ZyXEL Communications P-660R-F1 series User Manual Download Page 113 | Manualshive

Page: 113 / 268

background image

Chapter 8 Packet Filters

P-660R-F1 Series User’s Guide

113

Packet Filtering

• The router filters packets as they pass through the router’s interface according to the filter rules

you designed.

• Packet filtering is a powerful tool, yet can be complex to configure and maintain, especially if you

need a chain of rules to filter a service.

• Packet filtering only checks the header portion of an IP packet.

When To Use Filtering

1

To block/allow LAN packets by their MAC addresses.

2

To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets.

3

To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the specific
inside host/network "A" and outside host/network "B". If the filter blocks the traffic from A to B, it
also blocks the traffic from B to A. Filters cannot distinguish traffic originating from an inside host or
an outside host by IP address.

4

To block/allow IP trace route.

Firewall

• The firewall inspects packet contents as well as their source and destination addresses. Firewalls

of this type employ an inspection module, applicable to all protocols, that understands data in the
packet is intended for other layers, from the network layer (IP headers) up to the application
layer.

• The firewall performs stateful inspection. It takes into account the state of connections it handles

so that, for example, a legitimate incoming packet can be matched with the outbound request for
that packet and allowed in. Conversely, an incoming packet masquerading as a response to a
non-existent outbound request can be blocked.

• The firewall uses session filtering, i.e., smart rules, that enhance the filtering process and control

the network session rather than control individual packets in a session.

• The firewall provides e-mail service to notify you of routine reports and when alerts occur.

When To Use The Firewall

1

To prevent DoS attacks and prevent hackers cracking your network.

2

A range of source and destination IP addresses as well as port numbers can be specified within one
firewall rule making the firewall a better choice when complex rules are required.

3

To selectively block/allow inbound or outbound traffic between inside host/networks and outside
host/networks. Remember that filters cannot distinguish traffic originating from an inside host or an
outside host by IP address.

4

The firewall performs better than filtering if you need to check many rules.

5

Use the firewall if you need routine e-mail reports about your system or need to be alerted when
attacks occur.

«
...
111
112
113
114
115
...
»

Summary of Contents for P-660R-F1 series

Page 1: ...el com www zyxel com P 660R F1 Series ADSL2 Router Copyright 2011 ZyXEL Communications Corporation Version 3 70 Edition 1 05 2011 Default Login Details IP Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ......

Page 3: ... to configure the ZyXEL Device Supporting Disc Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications User Guide Feedback Help us help you Send all User Guide related comments questions or suggestions for improvement to the following address or use e mail instead Thank you The Technical Writing Tea...

Page 4: ...n key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log Log Setting means you first click Maintenance in the navigation panel then the Log sub menu and finally the Log Setting tab to get to th...

Page 5: ...ration All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Tr...

Page 6: ...erference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and the receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is ...

Page 7: ...ling Use ONLY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might ...

Page 8: ...Certifications P 660R F1 Series User s Guide 8 ...

Page 9: ...AN Application 22 1 4 Front Panel Lights 22 1 5 Hardware Connection 23 Chapter 2 Introducing the Web Configurator 24 2 1 Web Configurator Overview 24 2 2 Accessing the Web Configurator 24 2 3 Resetting the ZyXEL Device 26 2 3 1 Using the Reset Button 26 2 4 Navigating the Web Configurator 26 2 4 1 Navigation Panel 26 2 4 2 Status Screen 28 2 4 3 Status Any IP Table 30 2 4 4 Status Packet Statistic...

Page 10: ...anced Internet Connection Setup 52 4 6 Configuring More Connections 54 4 6 1 More Connections Edit 55 4 6 2 Configuring More Connections Advanced Setup 57 4 7 Traffic Redirect 58 4 8 Configuring WAN Backup 60 Chapter 5 LAN Setup 63 5 1 LAN Overview 63 5 1 1 LANs WANs and the ZyXEL Device 63 5 1 2 DHCP Setup 63 5 1 3 DNS Server Address 64 5 1 4 DNS Server Address Assignment 64 5 2 LAN TCP IP 65 5 2...

Page 11: ...You Can Do in the Firewall Screens 85 7 1 2 What You Need to Know About Firewall 85 7 1 3 Firewall Rule Setup Example 86 7 2 The Firewall General Screen 89 7 3 The Firewall Rule Screen 90 7 3 1 Configuring Firewall Rules 93 7 3 2 Customized Services 94 7 3 3 Configuring a Customized Service 95 7 4 The Firewall Threshold Screen 96 7 4 1 Threshold Values 97 7 4 2 Configuring Firewall Thresholds 97 7...

Page 12: ...3 The Trusted CAs Screen 125 9 3 1 Trusted CA Import 127 9 3 2 Trusted CA Details 128 9 4 The Trusted Remote Hosts Screens 130 9 4 1 Trusted Remote Hosts Import 131 9 4 2 Trusted Remote Host Certificate Details 132 9 5 The Directory Servers Screens 135 9 5 1 Directory Server Add and Edit 136 9 6 Certificates Technical Reference 137 9 6 1 Certificates Overview 137 9 6 2 Private Public Certificates ...

Page 13: ...w 163 13 1 1 Remote Management Limitations 163 13 1 2 Remote Management and NAT 163 13 1 3 System Timeout 164 13 2 The WWW Screen 164 13 2 1 WWW and HTTPS 164 13 3 Telnet 167 13 4 Configuring Telnet 167 13 5 Configuring FTP 168 13 6 SNMP 169 13 6 1 Supported MIBs 170 13 6 2 SNMP Traps 170 13 6 3 Configuring SNMP 171 13 7 Configuring DNS 172 13 8 Configuring ICMP 173 Chapter 14 Universal Plug and P...

Page 14: ...t You Need To Know About Logs 191 16 2 The View Log Screen 191 16 3 The Log Settings Screen 193 16 4 SMTP Error Messages 195 16 4 1 Example E mail Log 195 16 5 Log Descriptions 197 Chapter 17 Tools 205 17 1 Firmware Upgrade 205 17 2 Configuration Screen 207 17 2 1 Backup Configuration 207 17 2 2 Restore Configuration 207 17 2 3 Back to Factory Defaults 208 17 3 Restart 209 Chapter 18 Diagnostic 21...

Page 15: ...pecifications 217 Appendix B Wall mounting Instructions 221 Appendix C Setting up Your Computer s IP Address 223 Appendix D IP Addresses and Subnetting 239 Appendix E Splitters and Microfilters 247 Appendix F Pop up Windows JavaScripts and Java Permissions 251 Index 259 ...

Page 16: ...P 660R F1 Series User s Guide 16 ...

Page 17: ...24 Wizard Setup for Internet Access 34 WAN Setup 43 LAN Setup 63 Network Address Translation NAT Screens 75 Firewalls 85 Packet Filters 105 Certificates 115 Static Route 141 Quality Of Service 145 Dynamic DNS Setup 159 Remote Management Configuration 163 Universal Plug and Play UPnP 174 System 185 Logs 191 Tools 205 Diagnostic 210 Troubleshooting 213 ...

Page 18: ...P 660R F1 Series User s Guide 18 ...

Page 19: ...ZyXEL Device product name R denotes an integrated router and F denotes a chip set standard Your ZyXEL Device product name ends with a number Models ending in 1 for example P 660R F1 denote a device that works over the analog telephone system POTS Plain Old Telephone Service Models ending in 3 denote a device that works over ISDN Integrated Services Digital Network Models ending in 7 denote a devic...

Page 20: ...ethod from the ISP and makes the necessary configuration changes In cases where additional account information such as an Internet account user name and password is required or the ZyXEL Device cannot connect to the ISP you will be redirected to web screen s for information input or troubleshooting Any IP The Any IP feature allows a computer to access the Internet and the ZyXEL Device without chan...

Page 21: ...With Dynamic DNS support you can have a static hostname alias for a dynamic IP address allowing the host to be more easily accessible from various locations on the Internet You must register for this service with a Dynamic DNS service provider DHCP DHCP Dynamic Host Configuration Protocol allows the individual clients computers to obtain the TCP IP configuration at start up from a centralized DHCP...

Page 22: ...lexer providers and supports the ADSL standards as shown in Table 1 on page 20 Figure 1 Internet Access Applications 1 3 2 LAN to LAN Application You can use the ZyXEL Device to connect two geographically dispersed networks over the ADSL line A typical LAN to LAN application example is shown as follows Figure 2 LAN to LAN Application Example 1 4 Front Panel Lights The following figure shows the fr...

Page 23: ...vice is too low Off The ZyXEL Device is turned off The system is not receiving power ETHERNET Green On The ZyXEL Device has a successful 10Mbps Ethernet connection Blinking The ZyXEL Device is receiving or sending data Amber On The ZyXEL Device has a successful 100Mbps Ethernet connection Blinking The ZyXEL Device is receiving or sending data Off The ZyXEL Device is not connected to the LAN DSL Gr...

Page 24: ...ixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer 2 2 Accessing the Web Configurator 1 Make sur...

Page 25: ...for more information about the Status screen If you entered the admin password it is highly recommended you change the default admin password Enter a new password between 1 and 30 characters retype it to confirm and click Apply alternatively click Ignore to proceed to the main menu if you do not want to change the password now Note If you do not change the password at least once the following scre...

Page 26: ...inking 2 Press the RESET button for ten seconds or until the POWER light begins to blink and then release it When the POWER light begins to blink the defaults have been restored and the ZyXEL Device restarts 2 4 Navigating the Web Configurator We use the P 660R F1 web screens in this guide as an example Screens vary slightly for different ZyXEL Device models 2 4 1 Navigation Panel After you enter ...

Page 27: ...HCP Setup Use this screen to configure LAN DHCP settings Client List Use this screen to view current DHCP client information and to always assign an IP address to a MAC address and host name IP Alias Use this screen to partition your LAN interface into subnets NAT General Use this screen to enable NAT Port Forwarding Use this screen to configure servers behind the ZyXEL Device Advanced Static Rout...

Page 28: ...lows you to change your password Time Setting Use this screen to change your ZyXEL Device s time and date Tools Firmware Use this screen to upload firmware to your ZyXEL Device Configuration Use this screen to backup and restore the configuration or reset the factory defaults to your ZyXEL Device Restart This screen allows you to reboot the ZyXEL Device without turning the power off Diagnostic Gen...

Page 29: ...the wizard or WAN screen LAN Information IP Address This is the ETHERNET port IP address IP Subnet Mask This is the ETHERNET port IP subnet mask DHCP This is the ETHERNET port DHCP role Server Relay or None System Status System Uptime This is the total time the ZyXEL Device has been on Current Date Time This field displays your ZyXEL Device s present date and time System Mode This displays whether...

Page 30: ...ate Summary Any IP Table Use this screen to view a list of IP addresses and MAC addresses of computers which are not in the same subnet as the ZyXEL Device Packet Statistics Use this screen to view port status and packet specific statistics Table 4 Status Screen LABEL DESCRIPTION Table 5 Status Any IP Table LABEL DESCRIPTION This is the index number of the host computer IP Address This field displ...

Page 31: ...ABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up Current Date Time This field displays your ZyXEL Device s present date and time CPU Usage This field specifies the percentage of CPU utilization Memory Usage This field specifies the percentage of memory utilization LAN or WAN Port Statistics This is the WAN or LAN port Link Status This is the status of ...

Page 32: ...led TxPkts This field displays the number of packets transmitted on this port RxPkts This field displays the number of packets received on this port Errors This field displays the number of error packets on this port Tx B s This field displays the number of bytes transmitted in the last second Rx B s This field displays the number of bytes received in the last second Up Time This field displays th...

Page 33: ...ing the Web Configurator P 660R F1 Series User s Guide 33 password again then click Maintenance System to display the screen as shown next See Table 69 on page 186 for detailed field descriptions Figure 10 System General ...

Page 34: ... with the information given to you by your ISP Note See the advanced menu chapters for background information on these fields 3 2 Internet Access Wizard Setup 1 After you enter the admin password to access the web configurator select Go to Wizard setup and click Apply Otherwise click the wizard icon in the top right corner of the web configurator to display the wizard main screen 2 Click INTERNET ...

Page 35: ...r hardware connections and click Restart the Internet Setup Wizard to have the ZyXEL Device detect your connection again Figure 12 Auto Detection No DSL Connection If the wizard still cannot detect a connection type and the following screen appears see Figure 13 on page 35 click Next and refer to Section 3 2 2 on page 36 on how to configure the ZyXEL Device for Internet access manually Figure 13 A...

Page 36: ...r connection Figure 14 Auto Detection PPPoE 3 2 2 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type enter the Internet access information given to you by your ISP exactly in the wizard screen If not given leave the fields set to the default Figure 15 Internet Access Wizard Setup ISP Parameters ...

Page 37: ...ces vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET ENCAP or PPPoE Multiplexing Select the multiplexing method used by your ISP from the Multiplex drop down list box either VC based or LLC based Virtual Circuit ID VPI Virtual Path Identifier and VCI Virtual ...

Page 38: ...exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password Enter the password associated with the user name above Service Name Type the name of your PPPoE service here Back Click Back to go back to the previous wizard screen Apply Click Apply to save your changes back to the ZyXEL Device Exit C...

Page 39: ...T ENCAP Table 9 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field Type your ISP assigned IP address in this field Back Click Back to go back to the previous wizard screen Next Click Next to continue to the next wizard screen Exit Click Exit to close the wizard screen without saving your changes ...

Page 40: ...ubnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendices to calculate a subnet mask If you are implementing subnetting Gateway IP address You must specify a gateway IP address supplied by your ISP when you use ENET ENCAP in the Encapsulation field in the previous screen First DNS Server Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP client...

Page 41: ...he screen where you can modify them Figure 20 Connection Test Failed 1 If the following screen displays check if your account is activated or click Restart the Internet Setup Wizard to verify your Internet access settings Figure 21 Connection Test Failed 2 Apply Click Apply to save your changes back to the ZyXEL Device Exit Click Exit to close the wizard screen without saving your changes Table 11...

Page 42: ...nternet Access P 660R F1 Series User s Guide 42 When you are finished with the Internet Setup Wizard the following screen displays your configuration details Click Finish to exit the wizard Figure 22 Internet Setup Wizard Finished ...

Page 43: ...Point to Point Protocol over Ethernet provides access control and billing functionality in a manner similar to dial up services using PPP PPPoE is an IETF standard RFC 2516 specifying how a personal computer PC interacts with a broadband modem DSL cable wireless etc connection For the service provider PPPoE offers an access and authentication method that works with existing access control systems ...

Page 44: ...e dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical 4 1 2 2 LLC based Multiplexing In this case one VC carries multiple protocols with protocol identifying information being contained in each packet header Despite the extra bandwidth and processing overhead this method may be advantageous if it is not practical to have a separate VC for each carried...

Page 45: ...ces your choices for IP address and ENET ENCAP gateway 4 1 5 1 IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP then the IP Address and ENET ENCAP Gateway fields are not applicable N A If you have a static IP then you only need to fill in the IP Address field and not the ENET ENCAP Gateway field 4 1 5 2 IP Assignment with RFC 1483 Encapsulation In this case the IP Address A...

Page 46: ...see Section 4 8 on page 60 For example if the normal route has a metric of 1 and the traffic redirect route has a metric of 2 and dial backup route has a metric of 3 then the normal route acts as the primary default route If the normal route fails to connect to the Internet the ZyXEL Device tries the traffic redirect route next In the same manner the ZyXEL Device uses the dial backup route if the ...

Page 47: ...BR Constant Bit Rate CBR provides fixed bandwidth that is always available even if no data is being sent CBR traffic is generally time sensitive doesn t tolerate delay CBR is used for connections that continuously require a specific amount of bandwidth A PCR is specified and if traffic exceeds this rate cells may be dropped Examples of connections that need CBR would be high resolution video and v...

Page 48: ...nsfer 4 4 Zero Configuration Internet Access Once you turn on and connect the ZyXEL Device to a telephone jack it automatically detects the Internet connection settings such as the VCI VPI numbers and the encapsulation method from the ISP and makes the necessary configuration changes In cases where additional account information such as an Internet account user name and password is required or the...

Page 49: ...Chapter 4 WAN Setup P 660R F1 Series User s Guide 49 See Section 4 1 on page 43 for more information Figure 24 Internet Access Setup PPPoE ...

Page 50: ...ly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password PPPoA and PPPoE encapsulation only Enter the password associated with the user name above Service Name PPPoE only Type the name of your PPPoE service here Multiplexing Select the method of multiplexing used by your ISP from the drop down lis...

Page 51: ...You must have another DNS server on your LAN or else the computers must have their DNS server addresses manually configured If you do not configure a DNS server you must know the IP address of a computer in order to access it Connection PPPoA and PPPoE encapsulation only Nailed Up Connection Select Nailed Up Connection when you want your connection up all the time The ZyXEL Device will try to brin...

Page 52: ...RIP 2M Multicast IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a multicast group The ZyXEL Device supports both IGMP version 1 IGMP v1 and IGMP v2 Select None to disable it ATM QoS ATM QoS Type Select CBR Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are n...

Page 53: ...omputers to connect to the ISP via the ZyXEL Device Each host can have a separate account and a public WAN IP address PPPoE pass through is an alternative to NAT for application where NAT is not appropriate Disable PPPoE pass through if you do not need to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP Packet Filter Incoming Filter Sets Protocol Filter ...

Page 54: ...ons LABEL DESCRIPTION This is the index number of a connection Active This display whether this connection is activated Clear the check box to disable the connection Select the check box to enable it Name This is the descriptive name for this connection VPI VCI This is the VPI and VCI values used for this connection Encapsulation This is the method of encapsulation used for this connection Modify ...

Page 55: ...ections Edit LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection Name Enter a unique descriptive name of up to 13 ASCII characters for this connection Mode Select Routing from the drop down list box if your ISP allows multiple computers to share an Internet account If you select Bridge the ZyXEL Device will forward any packet that it does ...

Page 56: ...igned to you IP Address This option is available if you select Routing in the Mode field If you use RFC 1483 enter the IP address given by your ISP in the IP Address field Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendices to calculate a subnet mask If you are implementing subnetting Gateway IP address Specify a gateway IP address supplied by your ISP Connection Nai...

Page 57: ... 2M Multicast IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a multicast group The ZyXEL Device supports both IGMP version 1 IGMP v1 and IGMP v2 Select None to disable it ATM QoS ATM QoS Type Select CBR Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are non ...

Page 58: ... control incoming traffic You may choose up to 4 sets of filters You can configure packet filters in the Packet Filter screen Generic Filter Select the generic filter s to control outgoing traffic You may choose up to 4 sets of filters You can configure generic filters in the Packet Filter screen Outgoing Filter Sets Protocol Filter Select the protocol filter s to control outgoing traffic You may ...

Page 59: ...e IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network Put the protected LAN in one subnet Subnet 1 in the following figure and the backup gateway in another subnet Subnet 2 Configure filters that allow packets from the protected LAN Subnet 1 to the backup gateway Subnet 2 Figure 30 Traffic Redirect LAN Setup ...

Page 60: ...gured in the Check WAN IP Address fields Check WAN IP Address1 3 Configure this field to test your ZyXEL Device s WAN accessibility Type the IP address of a reliable nearby computer for example your ISP s DNS server address Note If you activate either traffic redirect or dial backup you must configure at least one IP address here When using a WAN backup connection the ZyXEL Device periodically pin...

Page 61: ...XEL Device cannot connect to the Internet Active Traffic Redirect Select this check box to have the ZyXEL Device use traffic redirect if the normal WAN connection goes down Note If you activate traffic redirect you must configure at least one Check WAN IP Address Metric This field sets this route s priority among the routes the ZyXEL Device uses The metric represents the cost of transmission A rou...

Page 62: ...Chapter 4 WAN Setup P 660R F1 Series User s Guide 62 ...

Page 63: ... 5 3 on page 68 to configure the LAN screens 5 1 1 LANs WANs and the ZyXEL Device The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports There are two separate IP networks one inside the LAN network and the other outside the WAN network as shown next Figure 32 LAN and WAN IP Addresses 5 1 2 DHCP Setup DHCP Dynamic Host Configuration Protocol RFC 2131 and RFC ...

Page 64: ...gh IPCP negotiation The ZyXEL Device supports the IPCP DNS server extensions through the DNS proxy feature If the Primary and Secondary DNS Server fields in the DHCP Setup screen are not specified for instance left as 0 0 0 0 the ZyXEL Device tells the DHCP clients that it itself is the DNS server When a computer sends a DNS query to the ZyXEL Device the ZyXEL Device forwards the query to the real...

Page 65: ...served In other words the first three numbers specify the network number while the last number identifies an individual computer on that network Once you have decided on the network number pick an IP address that is easy to remember for instance 192 168 1 1 for your ZyXEL Device but make sure that no other device on your network is using that IP address The subnet mask specifies the network number...

Page 66: ...ting while RIP 2M uses multicasting 5 2 3 Multicast Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast ...

Page 67: ...ure depicts a scenario where a computer is set to use a static private IP address in the corporate environment In a residential house where a ZyXEL Device is installed you can still use the computer to access the Internet without changing the network settings even when the IP addresses of the computer and the ZyXEL Device are not in the same subnet Figure 33 Any IP Example The Any IP feature does ...

Page 68: ... entry in the IP routing table so it can properly forward packets intended for the computer After all the routing information is updated the computer can access the ZyXEL Device and the Internet as if it is in the same subnet as the ZyXEL Device 5 3 Configuring LAN IP Click LAN to open the IP screen See Section 5 1 on page 63 for background information Figure 34 LAN IP The following table describe...

Page 69: ...computer even when the IP addresses of the computer and the ZyXEL Device are not in the same subnet When you disable the Any IP feature only computers with dynamic IP addresses or static IP addresses in the same subnet as the ZyXEL Device s LAN IP address can connect to the ZyXEL Device or access the Internet through the ZyXEL Device Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Inp...

Page 70: ...DHCP Setup DHCP If set to Server your ZyXEL Device can assign IP addresses an IP default gateway and DNS servers to Windows 95 Windows NT and other systems that support the DHCP client If set to None the DHCP server will be disabled If set to Relay the ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients Enter the IP address ...

Page 71: ...en enter the IP address of the actual remote DHCP server here DNS Server DNS Servers Assigned by DHCP Server The ZyXEL Device passes a DNS Domain Name System server IP address to the DHCP clients Primary DNS Server Secondary DNS Server This field is not available when you set DHCP to Relay Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP ad...

Page 72: ...er of the static IP table entry row Status This field displays whether the client is connected to the ZyXEL Device Host Name This field displays the computer host name IP Address This field displays the IP address relative to the field listed above MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal notation A...

Page 73: ...ribes the labels in this screen Table 22 LAN IP Alias LABEL DESCRIPTION IP Alias 1 2 Select the check box to configure another LAN network for the ZyXEL Device IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation Alternatively click the right mouse button to copy and or paste the IP address IP Subnet Mask Your ZyXEL Device will automatically calculate the subnet mask bas...

Page 74: ...IP packets that the ZyXEL Device sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting Multicasting ...

Page 75: ... of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers to the IP address of a host used in a packet Thus an inside local address ILA is the IP address of an inside host in a packet when the packet is still in...

Page 76: ...he additional benefit of firewall protection With no servers defined your ZyXEL Device filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 6 1 3 How NAT Works Each packet has two addresses a source address and a destination address For outgoing packets the ILA I...

Page 77: ...e In Many to One mode the ZyXEL Device maps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload mode the ZyXEL Device maps the multiple local IP addresses to shared global...

Page 78: ...ultiple private LAN IP addresses of clients or servers using mapping types as outlined in Table 24 on page 78 Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device Table 24 NAT Mapping Types TYPE IP MAPPING One to One ILA1ÅÆ IGA1 Many to One SUA PAT ILA1ÅÆ IGA1 ILA2ÅÆ IGA1 Many to Many...

Page 79: ...as file sharing applications they may use a large number of NAT sessions If you do not limit the number of NAT sessions a single client can establish this can result in all of the available NAT sessions being used In this case no additional NAT sessions can be established and users may not be able to access the Internet Each NAT session establishes a corresponding firewall session Use this field t...

Page 80: ... check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP 6 4 1 Default Server IP Address In addition to the servers for specified services NAT supports a default server IP address A default server receives packets from ports that are not specified in this screen Note If you do not assign a Default Server IP address the...

Page 81: ...igns the WAN IP address The NAT network appears as a single host on the Internet Figure 43 Multiple Servers Behind NAT Example 6 5 Configuring Port Forwarding Note The Port Forwarding screen is available only when you select SUA Only in the NAT General screen If you do not assign a Default Server IP address the ZyXEL Device discards all packets received for ports that are not specified here or in ...

Page 82: ...ed here or in the remote management setup Port Forwarding Service Name Select a service from the drop down list box Server IP Address Enter the IP address of the server for the specified service Add Click this button to add a rule to the table below This is the rule index number read only Active Click this check box to enable the rule Service Name This is a service s name Start Port This is the fi...

Page 83: ...twork NAT ALG Table 28 Port Forwarding Rule Setup LABEL DESCRIPTION Active Click this check box to enable the rule Service Name Enter a name to identify this port forwarding rule Start Port Enter a port number in this field To forward only one port enter the port number again in the End Port field To forward a series of ports enter the start port number here and the end port number in the End Port...

Page 84: ...AT ALG Figure 47 Network NAT DMZ The following table describes the fields in this screen Table 29 Network NAT ALG LABEL DESCRIPTION Enable SIP ALG Select this to make sure SIP VoIP works correctly with port forwarding and address mapping rules Apply Click this to save your changes Reset Click this to restore your previously saved settings Table 30 Network NAT DMZ LABEL DESCRIPTION Active DMZ Hosti...

Page 85: ...wed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 48 Default Firewall Action 7 1 1 What You Can Do in the Firewall Screens Use the General screen to enable firewall and or triangle route on the ZyXEL Device and set the default action that the firewall takes on packets that do not match any of the firewall rules Use the Rules screen to view the configured firewall rules a...

Page 86: ... ICMP is a message control and error reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and directly apparent to the application user DoS Thresholds For DoS attacks the ZyXEL Device uses thresholds to determine when to drop sessions that do not become fully established These threshold...

Page 87: ...zed Services link to open the Customized Service screen 6 Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply Figure 50 Edit Custom Port Example 7 Select Any in the Destination Address List box and then click Delete 8 Configure the destination address screen as follows and click Add Figure 51 Firewall Example Edit Rule Destinat...

Page 88: ...ces show up with an before their names in the Services list box and the Rules list box Figure 52 Firewall Example Edit Rule Select Customized Services On completing the configuration procedure for this Internet firewall rule the Rules screen should look like the following ...

Page 89: ... from the WAN to IP addresses 192 168 1 1 through 192 168 1 15 on the LAN Figure 53 Firewall Example Rules MyService 7 2 The Firewall General Screen Use this screen to configure the firewall settings Click Security Firewall to display the following screen Figure 54 Security Firewall General ...

Page 90: ... and the backup gateway on separate subnets See Section 7 5 4 1 on page 101 for an example Packet Direction This is the direction of travel of packets LAN to Router LAN to WAN WAN to Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply For example LAN to Router means packets traveling from a computer subnet on the LAN to the ZyXEL Device itse...

Page 91: ...ing in the selected packet direction The firewall rules that you configure summarized below take priority over the general firewall action settings in the General screen This is your firewall rule number The ordering of your rules is important as rules are applied in turn Active This field displays whether a firewall is turned on or not Select the check box to enable the rule Clear the check box t...

Page 92: ...ent firewall rules move up by one when you take this action Order Click the Move icon to display the Move the rule to field Type a number in the Move the rule to field and click the Move button to move the rule to the number that you typed The ordering of your rules is important as they are applied in order of their numbering Apply Click this to save your changes Cancel Click this to restore your ...

Page 93: ...g Firewall Rules Use this screen to configure firewall rules In the Rules screen select an index number and click Add or click a rule s Edit icon to display this screen and refer to the following table for information on the labels Figure 56 Security Firewall Rules Edit ...

Page 94: ...ultiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Delete Highlight an existing source or destination address from the Source or Destination Address box above and click Delete to remove it Services Available Selected Services Highlight a service from the Available Services box on the left then click Add ...

Page 95: ...wall Customized Services screen to display the following screen Figure 58 Security Firewall Rules Edit Edit Customized Services Config Table 34 Security Firewall Rules Edit Edit Customized Services LABEL DESCRIPTION No This is the number of your customized port Click a rule s number of a service to go to the Firewall Customized Services Config screen to configure or edit a customized service Name ...

Page 96: ... handshake a connection is established Figure 59 Three Way Handshake For UDP half open means that the firewall has detected no return traffic An unusually high number or arrival rate of half open sessions could indicate a DOS attack Table 35 Security Firewall Rules Edit Edit Customized Services Config LABEL DESCRIPTION Config Service Name Type a unique name for your custom port Service Type Choose...

Page 97: ...ervers in your LAN network 4 Network bandwidth 5 Type of traffic for certain servers Reduce the threshold values if your network is slower than average for any of these factors especially if you have servers that are slow or handle many tasks and are often busy If you often use P2P applications such as file sharing with eMule or eDonkey it s recommended that you increase the threshold values since...

Page 98: ...sions drops below this number Maximum Incomplete High This is the number of existing half open sessions that causes the firewall to start deleting half open sessions When the number of existing half open sessions rises above this number the ZyXEL Device deletes half open sessions as required to accommodate new connection requests Do not set Maximum Incomplete High to lower than the current Maximum...

Page 99: ...s specify which computers on the LAN can manage the ZyXEL Device remote management Note You can also configure the remote management settings to allow only a specific computer to manage the ZyXEL Device LAN to WAN These rules specify which computers on the LAN can access which computers or services on the WAN By default the ZyXEL Device s stateful packet inspection drops packets traveling in the f...

Page 100: ...Don t enable any local service such as telnet or FTP that you don t use Any enabled service could present a potential security risk A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network 5 For local services that are enabled protect against misuse Protect by configuring the services to communicate only with specific peers and pr...

Page 101: ...g and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks Figure 61 Ideal Firewall Setup 7 5 4 1 The Triangle Route Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices You may have more than one connection to the Internet through one or more ISPs If an alternate gateway is on the LAN and its IP address is in ...

Page 102: ...gical sections over the same Ethernet interface Your ZyXEL Device supports up to three logical LAN interfaces with the ZyXEL Device being the gateway for each logical network It s like having multiple LAN networks that actually use the same physical cables and ports By putting your LAN and Gateway A in different subnets all returning network traffic must pass through the ZyXEL Device to your LAN T...

Page 103: ...Chapter 7 Firewalls P 660R F1 Series User s Guide 103 4 The ZyXEL Device then sends it to the computer on the LAN in Subnet 1 Figure 63 IP Alias 1 2 3 LAN A ISP 1 ISP 2 4 WAN Subnet 1 Subnet 2 ...

Page 104: ...Chapter 7 Firewalls P 660R F1 Series User s Guide 104 ...

Page 105: ...protocol filters Generic filter rules act on the raw data from to LAN and WAN Protocol filter rules act on IP packets Filter Structure A filter set consists of one or more filter rules The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set for a total of 72 filter rules in the system You cannot mix generic filter rules and protocol filter rules within the same...

Page 106: ...L DESCRIPTION This field displays the index number of the filter set Name Enter a name for the filter set The text may consist of up to 16 letters numerals and any printable character found on a typical English language keyboard Filter Type Select Protocol Filter or Generic Filter for your filter set Protocol filter rules are used to filter IP packets while generic filter rules allow filtering of ...

Page 107: ...con to display the following screen LABEL DESCRIPTION This is the index number of the rules in a filter set Active Use the check box to turn a filter rule on or off Filter Type This field displays whether the filter type is a protocol filter or generic filter Protocol This field displays the upper layer protocol SA This field displays the source IP address DA This field displays the destination IP...

Page 108: ...sh to filter This field is ignored if it is 0 0 0 0 Destination Subnet Netmask Enter the IP subnet mask for the destination IP address Destination Port Enter the destination port of the packets that you wish to filter The range of this field is 0 to 65535 This field is ignored if it is 0 Port Compare Select the comparison to apply to the destination port in the packet against the value given in th...

Page 109: ... in the packet against the value given in the Source Port field Options are None Equal Not Equal Less and Greater TCP Estab This field is only available when you select TCP in the Protocol field Select Yes to have the rule match packets that want to establish a TCP connection This field is ignored if you select No More Select Yes to pass a matching packet to the next filter rule before an action i...

Page 110: ... number of the rules in a filter set Active Use the check box to turn on or off a filter rule Filter Type This field displays whether the filter type is a protocol filter or generic filter Offset This field displays the offset value Length This field displays the length value Mask This field displays the mask value Value This field displays the value Modify Click the Edit icon to configure a filte...

Page 111: ... DESCRIPTION Active Select the check box to enable the filter rule Offset Enter the starting byte of the data portion in the packet that you wish to compare The range for this field is from 0 to 255 Length Enter the byte count of the data portion in the packet that you wish to compare The range for this field is 0 to 8 Mask Enter the mask in hexadecimal notation to apply to the data portion before...

Page 112: ... are applied at the point when the ZyXEL Device is receiving and sending the packets that is the interface The interface can be an Ethernet port or any other hardware port The following diagram illustrates this Figure 69 Protocol and Generic Filter Sets 8 3 2 Firewall Versus Filters Below are some comparisons between the ZyXEL Device s filtering and firewall functions Log Select a logging option f...

Page 113: ...yers from the network layer IP headers up to the application layer The firewall performs stateful inspection It takes into account the state of connections it handles so that for example a legitimate incoming packet can be matched with the outbound request for that packet and allowed in Conversely an incoming packet masquerading as a response to a non existent outbound request can be blocked The f...

Page 114: ...Chapter 8 Packet Filters P 660R F1 Series User s Guide 114 6 The firewall can block specific URL traffic that might occur in the future The URL can be saved in an Access Control List ACL database ...

Page 115: ...rate and export self signed certificates or certification requests and import the ZyXEL Device s CA signed certificates Use the Trusted CAs screens to save CA certificates to the ZyXEL Device Use the Trusted Remote Hosts screens to import self signed certificates Use the Directory Servers screens to configure a list of addresses of directory servers that contain lists of valid and revoked certific...

Page 116: ...acy Enhanced Mail format uses lowercase letters uppercase letters and numerals to convert a binary X 509 certificate into a printable form Binary PKCS 7 This is a standard that defines the general syntax for data including digital signatures that may be encrypted The ZyXEL Device currently allows the importation of a PKS 7 file that contains a single certificate PEM Base 64 encoded PKCS 7 This Pri...

Page 117: ...er deleting expired or unnecessary certificates before adding more certificates My Certificate Setting This field displays the certificate index number The certificates are listed in alphabetical order Name This field displays the name used to identify this certificate It is recommended that you give each certificate a unique name Type This field displays what kind of certificate this is REQ repre...

Page 118: ...ires The text displays in red and includes an Expiring or Expired message if the certificate is about to expire or has already expired Modify Click the Edit icon to open a screen with an in depth list of information about the certificate Click the Remove icon to remove the certificate A window displays asking you to confirm that you want to delete the certificate You cannot delete a certificate th...

Page 119: ...the labels in this screen Table 42 My Certificate Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click this to find the certificate file you want to upload Back Click this to return to the previous screen without saving Apply Click this to save the certificate on the ZyXEL Device Cancel Click this to clear your...

Page 120: ...ion authority may add fields such as a serial number to the subject information when it issues a certificate It is recommended that each certificate have unique subject information Common Name Select a radio button to identify the certificate s owner by IP address domain name or e mail address Type the IP address in dotted decimal notation domain name or e mail address in the field provided The do...

Page 121: ... Trusted CAs screen When you select this option you must select the certification authority s enrollment protocol and the certification authority s certificate from the drop down list boxes and enter the certification authority s server address You also need to fill in the Reference Number and Key if the certification authority requires them Enrollment Protocol Select the certification authority s...

Page 122: ...ful you see a screen with a Return button that takes you back to the My Certificate Create screen Click Return and check your information in the My Certificate Create screen Make sure that the certification authority information is correct and that your Internet connection is working properly if you want the ZyXEL Device to enroll a certificate online 9 2 3 My Certificate Details Use this screen t...

Page 123: ...ertificate You may use any character not including spaces Property Default self signed certificate which signs the imported remote host certificates Select this check box to have the ZyXEL Device use this certificate to sign the trusted remote host certificates that you import to the ZyXEL Device This check box is only available with self signed certificates If this check box is already selected y...

Page 124: ...splays identifying information about the certificate s issuing certification authority such as Common Name Organizational Unit Organization and Country With self signed certificates this is the same as the Subject Name field Signature Algorithm This field displays the type of algorithm that was used to sign the certificate The ZyXEL Device uses rsa pkcs1 sha1 RSA public private key encryption algo...

Page 125: ...cate into a printable form You can copy and paste a certification request into a certification authority s web page an e mail that you send to the certification authority or a text editor and save the file on a management computer for later manual enrollment You can copy and paste a certificate into an e mail to send to friends or colleagues or you can copy and paste a certificate into a text edit...

Page 126: ...used to identify this certificate Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Issuer This field displays identifying information about the certificate s issuing certification authority such ...

Page 127: ...L before trusting any certificates issued by the certification authority Otherwise the field displays No Modify Click the Edit icon to open a screen with an in depth list of information about the certificate Click the Remove icon to remove the certificate A window displays asking you to confirm that you want to delete the certificates Note that subsequent certificates move up by one when you take ...

Page 128: ...ure 77 Trusted CA Details The following table describes the labels in this screen Table 47 Trusted CA Details LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate If you want to change the name type up to 31 characters to identify this key certificate You may use any character not including spaces Property Issues certificate revocation lists CRLs Select t...

Page 129: ...elf signed certificates this is the same information as in the Subject Name field Signature Algorithm This field displays the type of algorithm that was used to sign the certificate Some certification authorities use rsa pkcs1 sha1 RSA public private key encryption algorithm and the SHA1 hash algorithm Other certification authorities may use rsa pkcs1 md5 RSA public private key encryption algorith...

Page 130: ... using the SHA1 algorithm You can use this value to verify with the certification authority over the phone for example that this is actually their certificate Certificate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII characters to convert the binary certificate into a printable form You ...

Page 131: ...n alphabetical order Name This field displays the name used to identify this certificate Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Valid From This field displays the date that the certific...

Page 132: ...icate Details Use this screen to view in depth information about the trusted remote host s certificate and or change the certificate s name Click Security Certificates Trusted Remote Hosts to open LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click this to find the certificate file you want to upload Back Click this ...

Page 133: ...a list of certification authority certificates in the hierarchy of certification authorities that validate a certificate s issuing certification authority For a trusted host the list consists of the end entity s own certificate and the default self signed certificate that the ZyXEL Device uses to sign remote host certificates Refresh Click this to display the certification path Certificate Path Th...

Page 134: ...italSignature means that the key can be used to sign certificates and KeyEncipherment means that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For example Subject Type CA means that this is a certification authority s certificate and Path Length Constraint 1 means that there can only be one certification authority in the certific...

Page 135: ...wing table describes the labels in this screen Table 51 Directory Servers Apply Click this to save your changes You can only change the name of the certificate Cancel Click this to restore your previously saved settings LABEL DESCRIPTION LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device s PKI storage space that is currently in use The bar turns from gr...

Page 136: ...y server entry A window displays asking you to confirm that you want to delete the directory server Note that subsequent certificates move up by one when you take this action Add Click this to open a screen where you can configure information about a directory server so that the ZyXEL Device can access it LABEL DESCRIPTION LABEL DESCRIPTION Directory Service Setting Name Type up to 31 ASCII charac...

Page 137: ...ts path has expired or been revoked Certification authorities maintain directory servers with databases of valid and revoked certificates A directory of certificates that have been revoked before the scheduled expiration is called a CRL Certificate Revocation List The ZyXEL Device can check a peer s certificate against a directory server s list of revoked certificates The framework of servers soft...

Page 138: ... to verify whether data was signed by you or by someone else This process works as follows 1 Tim wants to send a message to Jenny He needs her to be sure that it comes from him and that the message content has not been altered by anyone else along the way Tim generates a public key pair one public key and one private key 2 Tim keeps the private key and makes the public key openly available This me...

Page 139: ...t certificate 1 Browse to where you have the remote host s certificate saved on your computer 2 Make sure that the certificate has a cer or crt file name extension Figure 83 Remote Host Certificates 3 Double click the certificate s icon to open the Certificate window Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields Figure 84 Certificate Details 4 Verify over ...

Page 140: ...Chapter 9 Certificates P 660R F1 Series User s Guide 140 ...

Page 141: ... has no knowledge of the networks beyond For instance the ZyXEL Device knows about network N2 in the following figure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t know that there is a route through the same remote node Router 1 via gateway Router 2 The static routes are for you to tell the ZyXEL Device about the networks beyond ...

Page 142: ...ibes or identifies this route Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Subnet Mask This is the IP subnet mask Modify C...

Page 143: ...55 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway Type Use either Gateway Address or Gateway Node to configure a static route Gateway IP Address This field is available when you select Gateway Address from Gateway Type Enter the IP address of the gateway The gateway is a router or switch on the same n...

Page 144: ...Chapter 10 Static Route P 660R F1 Series User s Guide 144 ...

Page 145: ...VoIP or Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video 11 1 1 What You Can Do in the QoS Screens Use the General screen to enable QoS on the ZyXEL Device decide allowable bandwidth using QoS and configure priority mapping settings for traffic that does not match a custom class Use the Class Setup screen to set up classifiers to sort traffic ...

Page 146: ...device such as a backbone switch can provide specific treatment or service based on the tag or marker 11 1 3 QoS Class Setup Example In the following figure your Internet connection has an upstream transmission speed of 50 Mbps You configure a classifier to assign the highest priority queue 6 to VoIP traffic from the LAN interface so that voice traffic would not get delayed when there is network c...

Page 147: ...P 660R F1 Series User s Guide 147 match these two classes are assigned priority queue based on the internal QoS mapping table on the ZyXEL Device Figure 88 QoS Class Example VoIP 50 Mbps DSL VoIP Queue 6 Boss Queue 5 IP 192 168 1 23 ...

Page 148: ...Chapter 11 Quality Of Service P 660R F1 Series User s Guide 148 Figure 89 QoS Class Example VoIP 2 Figure 90 QoS Class Example Boss 1 ...

Page 149: ...ide 149 Figure 91 QoS Class Example Boss 2 11 2 The QoS General Screen Use this screen to enable or disable QoS and have the ZyXEL Device automatically assign priority to traffic according to the IEEE 802 1p priority level IP precedence and or packet length ...

Page 150: ...xample set the WAN interface speed to 1000 kbps if your Internet connection has an upstream transmission speed of 1 Mbps You can set this number higher than the interface s actual transmission speed This will stop lower priority traffic from being sent if higher priority traffic uses all of the actual bandwidth You can also set this number lower than the interface s actual transmission speed This ...

Page 151: ...his screen Table 56 Advanced QoS Class Setup LABEL DESCRIPTION Create a new Class Click this to create a new classifier No This is the number of each classifier The ordering of the classifiers is important as the classifiers are applied in turn Active Select the check box to enable this classifier Name This is the name of the classifier Interface This shows the interface from which traffic of this...

Page 152: ...ced QoS Class Setup Edit continued LABEL DESCRIPTION Class Configuration Active Select the check box to enable this classifier Name The text may consist of up to 20 letters numerals and any printable character found on a typical English language keyboard Interface Select from which interface traffic of this class should come Priority Select a priority level between 0 and 7 or select Auto to have t...

Page 153: ...he priority setting and VLAN ID of the frames Select Auto to map the 802 1 priority level to the DSCP value automatically Select Remove to delete the priority queue tag and VLAN ID of the frames Select Mark to replace the 802 1 priority field and VLAN ID with the value you set in the fields below Select Add to treat all matched traffic untagged and add a second priority queue tag and VLAN Ethernet...

Page 154: ...g protocol used in Internet telephony instant messaging and other VoIP Voice over IP applications Select the check box and select VoIP SIP from the drop down list box to configure this classifier for traffic that uses SIP File Transfer Protocol FTP is an Internet file transfer service that operates on the Internet and over TCP IP networks A system running the FTP server accepts commands from a sys...

Page 155: ...ithout saving Apply Click this to save your changes Cancel Click this to restore your previously saved settings LABEL DESCRIPTION LABEL DESCRIPTION Priority Queue This shows the priority queue number Traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested Pass This shows how many packets mapped to this priority queue ar...

Page 156: ... eight bit ToS Type of Service field in the IP header There are eight classes of services ranging from zero to seven in IP precedence Zero is the lowest priority level and seven is the highest Set Interval Click this to apply the new poll interval you entered in the Poll Interval s field Stop Click this to stop refreshing statistics LABEL DESCRIPTION PRIORITY LEVEL TRAFFIC TYPE Level 7 Typically u...

Page 157: ... a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ ne...

Page 158: ...001010 001000 250 1100 4 4 2 010110 010100 010010 010000 5 5 3 011110 011100 011010 011000 250 6 6 4 100110 100100 100010 100000 5 101110 101000 7 7 6 110000 111000 7 PRIORITY QUEUE LAYER 2 LAYER 3 IEEE 802 1P USER PRIORITY ETHERNET PRIORITY TOS IP PRECEDENCE DSCP IP PACKET LENGTH BYTE ...

Page 159: ...ll you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 12 1 1 DYNDNS Wildcard Enabling the wildcard feature for your host causes yourhost dyndns org ...

Page 160: ... service provider Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type the password assigned to you Enable Wildcard Option Select the check box to enable DynDNS Wildcard Enable off line option This option is available when Custom DNS is selected in...

Page 161: ...P address of the NAT router that has a public IP address Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS server Use specified IP Address Type the IP address of the host name s Use this if you have a static IP address Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to begi...

Page 162: ...Chapter 12 Dynamic DNS Setup P 660R F1 Series User s Guide 162 ...

Page 163: ... automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts The priorities for the different types of remote management sessions are as follows 1 Telnet 2 HTTP 13 1 1 Remote Management Limitations Remote management over LAN or WAN will not work when You have disabled that service in one of the remote management screens T...

Page 164: ...data by ensuring confidentiality an unauthorized party cannot read the transferred data authentication one party can identify the other party and data integrity you know if data has been changed It relies upon certificates public keys and private keys HTTPS on the ZyXEL Device is used so that you may securely access the ZyXEL Device using the web configurator The SSL protocol specifies that the SS...

Page 165: ...connection requests from a web browser go to port 80 by default on the ZyXEL Device s WS web server Figure 97 HTTPS Implementation Note If you disable the WWW service in the Remote MGMT WWW screen then the ZyXEL Device blocks all HTTP connection attempts Figure 98 Remote Management WWW ...

Page 166: ...computer to access the ZyXEL Device using this service Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service HTTPS Server Host Key Select the Server Host Key that the ZyXEL Device will use to identify itself The ZyXEL Device is the SSL server and must always authenticate itself to the SSL client the computer which requests the...

Page 167: ...bels in this screen Table 62 Remote Management Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Access Status Select the interface s through which a computer may access the ZyXEL Device using this service Secured Client IP A secured client is a trusted computer th...

Page 168: ...een afresh Table 62 Remote Management Telnet LABEL DESCRIPTION Table 63 Remote Management FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Access Status Select the interface s through which a computer may access the ZyXEL Device using this service Secured Client IP A...

Page 169: ...orm compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port sta...

Page 170: ...SNMP manager when any one of the following events occurs Table 64 SNMP Traps TRAP TRAP NAME DESCRIPTION 0 coldStart defined in RFC 1215 A trap is sent after booting power on 1 warmStart defined in RFC 1215 A trap is sent after booting software reboot 6 whyReboot defined in ZYXEL MIB A trap is sent with the reason of restart before rebooting when the system is going to restart warm start 6a For int...

Page 171: ... Client IP A secured client is a trusted computer that is allowed to communicate with the ZyXEL Device using this service Select All to allow any computer to access the ZyXEL Device using this service Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service SNMP Configuration Get Community Enter the Get Community which is the pas...

Page 172: ...tion to send your SNMP traps to Apply Click Apply to save your customized settings and exit this screen Cancel Click Cancel to begin configuring this screen afresh Table 65 Remote Management SNMP LABEL DESCRIPTION Table 66 Remote Management DNS LABEL DESCRIPTION Port The DNS service port number is 53 Access Status Select the interface s through which a computer may send DNS queries to the ZyXEL De...

Page 173: ...ing Ping requests when Disable is selected Select LAN to reply to incoming LAN Ping requests Select WAN to reply to incoming WAN Ping requests Otherwise select LAN WAN to reply to both incoming LAN and WAN Ping requests Do not respond to requests for unauthorized services Select this option to prevent hackers from finding the ZyXEL Device by probing for unused ports If you select this option the Z...

Page 174: ...ow you to access the information and properties of that device 14 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate through NAT UPnP network devices can automatically configure network addressing announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions NAT traversal allows the followin...

Page 175: ...g UPnP LABEL DESCRIPTION Active the Universal Plug and Play UPnP Feature Select this check box to activate UPnP Be aware that anyone could use a UPnP application to open the web configurator s login screen without entering the ZyXEL Device s IP address although you must still enter the password to access the web configurator Allow users to make configuration changes through UPnP Select this check ...

Page 176: ...P in Windows Me and Windows XP 14 3 1 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details Figure 107 Add Remove Programs Windows Setup Communication ...

Page 177: ...ation Components 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted 14 3 2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Comp...

Page 178: ...s Select Networking Service in the Components selection box and click Details Figure 110 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play check box Figure 111 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next ...

Page 179: ...stalled in Windows XP and UPnP activated on the ZyXEL Device Make sure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device 14 4 1 Auto discover Your UPnP enabled Network Device 1 Click start and Control Panel Double click Network Connections An icon displays under Internet Gateway 2 Right click the icon and select Properties Figure 112 Network Con...

Page 180: ...sal Plug and Play UPnP P 660R F1 Series User s Guide 180 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Figure 113 Internet Connection Properties ...

Page 181: ...4 Internet Connection Properties Advanced Settings Figure 115 Internet Connection Properties Advanced Settings Add Note When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 5 Select Show icon in notification area when connected option and click OK An icon displays in the system tray Figure 116 System Tray Icon ...

Page 182: ...tion Status 14 4 2 Web Configurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP address of the ZyXEL Device Follow the steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Network Connections ...

Page 183: ...l Plug and Play UPnP P 660R F1 Series User s Guide 183 3 Select My Network Places under Other Places Figure 118 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network ...

Page 184: ... and select Invoke The web configurator login screen displays Figure 119 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Figure 120 Network Connections My Network Places Properties Example ...

Page 185: ...r it as the System Name In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the System Name In Windows XP click start My Computer View system information and then click the Computer Name tab Note the entry in the Full computer name field and ent...

Page 186: ... name via DHCP The domain name entered by you is given priority over the ISP assigned domain name Administrator Inactivity Timer Type how many minutes a management session can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts may have security risks A value of 0 means a management session never ...

Page 187: ...res as well as the wizard setup on the ZyXEL Device Old Password Type the default admin password 1234 or the existing password you use to access the system for configuring advanced features New Password Type your new admin password up to 30 characters Note that as you type a password the screen displays a for each character you type After you change the password use the new password to access the ...

Page 188: ...ou set Time and Date Setup to Manual enter the new date in this field and then click Apply Get from Time Server Select this radio button to have the ZyXEL Device get the time and date from the time server you specified below Time Protocol Select the time service protocol that your time server uses Not all time servers support all protocols so you may have to check with your ISP network administrat...

Page 189: ...me zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United States on the last Sunday of October Each time zone in the United States stops using Daylight Saving Time at 2 A M local time So in the ...

Page 190: ...Chapter 15 System P 660R F1 Series User s Guide 190 ...

Page 191: ...s An alert is a message that is enabled as soon as the event occurs They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Logs A log is a message about an event that occurred on y...

Page 192: ...ttings page make sure that you have first filled in the E mail Log Settings fields in Log Settings Refresh Click this to renew the log screen Clear Log Click this to delete all the logs This field is a sequential value and is not associated with a specific entry Time This field displays the time the log was recorded Message This field states the reason for the log Source This field lists the sourc...

Page 193: ...change your ZyXEL Device s log settings click Maintenance Logs Log Settings The screen appears as shown Alerts are e mailed as soon as they happen Logs may be e mailed as soon as the log is full Selecting many alert and or log categories especially Access Control may result in many e mails being sent Figure 124 Maintenance Logs Log Settings The following table describes the fields in this screen ...

Page 194: ...ect Weekly or Daily specify a time of day when the E mail should be sent If you select Weekly then also specify which day of the week the E mail should be sent If you select When Log is Full an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log Use the drop down list box to select which day of the week to send the logs Time for Sending Log Enter the...

Page 195: ...g table Table 73 SMTP Error Messages 16 4 1 Example E mail Log An End of Log message displays for each mail in which a complete log has been sent The following is an example of a log sent by e mail You may edit the subject title 1 means ZyXEL Device out of socket 2 means tcp SYN fail 3 means smtp server OK fail 4 means HELO fail 5 means MAIL FROM fail 6 means RCPT TO fail 7 means DATA fail 8 means...

Page 196: ...192 168 1 131 To 192 168 1 255 default policy forward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 00 UDP src port 00520 dest port 00520 1 02 127 Apr 7 00 From 192 168 1 131 To 192 168 1 255 match forward 10 05 17...

Page 197: ...the router via ftp NAT Session Table is Full The maximum number of NAT session table entries has been exceeded and the table is full Starting Connectivity Monitor Starting Connectivity Monitor Time initialized by Daytime Server The router got the time and date from the Daytime server Time initialized by Time server The router got the time and date from the time server Time initialized by NTP serve...

Page 198: ...TCP UDP IGMP ESP GRE OSPF The firewall allowed a triangle route session to pass through Packet without a NAT table entry blocked TCP UDP IGMP ESP GRE OSPF The router blocked a packet that didn t have a corresponding NAT table entry Router sent blocked web site message TCP The router sent a message to notify a user that the router blocked access to a web site that the user requested LOG MESSAGE DES...

Page 199: ...blocked or forwarded according to the user s setting Firewall rule NOT match ICMP Packet Direction rule d type d code d ICMP access matched or didn t match a firewall rule denoted by its number and was blocked or forwarded according to the rule Triangle route packet forwarded ICMP The firewall allowed a triangle route session to pass through Packet without a NAT table entry blocked ICMP The router...

Page 200: ...Control Protocol stage is closing ppp IPCP Closing The PPP connection s Internet Protocol Control Protocol stage is closing LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall LOG MESSAGE DESCRIPTION s block keyword The content of a requested web page matched a user defined keyword s The system forwarded web content LOG MESSAGE DESCRIPTION attack TCP UDP I...

Page 201: ...s authenticated by the RADIUS Server RADIUS rejects user Pls check RADIUS Server A user was not authenticated by the RADIUS Server Please check the RADIUS Server User logout because of session timeout expired The router logged out a user whose session expired User logout because of user deassociation The router logged out a user who ended the session User logout because of no authentication respon...

Page 202: ...e failed 4 Source Quench 0 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network 5 Redirect 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host 8...

Page 203: ...tem RAS displays as the system name if you haven t configured one when the router generates a syslog The facility is defined in the web MAIN MENU LOGS Log Settings page The severity is the log s syslog class The definition of messages and notes are defined in the various log charts throughout this appendix The devID is the last three characters of the MAC address of the router s LAN port The cat i...

Page 204: ...Chapter 16 Logs P 660R F1 Series User s Guide 204 ...

Page 205: ...abel on the bottom of your device Click Maintenance Tools to open the Firmware screen Follow the instructions in this screen to upload firmware to your ZyXEL Device Figure 126 Firmware Upgrade The following table describes the labels in this screen Table 90 Firmware Upgrade LABEL DESCRIPTION Current Firmware Version This is the present Firmware version and the date created File Path Type in the lo...

Page 206: ...are Upload In Progress The ZyXEL Device automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 128 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful the following screen will appear Click Return t...

Page 207: ...backup configuration file will be useful in case you need to return to your previous settings Click Backup to save the ZyXEL Device s current configuration to your computer 17 2 2 Restore Configuration Restore configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device Note Do not turn off the ZyXEL Device while configuration file upload ...

Page 208: ...ily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyXEL Device IP address 192 168 1 1 See the appendix for details on how to set up your computer s IP address If the upload was not successful the following screen will appear Click Return to go back to the Configuration screen Figure...

Page 209: ...e Refer to the chapter about introducing the web configurator for more information on the RESET button 17 3 Restart System restart allows you to reboot the ZyXEL Device without turning the power off Click Maintenance Tools Restart Click Restart to have the ZyXEL Device reboot This does not affect the ZyXEL Device s configuration Figure 134 Restart Screen ...

Page 210: ...The following table describes the fields in this screen Table 92 Diagnostic General LABEL DESCRIPTION TCP IP Address Type the IP address of a computer that you want to ping in order to test a connection Ping Click this button to ping the IP address that you entered Change to Bridge Routing Mode Click this button to toggle between Routing and Bridge mode ARP Routing Table Click this button to view ...

Page 211: ...Is VCIs before you begin this test The ZyXEL Device sends an OAM F5 packet to the DSLAM ATM switch and then returns it loops it back to the ZyXEL Device The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network DSL Line Status Click this button to view the DSL port s line operating values and line bit allocation Reset ADSL Line Click this button to reinitialize th...

Page 212: ...Chapter 18 Diagnostic P 660R F1 Series User s Guide 212 ...

Page 213: ...ower source Make sure that the ZyXEL Device and the power source are both turned on Turn the ZyXEL Device off and on If the error persists you may have a hardware problem In this case you should contact your vendor Table 95 Troubleshooting the LAN PROBLEM CORRECTIVE ACTION The LAN lights do not turn on Check your Ethernet cable connections refer to the Quick Start Guide for details Check for fault...

Page 214: ...thentication may be through the user name and password the MAC address or the host name The username and password apply to PPPoE and PPPoA encapsulation only Make sure that you have entered the correct Service Type User Name and Password be sure to use the correct casing Refer to the WAN Setup chapter I cannot access the Internet Make sure the ZyXEL Device is turned on and connected to the network...

Page 215: ...tor Make sure that there is not a Telnet session running Use the ZyXEL Device s WAN IP address when configuring from the WAN Refer to the instructions on checking your WAN connection Use the ZyXEL Device s LAN IP address when configuring from the LAN Refer to for instructions on checking your LAN connection Check that you have enabled web service access If you have configured a secured client IP a...

Page 216: ...Chapter 19 Troubleshooting P 660R F1 Series User s Guide 216 ...

Page 217: ...5 0 24 bits Default Password administrator 1234 user user DHCP Pool 192 168 1 33 to 192 168 1 64 Dimensions W x D x H 105 x 105 x 31 mm Power Specification 9VAC 1A Ethernet port auto MDI MDI X 10 100 Mbps RJ 45 Ethernet port Operation Temperature 0º C 40º C Storage Temperature 30º 60º C Operation Humidity 20 85 RH Storage Humidity 20 90 RH Distance between the centers of the holes on the device s ...

Page 218: ...manent Virtual Circuits I 610 F4 F5 OAM Other Protocol Support PPP Point to Point Protocol link layer protocol Transparent bridging for unsupported network layer protocols DHCP Server Client Relay RIP I RIP II ICMP SNMP v1 and v2c with MIB II support RFC 1213 IP Multicasting IGMP v1 and v2 IGMP Proxy UPnP Management Embedded Web Configurator CLI Command Line Interpreter Remote Management via Telne...

Page 219: ...P 660R F1 Series User s Guide 219 Static Routes 16 IP and 4 Bridge Other Features Any IP Zero Configuration VC auto hunting Traffic Redirect Dynamic DNS IP Alias Table 99 Firmware continued ...

Page 220: ...P 660R F1 Series User s Guide 220 ...

Page 221: ...f the holes matches what is listed in the product specifications appendix Note Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws 3 Do not screw the screws all the way into the wall Leave a small gap of about 0 5 cm between the heads of the screws and the wall 4 Make sure the screws are snugly fastened to the wall They need to hold the weight of...

Page 222: ...P 660R F1 Series User s Guide 222 ...

Page 223: ...pplication package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP addresses that place them i...

Page 224: ...rotocol and then click Add 3 Select Microsoft from the list of manufacturers 4 Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks 1 Click Add 2 Select Client and then click Add 3 Select Microsoft from the list of manufacturers 4 Select Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer s...

Page 225: ...sk fields Figure 139 Windows 95 98 Me TCP IP Properties IP Address 3 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in Figure 140 Windows 95 98 Me TCP IP Properties DNS Configuration ...

Page 226: ...nsert the Windows CD if prompted 7 Turn on your ZyXEL Device and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway Windows 2000 NT XP The following example figures use the defa...

Page 227: ...anel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 142 Windows XP Control Panel 3 Right click Local Area Connection and then click Properties Figure 143 Windows XP Control Panel Network Connections Properties ...

Page 228: ...4 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields ...

Page 229: ... In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of tra...

Page 230: ...et Protocol TCP IP Properties window the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields ...

Page 231: ...s 2000 NT to close the Local Area Connection Properties window 10 Close the Network Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Conne...

Page 232: ...P 660R F1 Series User s Guide 232 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 148 Macintosh OS 8 9 Apple Menu ...

Page 233: ...et mask in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and click System Pr...

Page 234: ...r statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Click Apply Now and close the window 6 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in th...

Page 235: ...pending on your Linux distribution and release version Note Make sure you are logged in as the root administrator Using the K Desktop Environment KDE Follow the steps below to configure your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left corner select System Setting and click Network Figure 152 Red Hat 9 0 KDE Network Configuration Devices ...

Page 236: ...s with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill in the Address Subnet mask and Default Gateway Address fields 3 Click OK to save the changes and close the Ethernet Device General screen 4 If you know your DNS server IP address es click the DNS tab in the Network Configuration screen Enter the DNS server information in the fi...

Page 237: ...thernet card Open the configuration file with any plain text editor If you have a dynamic IP address enter dhcp in the BOOTPROTO field The following figure shows an example Figure 156 Red Hat 9 0 Dynamic IP Address Setting in ifconfig eth0 If you have a static IP address enter static in the BOOTPROTO field Type IPADDR followed by the IP address in dotted decimal notation and type NETMASK followed ...

Page 238: ...terminal screen to check your TCP IP properties Figure 160 Red Hat 9 0 Checking TCP IP Properties nameserver 172 23 5 1 nameserver 172 23 5 2 root localhost init d network restart Shutting down interface eth0 OK Shutting down loopback interface OK Setting network parameters OK Bringing up loopback interface OK Bringing up interface eth0 OK root localhost ifconfig eth0 Link encap Ethernet HWaddr 00...

Page 239: ... in the above example defines the class of IP address These are defined as follows Class A 0 to 127 Class B 128 to 191 Class C 192 to 223 Class D 224 to 239 Class E 240 to 255 IP Address Classes and Hosts The class of an IP address determines the number of hosts you can have on your network In a class A address the first octet is the network number and the remaining three octets are the host ID In...

Page 240: ...eftmost bits Class D addresses begin with 1 1 1 0 Class D addresses are used for multicasting which is used to send information to groups of computers There is also a class E It is reserved for future use The following table shows the allowed ranges for the first octet of each class This range determines the number of subnets you can have in a network Subnet Masks A subnet mask is used to determin...

Page 241: ... the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with mask 255 255 255 128 The following table shows all possible subnet masks for a class C address using both notations T...

Page 242: ...etermines the number of hosts you can have on each subnet Table 104 Two Subnets Example IP SUBNET MASK NETWORK NUMBER HOST ID IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask 255 255 255 0 Subnet Mask Binary 11111111 11111111 11111111 00000000 Table 105 Subnet 1 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 0 IP Address Binary 11000...

Page 243: ...11111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 26 2 or 62 hosts for each subnet all zeroes is the subnet itself all ones is the broadcast address on the subnet Table 107 Subnet 1 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000...

Page 244: ...ess 192 168 1 192 IP Address Binary 11000000 10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 111 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 ...

Page 245: ...ing NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 3 255 255 224 0 19 8 8190 4 255 255 240 0 20 16 4094 5 255 255 248 0 21 32 2046 6 255 255 252 0 22 64 1022 7 255 255 254 0 23 128 510 8 255 255 255 0 24 256 254 9 255 255 255 128 25 512 126 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 ...

Page 246: ...P 660R F1 Series User s Guide 246 ...

Page 247: ...wing figure Figure 161 Connecting a POTS Splitter 1 Connect the side labeled Phone or TEL to your telephone 2 Connect the side labeled Modem or DSL to your ZyXEL Device 3 Connect the side labeled Line to the telephone wall jack Telephone Microfilters Telephone voice transmissions take place in the lower frequency range 0 4KHz while ADSL transmissions take place in the higher bandwidth range above ...

Page 248: ...in order to connect both your modem and a telephone to the same wall jack without using a POTS splitter 1 Connect a phone cable from the wall jack to the single jack end of the Y Connector 2 Connect a cable from the double jack end of the Y Connector to the wall side of the microfilter 3 Connect another cable from the double jack end of the Y Connector to the ZyXEL Device 4 Connect the phone side ...

Page 249: ...yXEL Device With ISDN This section relates to people who use their ZyXEL Device with ADSL over ISDN digital telephone service only The following is an example installation for the ZyXEL Device with ISDN Figure 164 ZyXEL Device with ISDN ...

Page 250: ...P 660R F1 Series User s Guide 250 ...

Page 251: ...y Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 165 Pop up Blocker...

Page 252: ...bles any web pop up blockers you may have enabled Figure 166 Internet Options 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab ...

Page 253: ... 253 2 Select Settings to open the Pop up Blocker Settings screen Figure 167 Internet Options 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 1 1 ...

Page 254: ... to the list of Allowed sites Figure 168 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts are allowed ...

Page 255: ...net Options and then the Security tab Figure 169 Internet Options 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default ...

Page 256: ...igure 170 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected ...

Page 257: ...ide 257 5 Click OK to close the window Figure 171 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 make sure that Use Java 2 for applet under Java Sun is selected ...

Page 258: ...P 660R F1 Series User s Guide 258 3 Click OK to close the window Figure 172 Java Sun ...

Page 259: ...7 backup gateway 60 backup type 60 bandwidth management 150 C CA 121 algorithm 129 CRL 129 enrollment protocols 121 property 128 CBR Continuous Bit Rate 52 57 Certificate Management Protocol see CMP certificates algorithm 124 129 CA 121 creation 118 CRL 127 128 129 deletion 118 directory servers LDAP 136 login 137 enrollment options 121 protocols 121 exporting 130 MD5 fingerprint 125 modifications...

Page 260: ...three way handshake 96 thresholds 86 96 97 98 DSCP 153 154 DSL line reinitialize 211 DSLAM Digital Subscriber Line Access Multiplexer 22 dynamic DNS 21 105 145 159 Dynamic Host Configuration Protocol 21 DYNDNS wildcard 159 E ECHO 80 e mail logs 194 embedded help 27 Encapsulated Routing Link Protocol ENET ENCAP 43 encapsulation 43 44 ENET ENCAP 43 PPP over Ethernet 43 PPPoA 44 RFC 1483 44 enrollmen...

Page 261: ...05 HTTPS 166 I IANA 65 ICMP 86 IGMP and multicasting 66 versions 66 IGMP Internet Group Multicast Protocol 66 importing remote hosts 131 trusted CA 127 Integrated Services Digital Network See ISDN Interference Statement 6 Internet access 20 22 34 setup 214 troubleshooting 214 wizard setup 34 Zero Configuration 20 Internet Assigned Numbers AuthoritySee IANA 65 Internet Control Message Protocol see ...

Page 262: ...definitions 75 example 81 how it works 76 mapping types 77 mode 79 port forwarding 80 port numbers 80 SIP ALG activation 84 specifications 218 what it does 76 NAT Network Address Translation 75 NAT Traversal 174 navigating the web configurator 26 Network Address Translation NAT 21 NNTP 80 P P2P 97 packet direction 90 packet filter WAN 53 58 packet filtering types 106 packet filters logs 109 112 pa...

Page 263: ...es of sessions 163 remote management and NAT 163 remote management limitations 163 remote node 154 reset button 26 resetting and factory default settings 208 resetting the ZyXEL Device 26 restore configuration 207 RFC 1483 44 RFC 1631 75 RFC 1483 45 RFC 2364 44 RFC2516 PPP0E 21 RIP direction 66 version 66 RIP Routing Information Protocol 66 Routing Information Protocol See also RIP 66 Routing Info...

Page 264: ...7 TFTP restrictions 163 three way handshake 96 thresholds DoS 86 96 97 98 P2P 97 trademarks 5 traffic redirect 20 58 59 61 example 58 traffic shaping 46 triangle route 90 101 solutions 102 troubleshooting 214 Internet access 214 trusted CA algorithm 129 CRL 127 128 129 exporting 130 importing 127 MD5 fingerprint 130 PEM 130 SHA1 fingerprint 130 U UBR Unspecified Bit Rate 52 57 Universal Plug and P...

Page 265: ...PoA 44 Setup 43 troubleshooting 214 WAN Wide Area Network 43 WAN backup 60 web and remote management 164 web configurator 24 26 help 27 main screen 26 navigating 26 screen summary 27 Z Zero Configuration Internet Access 20 48 ZyNOS ZyXEL Network Operating System 5 ZyXEL Home Page 6 ZyXEL Network Operating System 5 ...

Page 266: ...P 660R F1 Series User s Guide 266 ...

Page 267: ...P 660R F1 Series User s Guide 267 ...

Page 268: ...P 660R F1 Series User s Guide 268 ...

Reviews:

No comments

Related manuals for P-660R-F1 series

Brand: D-Link Pages: 99

Brand: D-Link Pages: 5

Brand: D-Link Pages: 15

AirPro DWL-6000AP

Brand: D-Link Pages: 65

Brand: Cambium Networks Pages: 68

Brand: Cambium Networks Pages: 110

PowerBeam AC Gen2

Brand: Ubiquiti Pages: 22

Brand: Juniper Pages: 2

Brand: CELOT Pages: 34

Brand: JUMO Pages: 60

Brand: Moxa Technologies Pages: 36

Brand: Nilox Pages: 66

Brand: BHU NETWORKS Pages: 75

Brand: Neousys Technology Pages: 39

Brand: ZyXEL Communications Pages: 4

ControlCenter-IP 2.0

Brand: G&D Pages: 60

Brand: Emerson Pages: 4

Liebert Intellislot IS-WEBCARD

Brand: Emerson Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands