual preview
PWS-110MG1
Brand: Sony Pages: 70
Sony PWS-100MG1 Operation Manual preview
PWS-100MG1
Brand: Sony Pages: 76
VADcore GoIP4 User Manual preview
GoIP4
Brand: VADcore Pages: 51

Brands by name

Popular brands

Load more brands