ZyXEL Communications P-660HN-F1A Скачать руководство пользователя страница 202 | Manualshive

Страница: 202 / 430

ZyXEL Communications P-660HN-F1A Скачать руководство пользователя страница 202

Chapter 10 Firewalls

P-660HN-F1A User’s Guide

202

10.4 The Firewall Threshold Screen

For DoS

attacks, the P-660HN-F1A uses thresholds to determine when to start

dropping sessions that do not become fully established (half-open sessions).
These thresholds apply globally to all sessions.

For TCP, half-open means that the session has not reached the established state-
the TCP three-way handshake has not yet been completed. Under normal
circumstances, the application that initiates a session sends a SYN (synchronize)
packet to the receiving server. The receiver sends back an ACK (acknowledgment)
packet and its own SYN, and then the initiator responds with an ACK
(acknowledgment). After this handshake, a connection is established.

Figure 80

Three-Way Handshake

For UDP, half-open means that the firewall has detected no return traffic. An
unusually high number (or arrival rate) of half-open sessions could indicate a DOS
attack.

10.4.1 Threshold Values

If everything is working properly, you probably do not need to change the
threshold settings as the default threshold values should work for most small
offices. Tune these parameters when you believe the P-660HN-F1A has been
receiving DoS attacks that are not recorded in the logs or the logs show that the
P-660HN-F1A is classifying normal traffic as DoS attacks. Factors influencing
choices for threshold values are:

1

The maximum number of opened sessions.

2

The minimum capacity of server backlog in your LAN network.

3

The CPU power of servers in your LAN network.

4

Network bandwidth.

«
...
200
201
202
203
204
...
»

Содержание P-660HN-F1A

Страница 1: ...P 660HN F1A 802 11n Wireless ADSL2 4 port Gateway Copyright 2010 ZyXEL Communications Corporation Firmware Version 3 70 Edition 1 01 2010 Default Login Details IP Address http 192 168 1 1 Admin Passw...

Страница 2: ......

Страница 3: ...obe Reader search utility and enter a word or phrase This can help you quickly pinpoint the information you require You can also enter text directly into the toolbar in Reader To quickly move around w...

Страница 4: ...out your product the answer may be here This is a collection of answers to previously asked questions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use Z...

Страница 5: ...ics in this book may differ slightly from the product due to differences in operating systems operating system versions or if you installed updated firmware software for your device Every effort has b...

Страница 6: ...troke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key...

Страница 7: ...Guide 7 Icons Used in Figures Figures in this User s Guide may use the following generic icons The P 660HN F1A icon is not an exact representation of your device P 660HN F1A Computer Notebook computer...

Страница 8: ...device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT pl...

Страница 9: ...9 Technical Reference 103 WAN Setup 105 LAN Setup 127 Wireless LAN 143 Network Address Translation NAT 173 Firewalls 189 Content Filtering 211 Packet Filter 217 Certificates 227 Static Route 237 802 1...

Страница 10: ...Contents Overview P 660HN F1A User s Guide 10...

Страница 11: ...Managing the P 660HN F1A 24 1 4 Applications for the P 660HN F1A 24 1 4 1 Internet Access 25 1 5 LEDs Lights 26 1 6 The RESET Button 27 1 6 1 Using the Reset Button 27 1 7 The WPS WLAN Button 27 1 7 1...

Страница 12: ...on www dyndns org 65 4 5 2 Configuring DDNS on Your P 660HN F1A 65 4 5 3 Adding a Firewall Rule for Remote Management 66 4 5 4 Testing the DDNS Setting 67 4 6 Configuring Static Route for Routing to...

Страница 13: ...xing 122 6 5 3 VPI and VCI 123 6 5 4 IP Address Assignment 123 6 5 5 Nailed Up Connection PPP 123 6 5 6 NAT 124 6 6 Traffic Shaping 124 6 6 1 ATM Traffic Classes 125 Chapter 7 LAN Setup 127 7 1 Overvi...

Страница 14: ...ical Reference 159 8 7 1 Wireless Network Overview 159 8 7 2 Additional Wireless Terms 161 8 7 3 Wireless Security Overview 161 8 7 4 Signal Problems 164 8 7 5 BSS 165 8 7 6 MBSSID 165 8 7 7 WiFi Prot...

Страница 15: ...Reference 205 10 5 1 Firewall Rules Overview 205 10 5 2 Guidelines For Enhancing Security With Your Firewall 206 10 5 3 Security Considerations 207 10 5 4 Triangle Route 207 Chapter 11 Content Filter...

Страница 16: ...34 Chapter 14 Static Route 237 14 1 Overview 237 14 1 1 What You Can Do in the Static Route Screens 237 14 2 The Static Route Screen 238 14 2 1 Static Route Edit 239 Chapter 15 802 1Q 1P 241 15 1 Over...

Страница 17: ...3 17 1 2 What You Need To Know About DDNS 273 17 2 The Dynamic DNS Screen 274 Chapter 18 Remote Management 277 18 1 Overview 277 18 1 1 What You Can Do in the Remote Management Screens 278 18 1 2 What...

Страница 18: ...P Error Messages 311 21 4 1 Example E mail Log 311 21 5 Log Descriptions 312 Chapter 22 Tools 321 22 1 Overview 321 22 1 1 What You Can Do in the Tool Screens 321 22 1 2 What You Need To Know About To...

Страница 19: ...ifications 346 25 3 Wireless Features 349 25 4 Power Adaptor Specifications 352 Appendix A Setting up Your Computer s IP Address 353 Appendix B Pop up Windows JavaScripts and Java Permissions 377 Appe...

Страница 20: ...Table of Contents P 660HN F1A User s Guide 20...

Страница 21: ...21 PART I User s Guide...

Страница 22: ...22...

Страница 23: ...denotes 802 11n draft 2 0 The N models support 802 11n wireless connection mode Models ending in 1 for example P 660HN F1 denote a device that works over the analog telephone system POTS Plain Old Tel...

Страница 24: ...60HN F1A more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it...

Страница 25: ...ns that probes from the outside to your network are not allowed but you can safely browse the Internet and download files Use content filtering to block access to specific web sites with URL s contain...

Страница 26: ...ng or there is a device malfunction Off The P 660HN F1A is not receiving power ETHERNET 1 4 Green On The P 660HN F1A has an Ethernet connection with a device on the Local Area Network LAN Blinking The...

Страница 27: ...e it When the POWER LED begins to blink the defaults have been restored and the device restarts 1 7 The WPS WLAN Button You can use the WPS WLAN button on the back of the device to turn the wireless L...

Страница 28: ...e WPS 1 Make sure the POWER LED is on not blinking 2 Press the WPS WLAN button for more than one second and release it when the LED becomes orange Press the WPS button on another WPS enabled device wi...

Страница 29: ...t in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See Appendix B on page 377 if you need to make sure these functions are allowed in Internet Explore...

Страница 30: ...d field If you have changed the password enter your password and click Login Figure 3 Password Screen 5 The following screen displays if you have not yet changed your password It is strongly recommend...

Страница 31: ...wise select Go to Advanced setup and click Apply to display the Status screen Figure 5 Replace Factory Default Certificate Screen Note For security reasons the P 660HN F1A automatically logs you out i...

Страница 32: ...he web configurator Table 3 Navigation Panel Summary LINK TAB FUNCTION Status This screen shows the P 660HN F1A s general device and network status information Use this screen to access the statistics...

Страница 33: ...etwork traffic going in specific directions Rules This screen shows a summary of the firewall rules and allows you to edit add a firewall rule Threshold Use this screen to configure the thresholds for...

Страница 34: ...through which interface s and from which IP address es users can send DNS queries to the P 660HN F1A ICMP Use this screen to set whether or not your device will respond to pings and probes for servic...

Страница 35: ...Chapter 2 Introducing the Web Configurator P 660HN F1A User s Guide 35 2 2 4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated...

Страница 36: ...Chapter 2 Introducing the Web Configurator P 660HN F1A User s Guide 36...

Страница 37: ...of the device system resources and interfaces LAN and WAN The Status screen also provides detailed information from Any IP and DHCP and statistics from bandwidth management and traffic 3 2 The Status...

Страница 38: ...is is the DSL standard that your P 660HN F1A is using IP Address This is the current IP address of the P 660HN F1A in the WAN Click this to go to the screen where you can change it IP Subnet Mask This...

Страница 39: ...lug it in when you restart it Maintenance Tools Restart or when you reset it Current Date Time This field displays the current date and time in the P 660HN F1A You can change this in Maintenance Syste...

Страница 40: ...A is not using the interface For the WLAN interface it displays Active when WLAN is enabled or InActive when WLAN is disabled Rate For the LAN interface this displays the port speed and duplex setting...

Страница 41: ...e 8 WLAN Status The following table describes the labels in this screen Table 5 WLAN Status LABEL DESCRIPTION This is the index number of an associated wireless station MAC Address This field displays...

Страница 42: ...screen Figure 9 Packet Statistics The following table describes the fields in this screen Table 6 Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system...

Страница 43: ...this port Tx B s This field displays the number of bytes transmitted in the last second Rx B s This field displays the number of bytes received in the last second Up Time This field displays the elaps...

Страница 44: ...Chapter 3 Status Screens P 660HN F1A User s Guide 44...

Страница 45: ...e page 74 Two PVCs with ATM QoS Scenario see page 75 Note The tutorials featured in this chapter require a basic understanding of connecting to and using the Web Configurator on your P 660HN F1A For d...

Страница 46: ...or manual configuration Section 4 2 3 on page 52 4 2 1 Configuring the Wireless Network Settings This example uses the following parameters to set up a wireless network 1 Click Network Wireless LAN to...

Страница 47: ...less client which connects to the notebook Note The wireless client must be a WPS aware device for example a WPS USB adapter or PCMCIA card There are two WPS methods to set up the wireless client sett...

Страница 48: ...Button in the Network Wireless LAN WPS Station screen Note Your P 660HN F1A has a WPS button located on its rear panel as well as a WPS button in its configuration utility Both buttons have exactly t...

Страница 49: ...s you an example of how to set up a wireless network and its security by pressing a button on both P 660HN F1A and wireless client Example WPS Process PBC Method Wireless Client ZyXEL Device SECURITY...

Страница 50: ...PIN number 2 Enter the PIN number in the PIN field in the Network Wireless LAN WPS Station screen on the P 660HN F1A 3 Click the Start buttons or the button next to the PIN field on both the wireless...

Страница 51: ...wing figure shows you how to set up a wireless network and its security on a P 660HN F1A and a wireless client by using PIN method Example WPS Process PIN Method Authentication by PIN SECURITY INFO WI...

Страница 52: ...orts IEEE 802 11b IEEE 802 11g and IEEE 802 11n wireless clients Make sure that your notebook or computer s wireless adapter supports one of these standards 4 2 4 Setting Up Wireless Network Schedulin...

Страница 53: ...als P 660HN F1A User s Guide 53 2 Configure the screen as follows Turn on the wireless network from Mondays to Fridays between 18 00 and 23 00 Turn on the wireless network all day on Saturdays and Sun...

Страница 54: ...ll use a general Company wireless network group Higher management level and important visitors will use the VIP group which has the highest QoS control Visiting guests will use the Guest group which h...

Страница 55: ...the AP screen Use this screen to set up the company s general wireless network group Configure the screen using the provided parameters and click Apply 2 Click Network Wireless LAN More AP to open the...

Страница 56: ...Guide 56 3 Configure the screen using the provided parameters and click Apply 4 In the More AP screen click the Edit icon to configure the third wireless network group 5 Configure the screen using th...

Страница 57: ...needs to configure the port settings on his P 660HN F1A IP address 192 168 1 1 and a firewall rule so that access can be allowed to his Xbox 360 remotely Xbox 360 requires the following ports to be a...

Страница 58: ...ntial attacks Any port service trying to access the P 660HN F1A s WAN IP address will be forwarded to the default server It is recommended that you set up a firewall rule to protect the device 1 If yo...

Страница 59: ...er the Xbox 360 s IP address in the Default Server field Click Apply 4 4 2 Port Forwarding If the default server is already assigned to another server configure the ports for Xbox 360 1 Click Network...

Страница 60: ...ollowing screen Select User define from the Service Name field 3 Configure the screen as follows to open TCP UDP port 53 for Xbox 360 Click Apply 4 Repeat steps 2 and 3 to open the rest of the ports f...

Страница 61: ...ault port number for the P 660HN F1A web configurator to 8080 so that Xbox users will not be able to access the P 660HN F1A To access the web configurator Thomas needs to add the port number to the UR...

Страница 62: ...field Firewall Example Rules 3 Click Add to display the Edit Rule screen 4 Click the Edit Customized Services under Service to open the Customized Service screen 5 Click on the number 5 to display th...

Страница 63: ...st select Any UDP and Any TCP then click Remove Find Xbox 360 in the Available Services list Use the Add button to add it to the Selected Services list box Click Apply when you are done Note Custom se...

Страница 64: ...anage the device from the Internet The P 660HN F1A s WAN IP address changes dynamically Dynamic DNS DDNS allows you to access the P 660HN F1A using a domain name To use this feature you have to apply...

Страница 65: ...ice Type Host with IP address IP Address Enter the WAN IP address that your P 660HN F1A is currently using You can find the IP address on the P 660HN F1A s Web Configurator Status page Then you will n...

Страница 66: ...HN F1A firewall is enabled to secure your network from attacks In this tutorial you add a firewall rule that lets you manage the P 660HN F1A from the Internet 1 Click Security Firewall and select Rule...

Страница 67: ...st and click Delete Note If the computer gets a different IP address this firewall rule will not work 3d In the Service section select HTTP TCP 80 in the Available Services field and click Add Select...

Страница 68: ...nnect a router to the P 660HN F1A s LAN The router may be used to separate two department networks This tutorial shows how to configure a static routing rule for two network routings In the following...

Страница 69: ...tutorial uses the following example IP settings To configure a static route to route traffic from N1 to N2 1 Log into the P 660HN F1A s Web Configurator in advanced mode 2 Click Advanced Static Route...

Страница 70: ...253 R s N1 address in the Gateway IP Address field 4a Click Apply Now B should be able to receive traffic from A You may need to additionally configure B s firewall settings to allow specific traffic...

Страница 71: ...y No Overload Mapping Use this setting if your applications can use random public IP addresses and the applications are initiated from the Intranet computers A and B For example VoIP application See S...

Страница 72: ...Feature in the General screen Click Apply 3 Click the Address Mapping tab and then click the Edit icon on a new rule 4 Configure the rule using the following settings Type Many to Many No Overload Lo...

Страница 73: ...C For example gaming application To configure this setting 1 Click Network NAT 2 Select Active Network Address Translation NAT and Full Feature in the General screen Click Apply 3 Click the Address M...

Страница 74: ...ns 4 8 Multiple WAN Connections Example This example shows an application for multiple WAN connections Your ISP may configure more than one WAN connection on the P 660HN F1A to record traffic statisti...

Страница 75: ...oIP using SIP using 1 33 and 1 34 PVCs respectively General data is assigned Unspecified Bit Rate UBR ATM QoS while VoIP traffic is assigned Constant Bit Rate CBR ATM QoS as it is considered to transm...

Страница 76: ...k Network WAN Internet Access Setup configure the settings you ISP want to provide to the subscriber for general data transmission This tutorial uses the following example settings Line Modulation Mul...

Страница 77: ...Chapter 4 Tutorials P 660HN F1A User s Guide 77 2 Leave the other settings as their defaults and click Apply...

Страница 78: ...p button to display the following options Select UBR in the ATM QoS Type field 4 Click Apply 4 9 1 2 PVC 2 for VoIP Traffic 1 Click the More Connections tab and then click the Edit icon next to the en...

Страница 79: ...Chapter 4 Tutorials P 660HN F1A User s Guide 79 Select Active Name PVC for VoIP Mode Routing Encapsulation ENET ENCAP PVC LLC 1 34 ATM QoS CBR 3 Click Apply...

Страница 80: ...cated to Internet access traffic and 2 000 kbps for VoIP Internet access traffic is assigned queue 2 and VoIP traffic is assigned a higher priority of queue 5 The bucket size for Internet access traff...

Страница 81: ...660HN F1A User s Guide 81 4 9 2 1 Queue Setup 1 Click Advanced QoS Queue Setup Click the Edit icon of queue 2 to open the Queue Configuration screen 2 Enter 6 000 in the Rate field and 87 500 in the S...

Страница 82: ...4 Tutorials P 660HN F1A User s Guide 82 3 Click the Edit icon of queue 5 to open the Queue Configuration screen 4 The Rate field is 2 000 as in default Enter 100 000 maximum size in the Size field Cli...

Страница 83: ...further refine traffic identification from a port by specifying VLAN tags but this tutorial does not do that See Chapter 15 on page 243 for how to configure VLAN groups 1 Click Advanced QoS Class Setu...

Страница 84: ...Chapter 4 Tutorials P 660HN F1A User s Guide 84 Physical Port 1 3 exclude port 4 3 Click Apply...

Страница 85: ...sifier rule 5 Create a class setup rule using the following example settings Class Configuration Select Active Enter VoIP as the descriptive name for this rule Interface From LAN Priority 5 Routing Po...

Страница 86: ...Chapter 4 Tutorials P 660HN F1A User s Guide 86 6 Click Apply 4 9 2 3 Activate QoS on the P 660HN F1A 1 Click Advanced QoS General...

Страница 87: ...u can connect a VoIP phone to the P 660HN F1A s LAN port 4 and computers to port 1 3 The P 660HN F1A classifies and prioritizes voice traffic to optimize voice quality The connection with VPI VCI 0 35...

Страница 88: ...Chapter 4 Tutorials P 660HN F1A User s Guide 88...

Страница 89: ...rmation given to you by your ISP Note See the advanced menu chapters for background information on these fields 5 2 Internet Access Wizard Setup 1 After you enter the password to access the web config...

Страница 90: ...not detected Check your hardware connections and click Restart the INTERNET WIRELESS SETUP Wizard to return to the wizard welcome screen If you still cannot connect click Manually configure your Inter...

Страница 91: ...or service name exactly as provided by your ISP Then click Next and see Section 5 3 on page 98 for wireless connection wizard setup Figure 15 Auto Detection PPPoE 3c The following screen appears if t...

Страница 92: ...rs LABEL DESCRIPTION Mode Select Routing default from the drop down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account Select Bridge when yo...

Страница 93: ...t box either VC based or LLC based Virtual Circuit ID VPI Virtual Path Identifier and VCI Virtual Channel Identifier define a virtual circuit Refer to the appendix for more information VPI Enter the V...

Страница 94: ...the user name exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password Enter the password ass...

Страница 95: ...T ENCAP Table 12 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field Type your ISP assigned IP address in this field Back Cli...

Страница 96: ...tic IP Address if your ISP gave you an IP address to use IP Address Enter your ISP assigned IP address Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendix to calculate a s...

Страница 97: ...Connection Test Failed 1 If the following screen displays check if your account is activated or click Restart the Internet Wireless Setup Wizard to verify your Internet access settings Figure 23 Conne...

Страница 98: ...o configure wireless settings Otherwise select No and skip to Step 6 Figure 24 Connection Test Successful 2 Use this screen to activate the wireless LAN Click Next to continue Figure 25 Wireless LAN S...

Страница 99: ...e sure all wireless stations use the same SSID in order to access the network Channel Selection The range of radio frequencies used by IEEE 802 11b g wireless devices is called a channel Select a chan...

Страница 100: ...Figure 27 Manually Assign a WPA PSK key The following table describes the labels in this screen Next Click this to continue to the next wizard screen Exit Click this to close the wizard screen without...

Страница 101: ...gure 29 Wireless LAN Setup 3 Table 18 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data Both the P 660HN F1A and the wireless stations must use the same WEP key for...

Страница 102: ...chose not to configure wireless LAN settings Figure 30 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www zyxel com Internet access is just the beginning Ref...

Страница 103: ...103 PART II Technical Reference...

Страница 104: ...104...

Страница 105: ...her networks so that a computer in one location can communicate with computers in other locations Figure 31 LAN and WAN 6 1 1 What You Can Do in the WAN Screens Use the Internet Access Setup screen Se...

Страница 106: ...es to access the Internet If your ISP assigns you a static WAN IP address they should also assign you the subnet mask and DNS server IP address es and a gateway IP address if you use the Ethernet or E...

Страница 107: ...07 6 2 The Internet Access Setup Screen Use this screen to change your P 660HN F1A s WAN settings Click Network WAN Internet Access Setup The screen differs by the WAN type and encapsulation you selec...

Страница 108: ...down list box Choices vary depending on the mode you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPP...

Страница 109: ...e the IP address set to 0 0 0 0 User Defined changes to None after you click Apply If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None afte...

Страница 110: ...Internet Access Setup Advanced Setup LABEL DESCRIPTION RIP Multicast Setup This section is not available when you configure the P 660HN F1A to be in bridge mode RIP Direction RIP Routing Information...

Страница 111: ...l Rate The Sustain Cell Rate SCR sets the average cell rate long term that can be transmitted Type the SCR which must be less than the PCR Note that system default is 0 cells sec Maximum Burst Size Ma...

Страница 112: ...lter Sets Protocol Filter Select the protocol filter s to control outgoing traffic You may choose up to 4 sets of filters You can configure protocol filters in the Packet Filter screen See Chapter 12...

Страница 113: ...This field indicates whether the connection is active or not Clear the check box to disable the connection Select the check box to enable it Name This is the name you gave to the Internet connection...

Страница 114: ...splay the following screen Figure 35 Network WAN More Connections Edit The following table describes the labels in this screen Table 22 Network WAN More Connections Edit LABEL DESCRIPTION General Acti...

Страница 115: ...gned a specific virtual circuit for example VC1 will carry IP If you select VC specify separate VPI and VCI numbers for each protocol For LLC based multiplexing or PPP encapsulation one VC carries mul...

Страница 116: ...idle time out in the Max Idle Timeout field when you select Connect on Demand The default setting is 0 which means the Internet session will not timeout NAT SUA only is available only when you select...

Страница 117: ...bels in this screen Table 23 Network WAN More Connections Edit Advanced Setup LABEL DESCRIPTION RIP Multicast Setup This section is not available when you configure the P 660HN F1A to be in bridge mod...

Страница 118: ...face or connection Enter the MTU in this field For ENET ENCAP the MTU value is 1500 For PPPoE the MTU value is 1492 For PPPoA and RFC the MTU is 65535 Packet Filter Incoming Filter Sets Protocol Filte...

Страница 119: ...rk WAN WAN Backup Setup This screen is not available if you set the WAN type to Ethernet in the Internet Access Setup screen Figure 37 Network Internet WAN WAN Backup Apply Click this to save your cha...

Страница 120: ...red in the Check WAN IP Address field without getting a response before switching to a WAN backup connection or a different WAN backup connection Recovery Interval When the P 660HN F1A is using a lowe...

Страница 121: ...s PPPoE Point to Point Protocol over Ethernet PPPoE is an IETF Draft standard RFC 2516 specifying how a personal computer PC interacts with a broadband modem DSL cable wireless etc connection The PPPo...

Страница 122: ...Internet connection The P 660HN F1A encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC Permanent Virtual Circuit to the Internet Service Provider s ISP DSLAM Digital Subscr...

Страница 123: ...enabled or disabled if you have either a dynamic or static IP However the encapsulation method assigned influences your choices for IP address and ENET ENCAP gateway IP Assignment with PPPoA or PPPoE...

Страница 124: ...ansmission over an ATM network This agreement helps eliminate congestion which is important for transmission of real time data such as audio and video connections Peak Cell Rate PCR is the maximum rat...

Страница 125: ...Variable Bit Rate VBR The Variable Bit Rate VBR ATM traffic class is used with bursty connections Connections that use the Variable Bit Rate VBR traffic class can be grouped into real time VBR RT or n...

Страница 126: ...nection would be non time sensitive data file transfers Unspecified Bit Rate UBR The Unspecified Bit Rate UBR ATM traffic class is for bursty data transfers However UBR doesn t guarantee any bandwidth...

Страница 127: ...Screens Use the LAN IP screen Section 7 2 on page 129 to set the LAN IP address and subnet mask of your ZyXEL device You can also edit your P 660HN F1A s RIP multicast any IP and Windows Networking se...

Страница 128: ...Routing Information Protocol allows a router to exchange routing information with other routers Multicast Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender 1 recipie...

Страница 129: ...f your P 660HN F1A 2 Enter the IP subnet mask into the IP Subnet Mask field Unless instructed otherwise it is best to leave this alone the configurator will automatically compute a subnet mask based u...

Страница 130: ...s to restore your previously saved settings Advanced Setup Click this to display the Advanced LAN Setup screen and edit more details of your LAN setup Table 25 Network LAN IP LABEL DESCRIPTION Table 2...

Страница 131: ...Select the protocol filter s to control incoming traffic You may choose up to 4 sets of filters You can configure packet filters in the Packet Filter screen See Chapter 12 on page 217 for more details...

Страница 132: ...None the DHCP server will be disabled If set to Relay the P 660HN F1A acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients Enter the IP addr...

Страница 133: ...o None after you click Apply Select DNS Relay to have the P 660HN F1A act as a DNS proxy only when the ISP uses IPCP DNS server extensions The P 660HN F1A s LAN IP address displays in the field to the...

Страница 134: ...This field displays the IP address relative to the field listed above MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of h...

Страница 135: ...rface with the P 660HN F1A itself as the gateway for each LAN network When you use IP alias you can also configure firewall rules to control access between the LAN s logical networks subnets Note Make...

Страница 136: ...d or paste the IP address IP Subnet Mask Your P 660HN F1A will automatically calculate the subnet mask based on the IP address that you assign Unless you are implementing subnetting use the subnet mas...

Страница 137: ...ats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sen...

Страница 138: ...address and subnet mask There are two ways that an ISP disseminates the DNS server addresses The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If...

Страница 139: ...se please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168 1 1 to 192 168 1 254 zero...

Страница 140: ...f RIP packets When set to Both the P 660HN F1A will broadcast its routing table periodically and incorporate the RIP information that it receives In Only the P 660HN F1A will not send any RIP packets...

Страница 141: ...groups and can be in the range 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast computers The address 224 0 0 1 is used for query messages an...

Страница 142: ...Chapter 7 LAN Setup P 660HN F1A User s Guide 142...

Страница 143: ...wireless connection Use the AP screen see Section 8 2 on page 145 to turn the wireless connection on or off set up wireless security configure the MAC filter and make other basic configuration changes...

Страница 144: ...Set IDentifier The service set is the network so the service set identifier is the network s name This helps you identify your wireless network when wireless networks coverage areas overlap and you ha...

Страница 145: ...non WPS devices manually although this is somewhat more complicated to do What advanced options do you want to configure if any If you want to configure advanced options such as Quality of Service en...

Страница 146: ...ey tool Security Mode See the following sections for more details about this field MAC Filter This shows whether the wireless devices with the MAC addresses listed are allowed or denied to access the...

Страница 147: ...lick Network Wireless LAN to display the AP screen Select Static WEP from the Security Mode list Note WEP is extremely insecure Its encryption can be broken by an attacker using widely available softw...

Страница 148: ...ty labels in this screen Table 32 Network Wireless LAN AP Static WEP LABEL DESCRIPTION Security Mode Choose Static WEP from the drop down list box Passphrase Enter a passphrase up to 32 printable char...

Страница 149: ...lect the check box to have both WPA PSK and WPA wireless clients be able to communicate with the P 660HN F1A even when the P 660HN F1A is using WPA2 PSK or WPA2 Pre Shared Key The encryption mechanism...

Страница 150: ...ect the check box to have both WPA PSK and WPA wireless clients be able to communicate with the P 660HN F1A even when the P 660HN F1A is using WPA2 PSK or WPA2 Group Key Update Timer The Group Key Upd...

Страница 151: ...e same on the external authentication server and your P 660HN F1A The key is not sent over the network Accounting Server optional IP Address Enter the IP address of the external accounting server in d...

Страница 152: ...nsity of APs in an area decrease the output power to reduce interference with other APs Select one of the following Maximum Middle or Minimum Preamble Select a preamble type from the drop down list me...

Страница 153: ...ID An SSID profile is the set of parameters relating to one of the P 660HN F1A s BSSs The SSID Service Set IDentifier identifies the Service Set with which a wireless device is associated This field d...

Страница 154: ...o access the P 660HN F1A using this SSID Edit Click this to go to the MAC Filter screen to configure MAC filter settings See Section 8 3 2 on page 155 for more details QoS This shows whether QoS Quali...

Страница 155: ...filtering Filter Action Define the filter action for the list of MAC addresses in the MAC Address table Select Deny to block access to the P 660HN F1A MAC addresses not listed will be allowed to acce...

Страница 156: ...e labels in this screen Back Click this to return to the previous screen without saving Apply Click this to save your changes Cancel Click this to restore your previously saved settings Table 38 Netwo...

Страница 157: ...gs have been changed The current wireless and wireless security settings also appear in the screen This displays Unconfigured if WPS is disabled and there is no wireless or wireless security changes o...

Страница 158: ...eless range of the P 660HN F1A to your wireless network This button may either be a physical button on the outside of device or a menu button similar to the Push Button on this screen Note You must pr...

Страница 159: ...tes in one of two ways An infrastructure type of network has one or more access points and one or more wireless clients The wireless clients connect to the access points An ad hoc type of network is o...

Страница 160: ...SSID The SSID is the name of the wireless network It stands for Service Set IDentifier If two wireless networks overlap they should use a different channel Like radio stations or television channels...

Страница 161: ...a wireless data network or understand the data carried on it Table 42 Additional Wireless Terms TERM DESCRIPTION RTS CTS Threshold In a wireless network which covers a large area wireless devices are...

Страница 162: ...ot just people who have sensitive information on their network who should use security Everybody who uses any wireless network should ensure that effective security is in place A good way to come up w...

Страница 163: ...s network You can make every user log in to the wireless network before using it However every device in the wireless network has to support IEEE 802 1x to do this For wireless networks you can store...

Страница 164: ...or unauthorized wireless devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your P 660HN F1A you can also select an option WPA compatible to support WPA...

Страница 165: ...traffic between wireless stations in the BSS When Intra BSS traffic blocking is disabled wireless station A and B can access the wired network and communicate with each other When Intra BSS traffic bl...

Страница 166: ...other in each of the two devices When WPS is activated on a device it has two minutes to find another device that also has WPS activated Then the two devices connect and set up a secure network by the...

Страница 167: ...ou must enter the PIN from one device usually the wireless client into the second device usually the Access Point or wireless router Then when WPS is activated on the first device it presents its PIN...

Страница 168: ...e list of associated wireless clients in the AP s configuration utility If you see the wireless client in the list WPS was successful The following figure shows a WPS enabled wireless client installed...

Страница 169: ...e registrar is already part of a network it sends the existing information If not it generates the SSID and WPA 2 PSK randomly The following figure shows a WPS enabled client installed in a notebook c...

Страница 170: ...quent WPS connections in which it is involved If you want a configured AP to act as an enrollee you must reset it to its factory defaults 8 7 7 4 Example WPS Network Setup This section shows how secur...

Страница 171: ...to your network AP2 is out of range of AP1 so you cannot use AP1 for the WPS handshake with the new access point However you know that Client 2 supports the registrar function so you use it to perfor...

Страница 172: ...if the device supports this feature Then you can enter the key into the non WPS device and join the network as normal the non WPS device must also support WPA PSK or WPA2 PSK When you use the PBC met...

Страница 173: ...he server s on your local network Use the Address Mapping screen Section 9 4 on page 179 to change your P 660HN F1A s address mapping settings Use the SIP ALG screen Section 9 5 on page 183 to enable...

Страница 174: ...TP that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world SUA Single User Account Versus NAT SUA Single User Ac...

Страница 175: ...rewall Session Per User When computers use peer to peer applications such as file sharing applications they need to establish NAT sessions If you do not limit the number of NAT sessions a single clien...

Страница 176: ...most often used port numbers and services are shown in Appendix E on page 413 Please refer to RFC 1700 for further information about port numbers Note Many residential broadband ISP accounts do not a...

Страница 177: ...the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 66 Multiple Servers Behind NAT Example 9 3 1 Configur...

Страница 178: ...r the IP address of the server for the specified service Add Click this button to add a rule to the table below This is the rule index number read only Active This field indicates whether the rule is...

Страница 179: ...me Enter a name to identify this port forwarding rule Start Port Enter a port number in this field To forward only one port enter the port number again in the End Port field To forward a series of por...

Страница 180: ...settings click Network NAT Address Mapping to open the following screen Figure 69 Network NAT Address Mapping The following table describes the fields in this screen Table 47 Network NAT Address Mapp...

Страница 181: ...PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported only M M Ov Overload Many to Many Overload mode maps multiple local IP addresses to shared global...

Страница 182: ...ervices behind the NAT to be accessible to the outside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A for Server port mapping Local End IP This is the end lo...

Страница 183: ...ALG Figure 71 Network NAT ALG The following table describes the fields in this screen 9 6 NAT Technical Reference This chapter contains more information regarding NAT 9 6 1 NAT Definitions Inside out...

Страница 184: ...stination address the inside global address back to the inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host is neve...

Страница 185: ...for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and th...

Страница 186: ...ess Many to One In Many to One mode the P 660HN F1A maps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Single User Ac...

Страница 187: ...NAT mapping types The following table summarizes these types Table 51 NAT Mapping Types TYPE IP MAPPING One to One ILA1 IGA1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 Many to Many Overload ILA1 IGA1 IL...

Страница 188: ...Chapter 9 Network Address Translation NAT P 660HN F1A User s Guide 188...

Страница 189: ...following figure illustrates the default firewall action User A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other t...

Страница 190: ...ide user to know the P 660HN F1A exists The P 660HN F1A supports anti probing which prevents the ICMP response packet from being sent This keeps outsiders from discovering your P 660HN F1A when unsupp...

Страница 191: ...ct WAN to LAN in the Packet Direction field Firewall Example Rules 3 In the Rules screen select the index number after that you want to add the rule For example if you select 6 your new rule becomes n...

Страница 192: ...omized Services Config screen and configure the screen as follows and click Apply Edit Custom Port Example 7 Select Any in the Destination Address List box and then click Delete 8 Configure the destin...

Страница 193: ...ons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done Note Custom services show up with an before their names in the Services list bo...

Страница 194: ...ould look like the following Rule 1 allows a MyService connection from the WAN to IP addresses 10 0 0 10 through 10 0 0 15 on the LAN Firewall Example Rules MyService 10 2 The Firewall General Screen...

Страница 195: ...ction This is the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply Fo...

Страница 196: ...elect a direction of travel of packets for which you want to configure firewall rules Create a new rule after rule number Select an index number and click Add to add a new firewall rule after the sele...

Страница 197: ...hether a schedule is specified Yes or not No Log This field shows you whether a log is created when packets match this rule Yes or not No Modify Click the Edit icon to go to the screen where you can e...

Страница 198: ...ion 10 1 2 on page 190 for more information Use this screen to configure firewall rules In the Rules screen select an index number and click Add or click a rule s Edit icon to display this screen and...

Страница 199: ...an add multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Delete Highlight an existing source or destina...

Страница 200: ...eck box to have the P 660HN F1A generate an alert when the rule is matched Back Click this to return to the previous screen without saving Apply Click this to save your changes Cancel Click this to re...

Страница 201: ...Config LABEL DESCRIPTION Config Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Po...

Страница 202: ...ledgment After this handshake a connection is established Figure 80 Three Way Handshake For UDP half open means that the firewall has detected no return traffic An unusually high number or arrival rat...

Страница 203: ...ded The global values specified for the threshold and timeout apply to all TCP connections Click Firewall Threshold to bring up the next screen Figure 81 Security Firewall Threshold The following tabl...

Страница 204: ...gh to lower than the current Maximum Incomplete Low number For example if you set the maximum incomplete high to 100 the P 660HN F1A starts deleting half open sessions when the number of existing half...

Страница 205: ...ateful packet inspection allows packets traveling in the following directions LAN to LAN Router These rules specify which computers on the LAN can manage the P 660HN F1A remote management and communic...

Страница 206: ...cols such as Telnet to authorized users on the LAN These custom rules work by comparing the source IP address destination IP address and IP protocol type of network traffic to rules set by the adminis...

Страница 207: ...ers will a rule that blocks just certain users be more effective 3 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability For example if FTP ports TCP 20...

Страница 208: ...F1A reroutes the SYN packet through Gateway A on the LAN to the WAN 3 The reply from the WAN goes directly to the computer on the LAN without going through the P 660HN F1A As a result the P 660HN F1A...

Страница 209: ...ough the P 660HN F1A to your LAN The following steps describe such a scenario 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN 2 The P 660HN F1A...

Страница 210: ...Chapter 10 Firewalls P 660HN F1A User s Guide 210...

Страница 211: ...5 to specify the days and times keyword blocking is active Use the Trusted screen Section 11 4 on page 216 to exclude computers and other devices on your LAN from the keyword blocking filter 11 1 2 Wh...

Страница 212: ...Active Keyword Blocking 3 In the Keyword field type keywords to identify websites to be blocked 4 Click Add Keyword for each keyword to be entered 5 Click Apply Security Content Filter Keyword Example...

Страница 213: ...uter can be excluded from keyword blocking Bob s home network is on the domain 192 168 1 xxx Bob gave his home computer a static IP address of 192 168 1 2 and the study computer a static IP address of...

Страница 214: ...tering Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature Block Websites that contain these keywords in the URL This box contains the list of all the keywor...

Страница 215: ...le 58 Security Content Filtering Keyword continued LABEL DESCRIPTION Table 59 Security Content Filter Schedule LABEL DESCRIPTION Schedule Select Block Everyday to make the content filtering active eve...

Страница 216: ...iously saved settings Table 59 Security Content Filter Schedule continued LABEL DESCRIPTION Table 60 Security Content Filter Trusted LABEL DESCRIPTION Start IP Address Type the IP address of a compute...

Страница 217: ...rs are subdivided into generic and protocol filters Generic filter rules act on the raw data from to LAN and WAN Protocol filter rules act on IP packets Filter Structure A filter set consists of one o...

Страница 218: ...r the filter set The text may consist of up to 16 letters numerals and any printable character found on a typical English language keyboard Filter Type Select Protocol Filter or Generic Filter for you...

Страница 219: ...ibes the labels in this screen Table 62 Security Packet Filter Edit Protocol Filter LABEL DESCRIPTION This is the index number of the rules in a filter set Active Use the check box to turn a filter ru...

Страница 220: ...upper layer protocol IP Source Route Select the check box to apply the filter rule to packets with an IP source route option The majority of IP packets do not have source route Destination Address En...

Страница 221: ...omparison to apply to the source port in the packet against the value given in the Source Port field Options are None Equal Not Equal Less and Greater TCP Estab This field is only available when you s...

Страница 222: ...ble 64 Security Packet Filter Edit Generic Filter LABEL DESCRIPTION This is the index number of the rules in a filter set Active Use the check box to turn on or off a filter rule Filter Type This fiel...

Страница 223: ...et that you wish to compare The range for this field is from 0 to 255 Length Enter the byte count of the data portion in the packet that you wish to compare The range for this field is 0 to 8 Mask Ent...

Страница 224: ...er hand the generic filters are applied to the raw packets that appear on the wire They are applied at the point when the P 660HN F1A is receiving and sending the packets that is the interface The int...

Страница 225: ...packet contents as well as their source and destination addresses Firewalls of this type employ an inspection module applicable to all protocols that understands data in the packet is intended for oth...

Страница 226: ...sh traffic originating from an inside host or an outside host by IP address 4 The firewall performs better than filtering if you need to check many rules 5 Use the firewall if you need routine e mail...

Страница 227: ...e identity of the notebook A using a certificate before granting it access to the network 13 1 1 What You Need to Know About Certificates Certification Authority A Certification Authority CA issues ce...

Страница 228: ...icate is referred to in the GUI as the factory default certificate 13 1 2 Verifying a Certificate Before you import a trusted certificate into the P 660HN F1A you should verify that you have the corre...

Страница 229: ...secure method may very based on your situation Possible examples would be over the telephone or through an HTTPS connection Finding Out More See Section 13 3 on page 234 for technical background info...

Страница 230: ...certificate Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applicab...

Страница 231: ...the certificate s filename before you can import the certificate Figure 98 Trusted CA Import The following table describes the labels in this screen Table 67 Trusted CA Import LABEL DESCRIPTION File P...

Страница 232: ...the labels in this screen Table 68 Trusted CA Details LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate If you want to change the name type up to 31 chara...

Страница 233: ...ing the MD5 algorithm You can use this value to verify with the certification authority over the phone for example that this is actually their certificate SHA1 Fingerprint This is the certificate s me...

Страница 234: ...ficates Anyone can then use the certification authority s public key to verify the certificates Advantages of Certificates Certificates offer the following benefits The P 660HN F1A only has to store t...

Страница 235: ...anyone who receives a message seeming to come from Tim can read it and verify whether it is really from him or not 3 Tim uses his private key to sign the message and sends it to Jenny 4 Jenny receives...

Страница 236: ...Chapter 13 Certificates P 660HN F1A User s Guide 236...

Страница 237: ...60HN F1A s LAN interface The P 660HN F1A routes most traffic from A to the Internet through the P 660HN F1A s default gateway R1 You create one static route to connect to services offered by your ISP...

Страница 238: ...e This is the name that describes or identifies this route Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This i...

Страница 239: ...up to 9 letters numerals and any printable character found on a typical English language keyboard Leave this field blank to delete this static route Destination IP Address This parameter specifies th...

Страница 240: ...Chapter 14 Static Route P 660HN F1A User s Guide 240...

Страница 241: ...r traffic trasmitted through the ports Figure 103 802 1Q 1P 15 1 1 What You Can Do in the 802 1Q 1P Screens Use the Group Setting screen Section 15 2 on page 247 to activate 802 1Q 1P specify the mana...

Страница 242: ...agged Frames Each port on the device is capable of passing tagged or untagged frames To forward a frame from an 802 1Q VLAN aware device to an 802 1Q VLAN unaware device the P 660HN F1A first decides...

Страница 243: ...2 and then to a PVC PVC1 where the priority is set to high level of service You would start with the following steps 1 Click Advanced 802 1Q 1P Group Setting and then click the Edit button to display...

Страница 244: ...Setting Edit Example To set a high priority for VoIP traffic follow these steps 1 Click Advanced 802 1Q 1P Port Setting to display the following screen 2 Type 2 in the 802 1Q PVID column for LAN1 LAN...

Страница 245: ...affic You want to create low priority for this type of traffic so you want to group these ports and PVC2 into one VLAN VLAN3 PVC2 priority is set to low level of service SSID1 and SSID2 are two wirele...

Страница 246: ...F1A User s Guide 246 Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4 The summary screen should then display as follows Advanced 802 1Q 1P Group Setting Example This co...

Страница 247: ...following table describes the labels in this screen Table 71 Advanced 802 1Q 1P Group Setting LABEL DESCRIPTION 802 1Q 1P Active Select this check box to activate the 802 1P 1Q feature Management Vla...

Страница 248: ...he VLAN group VID This field displays the ID number of the VLAN group Port Number These columns display the VLAN s settings for each port A tagged port is marked as T an untagged port is marked as U a...

Страница 249: ...gateway for the VLAN group Ports This field displays the types of ports available to join the VLAN group Control Select Fixed for the port to be a permanent member of the VLAN group Select Forbidden...

Страница 250: ...N Ports This field displays the types of ports available to join the VLAN group 802 1Q PVID Assign a VLAN ID for the port The valid VID range is between 1 and 4094 The P 660HN F1A assigns the PVID to...

Страница 251: ...rk is congested This can cause a reduction in network performance and make the network inadequate for time critical applications such as video on demand The P 660HN F1A assigns each packet a priority...

Страница 252: ...settings in Advanced QoS Class Setup This associates queues with PVCs by mapping the priority of queues to the index number of PVCs 16 2 1 What You Can Do in the QoS Screens Use the General screen Se...

Страница 253: ...t Type of Service ToS field in the IP header Tagging and Marking In a QoS class you can configure whether to add or change the DiffServ Code Point DSCP value IEEE 802 1p priority level and VLAN ID num...

Страница 254: ...N F1A User s Guide 254 these two classes are assigned priority queue based on the internal QoS mapping table on the P 660HN F1A Figure 107 QoS Example Figure 108 QoS Class Example VoIP 1 50 Mbps DSL V...

Страница 255: ...Chapter 16 Quality of Service QoS P 660HN F1A User s Guide 255 Figure 109 QoS Class Example VoIP 2 Figure 110 QoS Class Example Boss 1...

Страница 256: ...Chapter 16 Quality of Service QoS P 660HN F1A User s Guide 256 Figure 111 QoS Class Example Boss 2...

Страница 257: ...to voice and video to make them run more smoothly Similarly give low priority to many large file downloads so that they do not reduce the quality of other applications WAN Managed Bandwidth Enter the...

Страница 258: ...ly assigned by These fields are ignored if traffic matches a class you configured in the Class Setup screen If you select ON and traffic does not match a class configured in the Class Setup screen the...

Страница 259: ...d come Priority This is the priority assigned to traffic of this classifier Filter Content This shows criteria specified in this classifier Modify Click the Edit icon to go to the screen where you can...

Страница 260: ...60HN F1A User s Guide 260 16 4 1 The Class Configuration Screen Use this screen to configure a classifier Click the Add button or the Edit icon in the Modify field to display the following screen Figu...

Страница 261: ...A use the routing table to find a next hop and forward the matched packets automatically Select To WAN Index to route the matched packets through the specified PVC This option is available only when t...

Страница 262: ...t number See Appendix E on page 413 for some common services and port numbers MAC Select the check box and enter the source MAC address of the packet MAC Mask Type the mask for the specified MAC addre...

Страница 263: ...g the FTP server accepts commands from a system running an FTP client The service allows users to send commands to the server for uploading and downloading files Select the check box and select FTP fr...

Страница 264: ...ll be discarded The following shows how tokens work with outgoing packets A packet can be transmitted if the number of tokens in the bucket are equal to or greater than the size of the packet in bytes...

Страница 265: ...the P 660HN F1A again transmits it directly and then deducts 500 tokens from the bucket leaving just 200 tokens 700 500 D After one more second one hundred more tokens are added to the bucket A packe...

Страница 266: ...ght of this queue Weight in Percent This shows the weight of this queue in percentage of all queues with the same priority Shaping Rate kbps This shows the maximum transmission rate allowed for traffi...

Страница 267: ...gher priority queues gets through faster while traffic in lower priority queues is dropped if the network is congested Weight Specify the weight of this queue If two queues have the same priority leve...

Страница 268: ...e are dropped until there is space in the buffer again packets are transmitted out of it Random Early Detection RED is a queue management algorithm that doesn t wait until a buffer is full before drop...

Страница 269: ...ity Queue This shows the priority queue number Traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested Pass This shows ho...

Страница 270: ...indicating the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate pat...

Страница 271: ...Queue Assignment If you enable QoS on the P 660HN F1A the P 660HN F1A can automatically base on the IEEE 802 1p priority level IP precedence and or packet length to assign priority to traffic which d...

Страница 272: ...11110 011100 011010 011000 250 6 6 4 100110 100100 100010 100000 5 101110 101000 7 7 6 110000 111000 7 Table 82 Internal Layer2 and Layer3 QoS Mapping PRIORITY QUEUE LAYER 2 LAYER 3 IEEE 802 1P USER P...

Страница 273: ...all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DN...

Страница 274: ...Active Dynamic DNS Select this check box to use dynamic DNS Service Provider This is the name of your Dynamic DNS service provider Dynamic DNS Type Select the type of service that you are registered f...

Страница 275: ...ddress Select this option only when there are one or more NAT routers between the P 660HN F1A and the DDNS server This feature has the DDNS server automatically detect and use the IP address of the NA...

Страница 276: ...Chapter 17 Dynamic DNS Setup P 660HN F1A User s Guide 276...

Страница 277: ...ows remote management of the P 660HN F1A coming in from the WAN Figure 119 Remote Management From the WAN Note When you configure remote management to allow management from the WAN you still need to c...

Страница 278: ...terface s and from which IP address es users can use FTP to access the P 660HN F1A Your P 660HN F1A can act as an SNMP agent which allows a manager station to manage and monitor the P 660HN F1A throug...

Страница 279: ...iguring from the LAN System Timeout There is a default system management idle timeout of five minutes three hundred seconds The P 660HN F1A automatically logs you out if the management session remains...

Страница 280: ...ou may change the server port number for a service if needed However you must use the same port number in order to use that service for remote management Access Status Select the interface s through w...

Страница 281: ...te Management Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management A...

Страница 282: ...F1A through the network The P 660HN F1A supports SNMP version Table 86 Advanced Remote Management FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed However you m...

Страница 283: ...rmation to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP a...

Страница 284: ...the P 660HN F1A for example 8161 then you must notify people who need to access the P 660HN F1A SNMP agent to use the same port Access Status Select the interface s through which a computer may acces...

Страница 285: ...d Remote MGMT DNS to change your P 660HN F1A s DNS settings Figure 125 Advanced Remote Management DNS Set Community Enter the Set community which is the password for incoming Set requests from the man...

Страница 286: ...u want your device to respond to pings and requests for unauthorized services you may also need to configure the firewall anti probing settings to match Figure 126 Advanced Remote Management ICMP Tabl...

Страница 287: ...horized services Select this option to prevent hackers from finding the P 660HN F1A by probing for unused ports If you select this option the P 660HN F1A will not respond to port request s for unused...

Страница 288: ...Chapter 18 Remote Management P 660HN F1A User s Guide 288...

Страница 289: ...60HN F1A and allow UPnP enabled applications to automatically configure the P 660HN F1A 19 1 2 What You Need to Know About UPnP Identifying UPnP Devices UPnP hardware is identified as an icon in the N...

Страница 290: ...tion may also be obtained and modified by users in some network environments When a UPnP device joins a network it announces its presence with a multicast message For security reasons the P 660HN F1A...

Страница 291: ...application to open the web configurator s login screen without entering the P 660HN F1A s IP address although you must still enter the password to access the web configurator Allow users to make conf...

Страница 292: ...ll UPnP in Windows Me and Windows XP Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click on...

Страница 293: ...ox Add Remove Programs Windows Setup Communication Components 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted Installing UPnP in...

Страница 294: ...ons window click Advanced in the main menu and select Optional Networking Components Network Connections 4 The Windows Optional Networking Components Wizard window displays Select Networking Service i...

Страница 295: ...Next 19 4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the P 660HN F1A Ma...

Страница 296: ...660HN F1A User s Guide 296 2 Right click the icon and select Properties Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatica...

Страница 297: ...r delete the port mappings or click Add to manually add port mappings Internet Connection Properties Advanced Settings Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled devi...

Страница 298: ...play your current Internet connection status Internet Connection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the P 660HN F1A without finding out the IP a...

Страница 299: ...niversal Plug and Play UPnP P 660HN F1A User s Guide 299 3 Select My Network Places under Other Places Network Connections 4 An icon with the description for each UPnP enabled device displays under Lo...

Страница 300: ...60HN F1A and select Invoke The web configurator login screen displays Network Connections My Network Places 6 Right click on the icon for your P 660HN F1A and select Properties A properties window dis...

Страница 301: ...configure system settings Use the Time Setting screen Section 20 3 on page 304 to set the system time 20 1 2 What You Need to Know About System Settings DHCP DHCP Dynamic Host Configuration Protocol...

Страница 302: ...ck Start Settings Control Panel Network Click the Identification tab note the entry for the Computer Name field and enter it as the System Name In Windows 2000 click Start Settings Control Panel and t...

Страница 303: ...es out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts may have security risks A value of 0 means a management session never times out n...

Страница 304: ...9 Maintenance System Time Setting The following table describes the fields in this screen Table 92 Maintenance System Time Setting LABEL DESCRIPTION Current Time Current Time This field displays the t...

Страница 305: ...our time server sends when you turn on the P 660HN F1A Not all time servers support all protocols so you may have to check with your ISP network administrator or use trial and error to find a protocol...

Страница 306: ...ny s time zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format...

Страница 307: ...ngs screen Use The Log Settings screen Section 21 3 on page 309 to configure the mail server the syslog server when to send logs and what logs to send 21 1 2 What You Need To Know About Logs Alerts An...

Страница 308: ...Maintenance Logs View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop down list box Select a category of logs to view select All Logs to vi...

Страница 309: ...appears as shown Alerts are e mailed as soon as they happen Logs may be e mailed as soon as the log is full Selecting many alert and or log categories especially Access Control may result in many e m...

Страница 310: ...e This drop down menu is used to configure the frequency of log messages being sent as E mail Daily Weekly Hourly When Log is Full None If you select Weekly or Daily specify a time of day when the E m...

Страница 311: ...sent by e mail You may edit the subject title Send Immediate Alert Select log categories for which you want the P 660HN F1A to send E mail alerts immediately Apply Click this to save your customized...

Страница 312: ...05 17 UDP src port 00520 dest port 00520 1 02 128 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 30 UDP src port 00520 dest port 00520 1 02 End of Firewall Log Table 96 System Maintena...

Страница 313: ...P packet that was too large Configuration Change PC 0x x Task ID 0x x The router is saving configuration changes Successful SSH login Someone has logged on to the router s SSH server SSH login failed...

Страница 314: ...a message to notify a user that the router blocked access to a web site that the user requested Table 99 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack sent TCP RST The router sent a T...

Страница 315: ...d rule d Attempted access matched a configured filter rule denoted by its set and rule number and was blocked or forwarded according to the rule Table 101 ICMP Logs LOG MESSAGE DESCRIPTION Firewall d...

Страница 316: ...LOG MESSAGE DESCRIPTION ppp LCP Starting The PPP connection s Link Control Protocol stage has started ppp LCP Opening The PPP connection s Link Control Protocol stage is opening ppp CHAP Opening The...

Страница 317: ...l detected a TCP teardrop attack teardrop UDP The firewall detected an UDP teardrop attack teardrop ICMP type d code d The firewall detected an ICMP teardrop attack illegal command TCP The firewall de...

Страница 318: ...to authenticate user There is no authentication server to authenticate a user Table 108 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION L to W LAN to WAN ACL set for packets traveling from t...

Страница 319: ...0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Table 110 Syslog Logs LOG MESSAGE DESCRIPTION Facility 8 Severity Mon d...

Страница 320: ...efer to RFC 2408 for detailed information on each type Table 111 RFC 2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE SA Security Association PROP Proposal TRANS Transform KE Key Exchange ID Identif...

Страница 321: ...you want to return the device to the original default settings The firmware determines the device s available features and functionality You can download new firmware releases from your nearest ZyXEL...

Страница 322: ...the computer file config cfg If your T FTP client does not allow you to have a destination filename different than the source you will need to rename them as the P 660HN F1A only recognizes rom 0 and...

Страница 323: ...vice has not been disabled in the Remote Management screen 22 1 4 Tool Examples Using FTP or TFTP to Restore Configuration This example shows you how to restore a previously saved configuration Note t...

Страница 324: ...uter 2 Enter open followed by a space and the IP address of your device 3 Press ENTER when prompted for a username 4 Enter your password as requested the default is 1234 5 Enter bin to set transfer mo...

Страница 325: ...ient and accepts TFTP requests only from this address 2 Enter the command sys stdio 0 to disable the management idle timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to r...

Страница 326: ...ras name of the firmware on the device Commands that you may see in GUI based TFTP clients are listed earlier in this chapter Using the FTP Commands to Back Up Configuration 1 Launch the FTP client on...

Страница 327: ...he configuration file follow the procedure shown next 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for...

Страница 328: ...ogram For UNIX use get to transfer from the P 660HN F1A to the computer and binary to set binary transfer mode TFTP Command Configuration Backup Example The following is an example TFTP command tftp i...

Страница 329: ...See Section 22 1 4 on page 323 for upgrading firmware using FTP TFTP commands Do NOT turn off the P 660HN F1A while firmware upload is in progress Figure 136 Maintenance Tools Firmware The following t...

Страница 330: ...ome operating systems you may see the following icon on your desktop Figure 138 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen...

Страница 331: ...en Figure 139 Error Message 22 3 The Configuration Screen See Section 22 1 4 on page 323 for transferring configuration files using FTP TFTP commands Click Maintenance Tools Configuration Information...

Страница 332: ...e Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your P 660HN F1A Do not turn off the P 660HN F1A while configuration file...

Страница 333: ...rily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 Se...

Страница 334: ...also press the RESET button on the rear panel to reset the factory defaults of your P 660HN F1A Refer to Section 1 6 on page 27 for more information on the RESET button 22 4 The Restart Screen System...

Страница 335: ...Do in the Diagnostic Screens Use the General screen Section 23 2 on page 335 to ping an IP address Use the DSL Line screen Section 23 3 on page 336 to view the DSL line statistics and reset the ADSL...

Страница 336: ...DSL line statistics and reset the ADSL line Click Maintenance Diagnostic DSL Line to open the screen shown next Figure 148 Maintenance Diagnostic DSL Line Table 117 Maintenance Diagnostic General LABE...

Страница 337: ...s the number of ATM cells sent that were rejected inF4Pkts is the number of ATM Operations Administration and Management OAM F4 cells that have been received See ITU recommendation I 610 for more on O...

Страница 338: ...the quality of the connection whether a given sub carrier loop has sufficient margins to support certain ADSL transmission rates and possibly to determine whether particular specific types of interfer...

Страница 339: ...A does not turn on None of the LEDs turn on 1 Make sure the P 660HN F1A is turned on 2 Make sure you are using the power adaptor or cord included with the P 660HN F1A 3 Make sure the power adaptor or...

Страница 340: ...ay for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP address of the P 660HN F1A it depends...

Страница 341: ...e default IP address See Section 1 6 on page 27 5 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Try to access the P 6...

Страница 342: ...are behaving as expected See the Quick Start Guide and Section 1 5 on page 26 2 Make sure you entered your ISP account information correctly in the wizard These fields are case sensitive so make sure...

Страница 343: ...ications 2 Check the signal strength If the signal strength is low try moving your computer closer to the P 660HN F1A if possible and look around to see if there are any devices that might be interfer...

Страница 344: ...Chapter 24 Troubleshooting P 660HN F1A User s Guide 344...

Страница 345: ...Power Specification 12 VDC 1A Built in Switch One auto negotiating auto MDI MDI X 10 100 Mbps RJ 45 Ethernet ports ADSL Port 1 RJ 11 FXS POTS port RESET Button 10 seconds restores factory defaults Ant...

Страница 346: ...A Note Only upload firmware for your specific model Configuration Backup Restoration Make a copy of the P 660HN F1A s configuration You can put it back on the P 660HN F1A later if you decide to revert...

Страница 347: ...ltering and give trusted LAN IP addresses unfiltered Internet access QoS Quality of Service You can efficiently manage traffic on your network by reserving bandwidth and giving priority to certain typ...

Страница 348: ...SL SRA Seamless Rate Adaptation Auto negotiating rate adaptation ADSL physical connection ATM AAL5 ATM Adaptation Layer type 5 Multi protocol over AAL5 RFC2684 1483 PPP over ATM AAL5 RFC2364 PPP over...

Страница 349: ...te Firmware Upgrade Syslog TR 069 F4 F5 OAM Table 120 Firmware Specifications continued Table 121 Wireless Features External Antenna The P 660HN F1A is equipped with one fixed antenna to provide a cle...

Страница 350: ...s and 150Mbps Auto Fallback WPA2 WMM IEEE 802 11i IEEE 802 11e Wired Equivalent Privacy WEP Data Encryption 64 128 bit WLAN bridge to LAN Up to 32 MAC Address filters IEEE 802 1x Store up to 32 built...

Страница 351: ...ccess Control MAC Bridges IEEE 802 11x Port Based Network Access Control IEEE 802 11e QoS IEEE 802 11 e Wireless LAN for Quality of Service ANSI T1 413 Issue 2 Asymmetric Digital Subscriber Line ADSL...

Страница 352: ...LUG STANDARDS DC Power Adapter Model ADS0128 B 120100 Input Power 100V 240VAC 50 60HZ Output Power 12V DC 1A Power Consumption 8 Watt max Safety Standards ANSI UL 60950 1 CSA 60950 1 EUROPEAN PLUG STA...

Страница 353: ...P IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later op...

Страница 354: ...Installing Components The Network window Configuration tab displays a list of installed components You need a network adapter the TCP IP protocol and Client for Microsoft Networks If you need the adap...

Страница 355: ...Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes you made take effect Configuring 1 In the Network window Configuration tab selec...

Страница 356: ...you do not know your gateway s IP address remove previously installed gateways If you have a gateway IP address type it in the New gateway field and click Add 5 Click OK to save and close the TCP IP P...

Страница 357: ...following example figures use the default Windows XP GUI theme 1 Click start Start in Windows 2000 NT Settings Control Panel Figure 152 Windows XP Start Menu 2 In the Control Panel double click Networ...

Страница 358: ...hen click Properties Figure 154 Windows XP Control Panel Network Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties Figure 155 Windows X...

Страница 359: ...e or more of the following if you want to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Sub...

Страница 360: ...rties 7 In the Internet Protocol TCP IP Properties window the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your...

Страница 361: ...he Local Area Connection Properties window 10 Close the Network Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your P 660HN F1A and restart your computer if prompted...

Страница 362: ...r s Guide 362 1 Click the Start icon Control Panel Figure 159 Windows Vista Start Menu 2 In the Control Panel double click Network and Internet Figure 160 Windows Vista Control Panel 3 Click Network a...

Страница 363: ...onnections Figure 162 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then click Properties Note During this procedure click Continue whenever Windows displays a scree...

Страница 364: ...igure 164 Windows Vista Local Area Connection Properties 7 The Internet Protocol Version 4 TCP IPv4 Properties window opens the General tab If you have a dynamic IP address click Obtain an IP address...

Страница 365: ...ab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Confi...

Страница 366: ...operties 9 In the Internet Protocol Version 4 TCP IPv4 Properties window the General tab Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your...

Страница 367: ...rotocol Version 4 TCP IPv4 Properties window 11 Click Close to close the Local Area Connection Properties window 12 Close the Network Connections window 13 Turn on your P 660HN F1A and restart your co...

Страница 368: ...ting up Your Computer s IP Address P 660HN F1A User s Guide 368 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 168 Macintosh OS 8...

Страница 369: ...signed settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your P 660HN F1A...

Страница 370: ...tem Preferences window Figure 170 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Location list Select Built in Ethernet from the Show list Click the TCP IP tab 3 F...

Страница 371: ...ttings Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location may var...

Страница 372: ...in IP address settings with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill in the Address Subnet mask and Default Gateway Address fi...

Страница 373: ...en Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address 1 Assuming that you have only one network card on the computer locate the i...

Страница 374: ...in the etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 178 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configurati...

Страница 375: ...root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717...

Страница 376: ...Appendix A Setting up Your Computer s IP Address P 660HN F1A User s Guide 376...

Страница 377: ...t Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Servic...

Страница 378: ...n the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 182 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with...

Страница 379: ...60HN F1A User s Guide 379 2 Select Settings to open the Pop up Blocker Settings screen Figure 183 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to hav...

Страница 380: ...Add to move the IP address to the list of Allowed sites Figure 184 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the...

Страница 381: ...orer click Tools Internet Options and then the Security tab Figure 185 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enab...

Страница 382: ...k OK to close the window Figure 186 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3...

Страница 383: ...ions P 660HN F1A User s Guide 383 5 Click OK to close the window Figure 187 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure...

Страница 384: ...OK to close the window Figure 188 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Clic...

Страница 385: ...p up Windows JavaScripts and Java Permissions P 660HN F1A User s Guide 385 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 190 Mozilla Firefox Con...

Страница 386: ...Appendix B Pop up Windows JavaScripts and Java Permissions P 660HN F1A User s Guide 386...

Страница 387: ...r and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house nu...

Страница 388: ...st ID using a logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the ne...

Страница 389: ...mber bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address wit...

Страница 390: ...u can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the compa...

Страница 391: ...the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allow...

Страница 392: ...ets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host...

Страница 393: ...t Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 131 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192...

Страница 394: ...S NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31...

Страница 395: ...u entered You don t need to change the subnet mask computed by the P 660HN F1A unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address I...

Страница 396: ...Appendix C IP Addresses and Subnetting P 660HN F1A User s Guide 396...

Страница 397: ...ent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad...

Страница 398: ...nded Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a...

Страница 399: ...cent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overl...

Страница 400: ...t first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer the...

Страница 401: ...nization field in a packet Short preamble increases performance as less time sending preamble means more time for sending data All IEEE 802 11 compliant wireless adapters support long preamble but not...

Страница 402: ...e shows the relative effectiveness of these wireless security methods available on your P 660HN F1A Note You must enable the same wireless security settings on the P 660HN F1A and on all wireless clie...

Страница 403: ...e wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADI...

Страница 404: ...LEAP Your wireless LAN device may not support all authentication types EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism in...

Страница 405: ...ve attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes...

Страница 406: ...nd WPA2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WP...

Страница 407: ...r distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data pa...

Страница 408: ...y connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operati...

Страница 409: ...RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as follows 1 First enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must co...

Страница 410: ...ach authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 138 Wireless Security Relational Matrix AUTHENTICATIO...

Страница 411: ...na s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications...

Страница 412: ...es very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as hi...

Страница 413: ...e of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Por...

Страница 414: ...net related command that can be used to find out if a user is logged on FTP TCP TCP 20 21 File Transfer Protocol a program to enable fast transfer of files including large files that may not be possib...

Страница 415: ...e Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other POP3S TCP 995 This is a more secure version of POP3 that runs over SSL PPTP TCP...

Страница 416: ...Service Discovery Protocol supports Universal Plug and Play UPnP SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send sys...

Страница 417: ...ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it...

Страница 418: ...anty ZyXEL warrants to the original end user purchaser that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase During the warra...

Страница 419: ...ty or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact...

Страница 420: ...Appendix F Legal Information P 660HN F1A User s Guide 420...

Страница 421: ...159 WPS 156 address mapping 180 rules 181 types 181 182 186 administrator password 30 303 alerts 307 firewalls 200 algorithm certificates 233 MD5 fingerprint 233 SHA1 fingerprint 233 alternative subn...

Страница 422: ...ation 331 backup 326 327 332 classifiers 260 267 DHCP 132 file 322 firewalls 194 198 203 IP alias 136 logs 309 packet filtering 220 223 port forwarding 177 reset 334 restoring 323 332 static route 239...

Страница 423: ...ckets 217 configuration 220 223 firewalls 224 generic filters 221 logs 221 223 NAT 224 protocol filters 219 structure 217 types 218 224 firewalls 189 actions 199 activation 195 address types 199 alert...

Страница 424: ...e ICMP Internet Group Multicast Protocol see IGMP IP address 106 109 115 123 128 139 default server 176 178 ping 335 private 139 IP alias 135 configuration 136 NAT applications 186 IP precedence 270 L...

Страница 425: ...176 178 example 185 global 184 IGA 184 ILA 184 inside 184 local 184 outside 184 P2P 175 packet filtering 224 port forwarding 174 176 activation 179 configuration 177 example 177 rules 179 remote mana...

Страница 426: ...recedence 270 monitor 266 268 priority queue 271 remote node 263 routing policy 261 SIP 263 Quality of Service see QoS Queue Setup 266 R RADIUS 403 message types 403 messages 403 shared secret key 404...

Страница 427: ...route 237 activation 238 configuration 239 example 237 status 32 37 40 ATM 337 DSL connections 338 firewalls 39 firmware version 38 LAN 38 packet statistics 42 WAN 38 wireless LAN 38 WLAN 41 WPS 157 S...

Страница 428: ...2 1P priority 241 250 activation 247 example 243 group settings 248 management group 247 port settings 250 PVC 242 PVID 250 tagging frames 242 249 VPI 108 115 123 W WAN 105 ATM QoS 111 118 125 DNS 109...

Страница 429: ...status 157 wireless security 402 Wireless tutorial 47 wizard 89 configuration 92 wireless LAN 98 WLAN interference 399 security parameters 410 WPA 150 164 406 authentication 150 key caching 408 pre a...

Страница 430: ...Index P 660HN F1A User s Guide 430...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды